Report - megaup.net/1dWkm/Switch_Keys

Report Overview

URL

megaup.net/1dWkm/Switch_Keys_16.0.2-Ziperto.zip
IP

91.209.70.182

ASN

#43317 FNK LLC
Submitted

2023-05-06T20:55:09Z

Access

public
Tags

suspicious
urlquery detections

Suspicious - Suspicious Javascript code

Detections

urlquery

7
Network Intrusion Detection

0
Threat Detection Systems

0

Domain Summary

Domain	Rank	First Seen	Last Seen	Sent	Received	IP
script.4dex.io (3)	2135	2018-07-23 12:04:27	2023-05-06 09:54:22	1237	48933	172.67.75.241
xml.serve-servee.com (2)	unknown	2022-06-18 09:06:23	2023-05-06 10:06:07	904	1378	172.64.131.18
ad.a-ads.com (1)	26970	2013-04-19 23:54:57	2023-05-06 11:54:11	519	12794	136.243.11.250
a.exdynsrv.com (1)	40663	2019-05-21 07:34:42	2023-05-06 06:38:39	400	29376	205.185.216.42
static.a-ads.com (1)	34827	2013-06-01 18:47:05	2023-05-06 06:38:39	472	42773	136.243.11.250
www.googletagmanager.com (1)	75	2013-05-22 04:07:37	2023-05-06 05:33:18	421	46462	142.250.74.168
dmmzkfd82wayn.cloudfront.net (6)	unknown	2021-03-18 18:00:47	2023-05-06 10:06:03	3537	193034	54.230.245.161
ocsp.pki.goog (4)	175	2018-07-01 08:43:07	2023-05-06 05:09:10	1332	2798	142.250.74.131
keydawnawe.com (1)	586690	2020-10-08 16:33:32	2023-05-06 10:06:03	404	1507	172.255.6.95
kultingecauyuksehinkitw.info (11)	unknown	2023-04-27 23:05:28	2023-05-06 11:30:27	8326	20674	52.85.242.76
imp9.bidgear.com (1)	34078	2021-03-15 12:09:09	2023-05-06 12:45:36	517	1121	104.26.3.107
theharityhild.buzz (1)	unknown	2022-10-20 09:00:21	2023-05-06 10:06:04	568	897	54.162.51.18
ocsp.sectigo.com (1)	487	2019-11-29 12:50:24	2023-05-06 07:39:53	330	963	104.18.32.68
megaup.net (58)	179052	2017-09-01 20:45:15	2023-05-06 10:05:54	31217	2055748	91.209.70.182
nativiser-prebid.smart-hub.io (2)	unknown	2022-12-14 13:53:24	2023-05-06 13:02:44	958	333	8.2.109.53
s3t3d2y8.afcdn.net (1)	unknown	2022-08-09 00:22:56	2023-05-06 05:33:36	471	10396	185.76.9.15
prebid.a-mo.net (3)	1148	2020-07-14 19:45:55	2023-05-06 06:38:40	1607	719	147.75.84.158
workhovdiminatedi.info (10)	unknown	2023-04-27 10:35:04	2023-05-06 10:44:28	5983	5852	188.114.97.1
accounts.google.com (6)	81	2016-03-20 13:44:49	2023-05-06 08:42:40	3650	10805	142.250.74.109
parrecleftne.xyz (1)	unknown	2022-12-18 10:40:16	2023-05-06 10:06:04	457	736	52.85.242.12
platform.bidgear.com (2)	30367	2016-07-27 13:51:48	2023-05-06 12:45:35	885	4734	104.26.3.107
syndication.exdynsrv.com (2)	34243	2016-04-20 20:35:15	2023-05-06 05:22:35	1323	2280	95.211.229.247
pogothere.xyz (5)	unknown	2022-09-04 21:11:25	2023-05-06 11:52:50	2063	106745	172.64.173.27
static.serve-servee.com (2)	unknown	2022-06-18 05:19:30	2023-05-06 10:06:08	882	13541	172.64.131.18
api.purpleads.io (8)	146037	2020-02-18 07:59:38	2023-05-06 10:06:04	5966	5828	52.7.3.14
mp.4dex.io (1)	2629	2019-01-03 14:51:11	2023-05-06 11:54:19	461	456	104.18.3.114
ocsp.godaddy.com (1)	698	2012-05-20 21:28:57	2023-05-06 05:09:28	330	2285	192.124.249.24
cdn.purpleads.io (1)	185817	2020-02-18 07:59:36	2023-05-06 11:21:28	572	75615	143.204.55.49
altowriestwispy.com (1)	951913	2021-02-24 11:44:10	2023-05-06 10:06:03	409	1506	172.255.6.33
ocsp.r2m02.amazontrust.com (1)	unknown	2022-10-12 16:01:39	2023-05-06 09:12:44	340	1006	54.230.80.227
cdn.prplads.com (3)	unknown	2023-02-20 12:56:34	2023-05-06 13:02:43	1389	746683	104.26.3.51

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

HTTP Transactions (142)

URL IP Response Size

ocsp.sectigo.com/

104.18.32.68

471

URL

ocsp.sectigo.com/
IP

104.18.32.68:0
ASN

#13335 CLOUDFLARENET

Magic

data

Size

471
Hash

947d33200febe263b75c67d50890ab8b

1edccc0cbbd64f0d6457b0c832563e8ec220fa4a

8e41e228b6762acc899b676c536d58df4a7e6ecc78d996f8bc7674985f2c0cd7

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Date: Sat, 06 May 2023 20:54:46 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 05 May 2023 11:25:45 GMT
Expires: Fri, 12 May 2023 11:25:44 GMT
Etag: "1edccc0cbbd64f0d6457b0c832563e8ec220fa4a"
Cache-Control: max-age=483657,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7c341ecf6fb10b49-OSL

megaup.net/themes/flow/images/main_logo_inverted.png

91.209.70.182

200 OK

7137

URL GET HTTP/2

megaup.net/themes/flow/images/main_logo_inverted.png
IP

91.209.70.182:443
ASN

#43317 FNK LLC

Requested by

https://megaup.net/1dWkm/Switch_Keys_16.0.2-Ziperto.zip
Certificate

IssuerSectigo Limited

Subject*.megaup.net

FingerprintEE:EF:A3:6B:57:FF:78:CA:ED:05:12:5B:C3:7F:36:53:C6:F9:53:2A

ValiditySat, 17 Sep 2022 00:00:00 GMT - Wed, 18 Oct 2023 23:59:59 GMT

Magic

PNG image data, 203 x 40, 8-bit/color RGBA, non-interlaced\012- data

Size

7137
Hash

5d15526be10b904a6b48d1af04a10cc3

c09b6874359ac6d71db95593618a9acb55baa984

894d25472e0f890edf235e8f66fbeda7ea75043632924ecb82691d76bd7db018

HTTP Headers

                                        GET /themes/flow/images/main_logo_inverted.png HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1dWkm/Switch_Keys_16.0.2-Ziperto.zip
DNT: 1
Connection: keep-alive
Cookie: filehosting=mc5anlo097b5u4jqmtmk7tu693
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/2 200 OK
server: nginx
date: Sat, 06 May 2023 20:54:47 GMT
content-type: image/png
content-length: 7137
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: "60758f34-1be1"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
accept-ranges: bytes
X-Firefox-Spdy: h2

dmmzkfd82wayn.cloudfront.net/?kzmmd=761186

54.230.245.161

200 OK

188766

URL GET HTTP/2

dmmzkfd82wayn.cloudfront.net/?kzmmd=761186
IP

54.230.245.161:443
ASN

#16509 AMAZON-02

Requested by

https://megaup.net/1dWkm/Switch_Keys_16.0.2-Ziperto.zip
Certificate

IssuerAmazon

Subject*.cloudfront.net

FingerprintBA:0F:CD:B3:EA:19:B2:9D:99:9B:51:2D:16:33:6B:D0:3F:31:A2:AB

ValidityThu, 08 Dec 2022 00:00:00 GMT - Thu, 07 Dec 2023 23:59:59 GMT

Magic

Unicode text, UTF-8 text, with very long lines (15948)

Size

188766
Hash

a198c53488be5509cd2469335ceb1977

1825cc877dd2c157d00c5f74cdf25bda345073ab

85605e73b3e4d684a4ce8c453a7b0f528f016fe4cd73f58f4919d6344d199441

HTTP Headers

                                        GET /?kzmmd=761186 HTTP/1.1
Host: dmmzkfd82wayn.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 200 OK
content-length: 188766
date: Sat, 06 May 2023 20:54:03 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Hit from cloudfront
via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: i2Ukm47s2h8v8b3aArttRbZAPPu1KPgdSOqr4lmeaWBAI3GAOmERzA==
age: 44
X-Firefox-Spdy: h2

megaup.net/themes/flow/images/loading_small.gif

91.209.70.182

200 OK

184355

URL GET HTTP/2

megaup.net/themes/flow/images/loading_small.gif
IP

91.209.70.182:443
ASN

#43317 FNK LLC

Requested by

https://megaup.net/1dWkm/Switch_Keys_16.0.2-Ziperto.zip
Certificate

IssuerSectigo Limited

Subject*.megaup.net

FingerprintEE:EF:A3:6B:57:FF:78:CA:ED:05:12:5B:C3:7F:36:53:C6:F9:53:2A

ValiditySat, 17 Sep 2022 00:00:00 GMT - Wed, 18 Oct 2023 23:59:59 GMT

Magic

GIF image data, version 89a, 64 x 64\012- data

Size

184355
Hash

b0dd5b3af9c4c0644d7bddee83716209

30002468d0266b893b3559b8d0d260c6cbf0ad7c

2418224bb4d12c122ef3c54d2ee9edb5f6f28d539e91a166b0215553f8c7609d

HTTP Headers

                                        GET /themes/flow/images/loading_small.gif HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1dWkm/Switch_Keys_16.0.2-Ziperto.zip
DNT: 1
Connection: keep-alive
Cookie: filehosting=mc5anlo097b5u4jqmtmk7tu693
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/2 200 OK
server: nginx
date: Sat, 06 May 2023 20:54:47 GMT
content-type: image/gif
content-length: 184355
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: "60758f34-2d023"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
accept-ranges: bytes
X-Firefox-Spdy: h2

megaup.net/sw.js

91.209.70.182

200 OK

40365

URL GET HTTP/2

megaup.net/sw.js
IP

91.209.70.182:443
ASN

#43317 FNK LLC

Requested by

https://megaup.net/1dWkm/Switch_Keys_16.0.2-Ziperto.zip
Certificate

IssuerSectigo Limited

Subject*.megaup.net

FingerprintEE:EF:A3:6B:57:FF:78:CA:ED:05:12:5B:C3:7F:36:53:C6:F9:53:2A

ValiditySat, 17 Sep 2022 00:00:00 GMT - Wed, 18 Oct 2023 23:59:59 GMT

Magic

ASCII text, with very long lines (65536), with no line terminators

Size

40365
Hash

ba87aa473cd4b27e9aaf7b4580e9c347

5f634ad57839f1605a448223506ebd79a06feb4e

0c4852cfb56f4976d890ce4fc0257502671d6970bdefe9c8a684d5146c7ab7d4

HTTP Headers

                                        GET /sw.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1dWkm/Switch_Keys_16.0.2-Ziperto.zip
DNT: 1
Connection: keep-alive
Cookie: filehosting=mc5anlo097b5u4jqmtmk7tu693
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/2 200 OK
server: nginx
date: Sat, 06 May 2023 20:54:47 GMT
content-type: application/javascript
last-modified: Tue, 20 Dec 2022 16:15:31 GMT
vary: Accept-Encoding
etag: W/"63a1dfa3-1927c"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2

megaup.net/themes/flow/js/jquery.tmpl.min.js

91.209.70.182

200 OK

1050

URL GET HTTP/2

megaup.net/themes/flow/js/jquery.tmpl.min.js
IP

91.209.70.182:443
ASN

#43317 FNK LLC

Requested by

https://megaup.net/1dWkm/Switch_Keys_16.0.2-Ziperto.zip
Certificate

IssuerSectigo Limited

Subject*.megaup.net

FingerprintEE:EF:A3:6B:57:FF:78:CA:ED:05:12:5B:C3:7F:36:53:C6:F9:53:2A

ValiditySat, 17 Sep 2022 00:00:00 GMT - Wed, 18 Oct 2023 23:59:59 GMT

Magic

ASCII text, with very long lines (971), with no line terminators

Size

1050
Hash

a6958c72d3e8864483b772f893202485

87aa06de4fcbb06b7bef5f6ec9878f61d92076e9

fd9fd52892013df621e4e2b5062c914dd30d8ff78b4390e4ad7dfea19ec0f8ca

HTTP Headers

                                        GET /themes/flow/js/jquery.tmpl.min.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1dWkm/Switch_Keys_16.0.2-Ziperto.zip
DNT: 1
Connection: keep-alive
Cookie: filehosting=mc5anlo097b5u4jqmtmk7tu693
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/2 200 OK
server: nginx
date: Sat, 06 May 2023 20:54:47 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-3cb"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

472

URL

ocsp.pki.goog/gts1c3
IP

142.250.74.131:0
ASN

#15169 GOOGLE

Magic

data

Size

472
Hash

df9a61446a4aa3ddbe888c855736f8d0

6608e220dd3d235ffa6de04a27b3127283d0d984

da4050fecb9a095a59461305b38e676279eeb928f1936ef1085a4042bd8bed82

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 06 May 2023 20:54:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

keydawnawe.com/gwZ1U5hjA8ii/32575

172.255.6.95

200 OK

URL GET HTTP/1.1

keydawnawe.com/gwZ1U5hjA8ii/32575
IP

172.255.6.95:443
ASN

#7979 SERVERS-COM

Requested by

https://megaup.net/1dWkm/Switch_Keys_16.0.2-Ziperto.zip
Certificate

IssuerLet's Encrypt

Subjectkeydawnawe.com

FingerprintF7:57:30:58:C1:35:AA:9E:BA:6E:40:60:AF:90:29:A9:64:83:53:EA

ValidityThu, 13 Apr 2023 23:00:56 GMT - Wed, 12 Jul 2023 23:00:55 GMT

Magic

ASCII text, with no line terminators

Size

26
Hash

4e5d65669f8dcd928dad06adf883f025

d771713d758c3348dd7e5b38bb40c7935399ae46

0bebbf029fa045e4f462855e6c44edf8aaa36ded05b07a8ce456b67416d20c95

HTTP Headers

                                        GET /gwZ1U5hjA8ii/32575 HTTP/1.1
Host: keydawnawe.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Date: Sat, 06 May 2023 20:54:47 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://megaup.net
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
X-Frame-Options: SAMEORIGIN
Set-Cookie: GL_UI4=eJw9jU1Sg0AQhSH8RQ1oV3EAj8AQMcnSTVbegZphGhwD06lmQuLtHa3S3fteffVeEASr8hHCJY0husgGnl8aXe97Ve31tsZq34vda9UoIbp6u1PycIA7M7dOqhFdDOt5kuxat8SwGdAim67tSGMOT976a06WrjaGRLG0Oodk8saYQ6aYrjNyGUFs5YSQHQ1jTzdvyE9iiIQQPhvrc1jBiuYyKu4heTf2cis2aVAUaQAP51G6nnhqjfaYDCw1QvgG6046HIi%2FINM4nxydAWjU7b%2F%2Fe5qMP2uQalxM55HcB%2FI3ouZOdQ%3D%3D; expires=Sun, 07-May-2023 20:54:47 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJw9i8sKwjAURGuUYNVWBvwAf8D6QBdu1aXUhbgOtd6WYM0tTXzUr%2FcFruYwc8bzPDEIIXSJ3nIaLSfRfBZNF3M0c2KIeIdeylfjqlqZ5EKQMVf3pIasKNdsAnR%2FoFI%2BETrxbnQwZ8N38x8%2BtwCtVLs6gP%2BJrxu20dS2RLgq9GO45%2BLq3raFb8gpWxKd4K%2BTY0HjzX6L8N9%2Bz7KBtraqrPhRv7nv9IWebEhxlllyUqBxk%2BIFsdRBIw%3D%3D; expires=Sun, 07-May-2023 20:54:47 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

altowriestwispy.com/tysaSHG1FMaM/18410

172.255.6.33

200 OK

URL GET HTTP/1.1

altowriestwispy.com/tysaSHG1FMaM/18410
IP

172.255.6.33:443
ASN

#7979 SERVERS-COM

Requested by

https://megaup.net/1dWkm/Switch_Keys_16.0.2-Ziperto.zip
Certificate

IssuerLet's Encrypt

Subjectaltowriestwispy.com

FingerprintC3:95:E3:67:82:EA:18:9C:5A:2C:E7:4F:33:5E:9E:3A:E2:EE:4C:D8

ValiditySat, 25 Mar 2023 23:05:39 GMT - Fri, 23 Jun 2023 23:05:38 GMT

Magic

ASCII text, with no line terminators

Size

25
Hash

d488addc5df5fc9b9ff4135bb4e3a823

6ce56f48e851df4d562b43d3bc1269a504ae83fc

d1e90b8aef655ca37932287e04cbda72092eb029fe90de2bac019c10d3431f60

HTTP Headers

                                        GET /tysaSHG1FMaM/18410 HTTP/1.1
Host: altowriestwispy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Date: Sat, 06 May 2023 20:54:47 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://megaup.net
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
X-Frame-Options: SAMEORIGIN
Set-Cookie: GL_UI4=eJw9jU1Sg0AQhSH8RQ1oV3EAj8AQMcnSTVbegZphGhwD06lmQuLtHa3S3fteffVeEASr8hHCJY0husgGnl8aXe97Ve31tsZq34vda9UoIbp6u1PycIA7M7dOqhFdDOt5kuxat8SwGdAim67tSGMOT976a06WrjaGRLG0Oodk8saYQ6aYrjNyGUFs5YSQHQ1jTzdvyE9iiIQQPhvrc1jBiuYyKu4heTf2cis2aVAUaQAP51G6nnhqjfaYDCw1QvgG6046HIi%2FINM4nxydAWjU7b%2F%2Fe5qMP2uQalxM55HcB%2FI3ouZOdQ%3D%3D; expires=Sun, 07-May-2023 20:54:47 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJw9i8sKwjAURGuUYNVWBvwAf8D6QBdu1aXUhbgOtd6WYM0tTXzUr%2FcFruYwc8bzPDEIIXSJ3nIaLSfRfBZNF3M0c2KIeIdeylfjqlqZ5EKQMVf3pIasKNdsAnR%2FoFI%2BETrxbnQwZ8N38x8%2BtwCtVLs6gP%2BJrxu20dS2RLgq9GO45%2BLq3raFb8gpWxKd4K%2BTY0HjzX6L8N9%2Bz7KBtraqrPhRv7nv9IWebEhxlllyUqBxk%2BIFsdRBIw%3D%3D; expires=Sun, 07-May-2023 20:54:47 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

www.googletagmanager.com/gtag/js?id=UA-108868042-1

142.250.74.168

200 OK

45815

URL GET HTTP/2

www.googletagmanager.com/gtag/js?id=UA-108868042-1
IP

142.250.74.168:443
ASN

#15169 GOOGLE

Requested by

https://megaup.net/1dWkm/Switch_Keys_16.0.2-Ziperto.zip
Certificate

IssuerGoogle Trust Services LLC

Subject*.google-analytics.com

FingerprintCA:2C:8E:2F:14:74:84:57:8C:39:86:59:92:AC:A1:7C:C8:FA:99:CA

ValidityMon, 17 Apr 2023 08:16:32 GMT - Mon, 10 Jul 2023 08:16:31 GMT

Magic

ASCII text, with very long lines (2271)

Size

45815
Hash

e2d8f7e6b03700ebb9f09fd7b0401fc7

760006d157d86636c5652a44ce7d028c17de12df

e81ce179bf287d67f19c0a89eb91dd36adae3512a3636c67e2a7430cadb7ee23

HTTP Headers

                                        GET /gtag/js?id=UA-108868042-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 06 May 2023 20:54:47 GMT
expires: Sat, 06 May 2023 20:54:47 GMT
cache-control: private, max-age=900
last-modified: Sat, 06 May 2023 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 45815
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

megaup.net/themes/flow/js/jquery.iframe-transport.js

91.209.70.182

200 OK

10488

URL GET HTTP/2

megaup.net/themes/flow/js/jquery.iframe-transport.js
IP

91.209.70.182:443
ASN

#43317 FNK LLC

Requested by

https://megaup.net/1dWkm/Switch_Keys_16.0.2-Ziperto.zip
Certificate

IssuerSectigo Limited

Subject*.megaup.net

FingerprintEE:EF:A3:6B:57:FF:78:CA:ED:05:12:5B:C3:7F:36:53:C6:F9:53:2A

ValiditySat, 17 Sep 2022 00:00:00 GMT - Wed, 18 Oct 2023 23:59:59 GMT

Magic

ASCII text

Size

10488
Hash

f1d970289ffacb30a4a5b188b9759a8f

f5be1f35b61ceed65733ea938afdb3a38a931da4

d09aeb72aa26620a60e2c316d107d03445330a465e4a0493372feb343ec3e8a7

HTTP Headers

                                        GET /themes/flow/js/jquery.iframe-transport.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1dWkm/Switch_Keys_16.0.2-Ziperto.zip
DNT: 1
Connection: keep-alive
Cookie: filehosting=mc5anlo097b5u4jqmtmk7tu693
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/2 200 OK
server: nginx
date: Sat, 06 May 2023 20:54:47 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-2427"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2

megaup.net/themes/flow/frontend_assets/css/fonts.css

91.209.70.182

200 OK

32114

URL GET HTTP/2

megaup.net/themes/flow/frontend_assets/css/fonts.css
IP

91.209.70.182:443
ASN

#43317 FNK LLC

Requested by

https://megaup.net/1dWkm/Switch_Keys_16.0.2-Ziperto.zip
Certificate

IssuerSectigo Limited

Subject*.megaup.net

FingerprintEE:EF:A3:6B:57:FF:78:CA:ED:05:12:5B:C3:7F:36:53:C6:F9:53:2A

ValiditySat, 17 Sep 2022 00:00:00 GMT - Wed, 18 Oct 2023 23:59:59 GMT

Magic

ASCII text

Size

32114
Hash

8b24e683e2c5ef5d7a2b38cd790f7f70

dece3dd7e557d946c04c701e54251b61858830e3

5a4ecd804556d94135739c7180d5fd60dde71c1cd2360504ac843c4107349227

HTTP Headers

                                        GET /themes/flow/frontend_assets/css/fonts.css HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/themes/flow/frontend_assets/css/All-stylesheets.css
DNT: 1
Connection: keep-alive
Cookie: filehosting=mc5anlo097b5u4jqmtmk7tu693
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/2 200 OK
server: nginx
date: Sat, 06 May 2023 20:54:47 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-690"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2

megaup.net/themes/flow/frontend_assets/fonts/raleway_extrabold.woff

91.209.70.182

200 OK

31344

URL GET HTTP/2

megaup.net/themes/flow/frontend_assets/fonts/raleway_extrabold.woff
IP

91.209.70.182:443
ASN

#43317 FNK LLC

Requested by

https://megaup.net/1dWkm/Switch_Keys_16.0.2-Ziperto.zip
Certificate

IssuerSectigo Limited

Subject*.megaup.net

FingerprintEE:EF:A3:6B:57:FF:78:CA:ED:05:12:5B:C3:7F:36:53:C6:F9:53:2A

ValiditySat, 17 Sep 2022 00:00:00 GMT - Wed, 18 Oct 2023 23:59:59 GMT

Magic

Web Open Font Format, TrueType, length 31344, version 1.1\012- data

Size

31344
Hash

21f79e4c0fbe54a555170aa70bb4c8b7

9d4aaf2016cd21f16bc45089a48de84dba951fa7

2b638674bc57ad355ef2ecbd68e78ecb36bc323aaaf4ddeb9cd4f61bc5f26c42

HTTP Headers

                                        GET /themes/flow/frontend_assets/fonts/raleway_extrabold.woff HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://megaup.net/themes/flow/frontend_assets/css/fonts.css
DNT: 1
Connection: keep-alive
Cookie: filehosting=mc5anlo097b5u4jqmtmk7tu693
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/2 200 OK
server: nginx
date: Sat, 06 May 2023 20:54:47 GMT
content-type: font/woff
content-length: 31344
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: "60758f34-7a70"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
accept-ranges: bytes
X-Firefox-Spdy: h2

megaup.net/themes/flow/frontend_assets/fonts/raleway_semibold.woff

91.209.70.182

200 OK

31980

URL GET HTTP/2

megaup.net/themes/flow/frontend_assets/fonts/raleway_semibold.woff
IP

91.209.70.182:443
ASN

#43317 FNK LLC

Requested by

https://megaup.net/1dWkm/Switch_Keys_16.0.2-Ziperto.zip
Certificate

IssuerSectigo Limited

Subject*.megaup.net

FingerprintEE:EF:A3:6B:57:FF:78:CA:ED:05:12:5B:C3:7F:36:53:C6:F9:53:2A

ValiditySat, 17 Sep 2022 00:00:00 GMT - Wed, 18 Oct 2023 23:59:59 GMT

Magic

Web Open Font Format, TrueType, length 31980, version 1.1\012- data

Size

31980
Hash

99ac81a158028ac2023fb3350d2497e7

f08c12c91ab29282a616c3ba8e533f49b5b433ca

92a8c8eca8cfcfc53855bc48ba50b866704a00323c4e3089b564c939a668925d

HTTP Headers

                                        GET /themes/flow/frontend_assets/fonts/raleway_semibold.woff HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://megaup.net/themes/flow/frontend_assets/css/fonts.css
DNT: 1
Connection: keep-alive
Cookie: filehosting=mc5anlo097b5u4jqmtmk7tu693
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/2 200 OK
server: nginx
date: Sat, 06 May 2023 20:54:47 GMT
content-type: font/woff
content-length: 31980
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: "60758f34-7cec"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
accept-ranges: bytes
X-Firefox-Spdy: h2

megaup.net/themes/flow/js/jquery.fileupload-validate.js

91.209.70.182

200 OK

23084

URL GET HTTP/2

megaup.net/themes/flow/js/jquery.fileupload-validate.js
IP

91.209.70.182:443
ASN

#43317 FNK LLC

Requested by

https://megaup.net/1dWkm/Switch_Keys_16.0.2-Ziperto.zip
Certificate

IssuerSectigo Limited

Subject*.megaup.net

FingerprintEE:EF:A3:6B:57:FF:78:CA:ED:05:12:5B:C3:7F:36:53:C6:F9:53:2A

ValiditySat, 17 Sep 2022 00:00:00 GMT - Wed, 18 Oct 2023 23:59:59 GMT

Magic

ASCII text

Size

23084
Hash

7e14721b8cbbc71d9fc37e9d37b38fc3

0f42bbeadc20199a6cae0e51be456052455d8791

a58acac5ad4376cfdccd4a716d0243d7e070a05b3e58cc4a6b7774949decc13c

HTTP Headers

                                        GET /themes/flow/js/jquery.fileupload-validate.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1dWkm/Switch_Keys_16.0.2-Ziperto.zip
DNT: 1
Connection: keep-alive
Cookie: filehosting=mc5anlo097b5u4jqmtmk7tu693
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/2 200 OK
server: nginx
date: Sat, 06 May 2023 20:54:47 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-fea"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2

megaup.net/imageads/012.png

91.209.70.182

200 OK

141764

URL GET HTTP/2

megaup.net/imageads/012.png
IP

91.209.70.182:443
ASN

#43317 FNK LLC

Requested by

https://megaup.net/1dWkm/Switch_Keys_16.0.2-Ziperto.zip
Certificate

IssuerSectigo Limited

Subject*.megaup.net

FingerprintEE:EF:A3:6B:57:FF:78:CA:ED:05:12:5B:C3:7F:36:53:C6:F9:53:2A

ValiditySat, 17 Sep 2022 00:00:00 GMT - Wed, 18 Oct 2023 23:59:59 GMT

Magic

PNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced\012- data

Size

141764
Hash

f9a1d27cde281744b83f07019f9a00ff

7430124e45e3b0e3413e6bc582c2d27cd8804d6c

67d587f59bf10b9ac9e745071b5051d76790f40c440e52fccdeff3f6cc679fd8

HTTP Headers

                                        GET /imageads/012.png HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1dWkm/Switch_Keys_16.0.2-Ziperto.zip
DNT: 1
Connection: keep-alive
Cookie: filehosting=mc5anlo097b5u4jqmtmk7tu693
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/2 200 OK
server: nginx
date: Sat, 06 May 2023 20:54:47 GMT
content-type: image/png
content-length: 141764
last-modified: Sat, 15 Apr 2023 07:22:56 GMT
vary: Accept-Encoding
etag: "643a50d0-229c4"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
accept-ranges: bytes
X-Firefox-Spdy: h2

workhovdiminatedi.info/QXJkYXJuTQcSTxclKVAhLx4JNwUbRTdTCiMwClA7G0MpJhFxFUIVGyVPU1dDcEpSRwIoFllQVDIGBRUHMk9VRxsvFAtcVDdPVU9BdVxXU1xzVBFcQ2cGFAAVfENCEQY1HllQRHlBUFFEdUpcVEN3

188.114.97.1

204 No Content

URL GET HTTP/2

workhovdiminatedi.info/QXJkYXJuTQcSTxclKVAhLx4JNwUbRTdTCiMwClA7G0MpJhFxFUIVGyVPU1dDcEpSRwIoFllQVDIGBRUHMk9VRxsvFAtcVDdPVU9BdVxXU1xzVBFcQ2cGFAAVfENCEQY1HllQRHlBUFFEdUpcVEN3
IP

188.114.97.1:443
ASN

#13335 CLOUDFLARENET

Requested by

https://megaup.net/1dWkm/Switch_Keys_16.0.2-Ziperto.zip
Certificate

IssuerLet's Encrypt

Subjectworkhovdiminatedi.info

Fingerprint24:21:C6:9C:11:74:7D:7D:73:8F:98:35:FA:68:4E:DE:1A:86:04:CB

ValidityThu, 27 Apr 2023 07:34:32 GMT - Wed, 26 Jul 2023 07:34:31 GMT

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET /QXJkYXJuTQcSTxclKVAhLx4JNwUbRTdTCiMwClA7G0MpJhFxFUIVGyVPU1dDcEpSRwIoFllQVDIGBRUHMk9VRxsvFAtcVDdPVU9BdVxXU1xzVBFcQ2cGFAAVfENCEQY1HllQRHlBUFFEdUpcVEN3 HTTP/1.1
Host: workhovdiminatedi.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 204 No Content
date: Sat, 06 May 2023 20:54:47 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oZx9n4Qp7fNZ5Hzj6rp685h%2FKoUuIVow8sWGCFfTOybJI2YUmnx5Z63q7if4AmwWOIFijDvMW1jlgSttrvnjj9JysOAa21wC%2BegHvPPY5Xtnk8STg9PZWaXNmcR368eYvHHIJ%2Fy8zoTL"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c341ed519aab527-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

megaup.net/themes/flow/js/jquery.fileupload-resize.js

91.209.70.182

200 OK

6369

URL GET HTTP/2

megaup.net/themes/flow/js/jquery.fileupload-resize.js
IP

91.209.70.182:443
ASN

#43317 FNK LLC

Requested by

https://megaup.net/1dWkm/Switch_Keys_16.0.2-Ziperto.zip
Certificate

IssuerSectigo Limited

Subject*.megaup.net

FingerprintEE:EF:A3:6B:57:FF:78:CA:ED:05:12:5B:C3:7F:36:53:C6:F9:53:2A

ValiditySat, 17 Sep 2022 00:00:00 GMT - Wed, 18 Oct 2023 23:59:59 GMT

Magic

ASCII text

Size

6369
Hash

b26b0c830da098aa027a7876c95077a9

f63d4e322d1dca616011e82f201e817b8c2bbd8d

ed9e8920961933e604eaadc3b11a97f04425ce9160e175363622cb44733af4b0

HTTP Headers

                                        GET /themes/flow/js/jquery.fileupload-resize.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1dWkm/Switch_Keys_16.0.2-Ziperto.zip
DNT: 1
Connection: keep-alive
Cookie: filehosting=mc5anlo097b5u4jqmtmk7tu693
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/2 200 OK
server: nginx
date: Sat, 06 May 2023 20:54:47 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-1f7f"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2

megaup.net/themes/flow/js/jquery.dataTables.min.js

91.209.70.182

200 OK

19884

URL GET HTTP/2

megaup.net/themes/flow/js/jquery.dataTables.min.js
IP

91.209.70.182:443
ASN

#43317 FNK LLC

Requested by

https://megaup.net/1dWkm/Switch_Keys_16.0.2-Ziperto.zip
Certificate

IssuerSectigo Limited

Subject*.megaup.net

FingerprintEE:EF:A3:6B:57:FF:78:CA:ED:05:12:5B:C3:7F:36:53:C6:F9:53:2A

ValiditySat, 17 Sep 2022 00:00:00 GMT - Wed, 18 Oct 2023 23:59:59 GMT

Magic

ASCII text, with very long lines (768)

Size

19884
Hash

3023ccfc3ef173e88507d563b1940445

91ef6b5cf70dd2e3df6ce03be5c8ace3725d6eba

15177e00c96d39723c6e22e96d9763a84efc518740b747d3cc6e9521cf152c88

HTTP Headers

                                        GET /themes/flow/js/jquery.dataTables.min.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1dWkm/Switch_Keys_16.0.2-Ziperto.zip
DNT: 1
Connection: keep-alive
Cookie: filehosting=mc5anlo097b5u4jqmtmk7tu693
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/2 200 OK
server: nginx
date: Sat, 06 May 2023 20:54:47 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-10fe4"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2

megaup.net/themes/flow/frontend_assets/js/gauge.min.js

91.209.70.182

200 OK

4894

URL GET HTTP/2

megaup.net/themes/flow/frontend_assets/js/gauge.min.js
IP

91.209.70.182:443
ASN

#43317 FNK LLC

Requested by

https://megaup.net/1dWkm/Switch_Keys_16.0.2-Ziperto.zip
Certificate

IssuerSectigo Limited

Subject*.megaup.net

FingerprintEE:EF:A3:6B:57:FF:78:CA:ED:05:12:5B:C3:7F:36:53:C6:F9:53:2A

ValiditySat, 17 Sep 2022 00:00:00 GMT - Wed, 18 Oct 2023 23:59:59 GMT

Magic

ASCII text, with very long lines (1259)

Size

4894
Hash

b516f43866dda535b1a0c2d08d453249

5a62a48d18edaf0e48f69c268b7866c53fe64927

a16b67f0891967552e9028c07d1fdbfc2133ca3a4a46ac2c9acb3cc7dfd6d634

HTTP Headers

                                        GET /themes/flow/frontend_assets/js/gauge.min.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1dWkm/Switch_Keys_16.0.2-Ziperto.zip
DNT: 1
Connection: keep-alive
Cookie: filehosting=mc5anlo097b5u4jqmtmk7tu693
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/2 200 OK
server: nginx
date: Sat, 06 May 2023 20:54:47 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-45b8"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2

megaup.net/themes/flow/js/jquery.fileupload.js

91.209.70.182

200 OK

32730

URL GET HTTP/2

megaup.net/themes/flow/js/jquery.fileupload.js
IP

91.209.70.182:443
ASN

#43317 FNK LLC

Requested by

https://megaup.net/1dWkm/Switch_Keys_16.0.2-Ziperto.zip
Certificate

IssuerSectigo Limited

Subject*.megaup.net

FingerprintEE:EF:A3:6B:57:FF:78:CA:ED:05:12:5B:C3:7F:36:53:C6:F9:53:2A

ValiditySat, 17 Sep 2022 00:00:00 GMT - Wed, 18 Oct 2023 23:59:59 GMT

Magic

ASCII text

Size

32730
Hash

f239eea2d115493039a5f823a32f2ba2

d0cccc101d3eb17e9c50a6e7abb7ba18c8276df1

58c07878c055b54a9af8b4891d1d0b395a2bc0f4a4a3ac7e7f04ec78c0489483

HTTP Headers

                                        GET /themes/flow/js/jquery.fileupload.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1dWkm/Switch_Keys_16.0.2-Ziperto.zip
DNT: 1
Connection: keep-alive
Cookie: filehosting=mc5anlo097b5u4jqmtmk7tu693
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/2 200 OK
server: nginx
date: Sat, 06 May 2023 20:54:47 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-dbd4"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2

workhovdiminatedi.info/cUp6aWRedRkaWSIOOxMwJhhfWyIwGyBYMil+MCgKGR0ZOCkyLDw8QgUjHlRdRXNCX1BXOhMNWUByXBoQED4PGllAbBMHAh53XB9ZQGRKR1ZfeVwcWUBsDhkFFndLTxQFPhZUVUdySV1UR35CUVFEeQ

188.114.97.1

204 No Content

URL GET HTTP/2

workhovdiminatedi.info/cUp6aWRedRkaWSIOOxMwJhhfWyIwGyBYMil+MCgKGR0ZOCkyLDw8QgUjHlRdRXNCX1BXOhMNWUByXBoQED4PGllAbBMHAh53XB9ZQGRKR1ZfeVwcWUBsDhkFFndLTxQFPhZUVUdySV1UR35CUVFEeQ
IP

188.114.97.1:443
ASN

#13335 CLOUDFLARENET

Requested by

https://megaup.net/1dWkm/Switch_Keys_16.0.2-Ziperto.zip
Certificate

IssuerLet's Encrypt

Subjectworkhovdiminatedi.info

Fingerprint24:21:C6:9C:11:74:7D:7D:73:8F:98:35:FA:68:4E:DE:1A:86:04:CB

ValidityThu, 27 Apr 2023 07:34:32 GMT - Wed, 26 Jul 2023 07:34:31 GMT

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET /cUp6aWRedRkaWSIOOxMwJhhfWyIwGyBYMil+MCgKGR0ZOCkyLDw8QgUjHlRdRXNCX1BXOhMNWUByXBoQED4PGllAbBMHAh53XB9ZQGRKR1ZfeVwcWUBsDhkFFndLTxQFPhZUVUdySV1UR35CUVFEeQ HTTP/1.1
Host: workhovdiminatedi.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/2 204 No Content
date: Sat, 06 May 2023 20:54:48 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BtGEzmnaHcO9RrydWDHsePJdAj53HI3j293oMnfMQ3u%2BXwqgph98iYkLwL401pKGznzcf0pOeL9IoWottM8YBlqclHgOIl%2F%2BkanYhM5J1F8IbqhSdTNFSkicf87p5lMpC8Eyr40ITE3m"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c341ed54a09b527-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

megaup.net/themes/flow/js/zeroClipboard/ZeroClipboard.js

91.209.70.182

200 OK

9310

URL GET HTTP/2

megaup.net/themes/flow/js/zeroClipboard/ZeroClipboard.js
IP

91.209.70.182:443
ASN

#43317 FNK LLC

Requested by

https://megaup.net/1dWkm/Switch_Keys_16.0.2-Ziperto.zip
Certificate

IssuerSectigo Limited

Subject*.megaup.net

FingerprintEE:EF:A3:6B:57:FF:78:CA:ED:05:12:5B:C3:7F:36:53:C6:F9:53:2A

ValiditySat, 17 Sep 2022 00:00:00 GMT - Wed, 18 Oct 2023 23:59:59 GMT

Magic

ASCII text, with very long lines (1288)

Size

9310
Hash

252a7905d3783e80bc2a1134f57adfe7

73d1dfeeb71cbd15d5635fb73413a76dabcd174f

6a9b0338824e83eedd655dd0a77b6d17d818e40d725d7b732ef0bd793543f27d

HTTP Headers

                                        GET /themes/flow/js/zeroClipboard/ZeroClipboard.js HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1dWkm/Switch_Keys_16.0.2-Ziperto.zip
DNT: 1
Connection: keep-alive
Cookie: filehosting=mc5anlo097b5u4jqmtmk7tu693
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/2 200 OK
server: nginx
date: Sat, 06 May 2023 20:54:47 GMT
content-type: application/javascript
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-3bd2"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2

kultingecauyuksehinkitw.info/a201TW0KD1YgUgpQV2sYGQEIaF8tSAcLCQYATyYLD1UHOgwSAxsuAQQYUSsfBANBYwMOGRB/K14/YRcBOAB4IDo6HkYVKS0LdBUJCQ5SDzoOXEEnNSk0WQk5PiFxFQoJPXIcAyE+ZD48ACAQfy8sPnABOzwaZQcrDC5RfTgMOnQXXj4AexUsOAVQLj8qP3oqGh4uTX0KKD5/CSk/VXsBASEpZTonXzpCIhooBFksLyxUZwwaJSFQJjdYL159FD4DZBk7DAVyKRoyJ3w6XRw5Xg9ZPhcFAjgTO2MuPyU6dgg3WC9dLlU5A29+OyMdVCwaMSBXfCtaOGRgLBsudiI5PRpNHwk6CWMoASFcd30vXzhMAwstFA0LJgBYdCguPV13fD8AOAcDKTwlRmsHGAJbPVADX000PykCciQZ

52.85.242.76

200 OK

1172

URL GET HTTP/2

kultingecauyuksehinkitw.info/a201TW0KD1YgUgpQV2sYGQEIaF8tSAcLCQYATyYLD1UHOgwSAxsuAQQYUSsfBANBYwMOGRB/K14/YRcBOAB4IDo6HkYVKS0LdBUJCQ5SDzoOXEEnNSk0WQk5PiFxFQoJPXIcAyE+ZD48ACAQfy8sPnABOzwaZQcrDC5RfTgMOnQXXj4AexUsOAVQLj8qP3oqGh4uTX0KKD5/CSk/VXsBASEpZTonXzpCIhooBFksLyxUZwwaJSFQJjdYL159FD4DZBk7DAVyKRoyJ3w6XRw5Xg9ZPhcFAjgTO2MuPyU6dgg3WC9dLlU5A29+OyMdVCwaMSBXfCtaOGRgLBsudiI5PRpNHwk6CWMoASFcd30vXzhMAwstFA0LJgBYdCguPV13fD8AOAcDKTwlRmsHGAJbPVADX000PykCciQZ
IP

52.85.242.76:443
ASN

#16509 AMAZON-02

Requested by

https://megaup.net/1dWkm/Switch_Keys_16.0.2-Ziperto.zip
Certificate

IssuerAmazon

Subjectkultingecauyuksehinkitw.info

Fingerprint92:71:EB:2A:19:25:DF:1C:2A:8F:E3:1A:92:7B:DD:8F:18:79:39:0F

ValidityThu, 27 Apr 2023 00:00:00 GMT - Sat, 25 May 2024 23:59:59 GMT

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3015), with no line terminators

Size

1172
Hash

bd74d4545b0b76fd3342086c20921f5e

f77f0df8b65cb3aa6b370a966d1e8eadf9bbbc5b

5f4851174485b307b46a6abe377d6a4076ad892cbd1dc8629fd192b9fdbf645f

HTTP Headers

                                        GET /a201TW0KD1YgUgpQV2sYGQEIaF8tSAcLCQYATyYLD1UHOgwSAxsuAQQYUSsfBANBYwMOGRB/K14/YRcBOAB4IDo6HkYVKS0LdBUJCQ5SDzoOXEEnNSk0WQk5PiFxFQoJPXIcAyE+ZD48ACAQfy8sPnABOzwaZQcrDC5RfTgMOnQXXj4AexUsOAVQLj8qP3oqGh4uTX0KKD5/CSk/VXsBASEpZTonXzpCIhooBFksLyxUZwwaJSFQJjdYL159FD4DZBk7DAVyKRoyJ3w6XRw5Xg9ZPhcFAjgTO2MuPyU6dgg3WC9dLlU5A29+OyMdVCwaMSBXfCtaOGRgLBsudiI5PRpNHwk6CWMoASFcd30vXzhMAwstFA0LJgBYdCguPV13fD8AOAcDKTwlRmsHGAJbPVADX000PykCciQZ HTTP/1.1
Host: kultingecauyuksehinkitw.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/2 200 OK
content-type: text/html
content-length: 1172
date: Sat, 06 May 2023 20:54:47 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 ffa40c4091d11859ad05cf9748508c58.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN1-C1
x-amz-cf-id: rbwr-KOHi2MsXsAJKs_RfOQkSct0P03WJ5nrt5hegTqtliEhU3ikvA==
X-Firefox-Spdy: h2

kultingecauyuksehinkitw.info/NTltTTRUWw4gC1QED2tBR1VQaAZzHF8LUFhUFyZSUQFfOlVMV0MuWFpMCStGWlcZY1pQTUh/clZuASkEV38CeHt3ViYXZwEcXw9xc38ZL3N7fzoKQA1pPC5we3odPHpmSl4LcGBTJzVxUVsFdXZ6bVUZegVWGARwe3M1BUMHdwUieG8KGjRzUgADLAdwby4JXFtgXARtflM4dWdnaBoAcHR7Lw4MBWkvD395Qxk8c2R0CgBORmApFQ1afDgLd1RXVCFmcGgELAZvazU1XBALKxdhZHggN2VcfSghW1RQVABjUm8eFAVzXyoFDVlrL3lHUws8fGxiSQcoYRhrKysGXVcoOl8AdDklZm1RFSJuBW8OLFlBVz8YWFpYBwhQfVNVdXt0QScsdk1UPxsFBVgDCHZgbh5rXkZWAz0JdH4AA1ZiciYKDV5UDihwdg

52.85.242.76

200 OK

1185

URL GET HTTP/2

kultingecauyuksehinkitw.info/NTltTTRUWw4gC1QED2tBR1VQaAZzHF8LUFhUFyZSUQFfOlVMV0MuWFpMCStGWlcZY1pQTUh/clZuASkEV38CeHt3ViYXZwEcXw9xc38ZL3N7fzoKQA1pPC5we3odPHpmSl4LcGBTJzVxUVsFdXZ6bVUZegVWGARwe3M1BUMHdwUieG8KGjRzUgADLAdwby4JXFtgXARtflM4dWdnaBoAcHR7Lw4MBWkvD395Qxk8c2R0CgBORmApFQ1afDgLd1RXVCFmcGgELAZvazU1XBALKxdhZHggN2VcfSghW1RQVABjUm8eFAVzXyoFDVlrL3lHUws8fGxiSQcoYRhrKysGXVcoOl8AdDklZm1RFSJuBW8OLFlBVz8YWFpYBwhQfVNVdXt0QScsdk1UPxsFBVgDCHZgbh5rXkZWAz0JdH4AA1ZiciYKDV5UDihwdg
IP

52.85.242.76:443
ASN

#16509 AMAZON-02

Requested by

https://megaup.net/1dWkm/Switch_Keys_16.0.2-Ziperto.zip
Certificate

IssuerAmazon

Subjectkultingecauyuksehinkitw.info

Fingerprint92:71:EB:2A:19:25:DF:1C:2A:8F:E3:1A:92:7B:DD:8F:18:79:39:0F

ValidityThu, 27 Apr 2023 00:00:00 GMT - Sat, 25 May 2024 23:59:59 GMT

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3029), with no line terminators

Size

1185
Hash

7a470a4376d7c3daac333ea68498dc24

2c5b9a2f4d0e4b6ae300a101ebe97d4edbaf2a3c

0f8e06993faa7f3033283152381ad45021e2a00d2fd328ea0f78c8c795971f18

HTTP Headers

                                        GET /NTltTTRUWw4gC1QED2tBR1VQaAZzHF8LUFhUFyZSUQFfOlVMV0MuWFpMCStGWlcZY1pQTUh/clZuASkEV38CeHt3ViYXZwEcXw9xc38ZL3N7fzoKQA1pPC5we3odPHpmSl4LcGBTJzVxUVsFdXZ6bVUZegVWGARwe3M1BUMHdwUieG8KGjRzUgADLAdwby4JXFtgXARtflM4dWdnaBoAcHR7Lw4MBWkvD395Qxk8c2R0CgBORmApFQ1afDgLd1RXVCFmcGgELAZvazU1XBALKxdhZHggN2VcfSghW1RQVABjUm8eFAVzXyoFDVlrL3lHUws8fGxiSQcoYRhrKysGXVcoOl8AdDklZm1RFSJuBW8OLFlBVz8YWFpYBwhQfVNVdXt0QScsdk1UPxsFBVgDCHZgbh5rXkZWAz0JdH4AA1ZiciYKDV5UDihwdg HTTP/1.1
Host: kultingecauyuksehinkitw.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/2 200 OK
content-type: text/html
content-length: 1185
date: Sat, 06 May 2023 20:54:47 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 ffa40c4091d11859ad05cf9748508c58.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN1-C1
x-amz-cf-id: Bk6QPq2Uue9Gy0XXEv-aviS8OC2dehMtM_mdnEOWLcIN-n1SoUEIMQ==
X-Firefox-Spdy: h2

workhovdiminatedi.info/d0R0b0xYexcccS0QGCUtMCwnKxQ1HSEpfDshMlopIhVBWBkhL1IbJRN5Q1l4RnBFSTweIEleagQwFRs5BHlFSSUZIhtSagF5RUF/Q2pHXWJFYgFSfVEwBA4rSnVSHzgDKEleek93QF96Q3xMWnpD

188.114.97.1

204 No Content

URL GET HTTP/2

workhovdiminatedi.info/d0R0b0xYexcccS0QGCUtMCwnKxQ1HSEpfDshMlopIhVBWBkhL1IbJRN5Q1l4RnBFSTweIEleagQwFRs5BHlFSSUZIhtSagF5RUF/Q2pHXWJFYgFSfVEwBA4rSnVSHzgDKEleek93QF96Q3xMWnpD
IP

188.114.97.1:443
ASN

#13335 CLOUDFLARENET

Requested by

https://megaup.net/1dWkm/Switch_Keys_16.0.2-Ziperto.zip
Certificate

IssuerLet's Encrypt

Subjectworkhovdiminatedi.info

Fingerprint24:21:C6:9C:11:74:7D:7D:73:8F:98:35:FA:68:4E:DE:1A:86:04:CB

ValidityThu, 27 Apr 2023 07:34:32 GMT - Wed, 26 Jul 2023 07:34:31 GMT

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET /d0R0b0xYexcccS0QGCUtMCwnKxQ1HSEpfDshMlopIhVBWBkhL1IbJRN5Q1l4RnBFSTweIEleagQwFRs5BHlFSSUZIhtSagF5RUF/Q2pHXWJFYgFSfVEwBA4rSnVSHzgDKEleek93QF96Q3xMWnpD HTTP/1.1
Host: workhovdiminatedi.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/2 204 No Content
date: Sat, 06 May 2023 20:54:48 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HqMuChiRIRXfEGjOjy9gerGj%2BmDPEnKTGfn4r6smDZNZ7ypMRpG6AJ%2FGQqhgfIWE6vwi%2FR911CnDv2xV0M157%2BvLxSxg3zCpmISePklKdb2u0qfUIpY7h4si5lkjqE6JPOupcyCbWded"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c341ed55a1bb527-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

kultingecauyuksehinkitw.info/ZzNQaE4GUTMFcQYOMk47FV9tTXwhFmIuKgpeKgMoAwtiHy8eXX4LIghGNA48CF0kRiACR3VaCFFkBAN7Nl4dXhgLUDswDVZiCDB3BlEBKQwDdTRNfCFmYAc6I2A7LSoAajkmI1ZWMyotAGc3UBgga2kmHx5pNQkcXmUZH35CARIqDF9dFDwhInAXOQ03ZSMtKgxmIz8PNkUUKwA2ZQNcDQFyJE18IVdgWT4vciQRHR52GSsJA2IXEDkrUDdQOTEDJ14cCkAaORYXZRIPdilpYSksL3IkEQs0CzMrKSlgMTkPP1A7GHYkRDsEDA1DAz4jA2EYHz0tUGEmPiRyfQQ0NV4jIhYeQAI4CF5kHwMUFVUnADQyXTMiBh1XNQkPQVkjByAXDh8sDwhnN1o6HkRmPzQ

52.85.242.76

200 OK

1158

URL GET HTTP/2

kultingecauyuksehinkitw.info/ZzNQaE4GUTMFcQYOMk47FV9tTXwhFmIuKgpeKgMoAwtiHy8eXX4LIghGNA48CF0kRiACR3VaCFFkBAN7Nl4dXhgLUDswDVZiCDB3BlEBKQwDdTRNfCFmYAc6I2A7LSoAajkmI1ZWMyotAGc3UBgga2kmHx5pNQkcXmUZH35CARIqDF9dFDwhInAXOQ03ZSMtKgxmIz8PNkUUKwA2ZQNcDQFyJE18IVdgWT4vciQRHR52GSsJA2IXEDkrUDdQOTEDJ14cCkAaORYXZRIPdilpYSksL3IkEQs0CzMrKSlgMTkPP1A7GHYkRDsEDA1DAz4jA2EYHz0tUGEmPiRyfQQ0NV4jIhYeQAI4CF5kHwMUFVUnADQyXTMiBh1XNQkPQVkjByAXDh8sDwhnN1o6HkRmPzQ
IP

52.85.242.76:443
ASN

#16509 AMAZON-02

Requested by

https://megaup.net/1dWkm/Switch_Keys_16.0.2-Ziperto.zip
Certificate

IssuerAmazon

Subjectkultingecauyuksehinkitw.info

Fingerprint92:71:EB:2A:19:25:DF:1C:2A:8F:E3:1A:92:7B:DD:8F:18:79:39:0F

ValidityThu, 27 Apr 2023 00:00:00 GMT - Sat, 25 May 2024 23:59:59 GMT

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3001), with no line terminators

Size

1158
Hash

da752173af6dc36aba490143db3c270f

f8e81a47e19246ac4ac666a83f32ae81bea84f16

ae27259c70eb23f088bae0270062c1381c22d1b17317544febbb5a66bdc2295c

HTTP Headers

                                        GET /ZzNQaE4GUTMFcQYOMk47FV9tTXwhFmIuKgpeKgMoAwtiHy8eXX4LIghGNA48CF0kRiACR3VaCFFkBAN7Nl4dXhgLUDswDVZiCDB3BlEBKQwDdTRNfCFmYAc6I2A7LSoAajkmI1ZWMyotAGc3UBgga2kmHx5pNQkcXmUZH35CARIqDF9dFDwhInAXOQ03ZSMtKgxmIz8PNkUUKwA2ZQNcDQFyJE18IVdgWT4vciQRHR52GSsJA2IXEDkrUDdQOTEDJ14cCkAaORYXZRIPdilpYSksL3IkEQs0CzMrKSlgMTkPP1A7GHYkRDsEDA1DAz4jA2EYHz0tUGEmPiRyfQQ0NV4jIhYeQAI4CF5kHwMUFVUnADQyXTMiBh1XNQkPQVkjByAXDh8sDwhnN1o6HkRmPzQ HTTP/1.1
Host: kultingecauyuksehinkitw.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/2 200 OK
content-type: text/html
content-length: 1158
date: Sat, 06 May 2023 20:54:47 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 ffa40c4091d11859ad05cf9748508c58.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN1-C1
x-amz-cf-id: 4ZwrB9AJfnd0wOB1IxNdtmrNtZuhHOFkS3Jc4GR6DwZyk2PWoVyT6w==
X-Firefox-Spdy: h2

platform.bidgear.com/async.php?domainid=5593&sizeid=12&zoneid=6192&k=1683406488602

104.26.3.107

200 OK

2695

URL GET HTTP/2

platform.bidgear.com/async.php?domainid=5593&sizeid=12&zoneid=6192&k=1683406488602
IP

104.26.3.107:443
ASN

#13335 CLOUDFLARENET

Requested by

https://megaup.net/1dWkm/Switch_Keys_16.0.2-Ziperto.zip
Certificate

IssuerCloudflare, Inc.

Subjectsni.cloudflaressl.com

Fingerprint96:B8:F2:6C:8B:F4:3C:4D:3F:C4:69:A4:B1:28:D0:CB:0A:E6:73:2B

ValidityMon, 01 May 2023 00:00:00 GMT - Tue, 30 Apr 2024 23:59:59 GMT

Magic

HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (5423), with no line terminators

Size

2695
Hash

742d3806b8b40eeaab598bea709fdedb

0efae44a801bfe132fa72aac36b9af7ed154437f

cdecb6b983cc9008b7952d74134290f168c192e2aaf0cabfe86afef75f46fd4c

HTTP Headers

                                        GET /async.php?domainid=5593&sizeid=12&zoneid=6192&k=1683406488602 HTTP/1.1
Host: platform.bidgear.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 200 OK
date: Sat, 06 May 2023 20:54:48 GMT
content-type: application/javascript
vary: Accept-Encoding
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZXBxLHWsTUoaDKlL9SHQo4QQrLYKIHpTify6nedTwoATO57Yg4M3vm7mA4QVKUqBTffdpuuYPspEqlw5fe%2FJ6p73Igf1%2FhrEnkQUNlTD5rgYRvv5J%2BsiIrfyHJzaRvNxX1ncx43A"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c341ed58daab512-OSL
content-encoding: br
X-Firefox-Spdy: h2

megaup.net/1dWkm/Switch_Keys_16.0.2-Ziperto.zip

91.209.70.182

200 OK

54221

URL User Request GET HTTP/2

megaup.net/1dWkm/Switch_Keys_16.0.2-Ziperto.zip
IP

91.209.70.182:443
ASN

#43317 FNK LLC

Certificate

IssuerSectigo Limited

Subject*.megaup.net

FingerprintEE:EF:A3:6B:57:FF:78:CA:ED:05:12:5B:C3:7F:36:53:C6:F9:53:2A

ValiditySat, 17 Sep 2022 00:00:00 GMT - Wed, 18 Oct 2023 23:59:59 GMT

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (58692), with CRLF, LF line terminators

Size

54221
Hash

7a08588e7151b45c6bfc55fb03cd6ec9

a14edcb0f2f08bf07dc70b68b2e4b7cd69157490

d72ab98723f2def1999d2306c46046a48c7aa3bbcabd4a2cd29c2c18492021e6

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - Suspicious Javascript code
urlquery	suspicious	Suspicious - Suspicious Javascript code

HTTP Headers

                                        GET /1dWkm/Switch_Keys_16.0.2-Ziperto.zip HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 200 OK
server: nginx
date: Sat, 06 May 2023 20:54:47 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: filehosting=mc5anlo097b5u4jqmtmk7tu693; expires=Sun, 07-May-2023 20:54:47 GMT; Max-Age=86400; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2

megaup.net/themes/flow/frontend_assets/socialsider-v1.0/_css/socialsider-v1.0.css

91.209.70.182

200 OK

25940

URL GET HTTP/2

megaup.net/themes/flow/frontend_assets/socialsider-v1.0/_css/socialsider-v1.0.css
IP

91.209.70.182:443
ASN

#43317 FNK LLC

Requested by

https://megaup.net/1dWkm/Switch_Keys_16.0.2-Ziperto.zip
Certificate

IssuerSectigo Limited

Subject*.megaup.net

FingerprintEE:EF:A3:6B:57:FF:78:CA:ED:05:12:5B:C3:7F:36:53:C6:F9:53:2A

ValiditySat, 17 Sep 2022 00:00:00 GMT - Wed, 18 Oct 2023 23:59:59 GMT

Magic

Unicode text, UTF-8 text

Size

25940
Hash

f1167e248bda5a2106d51dd20163dc5a

38b1f04468356f0ad9084143e9fbf7dab3c07194

3ba1e11a03837d77c7c7704b2b4873858e4f91460f28e14d174ac8ef1e75c9bb

HTTP Headers

                                        GET /themes/flow/frontend_assets/socialsider-v1.0/_css/socialsider-v1.0.css HTTP/1.1
Host: megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://megaup.net/1dWkm/Switch_Keys_16.0.2-Ziperto.zip
DNT: 1
Connection: keep-alive
Cookie: filehosting=mc5anlo097b5u4jqmtmk7tu693
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/2 200 OK
server: nginx
date: Sat, 06 May 2023 20:54:47 GMT
content-type: text/css
last-modified: Tue, 13 Apr 2021 12:31:48 GMT
vary: Accept-Encoding
etag: W/"60758f34-8d4b"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
content-encoding: br
X-Firefox-Spdy: h2

a.exdynsrv.com/ad-provider.js

205.185.216.42

200 OK

28967

URL GET HTTP/1.1

a.exdynsrv.com/ad-provider.js

Report Overview

URL

IP

ASN

Submitted

Access

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (61)

#1 JS:Script (size: 103036)

#2 JS:Script (size: 4691)

#3 JS:Script (size: 75466)

#4 JS:Script (size: 58837)

#5 JS:Script (size: 148)

#6 JS:Script (size: 6707)

#7 JS:Script (size: 791)

#8 JS:Script (size: 2433)

#9 JS:Script (size: 1821)

#10 JS:Script (size: 1326)

#11 JS:Script (size: 63744)

#12 JS:Script (size: 88340)

#13 JS:Script (size: 69604)

#14 JS:Script (size: 85185)

#15 JS:Script (size: 9255)

#16 JS:Script (size: 1478)

#17 JS:Script (size: 8854)

#18 JS:Script (size: 483)

#19 JS:Script (size: 1690)

#20 JS:Script (size: 1032)

#21 JS:Script (size: 17848)

#22 JS:Script (size: 334516)

#23 JS:Script (size: 5302)

#24 JS:Script (size: 6)

#25 JS:Script (size: 29110)

#26 JS:Script (size: 197554)

#27 JS:Script (size: 59)

#28 JS:Script (size: 5)

#29 JS:Script (size: 306)

#30 JS:Script (size: 16045)

#31 JS:Script (size: 5423)

#32 JS:Script (size: 971)

#33 JS:Script (size: 3417)

#34 JS:Script (size: 147)

#35 JS:Script (size: 56276)

#36 JS:Script (size: 8063)

#37 JS:Script (size: 2204)

#38 JS:Script (size: 614934)

#39 JS:Script (size: 25071)

#40 JS:Script (size: 544)

#41 JS:Script (size: 7391)

#42 JS:Script (size: 5152)

#43 JS:Script (size: 117923)

#44 JS:Script (size: 75082)

#45 JS:Script (size: 1644)

#46 JS:Script (size: 435844)

#47 JS:Script (size: 595)

#48 JS:Script (size: 2976)

#49 JS:Script (size: 155)

#50 JS:Script (size: 4074)

#51 JS:Script (size: 4249)

#52 JS:Script (size: 96381)

#53 JS:Script (size: 15314)

#54 JS:Script (size: 5447)

#55 JS:Script (size: 2546)

#56 JS:Script (size: 493)