{"report_id":"b728bad5-2cd1-4d72-b045-27a236479e01","version":6,"status":"done","tags":[],"date":"2025-09-28T09:47:25Z","url":{"schema":"http","addr":"up2img.com/album/Mjk5Njc/Vika-Mermaid/viewimage/Mg/OTQxMTcyOTA1MjAyMTUzNTA/OTc/MDAwNjg.html","fqdn":"up2img.com","domain":"up2img.com","tld":"com"},"ip":{"addr":"45.93.8.200","port":0,"asn":44477,"as":"Stark Industries Solutions Ltd","country":"Ukraine","country_code":"UA"},"final":{"url":{"schema":"https","addr":"up2img.com/album/Mjk5Njc/Vika-Mermaid/viewimage/Mg/OTQxMTcyOTA1MjAyMTUzNTA/OTc/MDAwNjg.html","fqdn":"up2img.com","domain":"up2img.com","tld":"com"},"title":"Up2Img.Com - Upload \u0026 Share your porn pics collect free!"},"submit":{"url":{"schema":"http","addr":"up2img.com/album/Mjk5Njc/Vika-Mermaid/viewimage/Mg/OTQxMTcyOTA1MjAyMTUzNTA/OTc/MDAwNjg.html","fqdn":"up2img.com","domain":"up2img.com","tld":"com"},"ip":{"addr":"45.93.8.200","port":0,"asn":44477,"as":"Stark Industries Solutions Ltd","country":"Ukraine","country_code":"UA"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-02T09:47:25Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"www.premiumvertising.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"a.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"premiumvertising.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"c.adsco.re","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2017-02-14","domain_rank":100769,"first_seen":"2017-11-29T18:42:15Z","last_seen":"2025-09-22T02:54:55.1185Z","alert_count":0,"request_count":2,"received_data":0,"sent_data":804,"comment":"","tags":null,"fingerprints":null},{"fqdn":"premiumvertising.com","ip":{"addr":"162.252.214.11","port":443,"asn":53334,"as":"TUT-AS","country":"United States","country_code":"US"},"domain_registered":"2020-04-18","domain_rank":64798,"first_seen":"2020-04-19T20:30:46Z","last_seen":"2025-09-22T15:22:46.97881Z","alert_count":1,"request_count":1,"received_data":285,"sent_data":538,"comment":"","tags":null,"fingerprints":null},{"fqdn":"www.googletagmanager.com","ip":{"addr":"142.250.178.72","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2011-11-11","domain_rank":283,"first_seen":"2012-10-04T01:07:32Z","last_seen":"2025-09-21T22:11:31.071214Z","alert_count":0,"request_count":1,"received_data":419824,"sent_data":431,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"www.premiumvertising.com","ip":{"addr":"95.173.205.14","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"domain_registered":"2020-04-18","domain_rank":874532,"first_seen":"2020-04-18T19:54:24Z","last_seen":"2025-09-23T02:55:28.748337Z","alert_count":1,"request_count":1,"received_data":42496,"sent_data":456,"comment":"","tags":null,"fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}]},{"fqdn":"a.magsrv.com","ip":{"addr":"95.173.205.15","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"domain_registered":"2023-08-01","domain_rank":51490,"first_seen":"2023-08-04T16:18:00Z","last_seen":"2025-09-22T01:40:52.8446Z","alert_count":20,"request_count":20,"received_data":951682,"sent_data":9725,"comment":"","tags":null,"fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}]},{"fqdn":"s.magsrv.com","ip":{"addr":"95.211.229.245","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2023-08-01","domain_rank":47665,"first_seen":"2023-08-04T12:48:00Z","last_seen":"2025-09-22T00:21:15.320109Z","alert_count":0,"request_count":10,"received_data":13583,"sent_data":6961,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"s3t3d2y9.afcdn.net","ip":{"addr":"95.173.205.14","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"domain_registered":"2022-06-27","domain_rank":36521,"first_seen":"2025-05-07T19:37:13.89914Z","last_seen":"2025-09-22T01:40:52.960372Z","alert_count":0,"request_count":5,"received_data":714982,"sent_data":2731,"comment":"","tags":null,"fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}]},{"fqdn":"cdn3.up2img.com","ip":{"addr":"37.221.65.234","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"domain_registered":"2025-09-16","domain_rank":0,"first_seen":"2025-09-28T09:47:26.831959Z","last_seen":"2025-09-28T09:47:26.831959Z","alert_count":0,"request_count":1,"received_data":696159,"sent_data":501,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"up2img.com","ip":{"addr":"45.93.8.200","port":443,"asn":44477,"as":"Stark Industries Solutions Ltd","country":"Ukraine","country_code":"UA"},"domain_registered":"2025-09-16","domain_rank":0,"first_seen":"2025-09-25T15:55:19.743687Z","last_seen":"2025-09-25T15:55:19.743687Z","alert_count":0,"request_count":11,"received_data":252444,"sent_data":6108,"comment":"","tags":null,"fingerprints":[{"name":"Bootstrap","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"a.magsrv.com/ad-provider.js","fqdn":"a.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"95.173.205.15","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"3c01bf38d58ab93e080fbf63e3dbc461","sha1":"9ba388b9873f71f944fea196bb1ac87d20731e85","sha256":"84d0dd4f94e5bc1fa61fb371d1d9706da728f12c6a6d173ce403ddcb9e436e87","sha512":"6bd07890886fa49a65ef00fc52288beabf4e0d1917877d1dfb0a8893fe06c4b8a5389affb72bcdbace0c56b8a71e92080ec967940f603572ec706b5c6f40b670","ssdeep":"3072:Nms/jp28VOkqDG2CjyR19wnRBqI9gxxIisGEolY4o/CXMppo:Hp28VOkq62T19wnRvgxXs7npo","tlshash":"1e045c992792307441d3e12d6aff53093371506ab80f4884bb4dd8a427adeea51a3ffd","size":184994,"data":"","first_seen":"2025-09-16T23:11:06.685443Z","last_seen":"2025-10-03T07:23:01.303438Z","times_seen":401,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.magsrv.com/ad-provider.js","fqdn":"a.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"95.173.205.15","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"3c01bf38d58ab93e080fbf63e3dbc461","sha1":"9ba388b9873f71f944fea196bb1ac87d20731e85","sha256":"84d0dd4f94e5bc1fa61fb371d1d9706da728f12c6a6d173ce403ddcb9e436e87","sha512":"6bd07890886fa49a65ef00fc52288beabf4e0d1917877d1dfb0a8893fe06c4b8a5389affb72bcdbace0c56b8a71e92080ec967940f603572ec706b5c6f40b670","ssdeep":"3072:Nms/jp28VOkqDG2CjyR19wnRBqI9gxxIisGEolY4o/CXMppo:Hp28VOkq62T19wnRvgxXs7npo","tlshash":"1e045c992792307441d3e12d6aff53093371506ab80f4884bb4dd8a427adeea51a3ffd","size":184994,"data":"","first_seen":"2025-09-16T23:11:06.685443Z","last_seen":"2025-10-03T07:23:01.303438Z","times_seen":401,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"up2img.com/album/Mjk5Njc/Vika-Mermaid/viewimage/Mg/OTQxMTcyOTA1MjAyMTUzNTA/OTc/MDAwNjg.html","fqdn":"up2img.com","domain":"up2img.com","tld":"com"},"ip":{"addr":"45.93.8.200","port":443,"asn":44477,"as":"Stark Industries Solutions Ltd","country":"Ukraine","country_code":"UA"},"introduction_type":"scriptElement","is_inline":true,"md5":"eba924fff39cc42a7426048b3de42ae1","sha1":"41fd62a945f69195dcb6b57cbc98be52b3c91ad1","sha256":"3060a3ca6c8c137709d7c78d721322e081b1667105105cd4b39129696b4b9d79","sha512":"964a1a359e29f01626aae4af607552f2f5ea3195873f5e3551613453dd178ee5eb731543774628b6f39b92b452b664eb2b80589153dbc8a51d1911941a542da0","ssdeep":"","tlshash":"9611c8543d155019f3aa6dac003bfd02fc6512e92a8078eaf4ef5460073a8c31ea3bdc","size":1005,"data":"","first_seen":"2025-09-28T09:47:31.766729Z","last_seen":"2025-09-28T09:47:31.766729Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.magsrv.com/build-iframe-js-url.js?idzone=5726790","fqdn":"a.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"95.173.205.15","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"82cf19b6fdccdd55de40cb0a7ebd8fe6","sha1":"144f9575bf749428685e4ab114ffd9361327ad1a","sha256":"c9535e46870f385f3a576b2b4cc0c7fb8e91cedfcd0745732aac132401757fb6","sha512":"5a4d1e32dfabd54ead11be27703784024cd8a10c12ad935e3ada8b9bb04b0e317f15c0973e7e173dd737b1370e719f01ce782b8d81ef9e8717fcad3c177d37dc","ssdeep":"","tlshash":"d60120a87ca1d6b801f028d99162f1f8d17a018038c1c948b0c4dd80767ce8c1533e78","size":759,"data":"","first_seen":"2025-09-25T15:55:29.906178Z","last_seen":"2025-10-17T14:30:23.351079Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.magsrv.com/iframe.js?idzone=5726790\u0026size=300x250","fqdn":"a.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"95.173.205.15","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"9493c0924747f9e508bc984617df1746","sha1":"51d39ab883390a5b1ff154d9580be979be716d26","sha256":"152ee361107fbc77011602612acdfc4c575a01aacace3a53fa5e0c45dd311ac2","sha512":"c8950a9fecc7408970c2fb92e5065aa260acb1db5fd106bed13e7f95bd6709857d611c8da2e98f2358d4f6deadabbcaa1943d4ea207cd1976f5896618c3b95a0","ssdeep":"","tlshash":"5841767d3012bf702dd62820912f3035e0b711d47adad460a1cfad929669d8e672176c","size":2292,"data":"","first_seen":"2025-09-25T15:55:29.872093Z","last_seen":"2025-10-17T14:30:23.005481Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.magsrv.com/iframe.js?idzone=5726788\u0026size=728x90","fqdn":"a.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"95.173.205.15","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"573ebacf03c274a3757ccc63a3854aea","sha1":"aaf4ba1738b7998ca84e64c9484bde50f0bb1978","sha256":"a80d1fe8c69d171f3df7b57eac862c7f824e5e7b358f650f2fd19fdd750289f8","sha512":"eaac6ad7ff00d8d7c163b92a6b13c1cdbfceb5eb9a21a2a6d76e8d978592d2ce8a0eb6e351cd61af9d73251618a05bbe349150ca087355fb834470813dfa58e5","ssdeep":"","tlshash":"c74175bd3002bf702ed62820912f3035e0b711d47aded460a1cfad92a669e8e632176c","size":2292,"data":"","first_seen":"2025-09-25T15:55:29.888144Z","last_seen":"2025-10-17T14:30:23.059114Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.magsrv.com/build-iframe-js-url.js?idzone=5726860","fqdn":"a.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"95.173.205.15","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"577f4335f16c5d5ffe6e943f5d8c2f41","sha1":"36b21fce25172c86a6058b632f6f94bef1041c9c","sha256":"551e26b7f42072c6514aeabb7407c6ac116919456b93ef4170d3eeb8f0852287","sha512":"3944a37597ef3ed12cbe0b9adabf1574475f6b9316b41d2befd36d201448abf3a938592d5c9d563d76b6d79a301be0b7f165e4fbb86b73f958632c79b861a9f3","ssdeep":"","tlshash":"e50165a87ca1d6b401f028d99163f1f8d17a01c038c1c948b4c4dd80767ce8c0533f78","size":759,"data":"","first_seen":"2025-09-25T15:55:29.917378Z","last_seen":"2025-09-28T16:27:44.198277Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"up2img.com/album/Mjk5Njc/Vika-Mermaid/viewimage/Mg/OTQxMTcyOTA1MjAyMTUzNTA/OTc/MDAwNjg.html","fqdn":"up2img.com","domain":"up2img.com","tld":"com"},"ip":{"addr":"45.93.8.200","port":443,"asn":44477,"as":"Stark Industries Solutions Ltd","country":"Ukraine","country_code":"UA"},"introduction_type":"scriptElement","is_inline":true,"md5":"3ddffa64620dcb33d5bd92304882a026","sha1":"aa332f0718698719fef1b0bd74c02ddc2ed9f743","sha256":"9f4b286217e6123af1a3dbaaccdc430107af27a0257437eb4fd6d18342796f3a","sha512":"4a66b8b208c5a429bc65bd65913d11758d8bf306df47d705ace1f708af3baef454ab76d1626dccf1a342e72ff2fa5fae7fd28b85b36089dbc175c7950d637de3","ssdeep":"","tlshash":"f31110bfb2a30c359d2f6e16b69fc7003b1050135c51c5667d4c96040f9cb6d50e8b59","size":1008,"data":"","first_seen":"2025-09-28T09:47:31.770666Z","last_seen":"2025-09-28T09:47:31.770666Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.magsrv.com/build-iframe-js-url.js?idzone=5726860","fqdn":"a.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"95.173.205.15","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"577f4335f16c5d5ffe6e943f5d8c2f41","sha1":"36b21fce25172c86a6058b632f6f94bef1041c9c","sha256":"551e26b7f42072c6514aeabb7407c6ac116919456b93ef4170d3eeb8f0852287","sha512":"3944a37597ef3ed12cbe0b9adabf1574475f6b9316b41d2befd36d201448abf3a938592d5c9d563d76b6d79a301be0b7f165e4fbb86b73f958632c79b861a9f3","ssdeep":"","tlshash":"e50165a87ca1d6b401f028d99163f1f8d17a01c038c1c948b4c4dd80767ce8c0533f78","size":759,"data":"","first_seen":"2025-09-25T15:55:29.917378Z","last_seen":"2025-09-28T16:27:44.198277Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.premiumvertising.com/htwitterFetcher_min.css","fqdn":"www.premiumvertising.com","domain":"premiumvertising.com","tld":"com"},"ip":{"addr":"95.173.205.14","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"0101bd0a53aafc84e7eeb8b5dd13054a","sha1":"eb254d3527b46c7f9b18eaa56ece99aae5e94e60","sha256":"9394929ea3a85614fc907098c91c6be47d9cd034e2fd29c380f90c1f82f991e6","sha512":"3f6d62be68eccd2df2d4108c6de2501899d4e70bb8189a0a13cd38b2913d1ad7305ac182f671b208d9c0bc0dc25dc3f90cd34bddbcdd564d720de37fdaf7f247","ssdeep":"768:bt9rqAYKKWZzFQ9JsQU+YDngZGihfzmMzhYrTsAysncCWcf5k5sigCFSCntlqofr:bb9ZzFQ9JsTgZvfzmMzhYrTscpQZR","tlshash":"1b1329aab286282601e741b9503eb316b23305167812d458fcb9cdf96e3ddc6127b7fc","size":41949,"data":"","first_seen":"2025-09-28T09:47:31.610164Z","last_seen":"2025-09-28T09:47:31.610164Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-1Y8MR84580","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.178.72","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"2ef7427186d30486107e1e8a3d7819eb","sha1":"dc0997da73b653837b2f622c05a7a48cee1cbc7a","sha256":"d1e485c3e03416cb1033fbfdbb1add3ad069d5d04912f75be18f950ce071362b","sha512":"829424c9efcc66833ba906f6374d295f37ed0ecb9881c7cb4b484b4dd8651eb967f81b17eda277ffb2d068576e6a62fe7a514617d4799a1a8b5d79476ec90f83","ssdeep":"6144:DBVpmM2/RNpvYqkD1g1/9G1SvuVcH9+23WBj:1XmLRYly/Lwr","tlshash":"d09409ce73d674265396e078907f018ba5bb28a2f44cc899f189dce42d74a9a4137f7c","size":419220,"data":"","first_seen":"2025-09-28T09:47:31.605122Z","last_seen":"2025-09-28T09:47:31.605122Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"up2img.com/login-status.php","fqdn":"up2img.com","domain":"up2img.com","tld":"com"},"ip":{"addr":"45.93.8.200","port":443,"asn":44477,"as":"Stark Industries Solutions Ltd","country":"Ukraine","country_code":"UA"},"introduction_type":"scriptElement","is_inline":false,"md5":"c22b72234cbb547884f1a0f5960b15bb","sha1":"a0555763098e72108ba032825f4ff793bf18f07f","sha256":"6cea7dfc5d95ca1351333dfab2af0b473217dd4140f3165332cb0610690fb43a","sha512":"d66e98acb6a832dbbc8decd65903ee589a80a41af51f8c51526c494e2b12d527b6cc0f5280ccab73895615923ed875fb843243ff39dcf7c0f6036097d8be89f2","ssdeep":"","tlshash":"a1c080119353510c62245170e4119a57b1056113d5029ce4dd810614404a8162446b85","size":142,"data":"","first_seen":"2025-09-25T15:55:29.92095Z","last_seen":"2025-10-17T14:30:22.920592Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"up2img.com/album/Mjk5Njc/Vika-Mermaid/viewimage/Mg/OTQxMTcyOTA1MjAyMTUzNTA/OTc/MDAwNjg.html","fqdn":"up2img.com","domain":"up2img.com","tld":"com"},"ip":{"addr":"45.93.8.200","port":443,"asn":44477,"as":"Stark Industries Solutions Ltd","country":"Ukraine","country_code":"UA"},"introduction_type":"scriptElement","is_inline":true,"md5":"2ce7fb1387f0f2ed80479af244189c93","sha1":"98a17fc4f020988bc08046c4f7a081990d169c63","sha256":"bbbfeb9845b0c07f9c9668233fafe21cc55489af7eb0fe5a9592ced9079373c6","sha512":"9221f5e357661f6a2163c05e1a4963da40242db8c1f5b7ed5e5307e4d32560d6b576fb81a8b69712d3c80b725f9558b359a36a07678b65a1bc38e9015a3d3b66","ssdeep":"","tlshash":"632147e6bc9608f05edf72fa46ae078d387000071d49ca567e2d53a04f78ea5113eae4","size":1275,"data":"","first_seen":"2025-09-28T09:47:31.774978Z","last_seen":"2025-10-10T05:46:33.934067Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"up2img.com/album/Mjk5Njc/Vika-Mermaid/viewimage/Mg/OTQxMTcyOTA1MjAyMTUzNTA/OTc/MDAwNjg.html","fqdn":"up2img.com","domain":"up2img.com","tld":"com"},"ip":{"addr":"45.93.8.200","port":443,"asn":44477,"as":"Stark Industries Solutions Ltd","country":"Ukraine","country_code":"UA"},"introduction_type":"scriptElement","is_inline":true,"md5":"76edbcbda56cd3b3777433ceece48aed","sha1":"532b2bb15b39c39627bf1b9f6b343ed055c5ebde","sha256":"c5e6cfec6d499138449cc418f84b1fb5dc14dd847d16f3394017353e2c583bd0","sha512":"ff38a6d66d9cf0451cbd1abc0254848f788260e9d68584d8dab2d25a0370731005bbfacb9500838d0914e4616d34a57338a19d177605b0bf4b6800259e3e01cd","ssdeep":"","tlshash":"b6d0a79634e395f40dbb8e3e165b5a82a4354445640cd155d4685c32be54e0d16b7960","size":227,"data":"","first_seen":"2025-09-25T15:55:29.993299Z","last_seen":"2025-10-17T14:30:23.397875Z","times_seen":7,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"up2img.com/album/Mjk5Njc/Vika-Mermaid/viewimage/Mg/OTQxMTcyOTA1MjAyMTUzNTA/OTc/MDAwNjg.html","fqdn":"up2img.com","domain":"up2img.com","tld":"com"},"ip":{"addr":"45.93.8.200","port":443,"asn":44477,"as":"Stark Industries Solutions Ltd","country":"Ukraine","country_code":"UA"},"introduction_type":"scriptElement","is_inline":true,"md5":"ada2560af7db8b26f74ea7565b61b814","sha1":"3db28e9cb0e5779aab58ff379e2868a353bcb97f","sha256":"f9500410d6e126d789de46e47a505294b9fa0dcc074d967689945a85ceadfc93","sha512":"2a9fe0e1c2fdb71e335599eabb449502093e2ad3b7b89158d0244261fd8960518c28a09f887aaa934b561a6852c56b2e8f677e778dc933bc5ce1725e68bc4c8e","ssdeep":"","tlshash":"4ac02b8c311a0c7081f72750cb3fb644b006331894d17931484d63084d31f13e744c68","size":153,"data":"","first_seen":"2025-09-25T15:55:29.995292Z","last_seen":"2025-10-17T14:30:23.4082Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.magsrv.com/build-iframe-js-url.js?idzone=5726790","fqdn":"a.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"95.173.205.15","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"82cf19b6fdccdd55de40cb0a7ebd8fe6","sha1":"144f9575bf749428685e4ab114ffd9361327ad1a","sha256":"c9535e46870f385f3a576b2b4cc0c7fb8e91cedfcd0745732aac132401757fb6","sha512":"5a4d1e32dfabd54ead11be27703784024cd8a10c12ad935e3ada8b9bb04b0e317f15c0973e7e173dd737b1370e719f01ce782b8d81ef9e8717fcad3c177d37dc","ssdeep":"","tlshash":"d60120a87ca1d6b801f028d99162f1f8d17a018038c1c948b0c4dd80767ce8c1533e78","size":759,"data":"","first_seen":"2025-09-25T15:55:29.906178Z","last_seen":"2025-10-17T14:30:23.351079Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"javascriptURL","is_inline":false,"md5":"68934a3e9455fa72420237eb05902327","sha1":"7cb6efb98ba5972a9b5090dc2e517fe14d12cb04","sha256":"fcbcf165908dd18a9e49f7ff27810176db8e9f63b4352213741664245224f8aa","sha512":"719fa67eef49c4b2a2b83f0c62bddd88c106aaadb7e21ae057c8802b700e36f81fe3f144812d8b05d66dc663d908b25645e153262cf6d457aa34e684af9e328d","ssdeep":"","tlshash":"aa3000000000000c000000000000000000000000000000000000000030000000000000","size":5,"data":"","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-04-10T12:40:15.850645Z","times_seen":67339,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.magsrv.com/iframe.js?idzone=5726790\u0026size=300x250","fqdn":"a.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"95.173.205.15","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"9493c0924747f9e508bc984617df1746","sha1":"51d39ab883390a5b1ff154d9580be979be716d26","sha256":"152ee361107fbc77011602612acdfc4c575a01aacace3a53fa5e0c45dd311ac2","sha512":"c8950a9fecc7408970c2fb92e5065aa260acb1db5fd106bed13e7f95bd6709857d611c8da2e98f2358d4f6deadabbcaa1943d4ea207cd1976f5896618c3b95a0","ssdeep":"","tlshash":"5841767d3012bf702dd62820912f3035e0b711d47adad460a1cfad929669d8e672176c","size":2292,"data":"","first_seen":"2025-09-25T15:55:29.872093Z","last_seen":"2025-10-17T14:30:23.005481Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.magsrv.com/iframe.js?idzone=5726860\u0026size=300x250","fqdn":"a.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"95.173.205.15","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"5ec6cdf2cb521f943d7e2f8fe76ca254","sha1":"93c70731a083721c54a47709e9a11f77a812195f","sha256":"9613330b6182335a216e9af50e5c20f3b5fa3ff0a6348547eee9a7b7d9d777f3","sha512":"15bb03f29a7353d8e755fce47ad8ec7d31549e4e18190320c1ffabb86d47a45b06622946282a0b0e9f0ab7afe05fa42d7f771a8bc9a6aa36870aad1770fd1aa0","ssdeep":"","tlshash":"d341767d3042bf702dd62820912f3035f0b711d47adad460a1cfad929669d8e572176c","size":2292,"data":"","first_seen":"2025-09-25T15:55:29.900712Z","last_seen":"2025-09-28T16:27:44.247136Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.magsrv.com/build-iframe-js-url.js?idzone=5726788","fqdn":"a.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"95.173.205.15","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"fe2a3bcd962596d74efa5e9004fcfd38","sha1":"fe5cf624347fcbb42e72d9e0c4bff55867631acf","sha256":"1b953cf39c0b6e1de92c0eac04e7ca7c20aedd7e3c60022ca474be635bce19f8","sha512":"ee980d352e8fa80741d6437f41c5d791d5e15ad34a8413eb7560d062e935d721dc57cd292a022098f153022adc7aad48f8e0ce3ff13e00bbd7386737bf5bc4d2","ssdeep":"","tlshash":"840165a87ca1d6b801f028d99163f1f8d17a01c038c1c948b0c4dd80767ce9c0533f78","size":759,"data":"","first_seen":"2025-09-25T15:55:29.935279Z","last_seen":"2025-10-17T14:30:23.243337Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.magsrv.com/ad-provider.js","fqdn":"a.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"95.173.205.15","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"3c01bf38d58ab93e080fbf63e3dbc461","sha1":"9ba388b9873f71f944fea196bb1ac87d20731e85","sha256":"84d0dd4f94e5bc1fa61fb371d1d9706da728f12c6a6d173ce403ddcb9e436e87","sha512":"6bd07890886fa49a65ef00fc52288beabf4e0d1917877d1dfb0a8893fe06c4b8a5389affb72bcdbace0c56b8a71e92080ec967940f603572ec706b5c6f40b670","ssdeep":"3072:Nms/jp28VOkqDG2CjyR19wnRBqI9gxxIisGEolY4o/CXMppo:Hp28VOkq62T19wnRvgxXs7npo","tlshash":"1e045c992792307441d3e12d6aff53093371506ab80f4884bb4dd8a427adeea51a3ffd","size":184994,"data":"","first_seen":"2025-09-16T23:11:06.685443Z","last_seen":"2025-10-03T07:23:01.303438Z","times_seen":401,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.magsrv.com/ad-provider.js","fqdn":"a.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"95.173.205.15","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"3c01bf38d58ab93e080fbf63e3dbc461","sha1":"9ba388b9873f71f944fea196bb1ac87d20731e85","sha256":"84d0dd4f94e5bc1fa61fb371d1d9706da728f12c6a6d173ce403ddcb9e436e87","sha512":"6bd07890886fa49a65ef00fc52288beabf4e0d1917877d1dfb0a8893fe06c4b8a5389affb72bcdbace0c56b8a71e92080ec967940f603572ec706b5c6f40b670","ssdeep":"3072:Nms/jp28VOkqDG2CjyR19wnRBqI9gxxIisGEolY4o/CXMppo:Hp28VOkq62T19wnRvgxXs7npo","tlshash":"1e045c992792307441d3e12d6aff53093371506ab80f4884bb4dd8a427adeea51a3ffd","size":184994,"data":"","first_seen":"2025-09-16T23:11:06.685443Z","last_seen":"2025-10-03T07:23:01.303438Z","times_seen":401,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.magsrv.com/iframe.js?idzone=5726860\u0026size=300x250","fqdn":"a.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"95.173.205.15","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"5ec6cdf2cb521f943d7e2f8fe76ca254","sha1":"93c70731a083721c54a47709e9a11f77a812195f","sha256":"9613330b6182335a216e9af50e5c20f3b5fa3ff0a6348547eee9a7b7d9d777f3","sha512":"15bb03f29a7353d8e755fce47ad8ec7d31549e4e18190320c1ffabb86d47a45b06622946282a0b0e9f0ab7afe05fa42d7f771a8bc9a6aa36870aad1770fd1aa0","ssdeep":"","tlshash":"d341767d3042bf702dd62820912f3035f0b711d47adad460a1cfad929669d8e572176c","size":2292,"data":"","first_seen":"2025-09-25T15:55:29.900712Z","last_seen":"2025-09-28T16:27:44.247136Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.magsrv.com/ad-provider.js","fqdn":"a.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"95.173.205.15","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"3c01bf38d58ab93e080fbf63e3dbc461","sha1":"9ba388b9873f71f944fea196bb1ac87d20731e85","sha256":"84d0dd4f94e5bc1fa61fb371d1d9706da728f12c6a6d173ce403ddcb9e436e87","sha512":"6bd07890886fa49a65ef00fc52288beabf4e0d1917877d1dfb0a8893fe06c4b8a5389affb72bcdbace0c56b8a71e92080ec967940f603572ec706b5c6f40b670","ssdeep":"3072:Nms/jp28VOkqDG2CjyR19wnRBqI9gxxIisGEolY4o/CXMppo:Hp28VOkq62T19wnRvgxXs7npo","tlshash":"1e045c992792307441d3e12d6aff53093371506ab80f4884bb4dd8a427adeea51a3ffd","size":184994,"data":"","first_seen":"2025-09-16T23:11:06.685443Z","last_seen":"2025-10-03T07:23:01.303438Z","times_seen":401,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":[{"md5":"0d5bdfdadafa01034abdb929546878a8","sha1":"4ff16f55da0f7ffe1c68173ed5df60a277599e71","sha256":"af898d45be62ce11264241588611223f4ddd9f78b21172f824e0871c36a1df83","sha512":"5faa9c87aab276985fb5fffda61322b37166be641c62df333bb35e4dfe0c62194d7f2849747ac09e75f84ec8ccfc59a2828d0d18bd05c96bcc05765bb515219f","ssdeep":"","tlshash":"eeb02b21e393400cb2246170f8112e47f1015203d1029ce8de400324804f823144378a","size":122,"data":"","first_seen":"2025-09-25T15:55:29.997103Z","last_seen":"2025-10-17T14:30:23.442192Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]},"http":[{"url":{"schema":"https","addr":"up2img.com/album/Mjk5Njc/Vika-Mermaid/viewimage/Mg/OTQxMTcyOTA1MjAyMTUzNTA/OTc/MDAwNjg.html","fqdn":"up2img.com","domain":"up2img.com","tld":"com"},"ip":{"addr":"45.93.8.200","port":443,"asn":44477,"as":"Stark Industries Solutions Ltd","country":"Ukraine","country_code":"UA"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-09-28T09:47:02.431Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"up2img.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 20 Sep 2025 23:30:24 GMT","end":"Fri, 19 Dec 2025 23:30:23 GMT"},"fingerprint":{"sha1":"F8:71:82:D9:3D:59:C2:B5:1E:B1:31:0D:74:14:C8:EE:65:4A:E7:2A","sha256":"20:78:3F:55:A2:84:DC:7A:6A:33:F2:F8:05:75:51:99:82:C8:AC:13:CC:FB:31:99:95:90:AE:53:DD:38:51:B0"}}},"request":{"raw":"GET /album/Mjk5Njc/Vika-Mermaid/viewimage/Mg/OTQxMTcyOTA1MjAyMTUzNTA/OTc/MDAwNjg.html HTTP/1.1\r\nHost: up2img.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 28 Sep 2025 09:47:02 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding, Accept-Encoding\r\nX-Cache: BYPASS From up2img.com\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Bootstrap","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7739,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (975), with CRLF, LF line terminators","md5":"9647e5513cc4e2f68e1c9684fc7e9d36","sha1":"9225174129c379fc8de90ac55140f15905a1937a","sha256":"dd3ce742ff75469253bbcfa22dbed8743ecc5fc1aaf0d9dff5800e44c8addcf0","sha512":"88b4576fb01914cceb3054ef1485fba41d1e2b2d14dea489d05ef4f510df300c7e102ef23ddf0f8199d0ba4c67842492e0b70eb51ee3ad50e9e9be9db4c4238c","ssdeep":"192:31k8mTHSa/CKicMI9V29ypboaTdVpyKRam8:5mTJHUIH29haTdVoY8","tlshash":"33f1c8b2b8921c79897b46b9b1fad709f85041039e0295127dec23e31f79e4504a7fe8","first_seen":"2025-09-28T09:47:31.594264Z","last_seen":"2025-09-28T09:47:31.594264Z","times_seen":1,"resource_available":false,"data":null}},"time_used":136,"timings":{"blocked":45,"dns":0,"connect":20,"send":0,"wait":46,"receive":0,"ssl":24},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"up2img.com/album/Mjk5Njc/Vika-Mermaid/viewimage/Mg/OTQxMTcyOTA1MjAyMTUzNTA/OTc/js/bootstrap.bundle.min.js","fqdn":"up2img.com","domain":"up2img.com","tld":"com"},"ip":{"addr":"45.93.8.200","port":443,"asn":44477,"as":"Stark Industries Solutions Ltd","country":"Ukraine","country_code":"UA"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://up2img.com/album/Mjk5Njc/Vika-Mermaid/viewimage/Mg/OTQxMTcyOTA1MjAyMTUzNTA/OTc/MDAwNjg.html","date":"2025-09-28T09:47:02.601Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"up2img.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 20 Sep 2025 23:30:24 GMT","end":"Fri, 19 Dec 2025 23:30:23 GMT"},"fingerprint":{"sha1":"F8:71:82:D9:3D:59:C2:B5:1E:B1:31:0D:74:14:C8:EE:65:4A:E7:2A","sha256":"20:78:3F:55:A2:84:DC:7A:6A:33:F2:F8:05:75:51:99:82:C8:AC:13:CC:FB:31:99:95:90:AE:53:DD:38:51:B0"}}},"request":{"raw":"GET /album/Mjk5Njc/Vika-Mermaid/viewimage/Mg/OTQxMTcyOTA1MjAyMTUzNTA/OTc/js/bootstrap.bundle.min.js HTTP/1.1\r\nHost: up2img.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://up2img.com/album/Mjk5Njc/Vika-Mermaid/viewimage/Mg/OTQxMTcyOTA1MjAyMTUzNTA/OTc/MDAwNjg.html\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx\r\nDate: Sun, 28 Sep 2025 09:47:02 GMT\r\nContent-Type: text/html\r\nContent-Length: 146\r\nConnection: keep-alive\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":146,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"8eec510e57f5f732fd2cce73df7b73ef","sha1":"3c0af39ecb3753c5fee3b53d063c7286019eac3b","sha256":"55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0","sha512":"73bbf698482132b5fd60a0b58926fddec9055f8095a53bc52714e211e9340c3419736ceafd6b279667810114d306bfccdcfcddf51c0b67fe9e3c73c54583e574","ssdeep":"","tlshash":"b7c02b2d35133c4cc563313423c37140c0d6833b687a41110400c00371cf2998ec3397","first_seen":"2023-03-07T12:05:15Z","last_seen":"2026-04-10T12:53:39.797061Z","times_seen":483358,"resource_available":true,"data":null}},"time_used":135,"timings":{"blocked":47,"dns":0,"connect":21,"send":0,"wait":37,"receive":0,"ssl":28},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-1Y8MR84580","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.178.72","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://up2img.com/album/Mjk5Njc/Vika-Mermaid/viewimage/Mg/OTQxMTcyOTA1MjAyMTUzNTA/OTc/MDAwNjg.html","date":"2025-09-28T09:47:02.602Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Sep 2025 08:34:53 GMT","end":"Mon, 01 Dec 2025 08:34:52 GMT"},"fingerprint":{"sha1":"DF:7E:8A:F9:1C:B5:DC:9E:90:E3:71:A7:92:85:2C:8F:2B:B4:42:8E","sha256":"3A:65:11:10:B9:58:2F:E1:BF:38:98:8D:2E:3E:A2:01:9D:C6:BE:69:5B:AD:F7:99:53:F9:AB:A6:6B:82:47:F1"}}},"request":{"raw":"GET /gtag/js?id=G-1Y8MR84580 HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://up2img.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Cache-Control\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Sun, 28 Sep 2025 09:47:02 GMT\r\nexpires: Sun, 28 Sep 2025 09:47:02 GMT\r\ncache-control: private, max-age=900\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\nserver: Google Tag Manager\r\ncontent-length: 139857\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":419220,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (6031)","md5":"2ef7427186d30486107e1e8a3d7819eb","sha1":"dc0997da73b653837b2f622c05a7a48cee1cbc7a","sha256":"d1e485c3e03416cb1033fbfdbb1add3ad069d5d04912f75be18f950ce071362b","sha512":"829424c9efcc66833ba906f6374d295f37ed0ecb9881c7cb4b484b4dd8651eb967f81b17eda277ffb2d068576e6a62fe7a514617d4799a1a8b5d79476ec90f83","ssdeep":"6144:DBVpmM2/RNpvYqkD1g1/9G1SvuVcH9+23WBj:1XmLRYly/Lwr","tlshash":"d09409ce73d674265396e078907f018ba5bb28a2f44cc899f189dce42d74a9a4137f7c","first_seen":"2025-09-28T09:47:31.605122Z","last_seen":"2025-09-28T09:47:31.605122Z","times_seen":1,"resource_available":true,"data":null}},"time_used":262,"timings":{"blocked":-1,"dns":0,"connect":15,"send":0,"wait":48,"receive":48,"ssl":151},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"up2img.com/album/Mjk5Njc/Vika-Mermaid/viewimage/Mg/OTQxMTcyOTA1MjAyMTUzNTA/OTc/js/bootstrap.bundle.min.js","fqdn":"up2img.com","domain":"up2img.com","tld":"com"},"ip":{"addr":"45.93.8.200","port":443,"asn":44477,"as":"Stark Industries Solutions Ltd","country":"Ukraine","country_code":"UA"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://up2img.com/album/Mjk5Njc/Vika-Mermaid/viewimage/Mg/OTQxMTcyOTA1MjAyMTUzNTA/OTc/MDAwNjg.html","date":"2025-09-28T09:47:02.738Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"up2img.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 20 Sep 2025 23:30:24 GMT","end":"Fri, 19 Dec 2025 23:30:23 GMT"},"fingerprint":{"sha1":"F8:71:82:D9:3D:59:C2:B5:1E:B1:31:0D:74:14:C8:EE:65:4A:E7:2A","sha256":"20:78:3F:55:A2:84:DC:7A:6A:33:F2:F8:05:75:51:99:82:C8:AC:13:CC:FB:31:99:95:90:AE:53:DD:38:51:B0"}}},"request":{"raw":"GET /album/Mjk5Njc/Vika-Mermaid/viewimage/Mg/OTQxMTcyOTA1MjAyMTUzNTA/OTc/js/bootstrap.bundle.min.js HTTP/1.1\r\nHost: up2img.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://up2img.com/album/Mjk5Njc/Vika-Mermaid/viewimage/Mg/OTQxMTcyOTA1MjAyMTUzNTA/OTc/MDAwNjg.html\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx\r\nDate: Sun, 28 Sep 2025 09:47:02 GMT\r\nContent-Type: text/html\r\nContent-Length: 146\r\nConnection: keep-alive\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":146,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"8eec510e57f5f732fd2cce73df7b73ef","sha1":"3c0af39ecb3753c5fee3b53d063c7286019eac3b","sha256":"55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0","sha512":"73bbf698482132b5fd60a0b58926fddec9055f8095a53bc52714e211e9340c3419736ceafd6b279667810114d306bfccdcfcddf51c0b67fe9e3c73c54583e574","ssdeep":"","tlshash":"b7c02b2d35133c4cc563313423c37140c0d6833b687a41110400c00371cf2998ec3397","first_seen":"2023-03-07T12:05:15Z","last_seen":"2026-04-10T12:53:39.797061Z","times_seen":483358,"resource_available":true,"data":null}},"time_used":36,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":36,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.premiumvertising.com/htwitterFetcher_min.css","fqdn":"www.premiumvertising.com","domain":"premiumvertising.com","tld":"com"},"ip":{"addr":"95.173.205.14","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://up2img.com/album/Mjk5Njc/Vika-Mermaid/viewimage/Mg/OTQxMTcyOTA1MjAyMTUzNTA/OTc/MDAwNjg.html","date":"2025-09-28T09:47:02.736Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1258267123.rsc.cdn77.org","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 03 Sep 2025 12:32:55 GMT","end":"Tue, 02 Dec 2025 12:32:54 GMT"},"fingerprint":{"sha1":"DD:01:74:3F:EE:84:F4:F3:6B:97:91:0B:AA:52:ED:E8:70:00:80:53","sha256":"55:53:10:09:09:1A:79:69:14:C8:16:BF:CB:E1:61:1A:F0:6F:4D:3B:8E:42:4D:A4:30:49:C8:4D:16:60:F4:FF"}}},"request":{"raw":"GET /htwitterFetcher_min.css HTTP/1.1\r\nHost: www.premiumvertising.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://up2img.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://up2img.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 28 Sep 2025 09:47:02 GMT\r\ncontent-type: application/x-javascript\r\npopads-node: wb9\r\nexpires: Tue, 30 Sep 2025 03:35:39 GMT\r\naccess-control-allow-origin: https://up2img.com\r\nlink: \u003chttps://premiumvertising.com/\u003e;rel=preconnect\r\ncache-control: public, max-age=604800\r\nx-77-nzt: EwgBX63NDQFBDAG5TAoTAfenQQIADAElE8IuAbfkrAQA\r\nx-77-nzt-ray: 2a494a15b9dc07af3b04d968ceee572e\r\nx-77-cache: HIT\r\nx-77-age: 147879\r\nvary: Accept-Encoding, Origin\r\ncontent-encoding: gzip\r\nserver: CDN77-Turbo\r\nx-77-pop: osloNO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":41949,"size_decoded":0,"mime_type":"application/x-javascript","magic":"JavaScript source, ASCII text, with very long lines (1568)","md5":"0101bd0a53aafc84e7eeb8b5dd13054a","sha1":"eb254d3527b46c7f9b18eaa56ece99aae5e94e60","sha256":"9394929ea3a85614fc907098c91c6be47d9cd034e2fd29c380f90c1f82f991e6","sha512":"3f6d62be68eccd2df2d4108c6de2501899d4e70bb8189a0a13cd38b2913d1ad7305ac182f671b208d9c0bc0dc25dc3f90cd34bddbcdd564d720de37fdaf7f247","ssdeep":"768:bt9rqAYKKWZzFQ9JsQU+YDngZGihfzmMzhYrTsAysncCWcf5k5sigCFSCntlqofr:bb9ZzFQ9JsTgZvfzmMzhYrTscpQZR","tlshash":"1b1329aab286282601e741b9503eb316b23305167812d458fcb9cdf96e3ddc6127b7fc","first_seen":"2025-09-28T09:47:31.610164Z","last_seen":"2025-09-28T09:47:31.610164Z","times_seen":1,"resource_available":true,"data":null}},"time_used":109,"timings":{"blocked":42,"dns":35,"connect":2,"send":0,"wait":25,"receive":0,"ssl":5},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"www.premiumvertising.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"a.magsrv.com/iframe.js?idzone=5726860\u0026size=300x250","fqdn":"a.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"95.173.205.15","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://a.magsrv.com/iframe.php?idzone=5726860\u0026size=300x250","date":"2025-09-28T09:47:02.843Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"magsrv.com","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 Aug 2025 10:23:20 GMT","end":"Sun, 09 Nov 2025 10:23:19 GMT"},"fingerprint":{"sha1":"55:BE:EE:FC:B1:CE:38:D7:E3:0B:2C:85:5B:6D:AB:D5:10:D4:4A:F5","sha256":"24:7B:E3:CE:C3:89:75:CF:67:F0:7D:DE:47:E2:76:14:8C:B0:ED:F5:77:94:62:09:16:06:5A:DE:2E:51:00:4F"}}},"request":{"raw":"GET /iframe.js?idzone=5726860\u0026size=300x250 HTTP/1.1\r\nHost: a.magsrv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://a.magsrv.com/iframe.php?idzone=5726860\u0026size=300x250\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 28 Sep 2025 09:47:02 GMT\r\ncontent-type: application/javascript\r\netag: W/\"93c70731a083721c54a47709e9a\"\r\nexpires: Tue, 23 Sep 2025 14:43:59 GMT\r\ncache-control: max-age=10800\r\nx-robots-tag: noindex, follow\r\naccess-control-allow-origin: *\r\nx-77-nzt: EwwBX63NDQGWfCoAAAwBuUwKCQH3gCYAAAwBJRPCNAG3hgAAAA\r\nx-77-nzt-ray: 2a494a15c0ea06ac3b04d968393f3d32\r\nx-77-cache: HIT\r\nx-77-age: 10876\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nserver: CDN77-Turbo\r\nx-77-pop: osloNO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":2292,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (2292), with no line terminators","md5":"5ec6cdf2cb521f943d7e2f8fe76ca254","sha1":"93c70731a083721c54a47709e9a11f77a812195f","sha256":"9613330b6182335a216e9af50e5c20f3b5fa3ff0a6348547eee9a7b7d9d777f3","sha512":"15bb03f29a7353d8e755fce47ad8ec7d31549e4e18190320c1ffabb86d47a45b06622946282a0b0e9f0ab7afe05fa42d7f771a8bc9a6aa36870aad1770fd1aa0","ssdeep":"","tlshash":"d341767d3042bf702dd62820912f3035f0b711d47adad460a1cfad929669d8e572176c","first_seen":"2025-09-25T15:55:29.900712Z","last_seen":"2025-09-28T16:27:44.247136Z","times_seen":3,"resource_available":true,"data":null}},"time_used":22,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":22,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"a.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s.magsrv.com/cimp.php?t=api\u0026data=H4sIAAAAAAAAA11PS2pDMQy8Si/wHvpaVtZdp9DSAzjvE7J4tCS0ZKHD13ZICPVgyVgazYiAdAAfKL+A7sR2wJFxdB1rRJfYv72HYPx802k7jtPXFo6cLVw5Yw4Ek5xzqFEyh1DIYZayJwgkMOsvgeCAO0YASbUN4vPjtV+soGCAK2nlddGgymsVynBFIKlU5WlxmCcC9+J0WLJqAWdNhjBxGwNRxq0cL+ffbvYhmVS6yMNFDK2ZUZhEoh6I/n1az2VbIp46G6zPbmj5f/UGRryJtfXamtjinXl59oVdcUSrllCkTY2VOInJgbwgLcJlzebzrBOygczLH/rrDc+sAQAA\u0026cb=e2e_68d904170e8ba9.97779505\u0026scr_info=YXN5bmN8fDM%3D","fqdn":"s.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"95.211.229.245","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://a.magsrv.com/iframe.php?idzone=5726790\u0026size=300x250","date":"2025-09-28T09:47:03.121Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"magsrv.com","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 Aug 2025 10:23:20 GMT","end":"Sun, 09 Nov 2025 10:23:19 GMT"},"fingerprint":{"sha1":"55:BE:EE:FC:B1:CE:38:D7:E3:0B:2C:85:5B:6D:AB:D5:10:D4:4A:F5","sha256":"24:7B:E3:CE:C3:89:75:CF:67:F0:7D:DE:47:E2:76:14:8C:B0:ED:F5:77:94:62:09:16:06:5A:DE:2E:51:00:4F"}}},"request":{"raw":"GET /cimp.php?t=api\u0026data=H4sIAAAAAAAAA11PS2pDMQy8Si/wHvpaVtZdp9DSAzjvE7J4tCS0ZKHD13ZICPVgyVgazYiAdAAfKL+A7sR2wJFxdB1rRJfYv72HYPx802k7jtPXFo6cLVw5Yw4Ek5xzqFEyh1DIYZayJwgkMOsvgeCAO0YASbUN4vPjtV+soGCAK2nlddGgymsVynBFIKlU5WlxmCcC9+J0WLJqAWdNhjBxGwNRxq0cL+ffbvYhmVS6yMNFDK2ZUZhEoh6I/n1az2VbIp46G6zPbmj5f/UGRryJtfXamtjinXl59oVdcUSrllCkTY2VOInJgbwgLcJlzebzrBOygczLH/rrDc+sAQAA\u0026cb=e2e_68d904170e8ba9.97779505\u0026scr_info=YXN5bmN8fDM%3D HTTP/1.1\r\nHost: s.magsrv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://a.magsrv.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://a.magsrv.com/\r\nCookie: __uvt=s%3A32%3A%22c44a4f70da7c6567e3b668bf07c30d61%22%3B\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 28 Sep 2025 09:47:03 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: https://a.magsrv.com\r\nAccess-Control-Allow-Credentials: true\r\nX-Robots-Tag: noindex, follow\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-10T12:55:53.541408Z","times_seen":13578602,"resource_available":true,"data":null}},"time_used":30,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":29,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s3t3d2y9.afcdn.net/library/91387/3d2d276d46f441ac658cc1079056799ed9d2376d.mp4","fqdn":"s3t3d2y9.afcdn.net","domain":"afcdn.net","tld":"net"},"ip":{"addr":"95.173.205.14","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://a.magsrv.com/iframe.php?idzone=5726790\u0026size=300x250","date":"2025-09-28T09:47:03.123Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"afcdn.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 13 Sep 2025 18:41:03 GMT","end":"Fri, 12 Dec 2025 18:41:02 GMT"},"fingerprint":{"sha1":"68:CA:E4:09:64:51:A6:A3:68:11:14:36:D0:A1:63:6E:AD:58:59:50","sha256":"CD:C8:8A:2C:B0:B6:21:9E:3A:54:19:23:96:3D:87:BC:F7:14:BC:D3:A0:FA:97:48:A5:00:85:A5:C9:08:9D:0A"}}},"request":{"raw":"GET /library/91387/3d2d276d46f441ac658cc1079056799ed9d2376d.mp4 HTTP/1.1\r\nHost: s3t3d2y9.afcdn.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.5\r\nRange: bytes=0-\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://a.magsrv.com/\r\nSec-Fetch-Dest: video\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nAccept-Encoding: identity\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 206 Partial Content\r\ndate: Sun, 28 Sep 2025 09:47:03 GMT\r\ncontent-type: video/mp4\r\ncontent-length: 318480\r\nlast-modified: Wed, 05 Apr 2023 12:30:23 GMT\r\netag: \"642d69df-4dc10\"\r\nexpires: Thu, 27 Aug 2026 09:25:05 GMT\r\ncache-control: max-age=31536000\r\naccess-control-allow-origin: *\r\nx-robots-tag: noindex, follow\r\nx-served-by: hap01-sec01-prg1-1\r\nx-77-nzt: EwwBX63NDQH3qTQqAAwBuUwKAQH3cwAAAAwBWd59LgG3CgAAAA\r\nx-77-nzt-ray: 2a494a1527b7f1b13c04d968dc125207\r\nx-77-cache: HIT\r\nx-77-age: 2765993\r\nserver: CDN77-Turbo\r\nx-77-pop: osloNO\r\ncontent-range: bytes 0-318479/318480\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"Partial Content","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":163804,"size_decoded":0,"mime_type":"video/mp4","magic":"ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]","md5":"dbb17d9322ab35cb3fcbf003f3984e75","sha1":"5f25e5be828a43f1c8afdfca223c90f692794e08","sha256":"e3e547132d79657dff4a68e7a2b949fa441eec01770faa64b889f8fd578b4b00","sha512":"8f2b9603487b7f3a46738526d0506d73c95f32fed7f8bf5fd1fa45b285f03b32e87e272e5b3427440a723b2f3e9a1d30ed5015af0cb157a0a4ee324ddc3e984b","ssdeep":"3072:r11IP9BdksnJWsqJ0+8+Ns59yBvXWUnDLCtxiw4aYRMR10GhnAnrRp:B6jn/+tvXWUaz41yR199Anrz","tlshash":"23f312d8e328075de7fd713fc9ea0b78f209565261b889a7c015f494b6c3af04a90fa5","first_seen":"2025-09-28T09:47:31.622429Z","last_seen":"2025-09-28T09:47:31.622429Z","times_seen":1,"resource_available":false,"data":null}},"time_used":4,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"up2img.com/css/bootstrap.min.css","fqdn":"up2img.com","domain":"up2img.com","tld":"com"},"ip":{"addr":"45.93.8.200","port":443,"asn":44477,"as":"Stark Industries Solutions Ltd","country":"Ukraine","country_code":"UA"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://up2img.com/album/Mjk5Njc/Vika-Mermaid/viewimage/Mg/OTQxMTcyOTA1MjAyMTUzNTA/OTc/MDAwNjg.html","date":"2025-09-28T09:47:02.600Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"up2img.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 20 Sep 2025 23:30:24 GMT","end":"Fri, 19 Dec 2025 23:30:23 GMT"},"fingerprint":{"sha1":"F8:71:82:D9:3D:59:C2:B5:1E:B1:31:0D:74:14:C8:EE:65:4A:E7:2A","sha256":"20:78:3F:55:A2:84:DC:7A:6A:33:F2:F8:05:75:51:99:82:C8:AC:13:CC:FB:31:99:95:90:AE:53:DD:38:51:B0"}}},"request":{"raw":"GET /css/bootstrap.min.css HTTP/1.1\r\nHost: up2img.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://up2img.com/album/Mjk5Njc/Vika-Mermaid/viewimage/Mg/OTQxMTcyOTA1MjAyMTUzNTA/OTc/MDAwNjg.html\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 28 Sep 2025 09:47:02 GMT\r\nContent-Type: text/css\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Tue, 17 Jun 2025 16:14:41 GMT\r\nVary: Accept-Encoding, Accept-Encoding\r\nETag: W/\"68519471-38a52\"\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":232018,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (65342)","md5":"50c95aae1a6c1e089c11681d1e1906f8","sha1":"a65e4fd8db9bd0440de2d6d73c9e7cd00fce4a8d","sha256":"cd1826581e4f2b80af4f1e05897b316c7698441063cffaefbbdeec382ee4cd72","sha512":"7f0edff9370c8d36fb6e96cb25994ff20d98e17702c85656f2ecbc1ec459b07fd2c1b330d2994a1c51ebf7d0cdde5d3856c60dc2fce27145ffeaababbc8c5bc7","ssdeep":"1536:v9xnXGi9GfJkfvq5wlP7cQZDR9uvV982sYRElV6V6pz600I41r:HnXp9GfrV98II6V6pz600I41r","tlshash":"d03482d6f590317d9ca7c1499681fefd896fa985cb120aa6f003776807cabd30962dcc","first_seen":"2025-06-19T07:12:41.126365Z","last_seen":"2026-04-10T12:55:23.791308Z","times_seen":1099,"resource_available":false,"data":null}},"time_used":173,"timings":{"blocked":48,"dns":0,"connect":20,"send":0,"wait":37,"receive":38,"ssl":29},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.magsrv.com/build-iframe-js-url.js?idzone=5726788","fqdn":"a.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"95.173.205.15","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://a.magsrv.com/iframe.php?idzone=5726788\u0026size=728x90","date":"2025-09-28T09:47:02.688Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"magsrv.com","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 Aug 2025 10:23:20 GMT","end":"Sun, 09 Nov 2025 10:23:19 GMT"},"fingerprint":{"sha1":"55:BE:EE:FC:B1:CE:38:D7:E3:0B:2C:85:5B:6D:AB:D5:10:D4:4A:F5","sha256":"24:7B:E3:CE:C3:89:75:CF:67:F0:7D:DE:47:E2:76:14:8C:B0:ED:F5:77:94:62:09:16:06:5A:DE:2E:51:00:4F"}}},"request":{"raw":"GET /build-iframe-js-url.js?idzone=5726788 HTTP/1.1\r\nHost: a.magsrv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://a.magsrv.com/iframe.php?idzone=5726788\u0026size=728x90\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 28 Sep 2025 09:47:02 GMT\r\ncontent-type: application/javascript\r\netag: W/\"fe5cf624347fcbb42e72d9e0c4b\"\r\nexpires: Tue, 23 Sep 2025 14:43:59 GMT\r\ncache-control: max-age=10800\r\nx-robots-tag: noindex, follow\r\naccess-control-allow-origin: *\r\nx-77-nzt: EwwBX63NDQG2fCoAAAwBuUwKCQH3aCYAAAwBJRPCNAG3WAAAAA\r\nx-77-nzt-ray: 2a494a15c0ea06ac3b04d9681b696129\r\nx-77-cache: HIT\r\nx-77-age: 10876\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nserver: CDN77-Turbo\r\nx-77-pop: osloNO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":759,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (759), with no line terminators","md5":"fe2a3bcd962596d74efa5e9004fcfd38","sha1":"fe5cf624347fcbb42e72d9e0c4bff55867631acf","sha256":"1b953cf39c0b6e1de92c0eac04e7ca7c20aedd7e3c60022ca474be635bce19f8","sha512":"ee980d352e8fa80741d6437f41c5d791d5e15ad34a8413eb7560d062e935d721dc57cd292a022098f153022adc7aad48f8e0ce3ff13e00bbd7386737bf5bc4d2","ssdeep":"","tlshash":"840165a87ca1d6b801f028d99163f1f8d17a01c038c1c948b0c4dd80767ce9c0533f78","first_seen":"2025-09-25T15:55:29.935279Z","last_seen":"2025-10-17T14:30:23.243337Z","times_seen":6,"resource_available":true,"data":null}},"time_used":35,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":35,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"a.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"up2img.com/ad300.php","fqdn":"up2img.com","domain":"up2img.com","tld":"com"},"ip":{"addr":"45.93.8.200","port":443,"asn":44477,"as":"Stark Industries Solutions Ltd","country":"Ukraine","country_code":"UA"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://up2img.com/album/Mjk5Njc/Vika-Mermaid/viewimage/Mg/OTQxMTcyOTA1MjAyMTUzNTA/OTc/MDAwNjg.html","date":"2025-09-28T09:47:02.737Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"up2img.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 20 Sep 2025 23:30:24 GMT","end":"Fri, 19 Dec 2025 23:30:23 GMT"},"fingerprint":{"sha1":"F8:71:82:D9:3D:59:C2:B5:1E:B1:31:0D:74:14:C8:EE:65:4A:E7:2A","sha256":"20:78:3F:55:A2:84:DC:7A:6A:33:F2:F8:05:75:51:99:82:C8:AC:13:CC:FB:31:99:95:90:AE:53:DD:38:51:B0"}}},"request":{"raw":"GET /ad300.php HTTP/1.1\r\nHost: up2img.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://up2img.com/album/Mjk5Njc/Vika-Mermaid/viewimage/Mg/OTQxMTcyOTA1MjAyMTUzNTA/OTc/MDAwNjg.html\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 28 Sep 2025 09:47:02 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding, Accept-Encoding\r\nX-Cache: BYPASS From up2img.com\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":736,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (571), with CRLF line terminators","md5":"fcf9a9f353d6f809d8836b6198dcc5a8","sha1":"68dec882f2110eeb4e46ea5d6719332099ac7d20","sha256":"047cf22cce77b39a92a9d9b91b6726adf278ca17090277240e1afbe829b62379","sha512":"f01ec5da0bd95ab68dbf7536130a01e205cffb0b08c54a8d1954d5745ab6d6c0eacd10ddec6e3fb117438328f6054e07983aadb07fb13a552fd304edee27ad09","ssdeep":"","tlshash":"eb01d8f3f76d383cd0674774b4e00895b0a3bf953362997627e02072b06866958a579d","first_seen":"2025-09-25T15:55:29.983468Z","last_seen":"2025-09-28T09:47:31.634393Z","times_seen":2,"resource_available":false,"data":null}},"time_used":36,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":36,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.magsrv.com/build-iframe-js-url.js?idzone=5726790","fqdn":"a.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"95.173.205.15","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://a.magsrv.com/iframe.php?idzone=5726790\u0026size=300x250","date":"2025-09-28T09:47:02.825Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"magsrv.com","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 Aug 2025 10:23:20 GMT","end":"Sun, 09 Nov 2025 10:23:19 GMT"},"fingerprint":{"sha1":"55:BE:EE:FC:B1:CE:38:D7:E3:0B:2C:85:5B:6D:AB:D5:10:D4:4A:F5","sha256":"24:7B:E3:CE:C3:89:75:CF:67:F0:7D:DE:47:E2:76:14:8C:B0:ED:F5:77:94:62:09:16:06:5A:DE:2E:51:00:4F"}}},"request":{"raw":"GET /build-iframe-js-url.js?idzone=5726790 HTTP/1.1\r\nHost: a.magsrv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://a.magsrv.com/iframe.php?idzone=5726790\u0026size=300x250\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 28 Sep 2025 09:47:02 GMT\r\ncontent-type: application/javascript\r\netag: W/\"144f9575bf749428685e4ab114f\"\r\nexpires: Tue, 23 Sep 2025 14:44:52 GMT\r\ncache-control: max-age=10800\r\nx-robots-tag: noindex, follow\r\naccess-control-allow-origin: *\r\nx-77-nzt: EwwBX63NDQH3AAAAAAwBuUwKDAH3ZyYAAAwBw7WvBgG3IwAAAA\r\nx-77-nzt-ray: 2a494a15c0ea06ac3b04d96854387830\r\nx-77-cache: HIT\r\nx-77-age: 0\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nserver: CDN77-Turbo\r\nx-77-pop: osloNO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":759,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (759), with no line terminators","md5":"82cf19b6fdccdd55de40cb0a7ebd8fe6","sha1":"144f9575bf749428685e4ab114ffd9361327ad1a","sha256":"c9535e46870f385f3a576b2b4cc0c7fb8e91cedfcd0745732aac132401757fb6","sha512":"5a4d1e32dfabd54ead11be27703784024cd8a10c12ad935e3ada8b9bb04b0e317f15c0973e7e173dd737b1370e719f01ce782b8d81ef9e8717fcad3c177d37dc","ssdeep":"","tlshash":"d60120a87ca1d6b801f028d99162f1f8d17a018038c1c948b0c4dd80767ce8c1533e78","first_seen":"2025-09-25T15:55:29.906178Z","last_seen":"2025-10-17T14:30:23.351079Z","times_seen":6,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"a.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"a.magsrv.com/iframe.js?idzone=5726860\u0026size=300x250","fqdn":"a.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"95.173.205.15","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://a.magsrv.com/iframe.php?idzone=5726860\u0026size=300x250","date":"2025-09-28T09:47:02.849Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"magsrv.com","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 Aug 2025 10:23:20 GMT","end":"Sun, 09 Nov 2025 10:23:19 GMT"},"fingerprint":{"sha1":"55:BE:EE:FC:B1:CE:38:D7:E3:0B:2C:85:5B:6D:AB:D5:10:D4:4A:F5","sha256":"24:7B:E3:CE:C3:89:75:CF:67:F0:7D:DE:47:E2:76:14:8C:B0:ED:F5:77:94:62:09:16:06:5A:DE:2E:51:00:4F"}}},"request":{"raw":"GET /iframe.js?idzone=5726860\u0026size=300x250 HTTP/1.1\r\nHost: a.magsrv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://a.magsrv.com/iframe.php?idzone=5726860\u0026size=300x250\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 28 Sep 2025 09:47:02 GMT\r\ncontent-type: application/javascript\r\netag: W/\"93c70731a083721c54a47709e9a\"\r\nexpires: Tue, 23 Sep 2025 14:43:59 GMT\r\ncache-control: max-age=10800\r\nx-robots-tag: noindex, follow\r\naccess-control-allow-origin: *\r\nx-77-nzt: EwwBX63NDQHVfCoAAAwBuUwKCQH3gCYAAAwBJRPCNAG3hgAAAA\r\nx-77-nzt-ray: 2a494a15c0ea06ac3b04d96822e99b32\r\nx-77-cache: HIT\r\nx-77-age: 10876\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nserver: CDN77-Turbo\r\nx-77-pop: osloNO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":2292,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (2292), with no line terminators","md5":"5ec6cdf2cb521f943d7e2f8fe76ca254","sha1":"93c70731a083721c54a47709e9a11f77a812195f","sha256":"9613330b6182335a216e9af50e5c20f3b5fa3ff0a6348547eee9a7b7d9d777f3","sha512":"15bb03f29a7353d8e755fce47ad8ec7d31549e4e18190320c1ffabb86d47a45b06622946282a0b0e9f0ab7afe05fa42d7f771a8bc9a6aa36870aad1770fd1aa0","ssdeep":"","tlshash":"d341767d3042bf702dd62820912f3035f0b711d47adad460a1cfad929669d8e572176c","first_seen":"2025-09-25T15:55:29.900712Z","last_seen":"2025-09-28T16:27:44.247136Z","times_seen":3,"resource_available":true,"data":null}},"time_used":2,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"a.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s.magsrv.com/v1/api.php","fqdn":"s.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"95.211.229.245","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://a.magsrv.com/iframe.php?idzone=5726860\u0026size=300x250","date":"2025-09-28T09:47:02.869Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"magsrv.com","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 Aug 2025 10:23:20 GMT","end":"Sun, 09 Nov 2025 10:23:19 GMT"},"fingerprint":{"sha1":"55:BE:EE:FC:B1:CE:38:D7:E3:0B:2C:85:5B:6D:AB:D5:10:D4:4A:F5","sha256":"24:7B:E3:CE:C3:89:75:CF:67:F0:7D:DE:47:E2:76:14:8C:B0:ED:F5:77:94:62:09:16:06:5A:DE:2E:51:00:4F"}}},"request":{"raw":"POST /v1/api.php HTTP/1.1\r\nHost: s.magsrv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain\r\nContent-Length: 439\r\nOrigin: https://a.magsrv.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://a.magsrv.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 28 Sep 2025 09:47:03 GMT\r\nContent-Type: application/json\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: https://a.magsrv.com\r\nAccess-Control-Allow-Credentials: true\r\nAccess-Control-Allow-Headers: Authorization, Content-Type\r\nAccess-Control-Request-Method: POST\r\nSet-Cookie: __uvt=s%3A32%3A%2240d9832ef7e2fe720b9b6199b6379358%22%3B; expires=Tue, 28 Sep 2027 09:47:03 GMT; Max-Age=63072000; path=/; domain=magsrv.com; secure; SameSite=None\r\nX-Robots-Tag: noindex, follow\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1843,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"14555b4e5aff7fff05d1e5bf80fcc212","sha1":"efa660bf79e0e2d4ffc7930de6f2c22d08adafec","sha256":"1dc323c8ccbc1383146e504c55cd644a71b70c1916064f0b13bc774b564733a2","sha512":"31ead3fff61a9c542838932d8898b754c876f22eb99b7b66f5520e474f072550186ad804a4adbfd06a0360827250bfe8e15f9395dcb1661b1955d9beaac4c500","ssdeep":"","tlshash":"ac31b771f7c0acf881e0678fed9e196cee4a366bc75740c88049b560667f35826c4b66","first_seen":"2025-09-28T09:47:31.643456Z","last_seen":"2025-09-28T09:47:31.643456Z","times_seen":1,"resource_available":false,"data":null}},"time_used":199,"timings":{"blocked":40,"dns":0,"connect":0,"send":0,"wait":131,"receive":0,"ssl":28},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"c.adsco.re/","fqdn":"c.adsco.re","domain":"adsco.re","tld":"re"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://up2img.com/album/Mjk5Njc/Vika-Mermaid/viewimage/Mg/OTQxMTcyOTA1MjAyMTUzNTA/OTc/MDAwNjg.html","date":"2025-09-28T09:47:02.870Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: c.adsco.re\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://up2img.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-10T12:55:53.541408Z","times_seen":13578602,"resource_available":true,"data":null}},"time_used":9,"timings":{"blocked":9,"dns":0,"connect":2,"send":0,"wait":0,"receive":0,"ssl":7},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s.magsrv.com/cimp.php?t=api\u0026data=H4sIAAAAAAAAA11Py2oDMQz8lf7ALpIsW3LOPafQ0g/wbnZDDktLQksO8/G1TRJCPViy9ZqRkMSB8iD+QnGntqMA5zHHsVrOiv3bO5Tx8y2n7TjOXxsyBzfkGJwdTKbujmiSPFH9K8yS5/YWMvMcHUoIoDtGIk0OI3x+vPbLFYJAdJVY+zophKAtI05XJtHaamYSTMoUxXmhxGvKk6R40LUcspZaTijjVo6X828X+6CMnjrJQwWGVhxYg6iiHkIPn9Zz2RbgqbLB+uyG5v9nb5l0I2vrtTW52Xvn5VkXd8aRrUpi1TYVvpDMazGrihbmeZl0kjXVYAhVZfkDVgXT+6wBAAA=\u0026cb=e2e_68d90417060767.15842410\u0026scr_info=YXN5bmN8fDM%3D","fqdn":"s.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"95.211.229.245","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://a.magsrv.com/iframe.php?idzone=5726860\u0026size=300x250","date":"2025-09-28T09:47:03.046Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"magsrv.com","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 Aug 2025 10:23:20 GMT","end":"Sun, 09 Nov 2025 10:23:19 GMT"},"fingerprint":{"sha1":"55:BE:EE:FC:B1:CE:38:D7:E3:0B:2C:85:5B:6D:AB:D5:10:D4:4A:F5","sha256":"24:7B:E3:CE:C3:89:75:CF:67:F0:7D:DE:47:E2:76:14:8C:B0:ED:F5:77:94:62:09:16:06:5A:DE:2E:51:00:4F"}}},"request":{"raw":"GET /cimp.php?t=api\u0026data=H4sIAAAAAAAAA11Py2oDMQz8lf7ALpIsW3LOPafQ0g/wbnZDDktLQksO8/G1TRJCPViy9ZqRkMSB8iD+QnGntqMA5zHHsVrOiv3bO5Tx8y2n7TjOXxsyBzfkGJwdTKbujmiSPFH9K8yS5/YWMvMcHUoIoDtGIk0OI3x+vPbLFYJAdJVY+zophKAtI05XJtHaamYSTMoUxXmhxGvKk6R40LUcspZaTijjVo6X828X+6CMnjrJQwWGVhxYg6iiHkIPn9Zz2RbgqbLB+uyG5v9nb5l0I2vrtTW52Xvn5VkXd8aRrUpi1TYVvpDMazGrihbmeZl0kjXVYAhVZfkDVgXT+6wBAAA=\u0026cb=e2e_68d90417060767.15842410\u0026scr_info=YXN5bmN8fDM%3D HTTP/1.1\r\nHost: s.magsrv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://a.magsrv.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://a.magsrv.com/\r\nCookie: __uvt=s%3A32%3A%2240d9832ef7e2fe720b9b6199b6379358%22%3B\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 28 Sep 2025 09:47:03 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: https://a.magsrv.com\r\nAccess-Control-Allow-Credentials: true\r\nX-Robots-Tag: noindex, follow\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-10T12:55:53.541408Z","times_seen":13578602,"resource_available":true,"data":null}},"time_used":29,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":29,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.magsrv.com/ad-provider.js","fqdn":"a.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"95.173.205.15","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://a.magsrv.com/iframe.php?idzone=5726790\u0026size=300x250","date":"2025-09-28T09:47:02.826Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"magsrv.com","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 Aug 2025 10:23:20 GMT","end":"Sun, 09 Nov 2025 10:23:19 GMT"},"fingerprint":{"sha1":"55:BE:EE:FC:B1:CE:38:D7:E3:0B:2C:85:5B:6D:AB:D5:10:D4:4A:F5","sha256":"24:7B:E3:CE:C3:89:75:CF:67:F0:7D:DE:47:E2:76:14:8C:B0:ED:F5:77:94:62:09:16:06:5A:DE:2E:51:00:4F"}}},"request":{"raw":"GET /ad-provider.js HTTP/1.1\r\nHost: a.magsrv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://a.magsrv.com/iframe.php?idzone=5726790\u0026size=300x250\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 28 Sep 2025 09:47:02 GMT\r\ncontent-type: application/javascript\r\netag: W/\"9ba388b9873f71f944fea196bb1\"\r\nexpires: Tue, 23 Sep 2025 14:41:40 GMT\r\ncache-control: max-age=10800\r\nx-robots-tag: noindex, follow\r\naccess-control-allow-origin: *\r\nx-77-nzt: EwwBX63NDQH3Kw8AAAwBuUwKAQH3DgAAAAwBWd59LgG3sQAAAA\r\nx-77-nzt-ray: 2a494a15c0ea06ac3b04d968c9e27d30\r\nx-77-cache: HIT\r\nx-77-age: 3883\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nserver: CDN77-Turbo\r\nx-77-pop: osloNO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":184994,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (39230)","md5":"3c01bf38d58ab93e080fbf63e3dbc461","sha1":"9ba388b9873f71f944fea196bb1ac87d20731e85","sha256":"84d0dd4f94e5bc1fa61fb371d1d9706da728f12c6a6d173ce403ddcb9e436e87","sha512":"6bd07890886fa49a65ef00fc52288beabf4e0d1917877d1dfb0a8893fe06c4b8a5389affb72bcdbace0c56b8a71e92080ec967940f603572ec706b5c6f40b670","ssdeep":"3072:Nms/jp28VOkqDG2CjyR19wnRBqI9gxxIisGEolY4o/CXMppo:Hp28VOkq62T19wnRvgxXs7npo","tlshash":"1e045c992792307441d3e12d6aff53093371506ab80f4884bb4dd8a427adeea51a3ffd","first_seen":"2025-09-16T23:11:06.685443Z","last_seen":"2025-10-03T07:23:01.303438Z","times_seen":401,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"a.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"a.magsrv.com/ad-provider.js","fqdn":"a.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"95.173.205.15","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://a.magsrv.com/iframe.php?idzone=5726860\u0026size=300x250","date":"2025-09-28T09:47:02.837Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"magsrv.com","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 Aug 2025 10:23:20 GMT","end":"Sun, 09 Nov 2025 10:23:19 GMT"},"fingerprint":{"sha1":"55:BE:EE:FC:B1:CE:38:D7:E3:0B:2C:85:5B:6D:AB:D5:10:D4:4A:F5","sha256":"24:7B:E3:CE:C3:89:75:CF:67:F0:7D:DE:47:E2:76:14:8C:B0:ED:F5:77:94:62:09:16:06:5A:DE:2E:51:00:4F"}}},"request":{"raw":"GET /ad-provider.js HTTP/1.1\r\nHost: a.magsrv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://a.magsrv.com/iframe.php?idzone=5726860\u0026size=300x250\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 28 Sep 2025 09:47:02 GMT\r\ncontent-type: application/javascript\r\netag: W/\"9ba388b9873f71f944fea196bb1\"\r\nexpires: Tue, 23 Sep 2025 14:41:40 GMT\r\ncache-control: max-age=10800\r\nx-robots-tag: noindex, follow\r\naccess-control-allow-origin: *\r\nx-77-nzt: EwwBX63NDQH3Kw8AAAwBuUwKAQH3DgAAAAwBWd59LgG3sQAAAA\r\nx-77-nzt-ray: 2a494a15c0ea06ac3b04d968f8e6c531\r\nx-77-cache: HIT\r\nx-77-age: 3883\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nserver: CDN77-Turbo\r\nx-77-pop: osloNO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":184994,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (39230)","md5":"3c01bf38d58ab93e080fbf63e3dbc461","sha1":"9ba388b9873f71f944fea196bb1ac87d20731e85","sha256":"84d0dd4f94e5bc1fa61fb371d1d9706da728f12c6a6d173ce403ddcb9e436e87","sha512":"6bd07890886fa49a65ef00fc52288beabf4e0d1917877d1dfb0a8893fe06c4b8a5389affb72bcdbace0c56b8a71e92080ec967940f603572ec706b5c6f40b670","ssdeep":"3072:Nms/jp28VOkqDG2CjyR19wnRBqI9gxxIisGEolY4o/CXMppo:Hp28VOkq62T19wnRvgxXs7npo","tlshash":"1e045c992792307441d3e12d6aff53093371506ab80f4884bb4dd8a427adeea51a3ffd","first_seen":"2025-09-16T23:11:06.685443Z","last_seen":"2025-10-03T07:23:01.303438Z","times_seen":401,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"a.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s.magsrv.com/v1/api.php","fqdn":"s.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"95.211.229.245","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://a.magsrv.com/iframe.php?idzone=5726860\u0026size=300x250","date":"2025-09-28T09:47:02.854Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"magsrv.com","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 Aug 2025 10:23:20 GMT","end":"Sun, 09 Nov 2025 10:23:19 GMT"},"fingerprint":{"sha1":"55:BE:EE:FC:B1:CE:38:D7:E3:0B:2C:85:5B:6D:AB:D5:10:D4:4A:F5","sha256":"24:7B:E3:CE:C3:89:75:CF:67:F0:7D:DE:47:E2:76:14:8C:B0:ED:F5:77:94:62:09:16:06:5A:DE:2E:51:00:4F"}}},"request":{"raw":"POST /v1/api.php HTTP/1.1\r\nHost: s.magsrv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain\r\nContent-Length: 439\r\nOrigin: https://a.magsrv.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://a.magsrv.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 28 Sep 2025 09:47:03 GMT\r\nContent-Type: application/json\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: https://a.magsrv.com\r\nAccess-Control-Allow-Credentials: true\r\nAccess-Control-Allow-Headers: Authorization, Content-Type\r\nAccess-Control-Request-Method: POST\r\nSet-Cookie: __uvt=s%3A32%3A%22c44a4f70da7c6567e3b668bf07c30d61%22%3B; expires=Tue, 28 Sep 2027 09:47:03 GMT; Max-Age=63072000; path=/; domain=magsrv.com; secure; SameSite=None\r\nX-Robots-Tag: noindex, follow\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1844,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"83194450b5f4517a6bc29a239a951ff7","sha1":"f39e2c32313e1c83517676271fe9bc601dadf83e","sha256":"fe33c668b48054cce8357fe136826586e2eee266b7acbce6213ae47db3c7fd67","sha512":"2cd32a3b91fda2705ff6acaba157644c5a4598037176db7474af7de612726725c7726db23a614e4a2f5316d445cc4deb34f2b71f3bfb54d73c6533caebf707a1","ssdeep":"","tlshash":"3331d770bb04a0b5ee80869d89f53f35ed727227cbaa5862153daa74feb91681f40701","first_seen":"2025-09-28T09:47:31.650795Z","last_seen":"2025-09-28T09:47:31.650795Z","times_seen":1,"resource_available":false,"data":null}},"time_used":287,"timings":{"blocked":46,"dns":0,"connect":0,"send":0,"wait":213,"receive":0,"ssl":28},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"premiumvertising.com/fwdaadthsxdcb?goWlPYFv=3\u0026KvrpaAml=4\u0026VTgPeQru=5240025\u0026vMpEwAmF=0.0001\u0026EvWzCrKL=0,0\u0026ZlAcPNfs=\u0026lnGwrYsT=\u0026OWEuNzdC=1280,1024,1,1280,1024,0","fqdn":"premiumvertising.com","domain":"premiumvertising.com","tld":"com"},"ip":{"addr":"162.252.214.11","port":443,"asn":53334,"as":"TUT-AS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://up2img.com/album/Mjk5Njc/Vika-Mermaid/viewimage/Mg/OTQxMTcyOTA1MjAyMTUzNTA/OTc/MDAwNjg.html","date":"2025-09-28T09:47:07.929Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"premiumvertising.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Fri, 04 Apr 2025 00:00:00 GMT","end":"Tue, 05 May 2026 23:59:59 GMT"},"fingerprint":{"sha1":"14:EB:C5:DD:7B:A9:BB:94:56:6F:8B:B5:46:83:F5:88:15:55:89:93","sha256":"DF:35:9E:6A:F2:AF:40:EC:34:91:5B:C8:79:AB:A5:7A:5E:6D:99:A4:C4:09:0B:87:0B:FE:86:AD:EC:EF:89:93"}}},"request":{"raw":"GET /fwdaadthsxdcb?goWlPYFv=3\u0026KvrpaAml=4\u0026VTgPeQru=5240025\u0026vMpEwAmF=0.0001\u0026EvWzCrKL=0,0\u0026ZlAcPNfs=\u0026lnGwrYsT=\u0026OWEuNzdC=1280,1024,1,1280,1024,0 HTTP/1.1\r\nHost: premiumvertising.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://up2img.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\npopads-node: wb6\r\naccess-control-allow-origin: *\r\ncontent-type: application/javascript\r\nasf: -3\r\npopads-ec: ASE\r\ncache-control: public, max-age=604800\r\nexpires: Sun, 05 Oct 2025 09:47:08 GMT\r\ncontent-length: 0\r\ndate: Sun, 28 Sep 2025 09:47:08 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"application/javascript","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-10T12:55:53.541408Z","times_seen":13578602,"resource_available":true,"data":null}},"time_used":792,"timings":{"blocked":300,"dns":1,"connect":92,"send":0,"wait":190,"receive":1,"ssl":206},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"premiumvertising.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"up2img.com/style.css","fqdn":"up2img.com","domain":"up2img.com","tld":"com"},"ip":{"addr":"45.93.8.200","port":443,"asn":44477,"as":"Stark Industries Solutions Ltd","country":"Ukraine","country_code":"UA"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://up2img.com/album/Mjk5Njc/Vika-Mermaid/viewimage/Mg/OTQxMTcyOTA1MjAyMTUzNTA/OTc/MDAwNjg.html","date":"2025-09-28T09:47:02.600Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"up2img.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 20 Sep 2025 23:30:24 GMT","end":"Fri, 19 Dec 2025 23:30:23 GMT"},"fingerprint":{"sha1":"F8:71:82:D9:3D:59:C2:B5:1E:B1:31:0D:74:14:C8:EE:65:4A:E7:2A","sha256":"20:78:3F:55:A2:84:DC:7A:6A:33:F2:F8:05:75:51:99:82:C8:AC:13:CC:FB:31:99:95:90:AE:53:DD:38:51:B0"}}},"request":{"raw":"GET /style.css HTTP/1.1\r\nHost: up2img.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://up2img.com/album/Mjk5Njc/Vika-Mermaid/viewimage/Mg/OTQxMTcyOTA1MjAyMTUzNTA/OTc/MDAwNjg.html\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 28 Sep 2025 09:47:02 GMT\r\nContent-Type: text/css\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Thu, 18 Sep 2025 04:15:27 GMT\r\nVary: Accept-Encoding, Accept-Encoding\r\nETag: W/\"68cb875f-a9d\"\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2717,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with CRLF line terminators","md5":"9752b83d395bc7593e6d3f467b723884","sha1":"750ccb8e80e1c4ac1c1d6c35a8c660e74abcd6f7","sha256":"b5c4a6f3e207e11f3c65b4bd3433abcfe1351955ad933693ebaa907008634902","sha512":"5ea4d7910ec2616a34c26d503f3858220f63df12c0ebaee67e82afe20d6780b3102521e7f735771e89b07287352d120cb4c8ce10267838ede89a2ef36f8d6746","ssdeep":"","tlshash":"a951e0a5dd110183a1375a7937ba8295fb62616399038b3d3fd4f2208fb84b89a35dcd","first_seen":"2025-09-25T15:55:29.972388Z","last_seen":"2025-10-17T14:30:23.287967Z","times_seen":6,"resource_available":false,"data":null}},"time_used":141,"timings":{"blocked":47,"dns":0,"connect":20,"send":0,"wait":44,"receive":0,"ssl":28},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s.magsrv.com/v1/api.php","fqdn":"s.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"95.211.229.245","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://a.magsrv.com/iframe.php?idzone=5726790\u0026size=300x250","date":"2025-09-28T09:47:02.846Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"magsrv.com","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 Aug 2025 10:23:20 GMT","end":"Sun, 09 Nov 2025 10:23:19 GMT"},"fingerprint":{"sha1":"55:BE:EE:FC:B1:CE:38:D7:E3:0B:2C:85:5B:6D:AB:D5:10:D4:4A:F5","sha256":"24:7B:E3:CE:C3:89:75:CF:67:F0:7D:DE:47:E2:76:14:8C:B0:ED:F5:77:94:62:09:16:06:5A:DE:2E:51:00:4F"}}},"request":{"raw":"POST /v1/api.php HTTP/1.1\r\nHost: s.magsrv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain\r\nContent-Length: 439\r\nOrigin: https://a.magsrv.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://a.magsrv.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 28 Sep 2025 09:47:03 GMT\r\nContent-Type: application/json\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: https://a.magsrv.com\r\nAccess-Control-Allow-Credentials: true\r\nAccess-Control-Allow-Headers: Authorization, Content-Type\r\nAccess-Control-Request-Method: POST\r\nSet-Cookie: __uvt=s%3A32%3A%22c3b116bb13d44c3d7cf67cb102b04811%22%3B; expires=Tue, 28 Sep 2027 09:47:03 GMT; Max-Age=63072000; path=/; domain=magsrv.com; secure; SameSite=None\r\nX-Robots-Tag: noindex, follow\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1840,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"7eac0bee81d7cb33739546dffaf98f60","sha1":"79c28bfe14c3a7506c162fd6270670348a574153","sha256":"329a8f581126b7326bfee722b0d472f8fb7c661d0e235fbd2aac088eaee41fc3","sha512":"a819022304a533e7578beb0435a4a20e43a470e2d4d8f477307bf5157326ae06ef209fc970a1cfdf777f03d4c3972d16278435f38e906d91bb4f888883eced9f","ssdeep":"","tlshash":"d631b571fb688829d9d1b8da285c2c54ae7e303f9a9a646c005cc05cbdbba0c2ec4712","first_seen":"2025-09-28T09:47:31.67472Z","last_seen":"2025-09-28T09:47:31.67472Z","times_seen":1,"resource_available":false,"data":null}},"time_used":285,"timings":{"blocked":70,"dns":2,"connect":26,"send":0,"wait":159,"receive":0,"ssl":28},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s.magsrv.com/cimp.php?t=api\u0026data=H4sIAAAAAAAAA11Qy04DMQz8FX5gV7bjxE7PnEEC8QHZ7abqYQVqBephPp5kS6uKjJzXOJ5xhCQOlAfxJ4o7tR0JnMccxzZzVry8vkEZ319yXA/j/LkicE5CyDE4O5hM3R3RJFlfyZGcUkydi1nNRaCEALphJNJGG+Hj/XkLbhCY+CVT23bRdoJ2QpwuTKLtZZw8cwk5zZxzXUJNSwokZeZQa5p6FUIZ13I4n342s3dFNds07iYw9OTAGkQVbRC262M9lXUBHjI7bKt9i//sFSn8abXmepOMqyPC+dETb2ojGyJYtVdEbZ8Xwr4U308LTzUXqzZrrdOikdR/Ad5jvKCoAQAA\u0026cb=e2e_68d90416e3f130.75216729\u0026scr_info=YXN5bmN8fDM%3D","fqdn":"s.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"95.211.229.245","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://a.magsrv.com/iframe.php?idzone=5726788\u0026size=728x90","date":"2025-09-28T09:47:02.963Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"magsrv.com","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 Aug 2025 10:23:20 GMT","end":"Sun, 09 Nov 2025 10:23:19 GMT"},"fingerprint":{"sha1":"55:BE:EE:FC:B1:CE:38:D7:E3:0B:2C:85:5B:6D:AB:D5:10:D4:4A:F5","sha256":"24:7B:E3:CE:C3:89:75:CF:67:F0:7D:DE:47:E2:76:14:8C:B0:ED:F5:77:94:62:09:16:06:5A:DE:2E:51:00:4F"}}},"request":{"raw":"GET /cimp.php?t=api\u0026data=H4sIAAAAAAAAA11Qy04DMQz8FX5gV7bjxE7PnEEC8QHZ7abqYQVqBephPp5kS6uKjJzXOJ5xhCQOlAfxJ4o7tR0JnMccxzZzVry8vkEZ319yXA/j/LkicE5CyDE4O5hM3R3RJFlfyZGcUkydi1nNRaCEALphJNJGG+Hj/XkLbhCY+CVT23bRdoJ2QpwuTKLtZZw8cwk5zZxzXUJNSwokZeZQa5p6FUIZ13I4n342s3dFNds07iYw9OTAGkQVbRC262M9lXUBHjI7bKt9i//sFSn8abXmepOMqyPC+dETb2ojGyJYtVdEbZ8Xwr4U308LTzUXqzZrrdOikdR/Ad5jvKCoAQAA\u0026cb=e2e_68d90416e3f130.75216729\u0026scr_info=YXN5bmN8fDM%3D HTTP/1.1\r\nHost: s.magsrv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://a.magsrv.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://a.magsrv.com/\r\nCookie: __uvt=s%3A32%3A%22e077b4f92cf30a408dcb5e54e81bf1db%22%3B\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 28 Sep 2025 09:47:02 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: https://a.magsrv.com\r\nAccess-Control-Allow-Credentials: true\r\nX-Robots-Tag: noindex, follow\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-10T12:55:53.541408Z","times_seen":13578602,"resource_available":true,"data":null}},"time_used":28,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":28,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"up2img.com/favicon.ico","fqdn":"up2img.com","domain":"up2img.com","tld":"com"},"ip":{"addr":"45.93.8.200","port":443,"asn":44477,"as":"Stark Industries Solutions Ltd","country":"Ukraine","country_code":"UA"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://up2img.com/album/Mjk5Njc/Vika-Mermaid/viewimage/Mg/OTQxMTcyOTA1MjAyMTUzNTA/OTc/MDAwNjg.html","date":"2025-09-28T09:47:03.008Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"up2img.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 20 Sep 2025 23:30:24 GMT","end":"Fri, 19 Dec 2025 23:30:23 GMT"},"fingerprint":{"sha1":"F8:71:82:D9:3D:59:C2:B5:1E:B1:31:0D:74:14:C8:EE:65:4A:E7:2A","sha256":"20:78:3F:55:A2:84:DC:7A:6A:33:F2:F8:05:75:51:99:82:C8:AC:13:CC:FB:31:99:95:90:AE:53:DD:38:51:B0"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: up2img.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://up2img.com/album/Mjk5Njc/Vika-Mermaid/viewimage/Mg/OTQxMTcyOTA1MjAyMTUzNTA/OTc/MDAwNjg.html\r\nCookie: _ga_1Y8MR84580=GS2.1.s1759052822$o1$g0$t1759052822$j60$l0$h0; _ga=GA1.1.1595369965.1759052823\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 28 Sep 2025 09:47:03 GMT\r\nContent-Type: image/x-icon\r\nContent-Length: 318\r\nConnection: keep-alive\r\nLast-Modified: Fri, 18 Mar 2016 08:07:21 GMT\r\nETag: \"56ebb739-13e\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":318,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, 16x16, 16 colors, 4 bits/pixel","md5":"07d8e656d5bdb2b8f502082d97b83433","sha1":"b202604710dbe842e442002de7bfb3b879aa16ff","sha256":"b4b837c3d45f2bed988a55c736f39b8771707be2da5f84cdb2a95249ec595332","sha512":"0bdc81775f1189cf0add1d3ebf30490638ab158d3543db7b18ad22f36a1985fde6476986a7f1393e21fc918f397ec62861a6dac725a4fe6ba4cf3ea9f04e5515","ssdeep":"","tlshash":"3ee0a9009be06f22c9483b3c02234f8a4f248c68b480432b85050ddc382262abe7f53a","first_seen":"2025-09-25T15:55:29.899176Z","last_seen":"2025-10-17T14:30:22.966622Z","times_seen":6,"resource_available":false,"data":null}},"time_used":37,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":37,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.magsrv.com/iframe.js?idzone=5726788\u0026size=728x90","fqdn":"a.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"95.173.205.15","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://a.magsrv.com/iframe.php?idzone=5726788\u0026size=728x90","date":"2025-09-28T09:47:02.724Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"magsrv.com","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 Aug 2025 10:23:20 GMT","end":"Sun, 09 Nov 2025 10:23:19 GMT"},"fingerprint":{"sha1":"55:BE:EE:FC:B1:CE:38:D7:E3:0B:2C:85:5B:6D:AB:D5:10:D4:4A:F5","sha256":"24:7B:E3:CE:C3:89:75:CF:67:F0:7D:DE:47:E2:76:14:8C:B0:ED:F5:77:94:62:09:16:06:5A:DE:2E:51:00:4F"}}},"request":{"raw":"GET /iframe.js?idzone=5726788\u0026size=728x90 HTTP/1.1\r\nHost: a.magsrv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://a.magsrv.com/iframe.php?idzone=5726788\u0026size=728x90\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 28 Sep 2025 09:47:02 GMT\r\ncontent-type: application/javascript\r\netag: W/\"aaf4ba1738b7998ca84e64c9484\"\r\nexpires: Tue, 23 Sep 2025 14:44:52 GMT\r\ncache-control: max-age=10800\r\nx-robots-tag: noindex, follow\r\naccess-control-allow-origin: *\r\nx-77-nzt: EwwBX63NDQGWfCoAAAwBuUwKEwH3gCYAAAwBw7WvAgG3UQAAAA\r\nx-77-nzt-ray: 2a494a15c0ea06ac3b04d968dfaf182b\r\nx-77-cache: HIT\r\nx-77-age: 10876\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nserver: CDN77-Turbo\r\nx-77-pop: osloNO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":2292,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (2292), with no line terminators","md5":"573ebacf03c274a3757ccc63a3854aea","sha1":"aaf4ba1738b7998ca84e64c9484bde50f0bb1978","sha256":"a80d1fe8c69d171f3df7b57eac862c7f824e5e7b358f650f2fd19fdd750289f8","sha512":"eaac6ad7ff00d8d7c163b92a6b13c1cdbfceb5eb9a21a2a6d76e8d978592d2ce8a0eb6e351cd61af9d73251618a05bbe349150ca087355fb834470813dfa58e5","ssdeep":"","tlshash":"c74175bd3002bf702ed62820912f3035e0b711d47aded460a1cfad92a669e8e632176c","first_seen":"2025-09-25T15:55:29.888144Z","last_seen":"2025-10-17T14:30:23.059114Z","times_seen":6,"resource_available":true,"data":null}},"time_used":26,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"a.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"a.magsrv.com/build-iframe-js-url.js?idzone=5726790","fqdn":"a.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"95.173.205.15","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://a.magsrv.com/iframe.php?idzone=5726790\u0026size=300x250","date":"2025-09-28T09:47:02.788Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"magsrv.com","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 Aug 2025 10:23:20 GMT","end":"Sun, 09 Nov 2025 10:23:19 GMT"},"fingerprint":{"sha1":"55:BE:EE:FC:B1:CE:38:D7:E3:0B:2C:85:5B:6D:AB:D5:10:D4:4A:F5","sha256":"24:7B:E3:CE:C3:89:75:CF:67:F0:7D:DE:47:E2:76:14:8C:B0:ED:F5:77:94:62:09:16:06:5A:DE:2E:51:00:4F"}}},"request":{"raw":"GET /build-iframe-js-url.js?idzone=5726790 HTTP/1.1\r\nHost: a.magsrv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://a.magsrv.com/iframe.php?idzone=5726790\u0026size=300x250\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 28 Sep 2025 09:47:02 GMT\r\ncontent-type: application/javascript\r\netag: W/\"144f9575bf749428685e4ab114f\"\r\nexpires: Tue, 23 Sep 2025 14:44:52 GMT\r\ncache-control: max-age=10800\r\nx-robots-tag: noindex, follow\r\naccess-control-allow-origin: *\r\nx-77-nzt: EwwBX63NDQG2fCoAAAwBuUwKDAH3ZyYAAAwBw7WvBgG3IwAAAA\r\nx-77-nzt-ray: 2a494a15c0ea06ac3b04d968a020e92e\r\nx-77-cache: HIT\r\nx-77-age: 10876\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nserver: CDN77-Turbo\r\nx-77-pop: osloNO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":759,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (759), with no line terminators","md5":"82cf19b6fdccdd55de40cb0a7ebd8fe6","sha1":"144f9575bf749428685e4ab114ffd9361327ad1a","sha256":"c9535e46870f385f3a576b2b4cc0c7fb8e91cedfcd0745732aac132401757fb6","sha512":"5a4d1e32dfabd54ead11be27703784024cd8a10c12ad935e3ada8b9bb04b0e317f15c0973e7e173dd737b1370e719f01ce782b8d81ef9e8717fcad3c177d37dc","ssdeep":"","tlshash":"d60120a87ca1d6b801f028d99162f1f8d17a018038c1c948b0c4dd80767ce8c1533e78","first_seen":"2025-09-25T15:55:29.906178Z","last_seen":"2025-10-17T14:30:23.351079Z","times_seen":6,"resource_available":true,"data":null}},"time_used":24,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":24,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"a.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s.magsrv.com/v1/api.php","fqdn":"s.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"95.211.229.245","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://a.magsrv.com/iframe.php?idzone=5726790\u0026size=300x250","date":"2025-09-28T09:47:02.860Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"magsrv.com","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 Aug 2025 10:23:20 GMT","end":"Sun, 09 Nov 2025 10:23:19 GMT"},"fingerprint":{"sha1":"55:BE:EE:FC:B1:CE:38:D7:E3:0B:2C:85:5B:6D:AB:D5:10:D4:4A:F5","sha256":"24:7B:E3:CE:C3:89:75:CF:67:F0:7D:DE:47:E2:76:14:8C:B0:ED:F5:77:94:62:09:16:06:5A:DE:2E:51:00:4F"}}},"request":{"raw":"POST /v1/api.php HTTP/1.1\r\nHost: s.magsrv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain\r\nContent-Length: 439\r\nOrigin: https://a.magsrv.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://a.magsrv.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 28 Sep 2025 09:47:03 GMT\r\nContent-Type: application/json\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: https://a.magsrv.com\r\nAccess-Control-Allow-Credentials: true\r\nAccess-Control-Allow-Headers: Authorization, Content-Type\r\nAccess-Control-Request-Method: POST\r\nSet-Cookie: __uvt=s%3A32%3A%22b317a41adac50dd503a2f2ec022f2126%22%3B; expires=Tue, 28 Sep 2027 09:47:03 GMT; Max-Age=63072000; path=/; domain=magsrv.com; secure; SameSite=None\r\nX-Robots-Tag: noindex, follow\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1843,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"c2ad9c71c3a3e99373a89e474a269416","sha1":"8e48010956f4ea81cabfdd50e1b3363e250f03b3","sha256":"1ee8cb17bdf0094f2658bf52ac43b163dcf37ec431af973a1f69ca1d5a274d2d","sha512":"6a89dae24543e8c05f13d186e73a218a8309aad0e88cfb53b3084d5e3bc9495891de10f20bb989ad9c8e48909e45f591166161eeb30beffea89bfbc288923846","ssdeep":"","tlshash":"7b31b572f744c86ead84a3cd3981a431ce7b388fea93995a009a79a5d1bd57c0a02761","first_seen":"2025-09-28T09:47:31.689511Z","last_seen":"2025-09-28T09:47:31.689511Z","times_seen":1,"resource_available":false,"data":null}},"time_used":267,"timings":{"blocked":64,"dns":1,"connect":26,"send":0,"wait":147,"receive":0,"ssl":28},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s3t3d2y9.afcdn.net/library/319620/facd5f5166b3c366ffce337d12ff2dead2950110.mp4","fqdn":"s3t3d2y9.afcdn.net","domain":"afcdn.net","tld":"net"},"ip":{"addr":"95.173.205.14","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://a.magsrv.com/iframe.php?idzone=5726788\u0026size=728x90","date":"2025-09-28T09:47:02.965Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"afcdn.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 13 Sep 2025 18:41:03 GMT","end":"Fri, 12 Dec 2025 18:41:02 GMT"},"fingerprint":{"sha1":"68:CA:E4:09:64:51:A6:A3:68:11:14:36:D0:A1:63:6E:AD:58:59:50","sha256":"CD:C8:8A:2C:B0:B6:21:9E:3A:54:19:23:96:3D:87:BC:F7:14:BC:D3:A0:FA:97:48:A5:00:85:A5:C9:08:9D:0A"}}},"request":{"raw":"GET /library/319620/facd5f5166b3c366ffce337d12ff2dead2950110.mp4 HTTP/1.1\r\nHost: s3t3d2y9.afcdn.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.5\r\nRange: bytes=0-\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://a.magsrv.com/\r\nSec-Fetch-Dest: video\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nAccept-Encoding: identity\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 206 Partial Content\r\ndate: Sun, 28 Sep 2025 09:47:02 GMT\r\ncontent-type: video/mp4\r\ncontent-length: 64876\r\nlast-modified: Tue, 15 Oct 2024 21:25:17 GMT\r\netag: \"670eddbd-fd6c\"\r\nexpires: Thu, 16 Oct 2025 21:07:03 GMT\r\ncache-control: max-age=31536000\r\naccess-control-allow-origin: *\r\nx-robots-tag: noindex, follow\r\nx-served-by: hap01-sec01-prg1-1\r\nx-77-nzt: EwwBX63NDQH3OsNzAQwBuUwKAQH3tiYHAAwBJRPCNAG3L+9NAA\r\nx-77-nzt-ray: 2a494a1527b7f1b13b04d96899874a3a\r\nx-77-cache: HIT\r\nx-77-age: 24363834\r\nserver: CDN77-Turbo\r\nx-77-pop: osloNO\r\ncontent-range: bytes 0-64875/64876\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"Partial Content","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":64876,"size_decoded":0,"mime_type":"video/mp4","magic":"ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]","md5":"ca4cd6483f0c4f6c4a30208e1ee92216","sha1":"facd5f5166b3c366ffce337d12ff2dead2950110","sha256":"6182240fd2beea82fe9da674d1ace2a626adbf8c90c3b00b5271baea6be3a144","sha512":"785810b962c1f28334b74a98ac416caae8245e7d6bd68d192fc745a03454fb4e09a897679b32e9ade99cd5b7834896deb35668dd750cb555987164c9554d75b0","ssdeep":"1536:RVaJ1t0tuEwf5aYm/s59ENxJcnhytHLRmfcqGYw44AqToLZEHZE:RVa7BjcL/sHO2hIrAZI44A6cZEHZE","tlshash":"6353f1563b4c37aac7bdf13fa4dd026392c35a303ed448e7c205ca4455ed2ab89a794e","first_seen":"2025-02-22T04:52:01.140169Z","last_seen":"2026-03-28T09:33:37.646611Z","times_seen":182,"resource_available":false,"data":null}},"time_used":29,"timings":{"blocked":13,"dns":4,"connect":2,"send":0,"wait":1,"receive":2,"ssl":7},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"up2img.com/images/logo.png","fqdn":"up2img.com","domain":"up2img.com","tld":"com"},"ip":{"addr":"45.93.8.200","port":443,"asn":44477,"as":"Stark Industries Solutions Ltd","country":"Ukraine","country_code":"UA"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://up2img.com/album/Mjk5Njc/Vika-Mermaid/viewimage/Mg/OTQxMTcyOTA1MjAyMTUzNTA/OTc/MDAwNjg.html","date":"2025-09-28T09:47:02.600Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"up2img.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 20 Sep 2025 23:30:24 GMT","end":"Fri, 19 Dec 2025 23:30:23 GMT"},"fingerprint":{"sha1":"F8:71:82:D9:3D:59:C2:B5:1E:B1:31:0D:74:14:C8:EE:65:4A:E7:2A","sha256":"20:78:3F:55:A2:84:DC:7A:6A:33:F2:F8:05:75:51:99:82:C8:AC:13:CC:FB:31:99:95:90:AE:53:DD:38:51:B0"}}},"request":{"raw":"GET /images/logo.png HTTP/1.1\r\nHost: up2img.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://up2img.com/album/Mjk5Njc/Vika-Mermaid/viewimage/Mg/OTQxMTcyOTA1MjAyMTUzNTA/OTc/MDAwNjg.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 28 Sep 2025 09:47:02 GMT\r\nContent-Type: image/png\r\nContent-Length: 4755\r\nConnection: keep-alive\r\nLast-Modified: Wed, 17 Sep 2025 00:29:17 GMT\r\nETag: \"68ca00dd-1293\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4755,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 130 x 50, 8-bit colormap, non-interlaced","md5":"0c8645c4d41a0f016729e93613a87c4d","sha1":"0cd3bea6e861fdfffb6964b045ce503ebf0c22cc","sha256":"70de31739cba9778414497d4510cdf49c7ef2cbcaae5b3e5778668197c7b129e","sha512":"633b6f32a692897b8a98a3757bc0e6bd8b92c361f3fb4a4ad5c719e26a685570d21e8fafc0da76cded5389054b20885f900bfffbec00b39f12617ac7b6442c8b","ssdeep":"96:qo7FKGfRZBSVSQ1dppCuRgK32atCZoYpCty5lBa:L7FKGkbdLMoCZPpCtoBa","tlshash":"48a18e634d8e7f72c38d7835d4e4c09186a317656a68b5c4818fd8edd8065be960f08f","first_seen":"2025-09-25T15:55:29.918866Z","last_seen":"2025-10-17T14:30:23.264954Z","times_seen":6,"resource_available":false,"data":null}},"time_used":167,"timings":{"blocked":123,"dns":0,"connect":0,"send":0,"wait":44,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.magsrv.com/iframe.php?idzone=5726860\u0026size=300x250","fqdn":"a.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"95.173.205.15","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://up2img.com/ad300.php","date":"2025-09-28T09:47:02.796Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"magsrv.com","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 Aug 2025 10:23:20 GMT","end":"Sun, 09 Nov 2025 10:23:19 GMT"},"fingerprint":{"sha1":"55:BE:EE:FC:B1:CE:38:D7:E3:0B:2C:85:5B:6D:AB:D5:10:D4:4A:F5","sha256":"24:7B:E3:CE:C3:89:75:CF:67:F0:7D:DE:47:E2:76:14:8C:B0:ED:F5:77:94:62:09:16:06:5A:DE:2E:51:00:4F"}}},"request":{"raw":"GET /iframe.php?idzone=5726860\u0026size=300x250 HTTP/1.1\r\nHost: a.magsrv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://up2img.com/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 28 Sep 2025 09:47:02 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nexpires: Sun, 28 Sep 2025 08:56:15 GMT\r\ncache-control: max-age=10800\r\nx-robots-tag: noindex, follow\r\naccess-control-allow-origin: *\r\nx-77-nzt: EwwBX63NDQH1fCoAAAwBuUwKAQH3mwsAAAwBWd59LgGzVyoAAA\r\nx-77-nzt-ray: 2a494a15c0ea06ac3b04d968486c532f\r\nx-77-cache: HIT\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nx-77-age: 10876\r\nserver: CDN77-Turbo\r\nx-77-pop: osloNO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":275,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text","md5":"6cba4f928b5be321ce52ed459af2731d","sha1":"6745b3893f55e44419e68d790c06ad4e2769ed8d","sha256":"3811ea2edfc0d5285efbe463333af53414db97b315a2f36441c007c084ca1ae8","sha512":"ac24781e7426f71f75dd3a7ef7a2e651aa18d11e016b9914f85355702408c7552bbac8c705bee35384060c7870853ac4d3471bbb41030daccab20e0885625400","ssdeep":"","tlshash":"efd0c2d3fc41d001094068db88b0e088d0a5127d2ec0cd59a4e99060f510aec4e03f88","first_seen":"2025-09-25T15:55:29.914375Z","last_seen":"2025-09-28T16:27:44.21453Z","times_seen":3,"resource_available":false,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"a.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"a.magsrv.com/ad-provider.js","fqdn":"a.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"95.173.205.15","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://a.magsrv.com/iframe.php?idzone=5726860\u0026size=300x250","date":"2025-09-28T09:47:02.826Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"magsrv.com","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 Aug 2025 10:23:20 GMT","end":"Sun, 09 Nov 2025 10:23:19 GMT"},"fingerprint":{"sha1":"55:BE:EE:FC:B1:CE:38:D7:E3:0B:2C:85:5B:6D:AB:D5:10:D4:4A:F5","sha256":"24:7B:E3:CE:C3:89:75:CF:67:F0:7D:DE:47:E2:76:14:8C:B0:ED:F5:77:94:62:09:16:06:5A:DE:2E:51:00:4F"}}},"request":{"raw":"GET /ad-provider.js HTTP/1.1\r\nHost: a.magsrv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://a.magsrv.com/iframe.php?idzone=5726860\u0026size=300x250\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 28 Sep 2025 09:47:02 GMT\r\ncontent-type: application/javascript\r\netag: W/\"9ba388b9873f71f944fea196bb1\"\r\nexpires: Tue, 23 Sep 2025 14:41:40 GMT\r\ncache-control: max-age=10800\r\nx-robots-tag: noindex, follow\r\naccess-control-allow-origin: *\r\nx-77-nzt: EwwBX63NDQH3Kw8AAAwBuUwKAQH3DgAAAAwBWd59LgG3sQAAAA\r\nx-77-nzt-ray: 2a494a15c0ea06ac3b04d9680f698830\r\nx-77-cache: HIT\r\nx-77-age: 3883\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nserver: CDN77-Turbo\r\nx-77-pop: osloNO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":184994,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (39230)","md5":"3c01bf38d58ab93e080fbf63e3dbc461","sha1":"9ba388b9873f71f944fea196bb1ac87d20731e85","sha256":"84d0dd4f94e5bc1fa61fb371d1d9706da728f12c6a6d173ce403ddcb9e436e87","sha512":"6bd07890886fa49a65ef00fc52288beabf4e0d1917877d1dfb0a8893fe06c4b8a5389affb72bcdbace0c56b8a71e92080ec967940f603572ec706b5c6f40b670","ssdeep":"3072:Nms/jp28VOkqDG2CjyR19wnRBqI9gxxIisGEolY4o/CXMppo:Hp28VOkq62T19wnRvgxXs7npo","tlshash":"1e045c992792307441d3e12d6aff53093371506ab80f4884bb4dd8a427adeea51a3ffd","first_seen":"2025-09-16T23:11:06.685443Z","last_seen":"2025-10-03T07:23:01.303438Z","times_seen":401,"resource_available":true,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"a.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"c.adsco.re/","fqdn":"c.adsco.re","domain":"adsco.re","tld":"re"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://up2img.com/album/Mjk5Njc/Vika-Mermaid/viewimage/Mg/OTQxMTcyOTA1MjAyMTUzNTA/OTc/MDAwNjg.html","date":"2025-09-28T09:47:02.837Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: c.adsco.re\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://up2img.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-10T12:55:53.541408Z","times_seen":13578602,"resource_available":true,"data":null}},"time_used":10,"timings":{"blocked":0,"dns":3,"connect":2,"send":0,"wait":0,"receive":0,"ssl":5},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s3t3d2y9.afcdn.net/library/91387/9a836b8483e7903ac3080c11c5444c179e36e6db.mp4","fqdn":"s3t3d2y9.afcdn.net","domain":"afcdn.net","tld":"net"},"ip":{"addr":"95.173.205.14","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://a.magsrv.com/iframe.php?idzone=5726860\u0026size=300x250","date":"2025-09-28T09:47:03.049Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"afcdn.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 13 Sep 2025 18:41:03 GMT","end":"Fri, 12 Dec 2025 18:41:02 GMT"},"fingerprint":{"sha1":"68:CA:E4:09:64:51:A6:A3:68:11:14:36:D0:A1:63:6E:AD:58:59:50","sha256":"CD:C8:8A:2C:B0:B6:21:9E:3A:54:19:23:96:3D:87:BC:F7:14:BC:D3:A0:FA:97:48:A5:00:85:A5:C9:08:9D:0A"}}},"request":{"raw":"GET /library/91387/9a836b8483e7903ac3080c11c5444c179e36e6db.mp4 HTTP/1.1\r\nHost: s3t3d2y9.afcdn.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.5\r\nRange: bytes=0-\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://a.magsrv.com/\r\nSec-Fetch-Dest: video\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nAccept-Encoding: identity\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 206 Partial Content\r\ndate: Sun, 28 Sep 2025 09:47:03 GMT\r\ncontent-type: video/mp4\r\ncontent-length: 163847\r\nlast-modified: Wed, 05 Apr 2023 12:30:20 GMT\r\netag: \"642d69dc-28007\"\r\nexpires: Thu, 27 Aug 2026 09:25:06 GMT\r\ncache-control: max-age=31536000\r\naccess-control-allow-origin: *\r\nx-robots-tag: noindex, follow\r\nx-served-by: hap02-sec02-prg1-1\r\nx-77-nzt: EwwBX63NDQH3kDQqAAwBuUwKDAH3ggAAAAwBw7WvAgG3EwAAAA\r\nx-77-nzt-ray: 2a494a1527b7f1b13c04d968d357ca02\r\nx-77-cache: HIT\r\nx-77-age: 2765968\r\nserver: CDN77-Turbo\r\nx-77-pop: osloNO\r\ncontent-range: bytes 0-163846/163847\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"Partial Content","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":163847,"size_decoded":0,"mime_type":"video/mp4","magic":"ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]","md5":"14eac9bcf4b252bea23619d047956350","sha1":"9a836b8483e7903ac3080c11c5444c179e36e6db","sha256":"66e98e40b6a0f46a233afff997c204eca75e5c3accc155f21c1920b5068e452b","sha512":"3b5dddc259f2dc714b73eaeacc852344eb5565a7106effb6190be1c724b5c3e9d1e737e7d971362ee604a2b91512b6d426607c329a5797993de64bd5f1eff177","ssdeep":"3072:9urCv2KDCIXfaWsraBMqs5NRxmntuDX5mdLRNSZXkByW3A:jfdvafaqqs5NmtUstStkByWw","tlshash":"26f312e0a3b69965e2bc0df9ad8d973f672000df30014a4fe719d97e05e36647690e8b","first_seen":"2025-08-29T11:13:14.631041Z","last_seen":"2025-10-02T05:47:51.078262Z","times_seen":12,"resource_available":false,"data":null}},"time_used":4,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"up2img.com/ad300.php","fqdn":"up2img.com","domain":"up2img.com","tld":"com"},"ip":{"addr":"45.93.8.200","port":443,"asn":44477,"as":"Stark Industries Solutions Ltd","country":"Ukraine","country_code":"UA"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://up2img.com/album/Mjk5Njc/Vika-Mermaid/viewimage/Mg/OTQxMTcyOTA1MjAyMTUzNTA/OTc/MDAwNjg.html","date":"2025-09-28T09:47:02.735Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"up2img.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 20 Sep 2025 23:30:24 GMT","end":"Fri, 19 Dec 2025 23:30:23 GMT"},"fingerprint":{"sha1":"F8:71:82:D9:3D:59:C2:B5:1E:B1:31:0D:74:14:C8:EE:65:4A:E7:2A","sha256":"20:78:3F:55:A2:84:DC:7A:6A:33:F2:F8:05:75:51:99:82:C8:AC:13:CC:FB:31:99:95:90:AE:53:DD:38:51:B0"}}},"request":{"raw":"GET /ad300.php HTTP/1.1\r\nHost: up2img.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://up2img.com/album/Mjk5Njc/Vika-Mermaid/viewimage/Mg/OTQxMTcyOTA1MjAyMTUzNTA/OTc/MDAwNjg.html\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 28 Sep 2025 09:47:02 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding, Accept-Encoding\r\nX-Cache: BYPASS From up2img.com\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":736,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (571), with CRLF line terminators","md5":"580a227c6d969d1be1cdf92e41d8396b","sha1":"db192822370fd54771a9177f83d249d97d896c86","sha256":"34c7100fb02af3b592459ba4459e8791d4d9aa2b3ed9d9708578da02260f6bef","sha512":"8f87c48740d469ac20976038c5c50587913587f9c10ef3b9cddb907fddfe5c516c6befb2162bed85050c97ea95bd8c3940572806656307a32d81d144bc4a29bf","ssdeep":"","tlshash":"dd01d8f3f76d383cd0674774b4e00895b0a3bf953362997627e02072b06866958a579d","first_seen":"2025-09-28T09:47:31.712478Z","last_seen":"2025-09-28T09:47:31.712478Z","times_seen":1,"resource_available":false,"data":null}},"time_used":37,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":37,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.magsrv.com/ad-provider.js","fqdn":"a.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"95.173.205.15","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://a.magsrv.com/iframe.php?idzone=5726790\u0026size=300x250","date":"2025-09-28T09:47:02.790Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"magsrv.com","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 Aug 2025 10:23:20 GMT","end":"Sun, 09 Nov 2025 10:23:19 GMT"},"fingerprint":{"sha1":"55:BE:EE:FC:B1:CE:38:D7:E3:0B:2C:85:5B:6D:AB:D5:10:D4:4A:F5","sha256":"24:7B:E3:CE:C3:89:75:CF:67:F0:7D:DE:47:E2:76:14:8C:B0:ED:F5:77:94:62:09:16:06:5A:DE:2E:51:00:4F"}}},"request":{"raw":"GET /ad-provider.js HTTP/1.1\r\nHost: a.magsrv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://a.magsrv.com/iframe.php?idzone=5726790\u0026size=300x250\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 28 Sep 2025 09:47:02 GMT\r\ncontent-type: application/javascript\r\netag: W/\"9ba388b9873f71f944fea196bb1\"\r\nexpires: Tue, 23 Sep 2025 14:41:40 GMT\r\ncache-control: max-age=10800\r\nx-robots-tag: noindex, follow\r\naccess-control-allow-origin: *\r\nx-77-nzt: EwwBX63NDQH3Kw8AAAwBuUwKAQH3DgAAAAwBWd59LgG3sQAAAA\r\nx-77-nzt-ray: 2a494a15c0ea06ac3b04d96845cdee2e\r\nx-77-cache: HIT\r\nx-77-age: 3883\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nserver: CDN77-Turbo\r\nx-77-pop: osloNO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":184994,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (39230)","md5":"3c01bf38d58ab93e080fbf63e3dbc461","sha1":"9ba388b9873f71f944fea196bb1ac87d20731e85","sha256":"84d0dd4f94e5bc1fa61fb371d1d9706da728f12c6a6d173ce403ddcb9e436e87","sha512":"6bd07890886fa49a65ef00fc52288beabf4e0d1917877d1dfb0a8893fe06c4b8a5389affb72bcdbace0c56b8a71e92080ec967940f603572ec706b5c6f40b670","ssdeep":"3072:Nms/jp28VOkqDG2CjyR19wnRBqI9gxxIisGEolY4o/CXMppo:Hp28VOkq62T19wnRvgxXs7npo","tlshash":"1e045c992792307441d3e12d6aff53093371506ab80f4884bb4dd8a427adeea51a3ffd","first_seen":"2025-09-16T23:11:06.685443Z","last_seen":"2025-10-03T07:23:01.303438Z","times_seen":401,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"a.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"a.magsrv.com/build-iframe-js-url.js?idzone=5726860","fqdn":"a.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"95.173.205.15","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://a.magsrv.com/iframe.php?idzone=5726860\u0026size=300x250","date":"2025-09-28T09:47:02.837Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"magsrv.com","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 Aug 2025 10:23:20 GMT","end":"Sun, 09 Nov 2025 10:23:19 GMT"},"fingerprint":{"sha1":"55:BE:EE:FC:B1:CE:38:D7:E3:0B:2C:85:5B:6D:AB:D5:10:D4:4A:F5","sha256":"24:7B:E3:CE:C3:89:75:CF:67:F0:7D:DE:47:E2:76:14:8C:B0:ED:F5:77:94:62:09:16:06:5A:DE:2E:51:00:4F"}}},"request":{"raw":"GET /build-iframe-js-url.js?idzone=5726860 HTTP/1.1\r\nHost: a.magsrv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://a.magsrv.com/iframe.php?idzone=5726860\u0026size=300x250\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 28 Sep 2025 09:47:02 GMT\r\ncontent-type: application/javascript\r\netag: W/\"36b21fce25172c86a6058b632f6\"\r\nexpires: Tue, 23 Sep 2025 14:43:59 GMT\r\ncache-control: max-age=10800\r\nx-robots-tag: noindex, follow\r\naccess-control-allow-origin: *\r\nx-77-nzt: EwwBX63NDQH1fCoAAAwBuUwKDAH3exwAAAwBWd59LgG3WAAAAA\r\nx-77-nzt-ray: 2a494a15c0ea06ac3b04d968d2b4c031\r\nx-77-cache: HIT\r\nx-77-age: 10876\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nserver: CDN77-Turbo\r\nx-77-pop: osloNO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":759,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (759), with no line terminators","md5":"577f4335f16c5d5ffe6e943f5d8c2f41","sha1":"36b21fce25172c86a6058b632f6f94bef1041c9c","sha256":"551e26b7f42072c6514aeabb7407c6ac116919456b93ef4170d3eeb8f0852287","sha512":"3944a37597ef3ed12cbe0b9adabf1574475f6b9316b41d2befd36d201448abf3a938592d5c9d563d76b6d79a301be0b7f165e4fbb86b73f958632c79b861a9f3","ssdeep":"","tlshash":"e50165a87ca1d6b401f028d99163f1f8d17a01c038c1c948b4c4dd80767ce8c0533f78","first_seen":"2025-09-25T15:55:29.917378Z","last_seen":"2025-09-28T16:27:44.198277Z","times_seen":3,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"a.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"up2img.com/adtop.php","fqdn":"up2img.com","domain":"up2img.com","tld":"com"},"ip":{"addr":"45.93.8.200","port":443,"asn":44477,"as":"Stark Industries Solutions Ltd","country":"Ukraine","country_code":"UA"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://up2img.com/album/Mjk5Njc/Vika-Mermaid/viewimage/Mg/OTQxMTcyOTA1MjAyMTUzNTA/OTc/MDAwNjg.html","date":"2025-09-28T09:47:02.599Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"up2img.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 20 Sep 2025 23:30:24 GMT","end":"Fri, 19 Dec 2025 23:30:23 GMT"},"fingerprint":{"sha1":"F8:71:82:D9:3D:59:C2:B5:1E:B1:31:0D:74:14:C8:EE:65:4A:E7:2A","sha256":"20:78:3F:55:A2:84:DC:7A:6A:33:F2:F8:05:75:51:99:82:C8:AC:13:CC:FB:31:99:95:90:AE:53:DD:38:51:B0"}}},"request":{"raw":"GET /adtop.php HTTP/1.1\r\nHost: up2img.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://up2img.com/album/Mjk5Njc/Vika-Mermaid/viewimage/Mg/OTQxMTcyOTA1MjAyMTUzNTA/OTc/MDAwNjg.html\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 28 Sep 2025 09:47:02 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding, Accept-Encoding\r\nX-Cache: BYPASS From up2img.com\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":364,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"72aa0171c213572469103fab73656b31","sha1":"3b90ad581a6ab5e219f770f30f8fea3b2e9a323d","sha256":"628d59021147113f75cfc4871f3dd50bd31718953a8077601038a0e6a8934a62","sha512":"66472665cd15950c9b2dedc5ce6e0976f613eed4486bc22ed54408ab17b7281b784a5b266c5feae31b95d1413ec4b38f92e79beb9f0adca02b6193aff5a7e5f4","ssdeep":"","tlshash":"3ee0d8f7a6aa6c2cf47b1a34a0e1059470e7ab543396cd67639020b3b05913a5c5279d","first_seen":"2025-09-28T09:47:31.722524Z","last_seen":"2025-09-28T16:27:44.316696Z","times_seen":2,"resource_available":false,"data":null}},"time_used":36,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":36,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s3t3d2y9.afcdn.net/library/91387/9a836b8483e7903ac3080c11c5444c179e36e6db.mp4","fqdn":"s3t3d2y9.afcdn.net","domain":"afcdn.net","tld":"net"},"ip":{"addr":"95.173.205.14","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://a.magsrv.com/iframe.php?idzone=5726790\u0026size=300x250","date":"2025-09-28T09:47:03.119Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"afcdn.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 13 Sep 2025 18:41:03 GMT","end":"Fri, 12 Dec 2025 18:41:02 GMT"},"fingerprint":{"sha1":"68:CA:E4:09:64:51:A6:A3:68:11:14:36:D0:A1:63:6E:AD:58:59:50","sha256":"CD:C8:8A:2C:B0:B6:21:9E:3A:54:19:23:96:3D:87:BC:F7:14:BC:D3:A0:FA:97:48:A5:00:85:A5:C9:08:9D:0A"}}},"request":{"raw":"GET /library/91387/9a836b8483e7903ac3080c11c5444c179e36e6db.mp4 HTTP/1.1\r\nHost: s3t3d2y9.afcdn.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.5\r\nRange: bytes=0-\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://a.magsrv.com/\r\nSec-Fetch-Dest: video\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nAccept-Encoding: identity\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 206 Partial Content\r\ndate: Sun, 28 Sep 2025 09:47:03 GMT\r\ncontent-type: video/mp4\r\ncontent-length: 163847\r\nlast-modified: Wed, 05 Apr 2023 12:30:20 GMT\r\netag: \"642d69dc-28007\"\r\nexpires: Thu, 27 Aug 2026 09:25:06 GMT\r\ncache-control: max-age=31536000\r\naccess-control-allow-origin: *\r\nx-robots-tag: noindex, follow\r\nx-served-by: hap02-sec02-prg1-1\r\nx-77-nzt: EwwBX63NDQH3kDQqAAwBuUwKDAH3ggAAAAwBw7WvAgG3EwAAAA\r\nx-77-nzt-ray: 2a494a1527b7f1b13c04d9689e730d07\r\nx-77-cache: HIT\r\nx-77-age: 2765968\r\nserver: CDN77-Turbo\r\nx-77-pop: osloNO\r\ncontent-range: bytes 0-163846/163847\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"Partial Content","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":163847,"size_decoded":0,"mime_type":"video/mp4","magic":"ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]","md5":"14eac9bcf4b252bea23619d047956350","sha1":"9a836b8483e7903ac3080c11c5444c179e36e6db","sha256":"66e98e40b6a0f46a233afff997c204eca75e5c3accc155f21c1920b5068e452b","sha512":"3b5dddc259f2dc714b73eaeacc852344eb5565a7106effb6190be1c724b5c3e9d1e737e7d971362ee604a2b91512b6d426607c329a5797993de64bd5f1eff177","ssdeep":"3072:9urCv2KDCIXfaWsraBMqs5NRxmntuDX5mdLRNSZXkByW3A:jfdvafaqqs5NmtUstStkByWw","tlshash":"26f312e0a3b69965e2bc0df9ad8d973f672000df30014a4fe719d97e05e36647690e8b","first_seen":"2025-08-29T11:13:14.631041Z","last_seen":"2025-10-02T05:47:51.078262Z","times_seen":12,"resource_available":false,"data":null}},"time_used":3,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.magsrv.com/ad-provider.js","fqdn":"a.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"95.173.205.15","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://a.magsrv.com/iframe.php?idzone=5726788\u0026size=728x90","date":"2025-09-28T09:47:02.688Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"magsrv.com","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 Aug 2025 10:23:20 GMT","end":"Sun, 09 Nov 2025 10:23:19 GMT"},"fingerprint":{"sha1":"55:BE:EE:FC:B1:CE:38:D7:E3:0B:2C:85:5B:6D:AB:D5:10:D4:4A:F5","sha256":"24:7B:E3:CE:C3:89:75:CF:67:F0:7D:DE:47:E2:76:14:8C:B0:ED:F5:77:94:62:09:16:06:5A:DE:2E:51:00:4F"}}},"request":{"raw":"GET /ad-provider.js HTTP/1.1\r\nHost: a.magsrv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://a.magsrv.com/iframe.php?idzone=5726788\u0026size=728x90\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 28 Sep 2025 09:47:02 GMT\r\ncontent-type: application/javascript\r\netag: W/\"9ba388b9873f71f944fea196bb1\"\r\nexpires: Tue, 23 Sep 2025 14:41:40 GMT\r\ncache-control: max-age=10800\r\nx-robots-tag: noindex, follow\r\naccess-control-allow-origin: *\r\nx-77-nzt: EwwBX63NDQH3Kw8AAAwBuUwKAQH3DgAAAAwBWd59LgG3sQAAAA\r\nx-77-nzt-ray: 2a494a15c0ea06ac3b04d968a9e26c29\r\nx-77-cache: HIT\r\nx-77-age: 3883\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nserver: CDN77-Turbo\r\nx-77-pop: osloNO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":184994,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (39230)","md5":"3c01bf38d58ab93e080fbf63e3dbc461","sha1":"9ba388b9873f71f944fea196bb1ac87d20731e85","sha256":"84d0dd4f94e5bc1fa61fb371d1d9706da728f12c6a6d173ce403ddcb9e436e87","sha512":"6bd07890886fa49a65ef00fc52288beabf4e0d1917877d1dfb0a8893fe06c4b8a5389affb72bcdbace0c56b8a71e92080ec967940f603572ec706b5c6f40b670","ssdeep":"3072:Nms/jp28VOkqDG2CjyR19wnRBqI9gxxIisGEolY4o/CXMppo:Hp28VOkq62T19wnRvgxXs7npo","tlshash":"1e045c992792307441d3e12d6aff53093371506ab80f4884bb4dd8a427adeea51a3ffd","first_seen":"2025-09-16T23:11:06.685443Z","last_seen":"2025-10-03T07:23:01.303438Z","times_seen":401,"resource_available":true,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"a.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn3.up2img.com/album/Mjk5Njc/43415813/showimage/Mg/OTQxMTcyOTA1MjAyMTUzNTA/MDAwNjg.up2img.com.jpg","fqdn":"cdn3.up2img.com","domain":"up2img.com","tld":"com"},"ip":{"addr":"37.221.65.234","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://up2img.com/album/Mjk5Njc/Vika-Mermaid/viewimage/Mg/OTQxMTcyOTA1MjAyMTUzNTA/OTc/MDAwNjg.html","date":"2025-09-28T09:47:02.601Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn3.up2img.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 23 Sep 2025 11:21:07 GMT","end":"Mon, 22 Dec 2025 11:21:06 GMT"},"fingerprint":{"sha1":"4B:0D:0A:44:0A:04:39:E1:0A:23:42:A2:21:BF:8C:B8:85:EA:7A:C9","sha256":"6A:5A:C9:0C:BA:17:78:EA:95:2E:20:88:16:71:8E:D6:2E:35:F6:5E:21:2B:B1:C3:1D:4E:83:F1:9A:FE:FC:65"}}},"request":{"raw":"GET /album/Mjk5Njc/43415813/showimage/Mg/OTQxMTcyOTA1MjAyMTUzNTA/MDAwNjg.up2img.com.jpg HTTP/1.1\r\nHost: cdn3.up2img.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://up2img.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 28 Sep 2025 09:47:03 GMT\r\nContent-Type: image/jpeg\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Cache: BYPASS From cdn3.up2img.com\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":695972,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Macintosh, datetime=2005:10:31 00:25:11], baseline, precision 8, 1800x2758, components 3","md5":"bdfcf07b46c4c20a928a51a1a99f85c7","sha1":"fd4a4fc8e2dc431b940c2c25d8b1ecda1595ca26","sha256":"109559426f571e7cc5e185c95b89ff1e4baa9fb82159f80098d79fdcc1a46a7a","sha512":"1f184afc55ec71e49098faac50bde751986c63edaf60420588b3d8ad550de9f592b9dd7b9b16c5e7ecf470e47fdbb7012239559756fb0b2d8862d732b9fa94f2","ssdeep":"12288:3hTxGO4dsX0S1vsda1N3d1jUdL32VlqQPvtW+hzol3+Zv3cDxhsnemKoGI7:3wG0S1ltSNmVlqKW+hNi/mKoF","tlshash":"4fe4230546152d98ec4093f59fd1026a89cf24c21df42bdebc9fc61b37b4d121afd6aa","first_seen":"2025-09-28T09:47:31.72702Z","last_seen":"2025-09-28T09:47:31.72702Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2062,"timings":{"blocked":486,"dns":117,"connect":312,"send":0,"wait":761,"receive":326,"ssl":59},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.magsrv.com/iframe.php?idzone=5726790\u0026size=300x250","fqdn":"a.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"95.173.205.15","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://up2img.com/ad300.php","date":"2025-09-28T09:47:02.794Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"magsrv.com","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 Aug 2025 10:23:20 GMT","end":"Sun, 09 Nov 2025 10:23:19 GMT"},"fingerprint":{"sha1":"55:BE:EE:FC:B1:CE:38:D7:E3:0B:2C:85:5B:6D:AB:D5:10:D4:4A:F5","sha256":"24:7B:E3:CE:C3:89:75:CF:67:F0:7D:DE:47:E2:76:14:8C:B0:ED:F5:77:94:62:09:16:06:5A:DE:2E:51:00:4F"}}},"request":{"raw":"GET /iframe.php?idzone=5726790\u0026size=300x250 HTTP/1.1\r\nHost: a.magsrv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://up2img.com/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 28 Sep 2025 09:47:02 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nexpires: Sun, 28 Sep 2025 11:54:29 GMT\r\ncache-control: max-age=10800\r\nx-robots-tag: noindex, follow\r\naccess-control-allow-origin: *\r\nx-77-nzt: EwwBX63NDQH3RAwAAAwBuUwKDAGzESoAAAwBWd59LgG3DQAAAA\r\nx-77-nzt-ray: 2a494a15c0ea06ac3b04d968c79a372f\r\nx-77-cache: HIT\r\nx-77-age: 3140\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nserver: CDN77-Turbo\r\nx-77-pop: osloNO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":275,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text","md5":"b27dd0dc21f2daa821e9890fb76bac10","sha1":"5d3470cccc437f5f70894f07629d718b76409cac","sha256":"9e66d3c46749fef4d3a20898a4e7441e02ebd75f39f06b6727a159afcd6de019","sha512":"7275bb375cdbaf2b7e4c33b4f96a2f687a31a5991bf90b5ce0e56ca1fdf487439aced63ea99f757ad67b26512c2ac4662b0ad1a7b5f2d09dcffa39ea2d1e150c","ssdeep":"","tlshash":"32d02be3fc51d405094068df88b0e088d055127d3ec0cd5da0ed9071f520aec4e03f88","first_seen":"2025-09-25T15:55:29.883389Z","last_seen":"2025-10-17T14:30:23.079624Z","times_seen":6,"resource_available":false,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"a.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"a.magsrv.com/build-iframe-js-url.js?idzone=5726860","fqdn":"a.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"95.173.205.15","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://a.magsrv.com/iframe.php?idzone=5726860\u0026size=300x250","date":"2025-09-28T09:47:02.826Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"magsrv.com","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 Aug 2025 10:23:20 GMT","end":"Sun, 09 Nov 2025 10:23:19 GMT"},"fingerprint":{"sha1":"55:BE:EE:FC:B1:CE:38:D7:E3:0B:2C:85:5B:6D:AB:D5:10:D4:4A:F5","sha256":"24:7B:E3:CE:C3:89:75:CF:67:F0:7D:DE:47:E2:76:14:8C:B0:ED:F5:77:94:62:09:16:06:5A:DE:2E:51:00:4F"}}},"request":{"raw":"GET /build-iframe-js-url.js?idzone=5726860 HTTP/1.1\r\nHost: a.magsrv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://a.magsrv.com/iframe.php?idzone=5726860\u0026size=300x250\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 28 Sep 2025 09:47:02 GMT\r\ncontent-type: application/javascript\r\netag: W/\"36b21fce25172c86a6058b632f6\"\r\nexpires: Tue, 23 Sep 2025 14:43:59 GMT\r\ncache-control: max-age=10800\r\nx-robots-tag: noindex, follow\r\naccess-control-allow-origin: *\r\nx-77-nzt: EwwBX63NDQG2fCoAAAwBuUwKDAH3exwAAAwBWd59LgG3WAAAAA\r\nx-77-nzt-ray: 2a494a15c0ea06ac3b04d968822b8330\r\nx-77-cache: HIT\r\nx-77-age: 10876\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nserver: CDN77-Turbo\r\nx-77-pop: osloNO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":759,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (759), with no line terminators","md5":"577f4335f16c5d5ffe6e943f5d8c2f41","sha1":"36b21fce25172c86a6058b632f6f94bef1041c9c","sha256":"551e26b7f42072c6514aeabb7407c6ac116919456b93ef4170d3eeb8f0852287","sha512":"3944a37597ef3ed12cbe0b9adabf1574475f6b9316b41d2befd36d201448abf3a938592d5c9d563d76b6d79a301be0b7f165e4fbb86b73f958632c79b861a9f3","ssdeep":"","tlshash":"e50165a87ca1d6b401f028d99163f1f8d17a01c038c1c948b4c4dd80767ce8c0533f78","first_seen":"2025-09-25T15:55:29.917378Z","last_seen":"2025-09-28T16:27:44.198277Z","times_seen":3,"resource_available":true,"data":null}},"time_used":23,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":23,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"a.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"a.magsrv.com/iframe.js?idzone=5726790\u0026size=300x250","fqdn":"a.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"95.173.205.15","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://a.magsrv.com/iframe.php?idzone=5726790\u0026size=300x250","date":"2025-09-28T09:47:02.839Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"magsrv.com","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 Aug 2025 10:23:20 GMT","end":"Sun, 09 Nov 2025 10:23:19 GMT"},"fingerprint":{"sha1":"55:BE:EE:FC:B1:CE:38:D7:E3:0B:2C:85:5B:6D:AB:D5:10:D4:4A:F5","sha256":"24:7B:E3:CE:C3:89:75:CF:67:F0:7D:DE:47:E2:76:14:8C:B0:ED:F5:77:94:62:09:16:06:5A:DE:2E:51:00:4F"}}},"request":{"raw":"GET /iframe.js?idzone=5726790\u0026size=300x250 HTTP/1.1\r\nHost: a.magsrv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://a.magsrv.com/iframe.php?idzone=5726790\u0026size=300x250\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 28 Sep 2025 09:47:02 GMT\r\ncontent-type: application/javascript\r\netag: W/\"51d39ab883390a5b1ff154d9580\"\r\nexpires: Tue, 23 Sep 2025 14:44:53 GMT\r\ncache-control: max-age=10800\r\nx-robots-tag: noindex, follow\r\naccess-control-allow-origin: *\r\nx-77-nzt: EwwBX63NDQH1fCoAAAwBuUwKCQH3fBwAAAwBJRPCLgG3UAAAAA\r\nx-77-nzt-ray: 2a494a15c0ea06ac3b04d9686e02e031\r\nx-77-cache: HIT\r\nx-77-age: 10876\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nserver: CDN77-Turbo\r\nx-77-pop: osloNO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":2292,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (2292), with no line terminators","md5":"9493c0924747f9e508bc984617df1746","sha1":"51d39ab883390a5b1ff154d9580be979be716d26","sha256":"152ee361107fbc77011602612acdfc4c575a01aacace3a53fa5e0c45dd311ac2","sha512":"c8950a9fecc7408970c2fb92e5065aa260acb1db5fd106bed13e7f95bd6709857d611c8da2e98f2358d4f6deadabbcaa1943d4ea207cd1976f5896618c3b95a0","ssdeep":"","tlshash":"5841767d3012bf702dd62820912f3035e0b711d47adad460a1cfad929669d8e672176c","first_seen":"2025-09-25T15:55:29.872093Z","last_seen":"2025-10-17T14:30:23.005481Z","times_seen":6,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"a.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s3t3d2y9.afcdn.net/library/91387/3d2d276d46f441ac658cc1079056799ed9d2376d.mp4","fqdn":"s3t3d2y9.afcdn.net","domain":"afcdn.net","tld":"net"},"ip":{"addr":"95.173.205.14","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://a.magsrv.com/iframe.php?idzone=5726860\u0026size=300x250","date":"2025-09-28T09:47:03.127Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"afcdn.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 13 Sep 2025 18:41:03 GMT","end":"Fri, 12 Dec 2025 18:41:02 GMT"},"fingerprint":{"sha1":"68:CA:E4:09:64:51:A6:A3:68:11:14:36:D0:A1:63:6E:AD:58:59:50","sha256":"CD:C8:8A:2C:B0:B6:21:9E:3A:54:19:23:96:3D:87:BC:F7:14:BC:D3:A0:FA:97:48:A5:00:85:A5:C9:08:9D:0A"}}},"request":{"raw":"GET /library/91387/3d2d276d46f441ac658cc1079056799ed9d2376d.mp4 HTTP/1.1\r\nHost: s3t3d2y9.afcdn.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.5\r\nRange: bytes=0-\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://a.magsrv.com/\r\nSec-Fetch-Dest: video\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nAccept-Encoding: identity\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 206 Partial Content\r\ndate: Sun, 28 Sep 2025 09:47:03 GMT\r\ncontent-type: video/mp4\r\ncontent-length: 318480\r\nlast-modified: Wed, 05 Apr 2023 12:30:23 GMT\r\netag: \"642d69df-4dc10\"\r\nexpires: Thu, 27 Aug 2026 09:25:05 GMT\r\ncache-control: max-age=31536000\r\naccess-control-allow-origin: *\r\nx-robots-tag: noindex, follow\r\nx-served-by: hap01-sec01-prg1-1\r\nx-77-nzt: EwwBX63NDQH3qTQqAAwBuUwKAQH3cwAAAAwBWd59LgG3CgAAAA\r\nx-77-nzt-ray: 2a494a1527b7f1b13c04d96884b98407\r\nx-77-cache: HIT\r\nx-77-age: 2765993\r\nserver: CDN77-Turbo\r\nx-77-pop: osloNO\r\ncontent-range: bytes 0-318479/318480\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"Partial Content","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":155621,"size_decoded":0,"mime_type":"video/mp4","magic":"ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]","md5":"1dc42c27f7cb3a8fe952a29a3f3b8f44","sha1":"dc931379f68ecefa0126136e077521348c82c687","sha256":"a6621dbb380f0009d0658d27e12ff38dec22e2fb977dc35d7d696ceab461b84e","sha512":"f1d9182e877043250155655da8e2c122ae81b194f3f38fe30423831d53b57b00ef0257c6a047bae9dfc0961df36b6dc3590e6dbd5c7c917b1a37563baa0d5866","ssdeep":"3072:r11IP9BdksnJWsqJ0+8+Ns59yBvXWUnDLCtxiw4aYRMR10Ghg:B6jn/+tvXWUaz41yR19i","tlshash":"b3e312d8e328175debfd713fc8da0b74f208429261a889a7c015f494b6d3bf04a90fa5","first_seen":"2025-09-28T09:47:31.740448Z","last_seen":"2025-09-28T09:47:31.740448Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.magsrv.com/iframe.php?idzone=5726788\u0026size=728x90","fqdn":"a.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"95.173.205.15","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://up2img.com/adtop.php","date":"2025-09-28T09:47:02.638Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"magsrv.com","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 Aug 2025 10:23:20 GMT","end":"Sun, 09 Nov 2025 10:23:19 GMT"},"fingerprint":{"sha1":"55:BE:EE:FC:B1:CE:38:D7:E3:0B:2C:85:5B:6D:AB:D5:10:D4:4A:F5","sha256":"24:7B:E3:CE:C3:89:75:CF:67:F0:7D:DE:47:E2:76:14:8C:B0:ED:F5:77:94:62:09:16:06:5A:DE:2E:51:00:4F"}}},"request":{"raw":"GET /iframe.php?idzone=5726788\u0026size=728x90 HTTP/1.1\r\nHost: a.magsrv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://up2img.com/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 28 Sep 2025 09:47:02 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nexpires: Sun, 28 Sep 2025 11:54:29 GMT\r\ncache-control: max-age=10800\r\nx-robots-tag: noindex, follow\r\naccess-control-allow-origin: *\r\nx-77-nzt: EwwBX63NDQH3RAwAAAwBuUwKCQGzESoAAAwBJRPCLgG3DQAAAA\r\nx-77-nzt-ray: 2a494a15c0ea06ac3b04d968dda1c926\r\nx-77-cache: HIT\r\nx-77-age: 3140\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nserver: CDN77-Turbo\r\nx-77-pop: osloNO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":275,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text","md5":"03eacaa91a0df2d9a55acb15248304fb","sha1":"31df27b4b07cc39b3bfc2f78aab160a9fcb48254","sha256":"260eabf6e3cfc9c83ecffe7d4a72c60489887241f4d53e04322d03856cacaa26","sha512":"838c6840d37b377a84a8167a54574f75e6240e28137da115cad8aeb87a2922ca2c259c87f2d11461555cec101e67b1acb3dab60fa5a1da1091f30c92630eba9f","ssdeep":"","tlshash":"a9d02bd3fc41d045094068df88b0e088d051127d3ec0cd5d60ed9031f510aec8e43f88","first_seen":"2025-09-25T15:55:29.989527Z","last_seen":"2025-10-17T14:30:23.161502Z","times_seen":6,"resource_available":false,"data":null}},"time_used":24,"timings":{"blocked":12,"dns":4,"connect":2,"send":0,"wait":1,"receive":0,"ssl":4},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"a.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"a.magsrv.com/iframe.php?idzone=5726790\u0026size=300x250","fqdn":"a.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"95.173.205.15","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://up2img.com/ad300.php","date":"2025-09-28T09:47:02.780Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"magsrv.com","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 Aug 2025 10:23:20 GMT","end":"Sun, 09 Nov 2025 10:23:19 GMT"},"fingerprint":{"sha1":"55:BE:EE:FC:B1:CE:38:D7:E3:0B:2C:85:5B:6D:AB:D5:10:D4:4A:F5","sha256":"24:7B:E3:CE:C3:89:75:CF:67:F0:7D:DE:47:E2:76:14:8C:B0:ED:F5:77:94:62:09:16:06:5A:DE:2E:51:00:4F"}}},"request":{"raw":"GET /iframe.php?idzone=5726790\u0026size=300x250 HTTP/1.1\r\nHost: a.magsrv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://up2img.com/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 28 Sep 2025 09:47:02 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nexpires: Sun, 28 Sep 2025 11:54:29 GMT\r\ncache-control: max-age=10800\r\nx-robots-tag: noindex, follow\r\naccess-control-allow-origin: *\r\nx-77-nzt: EwwBX63NDQH3RAwAAAwBuUwKDAGzESoAAAwBWd59LgG3DQAAAA\r\nx-77-nzt-ray: 2a494a15c0ea06ac3b04d9688b7a732e\r\nx-77-cache: HIT\r\nx-77-age: 3140\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nserver: CDN77-Turbo\r\nx-77-pop: osloNO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":275,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text","md5":"b27dd0dc21f2daa821e9890fb76bac10","sha1":"5d3470cccc437f5f70894f07629d718b76409cac","sha256":"9e66d3c46749fef4d3a20898a4e7441e02ebd75f39f06b6727a159afcd6de019","sha512":"7275bb375cdbaf2b7e4c33b4f96a2f687a31a5991bf90b5ce0e56ca1fdf487439aced63ea99f757ad67b26512c2ac4662b0ad1a7b5f2d09dcffa39ea2d1e150c","ssdeep":"","tlshash":"32d02be3fc51d405094068df88b0e088d055127d3ec0cd5da0ed9071f520aec4e03f88","first_seen":"2025-09-25T15:55:29.883389Z","last_seen":"2025-10-17T14:30:23.079624Z","times_seen":6,"resource_available":false,"data":null}},"time_used":1,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"a.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"a.magsrv.com/iframe.php?idzone=5726860\u0026size=300x250","fqdn":"a.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"95.173.205.15","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://up2img.com/ad300.php","date":"2025-09-28T09:47:02.779Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"magsrv.com","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 Aug 2025 10:23:20 GMT","end":"Sun, 09 Nov 2025 10:23:19 GMT"},"fingerprint":{"sha1":"55:BE:EE:FC:B1:CE:38:D7:E3:0B:2C:85:5B:6D:AB:D5:10:D4:4A:F5","sha256":"24:7B:E3:CE:C3:89:75:CF:67:F0:7D:DE:47:E2:76:14:8C:B0:ED:F5:77:94:62:09:16:06:5A:DE:2E:51:00:4F"}}},"request":{"raw":"GET /iframe.php?idzone=5726860\u0026size=300x250 HTTP/1.1\r\nHost: a.magsrv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://up2img.com/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 28 Sep 2025 09:47:02 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nexpires: Sun, 28 Sep 2025 11:56:16 GMT\r\ncache-control: max-age=10800\r\nx-robots-tag: noindex, follow\r\naccess-control-allow-origin: *\r\nx-77-nzt: EwwBX63NDQGzfCoAAAwBuUwKAQH3SAkAAAwBWd59LgG3ngIAAA\r\nx-77-nzt-ray: 2a494a15c0ea06ac3b04d96805a0632e\r\nx-77-cache: HIT\r\nx-77-age: 2376\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nserver: CDN77-Turbo\r\nx-77-pop: osloNO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":275,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text","md5":"6cba4f928b5be321ce52ed459af2731d","sha1":"6745b3893f55e44419e68d790c06ad4e2769ed8d","sha256":"3811ea2edfc0d5285efbe463333af53414db97b315a2f36441c007c084ca1ae8","sha512":"ac24781e7426f71f75dd3a7ef7a2e651aa18d11e016b9914f85355702408c7552bbac8c705bee35384060c7870853ac4d3471bbb41030daccab20e0885625400","ssdeep":"","tlshash":"efd0c2d3fc41d001094068db88b0e088d0a5127d2ec0cd59a4e99060f510aec4e03f88","first_seen":"2025-09-25T15:55:29.914375Z","last_seen":"2025-09-28T16:27:44.21453Z","times_seen":3,"resource_available":false,"data":null}},"time_used":24,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":24,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"a.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s.magsrv.com/cimp.php?t=api\u0026data=H4sIAAAAAAAAA11PS25DIQy8Si/wkG1sbLLuOpFS9QC8X5TFU6tErbLw4QtEiaIywhjs8QwEJAPkgewNZMe6g+iGIUuoETP7/nB0Rv/5pvN2CtPX5hmjqWeJhuYIymbmopQsQb2zqybLLSdQ7RmDR4cHAgAncwX//HjvGyvII8CNpPK6qFPltQoZ3BCIK1VVKSqVUchwgYRryiMlmXktc+ZS28FL2MrpevntZp+SJtxFni58aM0RORKz1wXen8/rpWyL+0tng/bZDe38X70jIt7F2vfaN7HFB/P66gu7YkCtlpC5TfUZSh4zTlRYaJqUEwKMSlNeljgn+QNc2vKorAEAAA==\u0026cb=e2e_68d90417180230.98546335\u0026scr_info=YXN5bmN8fDM%3D","fqdn":"s.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"95.211.229.245","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://a.magsrv.com/iframe.php?idzone=5726860\u0026size=300x250","date":"2025-09-28T09:47:03.125Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"magsrv.com","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 Aug 2025 10:23:20 GMT","end":"Sun, 09 Nov 2025 10:23:19 GMT"},"fingerprint":{"sha1":"55:BE:EE:FC:B1:CE:38:D7:E3:0B:2C:85:5B:6D:AB:D5:10:D4:4A:F5","sha256":"24:7B:E3:CE:C3:89:75:CF:67:F0:7D:DE:47:E2:76:14:8C:B0:ED:F5:77:94:62:09:16:06:5A:DE:2E:51:00:4F"}}},"request":{"raw":"GET /cimp.php?t=api\u0026data=H4sIAAAAAAAAA11PS25DIQy8Si/wkG1sbLLuOpFS9QC8X5TFU6tErbLw4QtEiaIywhjs8QwEJAPkgewNZMe6g+iGIUuoETP7/nB0Rv/5pvN2CtPX5hmjqWeJhuYIymbmopQsQb2zqybLLSdQ7RmDR4cHAgAncwX//HjvGyvII8CNpPK6qFPltQoZ3BCIK1VVKSqVUchwgYRryiMlmXktc+ZS28FL2MrpevntZp+SJtxFni58aM0RORKz1wXen8/rpWyL+0tng/bZDe38X70jIt7F2vfaN7HFB/P66gu7YkCtlpC5TfUZSh4zTlRYaJqUEwKMSlNeljgn+QNc2vKorAEAAA==\u0026cb=e2e_68d90417180230.98546335\u0026scr_info=YXN5bmN8fDM%3D HTTP/1.1\r\nHost: s.magsrv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://a.magsrv.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://a.magsrv.com/\r\nCookie: __uvt=s%3A32%3A%22c44a4f70da7c6567e3b668bf07c30d61%22%3B\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 28 Sep 2025 09:47:03 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: https://a.magsrv.com\r\nAccess-Control-Allow-Credentials: true\r\nX-Robots-Tag: noindex, follow\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-10T12:55:53.541408Z","times_seen":13578602,"resource_available":true,"data":null}},"time_used":29,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":29,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"up2img.com/login-status.php","fqdn":"up2img.com","domain":"up2img.com","tld":"com"},"ip":{"addr":"45.93.8.200","port":443,"asn":44477,"as":"Stark Industries Solutions Ltd","country":"Ukraine","country_code":"UA"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://up2img.com/album/Mjk5Njc/Vika-Mermaid/viewimage/Mg/OTQxMTcyOTA1MjAyMTUzNTA/OTc/MDAwNjg.html","date":"2025-09-28T09:47:02.601Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"up2img.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 20 Sep 2025 23:30:24 GMT","end":"Fri, 19 Dec 2025 23:30:23 GMT"},"fingerprint":{"sha1":"F8:71:82:D9:3D:59:C2:B5:1E:B1:31:0D:74:14:C8:EE:65:4A:E7:2A","sha256":"20:78:3F:55:A2:84:DC:7A:6A:33:F2:F8:05:75:51:99:82:C8:AC:13:CC:FB:31:99:95:90:AE:53:DD:38:51:B0"}}},"request":{"raw":"GET /login-status.php HTTP/1.1\r\nHost: up2img.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://up2img.com/album/Mjk5Njc/Vika-Mermaid/viewimage/Mg/OTQxMTcyOTA1MjAyMTUzNTA/OTc/MDAwNjg.html\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 28 Sep 2025 09:47:02 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding, Accept-Encoding\r\nX-Cache: BYPASS From up2img.com\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":142,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"c22b72234cbb547884f1a0f5960b15bb","sha1":"a0555763098e72108ba032825f4ff793bf18f07f","sha256":"6cea7dfc5d95ca1351333dfab2af0b473217dd4140f3165332cb0610690fb43a","sha512":"d66e98acb6a832dbbc8decd65903ee589a80a41af51f8c51526c494e2b12d527b6cc0f5280ccab73895615923ed875fb843243ff39dcf7c0f6036097d8be89f2","ssdeep":"","tlshash":"a1c080119353510c62245170e4119a57b1056113d5029ce4dd810614404a8162446b85","first_seen":"2025-09-25T15:55:29.92095Z","last_seen":"2025-10-17T14:30:22.920592Z","times_seen":6,"resource_available":true,"data":null}},"time_used":135,"timings":{"blocked":47,"dns":0,"connect":21,"send":0,"wait":38,"receive":0,"ssl":27},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s.magsrv.com/v1/api.php","fqdn":"s.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"95.211.229.245","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://a.magsrv.com/iframe.php?idzone=5726788\u0026size=728x90","date":"2025-09-28T09:47:02.754Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"magsrv.com","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 Aug 2025 10:23:20 GMT","end":"Sun, 09 Nov 2025 10:23:19 GMT"},"fingerprint":{"sha1":"55:BE:EE:FC:B1:CE:38:D7:E3:0B:2C:85:5B:6D:AB:D5:10:D4:4A:F5","sha256":"24:7B:E3:CE:C3:89:75:CF:67:F0:7D:DE:47:E2:76:14:8C:B0:ED:F5:77:94:62:09:16:06:5A:DE:2E:51:00:4F"}}},"request":{"raw":"POST /v1/api.php HTTP/1.1\r\nHost: s.magsrv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain\r\nContent-Length: 438\r\nOrigin: https://a.magsrv.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://a.magsrv.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 28 Sep 2025 09:47:02 GMT\r\nContent-Type: application/json\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: https://a.magsrv.com\r\nAccess-Control-Allow-Credentials: true\r\nAccess-Control-Allow-Headers: Authorization, Content-Type\r\nAccess-Control-Request-Method: POST\r\nSet-Cookie: __uvt=s%3A32%3A%22e077b4f92cf30a408dcb5e54e81bf1db%22%3B; expires=Tue, 28 Sep 2027 09:47:02 GMT; Max-Age=63072000; path=/; domain=magsrv.com; secure; SameSite=None\r\nX-Robots-Tag: noindex, follow\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1798,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"333e05fcb450a67643f9c2d56252168e","sha1":"8ab54be954bef062f0f28f00da22f44da61e9984","sha256":"03eb74762fcbba112648be3d347d7ab8809687ffadc09af712b94f5e8c815d9d","sha512":"8dda052c799b222b97e505654c6f4dc828151281b5fd2558a8cca6209f86089a943aff99460fc8800412af8e9b564d757a5c0c104f2effe669da69de3bc93268","ssdeep":"","tlshash":"3631e930b3c4c07494dda1de5b9ca8e99c5b334f579608a6419649689db813825c2bbd","first_seen":"2025-09-28T09:47:31.761741Z","last_seen":"2025-09-28T09:47:31.761741Z","times_seen":1,"resource_available":false,"data":null}},"time_used":249,"timings":{"blocked":54,"dns":0,"connect":26,"send":0,"wait":141,"receive":0,"ssl":28},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.magsrv.com/iframe.js?idzone=5726790\u0026size=300x250","fqdn":"a.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"95.173.205.15","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://a.magsrv.com/iframe.php?idzone=5726790\u0026size=300x250","date":"2025-09-28T09:47:02.836Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"magsrv.com","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 Aug 2025 10:23:20 GMT","end":"Sun, 09 Nov 2025 10:23:19 GMT"},"fingerprint":{"sha1":"55:BE:EE:FC:B1:CE:38:D7:E3:0B:2C:85:5B:6D:AB:D5:10:D4:4A:F5","sha256":"24:7B:E3:CE:C3:89:75:CF:67:F0:7D:DE:47:E2:76:14:8C:B0:ED:F5:77:94:62:09:16:06:5A:DE:2E:51:00:4F"}}},"request":{"raw":"GET /iframe.js?idzone=5726790\u0026size=300x250 HTTP/1.1\r\nHost: a.magsrv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://a.magsrv.com/iframe.php?idzone=5726790\u0026size=300x250\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 28 Sep 2025 09:47:02 GMT\r\ncontent-type: application/javascript\r\netag: W/\"51d39ab883390a5b1ff154d9580\"\r\nexpires: Tue, 23 Sep 2025 14:44:53 GMT\r\ncache-control: max-age=10800\r\nx-robots-tag: noindex, follow\r\naccess-control-allow-origin: *\r\nx-77-nzt: EwwBX63NDQGWfCoAAAwBuUwKCQH3fBwAAAwBJRPCLgG3UAAAAA\r\nx-77-nzt-ray: 2a494a15c0ea06ac3b04d96807f7ba31\r\nx-77-cache: HIT\r\nx-77-age: 10876\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nserver: CDN77-Turbo\r\nx-77-pop: osloNO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":2292,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (2292), with no line terminators","md5":"9493c0924747f9e508bc984617df1746","sha1":"51d39ab883390a5b1ff154d9580be979be716d26","sha256":"152ee361107fbc77011602612acdfc4c575a01aacace3a53fa5e0c45dd311ac2","sha512":"c8950a9fecc7408970c2fb92e5065aa260acb1db5fd106bed13e7f95bd6709857d611c8da2e98f2358d4f6deadabbcaa1943d4ea207cd1976f5896618c3b95a0","ssdeep":"","tlshash":"5841767d3012bf702dd62820912f3035e0b711d47adad460a1cfad929669d8e672176c","first_seen":"2025-09-25T15:55:29.872093Z","last_seen":"2025-10-17T14:30:23.005481Z","times_seen":6,"resource_available":true,"data":null}},"time_used":22,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":22,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"a.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s.magsrv.com/cimp.php?t=api\u0026data=H4sIAAAAAAAAA11QQWoDMQz8Sj+QZSRLaynnnlNo6QOczW7IYWlJaMlBj69tkhDqwRJYGs3IDNYNfMP2At1K3iKF0eA61EgusXt7D6H4+ebTehymrzWckuVwTUYWhCxmFpp5zI5QWOQ8mo8IYuRsrhaCSIE7BkDyGBnx+fHaL1VwJODKWnldNBghrcKGK4GlUjVNs+MwMdyL83421QJPOmbClNoYRBnWcrycf7vZh+SYusbDRGxabyJJLBL1IPrzaTmXdY546mzIfXRDy/+rt8p402rbtS2pxTvz8myLumL94GqJRNrUUCUYVAq3/cR58SQHsQMt875Myx/g1jtyqwEAAA==\u0026cb=e2e_68d904170d6dd4.69616888\u0026scr_info=YXN5bmN8fDM%3D","fqdn":"s.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"95.211.229.245","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://a.magsrv.com/iframe.php?idzone=5726790\u0026size=300x250","date":"2025-09-28T09:47:03.118Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"magsrv.com","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 Aug 2025 10:23:20 GMT","end":"Sun, 09 Nov 2025 10:23:19 GMT"},"fingerprint":{"sha1":"55:BE:EE:FC:B1:CE:38:D7:E3:0B:2C:85:5B:6D:AB:D5:10:D4:4A:F5","sha256":"24:7B:E3:CE:C3:89:75:CF:67:F0:7D:DE:47:E2:76:14:8C:B0:ED:F5:77:94:62:09:16:06:5A:DE:2E:51:00:4F"}}},"request":{"raw":"GET /cimp.php?t=api\u0026data=H4sIAAAAAAAAA11QQWoDMQz8Sj+QZSRLaynnnlNo6QOczW7IYWlJaMlBj69tkhDqwRJYGs3IDNYNfMP2At1K3iKF0eA61EgusXt7D6H4+ebTehymrzWckuVwTUYWhCxmFpp5zI5QWOQ8mo8IYuRsrhaCSIE7BkDyGBnx+fHaL1VwJODKWnldNBghrcKGK4GlUjVNs+MwMdyL83421QJPOmbClNoYRBnWcrycf7vZh+SYusbDRGxabyJJLBL1IPrzaTmXdY546mzIfXRDy/+rt8p402rbtS2pxTvz8myLumL94GqJRNrUUCUYVAq3/cR58SQHsQMt875Myx/g1jtyqwEAAA==\u0026cb=e2e_68d904170d6dd4.69616888\u0026scr_info=YXN5bmN8fDM%3D HTTP/1.1\r\nHost: s.magsrv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://a.magsrv.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://a.magsrv.com/\r\nCookie: __uvt=s%3A32%3A%22c44a4f70da7c6567e3b668bf07c30d61%22%3B\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 28 Sep 2025 09:47:03 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: https://a.magsrv.com\r\nAccess-Control-Allow-Credentials: true\r\nX-Robots-Tag: noindex, follow\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-10T12:55:53.541408Z","times_seen":13578602,"resource_available":true,"data":null}},"time_used":28,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":28,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}