download.uphost.click Open in urlscan Pro
2606:4700:3034::ac43:b41c  Malicious Activity! Public Scan

4 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

21 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response download.uphost.click/	13 KB 4 KB	363ms 265ms	Document text/html	2606:4700:3034::ac43:b41c CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://download.uphost.click/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3034::ac43:b41c , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6aee7bb42375cc3acdff9f685e2141450b4ba54c7c004e63a1d31c5fdd70a30c Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 accept-language en-US,en;q=0.9 Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 7f9654494cfb4bc0-BUF content-encoding br content-type text/html date Sat, 19 Aug 2023 23:55:45 GMT last-modified Mon, 17 Jul 2023 03:05:34 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PKOK7iNSJT%2F%2BQmjFeQie329DM0zUGJPPft9dAZLq%2FwGO40ut1CSCbBzoOWTYrtAzHgH6OAPfHKRq5gWjQXpWhLK44%2BzOZzqiYNbgWmAu9BOcQ95S%2BP1vn88nakCi1NVPOFljZaYKJNgMoOZwBnLE%2B8zXwOw%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding x-turbo-charged-by LiteSpeed
GET H2	200	main.css download.uphost.click/css/	106 KB 17 KB	339ms 338ms	Stylesheet text/css	2606:4700:3034::ac43:b41c CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://download.uphost.click/css/main.css?v1 Requested by Host: download.uphost.click URL: https://download.uphost.click/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3034::ac43:b41c , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 0b61b9fbb9d96129ed787df426737a89eaace9e703f20244702a43b3b49728ce Request headers accept-language en-US,en;q=0.9 Referer https://download.uphost.click/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers date Sat, 19 Aug 2023 23:55:46 GMT content-encoding br cf-cache-status MISS last-modified Sat, 15 Jul 2023 19:15:37 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s5Bhq2yEFYiEaaTXOnq1OINyOSQH9iyLvqFXoq%2BbvhEOdj5XCFTXCvy5%2FSzb9T7Aw0whG%2BsNX%2Bg9SPUr9on%2F9ISGdsDtvTKJEPt9i2iu%2BtzN0aDa%2BP8E9FDpd1vIz9u8wLYM%2BBx963AlA6tmLLLHON3D1Kc%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed cf-ray 7f96544afd014bc0-BUF alt-svc h3=":443"; ma=86400 expires Sat, 26 Aug 2023 23:55:45 GMT
GET H2	200	banner.gif download.uphost.click/images/	63 KB 64 KB	486ms 486ms	Image image/gif	2606:4700:3034::ac43:b41c CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://download.uphost.click/images/banner.gif Requested by Host: download.uphost.click URL: https://download.uphost.click/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3034::ac43:b41c , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash ca34e558b60495d25efa935ccfd705232149efd9b7841c17ee9b209f266a098a Request headers accept-language en-US,en;q=0.9 Referer https://download.uphost.click/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers date Sat, 19 Aug 2023 23:55:46 GMT cf-cache-status MISS last-modified Sun, 11 Jun 2023 23:19:52 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5kCXAUIlqIXFKjcXwuUkSdgci%2F2PKefwnapnkCxzsOnHc5B9R4%2FC6H1arFxoYT9ylPE9DUCWjHnyUfdUbgg%2BAoVF8qdUUmGH835KZL9VPprkWWhKuet0b8LNi66ntQOmIy%2BnWdaFYmU1%2BvWos%2Fgg%2BDLGwAQ%3D"}],"group":"cf-nel","max_age":604800} content-type image/gif cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed accept-ranges bytes cf-ray 7f96544afd024bc0-BUF alt-svc h3=":443"; ma=86400 content-length 64839 expires Sat, 26 Aug 2023 23:55:45 GMT
GET H3	200	ad.jpg download.uphost.click/images/	18 KB 19 KB	338ms 337ms	Image image/jpeg	2606:4700:3034::ac43:b41c CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://download.uphost.click/images/ad.jpg Requested by Host: download.uphost.click URL: https://download.uphost.click/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::ac43:b41c , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 831d36e9e49cdea1903d8f87a1e2018486cdecac3e4ad54f76b898238ba50a63 Request headers accept-language en-US,en;q=0.9 Referer https://download.uphost.click/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers date Sat, 19 Aug 2023 23:55:46 GMT cf-cache-status MISS last-modified Sun, 11 Jun 2023 23:08:34 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=blo0u1yygSAEVOmv1xKMyqNwWMO8gXgzGl4rLSoHOyQmvp4ZELMc9Q5YOfACgnKrZby3aM6KE4uyAGLRxQOqD8jjgsDyVJvqSwOIRvYmc9Tpu5sCi41qvu%2By3VimU3aDFvMomP00hlOn0J%2FdIM5YwlKRwIs%3D"}],"group":"cf-nel","max_age":604800} content-type image/jpeg cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed accept-ranges bytes cf-ray 7f96544d4b074bcc-BUF alt-svc h3=":443"; ma=86400 content-length 18582 expires Sat, 26 Aug 2023 23:55:46 GMT
GET H3	200	736150e.js Show response download.uphost.click/js/	23 KB 7 KB	263ms 262ms	Script application/javascript	2606:4700:3034::ac43:b41c CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://download.uphost.click/js/736150e.js Requested by Host: download.uphost.click URL: https://download.uphost.click/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::ac43:b41c , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 9f8641eac7978175c4c8a0cbfa3bac59b4df2364a5f5272c30551f75109d41c0 Request headers accept-language en-US,en;q=0.9 Referer https://download.uphost.click/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers date Sat, 19 Aug 2023 23:55:46 GMT content-encoding br cf-cache-status MISS last-modified Fri, 28 Apr 2023 13:56:58 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VRK15ZYx4okCTG6CN2kZ9x%2BvxmWnr6OMI%2B5atIkiL%2BlpnsvP%2FAaugLN7hpkpi1B%2Bvf5lqGOAjiqNVxV6CWcyucgXFKivhex6z4Re6ARKEC8a%2B%2FIehtWg4rP6aGjpW4Vp19nfcHIu62lIYKdH2jcdeobiKZ4%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed cf-ray 7f96544d1b034bcc-BUF alt-svc h3=":443"; ma=86400 expires Sat, 26 Aug 2023 23:55:46 GMT
GET H3	200	t.js Show response download.uphost.click/js/	2 KB 1 KB	262ms 261ms	Script application/javascript	2606:4700:3034::ac43:b41c CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://download.uphost.click/js/t.js Requested by Host: download.uphost.click URL: https://download.uphost.click/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::ac43:b41c , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash fff2c7e238400b24472e5d6c529d7f625ec50ec4383ac23d33ca05d9c1f07a7d Request headers accept-language en-US,en;q=0.9 Referer https://download.uphost.click/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers date Sat, 19 Aug 2023 23:55:46 GMT content-encoding br cf-cache-status MISS last-modified Fri, 28 Apr 2023 13:56:05 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LmnbbO7TLpFBALEFBC%2F8rT7hKZYrpzpnb1qDNBWtx7fugM8DhrX8haQGPoa2e0R5CWyE21wb5%2FYqjwE6XDrgMucJidjcY2XAd6j9mCNOBQ4a59lTR6RLw2%2FabtVdMGKuV7xLxGlIMK%2BJw1ZUHE6YIVEAVe0%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed cf-ray 7f96544d4b064bcc-BUF alt-svc h3=":443"; ma=86400 expires Sat, 26 Aug 2023 23:55:46 GMT
GET H2	200	mf_logo_full_color.svg static.mediafire.com/images/backgrounds/header/	3 KB 2 KB	100ms 29ms	Image image/svg+xml	104.16.54.48 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://static.mediafire.com/images/backgrounds/header/mf_logo_full_color.svg Requested by Host: download.uphost.click URL: https://download.uphost.click/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 104.16.54.48 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 8539c91ae0a82f8cab27d481ea38ac4e66d1e5b36701fe295bcba4399b9255bd Request headers accept-language en-US,en;q=0.9 Referer https://download.uphost.click/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers date Sat, 19 Aug 2023 23:55:46 GMT content-encoding gzip cf-cache-status HIT last-modified Fri, 28 Oct 2016 22:22:42 GMT server cloudflare age 872 etag W/"5813cfb2-d1d" vary Accept-Encoding content-type image/svg+xml access-control-allow-origin * cf-ray 7f96544db844a22f-YYZ
GET H3	200	file-zip-v3.png download.uphost.click/css/	2 KB 2 KB	262ms 261ms	Image image/png	2606:4700:3034::ac43:b41c CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://download.uphost.click/css/file-zip-v3.png Requested by Host: download.uphost.click URL: https://download.uphost.click/css/main.css?v1 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::ac43:b41c , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 4448e430d3c53bad548a5d135e1c7e2f9593e806ba47892640d430ea752e979e Request headers accept-language en-US,en;q=0.9 Referer https://download.uphost.click/css/main.css?v1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers date Sat, 19 Aug 2023 23:55:46 GMT cf-cache-status MISS last-modified Mon, 13 Jan 2020 04:10:32 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j5ODOThuLmEV%2FvUa7%2F02FTFVu2WjKXiHD7wYUWZDpuN45L2cofrzk2UGcPjiSlJY2ekBhQxC1efOdL934%2FRjaV5GRRSP8dge%2FM5r6bL7tPUfC4MA5XfJofJ96GSTZzeBIGqDuGPd7dQTj3nKTI9qpZ1c9F8%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed accept-ranges bytes cf-ray 7f96544d4b084bcc-BUF alt-svc h3=":443"; ma=86400 content-length 1872 expires Sat, 26 Aug 2023 23:55:46 GMT
GET H2	200	icons_sprite.svg www.mediafire.com/images/icons/svg_light/	36 KB 8 KB	124ms 55ms	Image image/svg+xml	104.16.54.48 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.mediafire.com/images/icons/svg_light/icons_sprite.svg Requested by Host: download.uphost.click URL: https://download.uphost.click/css/main.css?v1 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 104.16.54.48 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 7ba1bc2084def769e77a7dbf97cd91d68fe6c6d55b5d183a7d36630da8da2b02 Request headers accept-language en-US,en;q=0.9 Referer https://download.uphost.click/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers date Sat, 19 Aug 2023 23:55:46 GMT content-encoding gzip cf-cache-status HIT last-modified Mon, 25 Jul 2022 18:00:54 GMT server cloudflare age 13795 etag W/"62deda56-90ab" vary Accept-Encoding content-type image/svg+xml access-control-allow-origin * cf-ray 7f96544dbc26369c-YYZ
GET H2	200	arrow_dropdown.svg www.mediafire.com/images/icons/svg_dark/	315 B 647 B	114ms 46ms	Image image/svg+xml	104.16.54.48 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.mediafire.com/images/icons/svg_dark/arrow_dropdown.svg Requested by Host: download.uphost.click URL: https://download.uphost.click/css/main.css?v1 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 104.16.54.48 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 82b94716473aa225e715e117802145c5d2d725aa1ba9d476d61a5d3da16a8c26 Request headers accept-language en-US,en;q=0.9 Referer https://download.uphost.click/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers date Sat, 19 Aug 2023 23:55:46 GMT content-encoding gzip cf-cache-status HIT last-modified Mon, 25 Jul 2022 18:00:54 GMT server cloudflare age 11297 etag W/"62deda56-13b" vary Accept-Encoding content-type image/svg+xml access-control-allow-origin * cf-ray 7f96544dbc28369c-YYZ
GET H3	200	check_circle_green.svg download.uphost.click/css/	444 B 786 B	264ms 264ms	Image image/svg+xml	2606:4700:3034::ac43:b41c CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://download.uphost.click/css/check_circle_green.svg Requested by Host: download.uphost.click URL: https://download.uphost.click/css/main.css?v1 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::ac43:b41c , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 03c8d2dc7d985c3004ff2cd6d8148dd03560f37ed15efdf6c2d7f4d771d0e599 Request headers accept-language en-US,en;q=0.9 Referer https://download.uphost.click/css/main.css?v1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers date Sat, 19 Aug 2023 23:55:46 GMT content-encoding br cf-cache-status MISS last-modified Mon, 13 Jan 2020 04:11:50 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xeqeB4Bm0XOoYU1sHiREk%2BHtPjsbtB%2FS6TUTq7hDG56k2UrkVYlexB1Jfu4oqLNtbJy4993W8nAoIPqjtH1Fg7lrGJgl%2BGOs%2B1K7WDY2VOKwU%2FAmJ%2B0l1IQMT8b%2FpYeKd06%2BMa3K75oStjlOIp%2Bxb9XfHQ8%3D"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed cf-ray 7f96544d4b094bcc-BUF alt-svc h3=":443"; ma=86400 expires Sat, 26 Aug 2023 23:55:46 GMT
GET H2	200	html.4040831.0475e.0.js Show response d3bsbtr7gp443k.cloudfront.net/public/external/v2/	14 KB 14 KB	190ms 104ms	Script application/javascript	2600:9000:23ca:fa00:1a:9045:b000:21 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://d3bsbtr7gp443k.cloudfront.net/public/external/v2/html.4040831.0475e.0.js Requested by Host: download.uphost.click URL: https://download.uphost.click/js/736150e.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:23ca:fa00:1a:9045:b000:21 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software Apache/2.4.46 () OpenSSL/1.0.2k-fips PHP/7.4.11 / PHP/7.4.11 Resource Hash 8557d10f67466e00a23caf345ccab02c4bde1a63fd9097475c66c970e1969cdc Request headers accept-language en-US,en;q=0.9 Referer https://download.uphost.click/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers date Sat, 19 Aug 2023 23:55:46 GMT via 1.1 45c692e896f6d5351f0f0a998ed4f588.cloudfront.net (CloudFront) server Apache/2.4.46 () OpenSSL/1.0.2k-fips PHP/7.4.11 x-amz-cf-pop JFK50-P2 x-powered-by PHP/7.4.11 x-cache Miss from cloudfront content-type application/javascript x-amz-cf-id 3gvLuW4Z-IhO3ueE_-pHueE7QEgRWFgay3ioRcimPI400wLOt02_8Q==
GET H2	200	css_front.css d3bsbtr7gp443k.cloudfront.net/public/external/	6 KB 7 KB	182ms 96ms	Stylesheet text/css	2600:9000:23ca:fa00:1a:9045:b000:21 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://d3bsbtr7gp443k.cloudfront.net/public/external/css_front.css Requested by Host: download.uphost.click URL: https://download.uphost.click/js/736150e.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:23ca:fa00:1a:9045:b000:21 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software Apache/2.4.41 () OpenSSL/1.0.2k-fips PHP/7.4.11 / Resource Hash a7bd79b6fba60944ee3a9c153108ff0819d2db57850116ac7065a86db08af4ec Request headers accept-language en-US,en;q=0.9 Referer https://download.uphost.click/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers date Sat, 19 Aug 2023 23:55:46 GMT via 1.1 45c692e896f6d5351f0f0a998ed4f588.cloudfront.net (CloudFront) last-modified Tue, 23 Jun 2020 20:06:47 GMT server Apache/2.4.41 () OpenSSL/1.0.2k-fips PHP/7.4.11 x-amz-cf-pop JFK50-P2 etag "19c4-5a8c5e62e9d0a" x-cache Miss from cloudfront content-type text/css accept-ranges bytes content-length 6596 x-amz-cf-id akNAU8NpyG8Z9qPE2lRldL3os7vomgOCt6R78c4nJgBCUsU-cpA3TQ==
GET H2	200	analytics.js Show response www.google-analytics.com/	52 KB 21 KB	82ms 23ms	Script text/javascript	2607:f8b0:4006:824::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/analytics.js Requested by Host: download.uphost.click URL: https://download.uphost.click/js/t.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4006:824::200e Stony Point, United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language en-US,en;q=0.9 Referer https://download.uphost.click/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers strict-transport-security max-age=10886400; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff date Sat, 19 Aug 2023 22:27:56 GMT last-modified Mon, 12 Jun 2023 18:23:07 GMT server Golfe2 age 5270 vary Accept-Encoding content-type text/javascript cache-control public, max-age=7200 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 20994 expires Sun, 20 Aug 2023 00:27:56 GMT
POST H2	200	collect Show response www.google-analytics.com/j/	15 B 225 B	38ms 38ms	XHR text/plain	2607:f8b0:4006:824::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1341557728&t=event&_s=1&dl=https%3A%2F%2Fdownload.uphost.click%2F&ul=en-us&de=UTF-8&dt=Download%20WordPress%20Theme&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=VisitorEvents&ea=lockerJS_pageload&el=Locker%20JS%20Pageload&_u=4EBAAEABAAAAACAAI~&jid=158349482&gjid=794949587&cid=757167485.1692489346&uid=dvp9mves6&tid=UA-85922709-7&_gid=311838493.1692489346&_r=1&_slc=1&z=1749145257 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4006:824::200e Stony Point, United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 27aed4ef9e3a53d5ae9fcdad254dc82139f2aa32e383ca8bd9d82681c5e70a95 Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://download.uphost.click/ accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Content-Type text/plain Response headers pragma no-cache date Sat, 19 Aug 2023 23:55:46 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 content-type text/plain access-control-allow-origin https://download.uphost.click cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 15 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	js Show response www.googletagmanager.com/gtag/	228 KB 81 KB	104ms 47ms	Script application/javascript	2607:f8b0:4006:80b::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=G-2TSQKSE5H1&cx=c&_slc=1 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4006:80b::2008 Stony Point, United States, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 83ac46c288c9108dd08470a1c42cfa8426ceb81fc9c38c97194be60891fce741 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language en-US,en;q=0.9 Referer https://download.uphost.click/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers date Sat, 19 Aug 2023 23:55:46 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers Cache-Control content-length 82258 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 expires Sat, 19 Aug 2023 23:55:46 GMT
GET H2	200	css.css d3bsbtr7gp443k.cloudfront.net/public/clockers/PrimeApps/	1010 B 1 KB	95ms 95ms	Stylesheet text/css	2600:9000:23ca:fa00:1a:9045:b000:21 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://d3bsbtr7gp443k.cloudfront.net/public/clockers/PrimeApps/css.css Requested by Host: download.uphost.click URL: https://download.uphost.click/js/736150e.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:23ca:fa00:1a:9045:b000:21 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software Apache/2.4.51 () OpenSSL/1.0.2k-fips PHP/7.4.11 / Resource Hash a7081a117335212b9e7f2e348f7369a64423d51db1666310b3451e7375f0b7de Request headers accept-language en-US,en;q=0.9 Referer https://download.uphost.click/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers date Sat, 19 Aug 2023 23:55:46 GMT via 1.1 45c692e896f6d5351f0f0a998ed4f588.cloudfront.net (CloudFront) last-modified Fri, 10 Apr 2020 22:29:00 GMT server Apache/2.4.51 () OpenSSL/1.0.2k-fips PHP/7.4.11 x-amz-cf-pop JFK50-P2 etag "3f2-5a2f7428ae907" x-cache Miss from cloudfront content-type text/css accept-ranges bytes content-length 1010 x-amz-cf-id Sfapk73VC9MTGJ6VIrZssgU50iAfQOqLWmgtLtiYLUvuI70qVFbjJg==
POST H3	204	collect www.google-analytics.com/g/	0 17 B	41ms 40ms	Ping text/plain	2607:f8b0:4006:824::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/g/collect?v=2&tid=G-2TSQKSE5H1&gtm=45je38g0&_p=1341557728&ul=en-us&sr=1600x1200&cid=757167485.1692489346&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AhAI&_s=1&dl=https%3A%2F%2Fdownload.uphost.click%2F&dt=Download%20WordPress%20Theme&uid=dvp9mves6&sid=1692489346&sct=1&seg=0&en=lockerJS_pageload&_fv=1&_ss=1&_ee=1&ep.event_category=VisitorEvents&ep.event_label=Locker%20JS%20Pageload Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-2TSQKSE5H1&cx=c&_slc=1 Protocol H3 Security QUIC, , AES_128_GCM Server 2607:f8b0:4006:824::200e Stony Point, United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language en-US,en;q=0.9 Referer https://download.uphost.click/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers pragma no-cache date Sat, 19 Aug 2023 23:55:46 GMT server Golfe2 content-type text/plain access-control-allow-origin https://download.uphost.click cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H3	204	collect www.google-analytics.com/g/	0 17 B	40ms 39ms	Ping text/plain	2607:f8b0:4006:824::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/g/collect?v=2&tid=G-2TSQKSE5H1&gtm=45je38g0&_p=1341557728&ul=en-us&sr=1600x1200&cid=757167485.1692489346&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=ABgI&_s=2&dl=https%3A%2F%2Fdownload.uphost.click%2F&dt=Download%20WordPress%20Theme&uid=dvp9mves6&sid=1692489346&sct=1&seg=0&en=locker_js_page_view&_c=1&ep.event_category=VisitorEvents&ep.event_label=Locker%20JS%20Pageload&_et=4 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-2TSQKSE5H1&cx=c&_slc=1 Protocol H3 Security QUIC, , AES_128_GCM Server 2607:f8b0:4006:824::200e Stony Point, United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language en-US,en;q=0.9 Referer https://download.uphost.click/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers pragma no-cache date Sat, 19 Aug 2023 23:55:46 GMT server Golfe2 content-type text/plain access-control-allow-origin https://download.uphost.click cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	guid Show response d3bsbtr7gp443k.cloudfront.net/public/	0 277 B	163ms 162ms	Script text/html	2600:9000:23ca:fa00:1a:9045:b000:21 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://d3bsbtr7gp443k.cloudfront.net/public/guid?cpguid=dvp9mves6&e=ll&t=1692489347360 Requested by Host: download.uphost.click URL: https://download.uphost.click/js/736150e.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:23ca:fa00:1a:9045:b000:21 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software Apache/2.4.51 () OpenSSL/1.0.2k-fips PHP/7.4.11 / PHP/7.4.11 Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language en-US,en;q=0.9 Referer https://download.uphost.click/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers date Sat, 19 Aug 2023 23:55:47 GMT via 1.1 45c692e896f6d5351f0f0a998ed4f588.cloudfront.net (CloudFront) server Apache/2.4.51 () OpenSSL/1.0.2k-fips PHP/7.4.11 x-amz-cf-pop JFK50-P2 x-powered-by PHP/7.4.11 x-cache Miss from cloudfront content-type text/html; charset=UTF-8 content-length 0 x-amz-cf-id mtGthZCJ1JE8hVFCHgNv4e51jI_EuRMji5m-YliWZ8jkpPOHwyXoig==
GET H2	200	check.php Show response d3bsbtr7gp443k.cloudfront.net/public/external/	72 B 367 B	164ms 164ms	Script application/javascript	2600:9000:23ca:fa00:1a:9045:b000:21 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://d3bsbtr7gp443k.cloudfront.net/public/external/check.php?it=4040831&time=1692489348621 Requested by Host: download.uphost.click URL: https://download.uphost.click/js/736150e.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:23ca:fa00:1a:9045:b000:21 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software Apache/2.4.51 () OpenSSL/1.0.2k-fips PHP/7.4.11 / PHP/7.4.11 Resource Hash 577d248638c57941b7e35d9a19ef4b5d88d52482f6e59254142d4266c57bad38 Request headers accept-language en-US,en;q=0.9 Referer https://download.uphost.click/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers date Sat, 19 Aug 2023 23:55:48 GMT via 1.1 45c692e896f6d5351f0f0a998ed4f588.cloudfront.net (CloudFront) server Apache/2.4.51 () OpenSSL/1.0.2k-fips PHP/7.4.11 x-amz-cf-pop JFK50-P2 x-powered-by PHP/7.4.11 x-cache Miss from cloudfront content-type application/javascript content-length 72 x-amz-cf-id -1ROmZGmn1dOMMekTVkD-GShLj4GBfwxJmYi7NBk-4MWj4kPQv8Nrw==

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Scam (Online)

34 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| documentPictureInPicture object| compatSelect object| compat object| nonCompat number| clicks function| myfunction object| currentDate string| dateString object| CPABUILDSETTINGS object| CPABUILDContentLocker number| __cfRLUnblockHandlers function| CPBContentLocker function| CPABuildLock function| CPABuildGetFeedURL function| CPABuildGetIframeURL function| CPABuildGetIframeHTML function| CPABuildUnlock function| CPABuildOfferComplete function| CPABuildOffersComplete function| CPABuildCheckForLead function| og_load function| CPABuildComplete function| call_locker object| _cpbTrckr function| _cpbTrckrClass string| GoogleAnalyticsObject function| ga object| google_tag_data object| gaplugins object| gaGlobal object| gaData object| dataLayer object| google_tag_manager

6 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.mediafire.com/	1970-01-20 14:08:11	Name: __cf_bm Value: WhlmC6mKRue3LNZ5IFxtb16cx9nRtzxGtqyM2U.FlX8-1692489346-0-AeHprvEYqyC9qOoODyAEmyNoKOZHycu8MOo7umiZt1757FnLSvv9iwVBbf5GijyjJ+Ur8GHIxuY2D/KGY3pe9g4=
			download.uphost.click/	1970-01-20 14:22:33	Name: _cpguid Value: dvp9mves6
			.uphost.click/	1970-01-20 23:44:09	Name: _ga Value: GA1.2.757167485.1692489346
			.uphost.click/	1970-01-20 14:09:35	Name: _gid Value: GA1.2.311838493.1692489346
			.uphost.click/	1970-01-20 14:08:09	Name: _gat__ga_cptracker Value: 1
			.uphost.click/	1970-01-20 23:44:09	Name: _ga_2TSQKSE5H1 Value: GS1.2.1692489346.1.0.1692489346.0.0.0

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	URL: https://download.uphost.click/ Message: Mixed Content: The page at 'https://download.uphost.click/' was loaded over HTTPS, but requested an insecure element 'http://static.mediafire.com/images/backgrounds/header/mf_logo_full_color.svg'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

d3bsbtr7gp443k.cloudfront.net
download.uphost.click
static.mediafire.com
www.google-analytics.com
www.googletagmanager.com
www.mediafire.com
104.16.54.48
2600:9000:23ca:fa00:1a:9045:b000:21
2606:4700:3034::ac43:b41c
2607:f8b0:4006:80b::2008
2607:f8b0:4006:824::200e
03c8d2dc7d985c3004ff2cd6d8148dd03560f37ed15efdf6c2d7f4d771d0e599
0b61b9fbb9d96129ed787df426737a89eaace9e703f20244702a43b3b49728ce
27aed4ef9e3a53d5ae9fcdad254dc82139f2aa32e383ca8bd9d82681c5e70a95
4448e430d3c53bad548a5d135e1c7e2f9593e806ba47892640d430ea752e979e
577d248638c57941b7e35d9a19ef4b5d88d52482f6e59254142d4266c57bad38
6aee7bb42375cc3acdff9f685e2141450b4ba54c7c004e63a1d31c5fdd70a30c
7ba1bc2084def769e77a7dbf97cd91d68fe6c6d55b5d183a7d36630da8da2b02
82b94716473aa225e715e117802145c5d2d725aa1ba9d476d61a5d3da16a8c26
831d36e9e49cdea1903d8f87a1e2018486cdecac3e4ad54f76b898238ba50a63
83ac46c288c9108dd08470a1c42cfa8426ceb81fc9c38c97194be60891fce741
8539c91ae0a82f8cab27d481ea38ac4e66d1e5b36701fe295bcba4399b9255bd
8557d10f67466e00a23caf345ccab02c4bde1a63fd9097475c66c970e1969cdc
9f8641eac7978175c4c8a0cbfa3bac59b4df2364a5f5272c30551f75109d41c0
a7081a117335212b9e7f2e348f7369a64423d51db1666310b3451e7375f0b7de
a7bd79b6fba60944ee3a9c153108ff0819d2db57850116ac7065a86db08af4ec
ca34e558b60495d25efa935ccfd705232149efd9b7841c17ee9b209f266a098a
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
fff2c7e238400b24472e5d6c529d7f625ec50ec4383ac23d33ca05d9c1f07a7d