Report - jj.su/tn8oxn?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https:/bing.com/&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking

Report Overview

Visited public
2025-05-12 02:13:43
Tags
URL
jj.su/tn8oxn?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https:/bing.com/&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http:/upx-l.tech/t338d6cf7&v2=1
Finishing URL
up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
IP / ASN
172.67.141.171
#13335 CLOUDFLARENET
Title
UP-X — Multiplayer online strategy

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

442

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
up8so9x.space	unknown	2025-04-02	2025-04-03	2025-05-09	596 B	637 B	95.129.233.148
www.googletagmanager.com	75	2011-11-11	2012-10-04	2025-05-07	1.0 kB	643 kB	142.250.178.40
jj.su	unknown	2011-07-11	2019-05-29	2025-05-12	654 B	193 kB	172.67.141.171
gis-static.com	unknown	2021-08-26	2021-08-27	2025-05-09	480 B	26 kB	104.21.64.1
up6mgf0x.top	unknown	2025-04-21	2025-05-12	2025-05-12	299 kB	13 MB	190.115.31.140
upxsupport.webim.ru	unknown	2006-09-29	2024-04-13	2025-05-09	6.6 kB	1.6 MB	91.142.90.130
pushpad.xyz	100116	2015-09-25	2016-09-18	2025-05-08	407 B	26 kB	104.26.6.3

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed
2025-05-12	medium	up6mgf0x.top	Sinkholed

ThreatFox

No alerts detected

JavaScript (134)

	URL	From	Size	First Seen	Last Seen
	up6mgf0x.top/_nuxt/8019ecc.js	ScriptElement	20 kB	2025-05-10	2025-05-12
Pretty URL up6mgf0x.top/_nuxt/8019ecc.js IP 190.115.31.140 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-10 13:05 Last Seen2025-05-12 02:55 Times Seen164 Hash f15a0fc8d88d7ec0b05341231061848d 5e2bd8db9a3aa89cd9b55a52598ed672c07284c5 d5e1b3a094db969f79a4a20ae87fb7d8c60dfe391f9c4ced35a610b0feaec182 Loading...

	up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7	ScriptElement	173 B	2023-10-27	2025-06-05
Pretty URL up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-27 11:33 Last Seen2025-06-05 05:32 Times Seen486 Hash 32b17810aafc171723a56b07c5d925dc 66e276c452556ce8cdb15d217894053f228dca05 36f95e742b3741229b9a560479c577a9d4f38d192f416f4be8aae4e9b3e39ef2 Loading...

	up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7	ScriptElement	1.5 kB	2025-05-12	2025-05-12
Pretty URL up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-12 02:13 Last Seen2025-05-12 02:13 Times Seen1 Hash 3df92819744cf3de1b95ebd1c1d0cd3d cd6dcee3d3671f3406b3d33f3713ef095cb28267 f1e126b0b1606afd440f87e8e379d1cfc1ebd5a58ce0ed491711a38c974711c3 Loading...

	up6mgf0x.top/_nuxt/906d945.js	ScriptElement	15 kB	2025-05-10	2025-05-12
Pretty URL up6mgf0x.top/_nuxt/906d945.js IP 190.115.31.140 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-10 13:05 Last Seen2025-05-12 02:55 Times Seen164 Hash db2c01f9a2ca361b986b3638554c5da4 ba6e97dce8e61744b84d668b6744f9960f9e1649 937a7727dd4761793807906171b351ddd993a37527c95638ce8a7fb319fa99e6 Loading...

	up6mgf0x.top/_nuxt/ad1b80b.js	ScriptElement	54 kB	2025-05-10	2025-05-12
Pretty URL up6mgf0x.top/_nuxt/ad1b80b.js IP 190.115.31.140 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-10 13:05 Last Seen2025-05-12 02:55 Times Seen164 Hash a124f36f8865f9d5b675962ad61f3a28 7a69657bc34a76811ad07b158c5dcdf32c53f459 f1f4f724ca4e4bf8baaf1b9853b9d09bd71b0a04684f2f9ea076b86f8510e2c7 Loading...

	up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7	Eval	76 B	2025-01-28	2025-06-04
Pretty URL up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7 IP 0.0.0.0 ASN #0 Introduced by eval Embedded in HTML false Observations First Seen2025-01-28 03:24 Last Seen2025-06-04 17:41 Times Seen216 Hash 4ea20f8aed843aaf80eb70ec61229619 9a9694014cffe2b3bb4301c65a13f2220f022393 7dbc6880dc10f2fd4842acd8e7964207afdd826ef6412496f647ddf10cb0c2a6 Loading...

	up6mgf0x.top/_nuxt/370fcd3.js	ScriptElement	3.6 kB	2025-05-10	2025-05-12
Pretty URL up6mgf0x.top/_nuxt/370fcd3.js IP 190.115.31.140 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-10 13:05 Last Seen2025-05-12 02:55 Times Seen164 Hash 975a58c02e9bc6956171b127e11bca10 a275db1f7499ba4c01bedaf1dbc975e84535817b 5a2c65dd90791399ba24a459d34ffa846e0bceb41d6c9b0b894d8add392e6942 Loading...

	upxsupport.webim.ru/js/button.js	ScriptElement	897 kB	2025-05-09	2025-05-26
Pretty URL upxsupport.webim.ru/js/button.js IP 91.142.90.130 ASN #41722 Miran Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-09 21:25 Last Seen2025-05-26 03:22 Times Seen198 Hash fbdf2ab58c72dc654b93a0a23ffa3fd8 7da289491198fa17b44f87e10b5b30f9d1c8900e 0b930c192cefc65e0d7bae64975848e1964b6caa244dd68feb407f66b3db619f Loading...

	up6mgf0x.top/_nuxt/59a563c.js	ScriptElement	3.8 kB	2025-05-10	2025-05-12
Pretty URL up6mgf0x.top/_nuxt/59a563c.js IP 190.115.31.140 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-10 13:05 Last Seen2025-05-12 02:55 Times Seen164 Hash a09714aecacd4ee6c0f24736fefe3594 09e813e0c75657ec67c3117e50a50deae17715d5 e841fcba0104ce35b777db398afe9a4ba54b9932364525e0a843289c2897db2c Loading...

	up6mgf0x.top/_nuxt/0b7f464.js	ScriptElement	3.0 kB	2025-05-10	2025-05-12
Pretty URL up6mgf0x.top/_nuxt/0b7f464.js IP 190.115.31.140 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-10 13:05 Last Seen2025-05-12 02:55 Times Seen164 Hash c838c456251763c37047bf00e8f4b1a9 b5ce6299a523d86c7dea9e93c91bc332ee5d7027 e046475eee7e09888ff6c0dd9140f39e7c486d24ff1b92d5568f09973dc96d15 Loading...

	up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7	ScriptElement	2.6 kB	2025-05-12	2025-05-12
Pretty URL up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-12 01:37 Last Seen2025-05-12 02:43 Times Seen10 Hash 8b91b120e97bbad5d3ca0420f6650d1c 3a9c07aca3291342467cf98ba712e90560f839b7 6dd6f7a54dc582bf8239d7c33cfdf429cbc4a3a5dd4db7974bf0caa7c8fe7874 Loading...

	up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7	ScriptElement	87 kB	2025-05-12	2025-05-12
Pretty URL up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7 IP 190.115.31.140 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2025-05-12 02:13 Last Seen2025-05-12 02:13 Times Seen1 Hash c6aa6dcfaf162e199700a1c8772483fc 78a5cd02b6eaa1cddc449465a1de44b219662fce efb055164c8c30803e034eaf411ddc9dab69987e087bb4e3ff01ad34ba310da4 Loading...

	up6mgf0x.top/_nuxt/d40f0ea.js	ScriptElement	7.0 kB	2025-05-10	2025-05-12
Pretty URL up6mgf0x.top/_nuxt/d40f0ea.js IP 190.115.31.140 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-10 13:05 Last Seen2025-05-12 02:55 Times Seen164 Hash 6e331538c40865fa59082ede9dfd6995 ca815f5d3d92bad8374c2bf89de50e792c4a91f9 b0a6c29aa1b5d6270fa47c5ab60d03cf3f208808221221e3916bf1bbf54710bc Loading...

	up6mgf0x.top/_nuxt/8f78b03.js	ScriptElement	1.6 kB	2025-05-10	2025-05-12
Pretty URL up6mgf0x.top/_nuxt/8f78b03.js IP 190.115.31.140 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-10 13:05 Last Seen2025-05-12 02:55 Times Seen164 Hash f808d20ee34de0a91e9d1886e26237df a4b7e6f57698b0054a4e90585f3683ebba38badd b01cd984c0791c48750634387958149ff24494891072e28885bb1f189ba8b7dd Loading...

	up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7	Eval	76 B	2025-03-25	2025-06-04
Pretty URL up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7 IP 0.0.0.0 ASN #0 Introduced by eval Embedded in HTML false Observations First Seen2025-03-25 01:33 Last Seen2025-06-04 17:41 Times Seen186 Hash c0b8d5878095a6587d1b15ad0a7ee19a f6dd5ca7829e31564efe8d49dcc8cb7d5a0de353 e07da4a7f9acd1a0dd061a80e2af156a26504102199e38e2783a80a96480ff2f Loading...

	up6mgf0x.top/_nuxt/fad89d3.js	ScriptElement	29 kB	2025-05-10	2025-05-12
Pretty URL up6mgf0x.top/_nuxt/fad89d3.js IP 190.115.31.140 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-10 13:05 Last Seen2025-05-12 02:55 Times Seen164 Hash 4564c968d9c4fbd990511019dad36e20 1ef13e867b6071fb29780d61d86955545c93eeaf f0081ba94ef1780bf906fb07e4c0f1df4c161d31fbcd35ea621ea279e52951b6 Loading...

	up6mgf0x.top/_nuxt/898afed.js	ScriptElement	82 kB	2025-05-10	2025-05-12
Pretty URL up6mgf0x.top/_nuxt/898afed.js IP 190.115.31.140 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-10 13:05 Last Seen2025-05-12 02:55 Times Seen164 Hash 851b7b8cce8c1f9d392d6485c71dd02e cc373b70fa337ccc34b94b397d6e8bea5f686e87 ef50038fa8ffa44b6f00fe6da4f9b23506e5c11040a9be608e84ebde99bd6b50 Loading...

	up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7	ScriptElement	1.5 kB	2025-05-12	2025-05-12
Pretty URL up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-12 02:13 Last Seen2025-05-12 02:13 Times Seen1 Hash 0c3eae677e28a4809d0af5d7ef201be2 7ab206732e6bafc0add1d38e6c4222fb6c08b130 1db86223295e63a0b9eec0f89112c72d074f749f63abbeafdd079315b89f0576 Loading...

	up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7	ScriptElement	2.6 kB	2025-05-12	2025-05-12
Pretty URL up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-12 01:37 Last Seen2025-05-12 02:43 Times Seen10 Hash 344ac142572314978d1d2af23cda511e fe3e372c878ba12962b3762918dbcad713e81303 722343e166d23c2bf4713bdf811e2cc108dcfef7953d24ed3a6891783d4f2ebe Loading...

	up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7	Eval	76 B	2025-03-25	2025-06-04
Pretty URL up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7 IP 0.0.0.0 ASN #0 Introduced by eval Embedded in HTML false Observations First Seen2025-03-25 01:33 Last Seen2025-06-04 17:41 Times Seen184 Hash 411108f91e77da7f38cb3129d46d70e0 e49b9034c70c1ddaebc89114205cd7582978dec4 ecca01646200a61526caaeb47cbb0d0e3003a1a7f3a3e9a0d86a7ee64f587153 Loading...

	up6mgf0x.top/_nuxt/beaaeba.js	ScriptElement	4.5 kB	2025-05-10	2025-05-12
Pretty URL up6mgf0x.top/_nuxt/beaaeba.js IP 190.115.31.140 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-10 13:05 Last Seen2025-05-12 02:55 Times Seen164 Hash 15a2714d8b5bc2dbaec612cf4cac45cb 67ad836923e49990b6f1ae61badd8dd21d515a19 d457280c9d5befbc9ccae9f4bb0527dc9ad6601142a72ad2359b08a8ee7c5e2b Loading...

	up6mgf0x.top/_nuxt/e2401ad.js	ScriptElement	38 kB	2025-05-10	2025-05-12
Pretty URL up6mgf0x.top/_nuxt/e2401ad.js IP 190.115.31.140 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-10 13:05 Last Seen2025-05-12 02:55 Times Seen164 Hash da2973422f6293e1b8483d46eb2b3716 4cb95245fb689d6c7f5c523853fc28535ec8877b bdbcd784f8b8095d3f94a332d7dc4ab5ea7c26f8ed9410613ee9d627bff6ff25 Loading...

	up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7	ScriptElement	179 B	2023-08-08	2025-06-05
Pretty URL up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-08 18:00 Last Seen2025-06-05 05:32 Times Seen452 Hash 159383d586e1e6aaf415460586b9acc7 0cd56add2d12a1ff2f440005a2a0ed895af9a246 ef6dd3a757b4fa80d4295626a371757ec79fc11b2bec86c11f5d16dfbe8fadcd Loading...

	up6mgf0x.top/_nuxt/54c02b2.js	ScriptElement	7.1 kB	2025-05-10	2025-05-12
Pretty URL up6mgf0x.top/_nuxt/54c02b2.js IP 190.115.31.140 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-10 13:05 Last Seen2025-05-12 02:55 Times Seen164 Hash 73b16e0c325f345d2b07a269d5ba0a70 7e7f9bd9f1c9b6630f3394db12ef78420b16ddd5 ef069d9934de3e10630f2022dfc631611da637b0ec666a8984ce22f0e58fac78 Loading...

	up6mgf0x.top/_nuxt/da9b293.js	ScriptElement	31 kB	2025-05-10	2025-05-12
Pretty URL up6mgf0x.top/_nuxt/da9b293.js IP 190.115.31.140 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-10 13:05 Last Seen2025-05-12 02:55 Times Seen164 Hash 2ae2506eef4d7fe8af79d65d593fc4b3 ed49460c6e1b7955a9d22b42dac7aac0b479d968 eba230030b104522414c9761347d4d598ae74de772fb87868ed2a7a7a6f72487 Loading...

	up6mgf0x.top/_nuxt/98638aa.js	ScriptElement	22 kB	2025-05-10	2025-05-12
Pretty URL up6mgf0x.top/_nuxt/98638aa.js IP 190.115.31.140 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-10 13:05 Last Seen2025-05-12 02:55 Times Seen164 Hash aaf44adf443a965d593b81ca9e55bcf7 45b9d4e5b1f62d16ee0e1f4e0905d4ed5a792d27 113562f6d686614ff66bf46aec8230971505bf1758874cd92449c75201bcab61 Loading...

	up6mgf0x.top/_nuxt/1097a65.js	ScriptElement	1.7 kB	2025-05-10	2025-05-12
Pretty URL up6mgf0x.top/_nuxt/1097a65.js IP 190.115.31.140 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-10 13:05 Last Seen2025-05-12 02:55 Times Seen164 Hash 37e521211f80859be5c2c110a5cceede ba559390019596c602120b706bae6a4d749a33fa b1624f3854eb325c237e9499c64451d51790e9cbee1ae54b7dc574d4c368c21b Loading...

	up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7	Eval	76 B	2025-01-31	2025-06-03
Pretty URL up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7 IP 0.0.0.0 ASN #0 Introduced by eval Embedded in HTML false Observations First Seen2025-01-31 02:28 Last Seen2025-06-03 10:50 Times Seen184 Hash d6141adecc889a050df3751fdabaace6 3ba4c898ba64db2f54622891ce1515cb35e664b5 7ec67c6dd6d95b719b681a087bcb9301fc26f39b0e69d80495cd5d8c86cf2838 Loading...

	up6mgf0x.top/_nuxt/ce4ac6e.js	ScriptElement	182 kB	2025-05-10	2025-05-12
Pretty URL up6mgf0x.top/_nuxt/ce4ac6e.js IP 190.115.31.140 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-10 13:05 Last Seen2025-05-12 02:55 Times Seen164 Hash 6b828a0eb72ccc424762a000c98a6a8e 8eb3836115f40677f881e3976453270ea868044b 640bbf53500e0b9f0d5292d3e96a2f3413f0e2471eeb49dde901d6165cbe8476 Loading...

	up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7	ScriptElement	1.5 kB	2025-05-12	2025-05-12
Pretty URL up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-12 02:13 Last Seen2025-05-12 02:13 Times Seen1 Hash 6afc98a1b0bddaecbeb0e37c136ee3ac 0cc31a6db7c3b62e90d2a4e746aae77f12f98a38 4e77a67d9be73efd29540f7edd10ddd3c9e35a83c3b1eceec0a277d5382b9e7b Loading...

	up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7	ScriptElement	739 B	2025-05-12	2025-05-12
Pretty URL up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-12 02:13 Last Seen2025-05-12 02:13 Times Seen1 Hash 16698130c736d5e38429ceddf8f7d86f 7f921aa2ce0e3ab2ae84d2ef6f5a506a5f39aeee dfedbff330dcf6ef77e9be630c45e310365d0cb02d9fdfbefe674b2d5c8b97e4 Loading...

	up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7	ScriptElement	170 B	2023-08-08	2025-06-05
Pretty URL up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-08 18:00 Last Seen2025-06-05 05:32 Times Seen456 Hash 6d39528616d26732b4bcb2fd851f474a a81f4796a567ab4b16714ae5f1ed321be3743cc6 5f776dfbedc8ab637052b8b7146397fb916a1e9c10930a799bb2784c191f988b Loading...

	up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7	Eval	76 B	2025-02-11	2025-06-04
Pretty URL up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7 IP 0.0.0.0 ASN #0 Introduced by eval Embedded in HTML false Observations First Seen2025-02-11 05:00 Last Seen2025-06-04 17:41 Times Seen259 Hash 17086189586e5cf6936a55228c2314b7 063711c4265ec0d889339193874430c2d328435a 0d220d1c62eecdce59bda86dde27d4070994a4e54f2cfc01e8f10b7bc6322111 Loading...

	up6mgf0x.top/_nuxt/c7db3fd.js	ScriptElement	8.6 kB	2025-05-10	2025-05-12
Pretty URL up6mgf0x.top/_nuxt/c7db3fd.js IP 190.115.31.140 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-10 13:05 Last Seen2025-05-12 02:55 Times Seen164 Hash 1d09f6e48e7e15cd3b0f9867d66aadd8 a9c2ab4634212510b0f13dafa5acdb0d8126b32a d983b956200e1d5731edb9135d439ad2ae94abd585e27e573fda5b42a486c53f Loading...

	up6mgf0x.top/_nuxt/d5eb26f.js	ScriptElement	3.1 kB	2025-05-10	2025-05-12
Pretty URL up6mgf0x.top/_nuxt/d5eb26f.js IP 190.115.31.140 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-10 13:05 Last Seen2025-05-12 02:55 Times Seen164 Hash 54d56cf454133c914eb1d1af815bacb9 7c9a005c5dac23ba1f8b152ce0d49169101cefa6 01f6df65b1bad672d3ff27c6c3357dee2cc3fe0677df0e1c6f92fdca6b2d49a1 Loading...

	up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7	ScriptElement	2.6 kB	2025-05-12	2025-05-12
Pretty URL up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-12 01:37 Last Seen2025-05-12 02:43 Times Seen10 Hash 843ccc82a4b5ca093e4dbc44ded3884a bef175ee7e7a13e2e1ed78be309038186061bcea 0148d0d22481eb7a3a6d5de7552c50612b3731d28f61db28c64ec59f4095ccf6 Loading...

	up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7	ScriptElement	1.5 kB	2025-05-12	2025-05-12
Pretty URL up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-12 02:13 Last Seen2025-05-12 02:13 Times Seen1 Hash 7b669de7bb1c822c47010364be1bfe5e ddab1e27be47cf0d040023464853ae175817975f 15093e04d58a6d04ac75d3ba70ecefa962cb90693211a57a4d02ce132d471651 Loading...

	up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7	Eval	56 B	2023-03-29	2025-06-05
Pretty URL up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7 IP 0.0.0.0 ASN #0 Introduced by eval Embedded in HTML false Observations First Seen2023-03-29 21:04 Last Seen2025-06-05 05:32 Times Seen489 Hash fedcfbf3bcb1dde3fd82ab8dfd0cc135 c8605edffb2c06b6b93e9a2f185f99e534b7049f 2d5321d896075b1345864896ddf28ed5c094516cc1e090da272e1188b62244f5 Loading...

	up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7	Eval	76 B	2025-02-02	2025-06-03
Pretty URL up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7 IP 0.0.0.0 ASN #0 Introduced by eval Embedded in HTML false Observations First Seen2025-02-02 09:34 Last Seen2025-06-03 10:50 Times Seen172 Hash 00c3ed8698297f20791231492ef35ea5 8e65b43aae2c707c6e7752d7a691986c40fcaed1 2727ff3cdea34b32f8455ab8e0700d53657de8a8e7a85733014be92f880a1e79 Loading...

	up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7	ScriptElement	1.5 kB	2025-05-12	2025-05-12
Pretty URL up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-12 02:13 Last Seen2025-05-12 02:13 Times Seen1 Hash 51aa0ac0614144e37eb899374eef18fd 24a7a9d9ac5eaba06a15b4a2f3a856f35643d5b0 27d7ac58cb88f270a6a63705ed2ce8a94ca0b752d122ddd5a8c6bd38c09037c9 Loading...

	up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7	Eval	76 B	2025-01-28	2025-06-04
Pretty URL up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7 IP 0.0.0.0 ASN #0 Introduced by eval Embedded in HTML false Observations First Seen2025-01-28 03:24 Last Seen2025-06-04 17:41 Times Seen241 Hash 10b8de6fc14413cf09f28a3286202467 913420772a2485f1ec65413d218b616cde2e3676 27f820962a5f9753b06dd5a9ef6901914463fd8b49220fabc6ef2af307062a35 Loading...

	up6mgf0x.top/_nuxt/54f7216.js	ScriptElement	38 kB	2025-05-10	2025-05-12
Pretty URL up6mgf0x.top/_nuxt/54f7216.js IP 190.115.31.140 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-10 13:05 Last Seen2025-05-12 02:55 Times Seen164 Hash c40b7e8396f6578d342c7c6f021a1774 cb797c67564607d3760c736a110a26e73d07972a 6fe0933b34427fa4cde666aa86eb31da34d662c35e4c2307c8aea5a8c961d0eb Loading...

	up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7	ScriptElement	1.5 kB	2025-05-12	2025-05-12
Pretty URL up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-12 02:13 Last Seen2025-05-12 02:13 Times Seen1 Hash e883e04d6dfba048027243dce6441cf9 a3724e1ba25eb6df45f43f292fc0a719c3c6e405 270005944605565fdb8fad7709a81ce6c6dfee636de56bb21f8000f3a3c53796 Loading...

	up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7	Eval	76 B	2025-01-28	2025-06-04
Pretty URL up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7 IP 0.0.0.0 ASN #0 Introduced by eval Embedded in HTML false Observations First Seen2025-01-28 03:24 Last Seen2025-06-04 17:41 Times Seen205 Hash 44a1f5d5fd207395fae5cbcbf983906e 4157237321e96b92261629b918b80e73c3bbdc36 25ed7ce15f74ae7b4a83143aa986783d9e1cfb7a76027d0778250e5a0c9563c3 Loading...

	up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7	Eval	56 B	2023-03-29	2025-06-05
Pretty URL up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7 IP 0.0.0.0 ASN #0 Introduced by eval Embedded in HTML false Observations First Seen2023-03-29 21:04 Last Seen2025-06-05 05:32 Times Seen489 Hash fedcfbf3bcb1dde3fd82ab8dfd0cc135 c8605edffb2c06b6b93e9a2f185f99e534b7049f 2d5321d896075b1345864896ddf28ed5c094516cc1e090da272e1188b62244f5 Loading...

	up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7	Eval	76 B	2025-03-25	2025-06-04
Pretty URL up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7 IP 0.0.0.0 ASN #0 Introduced by eval Embedded in HTML false Observations First Seen2025-03-25 01:33 Last Seen2025-06-04 17:41 Times Seen186 Hash 121a4fbf980393f8e5e5aa7a7b410d2e e05b208e5bbabfea9666298d5f4f348d2247b25e 23fc3582cabe9e79a964d8e312ea147f8acf8d9a98ccd8c747445c5495bd58c6 Loading...

	up6mgf0x.top/_nuxt/ec05f54.js	ScriptElement	3.1 kB	2025-05-10	2025-05-12
Pretty URL up6mgf0x.top/_nuxt/ec05f54.js IP 190.115.31.140 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-10 13:05 Last Seen2025-05-12 02:55 Times Seen164 Hash 9ed3b504c979ff9a5223881f8726fba1 07d6e29d05ec9cfddfb7d5ebaacd2a0a1b082064 259bcc55300ce264000aa29bf142aff96cf35fd8d309c03cc695699c786ce8ae Loading...

	up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7	Eval	76 B	2025-01-28	2025-06-03
Pretty URL up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7 IP 0.0.0.0 ASN #0 Introduced by eval Embedded in HTML false Observations First Seen2025-01-28 03:30 Last Seen2025-06-03 16:18 Times Seen168 Hash f32c4e9453b3acae5eac45434b952da5 88f2840c84095880ebfcf8f3d97b938a7b51db44 15d4b12be61f51dc62a69f9c1984752929f5a402f82c8bea07df0c7083882664 Loading...

	up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7	ScriptElement	2.6 kB	2025-05-12	2025-05-12
Pretty URL up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-12 01:37 Last Seen2025-05-12 02:43 Times Seen6 Hash 84b4fdf0feabd21ee7087c3d7b8754e9 ff69bc421709fa288c5a0331fccbd361cbd85c02 7109d90c0c5e45d428786f986d7c6f787d3980239dd4c6d4825289cd43615d18 Loading...

	up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7	Eval	76 B	2025-01-28	2025-06-04
Pretty URL up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7 IP 0.0.0.0 ASN #0 Introduced by eval Embedded in HTML false Observations First Seen2025-01-28 03:24 Last Seen2025-06-04 17:41 Times Seen218 Hash 64a1c7c86457973467a497bbbc732848 3006b7e4c132445d05048c565e1ba4de2be5b80f 40c33d120e71bf152baa48ac49594e30263aa2297a1b1887120e25c4fe326ce1 Loading...

	up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7	Eval	76 B	2025-01-28	2025-06-03
Pretty URL up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7 IP 0.0.0.0 ASN #0 Introduced by eval Embedded in HTML false Observations First Seen2025-01-28 03:24 Last Seen2025-06-03 10:50 Times Seen183 Hash 4ead730486a953a02c98cd777c593f92 040f56c74753e6fda38d94c12de25338262d0139 a1856cadf9447c9201405a47fb98a060ab49fbaaae69c0ddb7ff28c98ce4da8e Loading...

	up6mgf0x.top/_nuxt/f48e7e1.js	ScriptElement	1.0 kB	2025-05-12	2025-05-12
Pretty URL up6mgf0x.top/_nuxt/f48e7e1.js IP 190.115.31.140 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-12 01:28 Last Seen2025-05-12 02:55 Times Seen72 Hash 2a5e1c7244c72c039c6809c395f2d9e0 3e158b49136be53b3656ebc9bbdc3afa45a130da c55f1d386251f930c86bb72650606e797a7c90a176c8f3639fe70135a984a5de Loading...

	up6mgf0x.top/_nuxt/e3850fa.js	ScriptElement	15 kB	2025-05-10	2025-05-12
Pretty URL up6mgf0x.top/_nuxt/e3850fa.js IP 190.115.31.140 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-10 13:05 Last Seen2025-05-12 02:55 Times Seen164 Hash a528729449d9945050428e6396d1ae6f 2a0ed92dd20b8355b0801d3537324bec413a1634 6209681688405165217ddf463a0f149b941c5cecc37c328d43b76d259759fc74 Loading...

	up6mgf0x.top/_nuxt/55ec790.js	ScriptElement	3.0 kB	2025-05-10	2025-05-12
Pretty URL up6mgf0x.top/_nuxt/55ec790.js IP 190.115.31.140 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-10 13:05 Last Seen2025-05-12 02:55 Times Seen164 Hash fd2ff5a2d6acaee27d2de9acd9aadc86 cbf59527c6eeef4e522d3ad4d83ba164be28e8e4 556962082c2c6cff76844c6398c78a1fec369125802068db76c011e112977a4c Loading...

	up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7	ScriptElement	1.5 kB	2025-05-12	2025-05-12
Pretty URL up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-12 02:13 Last Seen2025-05-12 02:13 Times Seen1 Hash 7dbe8451411b45af02ee03fec93d898f 3bc1053bd2694ae34aed71c260984fdb4d48e354 d61dddda282fa484f7042d72bac326ab3aebb6b97187080b9e8a56da5fca1c5c Loading...

	up6mgf0x.top/_nuxt/a0f24bb.js	ScriptElement	8.2 kB	2025-05-10	2025-05-12
Pretty URL up6mgf0x.top/_nuxt/a0f24bb.js IP 190.115.31.140 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-10 13:05 Last Seen2025-05-12 02:55 Times Seen164 Hash 11012b596562429fa7c2b1d62f007023 815847c9adb7f8a0d8cd5261cba1d364fa5db1d2 b936915bc5e8c01de9d9a8bb467f12d6e3bb2b538035aab90d5981acac66f349 Loading...

	up6mgf0x.top/_nuxt/d8c665e.js	ScriptElement	1.0 kB	2025-05-10	2025-05-12
Pretty URL up6mgf0x.top/_nuxt/d8c665e.js IP 190.115.31.140 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-10 13:05 Last Seen2025-05-12 02:55 Times Seen65 Hash c2537a991a36ec4b3fd1df7871c175e5 dfdfa18d930800f0c77beec2511b80c94cd149a2 d0665ab356f430dc3bdeb78a2004626824b6f72ff670357cdfca4a542943693d Loading...

	up6mgf0x.top/_nuxt/29e4e86.js	ScriptElement	48 kB	2025-05-10	2025-05-12
Pretty URL up6mgf0x.top/_nuxt/29e4e86.js IP 190.115.31.140 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-10 13:05 Last Seen2025-05-12 02:55 Times Seen164 Hash 0717414ae38a3d31e5893099391e105f 0a0110397f457ab9152a0e890693c051a1e31a64 0771b8a3a466c887ca9102ada85b01be6efff9f5d62d8788fa0f4f913839f548 Loading...

	up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7	Eval	56 B	2023-03-29	2025-06-05
Pretty URL up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7 IP 0.0.0.0 ASN #0 Introduced by eval Embedded in HTML false Observations First Seen2023-03-29 21:04 Last Seen2025-06-05 05:32 Times Seen489 Hash fedcfbf3bcb1dde3fd82ab8dfd0cc135 c8605edffb2c06b6b93e9a2f185f99e534b7049f 2d5321d896075b1345864896ddf28ed5c094516cc1e090da272e1188b62244f5 Loading...

	up6mgf0x.top/fp2.min.js	ScriptElement	35 kB	2023-07-23	2025-06-05
Pretty URL up6mgf0x.top/fp2.min.js IP 190.115.31.140 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-23 18:22 Last Seen2025-06-05 05:32 Times Seen450 Hash 02087a3f4f46b15bc198570d800bff41 e59f5e3521d8c60e5772de1f65c90e5b87d9eb9e e753042decd90a96d0636a7df16df556860af92ca09ac37f0f6ab1d574acd1f1 Loading...

	up6mgf0x.top/_nuxt/8f6c630.js	ScriptElement	30 kB	2025-05-10	2025-05-12
Pretty URL up6mgf0x.top/_nuxt/8f6c630.js IP 190.115.31.140 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-10 13:05 Last Seen2025-05-12 02:55 Times Seen164 Hash e6bad764cb5c2227ed1a9d9ab3ce39b4 b9d0f22cad927e98fcd55f1838278f4e296b6f84 220f5385356668949cf2004771223e327181f13fdf9cfb5f51550cc1372bb041 Loading...

	up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7	Eval	76 B	2025-01-28	2025-06-03
Pretty URL up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7 IP 0.0.0.0 ASN #0 Introduced by eval Embedded in HTML false Observations First Seen2025-01-28 03:30 Last Seen2025-06-03 16:18 Times Seen167 Hash 5f988b5bd26b78b9bc85de603de2ee95 ffe166935d74fa60627c24602ba78dfea1d5f07c dafd00f2e0adf83368dbde8ea150b2f8a859097268e05d10f7e2c2ed8776059a Loading...

	up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7	ScriptElement	1.5 kB	2025-05-12	2025-05-12
Pretty URL up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-12 02:13 Last Seen2025-05-12 02:13 Times Seen1 Hash f92373fe9a48f703bbdcffdbdb81d1b7 fc9e96a1909a1bfc1faec0acf01c0ac536a7de66 7f1db8861df8bfc08edf5f6c60f6b3d3ca215e77b07953aee84186f2989a9106 Loading...

	up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7	Eval	56 B	2023-03-29	2025-06-05
Pretty URL up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7 IP 0.0.0.0 ASN #0 Introduced by eval Embedded in HTML false Observations First Seen2023-03-29 21:04 Last Seen2025-06-05 05:32 Times Seen489 Hash fedcfbf3bcb1dde3fd82ab8dfd0cc135 c8605edffb2c06b6b93e9a2f185f99e534b7049f 2d5321d896075b1345864896ddf28ed5c094516cc1e090da272e1188b62244f5 Loading...

	up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7	Eval	56 B	2023-03-29	2025-06-05
Pretty URL up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7 IP 0.0.0.0 ASN #0 Introduced by eval Embedded in HTML false Observations First Seen2023-03-29 21:04 Last Seen2025-06-05 05:32 Times Seen489 Hash fedcfbf3bcb1dde3fd82ab8dfd0cc135 c8605edffb2c06b6b93e9a2f185f99e534b7049f 2d5321d896075b1345864896ddf28ed5c094516cc1e090da272e1188b62244f5 Loading...

	up6mgf0x.top/_nuxt/2bc7c8d.js	ScriptElement	42 kB	2025-05-10	2025-05-12
Pretty URL up6mgf0x.top/_nuxt/2bc7c8d.js IP 190.115.31.140 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-10 13:05 Last Seen2025-05-12 02:55 Times Seen164 Hash ef99f36b4f78012e84cb1dd522c73c4d e45b84665072dddeb549105d41b7be2c96fd1d10 3a3600ef7b52aca34a2fc9b46726fa46240120d3a1f78bd7c5bc8953fc5e83e3 Loading...

	up6mgf0x.top/cryptojs-aes.min.js?v=1	ScriptElement	14 kB	2024-11-30	2025-06-05
Pretty URL up6mgf0x.top/cryptojs-aes.min.js?v=1 IP 190.115.31.140 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2024-11-30 18:08 Last Seen2025-06-05 05:32 Times Seen440 Hash cd93b7f0987a614bc17698503bcb6af9 68a66448326499ff34c75bf31e2769b278584e0c 8d4fae1a37a5b5338c889d0897b50024194b4d3ae94940e7e42c1c1423a1183e Loading...

	up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7	ScriptElement	2.6 kB	2025-05-12	2025-05-12
Pretty URL up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-12 01:37 Last Seen2025-05-12 02:43 Times Seen10 Hash 09de95cf545a97f1c07ac38c054cb1cc 9db8c418773dd0b2a2aa4085315e5581e44769a0 bae75372da578b63e5023a7ca1a76d237162575e7d7afbb74ed997bea886d825 Loading...

	up6mgf0x.top/_nuxt/0e82d38.js	ScriptElement	28 kB	2025-05-10	2025-05-12
Pretty URL up6mgf0x.top/_nuxt/0e82d38.js IP 190.115.31.140 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-10 13:05 Last Seen2025-05-12 02:55 Times Seen164 Hash 459b193a4e05a6fb824f564c90d4710b 86f920994ad175711447a0e77b2a13792a632d05 afd8d51c078e13b9aabc2b2e1935e277f98a20a642330a3e25841229869d1774 Loading...

	up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7	Eval	75 B	2025-03-25	2025-06-04
Pretty URL up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7 IP 0.0.0.0 ASN #0 Introduced by eval Embedded in HTML false Observations First Seen2025-03-25 01:33 Last Seen2025-06-04 17:41 Times Seen163 Hash ae6771177d6060c910fe20d676e15f74 ff8feb346480134433869bafbf16f70cfdb976ee 2e9758381a1ffe57244b578e5609eb34111fcb260c259e59b92087e339c5a820 Loading...

	up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7	ScriptElement	1.7 kB	2025-04-12	2025-06-04
Pretty URL up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-12 04:35 Last Seen2025-06-04 17:41 Times Seen149 Hash 51c0f37eaf50316a673210f85f9665ce 8e96e259ecc92d05a42df3197297a9d7d9d6a7aa 62f13260bb9b7757038760f37a5187a5eb9d998b6182437f473e177dfc0a281e Loading...

	up6mgf0x.top/_nuxt/5d6c825.js	ScriptElement	3.0 kB	2025-05-10	2025-05-12
Pretty URL up6mgf0x.top/_nuxt/5d6c825.js IP 190.115.31.140 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-10 13:05 Last Seen2025-05-12 02:55 Times Seen164 Hash 9e539be6ad18af5fd3a021a0af8c7e52 642b8d16f2f9908e93d01ed5bb8e5563b9355fda bf166cf5f28f68eb3252ab9b219538a5bcd76bcdd9d8812ae5b4fd7b6cad4af0 Loading...

	pushpad.xyz/pushpad.js	ScriptElement	25 kB	2024-11-30	2025-06-05
Pretty URL pushpad.xyz/pushpad.js IP 104.26.6.3 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-11-30 18:08 Last Seen2025-06-05 05:32 Times Seen437 Hash b7117199e33c49bb6bba92c1c2678b11 86d21294255157da70f44d685d75bf622fc6d3d5 6969540ee668bff7b6d4fa26054cb207cb85ec9edf1db486f9bb060e625194c9 Loading...

	up6mgf0x.top/_nuxt/a0d2237.js	ScriptElement	3.0 kB	2025-05-10	2025-05-12
Pretty URL up6mgf0x.top/_nuxt/a0d2237.js IP 190.115.31.140 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-10 13:05 Last Seen2025-05-12 02:55 Times Seen164 Hash 8cf13a2c8929a6e5d005835cd3c5c647 76b26a12f5193b1f84ae8c6069a6182482ee875e 21c66536eda0f3935aeae1d10b99458b5b5c56632d84e38ef7fc505ee3b49b43 Loading...

	up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7	Eval	76 B	2025-01-28	2025-06-03
Pretty URL up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7 IP 0.0.0.0 ASN #0 Introduced by eval Embedded in HTML false Observations First Seen2025-01-28 03:24 Last Seen2025-06-03 10:50 Times Seen295 Hash d0eba8c43c31a134788f9691dae4d39e 1ce7fb4a8c8baf627e657c55e4c0d6f37dc122a8 0a19c67313815043d8b4dd151cdae4167ebf042e7b5b9037be49d13cad4e72c8 Loading...

	up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7	ScriptElement	2.6 kB	2025-05-12	2025-05-12
Pretty URL up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-12 01:37 Last Seen2025-05-12 02:43 Times Seen10 Hash 2a51dae7cc1376c979b92826629d40ef 1b3ad736db368752642187e92567a0e83288649e b60da5668d4d4e6efb85816d0933c40e64972418c62d5fed3641887726b03ca6 Loading...

	up6mgf0x.top/_nuxt/4d22a09.js	ScriptElement	1.6 kB	2025-05-10	2025-05-12
Pretty URL up6mgf0x.top/_nuxt/4d22a09.js IP 190.115.31.140 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-10 13:05 Last Seen2025-05-12 02:55 Times Seen164 Hash 43309a6ba10a8f2848e958d6f4d09e5b c85ecc36789855f9ea473a6193e7cd7f7ed150e5 41b12efe26915278086cb2c1b5993cdf3bd9d59b972a655a0f798a0d062e4b1b Loading...

	up6mgf0x.top/_nuxt/4e703ef.js	ScriptElement	758 B	2025-05-10	2025-05-12
Pretty URL up6mgf0x.top/_nuxt/4e703ef.js IP 190.115.31.140 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-10 13:05 Last Seen2025-05-12 02:55 Times Seen164 Hash 5c4d6c332c09579e9335f001609973c5 4e5b12ac40d8350db12faaaeb637eede086d8a02 cca892a38226a2d7b2339e117904008d0119cac1eb936570c0f57ffaab9b9893 Loading...

	up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7	ScriptElement	2.6 kB	2025-05-12	2025-05-12
Pretty URL up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-12 01:37 Last Seen2025-05-12 02:43 Times Seen9 Hash 7aab2cada8fe1d40e2e3264629a4b812 caaba744aa4b6aa6ac769544813f267996843f8c 2b5df6e9332440f0e812a2839c9d179483f4eee2a9dc804867f1d5c048196dd2 Loading...

	up6mgf0x.top/_nuxt/6b1971a.js	ScriptElement	39 kB	2025-05-10	2025-05-12
Pretty URL up6mgf0x.top/_nuxt/6b1971a.js IP 190.115.31.140 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-10 13:05 Last Seen2025-05-12 02:55 Times Seen164 Hash d0f822707d00318e0e0a1043ec9983e1 b5b3ad5ee662c93955eb6b629a0a58f44b80c901 398589ca13847c9f855cdcdeb45388eb91913104c969abf5204522153f743685 Loading...

	up6mgf0x.top/_nuxt/739c69b.js	ScriptElement	3.1 kB	2025-05-10	2025-05-12
Pretty URL up6mgf0x.top/_nuxt/739c69b.js IP 190.115.31.140 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-10 13:05 Last Seen2025-05-12 02:55 Times Seen164 Hash a6932791a5e671a0c2063d1f9ac5c54d 61ed88b9c579ecdd9a3a3cdd8548049aa9d447ee 4b2eefcb0889c07ada09fddd18695e9fb99d37e677b9d1bac5c642be55fab2f2 Loading...

	up6mgf0x.top/_nuxt/a2ead05.js	ScriptElement	26 kB	2025-05-10	2025-05-12
Pretty URL up6mgf0x.top/_nuxt/a2ead05.js IP 190.115.31.140 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-10 13:05 Last Seen2025-05-12 02:55 Times Seen164 Hash 6de91e7acbed9fda9811e2b8bf6913b6 89c96e4e6fd4f5eff5a47a41d7bf313202405348 4ef4ca7e478748d75e54e0fae77ce99af9840eaa0420afc3bc74da3bc3788253 Loading...

	up6mgf0x.top/_nuxt/b04e0cd.js	ScriptElement	30 kB	2025-05-10	2025-05-12
Pretty URL up6mgf0x.top/_nuxt/b04e0cd.js IP 190.115.31.140 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-10 13:05 Last Seen2025-05-12 02:55 Times Seen164 Hash d828100520216ef070784b5292334b78 0a0086cbd83cad3c6dd63058a4a87accf2895540 935fec53b5dadf59a614a32e7d91c306bf3f1b9b89b0ca8b3887b6ed435e03fc Loading...

	www.googletagmanager.com/gtm.js?id=GTM-5PCLDCJ	ScriptElement	315 kB	2025-05-12	2025-05-12
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-5PCLDCJ IP 142.250.178.40 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-12 01:35 Last Seen2025-05-12 02:45 Times Seen9 Hash 7833bf2d3e1ea5ea34fa2d46517375b1 80f077451ecf0f603ec54087492db4fae81590ef e68e726457c2023c1071b2329e7e40bf306330c56980634a1ff783e3406f6ab6 Loading...

	up6mgf0x.top/_nuxt/f744981.js	ScriptElement	3.1 kB	2025-05-10	2025-05-12
Pretty URL up6mgf0x.top/_nuxt/f744981.js IP 190.115.31.140 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-10 13:05 Last Seen2025-05-12 02:55 Times Seen164 Hash 76b05aa050dfa3da7049cd5954970a82 2a66371c3b7eca2353d0fdfc51d968348fa067ff 68479ff8f8237c955c8c880d252a8636400bf38edf422892cf01ce762ef4a59e Loading...

	up6mgf0x.top/_nuxt/b0e9fa3.js	ScriptElement	1.7 kB	2025-05-10	2025-05-12
Pretty URL up6mgf0x.top/_nuxt/b0e9fa3.js IP 190.115.31.140 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-10 13:05 Last Seen2025-05-12 02:55 Times Seen164 Hash 9f68ac48d1ce94e797ccb9becd2de5bb 4e9e252346b0a7fcac54a1e8a0892bcf1b2d996b 334097c2ef30a06e717a6968b789f5519f899be3a3b0bf43dde37f06dbcf43bd Loading...

	up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7	ScriptElement	1.5 kB	2025-05-12	2025-05-12
Pretty URL up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-12 02:13 Last Seen2025-05-12 02:13 Times Seen1 Hash b93c5c07455c028fa5d3abb8f2d58487 7e0e2bf20c40c0607acc2d3616fa63330830a13e c3ad4b5c2578d1b6f66c7972fbfd0aa095d55095cf54feb066cdee7e91d42f4e Loading...

	up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7	ScriptElement	469 B	2025-05-09	2025-06-05
Pretty URL up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-09 21:25 Last Seen2025-06-05 05:32 Times Seen208 Hash 317c46a5eb291eb495ecdaa34a152488 b8bba952bf56bab66263030187df1bee21a2f3ed 540719e737e5edadf832dc5925293634ebb7577279fea11d622a0834c0b0dda4 Loading...

	up6mgf0x.top/_nuxt/6750ef1.js	ScriptElement	6.4 kB	2025-05-10	2025-05-12
Pretty URL up6mgf0x.top/_nuxt/6750ef1.js IP 190.115.31.140 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-10 13:05 Last Seen2025-05-12 02:55 Times Seen164 Hash c11014dc6d600e587786c1cbdd5def77 13934d7aaeff943c8949a2f64ea128ffc5dafd49 b606d6b00983b9f3295a7cbcec16a9c641b3b59c9415b422529846b59851b312 Loading...

	up6mgf0x.top/_nuxt/2d90559.js	ScriptElement	3.0 kB	2025-05-10	2025-05-12
Pretty URL up6mgf0x.top/_nuxt/2d90559.js IP 190.115.31.140 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-10 13:05 Last Seen2025-05-12 02:55 Times Seen164 Hash eec49b3e6f8b102f112bd7fb975e5b6f 25e1cf7f4ea91cc9e448684f871378e48508b1f3 a8997eb6d3392575bc254c3f979ba104e912cdb0d3e8921d2d84112fa829c022 Loading...

	up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7	Eval	76 B	2025-02-11	2025-06-03
Pretty URL up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7 IP 0.0.0.0 ASN #0 Introduced by eval Embedded in HTML false Observations First Seen2025-02-11 04:58 Last Seen2025-06-03 10:50 Times Seen160 Hash 897d72ee19dc5749b7554298bd71d664 de1207ceef5e1aeca447108ff9f8aa2dd0cf3d1d 26d0222d1c9d47c360ef29daab624eb436a527dd740548abfddf6a98d868c25d Loading...

	up6mgf0x.top/_nuxt/59db6b1.js	ScriptElement	9.0 kB	2025-05-10	2025-05-12
Pretty URL up6mgf0x.top/_nuxt/59db6b1.js IP 190.115.31.140 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-10 13:05 Last Seen2025-05-12 02:55 Times Seen164 Hash f896f22c50c71b7599cc51c901143082 1ea625e96b9b229eaebeb0c788169e7c15116a35 3a9058b017ce1651c2decff217b5e44e9323fca2740deeaf65e04b4559e19b2a Loading...

	up6mgf0x.top/_nuxt/86a5a37.js	ScriptElement	22 kB	2025-05-10	2025-05-12
Pretty URL up6mgf0x.top/_nuxt/86a5a37.js IP 190.115.31.140 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-10 13:05 Last Seen2025-05-12 02:55 Times Seen164 Hash f3c5cc2d62153749fba0ce51aafed8c3 6b16543f735da465df7eac1fe7f4368cfe45e249 a0b08417139b025d058bbfff34284e1a1b60d8c704abdb834e3bb9224b282f9c Loading...

	up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7	ScriptElement	180 B	2023-08-08	2025-06-05
Pretty URL up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-08 18:00 Last Seen2025-06-05 05:32 Times Seen460 Hash 5cfef10ca7e2eb3d0a3a40041e54dabe 7cc848293e78e6e4b9e069b786114fa011d70dfc 2480eb44725850c02d8c07486719becad6a5a42e5bf835906c6f7d33e3a923be Loading...

	up6mgf0x.top/_nuxt/c3718c3.js	ScriptElement	21 kB	2025-05-10	2025-05-12
Pretty URL up6mgf0x.top/_nuxt/c3718c3.js IP 190.115.31.140 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-10 13:05 Last Seen2025-05-12 02:55 Times Seen164 Hash 5426ac0c5730101caa3aeeba21ffd436 be79844676cfab8f3bfa983d1ca751d0f5cf8955 e55633265939126264846aab98808c27d7bf06ad74fbad49e9ccd84b12d79eb3 Loading...

	up6mgf0x.top/_nuxt/de902e5.js	ScriptElement	1.0 kB	2025-05-12	2025-05-12
Pretty URL up6mgf0x.top/_nuxt/de902e5.js IP 190.115.31.140 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-12 01:28 Last Seen2025-05-12 02:55 Times Seen73 Hash 948fb2043ba841052f881009867b8e35 e26dc8ae46492c188109854a686374193cc051bf abaa5779372c8609b9212e67c179cf4cb618c8cf204e0442a2f15094829cb8df Loading...

	up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7	Eval	56 B	2023-03-29	2025-06-05
Pretty URL up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7 IP 0.0.0.0 ASN #0 Introduced by eval Embedded in HTML false Observations First Seen2023-03-29 21:04 Last Seen2025-06-05 05:32 Times Seen489 Hash fedcfbf3bcb1dde3fd82ab8dfd0cc135 c8605edffb2c06b6b93e9a2f185f99e534b7049f 2d5321d896075b1345864896ddf28ed5c094516cc1e090da272e1188b62244f5 Loading...

	up6mgf0x.top/_nuxt/acb6a29.js	ScriptElement	3.1 kB	2025-05-10	2025-05-12
Pretty URL up6mgf0x.top/_nuxt/acb6a29.js IP 190.115.31.140 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-10 13:05 Last Seen2025-05-12 02:55 Times Seen164 Hash fa07f717861d27306a18988d59d7f11f 850087f7964e815765ea9accdff2197736a9b4a1 cdcbef7c302b34f2d58c3ca5fa87ac4dfab86e6ff7c2ea296480b4f01a261e64 Loading...

	up6mgf0x.top/_nuxt/74f610a.js	ScriptElement	26 kB	2025-05-10	2025-05-12
Pretty URL up6mgf0x.top/_nuxt/74f610a.js IP 190.115.31.140 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-10 13:05 Last Seen2025-05-12 02:55 Times Seen164 Hash c7ad62b48acf1eb04af8288d5d43676d 50f34468556c20c4b3e4cfc115163928e38075c6 c9511554bc419f094d84e2284aa6bc16e6e3ea9163ab29fba23882b7e3f7a3af Loading...

	up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7	Eval	76 B	2025-01-28	2025-06-05
Pretty URL up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7 IP 0.0.0.0 ASN #0 Introduced by eval Embedded in HTML false Observations First Seen2025-01-28 03:24 Last Seen2025-06-05 05:33 Times Seen260 Hash 3e3a9cd4cdb498358fd2bd81688e4491 ce88f31a891537b61e30f774b37f37275497d648 a1af84a9c8d248bf8732f87fdb2d30c459277e467704ae4123d326693df4b68a Loading...

	up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7	ScriptElement	1.5 kB	2025-05-12	2025-05-12
Pretty URL up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-12 02:13 Last Seen2025-05-12 02:13 Times Seen1 Hash e0b11d41fac332fdefd0bcb0dca743b4 727e9b5d1c0ddf14073ec88ec096a3537944603a 27b019a914fc60c4b246df816008dba231723c374a0dfb0a6cf48013b9c688be Loading...

	up6mgf0x.top/cryptojs-aes-format.js	ScriptElement	1.5 kB	2023-03-07	2025-06-05
Pretty URL up6mgf0x.top/cryptojs-aes-format.js IP 190.115.31.140 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 18:27 Last Seen2025-06-05 05:32 Times Seen459 Hash e6bc38f77922eaa6f1b23716034b4a2e db781b1e30c4f2a1d63d47054f0903c463cf01ab 9ca00bddae85e30d59672da0089ea5e132df97d75a92f42114fe1befbaeaf32d Loading...

	up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7	ScriptElement	177 B	2023-12-10	2025-06-05
Pretty URL up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-10 17:04 Last Seen2025-06-05 05:32 Times Seen355 Hash f94baf0eb450b8eb7b3db4e39825ef37 21d5119e674a93be0347b51118110c08fab9db67 9a369ba6b5abcc4f78e24f43a7dda691802eba202a60856326ceacbcd36b2ae7 Loading...

	up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7	Eval	56 B	2023-03-29	2025-06-05
Pretty URL up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7 IP 0.0.0.0 ASN #0 Introduced by eval Embedded in HTML false Observations First Seen2023-03-29 21:04 Last Seen2025-06-05 05:32 Times Seen489 Hash fedcfbf3bcb1dde3fd82ab8dfd0cc135 c8605edffb2c06b6b93e9a2f185f99e534b7049f 2d5321d896075b1345864896ddf28ed5c094516cc1e090da272e1188b62244f5 Loading...

	up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7	Eval	76 B	2025-01-31	2025-06-04
Pretty URL up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7 IP 0.0.0.0 ASN #0 Introduced by eval Embedded in HTML false Observations First Seen2025-01-31 02:28 Last Seen2025-06-04 17:41 Times Seen243 Hash 73e24a5ea6c26b6275f32d50b78fdd73 95412b74cf993ab4b0cf073c12c3552e58b2490f 86d91e6ed9e0c01bef25332f4681930d41eb8526bbca61b958cb74c50a95feca Loading...

	www.googletagmanager.com/gtag/js?id=G-2RYNYNJ3M3&cx=c&gtm=45He5571v9101860698za200&tag_exp=101509156~103101750~103101752~103116026~103200004~103233424~103251618~103251620~103284320~103284322~103301114~103301116	ScriptElement	326 kB	2025-05-12	2025-05-12
Pretty URL www.googletagmanager.com/gtag/js?id=G-2RYNYNJ3M3&cx=c&gtm=45He5571v9101860698za200&tag_exp=101509156~103101750~103101752~103116026~103200004~103233424~103251618~103251620~103284320~103284322~103301114~103301116 IP 142.250.178.40 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-12 01:33 Last Seen2025-05-12 02:13 Times Seen2 Hash c683037f90e5865bd1d86d368fcdb0fe 8bb3ee1eba23ebe38cf42955bfbb5c8addf9c791 35cfce40585a713e4766852b10d87612ee11a94297518d8027ee88f6e1027279 Loading...

	up6mgf0x.top/_nuxt/f6cb6b0.js	ScriptElement	23 kB	2025-05-10	2025-05-12
Pretty URL up6mgf0x.top/_nuxt/f6cb6b0.js IP 190.115.31.140 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-10 13:05 Last Seen2025-05-12 02:55 Times Seen164 Hash 19208a24916d74b5bce8f7317eb2cefb 397d522abe5f96ca4e39102f9487438a160515b5 3098033536f4dc3a459c560b43b1d2d24d31d69144df7fe217fdff3bbdebfe9c Loading...

	up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7	ScriptElement	2.6 kB	2025-05-12	2025-05-12
Pretty URL up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-12 01:37 Last Seen2025-05-12 02:43 Times Seen10 Hash 883f9280a3560d23c0f90632259f43de 5abab75d9103ef941d3e0d86bd3780717d08939e 18c517699fba29c8dd8a6f627b2060a451ba0f89beeeec11c8d9fe230f592d16 Loading...

	up6mgf0x.top/_nuxt/a95ee3f.js	ScriptElement	1.0 kB	2025-05-12	2025-05-12
Pretty URL up6mgf0x.top/_nuxt/a95ee3f.js IP 190.115.31.140 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-12 01:28 Last Seen2025-05-12 02:55 Times Seen76 Hash edd3edbd04e33885b845c96ab8228c37 2acfe5a86bef97c1f6e260a660bf9e2f38bcac8d 41eb0fa044a321837fa2d8fca4b1a9cd9e52925670cde9341d6973fb0bf19c74 Loading...

	up6mgf0x.top/_nuxt/8115e87.js	ScriptElement	19 kB	2025-05-10	2025-05-12
Pretty URL up6mgf0x.top/_nuxt/8115e87.js IP 190.115.31.140 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-10 13:05 Last Seen2025-05-12 02:55 Times Seen164 Hash c7ba8c13db4b40050134d33ae77d0be8 b133f0a03efd1d42bdcda553a65c5592c7178233 db8995db9c6d95b21495dd722823674c79b2faad681a40d098d01ae48f8a2ee9 Loading...

	up6mgf0x.top/_nuxt/a899323.js	ScriptElement	19 kB	2025-05-10	2025-05-12
Pretty URL up6mgf0x.top/_nuxt/a899323.js IP 190.115.31.140 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-10 13:05 Last Seen2025-05-12 02:55 Times Seen164 Hash 56eef948191c083af0201b5a5afd56a3 30d1d0ed016ae29e664ec03385132e36de9b7846 b397932fc5fce972ff61d3d911569084a29f05c3b494dbb7252e76345c23cba1 Loading...

	up6mgf0x.top/_nuxt/143ddd8.js	ScriptElement	21 kB	2025-05-10	2025-05-12
Pretty URL up6mgf0x.top/_nuxt/143ddd8.js IP 190.115.31.140 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-10 13:05 Last Seen2025-05-12 02:55 Times Seen164 Hash e034ef1c600b30ad2e3ca8ebdd56514b d45962612947f414d4b2ac3f5b16b73cfde5de6d 143e4e29b0206680244400cf3f89355d0a238e68a0163c1525a492e2825440bb Loading...

	up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7	ScriptElement	2.6 kB	2025-05-12	2025-05-12
Pretty URL up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-12 01:37 Last Seen2025-05-12 02:43 Times Seen10 Hash cfd79cc68bef5264bc1ef4996e2c1b96 21cc605953ee50f20d8b97eb92d74a2be389d365 c241c671e5e71b72aab887a798b6ab561dcd99843a238d78ac12a8b19e121019 Loading...

	up6mgf0x.top/pwa-load-event.js?v=002	ScriptElement	415 B	2023-06-05	2025-06-05
Pretty URL up6mgf0x.top/pwa-load-event.js?v=002 IP 190.115.31.140 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-05 06:24 Last Seen2025-06-05 05:32 Times Seen467 Hash b4da9281be2bd30c0976275be45611d7 a0f4d581943039bf67c9ea69ab789e5d3e07d703 a799d1b8057bd81e2106d4b3e15e24e85aa0167904bd06802a998e95acb30562 Loading...

	up6mgf0x.top/_nuxt/1fdd183.js	ScriptElement	9.0 kB	2025-05-10	2025-05-12
Pretty URL up6mgf0x.top/_nuxt/1fdd183.js IP 190.115.31.140 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-10 13:05 Last Seen2025-05-12 02:55 Times Seen164 Hash 8731ae56e36af6424846191c633279a7 939ff83d9e3ccf2575b59ae4e96b444b851f4c31 2534f541279997ac37b3f261a98308cee3f37fb759b0e01b51862da31075f14a Loading...

	up6mgf0x.top/_nuxt/5054482.js	ScriptElement	3.1 kB	2025-05-10	2025-05-12
Pretty URL up6mgf0x.top/_nuxt/5054482.js IP 190.115.31.140 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-10 13:05 Last Seen2025-05-12 02:55 Times Seen164 Hash c68865bba561574038d2ae316c350d49 4db965016b589441253a45d484e7cc67d93a2868 b781aabb68236b02d8e1e6bc0c789158b7087b8f318ebc0a778daa90b08e566a Loading...

	up6mgf0x.top/_nuxt/47aa64c.js	ScriptElement	24 kB	2025-05-10	2025-05-12
Pretty URL up6mgf0x.top/_nuxt/47aa64c.js IP 190.115.31.140 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-10 13:05 Last Seen2025-05-12 02:55 Times Seen164 Hash 0631ca03bb192b7e77e7fc0ac01d62dd 06ec9f62c9fcd35a2fe37dcf22b9054824286ee9 7734c2d9d9ba9dd2d7eab552c727ef1e98bda2d61a4a8417cc699d795345506b Loading...

	up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7	ScriptElement	175 B	2023-08-08	2025-06-05
Pretty URL up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-08 18:00 Last Seen2025-06-05 05:32 Times Seen452 Hash 6f980a8465e53ab9dff03825d57243bd 98b26329bc316e9477a4a95a1216b2a93fd346e5 1e9e615737d5c7f734bf0d01bcd7830a94e0b7ef4422b84aaad9f37f6d38c99f Loading...

	upxsupport.webim.ru/api/visitor/v1/configs/default?jsonp=true	ScriptElement	6.0 kB	2025-05-09	2025-05-26
Pretty URL upxsupport.webim.ru/api/visitor/v1/configs/default?jsonp=true IP 91.142.90.130 ASN #41722 Miran Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-09 21:25 Last Seen2025-05-26 03:22 Times Seen211 Hash c49f49d04a7055f9faa16b26298c5f73 1370304f7aaf6e55b2352e0155efae054dee0ea8 bd83e7e24945c0edece0e21899cf53843015921f3492569a262cc5fb136ad91d Loading...

	up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7	Eval	76 B	2025-01-28	2025-06-05
Pretty URL up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7 IP 0.0.0.0 ASN #0 Introduced by eval Embedded in HTML false Observations First Seen2025-01-28 03:24 Last Seen2025-06-05 05:32 Times Seen344 Hash 169e25934f86058d549e8bfc27123f0d 96eaf67e22e22bfe35fe0d083b14e1258a195bbd 1949200f0fb31bccb597fe0aa7e55bfae011cbf34dcb24ad5697e067b6ffb75f Loading...

	up6mgf0x.top/_nuxt/858b799.js	ScriptElement	20 kB	2025-05-10	2025-05-12
Pretty URL up6mgf0x.top/_nuxt/858b799.js IP 190.115.31.140 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-10 13:05 Last Seen2025-05-12 02:55 Times Seen164 Hash ec52c21a01c70ffdf7d6fba2a54eb183 bf8439b69fef91345a3f19e9de05c8aa0bc6d4d5 7c5044e39c245cba1c6aee50c14d0dedfc68e48fc5d14454a9d4946ef3e6007d Loading...

	up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7	Eval	76 B	2025-01-28	2025-06-05
Pretty URL up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7 IP 0.0.0.0 ASN #0 Introduced by eval Embedded in HTML false Observations First Seen2025-01-28 03:24 Last Seen2025-06-05 05:32 Times Seen367 Hash ddf34e7191137578506671768cf65a0c 8d407f87f20b6389d79da261c446ff117b8b14c9 f23e736c226f129260cd722c81978c990e90b4ebbde47cb1fb2d526d883bfe2f Loading...

	up6mgf0x.top/_nuxt/13befe1.js	ScriptElement	3.0 kB	2025-05-10	2025-05-12
Pretty URL up6mgf0x.top/_nuxt/13befe1.js IP 190.115.31.140 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-10 13:05 Last Seen2025-05-12 02:55 Times Seen164 Hash 23c9741b264cdebb4872c236e68a98a3 b16faee2d3b3cbbe4fe5c0859096222cc1a26945 e72a4d3456d606eee0bad114bf5e421ccce6cce924190aa500fb070a1f4205dc Loading...

	up6mgf0x.top/_nuxt/fd07db4.js	ScriptElement	3.8 kB	2025-05-10	2025-05-12
Pretty URL up6mgf0x.top/_nuxt/fd07db4.js IP 190.115.31.140 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-10 13:05 Last Seen2025-05-12 02:55 Times Seen164 Hash d89197c2498d20f28c03a4d5f867ca34 db41b7bb4fb5ec648f2409fb87bb8273e90fa9c2 a715aeec459858fd7312503f7687bcd503999c3ee6640622bd2f3da6d2e39ed4 Loading...

	up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7	Eval	75 B	2025-02-02	2025-06-04
Pretty URL up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7 IP 0.0.0.0 ASN #0 Introduced by eval Embedded in HTML false Observations First Seen2025-02-02 09:34 Last Seen2025-06-04 17:41 Times Seen165 Hash 6a8206848b3a8b09a88240375952d330 6faadf0adc07a0abdcffe9b71459262c771da99d 3b5b76e4a76e8581cffba0b5e24b982884eefcabcb99cc360e6dd3fa69934060 Loading...

	up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7	ScriptElement	2.6 kB	2025-05-12	2025-05-12
Pretty URL up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-12 01:37 Last Seen2025-05-12 02:43 Times Seen10 Hash 98cd13c7646054bb9331f232421cf868 a970843d4fae95f4c8e195dd84d8ac0f6f5e533e aad69bac071712488a83d73cab1f0d4fe0d330b2dc40235964fd4655cee7dcff Loading...

	up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7	Eval	76 B	2025-01-31	2025-06-03
Pretty URL up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7 IP 0.0.0.0 ASN #0 Introduced by eval Embedded in HTML false Observations First Seen2025-01-31 02:28 Last Seen2025-06-03 10:50 Times Seen225 Hash 9ab1ba87a2f7a0334e9c97bafddded23 7e1f366146d2c364bc8d5a705651d2df240239c3 4bbce8d0bde6fd2a3aaaefc70175e41d71adc87eb45a9d99b5372c59cc1f73e4 Loading...

	up6mgf0x.top/_nuxt/71485c8.js	ScriptElement	1.0 kB	2025-04-12	2025-05-29
Pretty URL up6mgf0x.top/_nuxt/71485c8.js IP 190.115.31.140 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-12 04:35 Last Seen2025-05-29 04:30 Times Seen76 Hash 0c56a1a378feb1b8b6ae7f765f3338f9 c6c79534ec83c0bf84ec5316fd862d95bb930965 b3c3564240828649140d48f4ce0b66986e01020dacd81c6fb0071f62af5ea8ee Loading...

	up6mgf0x.top/_nuxt/1fab4ce.js	ScriptElement	19 kB	2025-05-10	2025-05-12
Pretty URL up6mgf0x.top/_nuxt/1fab4ce.js IP 190.115.31.140 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-10 13:05 Last Seen2025-05-12 02:55 Times Seen164 Hash 834b3f85f12ddde9ca08b043688809e2 b6532cc070b13c52ef936c56d389ad3b7253734e 44316a923575815e1d7be523ac9f6f7493fa315c296063b7aa7bcbe010678d62 Loading...

	up6mgf0x.top/_nuxt/155e3b3.js	ScriptElement	17 kB	2025-05-10	2025-05-12
Pretty URL up6mgf0x.top/_nuxt/155e3b3.js IP 190.115.31.140 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-10 13:05 Last Seen2025-05-12 02:55 Times Seen164 Hash c78d7af6c5b71b5c0868ee87f1d7231c 97399a6eb525ff48f109cc52f9e1374423fa340c b227211ca6b1c27b14e033374bbbc33f12e2bb560d4f8c437da7197835d09cbd Loading...

	up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7	ScriptElement	186 B	2023-08-08	2025-06-05
Pretty URL up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-08 18:00 Last Seen2025-06-05 05:32 Times Seen458 Hash d063b8ffd1786c123b98c43c508170b6 a0706df3bc057ea10d50dbec76ad0b6c7892fd15 b14d3f5d243a945f94bc78005c82d58e117be62ee30b0c0ef7a2b83d79666f2d Loading...

	upxsupport.webim.ru/v/ui-resources.php?location=default&mode=desktop&lang=ru&f3db84a1&callback=getWebimUIResourcesCallback	ScriptElement	620 kB	2024-12-07	2025-06-05
Pretty URL upxsupport.webim.ru/v/ui-resources.php?location=default&mode=desktop&lang=ru&f3db84a1&callback=getWebimUIResourcesCallback IP 91.142.90.130 ASN #41722 Miran Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-12-07 02:05 Last Seen2025-06-05 05:32 Times Seen425 Hash c15377b2655d8142b70072e37f8ba15a d500a9e4211fd082d70d4e3848c19bdd8c51506c 037b11c1c139eb201f3b5c6c3175c47c86424d42696bf5dcddd188d96b4b6bab Loading...

	up6mgf0x.top/_nuxt/d420627.js	ScriptElement	9.1 kB	2025-05-10	2025-05-12
Pretty URL up6mgf0x.top/_nuxt/d420627.js IP 190.115.31.140 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-10 13:05 Last Seen2025-05-12 02:55 Times Seen164 Hash 8451c101881f4cf071f7daab2301218e ae9db389d2ca862eef60714cc0be0cac924de27b 82abe31a327cc5d18ffe236fb3f2037452ea9e02ca99252f0080cb1134b2490d Loading...

	up6mgf0x.top/_nuxt/b26148c.js	ScriptElement	144 kB	2025-05-10	2025-05-12
Pretty URL up6mgf0x.top/_nuxt/b26148c.js IP 190.115.31.140 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-10 13:05 Last Seen2025-05-12 02:55 Times Seen164 Hash 63fe4ad7365a757c9d04ae96e5d4ae95 26031d75c013be1946cf3f4f13f5d837c4325349 874db9eed898e8f90e7f8e6ff99bdef4a19eadb362d9358b3e7c45e42eb95038 Loading...

HTTP Transactions (241)

URL IP Response Size

up6mgf0x.top/_nuxt/86a5a37.js

190.115.31.140

200 OK

22 kB

URL GET
up6mgf0x.top/_nuxt/86a5a37.js
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (21500), with no line terminators
Size
22 kB (21572 bytes)
Hash
f3c5cc2d62153749fba0ce51aafed8c3
6b16543f735da465df7eac1fe7f4368cfe45e249
a0b08417139b025d058bbfff34284e1a1b60d8c704abdb834e3bb9224b282f9c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/86a5a37.js HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=MnBrZDuZd4WMFG0L; __ddg10_=1747015991; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=dWLSImjYzsqbsSwJ; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg10_=1747015992; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
date: Mon, 12 May 2025 02:13:12 GMT
content-type: application/javascript; charset=UTF-8
accept-ranges: bytes
cache-control: public, max-age=31536000
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"5444-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/img/podium.20b959e.svg

190.115.31.140

200 OK

4.5 kB

URL GET
up6mgf0x.top/_nuxt/img/podium.20b959e.svg
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
SVG Scalable Vector Graphics image
Size
4.5 kB (4518 bytes)
Hash
c683870163a161e82e505fdc830d22b0
7c1dd26e7e6d6fce22b36792f812913bf175377a
6f9537fe75d6f7fa7ffe313177d6896065fd633e0ea53081e6c650745d4ee0ff

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/img/podium.20b959e.svg HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=A0dXC6SKSmroERsk; __ddg10_=1747015993; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=YK7DvCh5vslgWfON; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:13 GMT
__ddg10_=1747015993; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:13 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:13 GMT
date: Mon, 12 May 2025 02:13:13 GMT
content-type: image/svg+xml
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"11a6-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
pragma: public
cache-control: public, max-age=31536000, public
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/2d90559.js

190.115.31.140

200 OK

3.0 kB

URL GET
up6mgf0x.top/_nuxt/2d90559.js
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (3031), with no line terminators
Size
3.0 kB (3035 bytes)
Hash
eec49b3e6f8b102f112bd7fb975e5b6f
25e1cf7f4ea91cc9e448684f871378e48508b1f3
a8997eb6d3392575bc254c3f979ba104e912cdb0d3e8921d2d84112fa829c022

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/2d90559.js HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=RgPw9CygafkvqFnY; __ddg10_=1747015994; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D; _ga_2RYNYNJ3M3=GS2.1.s1747015993$o1$g0$t1747015993$j0$l0$h0; _ga=GA1.1.100196038.1747015994
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=sPE5tq9g9G2QUjUB; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg10_=1747015994; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
date: Mon, 12 May 2025 02:13:14 GMT
content-type: application/javascript; charset=UTF-8
accept-ranges: bytes
cache-control: public, max-age=31536000
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"bdb-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/5d6c825.js

190.115.31.140

200 OK

3.0 kB

URL GET
up6mgf0x.top/_nuxt/5d6c825.js
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (3040), with no line terminators
Size
3.0 kB (3044 bytes)
Hash
9e539be6ad18af5fd3a021a0af8c7e52
642b8d16f2f9908e93d01ed5bb8e5563b9355fda
bf166cf5f28f68eb3252ab9b219538a5bcd76bcdd9d8812ae5b4fd7b6cad4af0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/5d6c825.js HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=RgPw9CygafkvqFnY; __ddg10_=1747015994; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D; _ga_2RYNYNJ3M3=GS2.1.s1747015993$o1$g0$t1747015993$j0$l0$h0; _ga=GA1.1.100196038.1747015994
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=IYkXp1AEfA545lMY; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg10_=1747015994; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
date: Mon, 12 May 2025 02:13:14 GMT
content-type: application/javascript; charset=UTF-8
accept-ranges: bytes
cache-control: public, max-age=31536000
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"be4-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

up6mgf0x.top/analytics/events?event_name=slider_banner_view&pgi=GTM-5PCLDCJ

190.115.31.140

204 No Content

0 B

URL POST
up6mgf0x.top/analytics/events?event_name=slider_banner_view&pgi=GTM-5PCLDCJ
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /analytics/events?event_name=slider_banner_view&pgi=GTM-5PCLDCJ HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 888
Origin: https://up6mgf0x.top
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=17EU0eI0aJRDvIsr; __ddg10_=1747016004; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D; _ga_2RYNYNJ3M3=GS2.1.s1747015993$o1$g0$t1747016005$j0$l0$h0; _ga=GA1.1.100196038.1747015994
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/2 204 No Content
server: ddos-guard
set-cookie: __ddg8_=67uwXvQioxjKq9OD; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:25 GMT
__ddg10_=1747016005; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:25 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:25 GMT
date: Mon, 12 May 2025 02:13:26 GMT
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/css/4517999.css

190.115.31.140

200 OK

13 kB

URL GET
up6mgf0x.top/_nuxt/css/4517999.css
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
ASCII text, with very long lines (13213), with no line terminators
Size
13 kB (13213 bytes)
Hash
b8da4f2aec8acf469939391150ec97bb
ec08e9fae8e3ad4b55c3b2d83bb500fa509aa930
c4d1a0222d0787eaa65a3d9937469585163fb40d4079c773c70bad1e4264b9b2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/css/4517999.css HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=MnBrZDuZd4WMFG0L; __ddg10_=1747015991; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=rR1nOCb31lCmF03o; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg10_=1747015992; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
date: Mon, 12 May 2025 02:13:12 GMT
content-type: text/css; charset=UTF-8
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"339d-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
pragma: public
cache-control: public, max-age=31536000, public
X-Firefox-Spdy: h2

up6mgf0x.top/analytics/events?event_name=main_page_banner_view_static&pgi=GTM-5PCLDCJ

190.115.31.140

204 No Content

0 B

URL POST
up6mgf0x.top/analytics/events?event_name=main_page_banner_view_static&pgi=GTM-5PCLDCJ
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /analytics/events?event_name=main_page_banner_view_static&pgi=GTM-5PCLDCJ HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 841
Origin: https://up6mgf0x.top
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=sy5daweBHYTxEyA5; __ddg10_=1747015994; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D; _ga_2RYNYNJ3M3=GS2.1.s1747015993$o1$g0$t1747015993$j0$l0$h0; _ga=GA1.1.100196038.1747015994
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/2 204 No Content
server: ddos-guard
set-cookie: __ddg8_=6u6WTzTZMffpjUnO; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg10_=1747015994; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
date: Mon, 12 May 2025 02:13:15 GMT
X-Firefox-Spdy: h2

up6mgf0x.top/api/v2/popup/adaptive?platform=1

190.115.31.140

404 Not Found

2 B

URL GET
up6mgf0x.top/api/v2/popup/adaptive?platform=1
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JSON text data
Size
2 B (2 bytes)
Hash
d751713988987e9331980363e24189ce
97d170e1550eee4afc0af065b78cda302a97674c
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /api/v2/popup/adaptive?platform=1 HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json, text/plain, */*
Accept-Language: en
Accept-Encoding: gzip, deflate, br
upx-cc-a: upxcc-sDt0emXODjyAX3W8
upx-cc-secret: upx-cc-sDt0emXODjyAX3W8
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=w4t1zYROQq6s88Bj; __ddg10_=1747015991; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
server: ddos-guard
set-cookie: __ddg8_=oVIyoDYazdxncpiA; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:11 GMT
__ddg10_=1747015991; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:11 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:11 GMT
date: Mon, 12 May 2025 02:13:11 GMT
content-type: application/json
vary: Accept-Encoding
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
content-encoding: gzip
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/css/99b4510.css

190.115.31.140

200 OK

26 kB

URL GET
up6mgf0x.top/_nuxt/css/99b4510.css
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
ASCII text, with very long lines (26034), with no line terminators
Size
26 kB (26034 bytes)
Hash
f1083015271c0fd2e8d2f47cf5c3eb70
8ff18e82a2c7afb77ce9e3f5c2badbb9b22d5937
d898d5694ea2f123aa1c260066f5a780f0ee44762600222c3b8a439759ada7fd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/css/99b4510.css HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=jePYtWxBJgkctAfX; __ddg10_=1747015993; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D; _ga_2RYNYNJ3M3=GS2.1.s1747015993$o1$g0$t1747015993$j0$l0$h0; _ga=GA1.1.100196038.1747015994
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=bjuaLCGUyuJwCSKN; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg10_=1747015994; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
date: Mon, 12 May 2025 02:13:14 GMT
content-type: text/css; charset=UTF-8
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"65b2-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
pragma: public
cache-control: public, max-age=31536000, public
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/img/megafon-hover.5716eb1.svg

190.115.31.140

200 OK

1.4 kB

URL GET
up6mgf0x.top/_nuxt/img/megafon-hover.5716eb1.svg
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
SVG Scalable Vector Graphics image
Size
1.4 kB (1412 bytes)
Hash
3a07ccdd9523d466fe2104d112862580
8187ae08e0f21f09c436c6cd7b6ba0de222a9ac0
d6def6ca6ebbc2ce3aaa62705c583d7f6effb9eb9be131f4d0b7651f1fa8c4d0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/img/megafon-hover.5716eb1.svg HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=bX4xHAImFLtgZhrv; __ddg10_=1747015992; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=vUTW3NbVPrP1I1wv; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg10_=1747015992; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
date: Mon, 12 May 2025 02:13:12 GMT
content-type: image/svg+xml
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"584-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
pragma: public
cache-control: public, max-age=31536000, public
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/img/steam.b481b59.svg

190.115.31.140

200 OK

2.5 kB

URL GET
up6mgf0x.top/_nuxt/img/steam.b481b59.svg
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
SVG Scalable Vector Graphics image
Size
2.5 kB (2453 bytes)
Hash
49437a58f5a544784bc9787ca6e33a1f
8e4d58a85326ebbcca44d0b903bf3588069afc57
ec5508f13f0c6e0205484c009311befd086ba16cb6cf065d62dceb3e666eba39

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/img/steam.b481b59.svg HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=bX4xHAImFLtgZhrv; __ddg10_=1747015992; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=S6ZVDvxIPrHR88Mq; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg10_=1747015992; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
date: Mon, 12 May 2025 02:13:12 GMT
content-type: image/svg+xml
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"995-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
pragma: public
cache-control: public, max-age=31536000, public
X-Firefox-Spdy: h2

up6mgf0x.top/storage/casino/games/7b59cf1ce27348703aed8c49dcbc2c6b.png

190.115.31.140

200 OK

167 kB

URL GET
up6mgf0x.top/storage/casino/games/7b59cf1ce27348703aed8c49dcbc2c6b.png
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 640x480, components 3
Size
167 kB (166972 bytes)
Hash
26f0b3bcfdc4d2905f6350daff457f55
c0d1fdae8b0c5f851943c0566648c0e6521ce6c0
023f95432d4d8df95ea444b5a409346c5c8ff8d477459ab45e18d945138b4d2a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /storage/casino/games/7b59cf1ce27348703aed8c49dcbc2c6b.png HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=zK6MuN60yR5UjJOv; __ddg10_=1747015992; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=OabLPKSgQkMQUdgU; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg10_=1747015992; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
date: Mon, 12 May 2025 02:13:12 GMT
content-type: image/png
content-length: 166972
last-modified: Fri, 21 Apr 2023 21:03:00 GMT
etag: "6442fa04-28c3c"
accept-ranges: bytes
X-Firefox-Spdy: h2

up6mgf0x.top/storage/casino/games/f10d40790bf2c37d6a186e30ce85011c.png

190.115.31.140

200 OK

120 kB

URL GET
up6mgf0x.top/storage/casino/games/f10d40790bf2c37d6a186e30ce85011c.png
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=3, xresolution=50, yresolution=58, resolutionunit=3], progressive, precision 8, 640x480, components 3
Size
120 kB (120537 bytes)
Hash
6165f13a3bd51b7a8e211db751cd8e81
d5bf9aa0bb68d0590093e7dbb162daf584b5f5fc
cdc73a1ef59acfaf5d94a8d7db14ed2beee49b11ad30102089bc37520987a73e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /storage/casino/games/f10d40790bf2c37d6a186e30ce85011c.png HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=T3eT00Pi6HuDPuFZ; __ddg10_=1747015992; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=3kii03RCZuVfVhfS; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg10_=1747015992; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
date: Mon, 12 May 2025 02:13:12 GMT
content-type: image/png
content-length: 120537
last-modified: Wed, 19 Mar 2025 22:00:51 GMT
etag: "67db3e93-1d6d9"
accept-ranges: bytes
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/css/706bc4e.css

190.115.31.140

200 OK

151 kB

URL GET
up6mgf0x.top/_nuxt/css/706bc4e.css
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
151 kB (151311 bytes)
Hash
ab92e9a3fc23aad8bdfb20cc76c13ffa
8e0c7976e4b464b9b035fa9828547b96995a468e
a20d3d17671b00d327739c1ef8d36caf3d607d040536b9ad430c496f994c8a44

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/css/706bc4e.css HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=oVIyoDYazdxncpiA; __ddg10_=1747015991; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=2BLX4P1JWUlgOtPm; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg10_=1747015992; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
date: Mon, 12 May 2025 02:13:12 GMT
content-type: text/css; charset=UTF-8
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"24f0f-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
pragma: public
cache-control: public, max-age=31536000, public
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/img/qiwi.ad0c17b.svg

190.115.31.140

200 OK

1.6 kB

URL GET
up6mgf0x.top/_nuxt/img/qiwi.ad0c17b.svg
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
SVG Scalable Vector Graphics image
Size
1.6 kB (1595 bytes)
Hash
f020245807b6fa1646d2e84172f7942a
851ee74de3927ff13d74416962b8d978aa3e2120
65c768afbcdb69dd7a0361215b9e8085f3dfff772e0f9c7300cf7e0ba83e815d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/img/qiwi.ad0c17b.svg HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=lTyLKtJzoH37wfHb; __ddg10_=1747015992; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=47RAVBoMbpwF7WZB; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg10_=1747015992; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
date: Mon, 12 May 2025 02:13:12 GMT
content-type: image/svg+xml
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"63b-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
pragma: public
cache-control: public, max-age=31536000, public
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/d5eb26f.js

190.115.31.140

200 OK

3.1 kB

URL GET
up6mgf0x.top/_nuxt/d5eb26f.js
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (3067), with no line terminators
Size
3.1 kB (3071 bytes)
Hash
54d56cf454133c914eb1d1af815bacb9
7c9a005c5dac23ba1f8b152ce0d49169101cefa6
01f6df65b1bad672d3ff27c6c3357dee2cc3fe0677df0e1c6f92fdca6b2d49a1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/d5eb26f.js HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=jePYtWxBJgkctAfX; __ddg10_=1747015993; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D; _ga_2RYNYNJ3M3=GS2.1.s1747015993$o1$g0$t1747015993$j0$l0$h0; _ga=GA1.1.100196038.1747015994
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=buzXuBLMz2e8Ph6N; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg10_=1747015994; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
date: Mon, 12 May 2025 02:13:15 GMT
content-type: application/javascript; charset=UTF-8
accept-ranges: bytes
cache-control: public, max-age=31536000
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"bff-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

upxsupport.webim.ru/images/cursor.png

91.142.90.130

200 OK

591 B

URL GET
upxsupport.webim.ru/images/cursor.png
IP
91.142.90.130:443
ASN
#41722 Miran Ltd.

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerGlobalSign nv-sa
Subject*.webim.ru
FingerprintC9:8F:2B:90:8F:AA:A2:41:5B:E2:A2:52:7D:CB:E8:06:B8:A0:74:B2
ValidityTue, 21 Jan 2025 21:48:29 GMT - Sun, 22 Feb 2026 21:48:28 GMT

File type
PNG image data, 17 x 27, 8-bit/color RGBA, non-interlaced
Size
591 B (591 bytes)
Hash
4fa7bdcd138f8aee5178f0d4f926595b
6d3a5103766e97395bebbd2ffe811b2e7ad3c7c0
a1fb1b429d644ad011e6bd98701d1951138d3f973bda19ce3411e1c1d65ef35e

HTTP Headers

GET /images/cursor.png HTTP/1.1
Host: upxsupport.webim.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 May 2025 02:13:14 GMT
Content-Type: image/png
Content-Length: 591
Last-Modified: Wed, 30 Apr 2025 07:37:37 GMT
Connection: keep-alive
ETag: "6811d341-24f"
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

up6mgf0x.top/_nuxt/8019ecc.js

190.115.31.140

200 OK

20 kB

URL GET
up6mgf0x.top/_nuxt/8019ecc.js
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (20165), with no line terminators
Size
20 kB (20196 bytes)
Hash
f15a0fc8d88d7ec0b05341231061848d
5e2bd8db9a3aa89cd9b55a52598ed672c07284c5
d5e1b3a094db969f79a4a20ae87fb7d8c60dfe391f9c4ced35a610b0feaec182

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/8019ecc.js HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=oVIyoDYazdxncpiA; __ddg10_=1747015991; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=N904S7Fi4oMTq2xA; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg10_=1747015992; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
date: Mon, 12 May 2025 02:13:12 GMT
content-type: application/javascript; charset=UTF-8
accept-ranges: bytes
cache-control: public, max-age=31536000
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"4ee4-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/d420627.js

190.115.31.140

200 OK

9.1 kB

URL GET
up6mgf0x.top/_nuxt/d420627.js
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JavaScript source, ASCII text, with very long lines (9116), with no line terminators
Size
9.1 kB (9116 bytes)
Hash
8451c101881f4cf071f7daab2301218e
ae9db389d2ca862eef60714cc0be0cac924de27b
82abe31a327cc5d18ffe236fb3f2037452ea9e02ca99252f0080cb1134b2490d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/d420627.js HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=oFsA5i9MvkBXu5OP; __ddg10_=1747015994; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D; _ga_2RYNYNJ3M3=GS2.1.s1747015993$o1$g0$t1747015993$j0$l0$h0; _ga=GA1.1.100196038.1747015994
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=2i5BqRcL1DUulXIG; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg10_=1747015994; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
date: Mon, 12 May 2025 02:13:15 GMT
content-type: application/javascript; charset=UTF-8
accept-ranges: bytes
cache-control: public, max-age=31536000
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"239c-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/css/abe53bc.css

190.115.31.140

200 OK

7.8 kB

URL GET
up6mgf0x.top/_nuxt/css/abe53bc.css
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
ASCII text, with very long lines (7825), with no line terminators
Size
7.8 kB (7825 bytes)
Hash
36b33b072a01128f7c88295b943d7e74
291d18c90aeb028e848c32429313802fe77aa3d6
649c50efe0f62990de3e978730636c433a370b5839011de8c2a736492c868b89

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/css/abe53bc.css HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=w4t1zYROQq6s88Bj; __ddg10_=1747015991; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=KqdIIxuiDtFtYuAt; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg10_=1747015992; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
date: Mon, 12 May 2025 02:13:12 GMT
content-type: text/css; charset=UTF-8
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"1e91-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
pragma: public
cache-control: public, max-age=31536000, public
X-Firefox-Spdy: h2

up6mgf0x.top/img/index-page-upx-games/skycard.jpg

190.115.31.140

200 OK

28 kB

URL GET
up6mgf0x.top/img/index-page-upx-games/skycard.jpg
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 242x187, components 3
Size
28 kB (28164 bytes)
Hash
31d9c33afa8d0c2c568727832079374c
2a87ac51b76200b438ff7bce6c4dfc67bfd481fd
66f76fffb71963e35fe4f5f4b318341ac18612d9bf23b236cdcc2f70516b687c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/index-page-upx-games/skycard.jpg HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=QGzl774Tvdn0OZRo; __ddg10_=1747015991; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=maTU3u2jMrzbnqEB; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg10_=1747015992; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
date: Mon, 12 May 2025 02:13:12 GMT
content-type: image/jpeg
content-length: 28164
last-modified: Wed, 07 May 2025 14:56:58 GMT
etag: W/"6e04-196ab3ff690"
pragma: public
cache-control: public, max-age=0, public
accept-ranges: bytes
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/img/beeline-hover.8179398.svg

190.115.31.140

200 OK

2.6 kB

URL GET
up6mgf0x.top/_nuxt/img/beeline-hover.8179398.svg
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
SVG Scalable Vector Graphics image
Size
2.6 kB (2649 bytes)
Hash
26e49ec49ec2beb852f1ebbfd29c3a0b
793aa32de06e94fff9bd35164c11c72f3bd45488
27e041b3e03f1490d6dc135830b635e2b568230e2107adafc5bbe8ec4444a5eb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/img/beeline-hover.8179398.svg HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=bX4xHAImFLtgZhrv; __ddg10_=1747015992; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=uMh3sKxEtZEnBLpu; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:13 GMT
__ddg10_=1747015993; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:13 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:13 GMT
date: Mon, 12 May 2025 02:13:13 GMT
content-type: image/svg+xml
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"a59-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
pragma: public
cache-control: public, max-age=31536000, public
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/6b1971a.js

190.115.31.140

200 OK

39 kB

URL GET
up6mgf0x.top/_nuxt/6b1971a.js
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (39075), with no line terminators
Size
39 kB (39079 bytes)
Hash
d0f822707d00318e0e0a1043ec9983e1
b5b3ad5ee662c93955eb6b629a0a58f44b80c901
398589ca13847c9f855cdcdeb45388eb91913104c969abf5204522153f743685

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/6b1971a.js HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=jePYtWxBJgkctAfX; __ddg10_=1747015993; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D; _ga_2RYNYNJ3M3=GS2.1.s1747015993$o1$g0$t1747015993$j0$l0$h0; _ga=GA1.1.100196038.1747015994
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=hP06SrJIUZjpkOby; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg10_=1747015994; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
date: Mon, 12 May 2025 02:13:14 GMT
content-type: application/javascript; charset=UTF-8
accept-ranges: bytes
cache-control: public, max-age=31536000
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"98a7-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/css/579358e.css

190.115.31.140

200 OK

28 kB

URL GET
up6mgf0x.top/_nuxt/css/579358e.css
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
ASCII text, with very long lines (28226), with no line terminators
Size
28 kB (28226 bytes)
Hash
f3b311a56fd3a18f01c0ff3a8b008ab8
cdfc2833224a05a6a971df3b8f231187d1d429c4
6791775b7c951189323d91498d3a01c04ff9bedc5b3b34bb4c7cf20ed8b99cbd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/css/579358e.css HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=RgPw9CygafkvqFnY; __ddg10_=1747015994; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D; _ga_2RYNYNJ3M3=GS2.1.s1747015993$o1$g0$t1747015993$j0$l0$h0; _ga=GA1.1.100196038.1747015994
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=bq6l9hTnAvsq1r3V; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg10_=1747015994; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
date: Mon, 12 May 2025 02:13:14 GMT
content-type: text/css; charset=UTF-8
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"6e42-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
pragma: public
cache-control: public, max-age=31536000, public
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/9fecf61.js

190.115.31.140

200 OK

1.6 MB

URL GET
up6mgf0x.top/_nuxt/9fecf61.js
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65434), with no line terminators
Size
1.6 MB (1557593 bytes)
Hash
d2cae12c156264596be06f728404acf8
244b724f4330f97989598a031c3140c8507b34d1
1333e2e93fae2db969e22cb782152ab514ca7bff6bc4b68bce7fc1b35b031590

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/9fecf61.js HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=sVDcgVxyNRjv06JM; __ddg10_=1747015987; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=IpptbObhJYN1cgTT; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
__ddg10_=1747015990; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
date: Mon, 12 May 2025 02:13:10 GMT
content-type: application/javascript; charset=UTF-8
accept-ranges: bytes
cache-control: public, max-age=31536000
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"17c459-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

upxsupport.webim.ru/v/images/upload.png

91.142.90.130

200 OK

5.6 kB

URL GET
upxsupport.webim.ru/v/images/upload.png
IP
91.142.90.130:443
ASN
#41722 Miran Ltd.

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerGlobalSign nv-sa
Subject*.webim.ru
FingerprintC9:8F:2B:90:8F:AA:A2:41:5B:E2:A2:52:7D:CB:E8:06:B8:A0:74:B2
ValidityTue, 21 Jan 2025 21:48:29 GMT - Sun, 22 Feb 2026 21:48:28 GMT

File type
PNG image data, 252 x 192, 8-bit/color RGBA, non-interlaced
Size
5.6 kB (5607 bytes)
Hash
7b5802fbdfcaff9ccd0826fa008c38ba
bec3747315222740af2524067fdb193ba5cd3dd4
455f8ff96a7775e51c6766e041b6d94f324729236e4f11cee602d5374d4c70e6

HTTP Headers

GET /v/images/upload.png HTTP/1.1
Host: upxsupport.webim.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 May 2025 02:13:14 GMT
Content-Type: image/png
Content-Length: 5607
Last-Modified: Wed, 30 Apr 2025 07:37:37 GMT
Connection: keep-alive
ETag: "6811d341-15e7"
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

upxsupport.webim.ru/v/images/file.svg

91.142.90.130

200 OK

9.3 kB

URL GET
upxsupport.webim.ru/v/images/file.svg
IP
91.142.90.130:443
ASN
#41722 Miran Ltd.

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerGlobalSign nv-sa
Subject*.webim.ru
FingerprintC9:8F:2B:90:8F:AA:A2:41:5B:E2:A2:52:7D:CB:E8:06:B8:A0:74:B2
ValidityTue, 21 Jan 2025 21:48:29 GMT - Sun, 22 Feb 2026 21:48:28 GMT

File type
SVG Scalable Vector Graphics image
Size
9.3 kB (9286 bytes)
Hash
d6d4ad1349f997af8f4bc6e45fc6d2ed
7908555e4ba3d3c73eba84266f800120c43270e5
56d45428cf96355b298c7f5c023ab7c004583b2a136af450968c55e1486e2453

HTTP Headers

GET /v/images/file.svg HTTP/1.1
Host: upxsupport.webim.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 May 2025 02:13:14 GMT
Content-Type: image/svg+xml
Content-Length: 9286
Last-Modified: Wed, 30 Apr 2025 07:37:37 GMT
Connection: keep-alive
ETag: "6811d341-2446"
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

up6mgf0x.top/_nuxt/f48e7e1.js

190.115.31.140

200 OK

12 kB

URL GET
up6mgf0x.top/_nuxt/f48e7e1.js
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (11817), with no line terminators
Size
12 kB (11829 bytes)
Hash
a2b9282cef4d4e96bf95592504db5549
da449387f85b1125365dd3d0225b972d6be137d3
c99e70634180779b3e41b6a6b9ee330623aa90244c68fc09c6b9bb3594c11c39

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/f48e7e1.js HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=sVDcgVxyNRjv06JM; __ddg10_=1747015987; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=wQzwAfQcmtpKF5kI; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
__ddg10_=1747015990; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
date: Mon, 12 May 2025 02:13:10 GMT
content-type: application/javascript; charset=UTF-8
accept-ranges: bytes
cache-control: public, max-age=31536000
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"2e35-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

up6mgf0x.top/img/codeIcons/banners_arror_right.svg

190.115.31.140

200 OK

557 B

URL GET
up6mgf0x.top/img/codeIcons/banners_arror_right.svg
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
SVG Scalable Vector Graphics image
Size
557 B (557 bytes)
Hash
a7f61d8f0a05603801fbd7e426de29c1
031dd12265b8b2a7df947c4f50e434cade9456ce
c21eb1dd4be142d7f6eb516b1a80d5e5bddad4024ad8775329df8965eb09f68c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/codeIcons/banners_arror_right.svg HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=w4t1zYROQq6s88Bj; __ddg10_=1747015991; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=wz4sx8JrQhBwvbCg; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:11 GMT
__ddg10_=1747015991; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:11 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:11 GMT
date: Mon, 12 May 2025 02:13:11 GMT
content-type: image/svg+xml
last-modified: Wed, 07 May 2025 14:56:58 GMT
etag: W/"22d-196ab3ff690"
vary: Accept-Encoding
content-encoding: gzip
pragma: public
cache-control: public, max-age=0, public
X-Firefox-Spdy: h2

pushpad.xyz/pushpad.js

104.26.6.3

200 OK

25 kB

URL GET
pushpad.xyz/pushpad.js
IP
104.26.6.3:443
ASN
#13335 CLOUDFLARENET

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerGoogle Trust Services
Subjectpushpad.xyz
Fingerprint15:F2:AD:0F:C1:9E:61:C3:42:33:D1:1C:5B:76:4D:E1:1B:BB:FD:CD
ValidityTue, 22 Apr 2025 21:54:19 GMT - Mon, 21 Jul 2025 22:54:17 GMT

File type
JavaScript source, ASCII text, with very long lines (443)
Size
25 kB (25353 bytes)
Hash
b7117199e33c49bb6bba92c1c2678b11
86d21294255157da70f44d685d75bf622fc6d3d5
6969540ee668bff7b6d4fa26054cb207cb85ec9edf1db486f9bb060e625194c9

HTTP Headers

GET /pushpad.js HTTP/1.1
Host: pushpad.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 12 May 2025 02:13:11 GMT
content-type: application/javascript
last-modified: Thu, 08 May 2025 20:32:50 GMT
strict-transport-security: max-age=63072000; includeSubDomains
cache-control: max-age=14400
cf-cache-status: HIT
age: 2713
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dcTy0ZV93FbY8fMi%2FNSoU0jUz8IhsfjDXHfHSblzFndUSUdTpPfIU7nEURplf9O0r4S7Ok3NZ5l6ELFKzw9a42XHTVFp8FshOpf8YkSgJRwRtSEJYdV0rS3LwhO7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 93e6653929deb4f1-OSL
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=958&min_rtt=443&rtt_var=985&sent=7&recv=10&lost=0&retrans=0&sent_bytes=3273&recv_bytes=1186&delivery_rate=7362711&cwnd=254&unsent_bytes=0&cid=207858eb14bb4b1d&ts=42&x=0"
X-Firefox-Spdy: h2

up6mgf0x.top/storage/casino/games/03dc3a23e5361078dfc93cd8867dacde.png

190.115.31.140

200 OK

30 kB

URL GET
up6mgf0x.top/storage/casino/games/03dc3a23e5361078dfc93cd8867dacde.png
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
PNG image data, 287 x 193, 8-bit colormap, non-interlaced
Size
30 kB (30397 bytes)
Hash
0027d0820e9fda6339af0d9c2d5c3e21
1a57d83c6ad8e72f20a1384614c52fb15c96b588
6d09e35466e4dc3ecc725ba50dfa3b9c91d7fd1dcf78fe37ae67b0b8e53088f2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /storage/casino/games/03dc3a23e5361078dfc93cd8867dacde.png HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=KMc5Jovqbib9sMyM; __ddg10_=1747015991; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=ZkBsgQ1SfbrJcQCo; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg10_=1747015992; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
date: Mon, 12 May 2025 02:13:12 GMT
content-type: image/png
content-length: 30397
last-modified: Fri, 03 Jul 2020 00:03:12 GMT
etag: "5efe75c0-76bd"
accept-ranges: bytes
X-Firefox-Spdy: h2

up6mgf0x.top/img/favicon/android-icon-192x192.png

190.115.31.140

200 OK

5.4 kB

URL GET
up6mgf0x.top/img/favicon/android-icon-192x192.png
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced
Size
5.4 kB (5401 bytes)
Hash
e888326bb5b061f369333ce242ed3eb4
aad63ba0a600b1e860d49efa91ab4b72cd8e0eab
0c5a5ff71d7b60e02855b7f8fe84490c97a2d8a5af4d7347c35dafc2280324ac

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/favicon/android-icon-192x192.png HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=jpMx7Rq9Vov1YzLB; __ddg10_=1747015993; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=RkD5D3jVe97fJhb1; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:13 GMT
__ddg10_=1747015993; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:13 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:13 GMT
date: Mon, 12 May 2025 02:13:13 GMT
content-type: image/png
content-length: 5401
last-modified: Wed, 07 May 2025 14:56:58 GMT
etag: W/"1519-196ab3ff690"
pragma: public
cache-control: public, max-age=0, public
accept-ranges: bytes
X-Firefox-Spdy: h2

up6mgf0x.top/img/index-page-upx-games/roulette.jpg

190.115.31.140

200 OK

30 kB

URL GET
up6mgf0x.top/img/index-page-upx-games/roulette.jpg
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 242x187, components 3
Size
30 kB (30381 bytes)
Hash
3715e9df6a108a66ff8131ae016ffd5c
3e686208774eac4b4fc31fefec2427ebea4f8708
e8768b779303f318ee065ed30be2633824a53d2dc8de6b10d25c5e7a76fd2fa6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/index-page-upx-games/roulette.jpg HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=cSVLGXFbZEKPHfab; __ddg10_=1747015991; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=2yoCtUyx8nX8P41E; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg10_=1747015992; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
date: Mon, 12 May 2025 02:13:12 GMT
content-type: image/jpeg
content-length: 30381
last-modified: Wed, 07 May 2025 14:56:58 GMT
etag: W/"76ad-196ab3ff690"
pragma: public
cache-control: public, max-age=0, public
accept-ranges: bytes
X-Firefox-Spdy: h2

up6mgf0x.top/img/app-ios/ios-icon.svg

190.115.31.140

200 OK

1.6 kB

URL GET
up6mgf0x.top/img/app-ios/ios-icon.svg
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
SVG Scalable Vector Graphics image
Size
1.6 kB (1609 bytes)
Hash
19f107e0e8b7e059edceeb111d21d24c
7dfd9101da1535879b777c38a727a2f999f89430
00353edf69e859234127a5d2be9703d08d098346e525c73e33b2fda60ed8abe9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/app-ios/ios-icon.svg HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=ZkBsgQ1SfbrJcQCo; __ddg10_=1747015992; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=Aw5vNSoMLc0nbE35; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:13 GMT
__ddg10_=1747015993; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:13 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:13 GMT
date: Mon, 12 May 2025 02:13:13 GMT
content-type: image/svg+xml
last-modified: Wed, 07 May 2025 14:56:58 GMT
etag: W/"649-196ab3ff690"
vary: Accept-Encoding
content-encoding: gzip
pragma: public
cache-control: public, max-age=0, public
X-Firefox-Spdy: h2

up6mgf0x.top/img/banners/welcomeBonus/planet-2.png

190.115.31.140

200 OK

9.6 kB

URL GET
up6mgf0x.top/img/banners/welcomeBonus/planet-2.png
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
PNG image data, 111 x 65, 8-bit/color RGBA, non-interlaced
Size
9.6 kB (9630 bytes)
Hash
00ebda4bfa32fe2f07c7d27b5a3cbbb3
e809fa45e6da2aaf649b9705f53681f4e6f651ee
17a6f3b243708e0b3a23ab5d456a39111337d34333d348faa7e408ba45b57b74

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/banners/welcomeBonus/planet-2.png HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=49QqKtW4kikngH7i; __ddg10_=1747015993; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=j3oIdL0wO0YDoKYt; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:13 GMT
__ddg10_=1747015993; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:13 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:13 GMT
date: Mon, 12 May 2025 02:13:13 GMT
content-type: image/png
content-length: 9630
last-modified: Wed, 07 May 2025 14:56:58 GMT
etag: W/"259e-196ab3ff690"
pragma: public
cache-control: public, max-age=0, public
accept-ranges: bytes
X-Firefox-Spdy: h2

upxsupport.webim.ru/api/visitor/v1/configs/default?jsonp=true

91.142.90.130

200 OK

6.0 kB

URL GET
upxsupport.webim.ru/api/visitor/v1/configs/default?jsonp=true
IP
91.142.90.130:443
ASN
#41722 Miran Ltd.

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerGlobalSign nv-sa
Subject*.webim.ru
FingerprintC9:8F:2B:90:8F:AA:A2:41:5B:E2:A2:52:7D:CB:E8:06:B8:A0:74:B2
ValidityTue, 21 Jan 2025 21:48:29 GMT - Sun, 22 Feb 2026 21:48:28 GMT

File type
ASCII text, with very long lines (5950), with no line terminators
Size
6.0 kB (5950 bytes)
Hash
c49f49d04a7055f9faa16b26298c5f73
1370304f7aaf6e55b2352e0155efae054dee0ea8
bd83e7e24945c0edece0e21899cf53843015921f3492569a262cc5fb136ad91d

HTTP Headers

GET /api/visitor/v1/configs/default?jsonp=true HTTP/1.1
Host: upxsupport.webim.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 May 2025 02:13:13 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 5950
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Set-Cookie: WEBIM_LOCALE=ru; Domain=webim.ru; HttpOnly; Max-Age=86400000; Path=/; Secure
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN

up6mgf0x.top/_nuxt/da9b293.js

190.115.31.140

200 OK

31 kB

URL GET
up6mgf0x.top/_nuxt/da9b293.js
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JavaScript source, ASCII text, with very long lines (31108), with no line terminators
Size
31 kB (31108 bytes)
Hash
2ae2506eef4d7fe8af79d65d593fc4b3
ed49460c6e1b7955a9d22b42dac7aac0b479d968
eba230030b104522414c9761347d4d598ae74de772fb87868ed2a7a7a6f72487

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/da9b293.js HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=RgPw9CygafkvqFnY; __ddg10_=1747015994; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D; _ga_2RYNYNJ3M3=GS2.1.s1747015993$o1$g0$t1747015993$j0$l0$h0; _ga=GA1.1.100196038.1747015994
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=ABIbrlnXli1wr63q; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg10_=1747015994; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
date: Mon, 12 May 2025 02:13:14 GMT
content-type: application/javascript; charset=UTF-8
accept-ranges: bytes
cache-control: public, max-age=31536000
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"7984-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/img/perfectMoney-hover.d15cad9.svg

190.115.31.140

200 OK

5.9 kB

URL GET
up6mgf0x.top/_nuxt/img/perfectMoney-hover.d15cad9.svg
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
SVG Scalable Vector Graphics image
Size
5.9 kB (5863 bytes)
Hash
41c91568a603604bb6432582afbfd0ef
7a32f771bdd3ba9d256d8ffbf73ba17e26425251
cb0d77c3719869bc4258ea0bada8531f8bfd3bfeb594a1b15680f46a1a8cc39c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/img/perfectMoney-hover.d15cad9.svg HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=ZkBsgQ1SfbrJcQCo; __ddg10_=1747015992; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=8SeF99QiTLbosokf; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:13 GMT
__ddg10_=1747015993; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:13 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:13 GMT
date: Mon, 12 May 2025 02:13:13 GMT
content-type: image/svg+xml
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"16e7-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
pragma: public
cache-control: public, max-age=31536000, public
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/img/uMoney.c420a13.svg

190.115.31.140

200 OK

4.2 kB

URL GET
up6mgf0x.top/_nuxt/img/uMoney.c420a13.svg
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
SVG Scalable Vector Graphics image
Size
4.2 kB (4236 bytes)
Hash
e0f655a3f409488d1b20319742bc40d2
2d47cc3d207e927b3db82854e2b1fa2a82b4f855
2c7cce6221afe954be85531ffab5d51b1917f74276cf66ae39e7dcc904243fa5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/img/uMoney.c420a13.svg HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=bX4xHAImFLtgZhrv; __ddg10_=1747015992; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=i5gae0uvSEIEi5yK; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg10_=1747015992; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
date: Mon, 12 May 2025 02:13:12 GMT
content-type: image/svg+xml
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"108c-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
pragma: public
cache-control: public, max-age=31536000, public
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/img/rank-7.4cd8290.svg

190.115.31.140

200 OK

4.3 kB

URL GET
up6mgf0x.top/_nuxt/img/rank-7.4cd8290.svg
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
SVG Scalable Vector Graphics image
Size
4.3 kB (4298 bytes)
Hash
860363025b6090e38a7b3ae00ff38258
ffd383d38aaa0bac06a2ceaeef2d061664c831d8
c217ac7cb89cb58000d6b4241694ffef6eae946605e3327f7c67dd83bbe947d4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/img/rank-7.4cd8290.svg HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=W1ASjQuPaMeV6mO6; __ddg10_=1747015992; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=jsZRJE9gPCSRNqAd; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg10_=1747015992; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
date: Mon, 12 May 2025 02:13:12 GMT
content-type: image/svg+xml
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"10ca-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
pragma: public
cache-control: public, max-age=31536000, public
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/img/users.3bebe98.svg

190.115.31.140

200 OK

1.6 kB

URL GET
up6mgf0x.top/_nuxt/img/users.3bebe98.svg
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
SVG Scalable Vector Graphics image
Size
1.6 kB (1581 bytes)
Hash
df1c9a332b2f70a0c46a612f4451bdaa
b6219491bc28be6160182d75a1df91bf9890f853
0b18570302e26111b194719f0c05dd866797bbcbbac83d11654644baf6fb45b2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/img/users.3bebe98.svg HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=8SeF99QiTLbosokf; __ddg10_=1747015993; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=TXTKqhwGGCfwiBKE; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:13 GMT
__ddg10_=1747015993; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:13 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:13 GMT
date: Mon, 12 May 2025 02:13:13 GMT
content-type: image/svg+xml
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"62d-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
pragma: public
cache-control: public, max-age=31536000, public
X-Firefox-Spdy: h2

up6mgf0x.top/img/banners/welcomeBonus/planet-1.png

190.115.31.140

200 OK

4.1 kB

URL GET
up6mgf0x.top/img/banners/welcomeBonus/planet-1.png
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
PNG image data, 47 x 49, 8-bit/color RGBA, non-interlaced
Size
4.1 kB (4105 bytes)
Hash
67c8e2e12ac0872c8a6c7ac5b8b7dde1
2ded8ebf68c13b4ca546d861381acb059babe768
6eac3c5b001b73e8ecb94b22fb5e0d1c19e70a5bf3d84e43afdce49642fc8a97

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/banners/welcomeBonus/planet-1.png HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=49QqKtW4kikngH7i; __ddg10_=1747015993; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=6yS5go9h7hvZMnNW; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:13 GMT
__ddg10_=1747015993; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:13 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:13 GMT
date: Mon, 12 May 2025 02:13:13 GMT
content-type: image/png
content-length: 4105
last-modified: Wed, 07 May 2025 14:56:58 GMT
etag: W/"1009-196ab3ff690"
pragma: public
cache-control: public, max-age=0, public
accept-ranges: bytes
X-Firefox-Spdy: h2

upxsupport.webim.ru/l/v/poll?action=poll

91.142.90.130

200 OK

2 B

URL POST
upxsupport.webim.ru/l/v/poll?action=poll
IP
91.142.90.130:443
ASN
#41722 Miran Ltd.

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerGlobalSign nv-sa
Subject*.webim.ru
FingerprintC9:8F:2B:90:8F:AA:A2:41:5B:E2:A2:52:7D:CB:E8:06:B8:A0:74:B2
ValidityTue, 21 Jan 2025 21:48:29 GMT - Sun, 22 Feb 2026 21:48:28 GMT

File type
JSON text data
Size
2 B (2 bytes)
Hash
99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

HTTP Headers

POST /l/v/poll?action=poll HTTP/1.1
Host: upxsupport.webim.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://up6mgf0x.top/
Content-Type: text/plain;charset=UTF-8
Content-Length: 174
Origin: https://up6mgf0x.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 May 2025 02:13:35 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 2
Connection: keep-alive
X-Webim-Version: 10.7.101
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN

up6mgf0x.top/_nuxt/155e3b3.js

190.115.31.140

200 OK

17 kB

URL GET
up6mgf0x.top/_nuxt/155e3b3.js
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (17023), with no line terminators
Size
17 kB (17042 bytes)
Hash
c78d7af6c5b71b5c0868ee87f1d7231c
97399a6eb525ff48f109cc52f9e1374423fa340c
b227211ca6b1c27b14e033374bbbc33f12e2bb560d4f8c437da7197835d09cbd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/155e3b3.js HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=QGzl774Tvdn0OZRo; __ddg10_=1747015991; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=W1ASjQuPaMeV6mO6; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg10_=1747015992; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
date: Mon, 12 May 2025 02:13:12 GMT
content-type: application/javascript; charset=UTF-8
accept-ranges: bytes
cache-control: public, max-age=31536000
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"4292-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

up6mgf0x.top/img/logo-main.svg

190.115.31.140

200 OK

3.1 kB

URL GET
up6mgf0x.top/img/logo-main.svg
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
SVG Scalable Vector Graphics image
Size
3.1 kB (3099 bytes)
Hash
256619406c2a35fa0e718b40ade13db0
e07e8a9fa0d4a662a15050964b2581c4cdd3eee7
0c2c712981e1a60adf07d520492d2b66364043752008ed5212673ee65f4fefc3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/logo-main.svg HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=sVDcgVxyNRjv06JM; __ddg10_=1747015987; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=cYd1wP1sUsdYvRLz; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
__ddg10_=1747015990; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
date: Mon, 12 May 2025 02:13:10 GMT
content-type: image/svg+xml
last-modified: Wed, 07 May 2025 14:56:58 GMT
etag: W/"c1b-196ab3ff690"
vary: Accept-Encoding
content-encoding: gzip
pragma: public
cache-control: public, max-age=0, public
X-Firefox-Spdy: h2

up6mgf0x.top/img/index-page-upx-games/stair.jpg

190.115.31.140

200 OK

31 kB

URL GET
up6mgf0x.top/img/index-page-upx-games/stair.jpg
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 242x187, components 3
Size
31 kB (30909 bytes)
Hash
089764a9e3e0fdb67afc8c20084f16d6
7d5f4344d098af0c3cb1aba3c97e2825752cdd51
d1e1480c193bf9e64878bcebbefd530a1a2fd1789e990889d550aa4ed7e751ef

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/index-page-upx-games/stair.jpg HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=QGzl774Tvdn0OZRo; __ddg10_=1747015991; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=wrOvAqol14NZa5dr; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg10_=1747015992; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
date: Mon, 12 May 2025 02:13:12 GMT
content-type: image/jpeg
content-length: 30909
last-modified: Wed, 07 May 2025 14:56:58 GMT
etag: W/"78bd-196ab3ff690"
pragma: public
cache-control: public, max-age=0, public
accept-ranges: bytes
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/fonts/HalvarBreit-BlkSlanted.c8d214c.woff2

190.115.31.140

200 OK

53 kB

URL GET
up6mgf0x.top/_nuxt/fonts/HalvarBreit-BlkSlanted.c8d214c.woff2
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
Web Open Font Format (Version 2), TrueType, length 52772, version 1.0
Size
53 kB (52772 bytes)
Hash
7ab0f26cc5857851ae84955cfc0209c8
d28af4c90d65b7def50199af2afac3c67855281b
a9c157463e4af22ef3bd264403b20819e676a3a14434bd0ade1ad806604a83d2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/fonts/HalvarBreit-BlkSlanted.c8d214c.woff2 HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/_nuxt/css/a2310af.css
Cookie: __ddg8_=oVIyoDYazdxncpiA; __ddg10_=1747015991; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=lTyLKtJzoH37wfHb; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg10_=1747015992; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
date: Mon, 12 May 2025 02:13:12 GMT
content-type: font/woff2
content-length: 52772
accept-ranges: bytes
cache-control: public, max-age=31536000
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"ce24-196ab431758"
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/c7db3fd.js

190.115.31.140

200 OK

8.6 kB

URL GET
up6mgf0x.top/_nuxt/c7db3fd.js
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JavaScript source, ASCII text, with very long lines (8576), with no line terminators
Size
8.6 kB (8576 bytes)
Hash
1d09f6e48e7e15cd3b0f9867d66aadd8
a9c2ab4634212510b0f13dafa5acdb0d8126b32a
d983b956200e1d5731edb9135d439ad2ae94abd585e27e573fda5b42a486c53f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/c7db3fd.js HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=jePYtWxBJgkctAfX; __ddg10_=1747015993; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D; _ga_2RYNYNJ3M3=GS2.1.s1747015993$o1$g0$t1747015993$j0$l0$h0; _ga=GA1.1.100196038.1747015994
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=usDL0qzN8vko8EAX; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg10_=1747015994; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
date: Mon, 12 May 2025 02:13:14 GMT
content-type: application/javascript; charset=UTF-8
accept-ranges: bytes
cache-control: public, max-age=31536000
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"2180-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/css/a76778c.css

190.115.31.140

200 OK

15 kB

URL GET
up6mgf0x.top/_nuxt/css/a76778c.css
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
ASCII text, with very long lines (14697), with no line terminators
Size
15 kB (14697 bytes)
Hash
42de93542c88df902ea572d060cca9f7
7ce77a9a2f68f2219c0038da50ea1fb5b4c2c639
5220b012148121eaa9296e8218728d77c512f9945bea55556946514ed5ef7970

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/css/a76778c.css HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=jePYtWxBJgkctAfX; __ddg10_=1747015993; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D; _ga_2RYNYNJ3M3=GS2.1.s1747015993$o1$g0$t1747015993$j0$l0$h0; _ga=GA1.1.100196038.1747015994
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=3lvrE1lpoSQWFGcb; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg10_=1747015994; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
date: Mon, 12 May 2025 02:13:14 GMT
content-type: text/css; charset=UTF-8
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"3969-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
pragma: public
cache-control: public, max-age=31536000, public
X-Firefox-Spdy: h2

upxsupport.webim.ru/v/images/files.svg

91.142.90.130

200 OK

12 kB

URL GET
upxsupport.webim.ru/v/images/files.svg
IP
91.142.90.130:443
ASN
#41722 Miran Ltd.

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerGlobalSign nv-sa
Subject*.webim.ru
FingerprintC9:8F:2B:90:8F:AA:A2:41:5B:E2:A2:52:7D:CB:E8:06:B8:A0:74:B2
ValidityTue, 21 Jan 2025 21:48:29 GMT - Sun, 22 Feb 2026 21:48:28 GMT

File type
SVG Scalable Vector Graphics image
Size
12 kB (11762 bytes)
Hash
a05b040566ca5377535a07f94adb66ac
fd3d544bf14f3c9ad33f6c9d17a861371d7b684d
e85418c502fc12e921c30c21ab3c5ab58dd063e19b73fa231bd0d7bec2a605a7

HTTP Headers

GET /v/images/files.svg HTTP/1.1
Host: upxsupport.webim.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 May 2025 02:13:14 GMT
Content-Type: image/svg+xml
Content-Length: 11762
Last-Modified: Wed, 30 Apr 2025 07:37:37 GMT
Connection: keep-alive
ETag: "6811d341-2df2"
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

up6mgf0x.top/_nuxt/71485c8.js

190.115.31.140

200 OK

264 kB

URL GET
up6mgf0x.top/_nuxt/71485c8.js
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JavaScript source, ASCII text, with very long lines (65485)
Size
264 kB (263952 bytes)
Hash
ba494b066ce6eed17d1b4a77f9ed582d
5948d186d26a4dfcdcb15ae3d00ac677cd831da5
a1968a18543fd95e1aaddf556770362da0649fa65d12967dfa7da61333547b06

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/71485c8.js HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=sVDcgVxyNRjv06JM; __ddg10_=1747015987; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=H82ixavdhZSO5FrO; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
__ddg10_=1747015990; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
date: Mon, 12 May 2025 02:13:10 GMT
content-type: application/javascript; charset=UTF-8
accept-ranges: bytes
cache-control: public, max-age=31536000
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"40710-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

up6mgf0x.top/storage/news/MiniJxZyy1g1G2mTgPdL75i2xwojDylJ5rmorN5s.png

190.115.31.140

200 OK

517 kB

URL GET
up6mgf0x.top/storage/news/MiniJxZyy1g1G2mTgPdL75i2xwojDylJ5rmorN5s.png
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
PNG image data, 1241 x 261, 8-bit/color RGBA, non-interlaced
Size
517 kB (516946 bytes)
Hash
c9fd4b06d3c442c1dc2dd4ff54bd06b9
08410b0cd5360a48f92b1d415bdd118808556aa5
b9f055bfa1aae42b836859d46deb1913c10f508fca09bfa0aade83cca03edadd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /storage/news/MiniJxZyy1g1G2mTgPdL75i2xwojDylJ5rmorN5s.png HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=w4t1zYROQq6s88Bj; __ddg10_=1747015991; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=MnBrZDuZd4WMFG0L; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:11 GMT
__ddg10_=1747015991; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:11 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:11 GMT
date: Mon, 12 May 2025 02:13:11 GMT
content-type: image/png
content-length: 516946
last-modified: Wed, 13 Nov 2024 10:17:39 GMT
etag: "67347cc3-7e352"
accept-ranges: bytes
X-Firefox-Spdy: h2

up6mgf0x.top/img/index-page-upx-games/lottery.jpg

190.115.31.140

200 OK

27 kB

URL GET
up6mgf0x.top/img/index-page-upx-games/lottery.jpg
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 242x187, components 3
Size
27 kB (26620 bytes)
Hash
5ba11ff6edf8ba2377363995724c0110
5ece4352f7923cd1eaf316fc55cefb0252f9a929
ddb8e8aac4abf334631e68e80e5c51c415dddc765d7ab88293cc5fb72aff74b1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/index-page-upx-games/lottery.jpg HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=cSVLGXFbZEKPHfab; __ddg10_=1747015991; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=eYNbdtDrMZVED8DR; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg10_=1747015992; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
date: Mon, 12 May 2025 02:13:12 GMT
content-type: image/jpeg
content-length: 26620
last-modified: Wed, 07 May 2025 14:56:58 GMT
etag: W/"67fc-196ab3ff690"
pragma: public
cache-control: public, max-age=0, public
accept-ranges: bytes
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/ec05f54.js

190.115.31.140

200 OK

3.1 kB

URL GET
up6mgf0x.top/_nuxt/ec05f54.js
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (3058), with no line terminators
Size
3.1 kB (3062 bytes)
Hash
9ed3b504c979ff9a5223881f8726fba1
07d6e29d05ec9cfddfb7d5ebaacd2a0a1b082064
259bcc55300ce264000aa29bf142aff96cf35fd8d309c03cc695699c786ce8ae

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/ec05f54.js HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=RgPw9CygafkvqFnY; __ddg10_=1747015994; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D; _ga_2RYNYNJ3M3=GS2.1.s1747015993$o1$g0$t1747015993$j0$l0$h0; _ga=GA1.1.100196038.1747015994
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=3ixGHmrcTA1389IM; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg10_=1747015994; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
date: Mon, 12 May 2025 02:13:14 GMT
content-type: application/javascript; charset=UTF-8
accept-ranges: bytes
cache-control: public, max-age=31536000
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"bf6-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

up6mgf0x.top/analytics/events?event_name=slider_banner_view&pgi=GTM-5PCLDCJ

190.115.31.140

204 No Content

0 B

URL POST
up6mgf0x.top/analytics/events?event_name=slider_banner_view&pgi=GTM-5PCLDCJ
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /analytics/events?event_name=slider_banner_view&pgi=GTM-5PCLDCJ HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 888
Origin: https://up6mgf0x.top
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=67uwXvQioxjKq9OD; __ddg10_=1747016005; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D; _ga_2RYNYNJ3M3=GS2.1.s1747015993$o1$g0$t1747016009$j0$l0$h0; _ga=GA1.1.100196038.1747015994
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/2 204 No Content
server: ddos-guard
set-cookie: __ddg8_=Zk9rKQtHzZ6iPmMW; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:29 GMT
__ddg10_=1747016009; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:29 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:29 GMT
date: Mon, 12 May 2025 02:13:29 GMT
X-Firefox-Spdy: h2

up6mgf0x.top/img/games/stair/_logo.svg

190.115.31.140

200 OK

2.3 kB

URL GET
up6mgf0x.top/img/games/stair/_logo.svg
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
SVG Scalable Vector Graphics image
Size
2.3 kB (2278 bytes)
Hash
5a26371c5dc3fdfdc1c4259278d9e7f2
a9fa994cb88e425d785c2ec47ea48b2951ba58d2
5ac681f3d9e286d185f270bb1d386513725a2fedd83d3e6f7303f2a80ce937de

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/games/stair/_logo.svg HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=sVDcgVxyNRjv06JM; __ddg10_=1747015987; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=FA3i9GvLOm8YH66e; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
__ddg10_=1747015990; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
date: Mon, 12 May 2025 02:13:10 GMT
content-type: image/svg+xml
last-modified: Wed, 07 May 2025 14:56:58 GMT
etag: W/"8e6-196ab3ff690"
vary: Accept-Encoding
content-encoding: gzip
pragma: public
cache-control: public, max-age=0, public
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/59a563c.js

190.115.31.140

200 OK

3.8 kB

URL GET
up6mgf0x.top/_nuxt/59a563c.js
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (3785), with no line terminators
Size
3.8 kB (3792 bytes)
Hash
a09714aecacd4ee6c0f24736fefe3594
09e813e0c75657ec67c3117e50a50deae17715d5
e841fcba0104ce35b777db398afe9a4ba54b9932364525e0a843289c2897db2c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/59a563c.js HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=w4t1zYROQq6s88Bj; __ddg10_=1747015991; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=LmenAl3RCEzNQPC0; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg10_=1747015992; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
date: Mon, 12 May 2025 02:13:12 GMT
content-type: application/javascript; charset=UTF-8
accept-ranges: bytes
cache-control: public, max-age=31536000
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"ed0-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

up6mgf0x.top/img/index-page-upx-games/crash.jpg

190.115.31.140

200 OK

25 kB

URL GET
up6mgf0x.top/img/index-page-upx-games/crash.jpg
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 242x187, components 3
Size
25 kB (25002 bytes)
Hash
23de4df9efb26f9a76714233ceab11a4
75ff410bb134ace6b5ad6c78579a11832d7cf076
561ce64e990de6cfcc063039221f18473626fa3bd3cbcf36b63c951a5aa7d53b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/index-page-upx-games/crash.jpg HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=cSVLGXFbZEKPHfab; __ddg10_=1747015991; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=yQVIooK3gf8qN5qw; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg10_=1747015992; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
date: Mon, 12 May 2025 02:13:12 GMT
content-type: image/jpeg
content-length: 25002
last-modified: Wed, 07 May 2025 14:56:58 GMT
etag: W/"61aa-196ab3ff690"
pragma: public
cache-control: public, max-age=0, public
accept-ranges: bytes
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/img/rank-10.a795e1a.svg

190.115.31.140

200 OK

3.9 kB

URL GET
up6mgf0x.top/_nuxt/img/rank-10.a795e1a.svg
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
SVG Scalable Vector Graphics image
Size
3.9 kB (3885 bytes)
Hash
40590478dce7184dff45c557e315bc08
024956ef64806a223ce06ab4a9ccbb5d3b7f9e11
7b4b71b0d622adeb8e033332ce2cbb3c00887b92a2206e75f49bc2aafa76a22e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/img/rank-10.a795e1a.svg HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=eXmOCEgJyxrboNnf; __ddg10_=1747015992; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=DP5zzYCK4IWfRHbT; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg10_=1747015992; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
date: Mon, 12 May 2025 02:13:12 GMT
content-type: image/svg+xml
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"f2d-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
pragma: public
cache-control: public, max-age=31536000, public
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/img/litecoin.605028a.svg

190.115.31.140

200 OK

1.9 kB

URL GET
up6mgf0x.top/_nuxt/img/litecoin.605028a.svg
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
SVG Scalable Vector Graphics image
Size
1.9 kB (1865 bytes)
Hash
88d32b4dc4873742cb8c3b9bd15d4b25
d1dd3ff865cbd8f69774adc57bf86a996b328e96
ab75438c200bdb1a51f795e452fe3e40b3d2de61f3ec31ffd3d5d89c2cddff11

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/img/litecoin.605028a.svg HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=ZkBsgQ1SfbrJcQCo; __ddg10_=1747015992; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=VVyL7px0smAzpRjN; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg10_=1747015992; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
date: Mon, 12 May 2025 02:13:12 GMT
content-type: image/svg+xml
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"749-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
pragma: public
cache-control: public, max-age=31536000, public
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/css/318e5b6.css

190.115.31.140

200 OK

15 kB

URL GET
up6mgf0x.top/_nuxt/css/318e5b6.css
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
ASCII text, with very long lines (14926), with no line terminators
Size
15 kB (14926 bytes)
Hash
1dbcd87722366f53b6e748e9836be44f
2f3136497b1dc84ba7290084063264cb134426d6
ba28265e29fbf46ffc621620a7522a562853f72ecf1dfeabe97f5926085d6f4e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/css/318e5b6.css HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=jePYtWxBJgkctAfX; __ddg10_=1747015993; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D; _ga_2RYNYNJ3M3=GS2.1.s1747015993$o1$g0$t1747015993$j0$l0$h0; _ga=GA1.1.100196038.1747015994
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=31bzEFpsqfb14dLr; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg10_=1747015994; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
date: Mon, 12 May 2025 02:13:14 GMT
content-type: text/css; charset=UTF-8
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"3a4e-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
pragma: public
cache-control: public, max-age=31536000, public
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/css/71ea6c0.css

190.115.31.140

200 OK

5.9 kB

URL GET
up6mgf0x.top/_nuxt/css/71ea6c0.css
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
ASCII text, with very long lines (5893), with no line terminators
Size
5.9 kB (5893 bytes)
Hash
b8b710f6e813f3747135049aa02b7c38
5f8c727e03c92f177bf34a4e1e1ddf01b9459280
f2c6e74e9610956d623dc4a634759a6ebd7f94e919ccba9d2ee0d5e77e6b724f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/css/71ea6c0.css HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=RgPw9CygafkvqFnY; __ddg10_=1747015994; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D; _ga_2RYNYNJ3M3=GS2.1.s1747015993$o1$g0$t1747015993$j0$l0$h0; _ga=GA1.1.100196038.1747015994
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=OpnMTy3CHaD94gTy; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg10_=1747015994; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
date: Mon, 12 May 2025 02:13:14 GMT
content-type: text/css; charset=UTF-8
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"1705-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
pragma: public
cache-control: public, max-age=31536000, public
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/5054482.js

190.115.31.140

200 OK

3.1 kB

URL GET
up6mgf0x.top/_nuxt/5054482.js
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (3058), with no line terminators
Size
3.1 kB (3062 bytes)
Hash
c68865bba561574038d2ae316c350d49
4db965016b589441253a45d484e7cc67d93a2868
b781aabb68236b02d8e1e6bc0c789158b7087b8f318ebc0a778daa90b08e566a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/5054482.js HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=aDjQLC98yAud5UyP; __ddg10_=1747015994; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D; _ga_2RYNYNJ3M3=GS2.1.s1747015993$o1$g0$t1747015993$j0$l0$h0; _ga=GA1.1.100196038.1747015994
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=Bq1aI6hlzz25WssR; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg10_=1747015994; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
date: Mon, 12 May 2025 02:13:14 GMT
content-type: application/javascript; charset=UTF-8
accept-ranges: bytes
cache-control: public, max-age=31536000
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"bf6-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

up6mgf0x.top/api/geo_ip

190.115.31.140

200 OK

195 B

URL GET
up6mgf0x.top/api/geo_ip
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JSON text data
Size
195 B (195 bytes)
Hash
c28a0250e595cfcb2c94bac4389b0e44
add4f50091ba8fcf6a5bf544d3080ae92278d6dd
9a3cf5c023e5289445f9185435684a684135a3b9c9184a563554c3447eba0ebc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /api/geo_ip HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json, text/plain, */*
Accept-Language: en
Accept-Encoding: gzip, deflate, br
upx-cc-a: upxcc-sDt0emXODjyAX3W8
upx-cc-secret: upx-cc-sDt0emXODjyAX3W8
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=9Womii2YxwFB1EKU; __ddg10_=1747015991; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=1TasEWdc2bZQeKnB; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:11 GMT
__ddg10_=1747015991; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:11 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:11 GMT
date: Mon, 12 May 2025 02:13:11 GMT
content-type: application/json
vary: Accept-Encoding
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
content-encoding: gzip
X-Firefox-Spdy: h2

wss://up8so9x.space/socket.io/?token=null&EIO=3&transport=websocket

95.129.233.148

101 Switching Protocols

0 B

URL GET
wss://up8so9x.space/socket.io/?token=null&EIO=3&transport=websocket
IP
95.129.233.148:443
ASN
#57724 Ddos-guard Ltd

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup8so9x.space
Fingerprint0A:58:AC:AD:5A:1F:7F:C3:A0:46:31:A4:CE:00:8C:B9:35:B7:93:F5
ValidityFri, 09 May 2025 07:07:37 GMT - Thu, 07 Aug 2025 07:07:36 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /socket.io/?token=null&EIO=3&transport=websocket HTTP/1.1
Host: up8so9x.space
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://up6mgf0x.top
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: pqBJ67wY5cqBO7F4Ximdiw==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Server: ddos-guard
Set-Cookie: __ddg8_=FTxrN4hbCeUKNzt6; Domain=.up8so9x.space; Path=/; Expires=Mon, 12-May-2025 02:33:11 GMT
__ddg10_=1747015991; Domain=.up8so9x.space; Path=/; Expires=Mon, 12-May-2025 02:33:11 GMT
__ddg9_=91.90.42.154; Domain=.up8so9x.space; Path=/; Expires=Mon, 12-May-2025 02:33:11 GMT
__ddg1_=N2GAkBQBk41h4cX4X9DU; Domain=.up8so9x.space; HttpOnly; Path=/; Expires=Tue, 12-May-2026 02:13:11 GMT
Content-Security-Policy: upgrade-insecure-requests;
Date: Mon, 12 May 2025 02:13:11 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: BpXoRC/TU0e2G+pN4CJ2LnfVRZE=

up6mgf0x.top/_nuxt/img/megafon.229efa1.svg

190.115.31.140

200 OK

1.4 kB

URL GET
up6mgf0x.top/_nuxt/img/megafon.229efa1.svg
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
SVG Scalable Vector Graphics image
Size
1.4 kB (1372 bytes)
Hash
8bec0b6f63ad8ea1092e0ed8611c24c3
103aacb0043b8d75206ec34d36baa5416083d14a
9b6d434095fb7497cc96d456c92cc34639985539d680e72b71a155f356cba3e2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/img/megafon.229efa1.svg HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=bX4xHAImFLtgZhrv; __ddg10_=1747015992; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=nKpsbRibewWznwEb; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg10_=1747015992; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
date: Mon, 12 May 2025 02:13:12 GMT
content-type: image/svg+xml
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"55c-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
pragma: public
cache-control: public, max-age=31536000, public
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/a0d2237.js

190.115.31.140

200 OK

3.0 kB

URL GET
up6mgf0x.top/_nuxt/a0d2237.js
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (3031), with no line terminators
Size
3.0 kB (3035 bytes)
Hash
8cf13a2c8929a6e5d005835cd3c5c647
76b26a12f5193b1f84ae8c6069a6182482ee875e
21c66536eda0f3935aeae1d10b99458b5b5c56632d84e38ef7fc505ee3b49b43

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/a0d2237.js HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=RgPw9CygafkvqFnY; __ddg10_=1747015994; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D; _ga_2RYNYNJ3M3=GS2.1.s1747015993$o1$g0$t1747015993$j0$l0$h0; _ga=GA1.1.100196038.1747015994
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=G3oy6vZRNkDg4xFh; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg10_=1747015994; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
date: Mon, 12 May 2025 02:13:14 GMT
content-type: application/javascript; charset=UTF-8
accept-ranges: bytes
cache-control: public, max-age=31536000
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"bdb-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/e2401ad.js

190.115.31.140

200 OK

38 kB

URL GET
up6mgf0x.top/_nuxt/e2401ad.js
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (37478), with no line terminators
Size
38 kB (37479 bytes)
Hash
da2973422f6293e1b8483d46eb2b3716
4cb95245fb689d6c7f5c523853fc28535ec8877b
bdbcd784f8b8095d3f94a332d7dc4ab5ea7c26f8ed9410613ee9d627bff6ff25

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/e2401ad.js HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=aDjQLC98yAud5UyP; __ddg10_=1747015994; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D; _ga_2RYNYNJ3M3=GS2.1.s1747015993$o1$g0$t1747015993$j0$l0$h0; _ga=GA1.1.100196038.1747015994
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=vYGFPIQmvFyExhMB; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg10_=1747015994; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
date: Mon, 12 May 2025 02:13:14 GMT
content-type: application/javascript; charset=UTF-8
accept-ranges: bytes
cache-control: public, max-age=31536000
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"9267-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/59db6b1.js

190.115.31.140

200 OK

9.0 kB

URL GET
up6mgf0x.top/_nuxt/59db6b1.js
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (8951), with no line terminators
Size
9.0 kB (8955 bytes)
Hash
f896f22c50c71b7599cc51c901143082
1ea625e96b9b229eaebeb0c788169e7c15116a35
3a9058b017ce1651c2decff217b5e44e9323fca2740deeaf65e04b4559e19b2a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/59db6b1.js HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=sVDcgVxyNRjv06JM; __ddg10_=1747015987; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=ffdasZhmopL4PG8r; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
__ddg10_=1747015990; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
date: Mon, 12 May 2025 02:13:10 GMT
content-type: application/javascript; charset=UTF-8
accept-ranges: bytes
cache-control: public, max-age=31536000
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"22fb-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/1fab4ce.js

190.115.31.140

200 OK

19 kB

URL GET
up6mgf0x.top/_nuxt/1fab4ce.js
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JavaScript source, ASCII text, with very long lines (19015)
Size
19 kB (19066 bytes)
Hash
834b3f85f12ddde9ca08b043688809e2
b6532cc070b13c52ef936c56d389ad3b7253734e
44316a923575815e1d7be523ac9f6f7493fa315c296063b7aa7bcbe010678d62

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/1fab4ce.js HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=nObRNOpmXgD76awL; __ddg10_=1747015990; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=w4t1zYROQq6s88Bj; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:11 GMT
__ddg10_=1747015991; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:11 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:11 GMT
date: Mon, 12 May 2025 02:13:11 GMT
content-type: application/javascript; charset=UTF-8
accept-ranges: bytes
cache-control: public, max-age=31536000
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"4a7a-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/img/bitcoin.a1c0cac.svg

190.115.31.140

200 OK

8.2 kB

URL GET
up6mgf0x.top/_nuxt/img/bitcoin.a1c0cac.svg
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
SVG Scalable Vector Graphics image
Size
8.2 kB (8245 bytes)
Hash
886174675895cca0211a782c90695dd6
10d2724575ff3adbeb0a5e0be3e8540647aec3b6
f5688b52ed16d400c0f727539b97491b6749ded344868d1cbf8a4d4d46332785

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/img/bitcoin.a1c0cac.svg HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=ZkBsgQ1SfbrJcQCo; __ddg10_=1747015992; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=Ha1DZMbdVj9zSJhg; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg10_=1747015992; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
date: Mon, 12 May 2025 02:13:12 GMT
content-type: image/svg+xml
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"2035-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
pragma: public
cache-control: public, max-age=31536000, public
X-Firefox-Spdy: h2

upxsupport.webim.ru/images/upxsupport_site_logo.png?1717070939289015

91.142.90.130

200 OK

16 kB

URL GET
upxsupport.webim.ru/images/upxsupport_site_logo.png?1717070939289015
IP
91.142.90.130:443
ASN
#41722 Miran Ltd.

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerGlobalSign nv-sa
Subject*.webim.ru
FingerprintC9:8F:2B:90:8F:AA:A2:41:5B:E2:A2:52:7D:CB:E8:06:B8:A0:74:B2
ValidityTue, 21 Jan 2025 21:48:29 GMT - Sun, 22 Feb 2026 21:48:28 GMT

File type
PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
Size
16 kB (16419 bytes)
Hash
3cd96d10cbed1fed1f05e7d727e9f8c3
36b2adf512619f35812be88cca0de96e91716919
dbf4330a5262363fa62a7aa85912080f51d12dfbb41ae32653feb875d123034f

HTTP Headers

GET /images/upxsupport_site_logo.png?1717070939289015 HTTP/1.1
Host: upxsupport.webim.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 May 2025 02:13:14 GMT
Content-Type: image/png
Content-Length: 16419
Connection: keep-alive
Last-Modified: Wed, 30 Apr 2025 07:37:37 GMT
X-Cache: HIT

up6mgf0x.top/img/games/hilo/_logo.svg

190.115.31.140

200 OK

4.8 kB

URL GET
up6mgf0x.top/img/games/hilo/_logo.svg
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
SVG Scalable Vector Graphics image
Size
4.8 kB (4752 bytes)
Hash
df899b8524fb0ed9c43f915c7319458b
dc44dfe633001628f7f2955590fec545ff8f84b2
30a08fccfd10545bfebcef1167ac4314d7b92974f3c28d9f2e60ae662433cd30

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/games/hilo/_logo.svg HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=sVDcgVxyNRjv06JM; __ddg10_=1747015987; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=NUKtrcYEIdeIiDjS; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
__ddg10_=1747015990; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
date: Mon, 12 May 2025 02:13:10 GMT
content-type: image/svg+xml
last-modified: Wed, 07 May 2025 14:56:58 GMT
etag: W/"1290-196ab3ff690"
vary: Accept-Encoding
content-encoding: gzip
pragma: public
cache-control: public, max-age=0, public
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/2bc7c8d.js

190.115.31.140

200 OK

42 kB

URL GET
up6mgf0x.top/_nuxt/2bc7c8d.js
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (40454), with NEL line terminators
Size
42 kB (42380 bytes)
Hash
ef99f36b4f78012e84cb1dd522c73c4d
e45b84665072dddeb549105d41b7be2c96fd1d10
3a3600ef7b52aca34a2fc9b46726fa46240120d3a1f78bd7c5bc8953fc5e83e3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/2bc7c8d.js HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=aDjQLC98yAud5UyP; __ddg10_=1747015994; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D; _ga_2RYNYNJ3M3=GS2.1.s1747015993$o1$g0$t1747015993$j0$l0$h0; _ga=GA1.1.100196038.1747015994
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=u13cmw84BTcwOwVM; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg10_=1747015994; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
date: Mon, 12 May 2025 02:13:14 GMT
content-type: application/javascript; charset=UTF-8
accept-ranges: bytes
cache-control: public, max-age=31536000
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"a58c-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

up6mgf0x.top/storage/casino/games/4235a347ac3653261caaf5480c018bab.png

190.115.31.140

200 OK

120 kB

URL GET
up6mgf0x.top/storage/casino/games/4235a347ac3653261caaf5480c018bab.png
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 640x480, components 3
Size
120 kB (120101 bytes)
Hash
d15fa08936f99202481eb82fffcd39eb
63568de86f981cff8c4af4845fb0afd7efc917f2
8b989b354fd3d38bcb1253006bdc451cc310a10ff0fa671382ce777f91904682

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /storage/casino/games/4235a347ac3653261caaf5480c018bab.png HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=cSVLGXFbZEKPHfab; __ddg10_=1747015991; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=wslRxrswuFtbfCGY; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg10_=1747015992; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
date: Mon, 12 May 2025 02:13:12 GMT
content-type: image/png
content-length: 120101
last-modified: Fri, 27 Oct 2023 10:03:52 GMT
etag: "653b8b08-1d525"
accept-ranges: bytes
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/54f7216.js

190.115.31.140

200 OK

38 kB

URL GET
up6mgf0x.top/_nuxt/54f7216.js
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (38178), with no line terminators
Size
38 kB (38212 bytes)
Hash
c40b7e8396f6578d342c7c6f021a1774
cb797c67564607d3760c736a110a26e73d07972a
6fe0933b34427fa4cde666aa86eb31da34d662c35e4c2307c8aea5a8c961d0eb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/54f7216.js HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=jePYtWxBJgkctAfX; __ddg10_=1747015993; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D; _ga_2RYNYNJ3M3=GS2.1.s1747015993$o1$g0$t1747015993$j0$l0$h0; _ga=GA1.1.100196038.1747015994
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=sy5daweBHYTxEyA5; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg10_=1747015994; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
date: Mon, 12 May 2025 02:13:14 GMT
content-type: application/javascript; charset=UTF-8
accept-ranges: bytes
cache-control: public, max-age=31536000
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"9544-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/4d22a09.js

190.115.31.140

200 OK

1.6 kB

URL GET
up6mgf0x.top/_nuxt/4d22a09.js
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JavaScript source, ASCII text, with very long lines (1580), with no line terminators
Size
1.6 kB (1580 bytes)
Hash
43309a6ba10a8f2848e958d6f4d09e5b
c85ecc36789855f9ea473a6193e7cd7f7ed150e5
41b12efe26915278086cb2c1b5993cdf3bd9d59b972a655a0f798a0d062e4b1b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/4d22a09.js HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=sVDcgVxyNRjv06JM; __ddg10_=1747015987; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=aFYneWyhiM2AGo3f; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
__ddg10_=1747015990; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
date: Mon, 12 May 2025 02:13:10 GMT
content-type: application/javascript; charset=UTF-8
accept-ranges: bytes
cache-control: public, max-age=31536000
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"62c-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

up6mgf0x.top/img/games/crash/_logo.svg

190.115.31.140

200 OK

5.1 kB

URL GET
up6mgf0x.top/img/games/crash/_logo.svg
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
SVG Scalable Vector Graphics image
Size
5.1 kB (5131 bytes)
Hash
a2fd92c894ebab9f5769f23f066afa8d
3938c8ddfcdcfcbc38778c77f99bb95a9b609730
f7167d138d3a377bac9371fe8576c41b1766e6b10b5ebc10d73d61c2eb740753

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/games/crash/_logo.svg HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=sVDcgVxyNRjv06JM; __ddg10_=1747015987; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=grh0WUTFZ9Hgaaaz; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
__ddg10_=1747015990; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
date: Mon, 12 May 2025 02:13:10 GMT
content-type: image/svg+xml
last-modified: Wed, 07 May 2025 14:56:58 GMT
etag: W/"140b-196ab3ff690"
vary: Accept-Encoding
content-encoding: gzip
pragma: public
cache-control: public, max-age=0, public
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/fonts/FSElliotPro-Heavy.8ad9e7e.woff2

190.115.31.140

200 OK

67 kB

URL GET
up6mgf0x.top/_nuxt/fonts/FSElliotPro-Heavy.8ad9e7e.woff2
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
Web Open Font Format (Version 2), TrueType, length 67104, version 1.0
Size
67 kB (67104 bytes)
Hash
18ad80dadad36089dec3bb97f8ca21c8
f267ccd983fc7132ed98c1cc9f61b01940577fc8
b317fd10566062487216a881df5044de34015e8f3213a030effe67dcf9876c2e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/fonts/FSElliotPro-Heavy.8ad9e7e.woff2 HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/_nuxt/css/a2310af.css
Cookie: __ddg8_=1brOJoVlzy9YTrCI; __ddg10_=1747015990; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=RhZqkwyZVZGWfL4P; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
__ddg10_=1747015990; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
date: Mon, 12 May 2025 02:13:10 GMT
content-type: font/woff2
content-length: 67104
accept-ranges: bytes
cache-control: public, max-age=31536000
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"10620-196ab431758"
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/ce4ac6e.js

190.115.31.140

200 OK

182 kB

URL GET
up6mgf0x.top/_nuxt/ce4ac6e.js
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
182 kB (182283 bytes)
Hash
6b828a0eb72ccc424762a000c98a6a8e
8eb3836115f40677f881e3976453270ea868044b
640bbf53500e0b9f0d5292d3e96a2f3413f0e2471eeb49dde901d6165cbe8476

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/ce4ac6e.js HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=w4t1zYROQq6s88Bj; __ddg10_=1747015991; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=zN6KuMEKFXhhGPge; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg10_=1747015992; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
date: Mon, 12 May 2025 02:13:12 GMT
content-type: application/javascript; charset=UTF-8
accept-ranges: bytes
cache-control: public, max-age=31536000
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"2c80b-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/css/2ee499f.css

190.115.31.140

200 OK

13 kB

URL GET
up6mgf0x.top/_nuxt/css/2ee499f.css
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
ASCII text, with very long lines (12655), with no line terminators
Size
13 kB (12655 bytes)
Hash
fec0953c21a6d341bcbe67da9b643ab7
588eb9da1fd8a41a2f62bb2f44c9cd396ce738bb
c39ce6b4bc2fe9a18be550d57289a154acb3111ff572a15e524d51948d7e3ec2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/css/2ee499f.css HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=oVIyoDYazdxncpiA; __ddg10_=1747015991; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=euu0YkRj3AjMCmlP; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg10_=1747015992; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
date: Mon, 12 May 2025 02:13:12 GMT
content-type: text/css; charset=UTF-8
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"316f-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
pragma: public
cache-control: public, max-age=31536000, public
X-Firefox-Spdy: h2

up6mgf0x.top/storage/casino/games/0371058fc32840f60a98181c7709eb01.png

190.115.31.140

200 OK

109 kB

URL GET
up6mgf0x.top/storage/casino/games/0371058fc32840f60a98181c7709eb01.png
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 640x480, components 3
Size
109 kB (109130 bytes)
Hash
f13d16647b7617bd221bdc18bc2546aa
7cdb468f2c7df8ad7499a6b1f7d5f2faa94e9215
738effd52ce9df03d32a992682f377fe5394c5aad2e031cfd222e35b195268c4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /storage/casino/games/0371058fc32840f60a98181c7709eb01.png HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=T3eT00Pi6HuDPuFZ; __ddg10_=1747015992; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=r9pyKIi8mVksBzZi; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg10_=1747015992; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
date: Mon, 12 May 2025 02:13:12 GMT
content-type: image/png
content-length: 109130
last-modified: Mon, 24 Mar 2025 10:01:13 GMT
etag: "67e12d69-1aa4a"
accept-ranges: bytes
X-Firefox-Spdy: h2

up6mgf0x.top/img/index-page-promo-img.png

190.115.31.140

200 OK

39 kB

URL GET
up6mgf0x.top/img/index-page-promo-img.png
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
PNG image data, 503 x 502, 8-bit colormap, non-interlaced
Size
39 kB (38923 bytes)
Hash
779eea3edfd786ba3b2cc3f60edd8256
91c3280d72919ae9cae9f0f13f2c767e5f90a816
dc1c4365361ec1be7f800ff0dce3b51cec9272706a6209ae93e2ef4d96d73180

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/index-page-promo-img.png HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=zK6MuN60yR5UjJOv; __ddg10_=1747015992; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=pJOfzVPZz3UGZXKe; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg10_=1747015992; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
date: Mon, 12 May 2025 02:13:12 GMT
content-type: image/png
content-length: 38923
last-modified: Wed, 07 May 2025 14:56:58 GMT
etag: W/"980b-196ab3ff690"
pragma: public
cache-control: public, max-age=0, public
accept-ranges: bytes
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/css/393d500.css

190.115.31.140

200 OK

7.2 kB

URL GET
up6mgf0x.top/_nuxt/css/393d500.css
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
ASCII text, with very long lines (7191), with no line terminators
Size
7.2 kB (7191 bytes)
Hash
fe558f4b830c126441e20684b0e4fd7e
5fc9e7a086f8b4596d1e92685a50514e91f44939
604be04e879825edff89b1c8ba94371d5827a20ae48be5700e8b76e0115a28de

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/css/393d500.css HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=sVDcgVxyNRjv06JM; __ddg10_=1747015987; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=Nvzt2oKTNsaLzVAW; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
__ddg10_=1747015990; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
date: Mon, 12 May 2025 02:13:10 GMT
content-type: text/css; charset=UTF-8
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"1c17-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
pragma: public
cache-control: public, max-age=31536000, public
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/b04e0cd.js

190.115.31.140

200 OK

30 kB

URL GET
up6mgf0x.top/_nuxt/b04e0cd.js
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (30009), with no line terminators
Size
30 kB (30014 bytes)
Hash
d828100520216ef070784b5292334b78
0a0086cbd83cad3c6dd63058a4a87accf2895540
935fec53b5dadf59a614a32e7d91c306bf3f1b9b89b0ca8b3887b6ed435e03fc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/b04e0cd.js HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=aDjQLC98yAud5UyP; __ddg10_=1747015994; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D; _ga_2RYNYNJ3M3=GS2.1.s1747015993$o1$g0$t1747015993$j0$l0$h0; _ga=GA1.1.100196038.1747015994
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=Vigosgy6Zau55K0Y; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg10_=1747015994; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
date: Mon, 12 May 2025 02:13:14 GMT
content-type: application/javascript; charset=UTF-8
accept-ranges: bytes
cache-control: public, max-age=31536000
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"753e-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/css/927ad0e.css

190.115.31.140

200 OK

16 kB

URL GET
up6mgf0x.top/_nuxt/css/927ad0e.css
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
ASCII text, with very long lines (15850), with no line terminators
Size
16 kB (15850 bytes)
Hash
6e4f9b8246cc90e449e7574106dea79e
41d304096516459786fffa5a72be1dd643405e3c
4f243b9c4321b6ecf953e424276ba0e5993a11af13cef38ba07b98391039c4f7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/css/927ad0e.css HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=jePYtWxBJgkctAfX; __ddg10_=1747015993; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D; _ga_2RYNYNJ3M3=GS2.1.s1747015993$o1$g0$t1747015993$j0$l0$h0; _ga=GA1.1.100196038.1747015994
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=aDjQLC98yAud5UyP; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg10_=1747015994; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
date: Mon, 12 May 2025 02:13:14 GMT
content-type: text/css; charset=UTF-8
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"3dea-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
pragma: public
cache-control: public, max-age=31536000, public
X-Firefox-Spdy: h2

up6mgf0x.top/analytics/events?event_name=slider_banner_view&pgi=GTM-5PCLDCJ

190.115.31.140

204 No Content

0 B

URL POST
up6mgf0x.top/analytics/events?event_name=slider_banner_view&pgi=GTM-5PCLDCJ
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /analytics/events?event_name=slider_banner_view&pgi=GTM-5PCLDCJ HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 888
Origin: https://up6mgf0x.top
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=sy5daweBHYTxEyA5; __ddg10_=1747015994; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D; _ga_2RYNYNJ3M3=GS2.1.s1747015993$o1$g0$t1747015993$j0$l0$h0; _ga=GA1.1.100196038.1747015994
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/2 204 No Content
server: ddos-guard
set-cookie: __ddg8_=AJfjqDaExrlENPhv; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg10_=1747015994; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
date: Mon, 12 May 2025 02:13:15 GMT
X-Firefox-Spdy: h2

up6mgf0x.top/img/banners/welcomeBonus/gift-box.png

190.115.31.140

200 OK

45 kB

URL GET
up6mgf0x.top/img/banners/welcomeBonus/gift-box.png
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
PNG image data, 178 x 178, 8-bit/color RGBA, non-interlaced
Size
45 kB (45020 bytes)
Hash
dfd8a6484caf2744e65821970c420ef7
6765a5ddae1ad5d8e884cee2964136bfdef28b2b
b5b1508b1fc310f2d2158fd7ff12fde351aa26b4bb55c36bed9bef89f16749b5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/banners/welcomeBonus/gift-box.png HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=49QqKtW4kikngH7i; __ddg10_=1747015993; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=A44RboF3BM6l9ihu; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:13 GMT
__ddg10_=1747015993; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:13 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:13 GMT
date: Mon, 12 May 2025 02:13:13 GMT
content-type: image/png
content-length: 45020
last-modified: Wed, 07 May 2025 14:56:58 GMT
etag: W/"afdc-196ab3ff690"
pragma: public
cache-control: public, max-age=0, public
accept-ranges: bytes
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/img/age18.f173e49.svg

190.115.31.140

200 OK

2.3 kB

URL GET
up6mgf0x.top/_nuxt/img/age18.f173e49.svg
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
SVG Scalable Vector Graphics image
Size
2.3 kB (2349 bytes)
Hash
5061994afe4e1762dafb99d8e1d77158
4a9a9bdee6b5fbfed3270af9615933492bad3878
6a58814961437a988ea17ad21cbaf626b4a6b0b5e4f399cede628f36f757bb26

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/img/age18.f173e49.svg HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=ZkBsgQ1SfbrJcQCo; __ddg10_=1747015992; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=A0dXC6SKSmroERsk; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:13 GMT
__ddg10_=1747015993; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:13 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:13 GMT
date: Mon, 12 May 2025 02:13:13 GMT
content-type: image/svg+xml
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"92d-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
pragma: public
cache-control: public, max-age=31536000, public
X-Firefox-Spdy: h2

upxsupport.webim.ru/v/images/default-department-logo.png

91.142.90.130

200 OK

16 kB

URL GET
upxsupport.webim.ru/v/images/default-department-logo.png
IP
91.142.90.130:443
ASN
#41722 Miran Ltd.

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerGlobalSign nv-sa
Subject*.webim.ru
FingerprintC9:8F:2B:90:8F:AA:A2:41:5B:E2:A2:52:7D:CB:E8:06:B8:A0:74:B2
ValidityTue, 21 Jan 2025 21:48:29 GMT - Sun, 22 Feb 2026 21:48:28 GMT

File type
PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
Size
16 kB (15479 bytes)
Hash
53a142e29b647ceba5a2adf6cc69b919
37fc7f6523e5f4d9e01157c70acc74069bfff416
a5b367cc08f01ae61da2109c04047ee7e218df860be597c35d4ca7e064fea63a

HTTP Headers

GET /v/images/default-department-logo.png HTTP/1.1
Host: upxsupport.webim.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 May 2025 02:13:14 GMT
Content-Type: image/png
Content-Length: 15479
Last-Modified: Wed, 30 Apr 2025 07:37:37 GMT
Connection: keep-alive
ETag: "6811d341-3c77"
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

up6mgf0x.top/storage/casino/games/5dbf122d4145b26ecfc82c506906e4b5.png

190.115.31.140

200 OK

116 kB

URL GET
up6mgf0x.top/storage/casino/games/5dbf122d4145b26ecfc82c506906e4b5.png
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=3, xresolution=50, yresolution=58, resolutionunit=3], progressive, precision 8, 640x480, components 3
Size
116 kB (115793 bytes)
Hash
91d794c15022682557dcf6683ba44649
d3626d1e381a8079cbd4d27c68e350cd44df83bd
0fc7c28ac378f966118a534f92d145a6fb58ca62df69e8c3af6f20a468f160fe

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /storage/casino/games/5dbf122d4145b26ecfc82c506906e4b5.png HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=8dEecJq6UUJMjO1X; __ddg10_=1747015991; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=8B9bcidMF1mQaSOl; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg10_=1747015992; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
date: Mon, 12 May 2025 02:13:12 GMT
content-type: image/png
content-length: 115793
last-modified: Mon, 31 Mar 2025 10:00:25 GMT
etag: "67ea67b9-1c451"
accept-ranges: bytes
X-Firefox-Spdy: h2

up6mgf0x.top/img/index-page-upx-games/cases.jpg

190.115.31.140

200 OK

27 kB

URL GET
up6mgf0x.top/img/index-page-upx-games/cases.jpg
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 241x187, components 3
Size
27 kB (26774 bytes)
Hash
2f2db7382400430d650ceb64c51b5866
3583c37016473a8557ee893a925071c67c61922e
0487d299c1a472e056e400846ab495b279a55de8cb73a61b0d8f7cc06f80daeb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/index-page-upx-games/cases.jpg HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=cSVLGXFbZEKPHfab; __ddg10_=1747015991; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=TFym6AlXVdVKPAN7; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg10_=1747015992; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
date: Mon, 12 May 2025 02:13:12 GMT
content-type: image/jpeg
content-length: 26774
last-modified: Wed, 07 May 2025 14:56:58 GMT
etag: W/"6896-196ab3ff690"
pragma: public
cache-control: public, max-age=0, public
accept-ranges: bytes
X-Firefox-Spdy: h2

up6mgf0x.top/img/games/other/play-btn.png

190.115.31.140

200 OK

23 kB

URL GET
up6mgf0x.top/img/games/other/play-btn.png
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
PNG image data, 470 x 570, 8-bit colormap, non-interlaced
Size
23 kB (22795 bytes)
Hash
12c188feef568d4240c547fbe2236d71
a4d68c1e374214312932d71e39c5716aee193439
be7602017eab59456188b37adce0aa5743589effdf8e83b531c373fcd2b2c9b0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/games/other/play-btn.png HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=KMc5Jovqbib9sMyM; __ddg10_=1747015991; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=jmfXDDZTeSI1EGgG; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg10_=1747015992; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
date: Mon, 12 May 2025 02:13:12 GMT
content-type: image/png
content-length: 22795
last-modified: Wed, 07 May 2025 14:56:58 GMT
etag: W/"590b-196ab3ff690"
pragma: public
cache-control: public, max-age=0, public
accept-ranges: bytes
X-Firefox-Spdy: h2

upxsupport.webim.ru/v/ui-resources.php?location=default&mode=desktop&lang=ru&f3db84a1&callback=getWebimUIResourcesCallback

91.142.90.130

200 OK

620 kB

URL GET
upxsupport.webim.ru/v/ui-resources.php?location=default&mode=desktop&lang=ru&f3db84a1&callback=getWebimUIResourcesCallback
IP
91.142.90.130:443
ASN
#41722 Miran Ltd.

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerGlobalSign nv-sa
Subject*.webim.ru
FingerprintC9:8F:2B:90:8F:AA:A2:41:5B:E2:A2:52:7D:CB:E8:06:B8:A0:74:B2
ValidityTue, 21 Jan 2025 21:48:29 GMT - Sun, 22 Feb 2026 21:48:28 GMT

File type
exported SGML document, ASCII text, with very long lines (65536), with no line terminators
Size
620 kB (619531 bytes)
Hash
c15377b2655d8142b70072e37f8ba15a
d500a9e4211fd082d70d4e3848c19bdd8c51506c
037b11c1c139eb201f3b5c6c3175c47c86424d42696bf5dcddd188d96b4b6bab

HTTP Headers

GET /v/ui-resources.php?location=default&mode=desktop&lang=ru&f3db84a1&callback=getWebimUIResourcesCallback HTTP/1.1
Host: upxsupport.webim.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 May 2025 02:13:14 GMT
Content-Type: application/x-javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 30 Apr 2025 07:37:37 GMT
X-Cache: HIT
Content-Encoding: gzip

up6mgf0x.top/img/games/keno/_logo.svg

190.115.31.140

200 OK

7.5 kB

URL GET
up6mgf0x.top/img/games/keno/_logo.svg
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
SVG Scalable Vector Graphics image
Size
7.5 kB (7492 bytes)
Hash
aeece9875382801f8da5e596ea89a49c
8063018a2d0360fce6e13d5517c24241bdd66338
a383962a72feb556712b5e660ceade55e9eeb288d72d22f518ebbe277f6af4fe

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/games/keno/_logo.svg HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=sVDcgVxyNRjv06JM; __ddg10_=1747015987; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=Xbq3TE8hIJtVXJET; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
__ddg10_=1747015990; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
date: Mon, 12 May 2025 02:13:10 GMT
content-type: image/svg+xml
last-modified: Wed, 07 May 2025 14:56:58 GMT
etag: W/"1d44-196ab3ff690"
vary: Accept-Encoding
content-encoding: gzip
pragma: public
cache-control: public, max-age=0, public
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/css/a719822.css

190.115.31.140

200 OK

14 kB

URL GET
up6mgf0x.top/_nuxt/css/a719822.css
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
Unicode text, UTF-8 text, with very long lines (14235), with no line terminators
Size
14 kB (14241 bytes)
Hash
4a8b9e94870fa41c524df07df334d5bc
2b7bf195856f8176c2dad96fcb7bf385a7e7a643
0e5c597b85207a854bcf4f14aaa24dba83f8f0c959c5bb73cf27c73a597ac539

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/css/a719822.css HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=QGzl774Tvdn0OZRo; __ddg10_=1747015991; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=VUTd1BzynlxQiSwa; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg10_=1747015992; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
date: Mon, 12 May 2025 02:13:12 GMT
content-type: text/css; charset=UTF-8
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"37a1-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
pragma: public
cache-control: public, max-age=31536000, public
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/1fdd183.js

190.115.31.140

200 OK

9.0 kB

URL GET
up6mgf0x.top/_nuxt/1fdd183.js
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (8982), with no line terminators
Size
9.0 kB (8986 bytes)
Hash
8731ae56e36af6424846191c633279a7
939ff83d9e3ccf2575b59ae4e96b444b851f4c31
2534f541279997ac37b3f261a98308cee3f37fb759b0e01b51862da31075f14a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/1fdd183.js HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=oFsA5i9MvkBXu5OP; __ddg10_=1747015994; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D; _ga_2RYNYNJ3M3=GS2.1.s1747015993$o1$g0$t1747015993$j0$l0$h0; _ga=GA1.1.100196038.1747015994
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=3QoxqB4odNsvV9dy; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg10_=1747015994; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
date: Mon, 12 May 2025 02:13:14 GMT
content-type: application/javascript; charset=UTF-8
accept-ranges: bytes
cache-control: public, max-age=31536000
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"231a-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/898afed.js

190.115.31.140

200 OK

82 kB

URL GET
up6mgf0x.top/_nuxt/898afed.js
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65472)
Size
82 kB (81807 bytes)
Hash
851b7b8cce8c1f9d392d6485c71dd02e
cc373b70fa337ccc34b94b397d6e8bea5f686e87
ef50038fa8ffa44b6f00fe6da4f9b23506e5c11040a9be608e84ebde99bd6b50

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/898afed.js HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=aDjQLC98yAud5UyP; __ddg10_=1747015994; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D; _ga_2RYNYNJ3M3=GS2.1.s1747015993$o1$g0$t1747015993$j0$l0$h0; _ga=GA1.1.100196038.1747015994
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=nEZcLzMB9quPatNu; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg10_=1747015994; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
date: Mon, 12 May 2025 02:13:14 GMT
content-type: application/javascript; charset=UTF-8
accept-ranges: bytes
cache-control: public, max-age=31536000
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"13f8f-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

up6mgf0x.top/img/index-page-upx-games/miner.jpg

190.115.31.140

200 OK

25 kB

URL GET
up6mgf0x.top/img/index-page-upx-games/miner.jpg
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 242x187, components 3
Size
25 kB (25311 bytes)
Hash
935caf5d1e61813f5cecadcc2585eee3
3cc8727c2bf91bd9e7e988b07f3db0a12c6b6870
ddc35325e55243dfb926726fabd59de0b914852d9e19739fe7828c2136e7aded

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/index-page-upx-games/miner.jpg HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=cSVLGXFbZEKPHfab; __ddg10_=1747015991; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=igfhdu8AnyTqzS6m; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg10_=1747015992; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
date: Mon, 12 May 2025 02:13:12 GMT
content-type: image/jpeg
content-length: 25311
last-modified: Wed, 07 May 2025 14:56:58 GMT
etag: W/"62df-196ab3ff690"
pragma: public
cache-control: public, max-age=0, public
accept-ranges: bytes
X-Firefox-Spdy: h2

up6mgf0x.top/storage/news/mI0gd1pTsTHXKDtJOT6Oie45rEpdffXJNNpazQCV.png

190.115.31.140

200 OK

514 kB

URL GET
up6mgf0x.top/storage/news/mI0gd1pTsTHXKDtJOT6Oie45rEpdffXJNNpazQCV.png
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
PNG image data, 1241 x 261, 8-bit/color RGBA, non-interlaced
Size
514 kB (514200 bytes)
Hash
bc2dee53d3c20b600a8def82170a9a24
d51a3eace6618c555babdac0dd09d79e13f8579c
152c0a7956202f74c5784cb79fe0b970abb716283ca34e8009932a7154f08286

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /storage/news/mI0gd1pTsTHXKDtJOT6Oie45rEpdffXJNNpazQCV.png HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=w4t1zYROQq6s88Bj; __ddg10_=1747015991; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=JubsWtpLbGNZl8lk; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:11 GMT
__ddg10_=1747015991; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:11 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:11 GMT
date: Mon, 12 May 2025 02:13:12 GMT
content-type: image/png
content-length: 514200
last-modified: Wed, 13 Nov 2024 10:19:07 GMT
etag: "67347d1b-7d898"
accept-ranges: bytes
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/29e4e86.js

190.115.31.140

200 OK

48 kB

URL GET
up6mgf0x.top/_nuxt/29e4e86.js
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (47550), with no line terminators
Size
48 kB (47880 bytes)
Hash
0717414ae38a3d31e5893099391e105f
0a0110397f457ab9152a0e890693c051a1e31a64
0771b8a3a466c887ca9102ada85b01be6efff9f5d62d8788fa0f4f913839f548

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/29e4e86.js HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=QGzl774Tvdn0OZRo; __ddg10_=1747015991; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=3xqaUpV0TMKxmza8; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg10_=1747015992; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
date: Mon, 12 May 2025 02:13:12 GMT
content-type: application/javascript; charset=UTF-8
accept-ranges: bytes
cache-control: public, max-age=31536000
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"bb08-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/css/0889a4b.css

190.115.31.140

200 OK

1.3 kB

URL GET
up6mgf0x.top/_nuxt/css/0889a4b.css
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
ASCII text, with very long lines (1265), with no line terminators
Size
1.3 kB (1265 bytes)
Hash
1028d4def674f9b55c130a9f081f38cd
c991ed4d83f9dbf11ac496a0c2cb9ae713ef9a7a
1abe0d127ac9b0c1c663bfb41f255292c5c86750f4f9ba4b060d3b9d3cb8c749

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/css/0889a4b.css HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=oVIyoDYazdxncpiA; __ddg10_=1747015991; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=icL8PyWMCsIZdfeJ; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg10_=1747015992; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
date: Mon, 12 May 2025 02:13:12 GMT
content-type: text/css; charset=UTF-8
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"4f1-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
pragma: public
cache-control: public, max-age=31536000, public
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/css/51ee5ab.css

190.115.31.140

200 OK

11 kB

URL GET
up6mgf0x.top/_nuxt/css/51ee5ab.css
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
ASCII text, with very long lines (10773), with no line terminators
Size
11 kB (10773 bytes)
Hash
5580ce163b7a5396bb46bea2c5e39803
63c8d5892207e7414bed7862b270f21f93d11019
10353e522b8a390db3c5f38d2c8c0e1d96b5f5d4587e76bde22238aef2a7ff9e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/css/51ee5ab.css HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=RgPw9CygafkvqFnY; __ddg10_=1747015994; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D; _ga_2RYNYNJ3M3=GS2.1.s1747015993$o1$g0$t1747015993$j0$l0$h0; _ga=GA1.1.100196038.1747015994
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=flfGyiKnlIwfDzjh; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg10_=1747015994; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
date: Mon, 12 May 2025 02:13:14 GMT
content-type: text/css; charset=UTF-8
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"2a15-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
pragma: public
cache-control: public, max-age=31536000, public
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/css/2e20128.css

190.115.31.140

200 OK

23 kB

URL GET
up6mgf0x.top/_nuxt/css/2e20128.css
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
ASCII text, with very long lines (22757), with no line terminators
Size
23 kB (22757 bytes)
Hash
7e19a34cd0994d3c53e9ed4847e6c88b
10042ed95f923c29d91c02ecf8eb2ff6364abae6
f9c28531241910221dafc14692565906ec8b43f7cede47b3b07e69e3dfa71d3e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/css/2e20128.css HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=aDjQLC98yAud5UyP; __ddg10_=1747015994; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D; _ga_2RYNYNJ3M3=GS2.1.s1747015993$o1$g0$t1747015993$j0$l0$h0; _ga=GA1.1.100196038.1747015994
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=8Wl94eHdbA03tUQ6; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg10_=1747015994; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
date: Mon, 12 May 2025 02:13:14 GMT
content-type: text/css; charset=UTF-8
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"58e5-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
pragma: public
cache-control: public, max-age=31536000, public
X-Firefox-Spdy: h2

upxsupport.webim.ru/button.php

91.142.90.130

200 OK

43 B

URL GET
upxsupport.webim.ru/button.php
IP
91.142.90.130:443
ASN
#41722 Miran Ltd.

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerGlobalSign nv-sa
Subject*.webim.ru
FingerprintC9:8F:2B:90:8F:AA:A2:41:5B:E2:A2:52:7D:CB:E8:06:B8:A0:74:B2
ValidityTue, 21 Jan 2025 21:48:29 GMT - Sun, 22 Feb 2026 21:48:28 GMT

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

HTTP Headers

GET /button.php HTTP/1.1
Host: upxsupport.webim.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 May 2025 02:13:10 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
X-Webim-Version: 10.7.101
Etag: "2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a"
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN

up6mgf0x.top/analytics/events?event_name=registration_form_view&pgi=GTM-5PCLDCJ

190.115.31.140

204 No Content

0 B

URL POST
up6mgf0x.top/analytics/events?event_name=registration_form_view&pgi=GTM-5PCLDCJ
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /analytics/events?event_name=registration_form_view&pgi=GTM-5PCLDCJ HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 840
Origin: https://up6mgf0x.top
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=HIFzdi7D3sqNy8qL; __ddg10_=1747015994; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D; _ga_2RYNYNJ3M3=GS2.1.s1747015993$o1$g0$t1747015993$j0$l0$h0; _ga=GA1.1.100196038.1747015994
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/2 204 No Content
server: ddos-guard
set-cookie: __ddg8_=GFzkO2hGOf3M8IfG; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:15 GMT
__ddg10_=1747015995; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:15 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:15 GMT
date: Mon, 12 May 2025 02:13:15 GMT
X-Firefox-Spdy: h2

up6mgf0x.top/img/index-page-upx-games/coinflip.jpg

190.115.31.140

200 OK

26 kB

URL GET
up6mgf0x.top/img/index-page-upx-games/coinflip.jpg
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 242x187, components 3
Size
26 kB (26485 bytes)
Hash
ed4f42baf1717e6266333ae2655cf1b4
1580e875c868591728b23972afc2cbdad7bf640f
6b80b293d7892e8893a82357c9283e4ba4e5a95fc4362aeb285422a91881132e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/index-page-upx-games/coinflip.jpg HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=QGzl774Tvdn0OZRo; __ddg10_=1747015991; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=eJRqcJaaq5JaBqBt; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg10_=1747015992; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
date: Mon, 12 May 2025 02:13:12 GMT
content-type: image/jpeg
content-length: 26485
last-modified: Wed, 07 May 2025 14:56:58 GMT
etag: W/"6775-196ab3ff690"
pragma: public
cache-control: public, max-age=0, public
accept-ranges: bytes
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/c3718c3.js

190.115.31.140

200 OK

21 kB

URL GET
up6mgf0x.top/_nuxt/c3718c3.js
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JavaScript source, ASCII text, with very long lines (21412), with no line terminators
Size
21 kB (21412 bytes)
Hash
5426ac0c5730101caa3aeeba21ffd436
be79844676cfab8f3bfa983d1ca751d0f5cf8955
e55633265939126264846aab98808c27d7bf06ad74fbad49e9ccd84b12d79eb3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/c3718c3.js HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=oFsA5i9MvkBXu5OP; __ddg10_=1747015994; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D; _ga_2RYNYNJ3M3=GS2.1.s1747015993$o1$g0$t1747015993$j0$l0$h0; _ga=GA1.1.100196038.1747015994
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=DE5km2bpKS8itxWQ; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg10_=1747015994; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
date: Mon, 12 May 2025 02:13:14 GMT
content-type: application/javascript; charset=UTF-8
accept-ranges: bytes
cache-control: public, max-age=31536000
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"53a4-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

up6mgf0x.top/analytics/events?event_name=slider_banner_view&pgi=GTM-5PCLDCJ

190.115.31.140

204 No Content

0 B

URL POST
up6mgf0x.top/analytics/events?event_name=slider_banner_view&pgi=GTM-5PCLDCJ
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /analytics/events?event_name=slider_banner_view&pgi=GTM-5PCLDCJ HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 888
Origin: https://up6mgf0x.top
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=jm9KYFNSzwzfNJLK; __ddg10_=1747015995; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D; _ga_2RYNYNJ3M3=GS2.1.s1747015993$o1$g0$t1747015995$j0$l0$h0; _ga=GA1.1.100196038.1747015994
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/2 204 No Content
server: ddos-guard
set-cookie: __ddg8_=ru163qaGq3MJe44y; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:15 GMT
__ddg10_=1747015995; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:15 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:15 GMT
date: Mon, 12 May 2025 02:13:15 GMT
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/4e703ef.js

190.115.31.140

200 OK

758 B

URL GET
up6mgf0x.top/_nuxt/4e703ef.js
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JavaScript source, ASCII text, with very long lines (758), with no line terminators
Size
758 B (758 bytes)
Hash
5c4d6c332c09579e9335f001609973c5
4e5b12ac40d8350db12faaaeb637eede086d8a02
cca892a38226a2d7b2339e117904008d0119cac1eb936570c0f57ffaab9b9893

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/4e703ef.js HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=MnBrZDuZd4WMFG0L; __ddg10_=1747015991; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=54gW4jRmW2YNgfZ0; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg10_=1747015992; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
date: Mon, 12 May 2025 02:13:12 GMT
content-type: application/javascript; charset=UTF-8
accept-ranges: bytes
cache-control: public, max-age=31536000
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"2f6-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/b26148c.js

190.115.31.140

200 OK

144 kB

URL GET
up6mgf0x.top/_nuxt/b26148c.js
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JavaScript source, ASCII text, with very long lines (65485)
Size
144 kB (144339 bytes)
Hash
63fe4ad7365a757c9d04ae96e5d4ae95
26031d75c013be1946cf3f4f13f5d837c4325349
874db9eed898e8f90e7f8e6ff99bdef4a19eadb362d9358b3e7c45e42eb95038

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/b26148c.js HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=sVDcgVxyNRjv06JM; __ddg10_=1747015987; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=34l8fwO36CD2pzg8; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
__ddg10_=1747015990; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
date: Mon, 12 May 2025 02:13:10 GMT
content-type: application/javascript; charset=UTF-8
accept-ranges: bytes
cache-control: public, max-age=31536000
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"233d3-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/a899323.js

190.115.31.140

200 OK

19 kB

URL GET
up6mgf0x.top/_nuxt/a899323.js
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JavaScript source, ASCII text, with very long lines (18957), with no line terminators
Size
19 kB (18957 bytes)
Hash
56eef948191c083af0201b5a5afd56a3
30d1d0ed016ae29e664ec03385132e36de9b7846
b397932fc5fce972ff61d3d911569084a29f05c3b494dbb7252e76345c23cba1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/a899323.js HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=RgPw9CygafkvqFnY; __ddg10_=1747015994; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D; _ga_2RYNYNJ3M3=GS2.1.s1747015993$o1$g0$t1747015993$j0$l0$h0; _ga=GA1.1.100196038.1747015994
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=WR5tIfXqaZp71KBT; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg10_=1747015994; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
date: Mon, 12 May 2025 02:13:14 GMT
content-type: application/javascript; charset=UTF-8
accept-ranges: bytes
cache-control: public, max-age=31536000
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"4a0d-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/acb6a29.js

190.115.31.140

200 OK

3.1 kB

URL GET
up6mgf0x.top/_nuxt/acb6a29.js
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (3067), with no line terminators
Size
3.1 kB (3071 bytes)
Hash
fa07f717861d27306a18988d59d7f11f
850087f7964e815765ea9accdff2197736a9b4a1
cdcbef7c302b34f2d58c3ca5fa87ac4dfab86e6ff7c2ea296480b4f01a261e64

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/acb6a29.js HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=RgPw9CygafkvqFnY; __ddg10_=1747015994; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D; _ga_2RYNYNJ3M3=GS2.1.s1747015993$o1$g0$t1747015993$j0$l0$h0; _ga=GA1.1.100196038.1747015994
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=IKPb8evu8ZrExFAN; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg10_=1747015994; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
date: Mon, 12 May 2025 02:13:14 GMT
content-type: application/javascript; charset=UTF-8
accept-ranges: bytes
cache-control: public, max-age=31536000
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"bff-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

up6mgf0x.top/pwa-load-event.js?v=002

190.115.31.140

200 OK

415 B

URL GET
up6mgf0x.top/pwa-load-event.js?v=002
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
ASCII text
Size
415 B (415 bytes)
Hash
b4da9281be2bd30c0976275be45611d7
a0f4d581943039bf67c9ea69ab789e5d3e07d703
a799d1b8057bd81e2106d4b3e15e24e85aa0167904bd06802a998e95acb30562

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pwa-load-event.js?v=002 HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=sVDcgVxyNRjv06JM; __ddg10_=1747015987; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=xWadJscG9JyqNfu9; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
__ddg10_=1747015990; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
date: Mon, 12 May 2025 02:13:10 GMT
content-type: application/javascript; charset=UTF-8
accept-ranges: bytes
cache-control: public, max-age=0
last-modified: Wed, 07 May 2025 14:56:58 GMT
etag: W/"19f-196ab3ff690"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

up6mgf0x.top/cryptojs-aes-format.js

190.115.31.140

200 OK

1.5 kB

URL GET
up6mgf0x.top/cryptojs-aes-format.js
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
ASCII text
Size
1.5 kB (1494 bytes)
Hash
e6bc38f77922eaa6f1b23716034b4a2e
db781b1e30c4f2a1d63d47054f0903c463cf01ab
9ca00bddae85e30d59672da0089ea5e132df97d75a92f42114fe1befbaeaf32d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cryptojs-aes-format.js HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=sVDcgVxyNRjv06JM; __ddg10_=1747015987; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=YKRDXS5MrP73KjJL; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
__ddg10_=1747015990; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
date: Mon, 12 May 2025 02:13:10 GMT
content-type: application/javascript; charset=UTF-8
accept-ranges: bytes
cache-control: public, max-age=0
last-modified: Wed, 07 May 2025 14:56:58 GMT
etag: W/"5d6-196ab3ff690"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

upxsupport.webim.ru/js/button.js

91.142.90.130

200 OK

897 kB

URL GET
upxsupport.webim.ru/js/button.js
IP
91.142.90.130:443
ASN
#41722 Miran Ltd.

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerGlobalSign nv-sa
Subject*.webim.ru
FingerprintC9:8F:2B:90:8F:AA:A2:41:5B:E2:A2:52:7D:CB:E8:06:B8:A0:74:B2
ValidityTue, 21 Jan 2025 21:48:29 GMT - Sun, 22 Feb 2026 21:48:28 GMT

File type
JavaScript source, ASCII text, with very long lines (1210)
Size
897 kB (897348 bytes)
Hash
fbdf2ab58c72dc654b93a0a23ffa3fd8
7da289491198fa17b44f87e10b5b30f9d1c8900e
0b930c192cefc65e0d7bae64975848e1964b6caa244dd68feb407f66b3db619f

HTTP Headers

GET /js/button.js HTTP/1.1
Host: upxsupport.webim.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 May 2025 02:13:10 GMT
Content-Type: application/x-javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 30 Apr 2025 07:37:37 GMT
Cache-Control: no-cache
Content-Encoding: gzip

up6mgf0x.top/img/bonus-posters/en/bonus-poster_back.png

190.115.31.140

200 OK

34 kB

URL GET
up6mgf0x.top/img/bonus-posters/en/bonus-poster_back.png
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
PNG image data, 350 x 260, 8-bit colormap, non-interlaced
Size
34 kB (34145 bytes)
Hash
6fe46c256e69bf5b8feaeba014d17219
d91641588adef2434047bd567bce377a25ad3366
7af4460cff4e6141edd170aaec715b09a7280f402ba33d3a89d6e3da37461e70

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/bonus-posters/en/bonus-poster_back.png HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=w4t1zYROQq6s88Bj; __ddg10_=1747015991; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=eXmOCEgJyxrboNnf; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg10_=1747015992; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
date: Mon, 12 May 2025 02:13:12 GMT
content-type: image/png
content-length: 34145
last-modified: Wed, 07 May 2025 14:56:58 GMT
etag: W/"8561-196ab3ff690"
pragma: public
cache-control: public, max-age=0, public
accept-ranges: bytes
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/img/qiwi-hover.8974e12.svg

190.115.31.140

200 OK

1.8 kB

URL GET
up6mgf0x.top/_nuxt/img/qiwi-hover.8974e12.svg
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
SVG Scalable Vector Graphics image
Size
1.8 kB (1802 bytes)
Hash
377352a1e64b9cfd1b306fe8ce79646f
4c8cf6abbf7d0466458a165d26021996068185b4
8cc94e5d8a5f9a97bdf57e64352ba2c237b2f2c45974e27a7b5ca0b355416b62

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/img/qiwi-hover.8974e12.svg HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=bX4xHAImFLtgZhrv; __ddg10_=1747015992; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=cIixeHdomNOaeJy2; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg10_=1747015992; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
date: Mon, 12 May 2025 02:13:12 GMT
content-type: image/svg+xml
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"70a-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
pragma: public
cache-control: public, max-age=31536000, public
X-Firefox-Spdy: h2

up6mgf0x.top/img/banners/welcomeBonus/bg.png

190.115.31.140

200 OK

224 kB

URL GET
up6mgf0x.top/img/banners/welcomeBonus/bg.png
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
PNG image data, 484 x 1054, 8-bit/color RGBA, non-interlaced
Size
224 kB (223466 bytes)
Hash
08e06eda5db26d9e11747be233286f8d
c1c066fea08efcfaa33fa5cdda700d30abc88523
839273abab85856a3d7f623affb5866fadbdfc59a51fa4590092c5ab27bb20af

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/banners/welcomeBonus/bg.png HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/_nuxt/css/a719822.css
Cookie: __ddg8_=RkD5D3jVe97fJhb1; __ddg10_=1747015993; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=bUxtjTMZFowm4dKJ; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:13 GMT
__ddg10_=1747015993; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:13 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:13 GMT
date: Mon, 12 May 2025 02:13:13 GMT
content-type: image/png
content-length: 223466
last-modified: Wed, 07 May 2025 14:56:58 GMT
etag: W/"368ea-196ab3ff690"
pragma: public
cache-control: public, max-age=0, public
accept-ranges: bytes
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/beaaeba.js

190.115.31.140

200 OK

4.5 kB

URL GET
up6mgf0x.top/_nuxt/beaaeba.js
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (4546), with no line terminators
Size
4.5 kB (4548 bytes)
Hash
15a2714d8b5bc2dbaec612cf4cac45cb
67ad836923e49990b6f1ae61badd8dd21d515a19
d457280c9d5befbc9ccae9f4bb0527dc9ad6601142a72ad2359b08a8ee7c5e2b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/beaaeba.js HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=jePYtWxBJgkctAfX; __ddg10_=1747015993; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D; _ga_2RYNYNJ3M3=GS2.1.s1747015993$o1$g0$t1747015993$j0$l0$h0; _ga=GA1.1.100196038.1747015994
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=J6O7JlBAzmgiVDXM; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg10_=1747015994; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
date: Mon, 12 May 2025 02:13:14 GMT
content-type: application/javascript; charset=UTF-8
accept-ranges: bytes
cache-control: public, max-age=31536000
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"11c4-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/css/060275d.css

190.115.31.140

200 OK

25 kB

URL GET
up6mgf0x.top/_nuxt/css/060275d.css
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
ASCII text, with very long lines (25053), with no line terminators
Size
25 kB (25053 bytes)
Hash
ab2a734a4e2a8db0e1001ef72a9a6800
658d0209adde79dd4c9d6f440694d5f555ef1e8e
403b06d414b0208890e1dd215425b0e0f81f897537e38516489fd919b5dfe58f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/css/060275d.css HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=jePYtWxBJgkctAfX; __ddg10_=1747015993; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D; _ga_2RYNYNJ3M3=GS2.1.s1747015993$o1$g0$t1747015993$j0$l0$h0; _ga=GA1.1.100196038.1747015994
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=xifg0HU5CoYJsGbi; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg10_=1747015994; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
date: Mon, 12 May 2025 02:13:14 GMT
content-type: text/css; charset=UTF-8
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"61dd-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
pragma: public
cache-control: public, max-age=31536000, public
X-Firefox-Spdy: h2

up6mgf0x.top/cryptojs-aes.min.js?v=1

190.115.31.140

200 OK

14 kB

URL GET
up6mgf0x.top/cryptojs-aes.min.js?v=1
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JavaScript source, ASCII text, with very long lines (629)
Size
14 kB (13722 bytes)
Hash
cd93b7f0987a614bc17698503bcb6af9
68a66448326499ff34c75bf31e2769b278584e0c
8d4fae1a37a5b5338c889d0897b50024194b4d3ae94940e7e42c1c1423a1183e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cryptojs-aes.min.js?v=1 HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=sVDcgVxyNRjv06JM; __ddg10_=1747015987; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=lbdlzumWPYCDWj3c; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
__ddg10_=1747015990; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
date: Mon, 12 May 2025 02:13:10 GMT
content-type: application/javascript; charset=UTF-8
accept-ranges: bytes
cache-control: public, max-age=0
last-modified: Wed, 07 May 2025 14:56:58 GMT
etag: W/"359a-196ab3ff690"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/b0e9fa3.js

190.115.31.140

200 OK

1.7 kB

URL GET
up6mgf0x.top/_nuxt/b0e9fa3.js
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (1681), with no line terminators
Size
1.7 kB (1685 bytes)
Hash
9f68ac48d1ce94e797ccb9becd2de5bb
4e9e252346b0a7fcac54a1e8a0892bcf1b2d996b
334097c2ef30a06e717a6968b789f5519f899be3a3b0bf43dde37f06dbcf43bd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/b0e9fa3.js HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=GFzkO2hGOf3M8IfG; __ddg10_=1747015995; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D; _ga_2RYNYNJ3M3=GS2.1.s1747015993$o1$g0$t1747015994$j0$l0$h0; _ga=GA1.1.100196038.1747015994
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=LkP8BTYVgAwuhiBF; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:15 GMT
__ddg10_=1747015995; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:15 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:15 GMT
date: Mon, 12 May 2025 02:13:15 GMT
content-type: application/javascript; charset=UTF-8
accept-ranges: bytes
cache-control: public, max-age=31536000
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"695-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/ad1b80b.js

190.115.31.140

200 OK

54 kB

URL GET
up6mgf0x.top/_nuxt/ad1b80b.js
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (54182), with no line terminators
Size
54 kB (54186 bytes)
Hash
a124f36f8865f9d5b675962ad61f3a28
7a69657bc34a76811ad07b158c5dcdf32c53f459
f1f4f724ca4e4bf8baaf1b9853b9d09bd71b0a04684f2f9ea076b86f8510e2c7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/ad1b80b.js HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=jePYtWxBJgkctAfX; __ddg10_=1747015993; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D; _ga_2RYNYNJ3M3=GS2.1.s1747015993$o1$g0$t1747015993$j0$l0$h0; _ga=GA1.1.100196038.1747015994
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=SqlNWlrLYK0coUqS; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg10_=1747015994; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
date: Mon, 12 May 2025 02:13:14 GMT
content-type: application/javascript; charset=UTF-8
accept-ranges: bytes
cache-control: public, max-age=31536000
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"d3aa-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/css/d06d52e.css

190.115.31.140

200 OK

348 B

URL GET
up6mgf0x.top/_nuxt/css/d06d52e.css
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
ASCII text, with very long lines (348), with no line terminators
Size
348 B (348 bytes)
Hash
60f6e11642e35250a236221ec13f246f
38f0698ab57ef1ee01b7f4ff3a6c7e16908e97f9
804c2cfc90058e6bc35766b4f78b6b107641ac98e1614fbe71cac574cb3eb7e5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/css/d06d52e.css HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=jePYtWxBJgkctAfX; __ddg10_=1747015993; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D; _ga_2RYNYNJ3M3=GS2.1.s1747015993$o1$g0$t1747015993$j0$l0$h0; _ga=GA1.1.100196038.1747015994
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=9M1764iR3QGtzFP3; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg10_=1747015994; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
date: Mon, 12 May 2025 02:13:14 GMT
content-type: text/css; charset=UTF-8
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"15c-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
pragma: public
cache-control: public, max-age=31536000, public
X-Firefox-Spdy: h2

up6mgf0x.top/storage/news/PaltPzBFgfeU8F79IK62SuMboNQSPvmAEpq679At.png

190.115.31.140

200 OK

556 kB

URL GET
up6mgf0x.top/storage/news/PaltPzBFgfeU8F79IK62SuMboNQSPvmAEpq679At.png
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
PNG image data, 1241 x 261, 8-bit/color RGBA, non-interlaced
Size
556 kB (555460 bytes)
Hash
c669216bdc9ba501f7828ce937273b51
000acc2d8b150c02b0d9765b29662421482504ef
880b3f488ebb23ca0527f03b3fb97eb616e2006ea38bfbd31febbda75e14a85a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /storage/news/PaltPzBFgfeU8F79IK62SuMboNQSPvmAEpq679At.png HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=w4t1zYROQq6s88Bj; __ddg10_=1747015991; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=xS84Pjc1qYoJKxj5; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:11 GMT
__ddg10_=1747015991; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:11 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:11 GMT
date: Mon, 12 May 2025 02:13:11 GMT
content-type: image/png
content-length: 555460
last-modified: Wed, 13 Nov 2024 10:11:14 GMT
etag: "67347b42-879c4"
accept-ranges: bytes
X-Firefox-Spdy: h2

up6mgf0x.top/storage/news/9NAsUVDVUnLYU6HDrkRfXMaMqnxSJ88M8X6QqrZ3.png

190.115.31.140

200 OK

513 kB

URL GET
up6mgf0x.top/storage/news/9NAsUVDVUnLYU6HDrkRfXMaMqnxSJ88M8X6QqrZ3.png
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
PNG image data, 1241 x 261, 8-bit/color RGBA, non-interlaced
Size
513 kB (513172 bytes)
Hash
c4d28fa3524fc7a04bd73942d7c0dfdd
67214480798b13ca235905c37983a61ff2ac8ac8
0c364db350345ba85b7b892152d054befa465d16e742d9d4b2914525d9968b73

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /storage/news/9NAsUVDVUnLYU6HDrkRfXMaMqnxSJ88M8X6QqrZ3.png HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=w4t1zYROQq6s88Bj; __ddg10_=1747015991; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=wo3brqmwB71zpHPJ; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:11 GMT
__ddg10_=1747015991; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:11 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:11 GMT
date: Mon, 12 May 2025 02:13:11 GMT
content-type: image/png
content-length: 513172
last-modified: Wed, 13 Nov 2024 10:17:39 GMT
etag: "67347cc3-7d494"
accept-ranges: bytes
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/739c69b.js

190.115.31.140

200 OK

3.1 kB

URL GET
up6mgf0x.top/_nuxt/739c69b.js
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JavaScript source, ASCII text, with very long lines (3062), with no line terminators
Size
3.1 kB (3062 bytes)
Hash
a6932791a5e671a0c2063d1f9ac5c54d
61ed88b9c579ecdd9a3a3cdd8548049aa9d447ee
4b2eefcb0889c07ada09fddd18695e9fb99d37e677b9d1bac5c642be55fab2f2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/739c69b.js HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=w4t1zYROQq6s88Bj; __ddg10_=1747015991; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=Weu9koVZpB3aMq4O; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg10_=1747015992; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
date: Mon, 12 May 2025 02:13:12 GMT
content-type: application/javascript; charset=UTF-8
accept-ranges: bytes
cache-control: public, max-age=31536000
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"bf6-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/css/4008a73.css

190.115.31.140

200 OK

3.2 kB

URL GET
up6mgf0x.top/_nuxt/css/4008a73.css
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
ASCII text, with very long lines (3163), with no line terminators
Size
3.2 kB (3163 bytes)
Hash
8dafb1b128f95c5a7c202d14927d3a1f
1526e7a5689fbc989d36b869a530bf5609ad7618
4febfee38b4e062d6f3b3b3566c44636a94166e26cc6ed79712aa79d670d594d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/css/4008a73.css HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=jePYtWxBJgkctAfX; __ddg10_=1747015993; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D; _ga_2RYNYNJ3M3=GS2.1.s1747015993$o1$g0$t1747015993$j0$l0$h0; _ga=GA1.1.100196038.1747015994
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=oFsA5i9MvkBXu5OP; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg10_=1747015994; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
date: Mon, 12 May 2025 02:13:14 GMT
content-type: text/css; charset=UTF-8
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"c5b-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
pragma: public
cache-control: public, max-age=31536000, public
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/e3850fa.js

190.115.31.140

200 OK

15 kB

URL GET
up6mgf0x.top/_nuxt/e3850fa.js
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JavaScript source, ASCII text, with very long lines (14688), with no line terminators
Size
15 kB (14688 bytes)
Hash
a528729449d9945050428e6396d1ae6f
2a0ed92dd20b8355b0801d3537324bec413a1634
6209681688405165217ddf463a0f149b941c5cecc37c328d43b76d259759fc74

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/e3850fa.js HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=jePYtWxBJgkctAfX; __ddg10_=1747015993; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D; _ga_2RYNYNJ3M3=GS2.1.s1747015993$o1$g0$t1747015993$j0$l0$h0; _ga=GA1.1.100196038.1747015994
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=Ikt4iuSObyhXIeBO; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg10_=1747015994; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
date: Mon, 12 May 2025 02:13:14 GMT
content-type: application/javascript; charset=UTF-8
accept-ranges: bytes
cache-control: public, max-age=31536000
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"3960-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

up6mgf0x.top/api/v2/bonus/check

190.115.31.140

200 OK

347 B

URL POST
up6mgf0x.top/api/v2/bonus/check
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JSON text data
Size
347 B (347 bytes)
Hash
81cb9de4d24ec2e95e135fc064e0d900
7e1a5aebb778efac3bcc1e4c0ffbad0ded20b25d
2811f684f193116f8b0f613a6169c625051f2195c3036cb64d4f78eca53c9343

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /api/v2/bonus/check HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json, text/plain, */*
Accept-Language: en
Accept-Encoding: gzip, deflate, br
upx-cc-a: upxcc-sDt0emXODjyAX3W8
upx-cc-secret: upx-cc-sDt0emXODjyAX3W8
Content-Type: application/json
Content-Length: 43
Origin: https://up6mgf0x.top
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=w4t1zYROQq6s88Bj; __ddg10_=1747015991; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=KMc5Jovqbib9sMyM; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:11 GMT
__ddg10_=1747015991; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:11 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:11 GMT
date: Mon, 12 May 2025 02:13:11 GMT
content-type: application/json
vary: Accept-Encoding
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
content-encoding: gzip
X-Firefox-Spdy: h2

up6mgf0x.top/img/emoji/sunglasses.png

190.115.31.140

200 OK

667 B

URL GET
up6mgf0x.top/img/emoji/sunglasses.png
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
PNG image data, 18 x 18, 8-bit colormap, non-interlaced
Size
667 B (667 bytes)
Hash
e60039c6c93a808c90d1553615b0be56
7aaef24cd9637721dd5e32738d7631832fcc493c
3f5441e83ecdfb635c53a3f549bb6dc7e991d8b65d0c89e129e2660004d13cb0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/emoji/sunglasses.png HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=cSVLGXFbZEKPHfab; __ddg10_=1747015991; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=zK6MuN60yR5UjJOv; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg10_=1747015992; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
date: Mon, 12 May 2025 02:13:12 GMT
content-type: image/png
content-length: 667
last-modified: Wed, 07 May 2025 14:56:58 GMT
etag: W/"29b-196ab3ff690"
pragma: public
cache-control: public, max-age=0, public
accept-ranges: bytes
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/img/index-page-block-games-play.b22b092.svg

190.115.31.140

200 OK

2.7 kB

URL GET
up6mgf0x.top/_nuxt/img/index-page-block-games-play.b22b092.svg
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
SVG Scalable Vector Graphics image
Size
2.7 kB (2709 bytes)
Hash
2500a22d3c088ad121a2ea52526773c5
cb61e4f4c6f848969738d07dbd9eb050b8b7ef8d
d5883888748c72d139cec891ff4d1c4ca9db38d3ff14b77bb272cbbc3c8639cf

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/img/index-page-block-games-play.b22b092.svg HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/_nuxt/css/13c45d6.css
Cookie: __ddg8_=oVIyoDYazdxncpiA; __ddg10_=1747015991; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=0omXrNgRHPla1OLo; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg10_=1747015992; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
date: Mon, 12 May 2025 02:13:12 GMT
content-type: image/svg+xml
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"a95-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
pragma: public
cache-control: public, max-age=31536000, public
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/img/bitcoin-hover.150a155.svg

190.115.31.140

200 OK

8.3 kB

URL GET
up6mgf0x.top/_nuxt/img/bitcoin-hover.150a155.svg
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
SVG Scalable Vector Graphics image
Size
8.3 kB (8265 bytes)
Hash
0f7d6e47b06d9f9526ddfcffe2f93277
d70e9bb6bb6c05f1d2afda68cb6c4131e1ffe7c1
31698e994e757e9c81be43b259fd11d07e95d6164510539d7e07b77836bac1c8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/img/bitcoin-hover.150a155.svg HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=ZkBsgQ1SfbrJcQCo; __ddg10_=1747015992; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=V2A8zwqei1QHU4wR; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg10_=1747015992; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
date: Mon, 12 May 2025 02:13:12 GMT
content-type: image/svg+xml
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"2049-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
pragma: public
cache-control: public, max-age=31536000, public
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/906d945.js

190.115.31.140

200 OK

15 kB

URL GET
up6mgf0x.top/_nuxt/906d945.js
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (15148), with no line terminators
Size
15 kB (15150 bytes)
Hash
db2c01f9a2ca361b986b3638554c5da4
ba6e97dce8e61744b84d668b6744f9960f9e1649
937a7727dd4761793807906171b351ddd993a37527c95638ce8a7fb319fa99e6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/906d945.js HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=oFsA5i9MvkBXu5OP; __ddg10_=1747015994; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D; _ga_2RYNYNJ3M3=GS2.1.s1747015993$o1$g0$t1747015993$j0$l0$h0; _ga=GA1.1.100196038.1747015994
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=6GoQRrYUFbNeNpa9; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg10_=1747015994; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
date: Mon, 12 May 2025 02:13:14 GMT
content-type: application/javascript; charset=UTF-8
accept-ranges: bytes
cache-control: public, max-age=31536000
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"3b2e-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

up6mgf0x.top/storage/news/vB7K6juWMrkjvEgzQs7Q8cYjTkcvCy9Yl0NNAP6W.png

190.115.31.140

200 OK

507 kB

URL GET
up6mgf0x.top/storage/news/vB7K6juWMrkjvEgzQs7Q8cYjTkcvCy9Yl0NNAP6W.png
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
PNG image data, 1241 x 261, 8-bit/color RGBA, non-interlaced
Size
507 kB (506701 bytes)
Hash
c47faf7d2c1329f60cd4b33623afa0fa
6a1104449a1cec3e5b24a2db657a45f9c8069f18
318142edddc6c8a263cd076abadd3823493c94eea59b213bdd41515a681d228d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /storage/news/vB7K6juWMrkjvEgzQs7Q8cYjTkcvCy9Yl0NNAP6W.png HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=w4t1zYROQq6s88Bj; __ddg10_=1747015991; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=8dEecJq6UUJMjO1X; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:11 GMT
__ddg10_=1747015991; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:11 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:11 GMT
date: Mon, 12 May 2025 02:13:12 GMT
content-type: image/png
content-length: 506701
last-modified: Wed, 13 Nov 2024 10:19:07 GMT
etag: "67347d1b-7bb4d"
accept-ranges: bytes
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/img/beeline.430c0d4.svg

190.115.31.140

200 OK

2.7 kB

URL GET
up6mgf0x.top/_nuxt/img/beeline.430c0d4.svg
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
SVG Scalable Vector Graphics image
Size
2.7 kB (2677 bytes)
Hash
5ff534ad283964b5fdb99b78e4acd611
03ec316d115b11083bc1e00ef5091b74c300aac7
f4132aeb6a320fb0da6a07e0decabb6069463094b045d92d53e24fa5bba35b1d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/img/beeline.430c0d4.svg HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=bX4xHAImFLtgZhrv; __ddg10_=1747015992; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=vBPslwjz31GiSx9q; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg10_=1747015992; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
date: Mon, 12 May 2025 02:13:13 GMT
content-type: image/svg+xml
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"a75-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
pragma: public
cache-control: public, max-age=31536000, public
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/74f610a.js

190.115.31.140

200 OK

26 kB

URL GET
up6mgf0x.top/_nuxt/74f610a.js
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JavaScript source, ASCII text, with very long lines (26087), with no line terminators
Size
26 kB (26087 bytes)
Hash
c7ad62b48acf1eb04af8288d5d43676d
50f34468556c20c4b3e4cfc115163928e38075c6
c9511554bc419f094d84e2284aa6bc16e6e3ea9163ab29fba23882b7e3f7a3af

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/74f610a.js HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=RgPw9CygafkvqFnY; __ddg10_=1747015994; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D; _ga_2RYNYNJ3M3=GS2.1.s1747015993$o1$g0$t1747015993$j0$l0$h0; _ga=GA1.1.100196038.1747015994
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=HIFzdi7D3sqNy8qL; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg10_=1747015994; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
date: Mon, 12 May 2025 02:13:14 GMT
content-type: application/javascript; charset=UTF-8
accept-ranges: bytes
cache-control: public, max-age=31536000
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"65e7-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

up6mgf0x.top/img/games/dice/_logo.svg

190.115.31.140

200 OK

7.9 kB

URL GET
up6mgf0x.top/img/games/dice/_logo.svg
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
SVG Scalable Vector Graphics image
Size
7.9 kB (7860 bytes)
Hash
6785024a9162a800eb77118c778cc517
925d4524f414cca2caa53c79dfef4e011be5600e
ee8843e1a73c2f5f1021ad6bff7c54500f65da9fe2343e323349631a2d65df9a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/games/dice/_logo.svg HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=sVDcgVxyNRjv06JM; __ddg10_=1747015987; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=rKfbr9o4yP5flpbe; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
__ddg10_=1747015990; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
date: Mon, 12 May 2025 02:13:10 GMT
content-type: image/svg+xml
last-modified: Wed, 07 May 2025 14:56:58 GMT
etag: W/"1eb4-196ab3ff690"
vary: Accept-Encoding
content-encoding: gzip
pragma: public
cache-control: public, max-age=0, public
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/img/age18-hover.eb7f425.svg

190.115.31.140

200 OK

2.5 kB

URL GET
up6mgf0x.top/_nuxt/img/age18-hover.eb7f425.svg
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
SVG Scalable Vector Graphics image
Size
2.5 kB (2481 bytes)
Hash
6f518cf04885876785f267f3dd8118cc
419ae9e28d4260b7d9fb54114c6404190a55b43c
5ca93bdfa2c77cc7ec0ff996b43fb8779e8333fb8b364e3faf52ebeb9c9106c7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/img/age18-hover.eb7f425.svg HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=ZkBsgQ1SfbrJcQCo; __ddg10_=1747015992; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=49QqKtW4kikngH7i; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:13 GMT
__ddg10_=1747015993; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:13 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:13 GMT
date: Mon, 12 May 2025 02:13:13 GMT
content-type: image/svg+xml
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"9b1-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
pragma: public
cache-control: public, max-age=31536000, public
X-Firefox-Spdy: h2

up6mgf0x.top/analytics/pv?pgi=GTM-5PCLDCJ

190.115.31.140

204 No Content

0 B

URL POST
up6mgf0x.top/analytics/pv?pgi=GTM-5PCLDCJ
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /analytics/pv?pgi=GTM-5PCLDCJ HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 742
Origin: https://up6mgf0x.top
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=jePYtWxBJgkctAfX; __ddg10_=1747015993; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D; _ga_2RYNYNJ3M3=GS2.1.s1747015993$o1$g0$t1747015993$j0$l0$h0; _ga=GA1.1.100196038.1747015994
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/2 204 No Content
server: ddos-guard
set-cookie: __ddg8_=DGQW3agCCRRadNYX; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg10_=1747015994; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
date: Mon, 12 May 2025 02:13:14 GMT
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/0b7f464.js

190.115.31.140

200 OK

3.0 kB

URL GET
up6mgf0x.top/_nuxt/0b7f464.js
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (3040), with no line terminators
Size
3.0 kB (3044 bytes)
Hash
c838c456251763c37047bf00e8f4b1a9
b5ce6299a523d86c7dea9e93c91bc332ee5d7027
e046475eee7e09888ff6c0dd9140f39e7c486d24ff1b92d5568f09973dc96d15

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/0b7f464.js HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=RgPw9CygafkvqFnY; __ddg10_=1747015994; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D; _ga_2RYNYNJ3M3=GS2.1.s1747015993$o1$g0$t1747015993$j0$l0$h0; _ga=GA1.1.100196038.1747015994
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=mVhpDY7ZuCEvxx26; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg10_=1747015994; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
date: Mon, 12 May 2025 02:13:14 GMT
content-type: application/javascript; charset=UTF-8
accept-ranges: bytes
cache-control: public, max-age=31536000
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"be4-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/fd07db4.js

190.115.31.140

200 OK

3.8 kB

URL GET
up6mgf0x.top/_nuxt/fd07db4.js
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JavaScript source, ASCII text, with very long lines (3819), with no line terminators
Size
3.8 kB (3819 bytes)
Hash
d89197c2498d20f28c03a4d5f867ca34
db41b7bb4fb5ec648f2409fb87bb8273e90fa9c2
a715aeec459858fd7312503f7687bcd503999c3ee6640622bd2f3da6d2e39ed4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/fd07db4.js HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=8dEecJq6UUJMjO1X; __ddg10_=1747015991; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=WG4W5ViD0udxCgxN; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg10_=1747015992; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
date: Mon, 12 May 2025 02:13:12 GMT
content-type: application/javascript; charset=UTF-8
accept-ranges: bytes
cache-control: public, max-age=31536000
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"eeb-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/css/0597836.css

190.115.31.140

200 OK

1.9 kB

URL GET
up6mgf0x.top/_nuxt/css/0597836.css
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
ASCII text, with very long lines (1946), with no line terminators
Size
1.9 kB (1946 bytes)
Hash
70238795ed1b6e9c67c22f0f387dabba
c3edd2c766d9bab3e7a0247f5d95aee02618e5a6
39adaaa91d116ec75524218ab95dadc4bd2b4283ae15ff34ebb0ae80729ed07a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/css/0597836.css HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=oFsA5i9MvkBXu5OP; __ddg10_=1747015994; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D; _ga_2RYNYNJ3M3=GS2.1.s1747015993$o1$g0$t1747015993$j0$l0$h0; _ga=GA1.1.100196038.1747015994
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=h0MM5ZL29Rlq8G2Z; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg10_=1747015994; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
date: Mon, 12 May 2025 02:13:15 GMT
content-type: text/css; charset=UTF-8
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"79a-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
pragma: public
cache-control: public, max-age=31536000, public
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/13befe1.js

190.115.31.140

200 OK

3.0 kB

URL GET
up6mgf0x.top/_nuxt/13befe1.js
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (3031), with no line terminators
Size
3.0 kB (3035 bytes)
Hash
23c9741b264cdebb4872c236e68a98a3
b16faee2d3b3cbbe4fe5c0859096222cc1a26945
e72a4d3456d606eee0bad114bf5e421ccce6cce924190aa500fb070a1f4205dc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/13befe1.js HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=RgPw9CygafkvqFnY; __ddg10_=1747015994; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D; _ga_2RYNYNJ3M3=GS2.1.s1747015993$o1$g0$t1747015993$j0$l0$h0; _ga=GA1.1.100196038.1747015994
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=q5euszrS5mpkB0L8; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg10_=1747015994; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
date: Mon, 12 May 2025 02:13:14 GMT
content-type: application/javascript; charset=UTF-8
accept-ranges: bytes
cache-control: public, max-age=31536000
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"bdb-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/d40f0ea.js

190.115.31.140

200 OK

7.0 kB

URL GET
up6mgf0x.top/_nuxt/d40f0ea.js
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (7025), with no line terminators
Size
7.0 kB (7029 bytes)
Hash
6e331538c40865fa59082ede9dfd6995
ca815f5d3d92bad8374c2bf89de50e792c4a91f9
b0a6c29aa1b5d6270fa47c5ab60d03cf3f208808221221e3916bf1bbf54710bc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/d40f0ea.js HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=aDjQLC98yAud5UyP; __ddg10_=1747015994; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D; _ga_2RYNYNJ3M3=GS2.1.s1747015993$o1$g0$t1747015993$j0$l0$h0; _ga=GA1.1.100196038.1747015994
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=B0sPDnyuEMFQFsck; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg10_=1747015994; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
date: Mon, 12 May 2025 02:13:14 GMT
content-type: application/javascript; charset=UTF-8
accept-ranges: bytes
cache-control: public, max-age=31536000
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"1b75-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

up6mgf0x.top/fp2.min.js

190.115.31.140

200 OK

35 kB

URL GET
up6mgf0x.top/fp2.min.js
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JavaScript source, ASCII text, with very long lines (34698)
Size
35 kB (34877 bytes)
Hash
02087a3f4f46b15bc198570d800bff41
e59f5e3521d8c60e5772de1f65c90e5b87d9eb9e
e753042decd90a96d0636a7df16df556860af92ca09ac37f0f6ab1d574acd1f1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /fp2.min.js HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=sVDcgVxyNRjv06JM; __ddg10_=1747015987; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=zjW1sXYDStsnheoy; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
__ddg10_=1747015990; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
date: Mon, 12 May 2025 02:13:10 GMT
content-type: application/javascript; charset=UTF-8
accept-ranges: bytes
cache-control: public, max-age=0
last-modified: Wed, 07 May 2025 14:56:58 GMT
etag: W/"883d-196ab3ff690"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

up6mgf0x.top/img/games/plinko/_logo.svg

190.115.31.140

200 OK

7.3 kB

URL GET
up6mgf0x.top/img/games/plinko/_logo.svg
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
SVG Scalable Vector Graphics image
Size
7.3 kB (7341 bytes)
Hash
848d14971c55728c89bc5f747b8a3fc5
0250aca7076f77fed92e1a6931b228470c19123d
9516beefb4fe061fd26909c0ac3845645035ed2f5609fb875c4d96ec09fa6967

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/games/plinko/_logo.svg HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=sVDcgVxyNRjv06JM; __ddg10_=1747015987; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=5hHODj8Rd3ksqeP7; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
__ddg10_=1747015990; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
date: Mon, 12 May 2025 02:13:10 GMT
content-type: image/svg+xml
last-modified: Wed, 07 May 2025 14:56:58 GMT
etag: W/"1cad-196ab3ff690"
vary: Accept-Encoding
content-encoding: gzip
pragma: public
cache-control: public, max-age=0, public
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-2RYNYNJ3M3&cx=c&gtm=45He5571v9101860698za200&tag_exp=101509156~103101750~103101752~103116026~103200004~103233424~103251618~103251620~103284320~103284322~103301114~103301116

142.250.178.40

200 OK

326 kB

URL GET
www.googletagmanager.com/gtag/js?id=G-2RYNYNJ3M3&cx=c&gtm=45He5571v9101860698za200&tag_exp=101509156~103101750~103101752~103116026~103200004~103233424~103251618~103251620~103284320~103284322~103301114~103301116
IP
142.250.178.40:443
ASN
#15169 GOOGLE

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint02:7D:56:C0:B9:20:0C:27:A4:AC:B9:8F:9D:45:1D:85:2A:30:50:AD
ValidityMon, 21 Apr 2025 08:40:41 GMT - Mon, 14 Jul 2025 08:40:40 GMT

File type
JavaScript source, ASCII text, with very long lines (5432)
Size
326 kB (325599 bytes)
Hash
c683037f90e5865bd1d86d368fcdb0fe
8bb3ee1eba23ebe38cf42955bfbb5c8addf9c791
35cfce40585a713e4766852b10d87612ee11a94297518d8027ee88f6e1027279

HTTP Headers

GET /gtag/js?id=G-2RYNYNJ3M3&cx=c&gtm=45He5571v9101860698za200&tag_exp=101509156~103101750~103101752~103116026~103200004~103233424~103251618~103251620~103284320~103284322~103301114~103301116 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 12 May 2025 02:13:13 GMT
expires: Mon, 12 May 2025 02:13:13 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1075:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1075:0
report-to: {"group":"ascgcycc:1075:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1075:0"}],}
server: Google Tag Manager
content-length: 114516
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

up6mgf0x.top/_nuxt/54c02b2.js

190.115.31.140

200 OK

7.1 kB

URL GET
up6mgf0x.top/_nuxt/54c02b2.js
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (7046), with no line terminators
Size
7.1 kB (7050 bytes)
Hash
73b16e0c325f345d2b07a269d5ba0a70
7e7f9bd9f1c9b6630f3394db12ef78420b16ddd5
ef069d9934de3e10630f2022dfc631611da637b0ec666a8984ce22f0e58fac78

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/54c02b2.js HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=jePYtWxBJgkctAfX; __ddg10_=1747015993; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D; _ga_2RYNYNJ3M3=GS2.1.s1747015993$o1$g0$t1747015993$j0$l0$h0; _ga=GA1.1.100196038.1747015994
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=EQ1iBYM2g6JIexAQ; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg10_=1747015994; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
date: Mon, 12 May 2025 02:13:14 GMT
content-type: application/javascript; charset=UTF-8
accept-ranges: bytes
cache-control: public, max-age=31536000
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"1b8a-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/css/59d8150.css

190.115.31.140

200 OK

27 kB

URL GET
up6mgf0x.top/_nuxt/css/59d8150.css
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
ASCII text, with very long lines (27127), with no line terminators
Size
27 kB (27127 bytes)
Hash
ac4280df4d697c81732ca3c93d7c0713
60d1e70e9f54fe19408130da393c4c74d07ce6bd
0f1d69589ddc77b4db15a0017e6f5109ebbeba759db26abfd36273c7e6f6d63a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/css/59d8150.css HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=31bzEFpsqfb14dLr; __ddg10_=1747015994; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D; _ga_2RYNYNJ3M3=GS2.1.s1747015993$o1$g0$t1747015993$j0$l0$h0; _ga=GA1.1.100196038.1747015994
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=bemapIpxRzDOwRef; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg10_=1747015994; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
date: Mon, 12 May 2025 02:13:14 GMT
content-type: text/css; charset=UTF-8
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"69f7-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
pragma: public
cache-control: public, max-age=31536000, public
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/css/ff0da73.css

190.115.31.140

200 OK

12 kB

URL GET
up6mgf0x.top/_nuxt/css/ff0da73.css
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
ASCII text, with very long lines (12496), with no line terminators
Size
12 kB (12496 bytes)
Hash
50e8d2085d50e6a40cd63f04536af454
880048c6d606b0ec885f10abb9dc9e4524b7ca21
ee2214a55cd42b07d00d0ee9b18bc6ac8d60b46ce80dc9c0e0986b1b245be435

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/css/ff0da73.css HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=RgPw9CygafkvqFnY; __ddg10_=1747015994; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D; _ga_2RYNYNJ3M3=GS2.1.s1747015993$o1$g0$t1747015993$j0$l0$h0; _ga=GA1.1.100196038.1747015994
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=Li9lrBqBxaIjdaro; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg10_=1747015994; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
date: Mon, 12 May 2025 02:13:14 GMT
content-type: text/css; charset=UTF-8
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"30d0-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
pragma: public
cache-control: public, max-age=31536000, public
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/f6cb6b0.js

190.115.31.140

200 OK

23 kB

URL GET
up6mgf0x.top/_nuxt/f6cb6b0.js
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JavaScript source, ASCII text, with very long lines (23290), with no line terminators
Size
23 kB (23290 bytes)
Hash
19208a24916d74b5bce8f7317eb2cefb
397d522abe5f96ca4e39102f9487438a160515b5
3098033536f4dc3a459c560b43b1d2d24d31d69144df7fe217fdff3bbdebfe9c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/f6cb6b0.js HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=RgPw9CygafkvqFnY; __ddg10_=1747015994; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D; _ga_2RYNYNJ3M3=GS2.1.s1747015993$o1$g0$t1747015993$j0$l0$h0; _ga=GA1.1.100196038.1747015994
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=zWzLNLUD4yYlqqQo; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg10_=1747015994; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
date: Mon, 12 May 2025 02:13:14 GMT
content-type: application/javascript; charset=UTF-8
accept-ranges: bytes
cache-control: public, max-age=31536000
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"5afa-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

up6mgf0x.top/img/icons/unique/gold-coins.svg

190.115.31.140

200 OK

17 kB

URL GET
up6mgf0x.top/img/icons/unique/gold-coins.svg
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
SVG Scalable Vector Graphics image
Size
17 kB (16691 bytes)
Hash
4cc6d9fb729de8319fc8a96484321590
971f89496eebcf2ad0ea9b8ca43566156f69ba3e
8a8de7afa4758c54eab86c8666b71da8431d36eb31e3857ccfe699ff261e9481

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/icons/unique/gold-coins.svg HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=sVDcgVxyNRjv06JM; __ddg10_=1747015987; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=RBS5xBBK7Shptksy; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
__ddg10_=1747015990; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
date: Mon, 12 May 2025 02:13:10 GMT
content-type: image/svg+xml
last-modified: Wed, 07 May 2025 14:56:58 GMT
etag: W/"4133-196ab3ff690"
vary: Accept-Encoding
content-encoding: gzip
pragma: public
cache-control: public, max-age=0, public
X-Firefox-Spdy: h2

up6mgf0x.top/img/app-google-play/google-play.svg

190.115.31.140

200 OK

1.5 kB

URL GET
up6mgf0x.top/img/app-google-play/google-play.svg
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
SVG Scalable Vector Graphics image
Size
1.5 kB (1498 bytes)
Hash
8aa894a4cf8c99c3ed89845280c7efa3
bc5eb1dbf19724645a4be0af222b5420a24c850b
8f23ada8618abe67940492962aa7df3170d0e05af5e7b5f720be584f3043ee9c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/app-google-play/google-play.svg HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=ZkBsgQ1SfbrJcQCo; __ddg10_=1747015992; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=u0kcZik2YvjIhf2R; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:13 GMT
__ddg10_=1747015993; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:13 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:13 GMT
date: Mon, 12 May 2025 02:13:13 GMT
content-type: image/svg+xml
last-modified: Wed, 07 May 2025 14:56:58 GMT
etag: W/"5da-196ab3ff690"
vary: Accept-Encoding
content-encoding: gzip
pragma: public
cache-control: public, max-age=0, public
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/8115e87.js

190.115.31.140

200 OK

19 kB

URL GET
up6mgf0x.top/_nuxt/8115e87.js
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (19373), with no line terminators
Size
19 kB (19401 bytes)
Hash
c7ba8c13db4b40050134d33ae77d0be8
b133f0a03efd1d42bdcda553a65c5592c7178233
db8995db9c6d95b21495dd722823674c79b2faad681a40d098d01ae48f8a2ee9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/8115e87.js HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=jePYtWxBJgkctAfX; __ddg10_=1747015993; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D; _ga_2RYNYNJ3M3=GS2.1.s1747015993$o1$g0$t1747015993$j0$l0$h0; _ga=GA1.1.100196038.1747015994
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=9pe48fGrESHXO7Jo; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg10_=1747015994; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
date: Mon, 12 May 2025 02:13:14 GMT
content-type: application/javascript; charset=UTF-8
accept-ranges: bytes
cache-control: public, max-age=31536000
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"4bc9-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

up6mgf0x.top/storage/news/cKjlMJMPnFanPZniX22GtWBL5ZVGvuNSzYnrmroq.png

190.115.31.140

200 OK

550 kB

URL GET
up6mgf0x.top/storage/news/cKjlMJMPnFanPZniX22GtWBL5ZVGvuNSzYnrmroq.png
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
PNG image data, 1241 x 261, 8-bit/color RGBA, non-interlaced
Size
550 kB (550493 bytes)
Hash
145f83e575000d19a9cc22b4f86f50bc
69b23e57a646941e4e88afd0472df12e7a78a170
0216ad2bb8fe181ea21e5f34b16d1b69b0f259d3f0c2e61383d5d0da1ac7c936

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /storage/news/cKjlMJMPnFanPZniX22GtWBL5ZVGvuNSzYnrmroq.png HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=w4t1zYROQq6s88Bj; __ddg10_=1747015991; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=QGzl774Tvdn0OZRo; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:11 GMT
__ddg10_=1747015991; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:11 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:11 GMT
date: Mon, 12 May 2025 02:13:11 GMT
content-type: image/png
content-length: 550493
last-modified: Tue, 26 Nov 2024 08:58:43 GMT
etag: "67458dc3-8665d"
accept-ranges: bytes
X-Firefox-Spdy: h2

up6mgf0x.top/storage/news/AjBpHgksjThGqW9CsIc10QGuXPawmTuvQpock01S.png

190.115.31.140

200 OK

538 kB

URL GET
up6mgf0x.top/storage/news/AjBpHgksjThGqW9CsIc10QGuXPawmTuvQpock01S.png
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
PNG image data, 1241 x 261, 8-bit/color RGBA, non-interlaced
Size
538 kB (538350 bytes)
Hash
3bc82142c65260007d73bacb2ba98fdb
25cf7e0957c4e8d9e9b722995d4c23a70f29edf8
b5d64393ad567b8d1767fd30ca9b6dfcbf225d511f04b736fde02cfaa581d952

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /storage/news/AjBpHgksjThGqW9CsIc10QGuXPawmTuvQpock01S.png HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=w4t1zYROQq6s88Bj; __ddg10_=1747015991; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=sSxMx6HPknAfevma; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:11 GMT
__ddg10_=1747015991; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:11 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:11 GMT
date: Mon, 12 May 2025 02:13:11 GMT
content-type: image/png
content-length: 538350
last-modified: Wed, 13 Nov 2024 09:59:36 GMT
etag: "67347888-836ee"
accept-ranges: bytes
X-Firefox-Spdy: h2

up6mgf0x.top/img/games/coinflip/_logo.svg

190.115.31.140

200 OK

4.9 kB

URL GET
up6mgf0x.top/img/games/coinflip/_logo.svg
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
SVG Scalable Vector Graphics image
Size
4.9 kB (4942 bytes)
Hash
a337544d1bcfc6d578bbe81425682c39
9eca78b13f1355d6853420bba1705aba9e3ffec8
8b356864fc22e0b5d562fcddee7d44609457630d50838ad01005f6371426f731

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/games/coinflip/_logo.svg HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=sVDcgVxyNRjv06JM; __ddg10_=1747015987; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=WK5NawjxAcljAbGE; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
__ddg10_=1747015990; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
date: Mon, 12 May 2025 02:13:10 GMT
content-type: image/svg+xml
last-modified: Wed, 07 May 2025 14:56:58 GMT
etag: W/"134e-196ab3ff690"
vary: Accept-Encoding
content-encoding: gzip
pragma: public
cache-control: public, max-age=0, public
X-Firefox-Spdy: h2

upxsupport.webim.ru/l/v/poll?action=poll

91.142.90.130

200 OK

2 B

URL POST
upxsupport.webim.ru/l/v/poll?action=poll
IP
91.142.90.130:443
ASN
#41722 Miran Ltd.

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerGlobalSign nv-sa
Subject*.webim.ru
FingerprintC9:8F:2B:90:8F:AA:A2:41:5B:E2:A2:52:7D:CB:E8:06:B8:A0:74:B2
ValidityTue, 21 Jan 2025 21:48:29 GMT - Sun, 22 Feb 2026 21:48:28 GMT

File type
JSON text data
Size
2 B (2 bytes)
Hash
99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

HTTP Headers

POST /l/v/poll?action=poll HTTP/1.1
Host: upxsupport.webim.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://up6mgf0x.top/
Content-Type: text/plain;charset=UTF-8
Content-Length: 217
Origin: https://up6mgf0x.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 May 2025 02:13:25 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 2
Connection: keep-alive
X-Webim-Version: 10.7.101
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN

up6mgf0x.top/_nuxt/143ddd8.js

190.115.31.140

200 OK

21 kB

URL GET
up6mgf0x.top/_nuxt/143ddd8.js
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JavaScript source, ASCII text, with very long lines (20841), with no line terminators
Size
21 kB (20841 bytes)
Hash
e034ef1c600b30ad2e3ca8ebdd56514b
d45962612947f414d4b2ac3f5b16b73cfde5de6d
143e4e29b0206680244400cf3f89355d0a238e68a0163c1525a492e2825440bb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/143ddd8.js HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=RgPw9CygafkvqFnY; __ddg10_=1747015994; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D; _ga_2RYNYNJ3M3=GS2.1.s1747015993$o1$g0$t1747015993$j0$l0$h0; _ga=GA1.1.100196038.1747015994
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=gMDs4TYVIoDxvGKq; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg10_=1747015994; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
date: Mon, 12 May 2025 02:13:14 GMT
content-type: application/javascript; charset=UTF-8
accept-ranges: bytes
cache-control: public, max-age=31536000
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"5169-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/css/c2bbedf.css

190.115.31.140

200 OK

18 kB

URL GET
up6mgf0x.top/_nuxt/css/c2bbedf.css
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
ASCII text, with very long lines (17748), with no line terminators
Size
18 kB (17748 bytes)
Hash
b52dab4b39a09298d99e0a370e732682
255a33910fc648dca59aabd0c41c0c22691e19be
1633fefac8262e745c1f7a454955b906f65ab0c28feac8c02ab520ec1c239996

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/css/c2bbedf.css HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=sVDcgVxyNRjv06JM; __ddg10_=1747015987; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=FHKCVC1cYW5h1kT5; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
__ddg10_=1747015990; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
date: Mon, 12 May 2025 02:13:10 GMT
content-type: text/css; charset=UTF-8
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"4554-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
pragma: public
cache-control: public, max-age=31536000, public
X-Firefox-Spdy: h2

up6mgf0x.top/analytics/events?event_name=slider_banner_view&pgi=GTM-5PCLDCJ

190.115.31.140

204 No Content

0 B

URL POST
up6mgf0x.top/analytics/events?event_name=slider_banner_view&pgi=GTM-5PCLDCJ
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /analytics/events?event_name=slider_banner_view&pgi=GTM-5PCLDCJ HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 898
Origin: https://up6mgf0x.top
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=ru163qaGq3MJe44y; __ddg10_=1747015995; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D; _ga_2RYNYNJ3M3=GS2.1.s1747015993$o1$g0$t1747015999$j0$l0$h0; _ga=GA1.1.100196038.1747015994
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/2 204 No Content
server: ddos-guard
set-cookie: __ddg8_=xlXlNtmgxrEUmPIw; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:19 GMT
__ddg10_=1747015999; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:19 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:19 GMT
date: Mon, 12 May 2025 02:13:19 GMT
X-Firefox-Spdy: h2

up6mgf0x.top/analytics/events?event_name=slider_banner_view&pgi=GTM-5PCLDCJ

190.115.31.140

204 No Content

0 B

URL POST
up6mgf0x.top/analytics/events?event_name=slider_banner_view&pgi=GTM-5PCLDCJ
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /analytics/events?event_name=slider_banner_view&pgi=GTM-5PCLDCJ HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 888
Origin: https://up6mgf0x.top
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=Zk9rKQtHzZ6iPmMW; __ddg10_=1747016009; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D; _ga_2RYNYNJ3M3=GS2.1.s1747015993$o1$g0$t1747016012$j0$l0$h0; _ga=GA1.1.100196038.1747015994
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/2 204 No Content
server: ddos-guard
set-cookie: __ddg8_=ioL0dFp3D1yANErX; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:32 GMT
__ddg10_=1747016012; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:32 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:32 GMT
date: Mon, 12 May 2025 02:13:32 GMT
X-Firefox-Spdy: h2

jj.su/tn8oxn?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https:/bing.com/&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http:/upx-l.tech/t338d6cf7&v2=1

172.67.141.171

302 Found

191 kB

URL User Request GET
jj.su/tn8oxn?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https:/bing.com/&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http:/upx-l.tech/t338d6cf7&v2=1
IP
172.67.141.171:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectjj.su
FingerprintEF:E6:2D:E5:85:EE:B2:3D:48:11:1C:9C:33:28:2C:4A:DF:6E:3B:E8
ValiditySat, 19 Apr 2025 23:13:29 GMT - Sat, 19 Jul 2025 00:10:02 GMT

File type

Size
191 kB (191237 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /tn8oxn?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https:/bing.com/&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http:/upx-l.tech/t338d6cf7&v2=1 HTTP/1.1
Host: jj.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Mon, 12 May 2025 02:13:07 GMT
content-type: text/html; charset=UTF-8
location: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
x-powered-by: PHP/7.4.33
cache-control: no-cache, private
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=9nENOQxL8Vysjz7u4a%2Bo4D8LYZ9M1gVIoduzLE2aMk3gUpO6jE90LnNNpsMcSuZy%2FFsBKtcdvJvTUbEmSwFKqyqe65Cosf4gRgHUhbc4T3clQ2%2BuS9i6gg%3D%3D"}]}
set-cookie: XSRF-TOKEN=eyJpdiI6ImtrZFBXSmpjY1dBS29ZRTdMb3JXakE9PSIsInZhbHVlIjoiaUNXdFF0ZHBqMHVrd3NoTENwdFd6bFR5TTNselFzWFBpSlZJTnpPUi9WenZqNURlZ0F1WU5rUEZNbWY5OHE2VmRzRFRxdnQ3ZWc3K2VSM0ozTzdiNElBYjgxYzhtSVpMekpQVDVJdk9UQm5VUW9kajhsVjdyV0VRMkVtemN6dFkiLCJtYWMiOiI2M2FlZGVlYjkxYzIyMDNjYTRiNWFlM2E4MTkzNTg5OTAxNWM1NGQ5NTRkMTc1ZWU3NmE5ODQwYzE0ZmJjMDgyIiwidGFnIjoiIn0%3D; SameSite=Lax; Path=/; Max-Age=7200; Expires=Mon, 12 May 2025 04:13:07 GMT
laravel_session=eyJpdiI6Ik90ZzNsa0tXM2JNdkNLajg0OXo4YkE9PSIsInZhbHVlIjoiNDFNeVNqa0J3b3FVbXo1VnhDbVIzSjF0VGYvY3A1dW9MQlhuN20xcVozQWt1bjVvVHJaQ3lqMlV0RS9uK2pmTnppZnBrRzB3U3BHZDZ5SnVza1RVUGxReitsZFZ0bDlPM0ZtYy95bi9tYlZuSWRVY1pqRU5yRE51amlRa1FaTE0iLCJtYWMiOiI1MTQwMDczNzY3OGIwMjZiMDRkOWZiOTZiMDM4MGZlNGNlZTc5ZDcxMWNhZmUzOTY3Y2I2YWM4NTAzMThiY2E3IiwidGFnIjoiIn0%3D; HttpOnly; SameSite=Lax; Path=/; Max-Age=7200; Expires=Mon, 12 May 2025 04:13:07 GMT
cf-ray: 93e6651e4de656b5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/fonts/HalvarBreit-XBd.8357c9a.woff2

190.115.31.140

200 OK

49 kB

URL GET
up6mgf0x.top/_nuxt/fonts/HalvarBreit-XBd.8357c9a.woff2
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48716, version 1.0
Size
49 kB (48716 bytes)
Hash
0cc424bb03fe662042b724f16d6e5b11
6f0de9965734f545926674e6cacf46dc729d29a1
7c02fae2b3bec2803ece2500131526447278d6f87b10d74fb13aae609bd9647d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/fonts/HalvarBreit-XBd.8357c9a.woff2 HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/_nuxt/css/a2310af.css
Cookie: __ddg8_=uMh3sKxEtZEnBLpu; __ddg10_=1747015993; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=jpMx7Rq9Vov1YzLB; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:13 GMT
__ddg10_=1747015993; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:13 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:13 GMT
date: Mon, 12 May 2025 02:13:13 GMT
content-type: font/woff2
content-length: 48716
accept-ranges: bytes
cache-control: public, max-age=31536000
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"be4c-196ab431758"
X-Firefox-Spdy: h2

up6mgf0x.top/img/bonus-posters/en/bonus-poster_front.png

190.115.31.140

200 OK

34 kB

URL GET
up6mgf0x.top/img/bonus-posters/en/bonus-poster_front.png
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
PNG image data, 350 x 260, 8-bit colormap, non-interlaced
Size
34 kB (34252 bytes)
Hash
1aca45a5082bd9f83c1563099a24b8e8
b9f507a41425535a01ea7577a605f5f57ae5fbf5
037552dfd1d690b4fde50df87f7563143c308a5383f4ae22bb55e85b77f51542

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/bonus-posters/en/bonus-poster_front.png HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=w4t1zYROQq6s88Bj; __ddg10_=1747015991; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=XcjRVJPghJx3vuyb; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:11 GMT
__ddg10_=1747015991; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:11 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:11 GMT
date: Mon, 12 May 2025 02:13:12 GMT
content-type: image/png
content-length: 34252
last-modified: Wed, 07 May 2025 14:56:58 GMT
etag: W/"85cc-196ab3ff690"
pragma: public
cache-control: public, max-age=0, public
accept-ranges: bytes
X-Firefox-Spdy: h2

upxsupport.webim.ru/l/v/init?action=init

91.142.90.130

200 OK

1.1 kB

URL POST
upxsupport.webim.ru/l/v/init?action=init
IP
91.142.90.130:443
ASN
#41722 Miran Ltd.

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerGlobalSign nv-sa
Subject*.webim.ru
FingerprintC9:8F:2B:90:8F:AA:A2:41:5B:E2:A2:52:7D:CB:E8:06:B8:A0:74:B2
ValidityTue, 21 Jan 2025 21:48:29 GMT - Sun, 22 Feb 2026 21:48:28 GMT

File type
JSON text data
Size
1.1 kB (1059 bytes)
Hash
e75e5a4cf32f541b1ce38e27720ac7b2
163b636a2d3bbe9858c44059801c33c178765341
4a01b539c24c4d91f676023eacec5dea514c8c0be66e0a5c120b9f2532b58015

HTTP Headers

POST /l/v/init?action=init HTTP/1.1
Host: upxsupport.webim.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://up6mgf0x.top/
Content-Type: text/plain;charset=UTF-8
Content-Length: 395
Origin: https://up6mgf0x.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 May 2025 02:13:14 GMT
Content-Type: application/json; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Webim-Version: 10.7.101
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip

up6mgf0x.top/_nuxt/a0f24bb.js

190.115.31.140

200 OK

8.2 kB

URL GET
up6mgf0x.top/_nuxt/a0f24bb.js
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (8196), with no line terminators
Size
8.2 kB (8230 bytes)
Hash
11012b596562429fa7c2b1d62f007023
815847c9adb7f8a0d8cd5261cba1d364fa5db1d2
b936915bc5e8c01de9d9a8bb467f12d6e3bb2b538035aab90d5981acac66f349

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/a0f24bb.js HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=jePYtWxBJgkctAfX; __ddg10_=1747015993; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D; _ga_2RYNYNJ3M3=GS2.1.s1747015993$o1$g0$t1747015993$j0$l0$h0; _ga=GA1.1.100196038.1747015994
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=64X2JQMW4P4wpgPA; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg10_=1747015994; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
date: Mon, 12 May 2025 02:13:14 GMT
content-type: application/javascript; charset=UTF-8
accept-ranges: bytes
cache-control: public, max-age=31536000
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"2026-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/47aa64c.js

190.115.31.140

200 OK

24 kB

URL GET
up6mgf0x.top/_nuxt/47aa64c.js
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (23662), with no line terminators
Size
24 kB (23687 bytes)
Hash
0631ca03bb192b7e77e7fc0ac01d62dd
06ec9f62c9fcd35a2fe37dcf22b9054824286ee9
7734c2d9d9ba9dd2d7eab552c727ef1e98bda2d61a4a8417cc699d795345506b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/47aa64c.js HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=oVIyoDYazdxncpiA; __ddg10_=1747015991; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=97a7Oectnc0d4IuW; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg10_=1747015992; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
date: Mon, 12 May 2025 02:13:12 GMT
content-type: application/javascript; charset=UTF-8
accept-ranges: bytes
cache-control: public, max-age=31536000
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"5c87-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/a95ee3f.js

190.115.31.140

200 OK

17 kB

URL GET
up6mgf0x.top/_nuxt/a95ee3f.js
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (12508), with NEL line terminators
Size
17 kB (17082 bytes)
Hash
e9531d02a8eb5f1f12d32ea2332e001a
15a87a7560eea633b8ca1be51d3d77cb96a48969
8dc4b77e319d2eda970675f0f9f224c5c9aba9e6724f691f5779d00f883746bc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/a95ee3f.js HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=sVDcgVxyNRjv06JM; __ddg10_=1747015987; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=OfUTGlT3OeatkwfV; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
__ddg10_=1747015990; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
date: Mon, 12 May 2025 02:13:10 GMT
content-type: application/javascript; charset=UTF-8
accept-ranges: bytes
cache-control: public, max-age=31536000
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"42ba-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

up6mgf0x.top/img/old_logo.svg

190.115.31.140

200 OK

1.9 kB

URL GET
up6mgf0x.top/img/old_logo.svg
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
SVG Scalable Vector Graphics image
Size
1.9 kB (1861 bytes)
Hash
bc3e21a1645697ac61b1ef945afc74e5
aa59c64af5c49f017e2a717ff0fceb9cf7aea4cc
1dd062775258185dd967c3d3c1dd1609408e909812256287192df48452f9f4a3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/old_logo.svg HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=sVDcgVxyNRjv06JM; __ddg10_=1747015987; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=WH3DG3Rz2Xv2MKgA; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
__ddg10_=1747015990; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
date: Mon, 12 May 2025 02:13:10 GMT
content-type: image/svg+xml
last-modified: Wed, 07 May 2025 14:56:58 GMT
etag: W/"745-196ab3ff690"
vary: Accept-Encoding
content-encoding: gzip
pragma: public
cache-control: public, max-age=0, public
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/css/87622b1.css

190.115.31.140

200 OK

2.4 kB

URL GET
up6mgf0x.top/_nuxt/css/87622b1.css
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
ASCII text, with very long lines (2409), with no line terminators
Size
2.4 kB (2409 bytes)
Hash
4de0f74f67eb429847ec05540e977665
e80eb6f7c6d7b69df1a83f0ace323360ca184bf1
50c6d77cb7c1d8bf310959b79e532144cdc85b39ae680098c45888f1097b0f81

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/css/87622b1.css HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=8dEecJq6UUJMjO1X; __ddg10_=1747015991; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=SUhTmsuMmjAdjioq; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg10_=1747015992; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
date: Mon, 12 May 2025 02:13:12 GMT
content-type: text/css; charset=UTF-8
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"969-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
pragma: public
cache-control: public, max-age=31536000, public
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/98638aa.js

190.115.31.140

200 OK

22 kB

URL GET
up6mgf0x.top/_nuxt/98638aa.js
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JavaScript source, ASCII text, with very long lines (21785), with no line terminators
Size
22 kB (21785 bytes)
Hash
aaf44adf443a965d593b81ca9e55bcf7
45b9d4e5b1f62d16ee0e1f4e0905d4ed5a792d27
113562f6d686614ff66bf46aec8230971505bf1758874cd92449c75201bcab61

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/98638aa.js HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=RgPw9CygafkvqFnY; __ddg10_=1747015994; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D; _ga_2RYNYNJ3M3=GS2.1.s1747015993$o1$g0$t1747015993$j0$l0$h0; _ga=GA1.1.100196038.1747015994
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=jPkKDSYZ0xVyldDm; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg10_=1747015994; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
date: Mon, 12 May 2025 02:13:14 GMT
content-type: application/javascript; charset=UTF-8
accept-ranges: bytes
cache-control: public, max-age=31536000
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"5519-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/img/rank-9.5aa1867.svg

190.115.31.140

200 OK

4.3 kB

URL GET
up6mgf0x.top/_nuxt/img/rank-9.5aa1867.svg
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
SVG Scalable Vector Graphics image
Size
4.3 kB (4251 bytes)
Hash
de6cf62f71f85fcd7e78ddd96e39dd5b
48ac4ec0dc8de6e84a5dbfaed9298fea5cb973b8
a22464f13aef2384e425383bf2e8efda8ddc0ba143e85f0b8fca3860104aad5f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/img/rank-9.5aa1867.svg HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=HlwEauJPtGiEzowa; __ddg10_=1747016002; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D; _ga_2RYNYNJ3M3=GS2.1.s1747015993$o1$g0$t1747016002$j0$l0$h0; _ga=GA1.1.100196038.1747015994
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=17EU0eI0aJRDvIsr; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:24 GMT
__ddg10_=1747016004; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:24 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:24 GMT
date: Mon, 12 May 2025 02:13:24 GMT
content-type: image/svg+xml
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"109b-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
pragma: public
cache-control: public, max-age=31536000, public
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/img/rank-3.5e4cb36.svg

190.115.31.140

200 OK

3.4 kB

URL GET
up6mgf0x.top/_nuxt/img/rank-3.5e4cb36.svg
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
SVG Scalable Vector Graphics image
Size
3.4 kB (3425 bytes)
Hash
6b355e7b44555eb7749edb7139c80da0
304931d2a9748957e2578dc23d796db441e02ada
0b923dc9ad780e5dfd95518a63d1cf2139908f771e1c2f520fb88ea202acd092

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/img/rank-3.5e4cb36.svg HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=ioL0dFp3D1yANErX; __ddg10_=1747016012; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D; _ga_2RYNYNJ3M3=GS2.1.s1747015993$o1$g0$t1747016012$j0$l0$h0; _ga=GA1.1.100196038.1747015994
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=oUnBOc3MXwAxRJwK; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:34 GMT
__ddg10_=1747016014; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:34 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:34 GMT
date: Mon, 12 May 2025 02:13:34 GMT
content-type: image/svg+xml
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"d61-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
pragma: public
cache-control: public, max-age=31536000, public
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/d8c665e.js

190.115.31.140

200 OK

21 kB

URL GET
up6mgf0x.top/_nuxt/d8c665e.js
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (20799), with no line terminators
Size
21 kB (20803 bytes)
Hash
cd749fa969071bf4aa99e8d117c4a261
49709df370377be4a89bbebd44bfba8aa11880db
19be74cc82dedfe27403c36fac1925cf5915bce8adde1ea01d8d6de2ded729c3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/d8c665e.js HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=sVDcgVxyNRjv06JM; __ddg10_=1747015987; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=sJGru9mKNpNeNZHm; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
__ddg10_=1747015990; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
date: Mon, 12 May 2025 02:13:10 GMT
content-type: application/javascript; charset=UTF-8
accept-ranges: bytes
cache-control: public, max-age=31536000
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"5143-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

up6mgf0x.top/img/index-page-upx-games/dice.jpg

190.115.31.140

200 OK

26 kB

URL GET
up6mgf0x.top/img/index-page-upx-games/dice.jpg
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 242x187, components 3
Size
26 kB (25996 bytes)
Hash
9f8985d45c25f838e4660a4671c32fe0
a53b119bc93f199b3051dec772f3f2bb4e54156c
9db5658aa23759b1ed40dcbafc667b50fec6ea5bdf4659eef1dc6fcf12279e69

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/index-page-upx-games/dice.jpg HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=cSVLGXFbZEKPHfab; __ddg10_=1747015991; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=i7AMsrD1o0fGuriX; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg10_=1747015992; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
date: Mon, 12 May 2025 02:13:12 GMT
content-type: image/jpeg
content-length: 25996
last-modified: Wed, 07 May 2025 14:56:58 GMT
etag: W/"658c-196ab3ff690"
pragma: public
cache-control: public, max-age=0, public
accept-ranges: bytes
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/370fcd3.js

190.115.31.140

200 OK

3.6 kB

URL GET
up6mgf0x.top/_nuxt/370fcd3.js
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JavaScript source, ASCII text, with very long lines (3613), with no line terminators
Size
3.6 kB (3613 bytes)
Hash
975a58c02e9bc6956171b127e11bca10
a275db1f7499ba4c01bedaf1dbc975e84535817b
5a2c65dd90791399ba24a459d34ffa846e0bceb41d6c9b0b894d8add392e6942

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/370fcd3.js HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=oVIyoDYazdxncpiA; __ddg10_=1747015991; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=kgJ1ekBalj3weGi2; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg10_=1747015992; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
date: Mon, 12 May 2025 02:13:12 GMT
content-type: application/javascript; charset=UTF-8
accept-ranges: bytes
cache-control: public, max-age=31536000
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"e1d-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/fonts/HalvarBreit-Bd.ed601a7.woff2

190.115.31.140

200 OK

49 kB

URL GET
up6mgf0x.top/_nuxt/fonts/HalvarBreit-Bd.ed601a7.woff2
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
Web Open Font Format (Version 2), TrueType, length 49208, version 1.0
Size
49 kB (49208 bytes)
Hash
08f6fd0494179a8ef3dc5b476be97639
047c6b9cac94d735e78a8b7cc64d33225231bb69
6be6c89afb04e311accf761660db64ac9dc669f0610825402ad3558b48e960f9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/fonts/HalvarBreit-Bd.ed601a7.woff2 HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/_nuxt/css/a2310af.css
Cookie: __ddg8_=oVIyoDYazdxncpiA; __ddg10_=1747015991; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=bX4xHAImFLtgZhrv; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg10_=1747015992; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
date: Mon, 12 May 2025 02:13:12 GMT
content-type: font/woff2
content-length: 49208
accept-ranges: bytes
cache-control: public, max-age=31536000
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"c038-196ab431758"
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/img/tele2.85edd48.svg

190.115.31.140

200 OK

1.6 kB

URL GET
up6mgf0x.top/_nuxt/img/tele2.85edd48.svg
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
SVG Scalable Vector Graphics image
Size
1.6 kB (1608 bytes)
Hash
989d1897336745cb81384513de13b3b6
87c6135641041b5561c38ad75fa3d668083cd594
0b68157a8db0a9965d9327247e97d81067344e729e0eacb8b88a39c2d02ba443

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/img/tele2.85edd48.svg HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=bX4xHAImFLtgZhrv; __ddg10_=1747015992; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=6R7ouY5ZA4yGPuiU; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg10_=1747015992; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
date: Mon, 12 May 2025 02:13:12 GMT
content-type: image/svg+xml
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"648-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
pragma: public
cache-control: public, max-age=31536000, public
X-Firefox-Spdy: h2

up6mgf0x.top/img/games/lottery/_logo.svg

190.115.31.140

200 OK

21 kB

URL GET
up6mgf0x.top/img/games/lottery/_logo.svg
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
SVG Scalable Vector Graphics image
Size
21 kB (20600 bytes)
Hash
904d02d83e1902cfff39435e8e542d0c
0c8a9ab6b28d53d5071edde9626b8414eb209546
47aa8fd2b94d2cd61987d38039a0e035c8a4e12e0762aae539132e195e7158d9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/games/lottery/_logo.svg HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=sVDcgVxyNRjv06JM; __ddg10_=1747015987; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=Yv96oqu7M0490ndV; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
__ddg10_=1747015990; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
date: Mon, 12 May 2025 02:13:10 GMT
content-type: image/svg+xml
last-modified: Wed, 07 May 2025 14:56:58 GMT
etag: W/"5078-196ab3ff690"
vary: Accept-Encoding
content-encoding: gzip
pragma: public
cache-control: public, max-age=0, public
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/css/20cc42b.css

190.115.31.140

200 OK

4.9 kB

URL GET
up6mgf0x.top/_nuxt/css/20cc42b.css
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
ASCII text, with very long lines (4852), with no line terminators
Size
4.9 kB (4852 bytes)
Hash
8372a4f4bd6e312dfc9f0c3a9e402562
e4f06140aff6701f5721fd1b3e2283932d0ac542
5ea0b614955aa85c0c0331509e52705510e9057521d5ba010bd27e473e1f76ef

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/css/20cc42b.css HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=jePYtWxBJgkctAfX; __ddg10_=1747015993; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D; _ga_2RYNYNJ3M3=GS2.1.s1747015993$o1$g0$t1747015993$j0$l0$h0; _ga=GA1.1.100196038.1747015994
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=RgPw9CygafkvqFnY; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg10_=1747015994; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
date: Mon, 12 May 2025 02:13:14 GMT
content-type: text/css; charset=UTF-8
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"12f4-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
pragma: public
cache-control: public, max-age=31536000, public
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/f744981.js

190.115.31.140

200 OK

3.1 kB

URL GET
up6mgf0x.top/_nuxt/f744981.js
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (3049), with no line terminators
Size
3.1 kB (3053 bytes)
Hash
76b05aa050dfa3da7049cd5954970a82
2a66371c3b7eca2353d0fdfc51d968348fa067ff
68479ff8f8237c955c8c880d252a8636400bf38edf422892cf01ce762ef4a59e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/f744981.js HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=xifg0HU5CoYJsGbi; __ddg10_=1747015994; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D; _ga_2RYNYNJ3M3=GS2.1.s1747015993$o1$g0$t1747015993$j0$l0$h0; _ga=GA1.1.100196038.1747015994
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=R7b5qfJ8ErJzj6T9; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg10_=1747015994; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
date: Mon, 12 May 2025 02:13:14 GMT
content-type: application/javascript; charset=UTF-8
accept-ranges: bytes
cache-control: public, max-age=31536000
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"bed-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/a2ead05.js

190.115.31.140

200 OK

26 kB

URL GET
up6mgf0x.top/_nuxt/a2ead05.js
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (16035), with NEL line terminators
Size
26 kB (25765 bytes)
Hash
6de91e7acbed9fda9811e2b8bf6913b6
89c96e4e6fd4f5eff5a47a41d7bf313202405348
4ef4ca7e478748d75e54e0fae77ce99af9840eaa0420afc3bc74da3bc3788253

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/a2ead05.js HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=QGzl774Tvdn0OZRo; __ddg10_=1747015991; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=qmaa7EfZ2sZHiQ6h; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg10_=1747015992; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
date: Mon, 12 May 2025 02:13:12 GMT
content-type: application/javascript; charset=UTF-8
accept-ranges: bytes
cache-control: public, max-age=31536000
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"64a5-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

up6mgf0x.top/img/banners/welcomeBonus/rectangle-purple.svg

190.115.31.140

200 OK

195 B

URL GET
up6mgf0x.top/img/banners/welcomeBonus/rectangle-purple.svg
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
SVG Scalable Vector Graphics image
Size
195 B (195 bytes)
Hash
0fddb0d911e4ea94a8c157f286b29d11
0fb13aa46fda0598f9df579844c45360a22d0e95
0c789d703924b51f21d53d991510ef6782240133919248c08ae349493d451100

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/banners/welcomeBonus/rectangle-purple.svg HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/_nuxt/css/a719822.css
Cookie: __ddg8_=RkD5D3jVe97fJhb1; __ddg10_=1747015993; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=jePYtWxBJgkctAfX; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:13 GMT
__ddg10_=1747015993; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:13 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:13 GMT
date: Mon, 12 May 2025 02:13:13 GMT
content-type: image/svg+xml
last-modified: Wed, 07 May 2025 14:56:58 GMT
etag: W/"c3-196ab3ff690"
vary: Accept-Encoding
content-encoding: gzip
pragma: public
cache-control: public, max-age=0, public
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/css/72bdffd.css

190.115.31.140

200 OK

16 kB

URL GET
up6mgf0x.top/_nuxt/css/72bdffd.css
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
ASCII text, with very long lines (15629), with no line terminators
Size
16 kB (15629 bytes)
Hash
2af9faee088265a6302454948b6ad2cc
1558736c76f58a90ed419e32215570c426e481b7
d4d06f8e59022ecfd4552efe2912084bfeeb87fa47d21a90fd84482f5cca1394

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/css/72bdffd.css HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=aDjQLC98yAud5UyP; __ddg10_=1747015994; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D; _ga_2RYNYNJ3M3=GS2.1.s1747015993$o1$g0$t1747015993$j0$l0$h0; _ga=GA1.1.100196038.1747015994
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=XDO9A7ll4cmOD6E3; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg10_=1747015994; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
date: Mon, 12 May 2025 02:13:14 GMT
content-type: text/css; charset=UTF-8
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"3d0d-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
pragma: public
cache-control: public, max-age=31536000, public
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/css/b432828.css

190.115.31.140

200 OK

18 kB

URL GET
up6mgf0x.top/_nuxt/css/b432828.css
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
ASCII text, with very long lines (17951), with no line terminators
Size
18 kB (17951 bytes)
Hash
fd7d6577d7c479427de5f1b35c6d2ac5
ee6a4d8a479b99f0a4ac13ffc290ccc2f3b0c05c
ef1dd0604f7c09dceacadcc220ce01d25147cc93bf26fb70e4c50e299a1dd53b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/css/b432828.css HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=aDjQLC98yAud5UyP; __ddg10_=1747015994; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D; _ga_2RYNYNJ3M3=GS2.1.s1747015993$o1$g0$t1747015993$j0$l0$h0; _ga=GA1.1.100196038.1747015994
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=QI1v5fjHn1z2cMj5; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg10_=1747015994; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
date: Mon, 12 May 2025 02:13:14 GMT
content-type: text/css; charset=UTF-8
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"461f-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
pragma: public
cache-control: public, max-age=31536000, public
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/css/13c45d6.css

190.115.31.140

200 OK

8.2 kB

URL GET
up6mgf0x.top/_nuxt/css/13c45d6.css
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
ASCII text, with very long lines (8205), with no line terminators
Size
8.2 kB (8205 bytes)
Hash
ceceef8cf19ae667beb9240103df902b
c744d425bca641ce2da68ebe4675dfeaf8efaa30
3171649bfac2db9376c96a70cb18ed457794ecae19d29ba840a2b255d7e0e6b4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/css/13c45d6.css HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=sVDcgVxyNRjv06JM; __ddg10_=1747015987; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=E02kDlSD6EO9xVIK; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
__ddg10_=1747015990; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
date: Mon, 12 May 2025 02:13:10 GMT
content-type: text/css; charset=UTF-8
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"200d-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
pragma: public
cache-control: public, max-age=31536000, public
X-Firefox-Spdy: h2

up6mgf0x.top/img/games/skycard/_logo.svg

190.115.31.140

200 OK

12 kB

URL GET
up6mgf0x.top/img/games/skycard/_logo.svg
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
SVG Scalable Vector Graphics image
Size
12 kB (12411 bytes)
Hash
930ac20766c7201e46b108a05fda0c60
0ebf2bf52882cd4a40854d34a22781ad187191ad
7127dbc43e0835bf6a5db4dfe786848ea1fa8b6a27610bcf1bc4303b6a92d547

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/games/skycard/_logo.svg HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=sVDcgVxyNRjv06JM; __ddg10_=1747015987; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=jtKhDh4McEmMnZLD; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
__ddg10_=1747015990; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
date: Mon, 12 May 2025 02:13:10 GMT
content-type: image/svg+xml
last-modified: Wed, 07 May 2025 14:56:58 GMT
etag: W/"307b-196ab3ff690"
vary: Accept-Encoding
content-encoding: gzip
pragma: public
cache-control: public, max-age=0, public
X-Firefox-Spdy: h2

up6mgf0x.top/img/index-page-upx-games/keno.jpg

190.115.31.140

200 OK

24 kB

URL GET
up6mgf0x.top/img/index-page-upx-games/keno.jpg
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5, orientation=upper-left, xresolution=74, yresolution=82, resolutionunit=2], progressive, precision 8, 242x188, components 3
Size
24 kB (23792 bytes)
Hash
df938d24a313a095a5a176368bb56858
3e6dbce153854a53a90cb8595f05b06b076cf9b6
684a3c14eb35811ff210c469c5e5a5deae4313750c45358db3f06165ce1507c1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/index-page-upx-games/keno.jpg HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=cSVLGXFbZEKPHfab; __ddg10_=1747015991; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=T3eT00Pi6HuDPuFZ; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg10_=1747015992; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
date: Mon, 12 May 2025 02:13:12 GMT
content-type: image/jpeg
content-length: 23792
last-modified: Wed, 07 May 2025 14:56:58 GMT
etag: W/"5cf0-196ab3ff690"
pragma: public
cache-control: public, max-age=0, public
accept-ranges: bytes
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/img/litecoin-hover.f1630b7.svg

190.115.31.140

200 OK

1.9 kB

URL GET
up6mgf0x.top/_nuxt/img/litecoin-hover.f1630b7.svg
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
SVG Scalable Vector Graphics image
Size
1.9 kB (1892 bytes)
Hash
8990fa4ab74df2b6ff42d40861553b95
68dd47f3c0b3c6dd93beb2bec90ba5c7277ed757
1f17a0fdf9519417245561e34159a59472674581fe4548abbf74188439fe1233

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/img/litecoin-hover.f1630b7.svg HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=ZkBsgQ1SfbrJcQCo; __ddg10_=1747015992; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=6dXzW6PL6LcNuM2M; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg10_=1747015992; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
date: Mon, 12 May 2025 02:13:12 GMT
content-type: image/svg+xml
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"764-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
pragma: public
cache-control: public, max-age=31536000, public
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/css/26fd257.css

190.115.31.140

200 OK

20 kB

URL GET
up6mgf0x.top/_nuxt/css/26fd257.css
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
ASCII text, with very long lines (20199), with no line terminators
Size
20 kB (20199 bytes)
Hash
1f0d158e803667d94a4c453ec379603a
6c035cbff75d84da837c62b86e75062070b50644
8b0cb4a8de16bd89b599f6b9faf91ed452fc452ef05985c41f6853a12c296115

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/css/26fd257.css HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=sVDcgVxyNRjv06JM; __ddg10_=1747015987; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=sD4fd6TBVGLh7wZ2; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
__ddg10_=1747015990; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
date: Mon, 12 May 2025 02:13:10 GMT
content-type: text/css; charset=UTF-8
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"4ee7-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
pragma: public
cache-control: public, max-age=31536000, public
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/0e82d38.js

190.115.31.140

200 OK

28 kB

URL GET
up6mgf0x.top/_nuxt/0e82d38.js
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JavaScript source, ASCII text, with very long lines (28362), with no line terminators
Size
28 kB (28362 bytes)
Hash
459b193a4e05a6fb824f564c90d4710b
86f920994ad175711447a0e77b2a13792a632d05
afd8d51c078e13b9aabc2b2e1935e277f98a20a642330a3e25841229869d1774

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/0e82d38.js HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=jePYtWxBJgkctAfX; __ddg10_=1747015993; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D; _ga_2RYNYNJ3M3=GS2.1.s1747015993$o1$g0$t1747015993$j0$l0$h0; _ga=GA1.1.100196038.1747015994
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=ufMnNqLLeV0Z29bc; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg10_=1747015994; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
date: Mon, 12 May 2025 02:13:14 GMT
content-type: application/javascript; charset=UTF-8
accept-ranges: bytes
cache-control: public, max-age=31536000
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"6eca-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/css/39132e0.css

190.115.31.140

200 OK

18 kB

URL GET
up6mgf0x.top/_nuxt/css/39132e0.css
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
ASCII text, with very long lines (17803), with no line terminators
Size
18 kB (17803 bytes)
Hash
ced283e9dabab51b1820a79011fe1075
950afa6d674c32d8284272cedd1a0233f4b7d5bf
1d6b00d9ff7ef18f46c34fdc34d26bc1324370068cda9e2771ee8f295180d40e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/css/39132e0.css HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=RgPw9CygafkvqFnY; __ddg10_=1747015994; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D; _ga_2RYNYNJ3M3=GS2.1.s1747015993$o1$g0$t1747015993$j0$l0$h0; _ga=GA1.1.100196038.1747015994
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=DWc5Cl6uHbUBsUxQ; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg10_=1747015994; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
date: Mon, 12 May 2025 02:13:14 GMT
content-type: text/css; charset=UTF-8
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"458b-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
pragma: public
cache-control: public, max-age=31536000, public
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/img/perfectMoney.5b9ae33.svg

190.115.31.140

200 OK

5.8 kB

URL GET
up6mgf0x.top/_nuxt/img/perfectMoney.5b9ae33.svg
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
SVG Scalable Vector Graphics image
Size
5.8 kB (5840 bytes)
Hash
7b929193adeeed10febc9ea3415bf6b9
7f956c12637ca2144681bb0e072a855174d599d7
ed9b67b9d5c422d720fb198aa50dd49409d0d4d002b9090d249b03a58dd14904

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/img/perfectMoney.5b9ae33.svg HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=ZkBsgQ1SfbrJcQCo; __ddg10_=1747015992; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=GWQVi7nRyPrxBYAV; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg10_=1747015992; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
date: Mon, 12 May 2025 02:13:13 GMT
content-type: image/svg+xml
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"16d0-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
pragma: public
cache-control: public, max-age=31536000, public
X-Firefox-Spdy: h2

up6mgf0x.top/sounds/click.mp3

190.115.31.140

200 OK

6.7 kB

URL GET
up6mgf0x.top/sounds/click.mp3
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
Audio file with ID3 version 2.4.0, contains: MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, Stereo
Size
6.7 kB (6731 bytes)
Hash
b497ee5b7f24d5540859a2fe9a2f94a8
402f32b8a0c59a6655cee008020948c8b0dc3878
627e28dd820dbe208a2d764c086b4eca2c54330b9741073bec9da852aa592962

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sounds/click.mp3 HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=nObRNOpmXgD76awL; __ddg10_=1747015990; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=9Womii2YxwFB1EKU; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:11 GMT
__ddg10_=1747015991; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:11 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:11 GMT
date: Mon, 12 May 2025 02:13:11 GMT
content-type: audio/mpeg
content-length: 6731
last-modified: Wed, 07 May 2025 14:56:58 GMT
etag: W/"1a4b-196ab3ff690"
pragma: public
cache-control: public, max-age=0, public
accept-ranges: bytes
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/css/c2ef0f6.css

190.115.31.140

200 OK

21 kB

URL GET
up6mgf0x.top/_nuxt/css/c2ef0f6.css
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
ASCII text, with very long lines (20882), with no line terminators
Size
21 kB (20882 bytes)
Hash
c98a00687438c948755c2943fed6af45
66af8696c2c3b28df19db1a74fe754a9888b5996
fb14a1db6bf886ed634df69134c804bcfc89c724d6a9f292673846fd5d6f5086

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/css/c2ef0f6.css HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=aDjQLC98yAud5UyP; __ddg10_=1747015994; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D; _ga_2RYNYNJ3M3=GS2.1.s1747015993$o1$g0$t1747015993$j0$l0$h0; _ga=GA1.1.100196038.1747015994
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=NxiElX0wPW0FZa6D; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg10_=1747015994; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
date: Mon, 12 May 2025 02:13:14 GMT
content-type: text/css; charset=UTF-8
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"5192-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
pragma: public
cache-control: public, max-age=31536000, public
X-Firefox-Spdy: h2

up6mgf0x.top/img/chat/chat-icon.svg

190.115.31.140

200 OK

1.6 kB

URL GET
up6mgf0x.top/img/chat/chat-icon.svg
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
SVG Scalable Vector Graphics image
Size
1.6 kB (1614 bytes)
Hash
761feb119da36caa3feec7db464f9b51
e52a905997041813a489a0f4a6d634f6587a632e
3924d714474a4be7b05fa14dadf5647b8fbc0327b65f1eefa9b8118d84ddbdff

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/chat/chat-icon.svg HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=sVDcgVxyNRjv06JM; __ddg10_=1747015987; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=1brOJoVlzy9YTrCI; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
__ddg10_=1747015990; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
date: Mon, 12 May 2025 02:13:10 GMT
content-type: image/svg+xml
last-modified: Wed, 07 May 2025 14:56:58 GMT
etag: W/"64e-196ab3ff690"
vary: Accept-Encoding
content-encoding: gzip
pragma: public
cache-control: public, max-age=0, public
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/6750ef1.js

190.115.31.140

200 OK

6.4 kB

URL GET
up6mgf0x.top/_nuxt/6750ef1.js
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JavaScript source, ASCII text, with very long lines (6411), with no line terminators
Size
6.4 kB (6411 bytes)
Hash
c11014dc6d600e587786c1cbdd5def77
13934d7aaeff943c8949a2f64ea128ffc5dafd49
b606d6b00983b9f3295a7cbcec16a9c641b3b59c9415b422529846b59851b312

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/6750ef1.js HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=oVIyoDYazdxncpiA; __ddg10_=1747015991; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=Cj3MgT4hrAsOH5S5; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg10_=1747015992; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
date: Mon, 12 May 2025 02:13:12 GMT
content-type: application/javascript; charset=UTF-8
accept-ranges: bytes
cache-control: public, max-age=31536000
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"190b-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

up6mgf0x.top/img/favicon/android-icon-192x192.png

190.115.31.140

200 OK

5.4 kB

URL GET
up6mgf0x.top/img/favicon/android-icon-192x192.png
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced
Size
5.4 kB (5401 bytes)
Hash
e888326bb5b061f369333ce242ed3eb4
aad63ba0a600b1e860d49efa91ab4b72cd8e0eab
0c5a5ff71d7b60e02855b7f8fe84490c97a2d8a5af4d7347c35dafc2280324ac

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/favicon/android-icon-192x192.png HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=jpMx7Rq9Vov1YzLB; __ddg10_=1747015993; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=rVwcaWxXQpSNO6xV; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:13 GMT
__ddg10_=1747015993; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:13 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:13 GMT
date: Mon, 12 May 2025 02:13:13 GMT
content-type: image/png
content-length: 5401
last-modified: Wed, 07 May 2025 14:56:58 GMT
etag: W/"1519-196ab3ff690"
pragma: public
cache-control: public, max-age=0, public
accept-ranges: bytes
X-Firefox-Spdy: h2

up6mgf0x.top/api/middleware/activity

190.115.31.140

200 OK

15 B

URL POST
up6mgf0x.top/api/middleware/activity
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JSON text data
Size
15 B (15 bytes)
Hash
28ec1eee5f4049e3c4f2135069c1d2c8
3505519507ca1c2a089c46e100b80408ca278421
edc48cd3b0bc4fa7ba23aad40b8508a17d370ca38be174bae2a2f64634e65a2b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /api/middleware/activity HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json, text/plain, */*
Accept-Language: en
Accept-Encoding: gzip, deflate, br
upx-cc-a: upxcc-sDt0emXODjyAX3W8
upx-cc-secret: upx-cc-sDt0emXODjyAX3W8
Content-Type: application/json
Content-Length: 302
Origin: https://up6mgf0x.top
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=1TasEWdc2bZQeKnB; __ddg10_=1747015991; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=Q7jqcCpeVa1YexUl; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg10_=1747015992; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
date: Mon, 12 May 2025 02:13:12 GMT
content-type: application/json
vary: Accept-Encoding
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
content-encoding: gzip
X-Firefox-Spdy: h2

up6mgf0x.top/img/banners/welcomeBonus/planet-3.png

190.115.31.140

200 OK

3.2 kB

URL GET
up6mgf0x.top/img/banners/welcomeBonus/planet-3.png
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
PNG image data, 32 x 59, 8-bit/color RGBA, non-interlaced
Size
3.2 kB (3151 bytes)
Hash
c633e5504a7d76093d7959736efb74b3
d10401e44d5bd2f3aa246993d6e661b61c32802f
472a11c7d50be165a1f1436c151bddb3a0c546f0974c3c5b7a48f32cc6277a10

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/banners/welcomeBonus/planet-3.png HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=49QqKtW4kikngH7i; __ddg10_=1747015993; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=l6aL45HqukYNJe1r; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:13 GMT
__ddg10_=1747015993; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:13 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:13 GMT
date: Mon, 12 May 2025 02:13:13 GMT
content-type: image/png
content-length: 3151
last-modified: Wed, 07 May 2025 14:56:58 GMT
etag: W/"c4f-196ab3ff690"
pragma: public
cache-control: public, max-age=0, public
accept-ranges: bytes
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/fonts/FSElliotPro.2aeaa9d.woff2

190.115.31.140

200 OK

65 kB

URL GET
up6mgf0x.top/_nuxt/fonts/FSElliotPro.2aeaa9d.woff2
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
Web Open Font Format (Version 2), TrueType, length 65156, version 1.0
Size
65 kB (65156 bytes)
Hash
8e451ac7fa290aef2579bb2f3f83488b
50a7213a29b6a6ffb303a17edf60416aba397655
8fd0b9b38cfa2772757c3291e494105f50c26d909a9accfbfdc4cea1d93e845b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/fonts/FSElliotPro.2aeaa9d.woff2 HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/_nuxt/css/a2310af.css
Cookie: __ddg8_=cYd1wP1sUsdYvRLz; __ddg10_=1747015990; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=e4tUViNzjGaw2eHz; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
__ddg10_=1747015990; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
date: Mon, 12 May 2025 02:13:10 GMT
content-type: font/woff2
content-length: 65156
accept-ranges: bytes
cache-control: public, max-age=31536000
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"fe84-196ab431758"
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/fonts/HalvarBreit-Md.ac0c54a.woff2

190.115.31.140

200 OK

49 kB

URL GET
up6mgf0x.top/_nuxt/fonts/HalvarBreit-Md.ac0c54a.woff2
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48840, version 1.0
Size
49 kB (48840 bytes)
Hash
a9e446003e7fd3b4fc6e0c997a0d809f
1ea9b9b2b71a5bdddf3675f67ae5716659f3725c
1a71b7393717a6ff0150fd4df15f7d5b8f75c6262b74b6269a7edfe350fe3c04

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/fonts/HalvarBreit-Md.ac0c54a.woff2 HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/_nuxt/css/a2310af.css
Cookie: __ddg8_=cYd1wP1sUsdYvRLz; __ddg10_=1747015990; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=nObRNOpmXgD76awL; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
__ddg10_=1747015990; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
date: Mon, 12 May 2025 02:13:10 GMT
content-type: font/woff2
content-length: 48840
accept-ranges: bytes
cache-control: public, max-age=31536000
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"bec8-196ab431758"
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/img/new.c2f1ad4.svg

190.115.31.140

200 OK

67 kB

URL GET
up6mgf0x.top/_nuxt/img/new.c2f1ad4.svg
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
SVG Scalable Vector Graphics image
Size
67 kB (67278 bytes)
Hash
84543ad5299ecfb8ccd669c0f904bc8f
5c675b4de18bb365f1b6dac8b895e8e87e97f79b
1589aed82d743a6cd0d11c3863c309b1470c56828d37d95a3ab7abf3144d3ac4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/img/new.c2f1ad4.svg HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/_nuxt/css/13c45d6.css
Cookie: __ddg8_=oVIyoDYazdxncpiA; __ddg10_=1747015991; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=LwBCZxBBZXsl40sG; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg10_=1747015992; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
date: Mon, 12 May 2025 02:13:12 GMT
content-type: image/svg+xml
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"106ce-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
pragma: public
cache-control: public, max-age=31536000, public
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/55ec790.js

190.115.31.140

200 OK

3.0 kB

URL GET
up6mgf0x.top/_nuxt/55ec790.js
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (3040), with no line terminators
Size
3.0 kB (3044 bytes)
Hash
fd2ff5a2d6acaee27d2de9acd9aadc86
cbf59527c6eeef4e522d3ad4d83ba164be28e8e4
556962082c2c6cff76844c6398c78a1fec369125802068db76c011e112977a4c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/55ec790.js HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=jePYtWxBJgkctAfX; __ddg10_=1747015993; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D; _ga_2RYNYNJ3M3=GS2.1.s1747015993$o1$g0$t1747015993$j0$l0$h0; _ga=GA1.1.100196038.1747015994
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=paC3ynSRX89FCf96; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg10_=1747015994; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
date: Mon, 12 May 2025 02:13:14 GMT
content-type: application/javascript; charset=UTF-8
accept-ranges: bytes
cache-control: public, max-age=31536000
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"be4-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

up6mgf0x.top/analytics/events?event_name=slider_banner_view&pgi=GTM-5PCLDCJ

190.115.31.140

204 No Content

0 B

URL POST
up6mgf0x.top/analytics/events?event_name=slider_banner_view&pgi=GTM-5PCLDCJ
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /analytics/events?event_name=slider_banner_view&pgi=GTM-5PCLDCJ HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 888
Origin: https://up6mgf0x.top
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=xlXlNtmgxrEUmPIw; __ddg10_=1747015999; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D; _ga_2RYNYNJ3M3=GS2.1.s1747015993$o1$g0$t1747016002$j0$l0$h0; _ga=GA1.1.100196038.1747015994
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/2 204 No Content
server: ddos-guard
set-cookie: __ddg8_=HlwEauJPtGiEzowa; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:22 GMT
__ddg10_=1747016002; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:22 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:22 GMT
date: Mon, 12 May 2025 02:13:22 GMT
X-Firefox-Spdy: h2

up6mgf0x.top/img/games/sport/_logo.svg

190.115.31.140

200 OK

1.2 kB

URL GET
up6mgf0x.top/img/games/sport/_logo.svg
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
SVG Scalable Vector Graphics image
Size
1.2 kB (1245 bytes)
Hash
903bc4d17a183a266d571cf1517c753f
fc9a787120b3d5c4f17343ccbf43674556e5fcb8
aa6c9c5f101af0d1e87b4f217ffa531547209b8b6eb0b84d2ac2324fa1e27c14

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/games/sport/_logo.svg HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=sVDcgVxyNRjv06JM; __ddg10_=1747015987; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=gFeBKkoKYXIBvjXr; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
__ddg10_=1747015990; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
date: Mon, 12 May 2025 02:13:10 GMT
content-type: image/svg+xml
last-modified: Wed, 07 May 2025 14:56:58 GMT
etag: W/"4dd-196ab3ff690"
vary: Accept-Encoding
content-encoding: gzip
pragma: public
cache-control: public, max-age=0, public
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/8f78b03.js

190.115.31.140

200 OK

1.6 kB

URL GET
up6mgf0x.top/_nuxt/8f78b03.js
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JavaScript source, ASCII text, with very long lines (1587), with no line terminators
Size
1.6 kB (1587 bytes)
Hash
f808d20ee34de0a91e9d1886e26237df
a4b7e6f57698b0054a4e90585f3683ebba38badd
b01cd984c0791c48750634387958149ff24494891072e28885bb1f189ba8b7dd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/8f78b03.js HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=w4t1zYROQq6s88Bj; __ddg10_=1747015991; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=zmJySXsWBcFkrp3R; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg10_=1747015992; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
date: Mon, 12 May 2025 02:13:12 GMT
content-type: application/javascript; charset=UTF-8
accept-ranges: bytes
cache-control: public, max-age=31536000
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"633-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/css/c5a7701.css

190.115.31.140

200 OK

21 kB

URL GET
up6mgf0x.top/_nuxt/css/c5a7701.css
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
ASCII text, with very long lines (20874), with no line terminators
Size
21 kB (20874 bytes)
Hash
2681ef3453f3d3b63ce4bf4dedfb8ade
5139f824a42e1c3db2b53d8fa2e7b7d5fb9b51e8
4383eec6877711bb83af44afcd2f0e9ba7ab196d8a223b4a0ce20e6bba928b7a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/css/c5a7701.css HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=jePYtWxBJgkctAfX; __ddg10_=1747015993; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D; _ga_2RYNYNJ3M3=GS2.1.s1747015993$o1$g0$t1747015993$j0$l0$h0; _ga=GA1.1.100196038.1747015994
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=603Cc2be8UbhehB1; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg10_=1747015994; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
date: Mon, 12 May 2025 02:13:14 GMT
content-type: text/css; charset=UTF-8
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"518a-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
pragma: public
cache-control: public, max-age=31536000, public
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/8f6c630.js

190.115.31.140

200 OK

30 kB

URL GET
up6mgf0x.top/_nuxt/8f6c630.js
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JavaScript source, ASCII text, with very long lines (29875), with no line terminators
Size
30 kB (29875 bytes)
Hash
e6bad764cb5c2227ed1a9d9ab3ce39b4
b9d0f22cad927e98fcd55f1838278f4e296b6f84
220f5385356668949cf2004771223e327181f13fdf9cfb5f51550cc1372bb041

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/8f6c630.js HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=RgPw9CygafkvqFnY; __ddg10_=1747015994; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D; _ga_2RYNYNJ3M3=GS2.1.s1747015993$o1$g0$t1747015993$j0$l0$h0; _ga=GA1.1.100196038.1747015994
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=MoL4IgellOaEdo1B; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg10_=1747015994; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
date: Mon, 12 May 2025 02:13:14 GMT
content-type: application/javascript; charset=UTF-8
accept-ranges: bytes
cache-control: public, max-age=31536000
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"74b3-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

up6mgf0x.top/img/games/miner/_logo.svg

190.115.31.140

200 OK

42 kB

URL GET
up6mgf0x.top/img/games/miner/_logo.svg
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
SVG Scalable Vector Graphics image
Size
42 kB (41521 bytes)
Hash
c8d3e4ebe1ce9a2af9aa3ed2f08f976c
e9ba462021e349a6610e47f96ffc4743bf13e670
653066d103f63338919a6aa5fb9f850d004737a8a9c4cf6f62aeaf56eae113c6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/games/miner/_logo.svg HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=sVDcgVxyNRjv06JM; __ddg10_=1747015987; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=K6FgqvU5rPx8QbIR; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
__ddg10_=1747015990; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
date: Mon, 12 May 2025 02:13:10 GMT
content-type: image/svg+xml
last-modified: Wed, 07 May 2025 14:56:58 GMT
etag: W/"a231-196ab3ff690"
vary: Accept-Encoding
content-encoding: gzip
pragma: public
cache-control: public, max-age=0, public
X-Firefox-Spdy: h2

up6mgf0x.top/img/games/cases/_logo.svg

190.115.31.140

200 OK

3.5 kB

URL GET
up6mgf0x.top/img/games/cases/_logo.svg
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
SVG Scalable Vector Graphics image
Size
3.5 kB (3458 bytes)
Hash
00c2f80f453f4a7c99c8fd8ac4d46f1d
79270ba66303e23e3ddcb3130fad995e21419b99
f2c2a79e753a5aef639e34bd417c7ccb523314c76de351e54c05ab9e5a539844

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/games/cases/_logo.svg HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=sVDcgVxyNRjv06JM; __ddg10_=1747015987; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=4A1xwle5OCNbOQzh; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
__ddg10_=1747015990; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
date: Mon, 12 May 2025 02:13:10 GMT
content-type: image/svg+xml
last-modified: Wed, 07 May 2025 14:56:58 GMT
etag: W/"d82-196ab3ff690"
vary: Accept-Encoding
content-encoding: gzip
pragma: public
cache-control: public, max-age=0, public
X-Firefox-Spdy: h2

up6mgf0x.top/img/games/other/_logo.svg

190.115.31.140

200 OK

3.3 kB

URL GET
up6mgf0x.top/img/games/other/_logo.svg
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
SVG Scalable Vector Graphics image
Size
3.3 kB (3301 bytes)
Hash
2b1222ba9afbc976678936dcaf57c646
03b697d99841937653cd30bcadee11bcf5395c99
cb3276926a9afe2e8f8880d03a1772c15f56f584a7b034b26ccf601b4e18cc39

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/games/other/_logo.svg HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=sVDcgVxyNRjv06JM; __ddg10_=1747015987; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=d7AuVvunNNHBfFBC; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
__ddg10_=1747015990; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
date: Mon, 12 May 2025 02:13:10 GMT
content-type: image/svg+xml
last-modified: Wed, 07 May 2025 14:56:58 GMT
etag: W/"ce5-196ab3ff690"
vary: Accept-Encoding
content-encoding: gzip
pragma: public
cache-control: public, max-age=0, public
X-Firefox-Spdy: h2

www.googletagmanager.com/gtm.js?id=GTM-5PCLDCJ

142.250.178.40

200 OK

315 kB

URL GET
www.googletagmanager.com/gtm.js?id=GTM-5PCLDCJ
IP
142.250.178.40:443
ASN
#15169 GOOGLE

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint02:7D:56:C0:B9:20:0C:27:A4:AC:B9:8F:9D:45:1D:85:2A:30:50:AD
ValidityMon, 21 Apr 2025 08:40:41 GMT - Mon, 14 Jul 2025 08:40:40 GMT

File type
JavaScript source, ASCII text, with very long lines (19190)
Size
315 kB (315259 bytes)
Hash
7833bf2d3e1ea5ea34fa2d46517375b1
80f077451ecf0f603ec54087492db4fae81590ef
e68e726457c2023c1071b2329e7e40bf306330c56980634a1ff783e3406f6ab6

HTTP Headers

GET /gtm.js?id=GTM-5PCLDCJ HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 12 May 2025 02:13:11 GMT
expires: Mon, 12 May 2025 02:13:11 GMT
cache-control: private, max-age=900
last-modified: Mon, 12 May 2025 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1317:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1317:0
report-to: {"group":"ascgcycc:1317:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1317:0"}],}
server: Google Tag Manager
content-length: 101181
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/img/uMoney-hover.6b9b3f4.svg

190.115.31.140

200 OK

4.1 kB

URL GET
up6mgf0x.top/_nuxt/img/uMoney-hover.6b9b3f4.svg
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
SVG Scalable Vector Graphics image
Size
4.1 kB (4092 bytes)
Hash
d2693d04273cf03d88453a2bd81047f9
22e3aa21cdbd55a91ea865970c13989deba77560
a2ab39a917211b30ab5f7636b7f05de2144b3e58adc16042aa3dc8b8cbd6ed26

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/img/uMoney-hover.6b9b3f4.svg HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=bX4xHAImFLtgZhrv; __ddg10_=1747015992; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=EDcmbJpz1T0hQZd3; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg10_=1747015992; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
date: Mon, 12 May 2025 02:13:12 GMT
content-type: image/svg+xml
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"ffc-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
pragma: public
cache-control: public, max-age=31536000, public
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/858b799.js

190.115.31.140

200 OK

20 kB

URL GET
up6mgf0x.top/_nuxt/858b799.js
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JavaScript source, ASCII text, with very long lines (19901), with no line terminators
Size
20 kB (19901 bytes)
Hash
ec52c21a01c70ffdf7d6fba2a54eb183
bf8439b69fef91345a3f19e9de05c8aa0bc6d4d5
7c5044e39c245cba1c6aee50c14d0dedfc68e48fc5d14454a9d4946ef3e6007d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/858b799.js HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=sVDcgVxyNRjv06JM; __ddg10_=1747015987; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=ngTP4aIVAd1cebwe; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
__ddg10_=1747015990; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
date: Mon, 12 May 2025 02:13:10 GMT
content-type: application/javascript; charset=UTF-8
accept-ranges: bytes
cache-control: public, max-age=31536000
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"4dbd-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

up6mgf0x.top/storage/news/1o5fzB5rCjEQZGaZmgWanNt1x2SmhUo8IbsLhMF6.png

190.115.31.140

200 OK

560 kB

URL GET
up6mgf0x.top/storage/news/1o5fzB5rCjEQZGaZmgWanNt1x2SmhUo8IbsLhMF6.png
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
PNG image data, 1241 x 261, 8-bit/color RGBA, non-interlaced
Size
560 kB (560068 bytes)
Hash
3dfdd5e4b9a5ce086dc0ab0116aeda2e
16cb824ad1e087603585039b2bc3392ffa498968
91032f1b7b691a10ff1718e73e8eb96999b6c4433f7beb5aa352fb160752dd6e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /storage/news/1o5fzB5rCjEQZGaZmgWanNt1x2SmhUo8IbsLhMF6.png HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=w4t1zYROQq6s88Bj; __ddg10_=1747015991; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=hVDBLZHw0VXSDI0n; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:11 GMT
__ddg10_=1747015991; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:11 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:11 GMT
date: Mon, 12 May 2025 02:13:11 GMT
content-type: image/png
content-length: 560068
last-modified: Wed, 13 Nov 2024 10:11:14 GMT
etag: "67347b42-88bc4"
accept-ranges: bytes
X-Firefox-Spdy: h2

up6mgf0x.top/img/index-page-upx-games/plinko.jpg

190.115.31.140

200 OK

32 kB

URL GET
up6mgf0x.top/img/index-page-upx-games/plinko.jpg
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 242x187, components 3
Size
32 kB (31989 bytes)
Hash
451c4661722eb84ae9ca81c265eea616
9e115e51d6a4b48237dc88c830d15adbaeced530
8db13f5a0a33e634f42fe9e718af066e0461914c09f4041e9327ed49a7a89fa5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/index-page-upx-games/plinko.jpg HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=QGzl774Tvdn0OZRo; __ddg10_=1747015991; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=KvrqHavgxY0VXqqz; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg10_=1747015992; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
date: Mon, 12 May 2025 02:13:12 GMT
content-type: image/jpeg
content-length: 31989
last-modified: Wed, 07 May 2025 14:56:58 GMT
etag: W/"7cf5-196ab3ff690"
pragma: public
cache-control: public, max-age=0, public
accept-ranges: bytes
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/css/ed3cc58.css

190.115.31.140

200 OK

7.7 kB

URL GET
up6mgf0x.top/_nuxt/css/ed3cc58.css
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
ASCII text, with very long lines (7689), with no line terminators
Size
7.7 kB (7689 bytes)
Hash
bd5149cc7b75605d41044bfd40bfa0e7
47a7a360180dd2a7a968573688f9bd77ce05b021
79bb1b631bf0a3617f951ea8d2827355fd7aed505bc6dbf436b9bfb55f591b76

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/css/ed3cc58.css HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=oVIyoDYazdxncpiA; __ddg10_=1747015991; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=ARFM8vltS9idcdJ7; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg10_=1747015992; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
date: Mon, 12 May 2025 02:13:12 GMT
content-type: text/css; charset=UTF-8
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"1e09-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
pragma: public
cache-control: public, max-age=31536000, public
X-Firefox-Spdy: h2

gis-static.com/games/Gamebeat/f2cc0d98c6763555f8738c53d20559d197019ac6.png

104.21.64.1

200 OK

25 kB

URL GET
gis-static.com/games/Gamebeat/f2cc0d98c6763555f8738c53d20559d197019ac6.png
IP
104.21.64.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerGoogle Trust Services
Subjectgis-static.com
FingerprintBD:C1:85:DF:D6:5A:45:64:97:47:28:AF:6D:F0:73:11:AE:CF:D9:93
ValidityMon, 07 Apr 2025 08:09:13 GMT - Sun, 06 Jul 2025 09:06:47 GMT

File type
PNG image data, 287 x 193, 8-bit colormap, non-interlaced
Size
25 kB (25268 bytes)
Hash
44c83f3fb5830761b308287e3089ba1b
80161499630481fdd88716926bb2d8ecdae80740
0837573cc0d6c76bc19decb3c8bfe85a4bbf515e3811e07c2a73e1074acf2efb

HTTP Headers

GET /games/Gamebeat/f2cc0d98c6763555f8738c53d20559d197019ac6.png HTTP/1.1
Host: gis-static.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 12 May 2025 02:13:12 GMT
content-type: image/png
content-length: 25268
server: cloudflare
accept-ranges: bytes
content-security-policy: block-all-mixed-content
etag: "44c83f3fb5830761b308287e3089ba1b"
last-modified: Fri, 28 Mar 2025 13:10:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains
vary: Origin, Accept-Encoding
x-amz-request-id: 1838D72D1910C333
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
age: 2711
cache-control: max-age=14400
cf-cache-status: HIT
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=pSPZ8%2BeIRRuCYiElY%2BxDHl1frHCmaF3rXqtXaTxcX%2FZrhQF2YTJwbPP3RJw1D9R%2FSLZXYFT5ltav4d40n8A%2B6YcEj432f7jwVd86pRVikA18dr%2BqvUV2FT3Yl3JAznuGhw%3D%3D"}]}
cf-ray: 93e6653f3d0fb512-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

up6mgf0x.top/img/other/icon-letter-b.png

190.115.31.140

200 OK

14 kB

URL GET
up6mgf0x.top/img/other/icon-letter-b.png
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
PNG image data, 512 x 512, 8-bit colormap, non-interlaced
Size
14 kB (14463 bytes)
Hash
0afc6e6d33717882324c018f4df7afdc
87db450fe7cd7b5cf0b17ee17e00cf464bab5900
1d6b5b810fd885fee2390940a940ce09d57784ed2b6de8c13b580a531b47922a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/other/icon-letter-b.png HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/_nuxt/css/a2310af.css
Cookie: __ddg8_=8dEecJq6UUJMjO1X; __ddg10_=1747015991; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=fG1O9FJuvM0U6x8R; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg10_=1747015992; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
date: Mon, 12 May 2025 02:13:12 GMT
content-type: image/png
content-length: 14463
last-modified: Wed, 07 May 2025 14:56:58 GMT
etag: W/"387f-196ab3ff690"
pragma: public
cache-control: public, max-age=0, public
accept-ranges: bytes
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/css/9866ca4.css

190.115.31.140

200 OK

24 kB

URL GET
up6mgf0x.top/_nuxt/css/9866ca4.css
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
ASCII text, with very long lines (24235), with no line terminators
Size
24 kB (24235 bytes)
Hash
01cb9371d3c7e96646e71d9866ba7024
e32c2a804c8b2506345e635e0d289edbff5b702d
15770d39838b9509daca250a2953ffe0247b549aa45d3e21221981d7af399753

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/css/9866ca4.css HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=RgPw9CygafkvqFnY; __ddg10_=1747015994; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D; _ga_2RYNYNJ3M3=GS2.1.s1747015993$o1$g0$t1747015993$j0$l0$h0; _ga=GA1.1.100196038.1747015994
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=t74mesuoPCeyhU4g; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg10_=1747015994; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
date: Mon, 12 May 2025 02:13:14 GMT
content-type: text/css; charset=UTF-8
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"5eab-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
pragma: public
cache-control: public, max-age=31536000, public
X-Firefox-Spdy: h2

up6mgf0x.top/analytics/events?event_name=slider_banner_view&pgi=GTM-5PCLDCJ

190.115.31.140

204 No Content

0 B

URL POST
up6mgf0x.top/analytics/events?event_name=slider_banner_view&pgi=GTM-5PCLDCJ
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /analytics/events?event_name=slider_banner_view&pgi=GTM-5PCLDCJ HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 898
Origin: https://up6mgf0x.top
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=oUnBOc3MXwAxRJwK; __ddg10_=1747016014; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D; _ga_2RYNYNJ3M3=GS2.1.s1747015993$o1$g0$t1747016015$j0$l0$h0; _ga=GA1.1.100196038.1747015994
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/2 204 No Content
server: ddos-guard
set-cookie: __ddg8_=GZnxb7q76nl9nTNI; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:35 GMT
__ddg10_=1747016015; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:35 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:35 GMT
date: Mon, 12 May 2025 02:13:36 GMT
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/css/a2310af.css

190.115.31.140

200 OK

79 kB

URL GET
up6mgf0x.top/_nuxt/css/a2310af.css
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
79 kB (78858 bytes)
Hash
4f100d942e644f1c5a9d09e0e745df3b
85c910dc8fa923a58ee11d6c749421cdb08472ae
27e7658786bd33ce916f329890ce8c72c19282235a7f6265da732b744c4d470f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/css/a2310af.css HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=sVDcgVxyNRjv06JM; __ddg10_=1747015987; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=QMUZQwvxINjc0x0R; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
__ddg10_=1747015990; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
date: Mon, 12 May 2025 02:13:10 GMT
content-type: text/css; charset=UTF-8
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"1340a-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
pragma: public
cache-control: public, max-age=31536000, public
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/de902e5.js

190.115.31.140

200 OK

1.1 MB

URL GET
up6mgf0x.top/_nuxt/de902e5.js
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JavaScript source, ASCII text, with very long lines (65485)
Size
1.1 MB (1090262 bytes)
Hash
dc12bcf76374d4ab7b2272f3d875ff4f
680cf4cd9dd92f1ce62a643bfa2a98aeaaef023f
0d10fab139456a4622702770be65ff1b0861a34096ad09019927f3edeb83f9fe

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/de902e5.js HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=sVDcgVxyNRjv06JM; __ddg10_=1747015987; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=l8zxIkkzZO0qbrGk; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
__ddg10_=1747015990; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
date: Mon, 12 May 2025 02:13:10 GMT
content-type: application/javascript; charset=UTF-8
accept-ranges: bytes
cache-control: public, max-age=31536000
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"10a2d6-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/fonts/FSElliotPro-Bold.332026c.woff2

190.115.31.140

200 OK

66 kB

URL GET
up6mgf0x.top/_nuxt/fonts/FSElliotPro-Bold.332026c.woff2
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
Web Open Font Format (Version 2), TrueType, length 66260, version 1.0
Size
66 kB (66260 bytes)
Hash
af062124a07d247959fb0fd2073eaadc
ae88c5994ddfb03ce3c532df325da66cb2941986
faf0373b18724ec23600f467817e18dcf9cd647af50d195333d277712139e18e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/fonts/FSElliotPro-Bold.332026c.woff2 HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/_nuxt/css/a2310af.css
Cookie: __ddg8_=cYd1wP1sUsdYvRLz; __ddg10_=1747015990; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=5qRmFiVoYJnOlBGG; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
__ddg10_=1747015990; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
date: Mon, 12 May 2025 02:13:10 GMT
content-type: font/woff2
content-length: 66260
accept-ranges: bytes
cache-control: public, max-age=31536000
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"102d4-196ab431758"
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/img/steam-hover.9c52375.svg

190.115.31.140

200 OK

2.5 kB

URL GET
up6mgf0x.top/_nuxt/img/steam-hover.9c52375.svg
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
SVG Scalable Vector Graphics image
Size
2.5 kB (2485 bytes)
Hash
7814da10aa7bf53cb5f37df9bbe3370c
c8609c2cbeee36d59460324eee05d384d5807dc3
fd090642107306ed1994419ea1bf98eb838523610c90f91005644e1afcc4b4ef

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/img/steam-hover.9c52375.svg HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=bX4xHAImFLtgZhrv; __ddg10_=1747015992; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=3pjCsiA0Y17ONolV; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg10_=1747015992; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
date: Mon, 12 May 2025 02:13:12 GMT
content-type: image/svg+xml
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"9b5-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
pragma: public
cache-control: public, max-age=31536000, public
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/1097a65.js

190.115.31.140

200 OK

1.7 kB

URL GET
up6mgf0x.top/_nuxt/1097a65.js
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (1674), with no line terminators
Size
1.7 kB (1678 bytes)
Hash
37e521211f80859be5c2c110a5cceede
ba559390019596c602120b706bae6a4d749a33fa
b1624f3854eb325c237e9499c64451d51790e9cbee1ae54b7dc574d4c368c21b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/1097a65.js HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=GFzkO2hGOf3M8IfG; __ddg10_=1747015995; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D; _ga_2RYNYNJ3M3=GS2.1.s1747015993$o1$g0$t1747015994$j0$l0$h0; _ga=GA1.1.100196038.1747015994
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=jm9KYFNSzwzfNJLK; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:15 GMT
__ddg10_=1747015995; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:15 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:15 GMT
date: Mon, 12 May 2025 02:13:15 GMT
content-type: application/javascript; charset=UTF-8
accept-ranges: bytes
cache-control: public, max-age=31536000
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"68e-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7

190.115.31.140

200 OK

191 kB

URL User Request GET
up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (27663)
Size
191 kB (191237 bytes)
Hash
1106bc4f041dfbd4033561be47cdb79e
c274de46a2e384794de0cec20ce870a24feea6b5
27be258828c2bf0157246bff97e69bd07aebb3eba402714eedbea61812fd469f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7 HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=sVDcgVxyNRjv06JM; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:07 GMT
__ddg10_=1747015987; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:07 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:07 GMT
__ddg1_=xSeARP3kfHBppSSI8gMT; Domain=.up6mgf0x.top; HttpOnly; Path=/; Expires=Tue, 12-May-2026 02:13:07 GMT
i18n_redirected=en; Path=/; Expires=Tue, 12 May 2026 02:13:07 GMT; SameSite=Lax
locale=en; Max-Age=31536000; Path=/
WelcomeBonusHash=071b94101c3ae3f35d83081752e1bb33; Max-Age=604800; Path=/
WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; Max-Age=604800; Path=/
stag=9686_67ed0eb8d57e64c4135b6182; Max-Age=86400; Path=/
userVersion=5.199.169.228; Max-Age=86400; Path=/
userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; Max-Age=86400; Path=/
date: Mon, 12 May 2025 02:13:09 GMT
content-type: text/html; charset=utf-8
etag: "2eb05-YNfc8Ci91oIM4dTGoNRdqiAmbKQ"
accept-ranges: none
vary: Accept-Encoding
content-encoding: gzip
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: no-cache
X-Firefox-Spdy: h2

up6mgf0x.top/storage/news/AikCzRomjID4PpHrut3PRGwpq50HgcuzPX5WhtBZ.png

190.115.31.140

200 OK

546 kB

URL GET
up6mgf0x.top/storage/news/AikCzRomjID4PpHrut3PRGwpq50HgcuzPX5WhtBZ.png
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
PNG image data, 1241 x 261, 8-bit/color RGBA, non-interlaced
Size
546 kB (546017 bytes)
Hash
d887e25e95a04fd0e21aadb27893e4cb
5be9fe8808c513a6a7c18c9540e6ef769bc41dcf
4dc81787c04b942aeb46ca255fca77222d6f5c79ae40e366b213bc0dba1ee3a3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /storage/news/AikCzRomjID4PpHrut3PRGwpq50HgcuzPX5WhtBZ.png HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=w4t1zYROQq6s88Bj; __ddg10_=1747015991; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=cSVLGXFbZEKPHfab; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:11 GMT
__ddg10_=1747015991; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:11 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:11 GMT
date: Mon, 12 May 2025 02:13:11 GMT
content-type: image/png
content-length: 546017
last-modified: Tue, 26 Nov 2024 08:58:43 GMT
etag: "67458dc3-854e1"
accept-ranges: bytes
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/img/game-index-bg.7cc6b53.svg

190.115.31.140

200 OK

1.1 kB

URL GET
up6mgf0x.top/_nuxt/img/game-index-bg.7cc6b53.svg
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
SVG Scalable Vector Graphics image
Size
1.1 kB (1134 bytes)
Hash
7b40b3a5e0fcca7f32c8ee5140dc1bda
ecfa535bc223496ae153e19ddc80c22e7e85522d
272b34fb3ec2745d2f0fdee8a6d7c8f1fb94bc2b0917f040290d0b800b42e1b4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/img/game-index-bg.7cc6b53.svg HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/_nuxt/css/a2310af.css
Cookie: __ddg8_=oVIyoDYazdxncpiA; __ddg10_=1747015991; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=ZWfwpwN7shPMmZFV; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg10_=1747015992; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
date: Mon, 12 May 2025 02:13:12 GMT
content-type: image/svg+xml
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"46e-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
pragma: public
cache-control: public, max-age=31536000, public
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/css/e1be51a.css

190.115.31.140

200 OK

12 kB

URL GET
up6mgf0x.top/_nuxt/css/e1be51a.css
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
ASCII text, with very long lines (11626), with no line terminators
Size
12 kB (11626 bytes)
Hash
96ba1abc2e637a61c9891d9558d12c45
da5e5a84036b8d03fb56bde25883b9680cad542a
139e53df20290535f36fdc99d076cdfb25857249dd2c789c6ea1213f969e4e32

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/css/e1be51a.css HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=sVDcgVxyNRjv06JM; __ddg10_=1747015987; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=K2Kd9gClZBD5MUEO; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
__ddg10_=1747015990; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
date: Mon, 12 May 2025 02:13:10 GMT
content-type: text/css; charset=UTF-8
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"2d6a-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
pragma: public
cache-control: public, max-age=31536000, public
X-Firefox-Spdy: h2

up6mgf0x.top/storage/news/F2zQGwkBvBeGW0NKUzjDoEwQUIvveffHkeGayvjr.png

190.115.31.140

200 OK

539 kB

URL GET
up6mgf0x.top/storage/news/F2zQGwkBvBeGW0NKUzjDoEwQUIvveffHkeGayvjr.png
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
PNG image data, 1241 x 261, 8-bit/color RGBA, non-interlaced
Size
539 kB (539043 bytes)
Hash
9f00df0018659ee79e9aa59fdd242cac
76998e8283f8079dc31b9debc6dec7305b61cbf5
d3b9cb3b1665d62e08efc887151ad88c6382c19ac1a6a9cb274d4a5b38e6dd72

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /storage/news/F2zQGwkBvBeGW0NKUzjDoEwQUIvveffHkeGayvjr.png HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=w4t1zYROQq6s88Bj; __ddg10_=1747015991; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=wM6MynBUaCnoicKW; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:11 GMT
__ddg10_=1747015991; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:11 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:11 GMT
date: Mon, 12 May 2025 02:13:11 GMT
content-type: image/png
content-length: 539043
last-modified: Wed, 13 Nov 2024 09:59:36 GMT
etag: "67347888-839a3"
accept-ranges: bytes
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/css/75d0d04.css

190.115.31.140

200 OK

8.9 kB

URL GET
up6mgf0x.top/_nuxt/css/75d0d04.css
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
ASCII text, with very long lines (8853), with no line terminators
Size
8.9 kB (8853 bytes)
Hash
98ead3b317d0ea5d3027fcce2b750048
a2d6a49ca8c5137f4bbc3779d2184c48f6f5d37c
8b564fc3a29f80728099295c139c02a9b80c9cbdf0ebfa4851e2fb772dfc7210

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/css/75d0d04.css HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=RgPw9CygafkvqFnY; __ddg10_=1747015994; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D; _ga_2RYNYNJ3M3=GS2.1.s1747015993$o1$g0$t1747015993$j0$l0$h0; _ga=GA1.1.100196038.1747015994
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=QzMuQddPNf6XtL07; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg10_=1747015994; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
date: Mon, 12 May 2025 02:13:14 GMT
content-type: text/css; charset=UTF-8
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"2295-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
pragma: public
cache-control: public, max-age=31536000, public
X-Firefox-Spdy: h2

up6mgf0x.top/img/games/roulette/_logo.svg

190.115.31.140

200 OK

42 kB

URL GET
up6mgf0x.top/img/games/roulette/_logo.svg
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
SVG Scalable Vector Graphics image
Size
42 kB (41950 bytes)
Hash
3d6ff92efefb962d75d086bb2b9857cb
39586ecb14f31a6b138f1ad74f43174f6a26e8ee
aae90f22e95d24ed2c1a66f9ac4ba60122d40aed9a5f0d408621f5e1cee6cf60

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/games/roulette/_logo.svg HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=sVDcgVxyNRjv06JM; __ddg10_=1747015987; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=bpgSvcRHQMoZnNeP; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
__ddg10_=1747015990; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:10 GMT
date: Mon, 12 May 2025 02:13:10 GMT
content-type: image/svg+xml
last-modified: Wed, 07 May 2025 14:56:58 GMT
etag: W/"a3de-196ab3ff690"
vary: Accept-Encoding
content-encoding: gzip
pragma: public
cache-control: public, max-age=0, public
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/img/tele2-hover.1c26f98.svg

190.115.31.140

200 OK

1.6 kB

URL GET
up6mgf0x.top/_nuxt/img/tele2-hover.1c26f98.svg
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
SVG Scalable Vector Graphics image
Size
1.6 kB (1633 bytes)
Hash
ef00fd2be6bf23d092250cd66f4cc83e
ba6b0850b52ce29649befc906e5e360897c19e4a
bfa50505d7acf51edfb1951e63138d9c7bea60d425872c15e74e31903bf6eb1b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/img/tele2-hover.1c26f98.svg HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=bX4xHAImFLtgZhrv; __ddg10_=1747015992; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=lhvn6LWJhrfZcmJs; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg10_=1747015992; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
date: Mon, 12 May 2025 02:13:12 GMT
content-type: image/svg+xml
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"661-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
pragma: public
cache-control: public, max-age=31536000, public
X-Firefox-Spdy: h2

up6mgf0x.top/_nuxt/fad89d3.js

190.115.31.140

200 OK

29 kB

URL GET
up6mgf0x.top/_nuxt/fad89d3.js
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JavaScript source, ASCII text, with very long lines (28936), with no line terminators
Size
29 kB (28936 bytes)
Hash
4564c968d9c4fbd990511019dad36e20
1ef13e867b6071fb29780d61d86955545c93eeaf
f0081ba94ef1780bf906fb07e4c0f1df4c161d31fbcd35ea621ea279e52951b6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_nuxt/fad89d3.js HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=RgPw9CygafkvqFnY; __ddg10_=1747015994; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D; _ga_2RYNYNJ3M3=GS2.1.s1747015993$o1$g0$t1747015993$j0$l0$h0; _ga=GA1.1.100196038.1747015994
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=NQBmfhmGzV7kH8Xq; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg10_=1747015994; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:14 GMT
date: Mon, 12 May 2025 02:13:14 GMT
content-type: application/javascript; charset=UTF-8
accept-ranges: bytes
cache-control: public, max-age=31536000
last-modified: Wed, 07 May 2025 15:00:23 GMT
etag: W/"7108-196ab431758"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

upxsupport.webim.ru/l/v/poll?action=poll

91.142.90.130

200 OK

2 B

URL POST
upxsupport.webim.ru/l/v/poll?action=poll
IP
91.142.90.130:443
ASN
#41722 Miran Ltd.

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerGlobalSign nv-sa
Subject*.webim.ru
FingerprintC9:8F:2B:90:8F:AA:A2:41:5B:E2:A2:52:7D:CB:E8:06:B8:A0:74:B2
ValidityTue, 21 Jan 2025 21:48:29 GMT - Sun, 22 Feb 2026 21:48:28 GMT

File type
JSON text data
Size
2 B (2 bytes)
Hash
99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

HTTP Headers

POST /l/v/poll?action=poll HTTP/1.1
Host: upxsupport.webim.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://up6mgf0x.top/
Content-Type: text/plain;charset=UTF-8
Content-Length: 174
Origin: https://up6mgf0x.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 May 2025 02:13:25 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 2
Connection: keep-alive
X-Webim-Version: 10.7.101
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN

up6mgf0x.top/img/index-page-upx-games/hilo.jpg

190.115.31.140

200 OK

24 kB

URL GET
up6mgf0x.top/img/index-page-upx-games/hilo.jpg
IP
190.115.31.140:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&popup=registration&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Certificate
IssuerLet's Encrypt
Subjectup6mgf0x.top
FingerprintE2:33:FE:79:B7:C0:35:34:04:9C:B0:C4:01:3D:2A:71:19:E0:12:83
ValidityMon, 05 May 2025 10:39:15 GMT - Sun, 03 Aug 2025 10:39:14 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 242x187, components 3
Size
24 kB (23529 bytes)
Hash
999cc6430d18bd300ef8b2c479222ba0
01921168137705eb4573802cc17bc6f56aac070d
21fe3dd3c716d1c02a4cba63ce13b5ee33ae74d2c8ebe277cc2b15105d46f6c4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/index-page-upx-games/hilo.jpg HTTP/1.1
Host: up6mgf0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://up6mgf0x.top/?stag=9686_67ed0eb8d57e64c4135b6182&http_referrer=https%3A%2Fbing.com%2F&promo=d2d31c98-1d8c-4ce1-b01f-ce5a4fdc762f&tracking_link=http%3A%2Fupx-l.tech%2Ft338d6cf7&v2=1&hashH=c1c67911307e0b63f7237df292e4a5d7
Cookie: __ddg8_=cSVLGXFbZEKPHfab; __ddg10_=1747015991; __ddg9_=91.90.42.154; __ddg1_=xSeARP3kfHBppSSI8gMT; i18n_redirected=en; locale=en; WelcomeBonusHash=9975e8452d0972adec4ec758b0e09262; stag=9686_67ed0eb8d57e64c4135b6182; userVersion=5.199.169.228; userBrowser=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0; isHideSeoTextCookie=true; amp__device_id=d520c7a8-421b-4563-b955-f5abc56b97ec; X-Country=NO; X-Country-JSON=%7B%22country%22%3A%7B%22iso%22%3A%22NO%22%2C%22name%22%3A%22Norway%22%7D%2C%22ip%22%3A%2291.90.42.154%22%2C%22city%22%3A%7B%22name%22%3A%22Oslo%22%2C%22latitude%22%3A59.905%2C%22longitude%22%3A10.7487%7D%2C%22timezone%22%3A%22Europe%2FOslo%22%2C%22localTime%22%3A%222025-04-17T11%3A35%3A51%22%2C%22access%22%3Atrue%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=eHkHppBOmaewkGXF; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg10_=1747015992; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
__ddg9_=91.90.42.154; Domain=.up6mgf0x.top; Path=/; Expires=Mon, 12-May-2025 02:33:12 GMT
date: Mon, 12 May 2025 02:13:12 GMT
content-type: image/jpeg
content-length: 23529
last-modified: Wed, 07 May 2025 14:56:58 GMT
etag: W/"5be9-196ab3ff690"
pragma: public
cache-control: public, max-age=0, public
accept-ranges: bytes
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (134)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML