download.uphost.click Open in urlscan Pro
2a06:98c1:3120::3  Malicious Activity! Public Scan

4 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

21 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response download.uphost.click/	11 KB 3 KB	703ms 496ms	Document text/html	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://download.uphost.click/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 8e5682ec7955b58f709d8b6fc081e6c0f200b67406f757cf5c05063b4ce8e141 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 accept-language nl-NL,nl;q=0.9 Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 7e5a7637da72b74e-AMS content-encoding br content-type text/html date Wed, 12 Jul 2023 15:53:55 GMT last-modified Sun, 11 Jun 2023 23:29:20 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TH9liFGpL6EC%2Ba9II65vEBTWziovFTGc8QyLAzS27LeTf%2FidzCQwRnLtXM%2B2zEe8v1MZ8nFiQ0z6PuOTm00AnOTz%2FVVXBQYNCpPy7f94FYgwcg6jh39XlULlFUZ3pPt3exl1ZlKot2mCT984yAuZSdXxkCg%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding x-turbo-charged-by LiteSpeed
GET H2	200	main.css download.uphost.click/css/	106 KB 17 KB	38ms 37ms	Stylesheet text/css	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://download.uphost.click/css/main.css Requested by Host: download.uphost.click URL: https://download.uphost.click/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash c7efe5cb71ae1f0ddfdb571ff732ede34b5645e67a5433f8f923f40fd834d1f7 Request headers accept-language nl-NL,nl;q=0.9 Referer https://download.uphost.click/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Wed, 12 Jul 2023 15:53:55 GMT content-encoding br cf-cache-status HIT last-modified Mon, 13 Jan 2020 19:19:38 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 57612 vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VWawQPuYpLTuS1xFXJVE0Iqy%2FaynxW9tzzd2lHSOZSfPykJovbIExClInZS%2BbgfnXyXG%2FSYvFXG0tviz9NdrIQs4Nw%2FMrFqUprXFx2%2FjmgRsW5nzf16DC0gT0I7W9tdMv797skFtTZ3IcVfvT6bwJhtgbYM%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed cf-ray 7e5a763afe75b74e-AMS alt-svc h3=":443"; ma=86400 expires Tue, 18 Jul 2023 23:53:43 GMT
GET H2	200	banner.gif download.uphost.click/images/	63 KB 64 KB	42ms 41ms	Image image/gif	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://download.uphost.click/images/banner.gif Requested by Host: download.uphost.click URL: https://download.uphost.click/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash ca34e558b60495d25efa935ccfd705232149efd9b7841c17ee9b209f266a098a Request headers accept-language nl-NL,nl;q=0.9 Referer https://download.uphost.click/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Wed, 12 Jul 2023 15:53:55 GMT cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 57611 alt-svc h3=":443"; ma=86400 content-length 64839 last-modified Sun, 11 Jun 2023 23:19:52 GMT server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rItkHEI5eWmmUxf5YxlpEI5Meaykjz%2F1e1j2iXH0vOnMBjki8iVE95sSsvisnmAOlrgAnWXYzVQyUtGUwLX47vEVORV31TKIt4yYGXkzXUqph1sgmzqukF2Ph0mIbY2bm2rHULjBh1Wvy5kaf%2B%2F2pToERP0%3D"}],"group":"cf-nel","max_age":604800} content-type image/gif cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed accept-ranges bytes cf-ray 7e5a763afe82b74e-AMS expires Tue, 18 Jul 2023 23:53:43 GMT
GET H2	200	ad.jpg download.uphost.click/images/	18 KB 18 KB	63ms 63ms	Image image/jpeg	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://download.uphost.click/images/ad.jpg Requested by Host: download.uphost.click URL: https://download.uphost.click/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 831d36e9e49cdea1903d8f87a1e2018486cdecac3e4ad54f76b898238ba50a63 Request headers accept-language nl-NL,nl;q=0.9 Referer https://download.uphost.click/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Wed, 12 Jul 2023 15:53:55 GMT cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 26321 alt-svc h3=":443"; ma=86400 content-length 18582 last-modified Sun, 11 Jun 2023 23:08:34 GMT server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nLR2MwqnX%2FBLMM%2FkVJE5uMpfO%2B4obdeRn3n%2F%2B8ZzTGtHhs0ndPtNNcbe8VcWdDMTiFoBPFPahhjQW3aswHvOhFMLwvgxoFrn652UPGUJlNmEMjOkJ649XD4lNOwm0eCUS8ANrGFFGraTNf%2BoGeu1gH0NblU%3D"}],"group":"cf-nel","max_age":604800} content-type image/jpeg cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed accept-ranges bytes cf-ray 7e5a763afe85b74e-AMS expires Wed, 19 Jul 2023 08:35:13 GMT
GET H2	200	736150e.js Show response download.uphost.click/js/	23 KB 7 KB	34ms 33ms	Script application/javascript	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://download.uphost.click/js/736150e.js Requested by Host: download.uphost.click URL: https://download.uphost.click/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 9f8641eac7978175c4c8a0cbfa3bac59b4df2364a5f5272c30551f75109d41c0 Request headers accept-language nl-NL,nl;q=0.9 Referer https://download.uphost.click/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Wed, 12 Jul 2023 15:53:55 GMT content-encoding br cf-cache-status HIT last-modified Fri, 28 Apr 2023 13:56:58 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 26321 vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oOzfLw1xXijShG9F5A06r4wUwDnNDUfnzjeCzbT2eeKT%2BLoOIiSigOoubEyD8lTqu%2BgGQEUoxe7RZravFWZYUtZMT0sfIWf12nYDVvMf2Eu%2BnOiDK5MmTcVGKWukGn2Gh%2FkbfGoEAE%2BTZiAMzAJwgt0WIsw%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed cf-ray 7e5a763afe7cb74e-AMS alt-svc h3=":443"; ma=86400 expires Wed, 19 Jul 2023 08:35:13 GMT
GET H2	200	t.js Show response download.uphost.click/js/	2 KB 983 B	36ms 36ms	Script application/javascript	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://download.uphost.click/js/t.js Requested by Host: download.uphost.click URL: https://download.uphost.click/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash fff2c7e238400b24472e5d6c529d7f625ec50ec4383ac23d33ca05d9c1f07a7d Request headers accept-language nl-NL,nl;q=0.9 Referer https://download.uphost.click/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Wed, 12 Jul 2023 15:53:55 GMT content-encoding br cf-cache-status HIT last-modified Fri, 28 Apr 2023 13:56:05 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 26321 vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wRcGDauR1nFJbpbvXH0daqnO0CWl6BBoczT4YYuK7BqsMUx3ogKvcPE8foIaOPNoU0XB9J9GebTsR5JO25Ubsw3bWN5O49bJLKTp5UFgyRh12upjSmCJ7AL9xabJqfHWJJ%2FXDna%2FZ0WPAllDjFCREZ2XzQY%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed cf-ray 7e5a763afe80b74e-AMS alt-svc h3=":443"; ma=86400 expires Wed, 19 Jul 2023 08:35:13 GMT
GET H2	200	mf_logo_full_color.svg static.mediafire.com/images/backgrounds/header/	3 KB 2 KB	121ms 44ms	Image image/svg+xml	104.16.54.48 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://static.mediafire.com/images/backgrounds/header/mf_logo_full_color.svg Requested by Host: download.uphost.click URL: https://download.uphost.click/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 104.16.54.48 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 8539c91ae0a82f8cab27d481ea38ac4e66d1e5b36701fe295bcba4399b9255bd Request headers accept-language nl-NL,nl;q=0.9 Referer https://download.uphost.click/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Wed, 12 Jul 2023 15:53:55 GMT content-encoding gzip cf-cache-status HIT last-modified Fri, 28 Oct 2016 22:22:42 GMT server cloudflare age 10707 etag W/"5813cfb2-d1d" vary Accept-Encoding content-type image/svg+xml access-control-allow-origin * cf-ray 7e5a763bbef30e08-AMS
GET H2	200	file-zip-v3.png download.uphost.click/css/	2 KB 2 KB	42ms 41ms	Image image/png	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://download.uphost.click/css/file-zip-v3.png Requested by Host: download.uphost.click URL: https://download.uphost.click/css/main.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 4448e430d3c53bad548a5d135e1c7e2f9593e806ba47892640d430ea752e979e Request headers accept-language nl-NL,nl;q=0.9 Referer https://download.uphost.click/css/main.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Wed, 12 Jul 2023 15:53:55 GMT cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 370867 alt-svc h3=":443"; ma=86400 content-length 1872 last-modified Mon, 13 Jan 2020 04:10:32 GMT server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FIhttSdEbMTRm3c1sa7RT%2BKIp1yyp%2BaIJPlc8qHOvP8QJa3cc%2FYnsEMsaRPQ980cCUB%2F9Zdp94e7MZAfHrxc9ePcrmRVabev496dVzZYdChY%2Bmza7juqwFexy8znNZcOzfhbVvtzP256kq9%2BgBLQIMORg8E%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed accept-ranges bytes cf-ray 7e5a763b4f0ab74e-AMS expires Sat, 15 Jul 2023 08:52:48 GMT
GET H2	200	icons_sprite.svg www.mediafire.com/images/icons/svg_light/	36 KB 8 KB	120ms 53ms	Image image/svg+xml	104.16.53.48 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.mediafire.com/images/icons/svg_light/icons_sprite.svg Requested by Host: download.uphost.click URL: https://download.uphost.click/css/main.css Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 104.16.53.48 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 7ba1bc2084def769e77a7dbf97cd91d68fe6c6d55b5d183a7d36630da8da2b02 Request headers accept-language nl-NL,nl;q=0.9 Referer https://download.uphost.click/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Wed, 12 Jul 2023 15:53:55 GMT content-encoding gzip cf-cache-status HIT last-modified Mon, 25 Jul 2022 18:00:54 GMT server cloudflare age 7824 etag W/"62deda56-90ab" vary Accept-Encoding content-type image/svg+xml access-control-allow-origin * cf-ray 7e5a763bba500b60-AMS
GET H2	200	arrow_dropdown.svg www.mediafire.com/images/icons/svg_dark/	315 B 626 B	117ms 51ms	Image image/svg+xml	104.16.53.48 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.mediafire.com/images/icons/svg_dark/arrow_dropdown.svg Requested by Host: download.uphost.click URL: https://download.uphost.click/css/main.css Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 104.16.53.48 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 82b94716473aa225e715e117802145c5d2d725aa1ba9d476d61a5d3da16a8c26 Request headers accept-language nl-NL,nl;q=0.9 Referer https://download.uphost.click/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Wed, 12 Jul 2023 15:53:55 GMT content-encoding gzip cf-cache-status HIT last-modified Mon, 25 Jul 2022 18:00:54 GMT server cloudflare age 7345 etag W/"62deda56-13b" vary Accept-Encoding content-type image/svg+xml access-control-allow-origin * cf-ray 7e5a763bba530b60-AMS
GET H2	200	check_circle_green.svg download.uphost.click/css/	444 B 756 B	41ms 41ms	Image image/svg+xml	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://download.uphost.click/css/check_circle_green.svg Requested by Host: download.uphost.click URL: https://download.uphost.click/css/main.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 03c8d2dc7d985c3004ff2cd6d8148dd03560f37ed15efdf6c2d7f4d771d0e599 Request headers accept-language nl-NL,nl;q=0.9 Referer https://download.uphost.click/css/main.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Wed, 12 Jul 2023 15:53:55 GMT content-encoding br cf-cache-status HIT last-modified Mon, 13 Jan 2020 04:11:50 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 370865 vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VY8L8DVUi1G%2BbgjcnJhDubrVJuMR%2BxyxllTGYvz%2F2zSEPrqKZjgId6sCz%2FeoOZLkER3HD6C7ClRRLum1%2Ba%2FgskQEdx6rY9H%2Bdma%2B%2B23bBBHcF1Z8D4fGs0BEKobOImYP4FhlVskG5cPV9ChY9fYrKGvsj30%3D"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed cf-ray 7e5a763b4f0bb74e-AMS alt-svc h3=":443"; ma=86400 expires Sat, 15 Jul 2023 08:52:50 GMT
GET H2	200	html.3745781.ed3a9.0.js Show response d3bsbtr7gp443k.cloudfront.net/public/external/v2/	33 KB 34 KB	358ms 228ms	Script application/javascript	2600:9000:2127:9400:1a:9045:b000:21 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://d3bsbtr7gp443k.cloudfront.net/public/external/v2/html.3745781.ed3a9.0.js Requested by Host: download.uphost.click URL: https://download.uphost.click/js/736150e.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2127:9400:1a:9045:b000:21 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software Apache/2.4.46 () OpenSSL/1.0.2k-fips PHP/7.4.11 / PHP/7.4.11 Resource Hash e7a8e790bdefbd282580a482e4ddd969584da3de0ee335b6353b8648f47ec6e3 Request headers accept-language nl-NL,nl;q=0.9 Referer https://download.uphost.click/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Wed, 12 Jul 2023 15:53:56 GMT via 1.1 97101640da3dcba7a2d4a3d67a31b114.cloudfront.net (CloudFront) server Apache/2.4.46 () OpenSSL/1.0.2k-fips PHP/7.4.11 x-amz-cf-pop PRG50-C1 x-powered-by PHP/7.4.11 x-cache Miss from cloudfront content-type application/javascript x-amz-cf-id 63Em__C0sCOGD6Adynx8ZeaUM09bzIlX5WynB22Q7MLfUFrBW94uww==
GET H2	200	css_front.css d3bsbtr7gp443k.cloudfront.net/public/external/	6 KB 7 KB	344ms 214ms	Stylesheet text/css	2600:9000:2127:9400:1a:9045:b000:21 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://d3bsbtr7gp443k.cloudfront.net/public/external/css_front.css Requested by Host: download.uphost.click URL: https://download.uphost.click/js/736150e.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2127:9400:1a:9045:b000:21 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software Apache/2.4.46 () OpenSSL/1.0.2k-fips PHP/7.4.11 / Resource Hash a7bd79b6fba60944ee3a9c153108ff0819d2db57850116ac7065a86db08af4ec Request headers accept-language nl-NL,nl;q=0.9 Referer https://download.uphost.click/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Wed, 12 Jul 2023 15:53:55 GMT via 1.1 97101640da3dcba7a2d4a3d67a31b114.cloudfront.net (CloudFront) last-modified Tue, 23 Jun 2020 20:06:47 GMT server Apache/2.4.46 () OpenSSL/1.0.2k-fips PHP/7.4.11 x-amz-cf-pop PRG50-C1 etag "19c4-5a8c5e62e9d0a" x-cache Miss from cloudfront content-type text/css accept-ranges bytes content-length 6596 x-amz-cf-id x2iaLhVcGOKod3x5lojGxX9zPcZdqstU9e9uU3wh4GKi6uyl_ufv3g==
GET H2	200	analytics.js Show response www.google-analytics.com/	52 KB 21 KB	104ms 32ms	Script text/javascript	2a00:1450:4001:811::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/analytics.js Requested by Host: download.uphost.click URL: https://download.uphost.click/js/t.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language nl-NL,nl;q=0.9 Referer https://download.uphost.click/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers strict-transport-security max-age=10886400; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff date Wed, 12 Jul 2023 14:35:19 GMT last-modified Mon, 12 Jun 2023 18:23:07 GMT server Golfe2 age 4716 vary Accept-Encoding content-type text/javascript cache-control public, max-age=7200 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 20994 expires Wed, 12 Jul 2023 16:35:19 GMT
POST H2	200	collect Show response www.google-analytics.com/j/	15 B 225 B	41ms 40ms	XHR text/plain	2a00:1450:4001:811::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1110229017&t=event&_s=1&dl=https%3A%2F%2Fdownload.uphost.click%2F&ul=en-us&de=UTF-8&dt=Download%20WordPress%20Theme&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=VisitorEvents&ea=lockerJS_pageload&el=Locker%20JS%20Pageload&_u=4EBAAEABAAAAACAAI~&jid=1760699073&gjid=908713274&cid=68197562.1689177236&uid=3srfypaac&tid=UA-85922709-7&_gid=1253187423.1689177236&_r=1&_slc=1&z=429383396 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 27aed4ef9e3a53d5ae9fcdad254dc82139f2aa32e383ca8bd9d82681c5e70a95 Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://download.uphost.click/ accept-language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Content-Type text/plain Response headers pragma no-cache date Wed, 12 Jul 2023 15:53:55 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 content-type text/plain access-control-allow-origin https://download.uphost.click cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 15 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	js Show response www.googletagmanager.com/gtag/	229 KB 80 KB	136ms 49ms	Script application/javascript	2a00:1450:4001:812::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=G-2TSQKSE5H1&cx=c&_slc=1 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 921ab32a8800e8bbe10bdee6dae071f1d4a4e785c95162c23250bfaced0fa5d4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language nl-NL,nl;q=0.9 Referer https://download.uphost.click/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Wed, 12 Jul 2023 15:53:56 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers Cache-Control content-length 81837 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 expires Wed, 12 Jul 2023 15:53:56 GMT
POST H2	204	collect region1.google-analytics.com/g/	0 258 B	93ms 30ms	Ping text/plain	2001:4860:4802:34::36 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://region1.google-analytics.com/g/collect?v=2&tid=G-2TSQKSE5H1&gtm=45je37a0&_p=1110229017&ul=en-us&sr=1600x1200&cid=68197562.1689177236&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AhA&ngs=1&_s=1&dl=https%3A%2F%2Fdownload.uphost.click%2F&dt=Download%20WordPress%20Theme&uid=3srfypaac&sid=1689177236&sct=1&seg=0&en=lockerJS_pageload&_fv=1&_ss=1&_ee=1&ep.event_category=VisitorEvents&ep.event_label=Locker%20JS%20Pageload Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-2TSQKSE5H1&cx=c&_slc=1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language nl-NL,nl;q=0.9 Referer https://download.uphost.click/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers pragma no-cache date Wed, 12 Jul 2023 15:53:56 GMT server Golfe2 content-type text/plain access-control-allow-origin https://download.uphost.click cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H2	204	collect region1.google-analytics.com/g/	0 54 B	92ms 30ms	Ping text/plain	2001:4860:4802:34::36 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://region1.google-analytics.com/g/collect?v=2&tid=G-2TSQKSE5H1&gtm=45je37a0&_p=1110229017&ul=en-us&sr=1600x1200&cid=68197562.1689177236&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=ABg&ngs=1&_s=2&dl=https%3A%2F%2Fdownload.uphost.click%2F&dt=Download%20WordPress%20Theme&uid=3srfypaac&sid=1689177236&sct=1&seg=0&en=locker_js_page_view&_c=1&ep.event_category=VisitorEvents&ep.event_label=Locker%20JS%20Pageload&_et=2 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-2TSQKSE5H1&cx=c&_slc=1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language nl-NL,nl;q=0.9 Referer https://download.uphost.click/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers pragma no-cache date Wed, 12 Jul 2023 15:53:56 GMT server Golfe2 content-type text/plain access-control-allow-origin https://download.uphost.click cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	css.css d3bsbtr7gp443k.cloudfront.net/public/clockers/CustomButton/	1010 B 1 KB	377ms 375ms	Stylesheet text/css	2600:9000:2127:9400:1a:9045:b000:21 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://d3bsbtr7gp443k.cloudfront.net/public/clockers/CustomButton/css.css Requested by Host: download.uphost.click URL: https://download.uphost.click/js/736150e.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2127:9400:1a:9045:b000:21 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software Apache/2.4.41 () OpenSSL/1.0.2k-fips PHP/7.4.11 / Resource Hash a7081a117335212b9e7f2e348f7369a64423d51db1666310b3451e7375f0b7de Request headers accept-language nl-NL,nl;q=0.9 Referer https://download.uphost.click/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Wed, 12 Jul 2023 15:53:56 GMT via 1.1 97101640da3dcba7a2d4a3d67a31b114.cloudfront.net (CloudFront) last-modified Fri, 10 Apr 2020 22:29:00 GMT server Apache/2.4.41 () OpenSSL/1.0.2k-fips PHP/7.4.11 x-amz-cf-pop PRG50-C1 etag "3f2-5a2f7428ae907" x-cache Miss from cloudfront content-type text/css accept-ranges bytes content-length 1010 x-amz-cf-id px9gqHAvMSAjWoa08N_JYR7HGGAO8uGXXDXf1gYlQpo3lZdcX9FKgA==
GET H2	200	guid Show response d3bsbtr7gp443k.cloudfront.net/public/	0 278 B	209ms 209ms	Script text/html	2600:9000:2127:9400:1a:9045:b000:21 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://d3bsbtr7gp443k.cloudfront.net/public/guid?cpguid=3srfypaac&e=ll&t=1689177236750 Requested by Host: download.uphost.click URL: https://download.uphost.click/js/736150e.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2127:9400:1a:9045:b000:21 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software Apache/2.4.48 () OpenSSL/1.0.2k-fips PHP/7.4.11 / PHP/7.4.11 Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language nl-NL,nl;q=0.9 Referer https://download.uphost.click/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Wed, 12 Jul 2023 15:53:56 GMT via 1.1 97101640da3dcba7a2d4a3d67a31b114.cloudfront.net (CloudFront) server Apache/2.4.48 () OpenSSL/1.0.2k-fips PHP/7.4.11 x-amz-cf-pop PRG50-C1 x-powered-by PHP/7.4.11 x-cache Miss from cloudfront content-type text/html; charset=UTF-8 content-length 0 x-amz-cf-id ytpQLHkTnPqU3j3XATRp5o9cAk3QNgdg0KJwMObdlpqMzybyyNmRAA==
GET H2	200	check.php Show response d3bsbtr7gp443k.cloudfront.net/public/external/	78 B 372 B	214ms 214ms	Script application/javascript	2600:9000:2127:9400:1a:9045:b000:21 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://d3bsbtr7gp443k.cloudfront.net/public/external/check.php?it=3745781&time=1689177238176 Requested by Host: download.uphost.click URL: https://download.uphost.click/js/736150e.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2127:9400:1a:9045:b000:21 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software Apache/2.4.51 () OpenSSL/1.0.2k-fips PHP/7.4.11 / PHP/7.4.11 Resource Hash 9ef4a63fc5e0a14a7301d693d65d6acfc44cdf14853c4a20890198f2d5e52e3b Request headers accept-language nl-NL,nl;q=0.9 Referer https://download.uphost.click/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Wed, 12 Jul 2023 15:53:58 GMT via 1.1 97101640da3dcba7a2d4a3d67a31b114.cloudfront.net (CloudFront) server Apache/2.4.51 () OpenSSL/1.0.2k-fips PHP/7.4.11 x-amz-cf-pop PRG50-C1 x-powered-by PHP/7.4.11 x-cache Miss from cloudfront content-type application/javascript content-length 78 x-amz-cf-id n5r4tjEw6EIAH9Jkl1qNzyUAD4aktpDq7NixAsC_TWrmRFXF7D4dRw==

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Scam (Online)

36 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 boolean| credentialless object| onbeforetoggle object| onscrollend object| compatSelect object| compat object| nonCompat number| clicks function| myfunction object| currentDate string| dateString object| CPABUILDSETTINGS object| CPABUILDContentLocker number| __cfRLUnblockHandlers function| CPBContentLocker function| CPABuildLock function| CPABuildGetFeedURL function| CPABuildGetIframeURL function| CPABuildGetIframeHTML function| CPABuildUnlock function| CPABuildOfferComplete function| CPABuildOffersComplete function| CPABuildCheckForLead function| og_load function| CPABuildComplete function| call_locker object| _cpbTrckr function| _cpbTrckrClass string| GoogleAnalyticsObject function| ga object| google_tag_data object| gaplugins object| gaGlobal object| gaData object| dataLayer object| google_tag_manager

6 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			download.uphost.click/	1970-01-20 13:27:21	Name: _cpguid Value: 3srfypaac
			.mediafire.com/	1970-01-20 13:12:59	Name: __cf_bm Value: rIcftnLJClwZzIv19z8W4zMA.HbQcfyDjOLqRNcpT_U-1689177235-0-Ab55IMdcg5CYvsLxQSr2oaVc9nHZklfIWxWrX8AtxUUJuUZ7zVuEpK6Bu1/86Z1KKjlYHFL0LxWlnIL7fvKhnuw=
			.uphost.click/	1970-01-20 22:48:57	Name: _ga Value: GA1.2.68197562.1689177236
			.uphost.click/	1970-01-20 13:14:23	Name: _gid Value: GA1.2.1253187423.1689177236
			.uphost.click/	1970-01-20 13:12:57	Name: _gat__ga_cptracker Value: 1
			.uphost.click/	1970-01-20 22:48:57	Name: _ga_2TSQKSE5H1 Value: GS1.2.1689177236.1.0.1689177236.0.0.0

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	URL: https://download.uphost.click/ Message: Mixed Content: The page at 'https://download.uphost.click/' was loaded over HTTPS, but requested an insecure element 'http://static.mediafire.com/images/backgrounds/header/mf_logo_full_color.svg'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

d3bsbtr7gp443k.cloudfront.net
download.uphost.click
region1.google-analytics.com
static.mediafire.com
www.google-analytics.com
www.googletagmanager.com
www.mediafire.com
104.16.53.48
104.16.54.48
2001:4860:4802:34::36
2600:9000:2127:9400:1a:9045:b000:21
2a00:1450:4001:811::200e
2a00:1450:4001:812::2008
2a06:98c1:3120::3
03c8d2dc7d985c3004ff2cd6d8148dd03560f37ed15efdf6c2d7f4d771d0e599
27aed4ef9e3a53d5ae9fcdad254dc82139f2aa32e383ca8bd9d82681c5e70a95
4448e430d3c53bad548a5d135e1c7e2f9593e806ba47892640d430ea752e979e
7ba1bc2084def769e77a7dbf97cd91d68fe6c6d55b5d183a7d36630da8da2b02
82b94716473aa225e715e117802145c5d2d725aa1ba9d476d61a5d3da16a8c26
831d36e9e49cdea1903d8f87a1e2018486cdecac3e4ad54f76b898238ba50a63
8539c91ae0a82f8cab27d481ea38ac4e66d1e5b36701fe295bcba4399b9255bd
8e5682ec7955b58f709d8b6fc081e6c0f200b67406f757cf5c05063b4ce8e141
921ab32a8800e8bbe10bdee6dae071f1d4a4e785c95162c23250bfaced0fa5d4
9ef4a63fc5e0a14a7301d693d65d6acfc44cdf14853c4a20890198f2d5e52e3b
9f8641eac7978175c4c8a0cbfa3bac59b4df2364a5f5272c30551f75109d41c0
a7081a117335212b9e7f2e348f7369a64423d51db1666310b3451e7375f0b7de
a7bd79b6fba60944ee3a9c153108ff0819d2db57850116ac7065a86db08af4ec
c7efe5cb71ae1f0ddfdb571ff732ede34b5645e67a5433f8f923f40fd834d1f7
ca34e558b60495d25efa935ccfd705232149efd9b7841c17ee9b209f266a098a
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7a8e790bdefbd282580a482e4ddd969584da3de0ee335b6353b8648f47ec6e3
fff2c7e238400b24472e5d6c529d7f625ec50ec4383ac23d33ca05d9c1f07a7d