Report - megaup.net/2wyih/E2GB.part12.rar

Report Overview

URL

megaup.net/2wyih/E2GB.part12.rar
IP

91.209.70.182

ASN

#43317 FNK LLC
Submitted

2023-05-06T15:17:26Z

Access

public
Tags

suspicious
urlquery detections

Suspicious - Suspicious Javascript code

Detections

urlquery

6
Network Intrusion Detection

0
Threat Detection Systems

0

Domain Summary

Domain	Rank	First Seen	Last Seen	Sent	Received	IP
imp9.bidgear.com (1)	34078	2021-03-15 12:09:09	2023-05-06 12:45:36	517	1119	172.67.74.36
pogothere.xyz (3)	unknown	2022-09-04 21:11:25	2023-05-06 11:52:50	1239	128642	172.64.172.27
mp.4dex.io (2)	2629	2019-01-03 14:51:11	2023-05-06 11:54:19	936	912	104.18.2.114
megaup.net (31)	179052	2017-09-01 20:45:15	2023-05-06 10:05:54	16772	1008302	91.209.70.182
ocsp.pki.goog (3)	175	2018-07-01 08:43:07	2023-05-06 05:09:10	999	2098	142.250.74.131
dmmzkfd82wayn.cloudfront.net (6)	unknown	2021-03-18 18:00:47	2023-05-06 10:06:03	3528	193010	54.230.245.161
altowriestwispy.com (1)	951913	2021-02-24 11:44:10	2023-05-06 10:06:03	409	1506	172.255.6.153
a.exdynsrv.com (1)	40663	2019-05-21 07:34:42	2023-05-06 06:38:39	400	29376	205.185.216.42
nativiser-prebid.smart-hub.io (1)	unknown	2022-12-14 13:53:24	2023-05-06 13:02:44	477	331	8.2.109.53
cdn.purpleads.io (1)	185817	2020-02-18 07:59:36	2023-05-06 11:21:28	570	22437	143.204.55.90
script.4dex.io (3)	2135	2018-07-23 12:04:27	2023-05-06 09:54:22	1217	25955	104.26.8.169
ocsp.godaddy.com (1)	698	2012-05-20 21:28:57	2023-05-06 05:09:28	330	2285	192.124.249.36
www.googletagmanager.com (1)	75	2013-05-22 04:07:37	2023-05-06 05:33:18	421	46525	142.250.74.168
theharityhild.buzz (1)	unknown	2022-10-20 09:00:21	2023-05-06 10:06:04	564	892	52.20.131.174
ocsp.sectigo.com (2)	487	2019-11-29 12:50:24	2023-05-06 07:39:53	660	1737	172.64.155.188
kultingecauyuksehinkitw.info (6)	unknown	2023-04-27 23:05:28	2023-05-06 11:30:27	4235	12041	52.85.242.41
s3t3d2y8.afcdn.net (1)	unknown	2022-08-09 00:22:56	2023-05-06 05:33:36	471	9003	185.76.9.23
keydawnawe.com (1)	586690	2020-10-08 16:33:32	2023-05-06 10:06:03	404	1507	172.255.6.95
cdn.cloudimagesb.com (1)	23099	2021-02-12 17:15:41	2023-05-06 06:59:35	443	33428	45.133.44.10
api.purpleads.io (7)	146037	2020-02-18 07:59:38	2023-05-06 10:06:04	5301	3769	3.228.155.150
cdn.prplads.com (2)	unknown	2023-02-20 12:56:34	2023-05-06 13:02:43	828	235312	104.26.2.51
img.vmmcdn.com (1)	36292	2019-11-26 11:59:17	2023-05-05 11:07:16	405	85588	46.4.121.113
platform.bidgear.com (2)	30367	2016-07-27 13:51:48	2023-05-06 12:45:35	899	7468	172.67.74.36
parrecleftne.xyz (1)	unknown	2022-12-18 10:40:16	2023-05-06 10:06:04	457	736	52.85.242.51
sageistic.com (1)	unknown	2022-11-29 19:50:04	2023-05-06 03:25:12	1851	1176	172.67.201.134
workhovdiminatedi.info (7)	unknown	2023-04-27 10:35:04	2023-05-06 10:44:28	6298	4003	188.114.97.1
syndication.exdynsrv.com (2)	34243	2016-04-20 20:35:15	2023-05-06 05:22:35	1310	2274	95.211.229.247
accounts.google.com (6)	81	2016-03-20 13:44:49	2023-05-06 08:42:40	3643	13055	142.250.74.77
prebid.a-mo.net (3)	1148	2020-07-14 19:45:55	2023-05-06 06:38:40	1607	719	147.75.84.158

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

HTTP Transactions (99)

URL IP Response Size

ocsp.sectigo.com/

172.64.155.188

471

URL

ocsp.sectigo.com/
IP

172.64.155.188:0
ASN

#13335 CLOUDFLARENET

Magic

data

Size

471
Hash

947d33200febe263b75c67d50890ab8b

1edccc0cbbd64f0d6457b0c832563e8ec220fa4a

8e41e228b6762acc899b676c536d58df4a7e6ecc78d996f8bc7674985f2c0cd7

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Date: Sat, 06 May 2023 15:17:06 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 05 May 2023 11:25:45 GMT
Expires: Fri, 12 May 2023 11:25:44 GMT
Etag: "1edccc0cbbd64f0d6457b0c832563e8ec220fa4a"
Cache-Control: max-age=503917,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7c32302968570b49-OSL

megaup.net/themes/flow/images/main_logo_inverted.png

91.209.70.182

200 OK

7137

URL GET HTTP/2

megaup.net/themes/flow/images/main_logo_inverted.png
IP

91.209.70.182:443
ASN

#43317 FNK LLC

Requested by

https://megaup.net/2wyih/E2GB.part12.rar
Certificate

IssuerSectigo Limited

Subject*.megaup.net

FingerprintEE:EF:A3:6B:57:FF:78:CA:ED:05:12:5B:C3:7F:36:53:C6:F9:53:2A

ValiditySat, 17 Sep 2022 00:00:00 GMT - Wed, 18 Oct 2023 23:59:59 GMT

Magic

PNG image data, 203 x 40, 8-bit/color RGBA, non-interlaced\012- data

Size

7137
Hash

5d15526be10b904a6b48d1af04a10cc3

c09b6874359ac6d71db95593618a9acb55baa984

894d25472e0f890edf235e8f66fbeda7ea75043632924ecb82691d76bd7db018

HTTP Headers

                                        GET /themes/flow/images/main_logo_inverted.png HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2wyih/E2GB.part12.rar
DNT: 1
Connection: keep-alive
Cookie: filehosting=0lgi7l2cnbhh6np82hb0g12o52
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/2 200 OK
server: nginx
date: Sat, 06 May 2023 15:17:06 GMT
content-type: image/png
content-length: 7137
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: "60758f34-1be1"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
accept-ranges: bytes
X-Firefox-Spdy: h2

megaup.net/themes/flow/images/loading_small.gif

91.209.70.182

200 OK

184355

URL GET HTTP/2

megaup.net/themes/flow/images/loading_small.gif
IP

91.209.70.182:443
ASN

#43317 FNK LLC

Requested by

https://megaup.net/2wyih/E2GB.part12.rar
Certificate

IssuerSectigo Limited

Subject*.megaup.net

FingerprintEE:EF:A3:6B:57:FF:78:CA:ED:05:12:5B:C3:7F:36:53:C6:F9:53:2A

ValiditySat, 17 Sep 2022 00:00:00 GMT - Wed, 18 Oct 2023 23:59:59 GMT

Magic

GIF image data, version 89a, 64 x 64\012- data

Size

184355
Hash

b0dd5b3af9c4c0644d7bddee83716209

30002468d0266b893b3559b8d0d260c6cbf0ad7c

2418224bb4d12c122ef3c54d2ee9edb5f6f28d539e91a166b0215553f8c7609d

HTTP Headers

                                        GET /themes/flow/images/loading_small.gif HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2wyih/E2GB.part12.rar
DNT: 1
Connection: keep-alive
Cookie: filehosting=0lgi7l2cnbhh6np82hb0g12o52
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/2 200 OK
server: nginx
date: Sat, 06 May 2023 15:17:06 GMT
content-type: image/gif
content-length: 184355
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: "60758f34-2d023"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
accept-ranges: bytes
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

472

URL

ocsp.pki.goog/gts1c3
IP

142.250.74.131:0
ASN

#15169 GOOGLE

Magic

data

Size

472
Hash

cc2d9732ad7837eabab81ef7088f0f60

edbd3340ba4bf7b3510035a3d72d13a90ac6829a

e3006361ada40cd4ffdba6c0ecfd9e3c338e950de8075ee4f8c5066d712912b5

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 06 May 2023 15:17:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

dmmzkfd82wayn.cloudfront.net/?kzmmd=761186

54.230.245.161

188765

URL

dmmzkfd82wayn.cloudfront.net/?kzmmd=761186
IP

54.230.245.161:0
ASN

#16509 AMAZON-02

Magic

Unicode text, UTF-8 text, with very long lines (15948)

Size

188765
Hash

0f950111eedf973ae374a8930b205395

ad60cc7b30ba35738509542f74ce8108c0067ed9

a4eebd8608ecd98a622680b1a4236a8863f8c4fea4901edc479edfa200ee7ee6

HTTP Headers

                                        GET /?kzmmd=761186 HTTP/1.1
Host: dmmzkfd82wayn.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 200 OK
content-length: 188765
date: Sat, 06 May 2023 15:17:06 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Miss from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 20Bk4OdzEh0jeXhiVAjWGNQ3NtMi9NDQOQSXwBBEG5SruziTxFeUhg==
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=UA-108868042-1

142.250.74.168

45878

URL

www.googletagmanager.com/gtag/js?id=UA-108868042-1
IP

142.250.74.168:0
ASN

#15169 GOOGLE

Magic

ASCII text, with very long lines (2271)

Size

45878
Hash

f2e0b22788df95f9b87dcd7eb391021e

bfa65fa874ad75596038b98c99e10fc3b409d54a

c59ef3d362db4a0ac6c5d6dbb73dc74322fe7deeacf6ffbdd8a349fa471021b7

HTTP Headers

                                        GET /gtag/js?id=UA-108868042-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 06 May 2023 15:17:07 GMT
expires: Sat, 06 May 2023 15:17:07 GMT
cache-control: private, max-age=900
last-modified: Sat, 06 May 2023 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 45878
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

keydawnawe.com/gwZ1U5hjA8ii/32575

172.255.6.95

200 OK

URL GET HTTP/1.1

keydawnawe.com/gwZ1U5hjA8ii/32575
IP

172.255.6.95:443
ASN

#7979 SERVERS-COM

Requested by

https://megaup.net/2wyih/E2GB.part12.rar
Certificate

IssuerLet's Encrypt

Subjectkeydawnawe.com

FingerprintF7:57:30:58:C1:35:AA:9E:BA:6E:40:60:AF:90:29:A9:64:83:53:EA

ValidityThu, 13 Apr 2023 23:00:56 GMT - Wed, 12 Jul 2023 23:00:55 GMT

Magic

ASCII text, with no line terminators

Size

26
Hash

4e5d65669f8dcd928dad06adf883f025

d771713d758c3348dd7e5b38bb40c7935399ae46

0bebbf029fa045e4f462855e6c44edf8aaa36ded05b07a8ce456b67416d20c95

HTTP Headers

                                        GET /gwZ1U5hjA8ii/32575 HTTP/1.1
Host: keydawnawe.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Date: Sat, 06 May 2023 15:17:07 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://megaup.net
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
X-Frame-Options: SAMEORIGIN
Set-Cookie: GL_UI4=eJw9jU1Sg0AQhSH8RQ1oV3EAj8AQMcnSTVbegZphGhwD06lmQuLtHa3S3fteffVeEASr8hHCJY0husgGnl8aXe97Ve31tsZq34vda9UoIbp6u1PycIA7M7dOqhFdDOt5kuxat8SwGdAim67tSGMOT976a06WrjaGRLG0Oodk8saYQ6aYrjNyGUFs5YSQHQ1jTzdvyE9iiIQQPhvrc1jBiuYyKu4heTf2cis2aVAUaQAP51G6nnhqjfaYDCw1QvgG6046HIi%2FINM4nxydAWjU7b%2F%2Fe5qMP2uQalxM55HcB%2FI3ouZOdQ%3D%3D; expires=Sun, 07-May-2023 15:17:07 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJw9i8sKwjAURGuUYNVWBvwAf8D6QBdu1aXUhbgOtd6WYM0tTXzUr%2FcFruYwc8bzPDEIIXSJ3nIaLSfRfBZNF3M0c2KIeIdeylfjqlqZ5EKQMVf3pIasKNdsAnR%2FoFI%2BETrxbnQwZ8N38x8%2BtwCtVLs6gP%2BJrxu20dS2RLgq9GO45%2BLq3raFb8gpWxKd4K%2BTY0HjzX6L8N9%2Bz7KBtraqrPhRv7nv9IWebEhxlllyUqBxk%2BIFsdRBIw%3D%3D; expires=Sun, 07-May-2023 15:17:07 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

altowriestwispy.com/tysaSHG1FMaM/18410

172.255.6.153

URL

altowriestwispy.com/tysaSHG1FMaM/18410
IP

172.255.6.153:0
ASN

#7979 SERVERS-COM

Magic

ASCII text, with no line terminators

Size

25
Hash

d488addc5df5fc9b9ff4135bb4e3a823

6ce56f48e851df4d562b43d3bc1269a504ae83fc

d1e90b8aef655ca37932287e04cbda72092eb029fe90de2bac019c10d3431f60

HTTP Headers

                                        GET /tysaSHG1FMaM/18410 HTTP/1.1
Host: altowriestwispy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Date: Sat, 06 May 2023 15:17:07 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://megaup.net
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
X-Frame-Options: SAMEORIGIN
Set-Cookie: GL_UI4=eJw9jU1Sg0AQhSH8RQ1oV3EAj8AQMcnSTVbegZphGhwD06lmQuLtHa3S3fteffVeEASr8hHCJY0husgGnl8aXe97Ve31tsZq34vda9UoIbp6u1PycIA7M7dOqhFdDOt5kuxat8SwGdAim67tSGMOT976a06WrjaGRLG0Oodk8saYQ6aYrjNyGUFs5YSQHQ1jTzdvyE9iiIQQPhvrc1jBiuYyKu4heTf2cis2aVAUaQAP51G6nnhqjfaYDCw1QvgG6046HIi%2FINM4nxydAWjU7b%2F%2Fe5qMP2uQalxM55HcB%2FI3ouZOdQ%3D%3D; expires=Sun, 07-May-2023 15:17:07 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJw9i8sKwjAURGuUYNVWBvwAf8D6QBdu1aXUhbgOtd6WYM0tTXzUr%2FcFruYwc8bzPDEIIXSJ3nIaLSfRfBZNF3M0c2KIeIdeylfjqlqZ5EKQMVf3pIasKNdsAnR%2FoFI%2BETrxbnQwZ8N38x8%2BtwCtVLs6gP%2BJrxu20dS2RLgq9GO45%2BLq3raFb8gpWxKd4K%2BTY0HjzX6L8N9%2Bz7KBtraqrPhRv7nv9IWebEhxlllyUqBxk%2BIFsdRBIw%3D%3D; expires=Sun, 07-May-2023 15:17:07 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

megaup.net/themes/flow/frontend_assets/rs-plugin/css/settings.css

91.209.70.182

8113

URL

megaup.net/themes/flow/frontend_assets/rs-plugin/css/settings.css
IP

91.209.70.182:0
ASN

#43317 FNK LLC

Certificate

IssuerSectigo Limited

Subject*.megaup.net

FingerprintEE:EF:A3:6B:57:FF:78:CA:ED:05:12:5B:C3:7F:36:53:C6:F9:53:2A

ValiditySat, 17 Sep 2022 00:00:00 GMT - Wed, 18 Oct 2023 23:59:59 GMT

Magic

Unicode text, UTF-8 text, with CRLF line terminators

Size

8113
Hash

aaefa6bf55b7e19820650654597c1b3a

3ef28069176f760003c7d02bba272c91fadb9fb4

58d8afb8bd70194c1be7bac247132d0cd0a444ffa3aeffc9fef195b70b355656

HTTP Headers

                                        GET /themes/flow/frontend_assets/rs-plugin/css/settings.css HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/themes/flow/frontend_assets/css/All-stylesheets.css
DNT: 1
Connection: keep-alive
Cookie: filehosting=0lgi7l2cnbhh6np82hb0g12o52
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/2 200 OK
server: nginx
date: Sat, 06 May 2023 15:17:07 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-ce4b"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2

megaup.net/themes/flow/frontend_assets/fonts/raleway.woff

91.209.70.182

200 OK

31836

URL GET HTTP/2

megaup.net/themes/flow/frontend_assets/fonts/raleway.woff
IP

91.209.70.182:443
ASN

#43317 FNK LLC

Requested by

https://megaup.net/2wyih/E2GB.part12.rar
Certificate

IssuerSectigo Limited

Subject*.megaup.net

FingerprintEE:EF:A3:6B:57:FF:78:CA:ED:05:12:5B:C3:7F:36:53:C6:F9:53:2A

ValiditySat, 17 Sep 2022 00:00:00 GMT - Wed, 18 Oct 2023 23:59:59 GMT

Magic

Web Open Font Format, TrueType, length 31836, version 1.1\012- data

Size

31836
Hash

4514fa5a5b3d1e0b14aa32a7d068124a

e634977bfabc20ed15fe7ed03d3876cf68834b93

5b0f118d658eacc5740b10b0dc2ebbd99ee8e8262c72ff29bfcda48c02b19861

HTTP Headers

                                        GET /themes/flow/frontend_assets/fonts/raleway.woff HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://megaup.net/themes/flow/frontend_assets/css/fonts.css
DNT: 1
Connection: keep-alive
Cookie: filehosting=0lgi7l2cnbhh6np82hb0g12o52
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/2 200 OK
server: nginx
date: Sat, 06 May 2023 15:17:07 GMT
content-type: font/woff
content-length: 31836
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: "60758f34-7c5c"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
accept-ranges: bytes
X-Firefox-Spdy: h2

megaup.net/themes/flow/frontend_assets/css/fonts.css

91.209.70.182

31622

URL

megaup.net/themes/flow/frontend_assets/css/fonts.css
IP

91.209.70.182:0
ASN

#43317 FNK LLC

Certificate

IssuerSectigo Limited

Subject*.megaup.net

FingerprintEE:EF:A3:6B:57:FF:78:CA:ED:05:12:5B:C3:7F:36:53:C6:F9:53:2A

ValiditySat, 17 Sep 2022 00:00:00 GMT - Wed, 18 Oct 2023 23:59:59 GMT

Magic

ASCII text

Size

31622
Hash

74ba240e1223d3a29a09c80a614f1814

d6522a70fadf36ae7850667072efba38ede997a8

0b5c160ab39501b082427b6a739b6a2787daa3fc9cdf82c2305d4942454c517e

HTTP Headers

                                        GET /themes/flow/frontend_assets/css/fonts.css HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/themes/flow/frontend_assets/css/All-stylesheets.css
DNT: 1
Connection: keep-alive
Cookie: filehosting=0lgi7l2cnbhh6np82hb0g12o52
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/2 200 OK
server: nginx
date: Sat, 06 May 2023 15:17:07 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-690"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2

megaup.net/themes/flow/frontend_assets/css/animations/animate.min.css

91.209.70.182

36112

URL

megaup.net/themes/flow/frontend_assets/css/animations/animate.min.css
IP

91.209.70.182:0
ASN

#43317 FNK LLC

Certificate

IssuerSectigo Limited

Subject*.megaup.net

FingerprintEE:EF:A3:6B:57:FF:78:CA:ED:05:12:5B:C3:7F:36:53:C6:F9:53:2A

ValiditySat, 17 Sep 2022 00:00:00 GMT - Wed, 18 Oct 2023 23:59:59 GMT

Magic

ASCII text, with CRLF line terminators

Size

36112
Hash

358c4da36a6805f7bfff1c0facf3020e

d903c5ca0981f4baa4dafcae1e0cd5373231a85c

b9e5e85a04bc18b430bc2173f6fd0ec3384cdbe89e4dbd4ede142e8b2897bab3

HTTP Headers

                                        GET /themes/flow/frontend_assets/css/animations/animate.min.css HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/themes/flow/frontend_assets/css/All-stylesheets.css
DNT: 1
Connection: keep-alive
Cookie: filehosting=0lgi7l2cnbhh6np82hb0g12o52
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/2 200 OK
server: nginx
date: Sat, 06 May 2023 15:17:07 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-bc86"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2

megaup.net/themes/flow/frontend_assets/socialsider-v1.0/_fonts/socicon-webfont.woff

91.209.70.182

200 OK

20972

URL GET HTTP/2

megaup.net/themes/flow/frontend_assets/socialsider-v1.0/_fonts/socicon-webfont.woff
IP

91.209.70.182:443
ASN

#43317 FNK LLC

Requested by

https://megaup.net/2wyih/E2GB.part12.rar
Certificate

IssuerSectigo Limited

Subject*.megaup.net

FingerprintEE:EF:A3:6B:57:FF:78:CA:ED:05:12:5B:C3:7F:36:53:C6:F9:53:2A

ValiditySat, 17 Sep 2022 00:00:00 GMT - Wed, 18 Oct 2023 23:59:59 GMT

Magic

Web Open Font Format, TrueType, length 20972, version 1.0\012- data

Size

20972
Hash

cad75e2dacc6794c4e6b14727d4a989d

694d04c8f643df4100c23efc1463ac9f4e732f60

ebccc09339b7730324221aff3d11d215de9997b47bf708ca18a3be2d8e8b9887

HTTP Headers

                                        GET /themes/flow/frontend_assets/socialsider-v1.0/_fonts/socicon-webfont.woff HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://megaup.net/themes/flow/frontend_assets/socialsider-v1.0/_css/socialsider-v1.0.css
DNT: 1
Connection: keep-alive
Cookie: filehosting=0lgi7l2cnbhh6np82hb0g12o52
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/2 200 OK
server: nginx
date: Sat, 06 May 2023 15:17:07 GMT
content-type: font/woff
content-length: 20972
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: "60758f34-51ec"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
accept-ranges: bytes
X-Firefox-Spdy: h2

workhovdiminatedi.info/dGk0aVdbVlcaaiU8R10YIw1ODDBMJ2ExEVFbciowADFQByQ2KHIscQAAUFRgQlgFUWFSGV0NakVPRx02ABxHVGZSAFoPOElPQlRmWloAR2RGRwZPIklYEh0nFQ4JWHEEHUAFakVfDFpkTF8GW2BMUAY

188.114.97.1

URL

workhovdiminatedi.info/dGk0aVdbVlcaaiU8R10YIw1ODDBMJ2ExEVFbciowADFQByQ2KHIscQAAUFRgQlgFUWFSGV0NakVPRx02ABxHVGZSAFoPOElPQlRmWloAR2RGRwZPIklYEh0nFQ4JWHEEHUAFakVfDFpkTF8GW2BMUAY
IP

188.114.97.1:0
ASN

#13335 CLOUDFLARENET

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET /dGk0aVdbVlcaaiU8R10YIw1ODDBMJ2ExEVFbciowADFQByQ2KHIscQAAUFRgQlgFUWFSGV0NakVPRx02ABxHVGZSAFoPOElPQlRmWloAR2RGRwZPIklYEh0nFQ4JWHEEHUAFakVfDFpkTF8GW2BMUAY HTTP/1.1
Host: workhovdiminatedi.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 204 No Content
date: Sat, 06 May 2023 15:17:08 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k0%2B0%2F8XQtENXF2OR6ifWf1dV4TSKJrRX4icueEpKqZ%2Bu82kRLquvDTVFgi9LyB5%2BSqznT1tvJgVHKCx%2FoYGDsDSrRpXWvlA0EpULdcxt%2BgyCcN1rzUOXP%2FcLU0CeaY916lauxkygdq8p"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c323034de5db509-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

workhovdiminatedi.info/dnhKaENZRykbfhcgLhgNHBATOXJGPwkuKzQgCykPIT0YMgE3OWwcKhJFclp2T0l7TjMfHHdbcVALPgk3Awt3WnNGT2wBLRAXd1plAEV6RnpYSWRdZQNFe043BhktVXJQCD4cL0tJfFBwRUB8WnFBQXxa

188.114.97.1

URL

workhovdiminatedi.info/dnhKaENZRykbfhcgLhgNHBATOXJGPwkuKzQgCykPIT0YMgE3OWwcKhJFclp2T0l7TjMfHHdbcVALPgk3Awt3WnNGT2wBLRAXd1plAEV6RnpYSWRdZQNFe043BhktVXJQCD4cL0tJfFBwRUB8WnFBQXxa
IP

188.114.97.1:0
ASN

#13335 CLOUDFLARENET

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET /dnhKaENZRykbfhcgLhgNHBATOXJGPwkuKzQgCykPIT0YMgE3OWwcKhJFclp2T0l7TjMfHHdbcVALPgk3Awt3WnNGT2wBLRAXd1plAEV6RnpYSWRdZQNFe043BhktVXJQCD4cL0tJfFBwRUB8WnFBQXxa HTTP/1.1
Host: workhovdiminatedi.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/2 204 No Content
date: Sat, 06 May 2023 15:17:08 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bj75uj0cBr7neMFOk%2BdZ649S4Mv7pkUdXyW2P%2F%2BYyvg25qYVUB4VnaH9BLakR%2BCGlwUa5TIZS0GIv7FVjcYBw4yxONdLiRdgzgHoYuvR0dISahdCxmrANCdoRxGRSJc15k%2FQ4Pa%2BS5mw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c323034fe8ab509-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

workhovdiminatedi.info/ZVRDSnVKayA5SAAcKyYWMzwJHjMjFiIPGSoBBi4HNgE3HCRXFWU+HAFpe3hAXGVybAUMMH55R0MnNysBECd+e1MMOiUlSEMifnpbXHpyZEBDIX57UxEkIi1IVHIzPgEJaXJ8TVZne3xHV2N6fkU

188.114.97.1

204 No Content

URL GET HTTP/2

workhovdiminatedi.info/ZVRDSnVKayA5SAAcKyYWMzwJHjMjFiIPGSoBBi4HNgE3HCRXFWU+HAFpe3hAXGVybAUMMH55R0MnNysBECd+e1MMOiUlSEMifnpbXHpyZEBDIX57UxEkIi1IVHIzPgEJaXJ8TVZne3xHV2N6fkU
IP

188.114.97.1:443
ASN

#13335 CLOUDFLARENET

Requested by

https://megaup.net/2wyih/E2GB.part12.rar
Certificate

IssuerLet's Encrypt

Subjectworkhovdiminatedi.info

Fingerprint24:21:C6:9C:11:74:7D:7D:73:8F:98:35:FA:68:4E:DE:1A:86:04:CB

ValidityThu, 27 Apr 2023 07:34:32 GMT - Wed, 26 Jul 2023 07:34:31 GMT

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET /ZVRDSnVKayA5SAAcKyYWMzwJHjMjFiIPGSoBBi4HNgE3HCRXFWU+HAFpe3hAXGVybAUMMH55R0MnNysBECd+e1MMOiUlSEMifnpbXHpyZEBDIX57UxEkIi1IVHIzPgEJaXJ8TVZne3xHV2N6fkU HTTP/1.1
Host: workhovdiminatedi.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/2 204 No Content
date: Sat, 06 May 2023 15:17:08 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6CRYgaPy6eHLmvTs5Zb24IEQcf8naRZCt3kD0jSSCdYDamdo278u3mhp6xVVxbya0nPc3SPilmOOngXtgaL1%2FjDFGc2vDUOlEmylclek%2B82cC31xBtC%2BBg2WGeH1XE6TesDwdvN0uFcU"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c323034ee76b509-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

megaup.net/2wyih/E2GB.part12.rar

91.209.70.182

53430

URL

megaup.net/2wyih/E2GB.part12.rar
IP

91.209.70.182:0
ASN

#43317 FNK LLC

Certificate

IssuerSectigo Limited

Subject*.megaup.net

FingerprintEE:EF:A3:6B:57:FF:78:CA:ED:05:12:5B:C3:7F:36:53:C6:F9:53:2A

ValiditySat, 17 Sep 2022 00:00:00 GMT - Wed, 18 Oct 2023 23:59:59 GMT

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (58692), with CRLF, LF line terminators

Size

53430
Hash

d2a158218e62620f1fa3d15aab18490f

d07ab9e6d1588e3b33b6deac1812c9f42a522baf

55ff01594cc7167feebc55fe219b63921570749cde1cf552efc33d48799e692b

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - Suspicious Javascript code
urlquery	suspicious	Suspicious - Suspicious Javascript code

HTTP Headers

                                        GET /2wyih/E2GB.part12.rar HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 200 OK
server: nginx
date: Sat, 06 May 2023 15:17:06 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: filehosting=0lgi7l2cnbhh6np82hb0g12o52; expires=Sun, 07-May-2023 15:17:06 GMT; Max-Age=86400; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2

megaup.net/themes/flow/frontend_assets/css/isotope/isotope-style.css

91.209.70.182

1994

URL

megaup.net/themes/flow/frontend_assets/css/isotope/isotope-style.css
IP

91.209.70.182:0
ASN

#43317 FNK LLC

Certificate

IssuerSectigo Limited

Subject*.megaup.net

FingerprintEE:EF:A3:6B:57:FF:78:CA:ED:05:12:5B:C3:7F:36:53:C6:F9:53:2A

ValiditySat, 17 Sep 2022 00:00:00 GMT - Wed, 18 Oct 2023 23:59:59 GMT

Magic

ASCII text, with CRLF line terminators

Size

1994
Hash

6c0944b57dcfe8ca5400a84bbe86d26b

7ab4e527d2a205c6ecc91c9faa0e0f7603597b4e

297a6a43832be8c0f025f7e79ced9337351ca176ecc5957226d6ae22cd004289

HTTP Headers

                                        GET /themes/flow/frontend_assets/css/isotope/isotope-style.css HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/themes/flow/frontend_assets/css/All-stylesheets.css
DNT: 1
Connection: keep-alive
Cookie: filehosting=0lgi7l2cnbhh6np82hb0g12o52
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/2 200 OK
server: nginx
date: Sat, 06 May 2023 15:17:07 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-af3"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2

megaup.net/themes/flow/frontend_assets/css/colors/flow.css

91.209.70.182

200 OK

607

URL GET HTTP/2

megaup.net/themes/flow/frontend_assets/css/colors/flow.css
IP

91.209.70.182:443
ASN

#43317 FNK LLC

Requested by

https://megaup.net/2wyih/E2GB.part12.rar
Certificate

IssuerSectigo Limited

Subject*.megaup.net

FingerprintEE:EF:A3:6B:57:FF:78:CA:ED:05:12:5B:C3:7F:36:53:C6:F9:53:2A

ValiditySat, 17 Sep 2022 00:00:00 GMT - Wed, 18 Oct 2023 23:59:59 GMT

Magic

ASCII text, with CRLF line terminators

Size

607
Hash

19ad1bda239992f63af637ea1e1cee59

66b357714b557ae057181cf93a0dc65a28335f9a

feec239eaf8702166f705dfdbd766ddbe019bbf362765b0317eafe0904bd85da

HTTP Headers

                                        GET /themes/flow/frontend_assets/css/colors/flow.css HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2wyih/E2GB.part12.rar
DNT: 1
Connection: keep-alive
Cookie: filehosting=0lgi7l2cnbhh6np82hb0g12o52
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/2 200 OK
server: nginx
date: Sat, 06 May 2023 15:17:06 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-a83"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2

megaup.net/themes/flow/frontend_assets/socialsider-v1.0/_css/socialsider-v1.0.css

91.209.70.182

5210

URL

megaup.net/themes/flow/frontend_assets/socialsider-v1.0/_css/socialsider-v1.0.css
IP

91.209.70.182:0
ASN

#43317 FNK LLC

Certificate

IssuerSectigo Limited

Subject*.megaup.net

FingerprintEE:EF:A3:6B:57:FF:78:CA:ED:05:12:5B:C3:7F:36:53:C6:F9:53:2A

ValiditySat, 17 Sep 2022 00:00:00 GMT - Wed, 18 Oct 2023 23:59:59 GMT

Magic

Unicode text, UTF-8 text

Size

5210
Hash

8e702ba44c84aed9b3e7042a3289fdf6

e32085bc38c792c18e80eb3ad17c0e256c7b3c7c

81184f46e40fcfa13fe7fa2b8b716e2300272583b07edc97e4f6994f395c5988

HTTP Headers

                                        GET /themes/flow/frontend_assets/socialsider-v1.0/_css/socialsider-v1.0.css HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2wyih/E2GB.part12.rar
DNT: 1
Connection: keep-alive
Cookie: filehosting=0lgi7l2cnbhh6np82hb0g12o52
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/2 200 OK
server: nginx
date: Sat, 06 May 2023 15:17:06 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-8d4b"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2

kultingecauyuksehinkitw.info/VUFuTXk0Iw0gRjR8DGsMJy1TaEsTZFwLHTgsFCYfMXlcOhgsL0AuFTo0CisLOi8aYxcwNUt/PxwSAA8XMQcFPTEiKj0XE2EbL30VICcrCy4BBlc+Pj0QDAMDJQ8rHigmJDsuLRoCLGhLExMJBzwzO1oGOGUtHi87IgYpJ0xmFwkEGBovCg8oBxRXBjxkFTskSWMJGTUzBSgJFzwXAAYCKBwSLyNBcHMoCC86GyAnOA8CFipNN3EnJSgNJVgbLwMEDRkzFxcCCwgWBzgbKxEUBAURHAwIBREUCV41DxMUNBksAi4nGy8DBCU3AQMXKhsWMCoCBysdAxgcFXgiOh06PiMtCz8nBSsHIQcWAnsoAyUoKzE9AC8fSScNFhQwEQkWeTc5GygsPgcAPxw/PiQZaxMmLgA9RCMRG35OIQ0XeE8wcQ

52.85.242.41

1174

URL

kultingecauyuksehinkitw.info/VUFuTXk0Iw0gRjR8DGsMJy1TaEsTZFwLHTgsFCYfMXlcOhgsL0AuFTo0CisLOi8aYxcwNUt/PxwSAA8XMQcFPTEiKj0XE2EbL30VICcrCy4BBlc+Pj0QDAMDJQ8rHigmJDsuLRoCLGhLExMJBzwzO1oGOGUtHi87IgYpJ0xmFwkEGBovCg8oBxRXBjxkFTskSWMJGTUzBSgJFzwXAAYCKBwSLyNBcHMoCC86GyAnOA8CFipNN3EnJSgNJVgbLwMEDRkzFxcCCwgWBzgbKxEUBAURHAwIBREUCV41DxMUNBksAi4nGy8DBCU3AQMXKhsWMCoCBysdAxgcFXgiOh06PiMtCz8nBSsHIQcWAnsoAyUoKzE9AC8fSScNFhQwEQkWeTc5GygsPgcAPxw/PiQZaxMmLgA9RCMRG35OIQ0XeE8wcQ
IP

52.85.242.41:0
ASN

#16509 AMAZON-02

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3020), with no line terminators

Size

1174
Hash

75bffc192de00fb7c354e859ae72e0c0

11aed3198b7a790ea973866e2efb530fcfed6918

8a2292f84d0fdc08f9fc804ab315f2680a465d18243a1745378a38d39763013e

HTTP Headers

                                        GET /VUFuTXk0Iw0gRjR8DGsMJy1TaEsTZFwLHTgsFCYfMXlcOhgsL0AuFTo0CisLOi8aYxcwNUt/PxwSAA8XMQcFPTEiKj0XE2EbL30VICcrCy4BBlc+Pj0QDAMDJQ8rHigmJDsuLRoCLGhLExMJBzwzO1oGOGUtHi87IgYpJ0xmFwkEGBovCg8oBxRXBjxkFTskSWMJGTUzBSgJFzwXAAYCKBwSLyNBcHMoCC86GyAnOA8CFipNN3EnJSgNJVgbLwMEDRkzFxcCCwgWBzgbKxEUBAURHAwIBREUCV41DxMUNBksAi4nGy8DBCU3AQMXKhsWMCoCBysdAxgcFXgiOh06PiMtCz8nBSsHIQcWAnsoAyUoKzE9AC8fSScNFhQwEQkWeTc5GygsPgcAPxw/PiQZaxMmLgA9RCMRG35OIQ0XeE8wcQ HTTP/1.1
Host: kultingecauyuksehinkitw.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 200 OK
content-type: text/html
content-length: 1174
date: Sat, 06 May 2023 15:17:08 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 e0a5445a9b6b20c3399e57d2c05d4520.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN1-C1
x-amz-cf-id: EDUmt3AQZWViFIbmpuHVcXVvbcVYwEEPbXPJnw9CwlbA0c0E2Cl_PA==
X-Firefox-Spdy: h2

megaup.net/themes/flow/frontend_assets/css/stylesheet.css

91.209.70.182

200 OK

5744

URL GET HTTP/2

megaup.net/themes/flow/frontend_assets/css/stylesheet.css
IP

91.209.70.182:443
ASN

#43317 FNK LLC

Requested by

https://megaup.net/2wyih/E2GB.part12.rar
Certificate

IssuerSectigo Limited

Subject*.megaup.net

FingerprintEE:EF:A3:6B:57:FF:78:CA:ED:05:12:5B:C3:7F:36:53:C6:F9:53:2A

ValiditySat, 17 Sep 2022 00:00:00 GMT - Wed, 18 Oct 2023 23:59:59 GMT

Magic

ASCII text, with CRLF line terminators

Size

5744
Hash

da17513b8fc9e8ea38ec18d37062c282

2e0625918db327b97134e98f923d8244d1c2b9f0

550991f6b57cbc053c6db468b85ede54c6a6558f50328023ffd151b0ae7bf5ae

HTTP Headers

                                        GET /themes/flow/frontend_assets/css/stylesheet.css HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/themes/flow/frontend_assets/css/All-stylesheets.css
DNT: 1
Connection: keep-alive
Cookie: filehosting=0lgi7l2cnbhh6np82hb0g12o52
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/2 200 OK
server: nginx
date: Sat, 06 May 2023 15:17:07 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-6c82"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2

kultingecauyuksehinkitw.info/cnFHVUgTEyQ4dxNMJXM9AB16cHo0VHUTLB8cPT4uFkl1IikLH2k2JB0EIzM6HR8zeyYXBWJnDjcUARt9PB8oNxgwFRYHGQVHDwQ8PCUqMQEzGjMwByMBHRMJGgQDZw0HIhUcfBcydyIJCEQEBSRGHwZkAjoiDwAeJAkWMyoeSBMTCgYEFBcJEDkDEw0zHTAYAQorIwcwSgkCEA0XMAQUBCMGPzACGhYLEzARAQITJyU2Hw8EETR+AhFDBgIGJDMDFBQsFCI/EyswNCgABxoVAxQkQxkUAH0xJSAtGDMdfhkNJAYCBi8dHR8UHUUiEBsJNTQ3BywZXDQSACBBMBAkHhcUPR4+MywhAStBIBIbQ0AvBh4zJQQ/ERQmFh8sKyV/HRtCHX4GGjMhFQIBVBs0OiYCTDECHEMwBhsfOiEAIQw

52.85.242.41

1176

URL

kultingecauyuksehinkitw.info/cnFHVUgTEyQ4dxNMJXM9AB16cHo0VHUTLB8cPT4uFkl1IikLH2k2JB0EIzM6HR8zeyYXBWJnDjcUARt9PB8oNxgwFRYHGQVHDwQ8PCUqMQEzGjMwByMBHRMJGgQDZw0HIhUcfBcydyIJCEQEBSRGHwZkAjoiDwAeJAkWMyoeSBMTCgYEFBcJEDkDEw0zHTAYAQorIwcwSgkCEA0XMAQUBCMGPzACGhYLEzARAQITJyU2Hw8EETR+AhFDBgIGJDMDFBQsFCI/EyswNCgABxoVAxQkQxkUAH0xJSAtGDMdfhkNJAYCBi8dHR8UHUUiEBsJNTQ3BywZXDQSACBBMBAkHhcUPR4+MywhAStBIBIbQ0AvBh4zJQQ/ERQmFh8sKyV/HRtCHX4GGjMhFQIBVBs0OiYCTDECHEMwBhsfOiEAIQw
IP

52.85.242.41:0
ASN

#16509 AMAZON-02

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3022), with no line terminators

Size

1176
Hash

a471c6cedd07fb88a713e53032ee6c6b

b302485306c6cb28d38beaec3a6059a4bed3d586

fdd09b21a1e32337c7a8df7e4154216b14a75072c3d5d3dc44b92a4616588659

HTTP Headers

                                        GET /cnFHVUgTEyQ4dxNMJXM9AB16cHo0VHUTLB8cPT4uFkl1IikLH2k2JB0EIzM6HR8zeyYXBWJnDjcUARt9PB8oNxgwFRYHGQVHDwQ8PCUqMQEzGjMwByMBHRMJGgQDZw0HIhUcfBcydyIJCEQEBSRGHwZkAjoiDwAeJAkWMyoeSBMTCgYEFBcJEDkDEw0zHTAYAQorIwcwSgkCEA0XMAQUBCMGPzACGhYLEzARAQITJyU2Hw8EETR+AhFDBgIGJDMDFBQsFCI/EyswNCgABxoVAxQkQxkUAH0xJSAtGDMdfhkNJAYCBi8dHR8UHUUiEBsJNTQ3BywZXDQSACBBMBAkHhcUPR4+MywhAStBIBIbQ0AvBh4zJQQ/ERQmFh8sKyV/HRtCHX4GGjMhFQIBVBs0OiYCTDECHEMwBhsfOiEAIQw HTTP/1.1
Host: kultingecauyuksehinkitw.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/2 200 OK
content-type: text/html
content-length: 1176
date: Sat, 06 May 2023 15:17:08 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 e0a5445a9b6b20c3399e57d2c05d4520.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN1-C1
x-amz-cf-id: js88Z3R_8GtAdPjO88D9rqcspJBu203FhLG5zPHqObDwRpmu9CVjwA==
X-Firefox-Spdy: h2

workhovdiminatedi.info/T2pZaXVgVToaSBYGDxgiCSgLMCMjHABYASEyNFwcGi0hCywIAX8dHCtXbl9Bfl5oTwUmDmRYUzweOB0APFdoTxwhDDZUUzlXaEdGe0RqW1t9TCxURGkeKQgSclt/GQE7BmRYQ3dZalFDfVhhWUd4

188.114.97.1

URL

workhovdiminatedi.info/T2pZaXVgVToaSBYGDxgiCSgLMCMjHABYASEyNFwcGi0hCywIAX8dHCtXbl9Bfl5oTwUmDmRYUzweOB0APFdoTxwhDDZUUzlXaEdGe0RqW1t9TCxURGkeKQgSclt/GQE7BmRYQ3dZalFDfVhhWUd4
IP

188.114.97.1:0
ASN

#13335 CLOUDFLARENET

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET /T2pZaXVgVToaSBYGDxgiCSgLMCMjHABYASEyNFwcGi0hCywIAX8dHCtXbl9Bfl5oTwUmDmRYUzweOB0APFdoTxwhDDZUUzlXaEdGe0RqW1t9TCxURGkeKQgSclt/GQE7BmRYQ3dZalFDfVhhWUd4 HTTP/1.1
Host: workhovdiminatedi.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/2 204 No Content
date: Sat, 06 May 2023 15:17:08 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a5BNrmrustop9%2BwP4aZ0czTVQVdVPcGhHIQ%2FOYYPUu%2B73b5gx3nIeKehqRiWoFSyf1GYP5LXtcgGekFpUx9g2Lbhen09adwWLH%2FomAJznNdomEP1QwqYeTzqQOl9v2NixNlCBgyJ6Lm6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c3230356f43b509-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

megaup.net/imageads/018.png

91.209.70.182

146601

URL

megaup.net/imageads/018.png
IP

91.209.70.182:0
ASN

#43317 FNK LLC

Certificate

IssuerSectigo Limited

Subject*.megaup.net

FingerprintEE:EF:A3:6B:57:FF:78:CA:ED:05:12:5B:C3:7F:36:53:C6:F9:53:2A

ValiditySat, 17 Sep 2022 00:00:00 GMT - Wed, 18 Oct 2023 23:59:59 GMT

Magic

PNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced\012- data

Size

146601
Hash

5ba1f1952dec61ad3d20e31fea8e18a4

050f0c423abcd8f9bbf403f5afd29d554e75c843

4b77fb54700f27f8f6ae1a146e87ba3236b8d7edc76eca0c1946c8ab68cc2807

HTTP Headers

                                        GET /imageads/018.png HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/2wyih/E2GB.part12.rar
DNT: 1
Connection: keep-alive
Cookie: filehosting=0lgi7l2cnbhh6np82hb0g12o52
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/2 200 OK
server: nginx
date: Sat, 06 May 2023 15:17:08 GMT
content-type: image/png
content-length: 146601
last-modified: Sat, 15 Apr 2023 07:22:56 GMT
vary: Accept-Encoding
etag: "643a50d0-23ca9"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
accept-ranges: bytes
X-Firefox-Spdy: h2

platform.bidgear.com/media/img/b15.png

172.67.74.36

200 OK

649

URL GET HTTP/2

platform.bidgear.com/media/img/b15.png
IP

172.67.74.36:443
ASN

#13335 CLOUDFLARENET

Requested by

https://megaup.net/2wyih/E2GB.part12.rar
Certificate

IssuerCloudflare, Inc.

Subjectsni.cloudflaressl.com

Fingerprint96:B8:F2:6C:8B:F4:3C:4D:3F:C4:69:A4:B1:28:D0:CB:0A:E6:73:2B

ValidityMon, 01 May 2023 00:00:00 GMT - Tue, 30 Apr 2024 23:59:59 GMT

Magic

PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced\012- data

Size

649
Hash

d832fb80c97ff291b952757bb98240d2

63732e61a0784ed68fde494f83e4686a5c4bf7fa

7b35c11af8accdb40a14303dd3ae2762a97d2527933c56b6c9be6da2d0d11943

HTTP Headers

                                        GET /media/img/b15.png HTTP/1.1
Host: platform.bidgear.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://megaup.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/2 200 OK
date: Sat, 06 May 2023 15:17:08 GMT
content-type: image/png
content-length: 649
last-modified: Mon, 25 Jul 2022 09:43:33 GMT
etag: "62de65c5-289"
expires: Wed, 03 May 2023 17:48:03 GMT
cache-control: max-age=2592000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1315888
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FHrjnbtMt4PtgUIR9LIndi%2FVktHaxjZKUXfHiQQYOnBTk273MFSBAx41Hi%2F3xDrmFNdEEJnydk68JUBoNpU%2BYWwJUh6Wt9kwn1Un3t5wrMu%2FsKySgxDkuOnfH1VMZ65wn8o7jCiV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c323039d87fb4ee-OSL
X-Firefox-Spdy: h2

cdn.purpleads.io/agent.js?publisherId=70f4c4ca797b70742cf152daf589f184:5f7ccce17707939b2685f0f8203bd1c265e05e479bbfcec98eda491d5ef6d2861ecfe05a883293e58ee42e74b0a74acb04a21203cd5fc2e8d8ec9e7b994f7655

143.204.55.90

21906

URL

cdn.purpleads.io/agent.js?publisherId=70f4c4ca797b70742cf152daf589f184:5f7ccce17707939b2685f0f8203bd1c265e05e479bbfcec98eda491d5ef6d2861ecfe05a883293e58ee42e74b0a74acb04a21203cd5fc2e8d8ec9e7b994f7655
IP

143.204.55.90:0
ASN

#16509 AMAZON-02

Magic

HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (65522), with no line terminators

Size

21906
Hash

ff70d9f9fae24229f0d0a396a41b49da

0b85006adc466e582bfe2127e5d27aaefd2b7242

1467ef102058225b3b6ce597fe2acabb12e7032a4a6bbb11d0bf435b4f082bb4

HTTP Headers

                                        GET /agent.js?publisherId=70f4c4ca797b70742cf152daf589f184:5f7ccce17707939b2685f0f8203bd1c265e05e479bbfcec98eda491d5ef6d2861ecfe05a883293e58ee42e74b0a74acb04a21203cd5fc2e8d8ec9e7b994f7655 HTTP/1.1
Host: cdn.purpleads.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://megaup.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 200 OK
content-type: application/javascript
content-length: 21906
last-modified: Thu, 04 May 2023 11:04:57 GMT
x-amz-server-side-encryption: AES256
content-encoding: gzip
accept-ranges: bytes
server: AmazonS3
date: Sat, 06 May 2023 11:05:04 GMT
etag: "ff70d9f9fae24229f0d0a396a41b49da"
x-cache: Hit from cloudfront
via: 1.1 277d0e3af1ffdcb1ee40b7dc9f040146.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: UqxM7xGJfT69Gxd3SHA-7urzOID4aYGrTgb-gJgnR4QXEV5-55pEZw==
age: 15125
X-Firefox-Spdy: h2

a.exdynsrv.com/ad-provider.js

205.185.216.42

28967

URL

a.exdynsrv.com/ad-provider.js
IP

205.185.216.42:0
ASN

#20446 STACKPATH-CDN

Magic

ASCII text, with very long lines (54191)

Size

28967
Hash

6cebad4a9da95c68f459accf99eabf4a

7b5de6376d08e7ec1a06e28f371ee41dbd4dceb8

6474d9a8357ea8cc465c2ad9df9d8580765b4c1d39a6ce8a3853a4cfdf2549e2

HTTP Headers

                                        GET /ad-provider.js HTTP/1.1
Host: a.exdynsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://megaup.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Date: Sat, 06 May 2023 15:17:08 GMT
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 28967
Content-Type: application/javascript
Accept-Ranges: bytes
Cache-Control: max-age=10800
Server: nginx
etag: W/"5edd88b11d181710b873d5701fc"
X-HW: 1683386228.dop024.sk1.t,1683386228.cds202.sk1.shn,1683386228.dop024.sk1.t,1683386228.cds235.sk1.c
Access-Control-Allow-Origin: *, *

imp9.bidgear.com/rec?t=1&z=6192&uuid=725bf514e3ec4ebcb3503e45ca5ab543&p=28&g=NO&token=4a44335432&tbg=1683386228

172.67.74.36

200 OK

599

URL GET HTTP/2

imp9.bidgear.com/rec?t=1&z=6192&uuid=725bf514e3ec4ebcb3503e45ca5ab543&p=28&g=NO&token=4a44335432&tbg=1683386228
IP

172.67.74.36:443
ASN

#13335 CLOUDFLARENET

Requested by

https://megaup.net/2wyih/E2GB.part12.rar
Certificate

IssuerCloudflare, Inc.

Subjectsni.cloudflaressl.com

Fingerprint96:B8:F2:6C:8B:F4:3C:4D:3F:C4:69:A4:B1:28:D0:CB:0A:E6:73:2B

ValidityMon, 01 May 2023 00:00:00 GMT - Tue, 30 Apr 2024 23:59:59 GMT

Magic

JPEG image data, baseline, precision 8, 1x1, components 3\012- data

Size

599
Hash

ca49a7e783b806a4e8576ea80346203d

6fe9d083221dae98f6c76f7121c37bc884b02d82

3e9a98dd5f0a28ff4a059f33d760264a6db02786666ac1692095ebb976f5da28

HTTP Headers

                                        GET /rec?t=1&z=6192&uuid=725bf514e3ec4ebcb3503e45ca5ab543&p=28&g=NO&token=4a44335432&tbg=1683386228 HTTP/1.1
Host: imp9.bidgear.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://megaup.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/2 200 OK
date: Sat, 06 May 2023 15:17:08 GMT
content-type: image/jpeg
content-length: 599
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MCY5sd1PrFw971IjVhPSGzcVbGrRefS8P82zTHw7oMJtlsFzEyzGhoNSyilKX8NSfYP2htyZ0yScfebOU9fAX8BU7xOUxBJ5QRZ%2B%2FgcNcexKqeAXv6Miq8cELL%2FsGzR4Vzs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c323039c875b4ee-OSL
X-Firefox-Spdy: h2

ocsp.sectigo.com/

172.64.155.188

282

URL

ocsp.sectigo.com/
IP

172.64.155.188:0
ASN

#13335 CLOUDFLARENET

Magic

data

Size

282
Hash

65cbf96479b6e5f28134c5b6698fa966

5d6ae7e8ffeec296b373a12103d9cd30b53b65ae

eff9b817e9e453efb6981c8b36d6fb5932538460a995b65d6064325b69bfbdb2

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Date: Sat, 06 May 2023 15:17:08 GMT
Content-Type: application/ocsp-response
Content-Length: 282
Connection: keep-alive
Last-Modified: Thu, 04 May 2023 04:43:19 GMT
Expires: Thu, 11 May 2023 04:43:18 GMT
Etag: "5d6ae7e8ffeec296b373a12103d9cd30b53b65ae"
Cache-Control: max-age=393369,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7c323038588b0b49-OSL

dmmzkfd82wayn.cloudfront.net/EeFN5NnobPBdQRQw6HQtNTmdIAkteOQpZFAhuD2EuSRI4eC0wAz5CPl4nA1JHSHUVVxQfbl9TFBtuSBAbHDFEAlwMIxZdRx8xEEEeACALQwxeJhgLFxcpEFoWGXZLcE9WY1wESlArSAdfSxFcBEoUOhdDAl1hSU5CTgxPAl9LEVwESgolXAU7SWNAGEpRdk-sGHR0wEllfShVLBktIY0gGS11hSVATCjYfWQJdYT8HS0l9SRAPRWI

54.230.245.161

624

URL

dmmzkfd82wayn.cloudfront.net/EeFN5NnobPBdQRQw6HQtNTmdIAkteOQpZFAhuD2EuSRI4eC0wAz5CPl4nA1JHSHUVVxQfbl9TFBtuSBAbHDFEAlwMIxZdRx8xEEEeACALQwxeJhgLFxcpEFoWGXZLcE9WY1wESlArSAdfSxFcBEoUOhdDAl1hSU5CTgxPAl9LEVwESgolXAU7SWNAGEpRdk-sGHR0wEllfShVLBktIY0gGS11hSVATCjYfWQJdYT8HS0l9SRAPRWI
IP

54.230.245.161:0
ASN

#16509 AMAZON-02

Magic

ASCII text, with very long lines (869), with no line terminators

Size

624
Hash

318e59134a9f9b83631d92fedb186bf5

669bcbaa902dba7b8432ca3a357553c5c93c22a8

dbdb8b22cb8805ba210264df0adb1766a05c1da577df7707396594ca7c316104

HTTP Headers

                                        GET /EeFN5NnobPBdQRQw6HQtNTmdIAkteOQpZFAhuD2EuSRI4eC0wAz5CPl4nA1JHSHUVVxQfbl9TFBtuSBAbHDFEAlwMIxZdRx8xEEEeACALQwxeJhgLFxcpEFoWGXZLcE9WY1wESlArSAdfSxFcBEoUOhdDAl1hSU5CTgxPAl9LEVwESgolXAU7SWNAGEpRdk-sGHR0wEllfShVLBktIY0gGS11hSVATCjYfWQJdYT8HS0l9SRAPRWI HTTP/1.1
Host: dmmzkfd82wayn.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kultingecauyuksehinkitw.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/2 200 OK
content-length: 624
date: Sat, 06 May 2023 15:17:08 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: l_-shCPvRQMaFsO2J--FbVKvVEE4zlYMhVOO-QotWzQAFV-MP4QyFg==
X-Firefox-Spdy: h2

dmmzkfd82wayn.cloudfront.net/4MllSUXJRNjw3TUYwNmxKAGxrYEMUMyE+HEJkMBcGATwEBgQLfyYrFg9pdD0TXD5vdxdcOm9gVFM9MGxGFC0iPhkPLDw1F1QwPDQWFCwzbB9dIzs9HlN8YBdHHGl3Y0IaIWNgVwEbd2NCXjA8JAoXa2IpSgQGZGVXARt3Y0JAL3diMwNpa39CG3xgYRVXOj-k+VwAfYGFDAmljYUMXa2I3G0A8ND4KF2sUYEMDd2J3Bw9o

54.230.245.161

386

URL

dmmzkfd82wayn.cloudfront.net/4MllSUXJRNjw3TUYwNmxKAGxrYEMUMyE+HEJkMBcGATwEBgQLfyYrFg9pdD0TXD5vdxdcOm9gVFM9MGxGFC0iPhkPLDw1F1QwPDQWFCwzbB9dIzs9HlN8YBdHHGl3Y0IaIWNgVwEbd2NCXjA8JAoXa2IpSgQGZGVXARt3Y0JAL3diMwNpa39CG3xgYRVXOj-k+VwAfYGFDAmljYUMXa2I3G0A8ND4KF2sUYEMDd2J3Bw9o
IP

54.230.245.161:0
ASN

#16509 AMAZON-02

Magic

ASCII text, with very long lines (489), with no line terminators

Size

386
Hash

0749c5ec8b0d902afbe6bc24c60f96d9

ef4cf20e64a6873ea8446e88f87b5a048b486918

8437461bb736740f27fd354e4273f6fc69849455b8f7b32296355e332328b136

HTTP Headers

                                        GET /4MllSUXJRNjw3TUYwNmxKAGxrYEMUMyE+HEJkMBcGATwEBgQLfyYrFg9pdD0TXD5vdxdcOm9gVFM9MGxGFC0iPhkPLDw1F1QwPDQWFCwzbB9dIzs9HlN8YBdHHGl3Y0IaIWNgVwEbd2NCXjA8JAoXa2IpSgQGZGVXARt3Y0JAL3diMwNpa39CG3xgYRVXOj-k+VwAfYGFDAmljYUMXa2I3G0A8ND4KF2sUYEMDd2J3Bw9o HTTP/1.1
Host: dmmzkfd82wayn.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kultingecauyuksehinkitw.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/2 200 OK
content-length: 386
date: Sat, 06 May 2023 15:17:08 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ODXkMK5zTD8lQpJh3Q1NOD4WDiuOrBNM2D6V_9vZMvoLIEts9SF36Q==
X-Firefox-Spdy: h2

theharityhild.buzz/Um1abkYpTykZGScfNkx8cAUuGjYhV3VBKzcKOxs2fAM%2FGmkhGnQENXBBeB0rNE9gX2pwHjcYZGhPbkB1cEF4Gic1MjMKZGhPYl10ZF5pTGpwHi8MGTsJaEx8cAtiXXUxXW4Ma2QIagxrZgk4XmtrWWJZazRbPwsjMQg5DSUxCHgT

52.20.131.174

502 Bad Gateway

627

Report Overview

URL

IP

ASN

Submitted

Access

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (61)

#1 JS:Script (size: 17848)

#2 JS:Script (size: 435844)

#3 JS:Script (size: 148)

#4 JS:Script (size: 56276)

#5 JS:Script (size: 614934)

#6 JS:Script (size: 88340)

#7 JS:Script (size: 334516)

#8 JS:Script (size: 483)

#9 JS:Script (size: 8063)

#10 JS:Script (size: 103036)

#11 JS:Script (size: 6)

#12 JS:Script (size: 59)

#13 JS:Script (size: 75466)

#14 JS:Script (size: 9255)

#15 JS:Script (size: 75082)

#16 JS:Script (size: 15314)

#17 JS:Script (size: 16045)

#18 JS:Script (size: 1690)

#19 JS:Script (size: 4074)

#20 JS:Script (size: 1644)

#21 JS:Script (size: 489)

#22 JS:Script (size: 69604)

#23 JS:Script (size: 971)

#24 JS:Script (size: 58837)

#25 JS:Script (size: 96381)

#26 JS:Script (size: 29110)

#27 JS:Script (size: 117904)

#28 JS:Script (size: 8854)

#29 JS:Script (size: 5)

#30 JS:Script (size: 7391)

#31 JS:Script (size: 197554)

#32 JS:Script (size: 5447)

#33 JS:Script (size: 2966)

#34 JS:Script (size: 4691)

#35 JS:Script (size: 6707)

#36 JS:Script (size: 775)

#37 JS:Script (size: 63744)

#38 JS:Script (size: 4249)

#39 JS:Script (size: 1326)

#40 JS:Script (size: 147)

#41 JS:Script (size: 5423)

#42 JS:Script (size: 595)

#43 JS:Script (size: 306)

#44 JS:Script (size: 85185)

#45 JS:Script (size: 5302)

#46 JS:Script (size: 3417)

#47 JS:Script (size: 1478)

#48 JS:Script (size: 2433)

#49 JS:Script (size: 1821)

#50 JS:Script (size: 2546)

#51 JS:Script (size: 1032)

#52 JS:Script (size: 2204)

#53 JS:Script (size: 5152)

#54 JS:Script (size: 544)

#55 JS:Script (size: 25071)

#56 JS:Script (size: 155)