Report - download.megaup.net/?idurl=0lixLaV5L89JKamcHXUbeuIEpB%201peM2Sr6TYL5Xad5dPK5LBHQ%20CbEdNxSWoMKCx0xFPp9ZJoTN5pxZPRVqmig9Wnn/sIaafQujtkbIOwM=&idfilename=NEED.FOR.SPEED.UNDERGROUND.r%20ar&idfilesize=933.40%20MB

Report Overview

Visited public
2024-09-27 23:28:37
Tags
URL
download.megaup.net/?idurl=0lixLaV5L89JKamcHXUbeuIEpB%201peM2Sr6TYL5Xad5dPK5LBHQ%20CbEdNxSWoMKCx0xFPp9ZJoTN5pxZPRVqmig9Wnn/sIaafQujtkbIOwM=&idfilename=NEED.FOR.SPEED.UNDERGROUND.r%20ar&idfilesize=933.40%20MB
Finishing URL
download.megaup.net/?idurl=0lixLaV5L89JKamcHXUbeuIEpB%201peM2Sr6TYL5Xad5dPK5LBHQ%20CbEdNxSWoMKCx0xFPp9ZJoTN5pxZPRVqmig9Wnn/sIaafQujtkbIOwM=&idfilename=NEED.FOR.SPEED.UNDERGROUND.r%20ar&idfilesize=933.40%20MB
IP / ASN
104.21.57.204
#13335 CLOUDFLARENET
Title
Download Page - MegaUp

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
challenges.cloudflare.com	unknown	2009-02-17	2021-10-20 07:02:03	2024-09-27 18:24:03	2.7 kB	205 kB	104.18.94.41
o.pki.goog	unknown	2016-06-13	2024-04-24 13:44:57	2024-09-27 18:15:34	325 B	699 B	142.250.74.131
static.a-ads.com	34827	2012-07-07	2013-06-01 18:47:05	2024-09-27 20:27:29	470 B	638 kB	188.40.69.138
imp9.bidgear.com	34078	2011-08-30	2021-03-15 12:09:09	2024-09-27 19:17:52	525 B	494 B	104.26.2.107
s.magsrv.com	unknown	2023-08-01	2023-08-04 14:48:00	2024-09-27 19:30:13	2.3 kB	3.8 kB	95.211.229.248
adxbid.info	88498	2019-10-24	2019-10-29 09:29:52	2024-09-26 20:14:51	409 B	184 kB	104.21.48.215
a.magsrv.com	unknown	2023-08-01	2023-08-04 18:18:00	2024-09-27 19:29:41	814 B	346 kB	185.76.9.27
ad.a-ads.com	26970	2012-07-07	2013-04-19 23:54:57	2024-09-27 20:56:53	526 B	14 kB	188.40.69.138
geogenyveered.com	unknown	2024-04-21	2024-04-28 05:20:35	2024-09-26 13:04:01	418 B	1.5 kB	23.109.170.188
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2024-09-27 18:13:42	451 B	5.5 kB	142.250.74.106
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-09-27 18:12:10	327 B	888 B	23.36.76.226
download.megaup.net	973735	2004-06-24	2018-08-22 23:42:27	2024-09-26 19:03:44	10 kB	288 kB	104.21.57.204
floitcarites.com	unknown	2023-09-20	2023-09-20 14:32:12	2024-09-26 13:04:01	417 B	1.5 kB	23.109.170.170
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2024-09-27 20:11:54	530 B	49 kB	216.58.207.227
s3t3d2y8.afcdn.net	unknown	2022-06-27	2022-08-09 00:22:56	2024-09-27 19:20:00	956 B	38 kB	185.76.9.27
bidgear.com	40373	2011-08-30	2016-07-25 12:47:55	2024-09-26 15:49:04	434 B	723 B	0.0.0.0
platform.bidgear.com	30367	2011-08-30	2016-07-27 13:51:48	2024-09-27 17:38:35	444 B	3.2 kB	104.26.2.107

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2024-09-27	medium	adxbid.info/megaupnetdynamic.js	Unique code from Jetriz, Swid & Jeniva of the Tetris framework

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-09-27	medium	geogenyveered.com	Sinkholed
2024-09-27	medium	floitcarites.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (26)

	URL	From	Size	First Seen	Last Seen
	unknown	ScriptElement	317 B	2024-08-19	2024-12-30
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-19 14:57 Last Seen2024-12-30 22:42 Times Seen82 Hash 01aa3fdcd4d7e896dfbcaf7b18d30e64 305cff4c2d7a868730fbd86cfd14d57d4ef93d5a 60e18bd0cdacf8507ad2bd86e7079b7271977000d64cb10a56f5e4eb08ba2e06 Loading...

	a.magsrv.com/ad-provider.js	ScriptElement	172 kB	2024-09-11	2024-10-04
Pretty URL a.magsrv.com/ad-provider.js IP 185.76.9.27 ASN #60068 Datacamp Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-09-11 20:57 Last Seen2024-10-04 11:30 Times Seen177 Hash dcb1eff59c22dc59eb075cb353cd199a c8c45df07ac50cc678b80c6db02753acef817497 82116cb2f0df07e8cd1e1095af0dc9bb8814441d4795ceac57a0ab415f6b97cc Loading...

	adxbid.info/megaupnetdynamic.js	ScriptElement	637 kB	2024-09-18	2024-10-04
Pretty URL adxbid.info/megaupnetdynamic.js IP 104.21.48.215 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-09-18 04:23 Last Seen2024-10-04 11:26 Times Seen14 Hash 077624f003ef792c5c2ecc1396062398 7dc883f1b11e7dff8473fec2b2aa98fb8c8df381 498ca1157604a964d1b6dec1263fc3e2a7d36554a411ca57e614f409dcfd759f Loading...

	download.megaup.net/openads.js	ScriptElement	19 B	2024-02-13	2025-03-30
Pretty URL download.megaup.net/openads.js IP 172.67.192.50 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-13 00:44 Last Seen2025-03-30 06:24 Times Seen177 Hash 434342dfeeea46db90a1b6852a2518b0 f0b4cec9fd1fbd486e6124ae761d9fcb0eff3c6a 9fa3476eb33c29ae9d3cbb559e354caf2c38fa26e9340d773ad0b4bbb4e2798a Loading...

	geogenyveered.com/gqTrURsPwap1IWie/32575	ScriptElement	6 B	2023-03-07	2025-06-24
Pretty URL geogenyveered.com/gqTrURsPwap1IWie/32575 IP 23.109.170.188 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:31 Last Seen2025-06-24 04:30 Times Seen8665 Hash 4fc71bf68a1d477bd1523733e34d1e90 15119105cffbe108b6cf290146ab02c9aa8517ba 74c1971a5c7f3f1cfb81b7a0a8717cee5a45841844104566e00bbfca271943ce Loading...

	platform.bidgear.com/ads.php?domainid=5593&sizeid=12&zoneid=6192	ScriptElement	2.5 kB	2024-09-28	2024-09-28
Pretty URL platform.bidgear.com/ads.php?domainid=5593&sizeid=12&zoneid=6192 IP 104.26.2.107 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-09-28 07:03 Last Seen2024-09-28 07:03 Times Seen1 Hash da97eb931ad0b6dfb80d0cb73b7c120e bb79454fc673b62fd0606ba0f401759a06d32ff2 5757ad8e8ad137be62844a9a7e3e66f5f369598739f7187be79e02976ac073be Loading...

	unknown	ScriptElement	754 B	2024-05-18	2024-12-30
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-18 21:00 Last Seen2024-12-30 22:42 Times Seen146 Hash 0939316c021680aecede2f291a6ef8b4 ec808b3868c61b6ffd5683e38b5b3452de0c72c3 6ca47e77ef58a0787dc6d9e16bcad300200c82dbca6db61db4e6f94577550e0c Loading...

	download.megaup.net/?idurl=0lixLaV5L89JKamcHXUbeuIEpB%201peM2Sr6TYL5Xad5dPK5LBHQ%20CbEdNxSWoMKCx0xFPp9ZJoTN5pxZPRVqmig9Wnn/sIaafQujtkbIOwM=&idfilename=NEED.FOR.SPEED.UNDERGROUND.r%20ar&idfilesize=933.40%20MB	ScriptElement	0 B	0001-01-01	2025-06-24
Pretty URL download.megaup.net/?idurl=0lixLaV5L89JKamcHXUbeuIEpB%201peM2Sr6TYL5Xad5dPK5LBHQ%20CbEdNxSWoMKCx0xFPp9ZJoTN5pxZPRVqmig9Wnn/sIaafQujtkbIOwM=&idfilename=NEED.FOR.SPEED.UNDERGROUND.r%20ar&idfilesize=933.40%20MB IP 104.21.57.204 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-06-24 05:15 Times Seen5094596 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	unknown	ScriptElement	218 B	2024-07-06	2025-03-10
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-07-06 00:29 Last Seen2025-03-10 05:41 Times Seen130 Hash 8efbf066642eb619e967b6e1ef16cd69 d01d5f9ea600ca6d8fe6e14fa195d1899b902e88 0cbb73881afd7e95600e6c1266eb77902f73440709975de845f2b44cc4ce4fcc Loading...

	floitcarites.com/tMM4IflPX8xNPDE1/18410	ScriptElement	5 B	2023-03-07	2025-06-24
Pretty URL floitcarites.com/tMM4IflPX8xNPDE1/18410 IP 23.109.170.170 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14 Last Seen2025-06-24 03:44 Times Seen6425 Hash f7a2939527fd9e68723da600e96d76bd a9e717b6364d2895ee0a716050db32ca0ef1bb42 d810f5146f4cd1517512a6e31946e764a73c58fb01427aae88d42cc2ae28718a Loading...

		Size	First Seen	Last Seen
	#1 Eval - 90c5e02722e63afb3bd59c839b949f8f	28 B	2024-09-28 07:03	2024-09-28 07:03
Pretty Observations First Seen2024-09-28 07:03 Last Seen2024-09-28 07:03 Times Seen1 Hash 90c5e02722e63afb3bd59c839b949f8f 55e6938ae2cf46366ec48e361b3367c54910c3c6 9c160c7a24d7d7af4299a185d921cb82f7e97537ddd36801783ef5a21d8c8a82 Loading...

	#2 Eval - c2eaa2d50402a50f82f1b76af731a2bc	28 B	2024-09-28 07:03	2024-09-28 07:03
Pretty Observations First Seen2024-09-28 07:03 Last Seen2024-09-28 07:03 Times Seen1 Hash c2eaa2d50402a50f82f1b76af731a2bc 4a8d97d7132d2067b4dbbc97ae837618beb99699 b15ef3824c2ffbecfc23b9c745166a0aa3221a8ecf87072158b9f4b2c52889db Loading...

	#3 Eval - d7858f5c98c0985dfa7ec6f5796cd6ef	28 B	2024-09-28 07:03	2024-09-28 07:03
Pretty Observations First Seen2024-09-28 07:03 Last Seen2024-09-28 07:03 Times Seen1 Hash d7858f5c98c0985dfa7ec6f5796cd6ef 1376702b1f82adf8383fa98b83d1fa8e2bdb22c2 599f0763adeec044e8a265e704e97ae90bfab55ee2c3ac7c4614128e08299e44 Loading...

	#4 Eval - 644e9c9a53e4e4ebf674f682156c4c42	28 B	2024-09-28 07:03	2024-09-28 07:03
Pretty Observations First Seen2024-09-28 07:03 Last Seen2024-09-28 07:03 Times Seen1 Hash 644e9c9a53e4e4ebf674f682156c4c42 aa41acdcb8af1a786538d51125c5fd5dd6108066 ed2fdc3b966ab7a39a87192685e0583f6406cfcf099ecaea175e9ac5a5839383 Loading...

	#5 Eval - cf40f6852c9dddd89df3b6295818c4b2	28 B	2024-09-28 07:03	2024-09-28 07:03
Pretty Observations First Seen2024-09-28 07:03 Last Seen2024-09-28 07:03 Times Seen1 Hash cf40f6852c9dddd89df3b6295818c4b2 373b8be88e58a82de341e5f1c60af31b03e555e4 d8ef6b1c99b95d62a49128dc6d117b7366ff33c3eaf0242bc55f4d3348b3d1a3 Loading...

	#6 Eval - 12dde4c069f939d777df073674571bad	28 B	2024-09-28 07:03	2024-09-28 07:03
Pretty Observations First Seen2024-09-28 07:03 Last Seen2024-09-28 07:03 Times Seen1 Hash 12dde4c069f939d777df073674571bad 36b1e575d4eeb8bdd0c96a2bee10b400d16e5156 d5f75629e75d8dc679aff3d156fe1590972f0acdaad9c6b3f871097564a88a9f Loading...

	#7 Eval - 72e791048d6a2540fd19d50ae2fa699c	28 B	2024-09-28 07:03	2024-09-28 07:03
Pretty Observations First Seen2024-09-28 07:03 Last Seen2024-09-28 07:03 Times Seen1 Hash 72e791048d6a2540fd19d50ae2fa699c 0262aff76e0355c76f07110a84faac7d115d3fe0 e68c4f1f7ec9fda910a7eaa86c2a32951f7eadb5bccee6ff99365abf41699222 Loading...

	#8 Eval - 2e2bda8895354d34a7c3e469e4ade412	28 B	2024-09-28 07:03	2024-09-28 07:03
Pretty Observations First Seen2024-09-28 07:03 Last Seen2024-09-28 07:03 Times Seen1 Hash 2e2bda8895354d34a7c3e469e4ade412 24063411708ee57db97083b4d9bd395cff444ce0 6ef62dd0bf220cc0162d8684b4ca4471d6492381d18d3ffbe8cb08a055b96ac8 Loading...

	#9 Eval - 9e925e9341b490bfd3b4c4ca3b0c1ef2	4 B	2023-03-07 01:03	2025-06-24 05:15
Pretty Observations First Seen2023-03-07 01:03 Last Seen2025-06-24 05:15 Times Seen386003 Hash 9e925e9341b490bfd3b4c4ca3b0c1ef2 c2543fff3bfa6f144c2f06a7de6cd10c0b650cae 1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408 Loading...

	#10 Eval - 75f20d03269c670c8b139f02b7499729	28 B	2024-09-28 07:03	2024-09-28 07:03
Pretty Observations First Seen2024-09-28 07:03 Last Seen2024-09-28 07:03 Times Seen1 Hash 75f20d03269c670c8b139f02b7499729 fa0be57c22365a3e8d293781cdc0c561426e1881 a09bc9f6cc890081aad6739fdff58bae7cd7f20771077979526ee8af0d4600a6 Loading...

	#11 Eval - 6dcb86d173adba4474d5a13789f53f27	28 B	2024-09-28 07:03	2024-09-28 07:03
Pretty Observations First Seen2024-09-28 07:03 Last Seen2024-09-28 07:03 Times Seen1 Hash 6dcb86d173adba4474d5a13789f53f27 494185741530dc4d88476c1f69258aae04c61718 da28efdd772eb8d6505cdde21e251dcc99a01eb0446e8bf80f76a6ca6481b109 Loading...

	#12 Eval - f036066e7b6bdbc353844d85364ec912	28 B	2024-09-28 07:03	2024-09-28 07:03
Pretty Observations First Seen2024-09-28 07:03 Last Seen2024-09-28 07:03 Times Seen1 Hash f036066e7b6bdbc353844d85364ec912 3631a79108c14090aa96bd75c1410de83137bde8 6fe444beac7b085f56644da1077d53adf0fa5a1ea8d3a4860fdf1c30069f9edd Loading...

	#13 Eval - 1e81b107bd6544548ba355dc548583b6	60 B	2024-09-18 23:39	2024-10-11 09:19
Pretty Observations First Seen2024-09-18 23:39 Last Seen2024-10-11 09:19 Times Seen4556 Hash 1e81b107bd6544548ba355dc548583b6 2c7aa23790c78c0ec94f76f7f788418514854662 53c0e7f4f07676e3bfbd365915deeff1830ccea2890ff83899a22f85abff82a3 Loading...

	#14 Eval - db7f08131491833929b80d00e282860f	28 B	2024-09-28 07:03	2024-09-28 07:03
Pretty Observations First Seen2024-09-28 07:03 Last Seen2024-09-28 07:03 Times Seen1 Hash db7f08131491833929b80d00e282860f da72030002259a7f466bef751dd8e40b0d734499 d2a3821a83c72a732d8b08a69991c377b3c378e48a5eb81e9868b353e984056b Loading...

	#15 Eval - c3d32d348489e707498797f290b067d3	28 B	2024-09-28 07:03	2024-09-28 07:03
Pretty Observations First Seen2024-09-28 07:03 Last Seen2024-09-28 07:03 Times Seen1 Hash c3d32d348489e707498797f290b067d3 85e62818924bc16ec7f2cf4f4b50a54dde9218cd ddb4cfb060ecc6676981c37931cd23a0ca3651dc3bfc3da9758c1cbb3c613309 Loading...

		Size	First Seen	Last Seen
	#1 Write - 59b30ada5d5cb68765ee067296f7e31a	2.5 kB	2024-09-28 07:03	2024-09-28 07:03
Pretty Observations First Seen2024-09-28 07:03 Last Seen2024-09-28 07:03 Times Seen1 Hash 59b30ada5d5cb68765ee067296f7e31a 45658ae021f4cc24969a688ba860e7350fc93d98 0be4c33e8155f1894e804af22b30569df558bcf44953776bcc77225c330b8825 Loading...

HTTP Transactions (35)

URL IP Response Size

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
7a008f7018d5b98d787afdc07ddf2066
88ae935b7f05301000668ad6fb1d83f6a86e82b4
d98004d3571e1a51d26420f00a34d03ba467da831291574a99d2a920aabc60de

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "D98004D3571E1A51D26420F00A34D03BA467DA831291574A99D2A920AABC60DE"
Last-Modified: Fri, 27 Sep 2024 14:37:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14862
Expires: Sat, 28 Sep 2024 03:35:52 GMT
Date: Fri, 27 Sep 2024 23:28:10 GMT
Connection: keep-alive

GET download.megaup.net/?idurl=0lixLaV5L89JKamcHXUbeuIEpB%201peM2Sr6TYL5Xad5dPK5LBHQ%20CbEdNxSWoMKCx0xFPp9ZJoTN5pxZPRVqmig9Wnn/sIaafQujtkbIOwM=&idfilename=NEED.FOR.SPEED.UNDERGROUND.r%20ar&idfilesize=933.40%20MB

104.21.57.204

200 OK

5.3 kB

URL User Request GET HTTP/2
download.megaup.net/?idurl=0lixLaV5L89JKamcHXUbeuIEpB%201peM2Sr6TYL5Xad5dPK5LBHQ%20CbEdNxSWoMKCx0xFPp9ZJoTN5pxZPRVqmig9Wnn/sIaafQujtkbIOwM=&idfilename=NEED.FOR.SPEED.UNDERGROUND.r%20ar&idfilesize=933.40%20MB
IP
104.21.57.204:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectmegaup.net
Fingerprint40:9E:9D:AD:9A:8B:47:CA:AC:0C:2E:29:63:D0:1E:AD:D0:EB:37:0D
ValidityTue, 03 Sep 2024 16:31:03 GMT - Mon, 02 Dec 2024 16:31:02 GMT

File type
HTML document, ASCII text, with very long lines (8104), with no line terminators
Size
5.3 kB (5262 bytes)
Hash
d811d5a7f7de62ee89ce39782ddb4040
e182cb61078947d606f8cd1fde19c2fd67efb175
7ee26831dab741e2504d0ed1d53e12d6924461bbf568a82b3d881c72cbe8e4dd

HTTP Headers

GET /?idurl=0lixLaV5L89JKamcHXUbeuIEpB%201peM2Sr6TYL5Xad5dPK5LBHQ%20CbEdNxSWoMKCx0xFPp9ZJoTN5pxZPRVqmig9Wnn/sIaafQujtkbIOwM=&idfilename=NEED.FOR.SPEED.UNDERGROUND.r%20ar&idfilesize=933.40%20MB HTTP/1.1
Host: download.megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Date: Fri, 27 Sep 2024 23:28:11 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Critical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Content-Options: nosniff
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: vq/rfw2IKljXjAhcTVs76BqH40D0BGzT12/bHkRItVqW5Fzvgm77/TsmEvdHIZFE3I75Mf94n6pLisXYa/pccwoFDEiTNLoiz+jNNFh3Fl8DWIUVlbkTEE2mtgl2vsdBeOE4tqleNs2w4Y6XLEZYGg==$SMMmEKJYdio8xOrpCU+joA==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LZsxmRoTPs3MEe7IqSgrzWLn3kzdNmdsEnDKrECYa5y9po4zhL%2FwjNyMWz5srtpHHIvZMJWNtcbop5V12FiPZd0LXHpOT3pJ8n4IFti2FW6Rp6oBZ4%2FukwlkNFI63adCD2llNE8g"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Speculation-Rules: "/cdn-cgi/speculation"
Server: cloudflare
CF-RAY: 8c9f44c61f530b41-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

download.megaup.net/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=8c9f44c61f530b41

104.21.57.204

56 kB

URL
download.megaup.net/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=8c9f44c61f530b41
IP
104.21.57.204:0
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectmegaup.net
Fingerprint40:9E:9D:AD:9A:8B:47:CA:AC:0C:2E:29:63:D0:1E:AD:D0:EB:37:0D
ValidityTue, 03 Sep 2024 16:31:03 GMT - Mon, 02 Dec 2024 16:31:02 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
56 kB (56107 bytes)
Hash
18105cb02df699c7898b945162353b5e
02be6afff4028f902bc814069f1a80fa9055066a
36b0e2eab1075844b1e137107dc0e990b4018c54879d9cb8287827a5fc14eb6d

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=8c9f44c61f530b41 HTTP/1.1
Host: download.megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://download.megaup.net/?idurl=0lixLaV5L89JKamcHXUbeuIEpB%201peM2Sr6TYL5Xad5dPK5LBHQ%20CbEdNxSWoMKCx0xFPp9ZJoTN5pxZPRVqmig9Wnn/sIaafQujtkbIOwM=&idfilename=NEED.FOR.SPEED.UNDERGROUND.r%20ar&idfilesize=933.40%20MB&__cf_chl_rt_tk=IyoofHJltjfgKAfS3CLq04AVv4GKH128ctBk11._BnU-1727479691-0.0.1.1-2943
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 27 Sep 2024 23:28:11 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QR8D%2F%2FuNnZ3%2FdueMdLwHMoiPi6esR7kmseJCyiHeAmmFZaB3F17nuHM%2F6llh7nfSMCvkgGHsDAnP%2BhrerNOvLYUGoKQaaD1Z6uzo5MKl7wfaSGzqJhawOWYiQf1CUVpg9XNteybo"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8c9f44c7cf6a5695-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

download.megaup.net/favicon.ico

104.21.57.204

4.8 kB

URL
download.megaup.net/favicon.ico
IP
104.21.57.204:0
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectmegaup.net
Fingerprint40:9E:9D:AD:9A:8B:47:CA:AC:0C:2E:29:63:D0:1E:AD:D0:EB:37:0D
ValidityTue, 03 Sep 2024 16:31:03 GMT - Mon, 02 Dec 2024 16:31:02 GMT

File type
HTML document, ASCII text, with very long lines (7146), with no line terminators
Size
4.8 kB (4793 bytes)
Hash
6878e6831703de78ab6e5a1ccf4168aa
c9b249f57f9a8699be93a9b07c72594c9bc630ee
6a0043ca31191fee2013ed6d81a35a2c67f6a4fdf8ae26882b93be111536ed4b

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: download.megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://download.megaup.net/?idurl=0lixLaV5L89JKamcHXUbeuIEpB%201peM2Sr6TYL5Xad5dPK5LBHQ%20CbEdNxSWoMKCx0xFPp9ZJoTN5pxZPRVqmig9Wnn/sIaafQujtkbIOwM=&idfilename=NEED.FOR.SPEED.UNDERGROUND.r%20ar&idfilesize=933.40%20MB&__cf_chl_rt_tk=IyoofHJltjfgKAfS3CLq04AVv4GKH128ctBk11._BnU-1727479691-0.0.1.1-2943
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Date: Fri, 27 Sep 2024 23:28:11 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Critical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Content-Options: nosniff
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: i0QmLr7eEh3wlo6O0iMFdryRnj0c3hN3fmdkl88L0WpvkCiC7zb8Z4lUrmuwoEr2kPE0jlbM8nQGP061bDU0o1JRHnJrr+Dp0Fr2I3HAoIuVcwIzfeDSIk0zWe8chU5SydI7AKnIX6v3R+3pfkQRPg==$ECyDheOTF2BeSrGcdBq+Pw==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DvQen8Vi5XE4jgssxAft%2F0w7dIeYDh01yicYtubzqJghqXkjVTGkkNiTpZcNfB8y9suDjCDLyHmo%2Fx838Oj7Gpao4HybD%2BsmasUdqIa%2Fc9AMgB%2FgNBiaTeaXMDoOeKIZocrNgoyY"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Speculation-Rules: "/cdn-cgi/speculation"
Server: cloudflare
CF-RAY: 8c9f44c7ffa55695-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

download.megaup.net/favicon.ico

104.21.57.204

4.7 kB

URL
download.megaup.net/favicon.ico
IP
104.21.57.204:0
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectmegaup.net
Fingerprint40:9E:9D:AD:9A:8B:47:CA:AC:0C:2E:29:63:D0:1E:AD:D0:EB:37:0D
ValidityTue, 03 Sep 2024 16:31:03 GMT - Mon, 02 Dec 2024 16:31:02 GMT

File type
HTML document, ASCII text, with very long lines (7061), with no line terminators
Size
4.7 kB (4729 bytes)
Hash
08f6017df8187f8c00a122af72b640a9
edb0aaba86a46e92a3b800b4216975e717befddb
8dd3e24a4742078662fd035f3aa81665e52d9e3452f545f330cd4b141f23ddf8

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: download.megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://download.megaup.net/?idurl=0lixLaV5L89JKamcHXUbeuIEpB%201peM2Sr6TYL5Xad5dPK5LBHQ%20CbEdNxSWoMKCx0xFPp9ZJoTN5pxZPRVqmig9Wnn/sIaafQujtkbIOwM=&idfilename=NEED.FOR.SPEED.UNDERGROUND.r%20ar&idfilesize=933.40%20MB
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Date: Fri, 27 Sep 2024 23:28:11 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Critical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Content-Options: nosniff
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: 6FsYHIuBLHjSv/3R/auKtdHXG9BZG21f3PgT5IZ/xAOW0LEDFreZ5FdCM+0FXCD/9H3SXph9PsPTVJw2JqpJgIGix8xTW+9Rtn0Zt4IIRjbBsyocA8wo2A1L2xwHpvZxCm67CBQoxJy4nQRwyqwJdQ==$rBV/3IYNx4SEo9HjiiikSQ==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Xs9Sm1g7jUyDQi04JNLWOU0JDzNJ9c8%2Bl58F1EPyF9jDlqZtvZOtwKU8eO%2BsjvDFBJRBU42evw2H2AY8q3%2Bbk1ywaJpsnR9we6TppkIVjAaGQUQR%2Fx1w5rDAKzWjkvQk3yktOnou"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Speculation-Rules: "/cdn-cgi/speculation"
Server: cloudflare
CF-RAY: 8c9f44c83a9e0b45-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

download.megaup.net/cdn-cgi/challenge-platform/h/g/flow/ov1/1083872292:1727478739:ewlDDLQnZTBqiJlKcrCJVWJNyc6ETlE-N6Z4OtcNRBU/8c9f44c61f530b41/49e9b7feae0c3c3

104.21.57.204

12 kB

URL
download.megaup.net/cdn-cgi/challenge-platform/h/g/flow/ov1/1083872292:1727478739:ewlDDLQnZTBqiJlKcrCJVWJNyc6ETlE-N6Z4OtcNRBU/8c9f44c61f530b41/49e9b7feae0c3c3
IP
104.21.57.204:0
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectmegaup.net
Fingerprint40:9E:9D:AD:9A:8B:47:CA:AC:0C:2E:29:63:D0:1E:AD:D0:EB:37:0D
ValidityTue, 03 Sep 2024 16:31:03 GMT - Mon, 02 Dec 2024 16:31:02 GMT

File type
ASCII text, with very long lines (16268), with no line terminators
Size
12 kB (12275 bytes)
Hash
e3d7a3a1387066cd5408357c342fb629
133aeef15e49bd4d89f3c704d03c251cc9516125
c4c549e3de30d7761224f48205fa62b7dcd22ecfea5c82fab9c578b37413c34d

HTTP Headers

POST /cdn-cgi/challenge-platform/h/g/flow/ov1/1083872292:1727478739:ewlDDLQnZTBqiJlKcrCJVWJNyc6ETlE-N6Z4OtcNRBU/8c9f44c61f530b41/49e9b7feae0c3c3 HTTP/1.1
Host: download.megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://download.megaup.net/?idurl=0lixLaV5L89JKamcHXUbeuIEpB%201peM2Sr6TYL5Xad5dPK5LBHQ%20CbEdNxSWoMKCx0xFPp9ZJoTN5pxZPRVqmig9Wnn/sIaafQujtkbIOwM=&idfilename=NEED.FOR.SPEED.UNDERGROUND.r%20ar&idfilesize=933.40%20MB
Content-type: application/x-www-form-urlencoded
CF-Challenge: 49e9b7feae0c3c3
Content-Length: 2200
Origin: http://download.megaup.net
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 27 Sep 2024 23:28:11 GMT
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-gen: TVETFEHnulSGmPCrDNPkh1TBM+aw2HL/tTy9+8il9095xfTeuahHyN0Sh0whTjMnhB0yRNP0vw==$tl+JW9zJSi4QdTaa
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dFhwpmn1kJP4XjUaCXpGqLWzsTi%2FA%2BsUBn4K9vDit1qyu%2FMMdoE8OYsAWzVe2HpUMUy%2F6HAWWFNKTUbS%2F1kHvtsP5MxeOKliEAKGejzWdjGXpvetZhat%2FeiVXiOGWyU5ojyZIR7b"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8c9f44c97c3256a9-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/vw8hf/0x4AAAAAAADnOjc0PNeA8qVm/light/fbE/normal/auto/

104.18.94.41

42 kB

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/vw8hf/0x4AAAAAAADnOjc0PNeA8qVm/light/fbE/normal/auto/
IP
104.18.94.41:0
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text, with very long lines (42605)
Size
42 kB (42126 bytes)
Hash
97e68181bea1a70ad1ec93907420b32e
e47f3b7f8344642ef7096818fa84ecacd1546f11
3975abff0dc9ea9a849325c802daa886a989c063f77aa037d224e2efa704e63c

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/vw8hf/0x4AAAAAAADnOjc0PNeA8qVm/light/fbE/normal/auto/ HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 27 Sep 2024 23:28:11 GMT
content-type: text/html; charset=UTF-8
cross-origin-opener-policy: same-origin
document-policy: js-profiling
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
content-security-policy: frame-src https://challenges.cloudflare.com/ blob:; base-uri 'self'
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
origin-agent-cluster: ?1
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
server: cloudflare
cf-ray: 8c9f44caa87a7127-OSL
content-encoding: br
X-Firefox-Spdy: h2

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/146734650:1727475127:FeJY4OSjKcSP_obt-k9hTE9-QnPi24mOtxaKHQZ6d_0/8c9f44caa87a7127/fcfae7082008650

104.18.94.41

111 kB

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/146734650:1727475127:FeJY4OSjKcSP_obt-k9hTE9-QnPi24mOtxaKHQZ6d_0/8c9f44caa87a7127/fcfae7082008650
IP
104.18.94.41:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65536), with no line terminators
Size
111 kB (111273 bytes)
Hash
9ed66c8cf5e729cec15a63e6a14c8d11
31c28c17f2865a04d525773fd2e4e5d098d0feeb
172cd04645807c2ead461f341a9c97de47136f23c0f1fc213e61758df91c16d4

HTTP Headers

POST /cdn-cgi/challenge-platform/h/g/flow/ov1/146734650:1727475127:FeJY4OSjKcSP_obt-k9hTE9-QnPi24mOtxaKHQZ6d_0/8c9f44caa87a7127/fcfae7082008650 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/vw8hf/0x4AAAAAAADnOjc0PNeA8qVm/light/fbE/normal/auto/
Content-type: application/x-www-form-urlencoded
CF-Challenge: fcfae7082008650
Content-Length: 3822
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 27 Sep 2024 23:28:12 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: RRtMZGJSrMJqeMXD2NFOe7G9VXxBN49niXY5AZSY5FSoBXAGEI2UhZ3FpYbjti2FTLkG+KU18fkN/fy3BzAB9eaE/CzsrpEmJLNZKUOcREfTHHu4htig+0Z0fcTx4A+IoolW/8S9JH8Z0nWtXTTfpAHW5ugUu4xwTMnLlARPY+xvl6BoGUDHemU9+nTPZeEVaq5Aa7yf35RqSFNSA94f3Ko5tlOc7GEgcOn73yRT12RWMEXqzPrhYYnmfQan7rgrbLzOAz+hE+BO9ozPQ35fpdeF5RgVMbWmeRERuxifK9RtFWbpqNZAgmp+Ifw61YRcG6Rt06WHbU1ayr0pPGYwUGVeqJjf8IACYaMQh/mZAxqwBWiaWGMvaMWal/0co5xcXd8CJ0FSDhucwCTaZbRUpEKAh3vl7xA3qVDY5urLW/AkhJ57t6huShOeuiDgFx3HgQZMdirYF9pIwalpFQ==$LHmGZRJnbJJf8vsQ
server: cloudflare
cf-ray: 8c9f44ccfcd47127-OSL
content-encoding: br
X-Firefox-Spdy: h2

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/8c9f44caa87a7127/1727479692334/UeyB4HUhi_0cdkm

104.18.94.41

61 B

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/8c9f44caa87a7127/1727479692334/UeyB4HUhi_0cdkm
IP
104.18.94.41:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 29 x 32, 8-bit/color RGB, non-interlaced
Size
61 B (61 bytes)
Hash
89642d4870712a47b6c3a7a70e58ab81
d90633b81ff81df8c30758dbf91a52d055db2aa1
9bca6e9d66e30a0f21232fff5180501591daece52cda419e6650cbe1a04fdb47

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/i/8c9f44caa87a7127/1727479692334/UeyB4HUhi_0cdkm HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/vw8hf/0x4AAAAAAADnOjc0PNeA8qVm/light/fbE/normal/auto/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 27 Sep 2024 23:28:12 GMT
content-type: image/png
content-length: 61
server: cloudflare
cf-ray: 8c9f44d019727127-OSL
X-Firefox-Spdy: h2

download.megaup.net/cdn-cgi/challenge-platform/h/g/flow/ov1/1083872292:1727478739:ewlDDLQnZTBqiJlKcrCJVWJNyc6ETlE-N6Z4OtcNRBU/8c9f44c61f530b41/49e9b7feae0c3c3

104.21.57.204

3.1 kB

URL
download.megaup.net/cdn-cgi/challenge-platform/h/g/flow/ov1/1083872292:1727478739:ewlDDLQnZTBqiJlKcrCJVWJNyc6ETlE-N6Z4OtcNRBU/8c9f44c61f530b41/49e9b7feae0c3c3
IP
104.21.57.204:0
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectmegaup.net
Fingerprint40:9E:9D:AD:9A:8B:47:CA:AC:0C:2E:29:63:D0:1E:AD:D0:EB:37:0D
ValidityTue, 03 Sep 2024 16:31:03 GMT - Mon, 02 Dec 2024 16:31:02 GMT

File type
ASCII text, with very long lines (3996), with no line terminators
Size
3.1 kB (3055 bytes)
Hash
4bad25ec9d8c4eab954230cb6f70bbd7
4ff3624ea52dac2d22ee944b066bbfbeae8ff177
1b82986c9bd181c999b8251145dbdcf931991c4dcd19105164cdc6b7668e5678

HTTP Headers

POST /cdn-cgi/challenge-platform/h/g/flow/ov1/1083872292:1727478739:ewlDDLQnZTBqiJlKcrCJVWJNyc6ETlE-N6Z4OtcNRBU/8c9f44c61f530b41/49e9b7feae0c3c3 HTTP/1.1
Host: download.megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://download.megaup.net/?idurl=0lixLaV5L89JKamcHXUbeuIEpB%201peM2Sr6TYL5Xad5dPK5LBHQ%20CbEdNxSWoMKCx0xFPp9ZJoTN5pxZPRVqmig9Wnn/sIaafQujtkbIOwM=&idfilename=NEED.FOR.SPEED.UNDERGROUND.r%20ar&idfilesize=933.40%20MB
Content-type: application/x-www-form-urlencoded
CF-Challenge: 49e9b7feae0c3c3
Content-Length: 4210
Origin: http://download.megaup.net
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 27 Sep 2024 23:28:15 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-out: bpIZ1aFr2L4sI8wTG2hBsRVxOGyrsinODTf3PEVxJzzz0eTNIG2aCTPVeyR/0bFnYklkhasYSq91YKn/Uyzt64iVct4PmZSI7ecWlg+JKnaP6v/NKxwUGg==$F1f77w0QgatyS7ig
set-cookie: cf_chl_rc_ni=;Expires=Thu, 26 Sep 2024 23:28:15 GMT;SameSite=Strict
cf-chl-out-s: s8JG0AqbHdnVXXYHEjTdz0yRFMI9u2oQ6YXwQaTN353Y8bviSCwjuvxsUpWAd0pGM2jgz+Wri1oLSi2bj0sGkNRFItSJNvfv0FTYkjjzzWAIfsSrj+EV7FQbYwxjcB6qvCXfZRdIfyunNmYwiwF3pKvDSsHUn3GJ82KlxsQeKxyjHgrrvcCjCS1n5nHx0dZu/KFMvL6583Hocc5r3QpbD5p2j+RiFlBxtBd3PBWvZVxr+M612HsSwQjUXgz00FYwoCBrQYDIFDM=$x3whe9nLFZPaZYdf
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9haPbH8uxPh4pIt01CS%2B%2FauiSEYVhC3HZ%2Fbxtj3gyH03j%2Fzl5YQ8Pr31miPlqKhma49DN%2FQL5Yr3E0CIb%2Bo4h839m%2F6nRP%2BZMjN7YM6odYTA1zfeFKQr4P2vG6wNBIkkJUUnX0%2BJ"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8c9f44e2cbbb56a9-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

104.21.57.204

200 OK

162 B

URL User Request GET HTTP/2
download.megaup.net/?idurl=0lixLaV5L89JKamcHXUbeuIEpB%201peM2Sr6TYL5Xad5dPK5LBHQ%20CbEdNxSWoMKCx0xFPp9ZJoTN5pxZPRVqmig9Wnn/sIaafQujtkbIOwM=&idfilename=NEED.FOR.SPEED.UNDERGROUND.r%20ar&idfilesize=933.40%20MB
IP
104.21.57.204:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectmegaup.net
Fingerprint40:9E:9D:AD:9A:8B:47:CA:AC:0C:2E:29:63:D0:1E:AD:D0:EB:37:0D
ValidityTue, 03 Sep 2024 16:31:03 GMT - Mon, 02 Dec 2024 16:31:02 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
162 B (162 bytes)
Hash
4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

HTTP Headers

POST /?idurl=0lixLaV5L89JKamcHXUbeuIEpB%201peM2Sr6TYL5Xad5dPK5LBHQ%20CbEdNxSWoMKCx0xFPp9ZJoTN5pxZPRVqmig9Wnn/sIaafQujtkbIOwM=&idfilename=NEED.FOR.SPEED.UNDERGROUND.r%20ar&idfilesize=933.40%20MB HTTP/1.1
Host: download.megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://download.megaup.net/?idurl=0lixLaV5L89JKamcHXUbeuIEpB%201peM2Sr6TYL5Xad5dPK5LBHQ%20CbEdNxSWoMKCx0xFPp9ZJoTN5pxZPRVqmig9Wnn/sIaafQujtkbIOwM=&idfilename=NEED.FOR.SPEED.UNDERGROUND.r%20ar&idfilesize=933.40%20MB&__cf_chl_tk=IyoofHJltjfgKAfS3CLq04AVv4GKH128ctBk11._BnU-1727479691-0.0.1.1-2943
Content-Type: application/x-www-form-urlencoded
Content-Length: 3269
Origin: http://download.megaup.net
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Date: Fri, 27 Sep 2024 23:28:16 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: cf_clearance=_VAhRdgrhkprVY6UzgJ1gsZdMH7glvcti7OYwkAQBgk-1727479691-1.2.1.1-RyShj3E1pWM2FeDC41oOa3smEesI59d_z5hkIrSyDR8jcgracLqpQfXb0g92uMubqbuzWRXqr.rTyJEudO2q5UksaHqi6yfmugwC2aFlno3.i3yABcEzWkpZbp1SbvY9i8PCy8jyBD.MbFx5ybfU0uMNDSYxoyGTuSvCzhqmnOeTqSS0oWMvCDNjLCxbRfuFCzlamy.EXVXuFZNiTJiAcsqpO21KBr2.CuKoemCeG76BlSwzb9UrMru1Ra3RMxKEyUxdw39EmeO62fLMrb1UbVewqHesRbTRXEGoz07f3ypxi0cphccqrYT_r1bEZnn2DQTVfmegTjLqpP7pt4dZMKVXIYUau_qdDfJvPsKbhsijLvof82vhS9KRR6jkoUvm; Path=/; Expires=Sat, 27-Sep-25 23:28:15 GMT; Domain=.megaup.net; HttpOnly
Location: https://download.megaup.net/?idurl=0lixLaV5L89JKamcHXUbeuIEpB%201peM2Sr6TYL5Xad5dPK5LBHQ%20CbEdNxSWoMKCx0xFPp9ZJoTN5pxZPRVqmig9Wnn/sIaafQujtkbIOwM=&idfilename=NEED.FOR.SPEED.UNDERGROUND.r%20ar&idfilesize=933.40%20MB
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer, strict-origin-when-cross-origin
X-Download-Options: noopen
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WcFcKTgNcI2g5kPXpOMlKQCx0WjexTTwBY6hWb6AYuaOWuEyr3lL9rFQou94Ko83XbL2bEQ4FfOjouIHjAvI5S2%2BVn4nKQS05uNsVtSH7wNFo6nroes9m5u%2BmIvMDjLlI%2BpyvJJ3"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Speculation-Rules: "/cdn-cgi/speculation"
Server: cloudflare
CF-RAY: 8c9f44e3bd9e56a9-OSL
alt-svc: h2=":443"; ma=60

GET download.megaup.net/openads.js

172.67.192.50

200 OK

19 B

URL GET HTTP/2
download.megaup.net/openads.js
IP
172.67.192.50:443
ASN
#13335 CLOUDFLARENET

Requested by
https://download.megaup.net/?idurl=0lixLaV5L89JKamcHXUbeuIEpB%201peM2Sr6TYL5Xad5dPK5LBHQ%20CbEdNxSWoMKCx0xFPp9ZJoTN5pxZPRVqmig9Wnn/sIaafQujtkbIOwM=&idfilename=NEED.FOR.SPEED.UNDERGROUND.r%20ar&idfilesize=933.40%20MB
Certificate
IssuerGoogle Trust Services
Subjectmegaup.net
Fingerprint40:9E:9D:AD:9A:8B:47:CA:AC:0C:2E:29:63:D0:1E:AD:D0:EB:37:0D
ValidityTue, 03 Sep 2024 16:31:03 GMT - Mon, 02 Dec 2024 16:31:02 GMT

File type
ASCII text
Size
19 B (19 bytes)
Hash
434342dfeeea46db90a1b6852a2518b0
f0b4cec9fd1fbd486e6124ae761d9fcb0eff3c6a
9fa3476eb33c29ae9d3cbb559e354caf2c38fa26e9340d773ad0b4bbb4e2798a

HTTP Headers

GET /openads.js HTTP/1.1
Host: download.megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://download.megaup.net/?idurl=0lixLaV5L89JKamcHXUbeuIEpB%201peM2Sr6TYL5Xad5dPK5LBHQ%20CbEdNxSWoMKCx0xFPp9ZJoTN5pxZPRVqmig9Wnn/sIaafQujtkbIOwM=&idfilename=NEED.FOR.SPEED.UNDERGROUND.r%20ar&idfilesize=933.40%20MB
DNT: 1
Connection: keep-alive
Cookie: cf_clearance=_VAhRdgrhkprVY6UzgJ1gsZdMH7glvcti7OYwkAQBgk-1727479691-1.2.1.1-RyShj3E1pWM2FeDC41oOa3smEesI59d_z5hkIrSyDR8jcgracLqpQfXb0g92uMubqbuzWRXqr.rTyJEudO2q5UksaHqi6yfmugwC2aFlno3.i3yABcEzWkpZbp1SbvY9i8PCy8jyBD.MbFx5ybfU0uMNDSYxoyGTuSvCzhqmnOeTqSS0oWMvCDNjLCxbRfuFCzlamy.EXVXuFZNiTJiAcsqpO21KBr2.CuKoemCeG76BlSwzb9UrMru1Ra3RMxKEyUxdw39EmeO62fLMrb1UbVewqHesRbTRXEGoz07f3ypxi0cphccqrYT_r1bEZnn2DQTVfmegTjLqpP7pt4dZMKVXIYUau_qdDfJvPsKbhsijLvof82vhS9KRR6jkoUvm
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 27 Sep 2024 23:28:16 GMT
content-type: application/javascript
content-length: 19
last-modified: Sun, 12 Nov 2023 10:08:58 GMT
vary: Accept-Encoding
etag: "6550a43a-13"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
accept-ranges: bytes
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uPmXZkuHrh1yLbSPk%2BM5fey%2B7CAhCLtHYp6CYbR3Rki8D1V5oKEws8Db5%2F1v2kRIWbq%2F2pOp%2F8gU%2B7ECZfmwJUFOJFmsbXt3Odw1glMno60Izcc46JbvnMjub2bcuYgLPIDejKEg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8c9f44e5acdc56ae-OSL
X-Firefox-Spdy: h2

GET download.megaup.net/images/main_logo_inverted.png

172.67.192.50

200 OK

7.1 kB

URL GET HTTP/2
download.megaup.net/images/main_logo_inverted.png
IP
172.67.192.50:443
ASN
#13335 CLOUDFLARENET

Requested by
https://download.megaup.net/?idurl=0lixLaV5L89JKamcHXUbeuIEpB%201peM2Sr6TYL5Xad5dPK5LBHQ%20CbEdNxSWoMKCx0xFPp9ZJoTN5pxZPRVqmig9Wnn/sIaafQujtkbIOwM=&idfilename=NEED.FOR.SPEED.UNDERGROUND.r%20ar&idfilesize=933.40%20MB
Certificate
IssuerGoogle Trust Services
Subjectmegaup.net
Fingerprint40:9E:9D:AD:9A:8B:47:CA:AC:0C:2E:29:63:D0:1E:AD:D0:EB:37:0D
ValidityTue, 03 Sep 2024 16:31:03 GMT - Mon, 02 Dec 2024 16:31:02 GMT

File type
PNG image data, 203 x 40, 8-bit/color RGBA, non-interlaced
Size
7.1 kB (7137 bytes)
Hash
5d15526be10b904a6b48d1af04a10cc3
c09b6874359ac6d71db95593618a9acb55baa984
894d25472e0f890edf235e8f66fbeda7ea75043632924ecb82691d76bd7db018

HTTP Headers

GET /images/main_logo_inverted.png HTTP/1.1
Host: download.megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://download.megaup.net/?idurl=0lixLaV5L89JKamcHXUbeuIEpB%201peM2Sr6TYL5Xad5dPK5LBHQ%20CbEdNxSWoMKCx0xFPp9ZJoTN5pxZPRVqmig9Wnn/sIaafQujtkbIOwM=&idfilename=NEED.FOR.SPEED.UNDERGROUND.r%20ar&idfilesize=933.40%20MB
DNT: 1
Connection: keep-alive
Cookie: cf_clearance=_VAhRdgrhkprVY6UzgJ1gsZdMH7glvcti7OYwkAQBgk-1727479691-1.2.1.1-RyShj3E1pWM2FeDC41oOa3smEesI59d_z5hkIrSyDR8jcgracLqpQfXb0g92uMubqbuzWRXqr.rTyJEudO2q5UksaHqi6yfmugwC2aFlno3.i3yABcEzWkpZbp1SbvY9i8PCy8jyBD.MbFx5ybfU0uMNDSYxoyGTuSvCzhqmnOeTqSS0oWMvCDNjLCxbRfuFCzlamy.EXVXuFZNiTJiAcsqpO21KBr2.CuKoemCeG76BlSwzb9UrMru1Ra3RMxKEyUxdw39EmeO62fLMrb1UbVewqHesRbTRXEGoz07f3ypxi0cphccqrYT_r1bEZnn2DQTVfmegTjLqpP7pt4dZMKVXIYUau_qdDfJvPsKbhsijLvof82vhS9KRR6jkoUvm
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 27 Sep 2024 23:28:16 GMT
content-type: image/png
content-length: 7137
last-modified: Tue, 19 Jan 2021 21:02:46 GMT
vary: Accept-Encoding
etag: "600748f6-1be1"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
accept-ranges: bytes
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q%2BWPCmgQeFC8xn%2BOf%2B2Nq4Tf8zg2rbqnIylYhJTgTTfvcln4dtVZK70h0e5lyxTReSnxir6jyx7Mv2H%2BafqrNDxBzYWGMIfqFPfbyYt0ZguuUka0a3Dzs1zHkF%2FcW4atJmPXTJWE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8c9f44e5acdf56ae-OSL
X-Firefox-Spdy: h2

GET geogenyveered.com/gqTrURsPwap1IWie/32575

23.109.170.188

200 OK

26 B

URL GET HTTP/1.1
geogenyveered.com/gqTrURsPwap1IWie/32575
IP
23.109.170.188:443
ASN
#7979 SERVERS-COM

Requested by
https://download.megaup.net/?idurl=0lixLaV5L89JKamcHXUbeuIEpB%201peM2Sr6TYL5Xad5dPK5LBHQ%20CbEdNxSWoMKCx0xFPp9ZJoTN5pxZPRVqmig9Wnn/sIaafQujtkbIOwM=&idfilename=NEED.FOR.SPEED.UNDERGROUND.r%20ar&idfilesize=933.40%20MB
Certificate
IssuerLet's Encrypt
Subjectgeogenyveered.com
FingerprintC6:A3:82:2B:AA:7C:91:23:89:29:DF:49:DC:89:F7:61:A9:29:83:38
ValidityTue, 03 Sep 2024 11:02:28 GMT - Mon, 02 Dec 2024 11:02:27 GMT

File type
ASCII text, with no line terminators
Size
26 B (26 bytes)
Hash
4fc71bf68a1d477bd1523733e34d1e90
15119105cffbe108b6cf290146ab02c9aa8517ba
74c1971a5c7f3f1cfb81b7a0a8717cee5a45841844104566e00bbfca271943ce

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /gqTrURsPwap1IWie/32575 HTTP/1.1
Host: geogenyveered.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://download.megaup.net/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 27 Sep 2024 23:28:16 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://download.megaup.net
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
X-Frame-Options: SAMEORIGIN
Set-Cookie: GL_UI4=eJw9jUtug0AQRPljJ4akJQ7gIxgUjL3MJivfAQ0zDZ4Ypq1mjJ3bZxIp2dUrPVV5nhcUL%2BAvyRrCm6hhe1R9s5dYojyUVVW%2BHSrZ151o%2BlJVTVnvYK3n1opuRBvBap4E29YuEWwGNMhatpIUZvDqrL%2FmYuhuIog7FkZlEE%2FOGDNIO6b7jFyEEBkxIaQfmrGnhzPEJzEEx72L2rjo7yCguQjzJ4hP2twe%2BSbx8jzx4Pk6CtsTT61WDuOBhULw32ElhcWB%2BAtShfPF0hWARtX%2B%2B7%2Bf8fizBonCRUuHZM%2FI38wATrY%3D; expires=Sat, 28-Sep-2024 23:28:16 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwNwz0OgjAYBuB%2B39BoJCZv5ACcAIHgwOjP4GBw4ASARBualrSAejN3L6ZP8gghOAzAakBQpHGRxHkWp7scdAeXV3BrIEvrnvUb5MBJBnYGi33fOf%2BYPKjF6vz9zKqP5s71IIX1QatXVFk9jcoaD%2F5fHutGd9tTdQENksCjlQz2t1CAZrn5ASyhICQ%3D; expires=Sat, 28-Sep-2024 23:28:16 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

GET download.megaup.net/downloaddd.jpg

172.67.192.50

200 OK

86 kB

URL GET HTTP/2
download.megaup.net/downloaddd.jpg
IP
172.67.192.50:443
ASN
#13335 CLOUDFLARENET

Requested by
https://download.megaup.net/?idurl=0lixLaV5L89JKamcHXUbeuIEpB%201peM2Sr6TYL5Xad5dPK5LBHQ%20CbEdNxSWoMKCx0xFPp9ZJoTN5pxZPRVqmig9Wnn/sIaafQujtkbIOwM=&idfilename=NEED.FOR.SPEED.UNDERGROUND.r%20ar&idfilesize=933.40%20MB
Certificate
IssuerGoogle Trust Services
Subjectmegaup.net
Fingerprint40:9E:9D:AD:9A:8B:47:CA:AC:0C:2E:29:63:D0:1E:AD:D0:EB:37:0D
ValidityTue, 03 Sep 2024 16:31:03 GMT - Mon, 02 Dec 2024 16:31:02 GMT

File type
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 300x250, components 3
Size
86 kB (85898 bytes)
Hash
2f485657be9ff5a1b00485b29ffe65f0
0150cfe89bf2329fa33825fec4c169dbb1adbc70
c0d8f731c81ae72a21909861f7edfa24a3986a4077f51bf06135e4a999f6dbc4

HTTP Headers

GET /downloaddd.jpg HTTP/1.1
Host: download.megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://download.megaup.net/?idurl=0lixLaV5L89JKamcHXUbeuIEpB%201peM2Sr6TYL5Xad5dPK5LBHQ%20CbEdNxSWoMKCx0xFPp9ZJoTN5pxZPRVqmig9Wnn/sIaafQujtkbIOwM=&idfilename=NEED.FOR.SPEED.UNDERGROUND.r%20ar&idfilesize=933.40%20MB
DNT: 1
Connection: keep-alive
Cookie: cf_clearance=_VAhRdgrhkprVY6UzgJ1gsZdMH7glvcti7OYwkAQBgk-1727479691-1.2.1.1-RyShj3E1pWM2FeDC41oOa3smEesI59d_z5hkIrSyDR8jcgracLqpQfXb0g92uMubqbuzWRXqr.rTyJEudO2q5UksaHqi6yfmugwC2aFlno3.i3yABcEzWkpZbp1SbvY9i8PCy8jyBD.MbFx5ybfU0uMNDSYxoyGTuSvCzhqmnOeTqSS0oWMvCDNjLCxbRfuFCzlamy.EXVXuFZNiTJiAcsqpO21KBr2.CuKoemCeG76BlSwzb9UrMru1Ra3RMxKEyUxdw39EmeO62fLMrb1UbVewqHesRbTRXEGoz07f3ypxi0cphccqrYT_r1bEZnn2DQTVfmegTjLqpP7pt4dZMKVXIYUau_qdDfJvPsKbhsijLvof82vhS9KRR6jkoUvm
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 27 Sep 2024 23:28:16 GMT
content-type: image/jpeg
content-length: 85898
last-modified: Sun, 17 Mar 2024 15:42:12 GMT
vary: Accept-Encoding
etag: "65f70f54-14f8a"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
accept-ranges: bytes
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CtCr2JnEhcHInUlDUFmj1sMtmUCSmm3KjU3ILSCRaULPsl5%2BKvVjAvxFvUYzTLKvWAYSxf6CesLRT5mOaICVoDLYab8fzFye0uo%2FgQ4Kf%2BRVrnut1I1qKfeRemoHVKdgbvmQodM2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8c9f44e5ace256ae-OSL
X-Firefox-Spdy: h2

GET download.megaup.net/downloadee.jpg

172.67.192.50

200 OK

87 kB

URL GET HTTP/2
download.megaup.net/downloadee.jpg
IP
172.67.192.50:443
ASN
#13335 CLOUDFLARENET

Requested by
https://download.megaup.net/?idurl=0lixLaV5L89JKamcHXUbeuIEpB%201peM2Sr6TYL5Xad5dPK5LBHQ%20CbEdNxSWoMKCx0xFPp9ZJoTN5pxZPRVqmig9Wnn/sIaafQujtkbIOwM=&idfilename=NEED.FOR.SPEED.UNDERGROUND.r%20ar&idfilesize=933.40%20MB
Certificate
IssuerGoogle Trust Services
Subjectmegaup.net
Fingerprint40:9E:9D:AD:9A:8B:47:CA:AC:0C:2E:29:63:D0:1E:AD:D0:EB:37:0D
ValidityTue, 03 Sep 2024 16:31:03 GMT - Mon, 02 Dec 2024 16:31:02 GMT

File type
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 300x250, components 3
Size
87 kB (86648 bytes)
Hash
332162172778d45387d77d79d0edea91
af8ffc2eef7887956097775b75b6847bf6636d6e
f3125dc53a73089fe0c1ef03c28f91e518c74316d4e0b9efd3dd28ff08c2e290

HTTP Headers

GET /downloadee.jpg HTTP/1.1
Host: download.megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://download.megaup.net/?idurl=0lixLaV5L89JKamcHXUbeuIEpB%201peM2Sr6TYL5Xad5dPK5LBHQ%20CbEdNxSWoMKCx0xFPp9ZJoTN5pxZPRVqmig9Wnn/sIaafQujtkbIOwM=&idfilename=NEED.FOR.SPEED.UNDERGROUND.r%20ar&idfilesize=933.40%20MB
DNT: 1
Connection: keep-alive
Cookie: cf_clearance=_VAhRdgrhkprVY6UzgJ1gsZdMH7glvcti7OYwkAQBgk-1727479691-1.2.1.1-RyShj3E1pWM2FeDC41oOa3smEesI59d_z5hkIrSyDR8jcgracLqpQfXb0g92uMubqbuzWRXqr.rTyJEudO2q5UksaHqi6yfmugwC2aFlno3.i3yABcEzWkpZbp1SbvY9i8PCy8jyBD.MbFx5ybfU0uMNDSYxoyGTuSvCzhqmnOeTqSS0oWMvCDNjLCxbRfuFCzlamy.EXVXuFZNiTJiAcsqpO21KBr2.CuKoemCeG76BlSwzb9UrMru1Ra3RMxKEyUxdw39EmeO62fLMrb1UbVewqHesRbTRXEGoz07f3ypxi0cphccqrYT_r1bEZnn2DQTVfmegTjLqpP7pt4dZMKVXIYUau_qdDfJvPsKbhsijLvof82vhS9KRR6jkoUvm
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 27 Sep 2024 23:28:16 GMT
content-type: image/jpeg
content-length: 86648
last-modified: Sun, 17 Mar 2024 15:42:09 GMT
vary: Accept-Encoding
etag: "65f70f51-15278"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
accept-ranges: bytes
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CE6tf2GDr0%2BkLing65aIj6U8Bo2ChYNC4HLPa%2FYAHvOqtePfIv0UMXvxKPszU6BB1RMu3O0W9VdXuiO6u9s48xpPBu9PaXPrwtHg2Yqu%2FSVHF7%2B3BFEQM1DrVMZIflgT3YQ9u1de"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8c9f44e5ace356ae-OSL
X-Firefox-Spdy: h2

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8c9f44caa87a7127&lang=auto

104.18.94.41

49 kB

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8c9f44caa87a7127&lang=auto
IP
104.18.94.41:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65536), with no line terminators
Size
49 kB (49333 bytes)
Hash
af8512f0dd078a5c2bec6d155bf23a32
084b98429c89b14958d1b6c10e554ce2a4108640
81e09f02a42133132e836b5935480fd9947b17f756a574328158009db951dce1

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8c9f44caa87a7127&lang=auto HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/vw8hf/0x4AAAAAAADnOjc0PNeA8qVm/light/fbE/normal/auto/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 27 Sep 2024 23:28:12 GMT
content-type: application/javascript; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
server: cloudflare
cf-ray: 8c9f44cb39cb7127-OSL
content-encoding: br
X-Firefox-Spdy: h2

GET floitcarites.com/tMM4IflPX8xNPDE1/18410

23.109.170.170

200 OK

25 B

URL GET HTTP/1.1
floitcarites.com/tMM4IflPX8xNPDE1/18410
IP
23.109.170.170:443
ASN
#7979 SERVERS-COM

Requested by
https://download.megaup.net/?idurl=0lixLaV5L89JKamcHXUbeuIEpB%201peM2Sr6TYL5Xad5dPK5LBHQ%20CbEdNxSWoMKCx0xFPp9ZJoTN5pxZPRVqmig9Wnn/sIaafQujtkbIOwM=&idfilename=NEED.FOR.SPEED.UNDERGROUND.r%20ar&idfilesize=933.40%20MB
Certificate
IssuerLet's Encrypt
Subjectfloitcarites.com
Fingerprint40:49:20:E5:EA:C3:6D:F8:F8:18:1B:65:77:50:5C:58:21:67:57:68
ValiditySat, 31 Aug 2024 23:02:36 GMT - Fri, 29 Nov 2024 23:02:35 GMT

File type
ASCII text, with no line terminators
Size
25 B (25 bytes)
Hash
f7a2939527fd9e68723da600e96d76bd
a9e717b6364d2895ee0a716050db32ca0ef1bb42
d810f5146f4cd1517512a6e31946e764a73c58fb01427aae88d42cc2ae28718a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /tMM4IflPX8xNPDE1/18410 HTTP/1.1
Host: floitcarites.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://download.megaup.net/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 27 Sep 2024 23:28:16 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://download.megaup.net
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
X-Frame-Options: SAMEORIGIN
Set-Cookie: GL_UI4=eJw9jUtug0AQRPljJ4akJQ7gIxgUjL3MJivfAQ0zDZ4Ypq1mjJ3bZxIp2dUrPVV5nhcUL%2BAvyRrCm6hhe1R9s5dYojyUVVW%2BHSrZ151o%2BlJVTVnvYK3n1opuRBvBap4E29YuEWwGNMhatpIUZvDqrL%2FmYuhuIog7FkZlEE%2FOGDNIO6b7jFyEEBkxIaQfmrGnhzPEJzEEx72L2rjo7yCguQjzJ4hP2twe%2BSbx8jzx4Pk6CtsTT61WDuOBhULw32ElhcWB%2BAtShfPF0hWARtX%2B%2B7%2Bf8fizBonCRUuHZM%2FI38wATrY%3D; expires=Sat, 28-Sep-2024 23:28:16 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwNwz0OgjAYBuB%2B39BoJCZv5ACcAIHgwOjP4GBw4ASARBualrSAejN3L6ZP8gghOAzAakBQpHGRxHkWp7scdAeXV3BrIEvrnvUb5MBJBnYGi33fOf%2BYPKjF6vz9zKqP5s71IIX1QatXVFk9jcoaD%2F5fHutGd9tTdQENksCjlQz2t1CAZrn5ASyhICQ%3D; expires=Sat, 28-Sep-2024 23:28:16 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

o.pki.goog/wr2

142.250.74.131

471 B

URL
o.pki.goog/wr2
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
e09bf79e524c97224699afc143d9b84f
bbb207b38210640808f79f553340185545fbbbca
a57f229bb0efb470b2042b667ee58d1bd00239ee3ee785c1deb8f3887d0a07c5

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Sep 2024 23:28:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

GET static.a-ads.com/a-ads-banners/514165/300x250?region=eu-central-1

188.40.69.138

200 OK

638 kB

URL GET HTTP/2
static.a-ads.com/a-ads-banners/514165/300x250?region=eu-central-1
IP
188.40.69.138:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://ad.a-ads.com/1811811?size=300x250
Certificate
IssuerSectigo Limited
Subject*.a-ads.com
FingerprintC4:DC:49:DF:0A:63:5A:A6:E4:00:AB:0B:FD:E4:94:92:A8:77:B7:C6
ValidityWed, 27 Dec 2023 00:00:00 GMT - Sun, 26 Jan 2025 23:59:59 GMT

File type
GIF image data, version 89a, 300 x 250
Size
638 kB (637661 bytes)
Hash
8f26e859dd9609ac08050125d4c0c7ab
4987b3653e93a6899d84030bfdbc231792a190d3
7b1e252efca811a6dad11870488ef15be7de63691e7ff600e6c508f6b9ea987c

HTTP Headers

GET /a-ads-banners/514165/300x250?region=eu-central-1 HTTP/1.1
Host: static.a-ads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ad.a-ads.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 27 Sep 2024 23:28:16 GMT
content-type: image/gif
content-length: 637661
x-amz-id-2: qQ67LJ4Mkr5BYNfXIgKgPWorHdtHiy0oc1eY683+Ap+2HA4QEUEJV9FMml/sEJuFETLvbIXS4iY=
x-amz-request-id: DCTHTVTXKCWQ0KR3
x-amz-replication-status: COMPLETED
last-modified: Mon, 27 May 2024 13:15:47 GMT
etag: "8f26e859dd9609ac08050125d4c0c7ab"
x-amz-server-side-encryption: AES256
cache-control: max-age=315360000
x-amz-version-id: oiDzIzkynWGxJ6GYVJ5kjK_YcCMQXMwM
expires: Thu, 31 Dec 2037 23:55:55 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2

GET imp9.bidgear.com/rec?t=1&z=6192&uuid=8eb76f1447334583bcd5f3f57dadd637&p=157&g=NO&token=18c07078e8&tbg=1727479696

104.26.2.107

200 OK

0 B

URL GET HTTP/2
imp9.bidgear.com/rec?t=1&z=6192&uuid=8eb76f1447334583bcd5f3f57dadd637&p=157&g=NO&token=18c07078e8&tbg=1727479696
IP
104.26.2.107:443
ASN
#13335 CLOUDFLARENET

Requested by
https://download.megaup.net/?idurl=0lixLaV5L89JKamcHXUbeuIEpB%201peM2Sr6TYL5Xad5dPK5LBHQ%20CbEdNxSWoMKCx0xFPp9ZJoTN5pxZPRVqmig9Wnn/sIaafQujtkbIOwM=&idfilename=NEED.FOR.SPEED.UNDERGROUND.r%20ar&idfilesize=933.40%20MB
Certificate
IssuerGoogle Trust Services
Subjectbidgear.com
Fingerprint3C:AA:43:F3:49:15:38:CE:2A:51:39:D0:7E:71:6C:3D:B2:40:AA:69
ValidityTue, 24 Sep 2024 05:10:33 GMT - Mon, 23 Dec 2024 05:10:32 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /rec?t=1&z=6192&uuid=8eb76f1447334583bcd5f3f57dadd637&p=157&g=NO&token=18c07078e8&tbg=1727479696 HTTP/1.1
Host: imp9.bidgear.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://download.megaup.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 27 Sep 2024 23:28:16 GMT
content-length: 0
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5yWsp7EV47kxe0W80R9GTuY8RRyqnXXGPatEJ9h%2FyB5ZKfVf4jkWITmoSj87Ork7PkXQQauOFXtqCAlU8ym2eiTnc%2B5BIWI8XCMoCFomgGDZpPE%2FTAE%2BzgE0yKPJbldPv40%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8c9f44e79dc3b509-OSL
X-Firefox-Spdy: h2

POST s.magsrv.com/v1/api.php

95.211.229.248

200 OK

2.6 kB

URL POST HTTP/1.1
s.magsrv.com/v1/api.php
IP
95.211.229.248:443
ASN
#60781 LeaseWeb Netherlands B.V.

Requested by
https://download.megaup.net/?idurl=0lixLaV5L89JKamcHXUbeuIEpB%201peM2Sr6TYL5Xad5dPK5LBHQ%20CbEdNxSWoMKCx0xFPp9ZJoTN5pxZPRVqmig9Wnn/sIaafQujtkbIOwM=&idfilename=NEED.FOR.SPEED.UNDERGROUND.r%20ar&idfilesize=933.40%20MB
Certificate
IssuerLet's Encrypt
Subjectmagsrv.com
Fingerprint5E:B9:3E:66:0F:E8:76:CB:70:CB:15:77:D3:04:66:65:14:D1:DB:ED
ValidityThu, 12 Sep 2024 10:19:12 GMT - Wed, 11 Dec 2024 10:19:11 GMT

File type
JSON text data
Size
2.6 kB (2567 bytes)
Hash
7abd5e3c7c3b53784520868b9fc66ae1
e3cba0ab2016b5bd6feb85023ef7cabcc7dcd4a5
c49b90a3cca51e5d197342633c9b8a4c7d7c40056fd2b869b05fd51277eaf139

HTTP Headers

POST /v1/api.php HTTP/1.1
Host: s.magsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://download.megaup.net/
Content-Type: text/plain
Content-Length: 646
Origin: https://download.megaup.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 27 Sep 2024 23:28:16 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://download.megaup.net
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Set-Cookie: __uvt=s%3A31%3A%2266f73f90c66998.3708367954642128%22%3B; expires=Sun, 27-Sep-2026 23:28:16 GMT; Max-Age=63072000; path=/; domain=magsrv.com; secure; SameSite=None
X-Robots-Tag: noindex, follow
Content-Encoding: gzip

GET adxbid.info/megaupnetdynamic.js

104.21.48.215

200 OK

183 kB

URL GET HTTP/2
adxbid.info/megaupnetdynamic.js
IP
104.21.48.215:443
ASN
#13335 CLOUDFLARENET

Requested by
https://download.megaup.net/?idurl=0lixLaV5L89JKamcHXUbeuIEpB%201peM2Sr6TYL5Xad5dPK5LBHQ%20CbEdNxSWoMKCx0xFPp9ZJoTN5pxZPRVqmig9Wnn/sIaafQujtkbIOwM=&idfilename=NEED.FOR.SPEED.UNDERGROUND.r%20ar&idfilesize=933.40%20MB
Certificate
IssuerGoogle Trust Services
Subjectadxbid.info
Fingerprint78:10:7D:05:3A:21:6A:07:C2:59:A0:3D:13:AB:02:38:C4:BF:1B:37
ValidityWed, 25 Sep 2024 07:23:39 GMT - Tue, 24 Dec 2024 07:23:38 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
183 kB (182911 bytes)
Hash
077624f003ef792c5c2ecc1396062398
7dc883f1b11e7dff8473fec2b2aa98fb8c8df381
498ca1157604a964d1b6dec1263fc3e2a7d36554a411ca57e614f409dcfd759f

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Unique code from Jetriz, Swid & Jeniva of the Tetris framework

HTTP Headers

GET /megaupnetdynamic.js HTTP/1.1
Host: adxbid.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://download.megaup.net/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 27 Sep 2024 23:28:16 GMT
content-type: application/javascript
last-modified: Thu, 12 Sep 2024 07:11:27 GMT
cache-control: max-age=1800
cf-cache-status: HIT
age: 7075
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ksF9H84zLn5iebDLlG3e%2BS77oJracpMFx%2BCfFJSXiZ8iLdbTivQ79VqfmSliZmqBer3mFhHSwKJIVjL%2Fc6Y38MO5rOy%2BDKNHE4QCClI5nXHFwZmHBJVXR5Zbozerwg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8c9f44e81b1056ca-OSL
content-encoding: br
X-Firefox-Spdy: h2

GET fonts.gstatic.com/s/inter/v18/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7.woff2

216.58.207.227

200 OK

48 kB

URL GET HTTP/2
fonts.gstatic.com/s/inter/v18/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://ad.a-ads.com/1811811?size=300x250
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
FingerprintEA:6A:C6:A3:F6:90:16:40:23:03:8F:A5:6F:71:11:F6:FA:B7:5F:C3
ValidityMon, 26 Aug 2024 07:12:45 GMT - Mon, 18 Nov 2024 07:12:44 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48444, version 1.0
Size
48 kB (48444 bytes)
Hash
8e433c0592f77beb6dc527d7b90be120
d7402416753ae1bb4cbd4b10d33a0c10517838bd
f052ee44c3728dfd23aba8a4567150bc314d23903026fbb6ad089422c2df56af

HTTP Headers

GET /s/inter/v18/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ad.a-ads.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48444
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 26 Sep 2024 11:06:12 GMT
expires: Fri, 26 Sep 2025 11:06:12 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 29 Jul 2024 22:51:01 GMT
content-type: font/woff2
age: 130924
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET s.magsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA11PW04DMQy8ChfYyHacxO433yAVcYB98gNbJEAt0hyeZAXbiowiT+wZjSMk2pF3Uu7YD2IHznAOTkElcFI8PB6hjLf5pf96D+v8CZNMRsjupAaPWhtIypXUyoxcTErlTCqZXQycEEF/CMTsKAnPT/fb5QpBJLpIospbZnULrI3E6FIfWq3JzEo/RKY4jT4sxYsq26zUeqlUOWE6ndfXUz+Fm533ZKG4he3LoGueyImzFNRD2Nr9x/c6AjfChus/muv/9FdzpbxXmE/zJMPgHlOUhdQTyzBqyqPqIuUHYaxv1IkBAAA=&dbt=e2e_66f73f90cf2ca1.98262356&scr_info=YXN5bmN8fDM%3D

95.211.229.248

200 OK

20 B

URL GET HTTP/1.1
s.magsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA11PW04DMQy8ChfYyHacxO433yAVcYB98gNbJEAt0hyeZAXbiowiT+wZjSMk2pF3Uu7YD2IHznAOTkElcFI8PB6hjLf5pf96D+v8CZNMRsjupAaPWhtIypXUyoxcTErlTCqZXQycEEF/CMTsKAnPT/fb5QpBJLpIospbZnULrI3E6FIfWq3JzEo/RKY4jT4sxYsq26zUeqlUOWE6ndfXUz+Fm533ZKG4he3LoGueyImzFNRD2Nr9x/c6AjfChus/muv/9FdzpbxXmE/zJMPgHlOUhdQTyzBqyqPqIuUHYaxv1IkBAAA=&dbt=e2e_66f73f90cf2ca1.98262356&scr_info=YXN5bmN8fDM%3D
IP
95.211.229.248:443
ASN
#60781 LeaseWeb Netherlands B.V.

Requested by
https://download.megaup.net/?idurl=0lixLaV5L89JKamcHXUbeuIEpB%201peM2Sr6TYL5Xad5dPK5LBHQ%20CbEdNxSWoMKCx0xFPp9ZJoTN5pxZPRVqmig9Wnn/sIaafQujtkbIOwM=&idfilename=NEED.FOR.SPEED.UNDERGROUND.r%20ar&idfilesize=933.40%20MB
Certificate
IssuerLet's Encrypt
Subjectmagsrv.com
Fingerprint5E:B9:3E:66:0F:E8:76:CB:70:CB:15:77:D3:04:66:65:14:D1:DB:ED
ValidityThu, 12 Sep 2024 10:19:12 GMT - Wed, 11 Dec 2024 10:19:11 GMT

File type
gzip compressed data, max speed, from Unix
Size
20 B (20 bytes)
Hash
a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf

HTTP Headers

GET /cimp.php?t=api&data=H4sIAAAAAAAAA11PW04DMQy8ChfYyHacxO433yAVcYB98gNbJEAt0hyeZAXbiowiT+wZjSMk2pF3Uu7YD2IHznAOTkElcFI8PB6hjLf5pf96D+v8CZNMRsjupAaPWhtIypXUyoxcTErlTCqZXQycEEF/CMTsKAnPT/fb5QpBJLpIospbZnULrI3E6FIfWq3JzEo/RKY4jT4sxYsq26zUeqlUOWE6ndfXUz+Fm533ZKG4he3LoGueyImzFNRD2Nr9x/c6AjfChus/muv/9FdzpbxXmE/zJMPgHlOUhdQTyzBqyqPqIuUHYaxv1IkBAAA=&dbt=e2e_66f73f90cf2ca1.98262356&scr_info=YXN5bmN8fDM%3D HTTP/1.1
Host: s.magsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://download.megaup.net/
Origin: https://download.megaup.net
DNT: 1
Connection: keep-alive
Cookie: __uvt=s%3A31%3A%2266f73f90c66998.3708367954642128%22%3B
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 27 Sep 2024 23:28:16 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://download.megaup.net
Access-Control-Allow-Credentials: true
X-Robots-Tag: noindex, follow
Content-Encoding: gzip

GET s.magsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA11QQU7EMAz8Ch9oZTt24uyZM0ggHtA2WS7QRQLEIs3jSbpiqcgocjKe0TgREh0oD5JuOB/EDxyRecw0qoxsirv7ByjjtT5Pn2/jWj/gEskJMWdSRw7aCJiKWxIYM2JySR7BpBKFsoINAfSLkVgYyfD0eLttbhAEorMYtXPPbG6B95Y4ndtFm9XcPU1zYAplyfMx5aTKXpU6Z6nJCeX0tb6cpjLuZr4mm8gWdh0GQ/cENo6S0BZho6f373UBdsKOv3d01//uBe1TaCe6VAjVErXILAtrimHJrBa4EpdjnWb9AY1q1J6JAQAA&dbt=e2e_66f73f90cf48c5.47955953&scr_info=YXN5bmN8fDM%3D

95.211.229.248

200 OK

20 B

URL GET HTTP/1.1
s.magsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA11QQU7EMAz8Ch9oZTt24uyZM0ggHtA2WS7QRQLEIs3jSbpiqcgocjKe0TgREh0oD5JuOB/EDxyRecw0qoxsirv7ByjjtT5Pn2/jWj/gEskJMWdSRw7aCJiKWxIYM2JySR7BpBKFsoINAfSLkVgYyfD0eLttbhAEorMYtXPPbG6B95Y4ndtFm9XcPU1zYAplyfMx5aTKXpU6Z6nJCeX0tb6cpjLuZr4mm8gWdh0GQ/cENo6S0BZho6f373UBdsKOv3d01//uBe1TaCe6VAjVErXILAtrimHJrBa4EpdjnWb9AY1q1J6JAQAA&dbt=e2e_66f73f90cf48c5.47955953&scr_info=YXN5bmN8fDM%3D
IP
95.211.229.248:443
ASN
#60781 LeaseWeb Netherlands B.V.

Requested by
https://download.megaup.net/?idurl=0lixLaV5L89JKamcHXUbeuIEpB%201peM2Sr6TYL5Xad5dPK5LBHQ%20CbEdNxSWoMKCx0xFPp9ZJoTN5pxZPRVqmig9Wnn/sIaafQujtkbIOwM=&idfilename=NEED.FOR.SPEED.UNDERGROUND.r%20ar&idfilesize=933.40%20MB
Certificate
IssuerLet's Encrypt
Subjectmagsrv.com
Fingerprint5E:B9:3E:66:0F:E8:76:CB:70:CB:15:77:D3:04:66:65:14:D1:DB:ED
ValidityThu, 12 Sep 2024 10:19:12 GMT - Wed, 11 Dec 2024 10:19:11 GMT

File type
gzip compressed data, max speed, from Unix
Size
20 B (20 bytes)
Hash
a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf

HTTP Headers

GET /cimp.php?t=api&data=H4sIAAAAAAAAA11QQU7EMAz8Ch9oZTt24uyZM0ggHtA2WS7QRQLEIs3jSbpiqcgocjKe0TgREh0oD5JuOB/EDxyRecw0qoxsirv7ByjjtT5Pn2/jWj/gEskJMWdSRw7aCJiKWxIYM2JySR7BpBKFsoINAfSLkVgYyfD0eLttbhAEorMYtXPPbG6B95Y4ndtFm9XcPU1zYAplyfMx5aTKXpU6Z6nJCeX0tb6cpjLuZr4mm8gWdh0GQ/cENo6S0BZho6f373UBdsKOv3d01//uBe1TaCe6VAjVErXILAtrimHJrBa4EpdjnWb9AY1q1J6JAQAA&dbt=e2e_66f73f90cf48c5.47955953&scr_info=YXN5bmN8fDM%3D HTTP/1.1
Host: s.magsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://download.megaup.net/
Origin: https://download.megaup.net
DNT: 1
Connection: keep-alive
Cookie: __uvt=s%3A31%3A%2266f73f90c66998.3708367954642128%22%3B
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 27 Sep 2024 23:28:17 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://download.megaup.net
Access-Control-Allow-Credentials: true
X-Robots-Tag: noindex, follow
Content-Encoding: gzip

GET s3t3d2y8.afcdn.net/library/826080/4d442d6c09f6db5b1c72424a90151a19eba3f673.webp

185.76.9.27

200 OK

18 kB

URL GET HTTP/2
s3t3d2y8.afcdn.net/library/826080/4d442d6c09f6db5b1c72424a90151a19eba3f673.webp
IP
185.76.9.27:443
ASN
#60068 Datacamp Limited

Requested by
https://download.megaup.net/?idurl=0lixLaV5L89JKamcHXUbeuIEpB%201peM2Sr6TYL5Xad5dPK5LBHQ%20CbEdNxSWoMKCx0xFPp9ZJoTN5pxZPRVqmig9Wnn/sIaafQujtkbIOwM=&idfilename=NEED.FOR.SPEED.UNDERGROUND.r%20ar&idfilesize=933.40%20MB
Certificate
IssuerLet's Encrypt
Subjectafcdn.net
FingerprintA6:3D:4F:64:88:A4:45:1D:34:7F:AA:21:BD:F4:85:CD:3C:57:8F:45
ValidityThu, 12 Sep 2024 10:11:32 GMT - Wed, 11 Dec 2024 10:11:31 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 300x250, Scaling: [none]x[none], YUV color, decoders should clamp
Size
18 kB (18060 bytes)
Hash
e8932e2d72138988bec768502e25da79
4d442d6c09f6db5b1c72424a90151a19eba3f673
c495d922632eab41ac3cd5ea9843433a699b8fdc51458b0c5b2cae341ecd9b94

HTTP Headers

GET /library/826080/4d442d6c09f6db5b1c72424a90151a19eba3f673.webp HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://download.megaup.net/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 27 Sep 2024 23:28:17 GMT
content-type: image/webp
content-length: 18060
last-modified: Wed, 04 Sep 2024 03:21:21 GMT
etag: "66d7d231-468c"
expires: Thu, 04 Sep 2025 03:44:05 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-robots-tag: noindex, follow
x-77-nzt: EwwBuUwJGwH3AWcfAAwBuUwKAQH3BgEAAAwBisclxAG3BQAAAA
x-77-nzt-ray: fdb54123ab4480ae913ff766f8023e06
x-accel-expires: @1756957445
x-accel-date: 1725421712
x-accel-date-max: 1725421445
x-77-cache: HIT
x-77-age: 2057985
server: CDN77-Turbo
x-cache: HIT
x-age: 2057985
x-77-pop: stockholmSE
accept-ranges: bytes
X-Firefox-Spdy: h2

GET s3t3d2y8.afcdn.net/library/826080/990215890a018cdc9ddc3d1bf23cf17d6a1edf80.webp

185.76.9.27

200 OK

19 kB

URL GET HTTP/2
s3t3d2y8.afcdn.net/library/826080/990215890a018cdc9ddc3d1bf23cf17d6a1edf80.webp
IP
185.76.9.27:443
ASN
#60068 Datacamp Limited

Requested by
https://download.megaup.net/?idurl=0lixLaV5L89JKamcHXUbeuIEpB%201peM2Sr6TYL5Xad5dPK5LBHQ%20CbEdNxSWoMKCx0xFPp9ZJoTN5pxZPRVqmig9Wnn/sIaafQujtkbIOwM=&idfilename=NEED.FOR.SPEED.UNDERGROUND.r%20ar&idfilesize=933.40%20MB
Certificate
IssuerLet's Encrypt
Subjectafcdn.net
FingerprintA6:3D:4F:64:88:A4:45:1D:34:7F:AA:21:BD:F4:85:CD:3C:57:8F:45
ValidityThu, 12 Sep 2024 10:11:32 GMT - Wed, 11 Dec 2024 10:11:31 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 300x250, Scaling: [none]x[none], YUV color, decoders should clamp
Size
19 kB (18966 bytes)
Hash
f11eaf0180f10412e0af482c69c0fa1c
990215890a018cdc9ddc3d1bf23cf17d6a1edf80
9aa1d096a12278aed0ea13f31460ac186e16ddab5d943d216f4e23e249f501ff

HTTP Headers

GET /library/826080/990215890a018cdc9ddc3d1bf23cf17d6a1edf80.webp HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://download.megaup.net/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 27 Sep 2024 23:28:17 GMT
content-type: image/webp
content-length: 18966
last-modified: Wed, 04 Sep 2024 03:21:22 GMT
etag: "66d7d232-4a16"
expires: Thu, 04 Sep 2025 03:44:05 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-robots-tag: noindex, follow
x-77-nzt: EwwBuUwJGwH3ImcfAAwBuUwKCQH36gAAAAwBisclxAG3AAAAAA
x-77-nzt-ray: fdb54123ab4480ae913ff766c9495c06
x-accel-expires: @1756957445
x-accel-date: 1725421679
x-accel-date-max: 1725421445
x-77-cache: HIT
x-77-age: 2058018
server: CDN77-Turbo
x-cache: HIT
x-age: 2058018
x-77-pop: stockholmSE
accept-ranges: bytes
X-Firefox-Spdy: h2

GET download.megaup.net/images/favicon.ico

172.67.192.50

200 OK

7.7 kB

URL GET HTTP/2
download.megaup.net/images/favicon.ico
IP
172.67.192.50:443
ASN
#13335 CLOUDFLARENET

Requested by
https://download.megaup.net/?idurl=0lixLaV5L89JKamcHXUbeuIEpB%201peM2Sr6TYL5Xad5dPK5LBHQ%20CbEdNxSWoMKCx0xFPp9ZJoTN5pxZPRVqmig9Wnn/sIaafQujtkbIOwM=&idfilename=NEED.FOR.SPEED.UNDERGROUND.r%20ar&idfilesize=933.40%20MB
Certificate
IssuerGoogle Trust Services
Subjectmegaup.net
Fingerprint40:9E:9D:AD:9A:8B:47:CA:AC:0C:2E:29:63:D0:1E:AD:D0:EB:37:0D
ValidityTue, 03 Sep 2024 16:31:03 GMT - Mon, 02 Dec 2024 16:31:02 GMT

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Size
7.7 kB (7735 bytes)
Hash
e95c130b43ef6c32b9c9459aff5706c1
51b8b0d3ae3eabd9c31e65098acfa9ba18e9bb30
6c3dde0843949903d807800c8d6706e357fd762d29885946bacac881d4abfb35

HTTP Headers

GET /images/favicon.ico HTTP/1.1
Host: download.megaup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://download.megaup.net/?idurl=0lixLaV5L89JKamcHXUbeuIEpB%201peM2Sr6TYL5Xad5dPK5LBHQ%20CbEdNxSWoMKCx0xFPp9ZJoTN5pxZPRVqmig9Wnn/sIaafQujtkbIOwM=&idfilename=NEED.FOR.SPEED.UNDERGROUND.r%20ar&idfilesize=933.40%20MB
DNT: 1
Connection: keep-alive
Cookie: cf_clearance=_VAhRdgrhkprVY6UzgJ1gsZdMH7glvcti7OYwkAQBgk-1727479691-1.2.1.1-RyShj3E1pWM2FeDC41oOa3smEesI59d_z5hkIrSyDR8jcgracLqpQfXb0g92uMubqbuzWRXqr.rTyJEudO2q5UksaHqi6yfmugwC2aFlno3.i3yABcEzWkpZbp1SbvY9i8PCy8jyBD.MbFx5ybfU0uMNDSYxoyGTuSvCzhqmnOeTqSS0oWMvCDNjLCxbRfuFCzlamy.EXVXuFZNiTJiAcsqpO21KBr2.CuKoemCeG76BlSwzb9UrMru1Ra3RMxKEyUxdw39EmeO62fLMrb1UbVewqHesRbTRXEGoz07f3ypxi0cphccqrYT_r1bEZnn2DQTVfmegTjLqpP7pt4dZMKVXIYUau_qdDfJvPsKbhsijLvof82vhS9KRR6jkoUvm
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 27 Sep 2024 23:28:16 GMT
content-type: image/x-icon
last-modified: Tue, 19 Jan 2021 21:06:58 GMT
vary: Accept-Encoding
etag: W/"600749f2-47e"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=txi16luEvUdPWf%2Bpi%2BPeaARsJXYrFbR69VyPXQvfAmoE50BVT2zuCtSTIoykAieyrmf2r0YApM00Clhz%2BKrMWOsHuhUaIBhmFGXXsNKYlvmswuYGtVfTNbGTojMZmLYYQ3dHwVjF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8c9f44e9696556ae-OSL
content-encoding: br
X-Firefox-Spdy: h2

GET a.magsrv.com/ad-provider.js

185.76.9.27

200 OK

172 kB

URL GET HTTP/2
a.magsrv.com/ad-provider.js
IP
185.76.9.27:443
ASN
#60068 Datacamp Limited

Requested by
https://download.megaup.net/?idurl=0lixLaV5L89JKamcHXUbeuIEpB%201peM2Sr6TYL5Xad5dPK5LBHQ%20CbEdNxSWoMKCx0xFPp9ZJoTN5pxZPRVqmig9Wnn/sIaafQujtkbIOwM=&idfilename=NEED.FOR.SPEED.UNDERGROUND.r%20ar&idfilesize=933.40%20MB
Certificate
IssuerLet's Encrypt
Subjectmagsrv.com
Fingerprint5E:B9:3E:66:0F:E8:76:CB:70:CB:15:77:D3:04:66:65:14:D1:DB:ED
ValidityThu, 12 Sep 2024 10:19:12 GMT - Wed, 11 Dec 2024 10:19:11 GMT

File type
JavaScript source, ASCII text, with very long lines (36984)
Size
172 kB (172413 bytes)
Hash
dcb1eff59c22dc59eb075cb353cd199a
c8c45df07ac50cc678b80c6db02753acef817497
82116cb2f0df07e8cd1e1095af0dc9bb8814441d4795ceac57a0ab415f6b97cc

HTTP Headers

GET /ad-provider.js HTTP/1.1
Host: a.magsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://download.megaup.net/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 27 Sep 2024 23:28:16 GMT
content-type: application/javascript
etag: W/"c8c45df07ac50cc678b80c6db02"
expires: Fri, 27 Sep 2024 16:11:11 GMT
cache-control: max-age=10800
x-robots-tag: noindex, follow
access-control-allow-origin: *
x-77-nzt: EwwBuUwJGwH3pQ0AAAwBuUwKDAH3CAAAAAwBJRPCMQG3JwAAAA
x-77-nzt-ray: fdb541234b4ac2a7903ff766c7998626
x-accel-expires: @1727487003
x-accel-date: 1727476203
x-accel-date-max: 1727442671
x-77-cache: HIT
x-77-age: 3493
vary: Accept-Encoding
content-encoding: gzip
server: CDN77-Turbo
x-cache: HIT
x-age: 3493
x-77-pop: stockholmSE
X-Firefox-Spdy: h2

GET a.magsrv.com/ad-provider.js

185.76.9.27

200 OK

172 kB

URL GET HTTP/2
a.magsrv.com/ad-provider.js
IP
185.76.9.27:443
ASN
#60068 Datacamp Limited

Requested by
https://download.megaup.net/?idurl=0lixLaV5L89JKamcHXUbeuIEpB%201peM2Sr6TYL5Xad5dPK5LBHQ%20CbEdNxSWoMKCx0xFPp9ZJoTN5pxZPRVqmig9Wnn/sIaafQujtkbIOwM=&idfilename=NEED.FOR.SPEED.UNDERGROUND.r%20ar&idfilesize=933.40%20MB
Certificate
IssuerLet's Encrypt
Subjectmagsrv.com
Fingerprint5E:B9:3E:66:0F:E8:76:CB:70:CB:15:77:D3:04:66:65:14:D1:DB:ED
ValidityThu, 12 Sep 2024 10:19:12 GMT - Wed, 11 Dec 2024 10:19:11 GMT

File type
JavaScript source, ASCII text, with very long lines (36984)
Size
172 kB (172413 bytes)
Hash
dcb1eff59c22dc59eb075cb353cd199a
c8c45df07ac50cc678b80c6db02753acef817497
82116cb2f0df07e8cd1e1095af0dc9bb8814441d4795ceac57a0ab415f6b97cc

HTTP Headers

GET /ad-provider.js HTTP/1.1
Host: a.magsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://download.megaup.net/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 27 Sep 2024 23:28:16 GMT
content-type: application/javascript
etag: W/"c8c45df07ac50cc678b80c6db02"
expires: Fri, 27 Sep 2024 16:11:11 GMT
cache-control: max-age=10800
x-robots-tag: noindex, follow
access-control-allow-origin: *
x-77-nzt: EwwBuUwJGwH3pQ0AAAwBuUwKDAH3CAAAAAwBJRPCMQG3JwAAAA
x-77-nzt-ray: fdb541234b4ac2a7903ff766b0f2bc26
x-accel-expires: @1727487003
x-accel-date: 1727476203
x-accel-date-max: 1727442671
x-77-cache: HIT
x-77-age: 3493
vary: Accept-Encoding
content-encoding: gzip
server: CDN77-Turbo
x-cache: HIT
x-age: 3493
x-77-pop: stockholmSE
X-Firefox-Spdy: h2

GET bidgear.com/images/close-icon.png

0.0.0.0

0 B

URL GET
bidgear.com/images/close-icon.png
IP
0.0.0.0:0
ASN
#0

Requested by
https://download.megaup.net/?idurl=0lixLaV5L89JKamcHXUbeuIEpB%201peM2Sr6TYL5Xad5dPK5LBHQ%20CbEdNxSWoMKCx0xFPp9ZJoTN5pxZPRVqmig9Wnn/sIaafQujtkbIOwM=&idfilename=NEED.FOR.SPEED.UNDERGROUND.r%20ar&idfilesize=933.40%20MB
Certificate
IssuerGoogle Trust Services
Subjectbidgear.com
Fingerprint3C:AA:43:F3:49:15:38:CE:2A:51:39:D0:7E:71:6C:3D:B2:40:AA:69
ValidityTue, 24 Sep 2024 05:10:33 GMT - Mon, 23 Dec 2024 05:10:32 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /images/close-icon.png HTTP/1.1
Host: bidgear.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://download.megaup.net/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 27 Sep 2024 23:28:16 GMT
content-type: image/png
last-modified: Tue, 27 Jun 2023 07:17:59 GMT
vary: Accept-Encoding
etag: W/"649a8d27-6cb"
expires: Mon, 09 Sep 2024 15:33:05 GMT
cache-control: max-age=2592000
access-control-allow-origin: *
content-encoding: gzip
cf-cache-status: HIT
age: 2125337
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QGMoDny7ZCatJ6e3YD52%2FvzXJIa7Avz7OefjOeImwYPA15Wx0N6yc0T8sy4KRGU1R%2Fhu5Ixx48iZ7IpQ5CjkaevHxbW9%2B7imawvdhzd69Yd6WUE7t%2BgebF7YTFn0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8c9f44e7ce14b509-OSL
X-Firefox-Spdy: h2

GET ad.a-ads.com/1811811?size=300x250

188.40.69.138

200 OK

13 kB

URL GET HTTP/2
ad.a-ads.com/1811811?size=300x250
IP
188.40.69.138:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://download.megaup.net/?idurl=0lixLaV5L89JKamcHXUbeuIEpB%201peM2Sr6TYL5Xad5dPK5LBHQ%20CbEdNxSWoMKCx0xFPp9ZJoTN5pxZPRVqmig9Wnn/sIaafQujtkbIOwM=&idfilename=NEED.FOR.SPEED.UNDERGROUND.r%20ar&idfilesize=933.40%20MB
Certificate
IssuerSectigo Limited
Subject*.a-ads.com
FingerprintC4:DC:49:DF:0A:63:5A:A6:E4:00:AB:0B:FD:E4:94:92:A8:77:B7:C6
ValidityWed, 27 Dec 2023 00:00:00 GMT - Sun, 26 Jan 2025 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (11039)
Size
13 kB (13187 bytes)
Hash
58484ca28adde12a10c7ee8c41a3a966
a319bf51cdaf495c471511fb55fded3860218439
f45555f2e1c9e52ca4915b2bc61dde9735f3d5668b05f7bd10b0ab125e00a37b

HTTP Headers

GET /1811811?size=300x250 HTTP/1.1
Host: ad.a-ads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://download.megaup.net/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 27 Sep 2024 23:28:16 GMT
content-type: text/html;charset=utf-8
vary: Accept-Encoding, Accept-Encoding
status: 200 OK
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-powered-by: Phusion Passenger(R)
x-original-referer: https://download.megaup.net/
x-robots-tag: noindex, nofollow, nosnippet, noarchive
content-encoding: gzip
X-Firefox-Spdy: h2

GET platform.bidgear.com/ads.php?domainid=5593&sizeid=12&zoneid=6192

104.26.2.107

200 OK

2.5 kB

URL GET HTTP/2
platform.bidgear.com/ads.php?domainid=5593&sizeid=12&zoneid=6192
IP
104.26.2.107:443
ASN
#13335 CLOUDFLARENET

Requested by
https://download.megaup.net/?idurl=0lixLaV5L89JKamcHXUbeuIEpB%201peM2Sr6TYL5Xad5dPK5LBHQ%20CbEdNxSWoMKCx0xFPp9ZJoTN5pxZPRVqmig9Wnn/sIaafQujtkbIOwM=&idfilename=NEED.FOR.SPEED.UNDERGROUND.r%20ar&idfilesize=933.40%20MB
Certificate
IssuerGoogle Trust Services
Subjectbidgear.com
Fingerprint3C:AA:43:F3:49:15:38:CE:2A:51:39:D0:7E:71:6C:3D:B2:40:AA:69
ValidityTue, 24 Sep 2024 05:10:33 GMT - Mon, 23 Dec 2024 05:10:32 GMT

File type
JavaScript source, ASCII text, with very long lines (2652), with no line terminators
Size
2.5 kB (2519 bytes)
Hash
1db7d337dc65f2ade1b598587f2fe36b
9a2acec964fcaaa520c65073934242a3df32133b
fedc36213d13cab647e094e6297538dc47b3a8292c8f320bdf88062a803f0ef8

HTTP Headers

GET /ads.php?domainid=5593&sizeid=12&zoneid=6192 HTTP/1.1
Host: platform.bidgear.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://download.megaup.net/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 27 Sep 2024 23:28:16 GMT
content-type: application/javascript
vary: Accept-Encoding
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
content-encoding: gzip
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IWu96Bzfc0QEtH9dYM3bNPgCO42pfY8YvWzxHW6jPatYR4JDzHuNXdNgSVSEVhPgHB0jAUCLmhZlBndCJrwOWwDfxEPvk%2FeE9O9eVHs%2BCKT8FoWmhg6evS92J2BQygVCHKjZKDO0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8c9f44e60b3bb509-OSL
X-Firefox-Spdy: h2

GET fonts.googleapis.com/css2?family=Inter:wght@400;600&display=swap

142.250.74.106

200 OK

4.8 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Inter:wght@400;600&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://ad.a-ads.com/1811811?size=300x250
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
FingerprintC6:E8:36:27:AB:3A:34:33:0B:85:2C:D8:6C:0A:74:34:71:6A:F5:62
ValidityMon, 26 Aug 2024 07:12:45 GMT - Mon, 18 Nov 2024 07:12:44 GMT

File type
ASCII text, with very long lines (4954), with no line terminators
Size
4.8 kB (4828 bytes)
Hash
cb20d2cd5b9dfe80a038a81585710993
32b621a2234655992e6a5536c2e8fd42a9f59710
cd5600cdce4dd5f342c4cec313059735d5de6317a89d8a10f7036b0c3396c1b0

HTTP Headers

GET /css2?family=Inter:wght@400;600&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ad.a-ads.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 27 Sep 2024 23:28:16 GMT
date: Fri, 27 Sep 2024 23:28:16 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (26)

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash