Note: BlockList 2842: in Exceptions-U, line 1102 GET 2842 : User Keywords: .a_gifs:0. content of my Exceptions-U line 1102= [^.]+.megaupload.com/gencap.php $SET(0=a_gifs:0.) -------------------------------------------- BlockList 2842: in Danger, line 56 => LOGwin open ? Explanation : This filter just ensures LOGwindow is open when encountering suspicious words in page content (ie: sex, cum, doll, child, lolita ...) line 56 = "load" [HTTP headers] In = FALSE Out = TRUE Key = "! * 4 Open LOGwindow on suspicious site 06.5.22 [jp] (d.0) (Out) ====>" URL = "*$LST(Danger)$LOG(!W=> LOGwin open ?)" Replace = "LOG-win opens at first page visited if not already open" ----------------------------------------------------------------------------------------------------- +++GET 2840+++ GET /gencap.php?910d01bf689dde2e.gif HTTP/1.1 Host: wwwq32.megaupload.com Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Referer: http://www.megaupload.com/?d=GF17TSWR Connection: keep-alive Client-IP: 195.173.128.127 User-Agent: Via: 1.1 cso08sqd01:3128 (Squid/2.3.STABLE4), 1.1 bibserv0593:3128 (Squid/2.1.PATCH1) X-Forwarded-For: 195.173.128.127 RESP 2839 : Time: 13:18:59::828 +++RESP 2839+++ HTTP/1.1 200 OK Date: Thu, 21 Oct 2010 11:19:42 GMT Server: Apache Last-Modified: Sun, 07 Sep 2008 16:21:00 GMT ETag: "3474" Accept-Ranges: bytes Content-Length: 13428 Keep-Alive: timeout=15, max=93 Connection: Keep-Alive Content-Type: image/jpeg; PrxMsg: Filter Image X-Pad: avoid browser bug Cache-Control: public, max-age=86400 |.*.URL-ID: (2839) http://wwwstatic.megaupload.com/gui2/download.jpg Match 2839: Top All Mark: Start 04.07.11 (multi) [sd] (d.r) Match 2839: Top Sniff: Sel. File Types 09.07.04 [sd] (d.1) RESP 2833 : Time: 13:18:59::906 +++RESP 2833+++ HTTP/1.1 200 OK Date: Thu, 21 Oct 2010 11:19:42 GMT Server: Apache Last-Modified: Thu, 14 Aug 2008 13:27:32 GMT ETag: "374" Accept-Ranges: bytes Content-Length: 884 Keep-Alive: timeout=15, max=90 Connection: Keep-Alive Content-Type: image/png; PrxMsg: Filter GIF Cache-Control: public, max-age=86400 |.*.URL-ID: (2833) http://wwwstatic.megaupload.com/gui2/language_object/sa.gif Match 2833: Top All Mark: Start 04.07.11 (multi) [sd] (d.r) Match 2833: Top Sniff: Sel. File Types 09.07.04 [sd] (d.1) Match 2833: Protect: Sel. File Types 07.07.15 [sd] (d.r) +++CLOSE 2833+++ Match 2839: Protect: Sel. File Types 07.07.15 [sd] (d.r) +++CLOSE 2839+++ RESP 2840 : Compressed "image/png; PrxMsg: Filter GIF" re-requested without Accept-Encoding JumpTo: http://wwwq32.megaupload.com/gencap.php?910d01bf689dde2e.gif RESP 2840 : Vary killed: Accept-Encoding RESP 2840 : Time: 13:19:00::343 +++RESP 2840+++ HTTP/1.1 200 OK Date: Thu, 21 Oct 2010 11:19:42 GMT Server: Apache Content-Encoding: gzip Content-Length: 797 Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Content-Type: image/png; PrxMsg: Filter GIF Cache-Control: public, max-age=86400 Last-Modified: Thu, 21 Oct 2010 11:19:00 GMT; PrxMsg: added |.*.URL-ID: (2840) http://wwwq32.megaupload.com/gencap.php?910d01bf689dde2e.gif +++CLOSE 2840+++ BlockList 2841: in Exceptions-U, line 1102 GET 2841 : User Keywords: .a_gifs:0. BlockList 2841: in Danger, line 56 => LOGwin open ? BlockList 2841: in Mem-SpoofVars, line 1 GET 2841 : Time: 13:19:00::390 +++GET 2841+++ GET /gencap.php?910d01bf689dde2e.gif HTTP/1.1 Host: wwwq32.megaupload.com Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Referer: http://www.megaupload.com/?d=GF17TSWR Connection: keep-alive Client-IP: 195.173.128.127 User-Agent: Via: 1.1 cso08sqd01:3128 (Squid/2.3.STABLE4), 1.1 bibserv0593:3128 (Squid/2.1.PATCH1) X-Forwarded-For: 195.173.128.127 RESP 2841 : Compressed "image/png; PrxMsg: Filter GIF" re-requested without Accept-Encoding JumpTo: http://wwwq32.megaupload.com/gencap.php?910d01bf689dde2e.gif RESP 2841 : Vary killed: Accept-Encoding RESP 2841 : Time: 13:19:00::828 +++RESP 2841+++ HTTP/1.1 200 OK Date: Thu, 21 Oct 2010 11:19:43 GMT Server: Apache Content-Encoding: gzip Content-Length: 797 Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Content-Type: image/png; PrxMsg: Filter GIF Cache-Control: public, max-age=86400 Last-Modified: Thu, 21 Oct 2010 11:19:00 GMT; PrxMsg: added |.*.URL-ID: (2841) http://wwwq32.megaupload.com/gencap.php?910d01bf689dde2e.gif +++CLOSE 2841+++ BlockList 2842: in Exceptions-U, line 1102 GET 2842 : User Keywords: .a_gifs:0. BlockList 2842: in Danger, line 56 => LOGwin open ? BlockList 2842: in Mem-SpoofVars, line 1 GET 2842 : Time: 13:19:00::875 +++GET 2842+++ GET /gencap.php?910d01bf689dde2e.gif HTTP/1.1 Host: wwwq32.megaupload.com Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Referer: http://www.megaupload.com/?d=GF17TSWR Connection: keep-alive Client-IP: 195.173.128.127 User-Agent: Via: 1.1 cso08sqd01:3128 (Squid/2.3.STABLE4), 1.1 bibserv0593:3128 (Squid/2.1.PATCH1) X-Forwarded-For: 195.173.128.127 RESP 2842 : Compressed "image/png; PrxMsg: Filter GIF" re-requested without Accept-Encoding JumpTo: http://wwwq32.megaupload.com/gencap.php?910d01bf689dde2e.gif RESP 2842 : Vary killed: Accept-Encoding RESP 2842 : Time: 13:19:01::281 +++RESP 2842+++ HTTP/1.1 200 OK Date: Thu, 21 Oct 2010 11:19:43 GMT Server: Apache Content-Encoding: gzip Content-Length: 797 Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Content-Type: image/png; PrxMsg: Filter GIF Cache-Control: public, max-age=86400 Last-Modified: Thu, 21 Oct 2010 11:19:01 GMT; PrxMsg: added |.*.URL-ID: (2842) http://wwwq32.megaupload.com/gencap.php?910d01bf689dde2e.gif +++CLOSE 2842+++ BlockList 2843: in Exceptions-U, line 1102 GET 2843 : User Keywords: .a_gifs:0. BlockList 2843: in Danger, line 56 => LOGwin open ? BlockList 2843: in Mem-SpoofVars, line 1 GET 2843 : Time: 13:19:01::343 +++GET 2843+++ GET /gencap.php?910d01bf689dde2e.gif HTTP/1.1 Host: wwwq32.megaupload.com Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Referer: http://www.megaupload.com/?d=GF17TSWR Connection: keep-alive Client-IP: 195.173.128.127 User-Agent: Via: 1.1 cso08sqd01:3128 (Squid/2.3.STABLE4), 1.1 bibserv0593:3128 (Squid/2.1.PATCH1) X-Forwarded-For: 195.173.128.127 RESP 2835 : Time: 13:19:01::750 +++RESP 2835+++ HTTP/1.1 200 OK Date: Thu, 21 Oct 2010 11:19:44 GMT Server: Apache Last-Modified: Thu, 14 Aug 2008 13:27:50 GMT ETag: "3b5" Accept-Ranges: bytes Content-Length: 949 Keep-Alive: timeout=15, max=94 Connection: Keep-Alive Content-Type: image/png; PrxMsg: Filter GIF Cache-Control: public, max-age=86400 |.*.URL-ID: (2835) http://wwwstatic.megaupload.com/gui2/language_object/vn.gif Match 2835: Top All Mark: Start 04.07.11 (multi) [sd] (d.r) Match 2835: Top Sniff: Sel. File Types 09.07.04 [sd] (d.1) Match 2835: Protect: Sel. File Types 07.07.15 [sd] (d.r) +++CLOSE 2835+++ RESP 2843 : Compressed "image/png; PrxMsg: Filter GIF" re-requested without Accept-Encoding JumpTo: http://wwwq32.megaupload.com/gencap.php?910d01bf689dde2e.gif RESP 2843 : Vary killed: Accept-Encoding RESP 2843 : Time: 13:19:01::953 +++RESP 2843+++ HTTP/1.1 200 OK Date: Thu, 21 Oct 2010 11:19:44 GMT Server: Apache Content-Encoding: gzip Content-Length: 797 Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Content-Type: image/png; PrxMsg: Filter GIF Cache-Control: public, max-age=86400 Last-Modified: Thu, 21 Oct 2010 11:19:01 GMT; PrxMsg: added |.*.URL-ID: (2843) http://wwwq32.megaupload.com/gencap.php?910d01bf689dde2e.gif +++CLOSE 2843+++ BlockList 2844: in Exceptions-U, line 1102 GET 2844 : User Keywords: .a_gifs:0. BlockList 2844: in Danger, line 56 => LOGwin open ? BlockList 2844: in Mem-SpoofVars, line 1 GET 2844 : Time: 13:19:02::00 +++GET 2844+++ GET /gencap.php?910d01bf689dde2e.gif HTTP/1.1 Host: wwwq32.megaupload.com Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Referer: http://www.megaupload.com/?d=GF17TSWR Connection: keep-alive Client-IP: 195.173.128.127 User-Agent: Via: 1.1 cso08sqd01:3128 (Squid/2.3.STABLE4), 1.1 bibserv0593:3128 (Squid/2.1.PATCH1) X-Forwarded-For: 195.173.128.127 RESP 2844 : Compressed "image/png; PrxMsg: Filter GIF" re-requested without Accept-Encoding JumpTo: http://wwwq32.megaupload.com/gencap.php?910d01bf689dde2e.gif RESP 2844 : Vary killed: Accept-Encoding RESP 2844 : Time: 13:19:02::562 +++RESP 2844+++ HTTP/1.1 200 OK Date: Thu, 21 Oct 2010 11:19:44 GMT Server: Apache Content-Encoding: gzip Content-Length: 797 Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Content-Type: image/png; PrxMsg: Filter GIF Cache-Control: public, max-age=86400 Last-Modified: Thu, 21 Oct 2010 11:19:02 GMT; PrxMsg: added |.*.URL-ID: (2844) http://wwwq32.megaupload.com/gencap.php?910d01bf689dde2e.gif +++CLOSE 2844+++ BlockList 2845: in Exceptions-U, line 1102 GET 2845 : User Keywords: .a_gifs:0. BlockList 2845: in Danger, line 56 => LOGwin open ? BlockList 2845: in Mem-SpoofVars, line 1 GET 2845 : Time: 13:19:02::609 +++GET 2845+++ GET /gencap.php?910d01bf689dde2e.gif HTTP/1.1 Host: wwwq32.megaupload.com Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Referer: http://www.megaupload.com/?d=GF17TSWR Connection: keep-alive Client-IP: 195.173.128.127 User-Agent: Via: 1.1 cso08sqd01:3128 (Squid/2.3.STABLE4), 1.1 bibserv0593:3128 (Squid/2.1.PATCH1) X-Forwarded-For: 195.173.128.127 RESP 2845 : Compressed "image/png; PrxMsg: Filter GIF" re-requested without Accept-Encoding JumpTo: http://wwwq32.megaupload.com/gencap.php?910d01bf689dde2e.gif RESP 2845 : Vary killed: Accept-Encoding RESP 2845 : Time: 13:19:03::203 +++RESP 2845+++ HTTP/1.1 200 OK Date: Thu, 21 Oct 2010 11:19:45 GMT Server: Apache Content-Encoding: gzip Content-Length: 797 Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Content-Type: image/png; PrxMsg: Filter GIF Cache-Control: public, max-age=86400 Last-Modified: Thu, 21 Oct 2010 11:19:03 GMT; PrxMsg: added |.*.URL-ID: (2845) http://wwwq32.megaupload.com/gencap.php?910d01bf689dde2e.gif +++CLOSE 2845+++ BlockList 2846: in Exceptions-U, line 1102 GET 2846 : User Keywords: .a_gifs:0. BlockList 2846: in Danger, line 56 => LOGwin open ? BlockList 2846: in Mem-SpoofVars, line 1 GET 2846 : Time: 13:19:03::265 +++GET 2846+++ GET /gencap.php?910d01bf689dde2e.gif HTTP/1.1 Host: wwwq32.megaupload.com Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Referer: http://www.megaupload.com/?d=GF17TSWR Connection: keep-alive Client-IP: 195.173.128.127 User-Agent: Via: 1.1 cso08sqd01:3128 (Squid/2.3.STABLE4), 1.1 bibserv0593:3128 (Squid/2.1.PATCH1) X-Forwarded-For: 195.173.128.127 RESP 2846 : Compressed "image/png; PrxMsg: Filter GIF" re-requested without Accept-Encoding JumpTo: http://wwwq32.megaupload.com/gencap.php?910d01bf689dde2e.gif RESP 2846 : Vary killed: Accept-Encoding RESP 2846 : Time: 13:19:04::31 +++RESP 2846+++ HTTP/1.1 200 OK Date: Thu, 21 Oct 2010 11:19:46 GMT Server: Apache Content-Encoding: gzip Content-Length: 797 Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Content-Type: image/png; PrxMsg: Filter GIF Cache-Control: public, max-age=86400 Last-Modified: Thu, 21 Oct 2010 11:19:04 GMT; PrxMsg: added |.*.URL-ID: (2846) http://wwwq32.megaupload.com/gencap.php?910d01bf689dde2e.gif +++CLOSE 2846+++ BlockList 2847: in Exceptions-U, line 1102 GET 2847 : User Keywords: .a_gifs:0. BlockList 2847: in Danger, line 56 => LOGwin open ? BlockList 2847: in Mem-SpoofVars, line 1 GET 2847 : Time: 13:19:04::78 +++GET 2847+++ GET /gencap.php?910d01bf689dde2e.gif HTTP/1.1 Host: wwwq32.megaupload.com Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Referer: http://www.megaupload.com/?d=GF17TSWR Connection: keep-alive Client-IP: 195.173.128.127 User-Agent: Via: 1.1 cso08sqd01:3128 (Squid/2.3.STABLE4), 1.1 bibserv0593:3128 (Squid/2.1.PATCH1) X-Forwarded-For: 195.173.128.127 RESP 2847 : Compressed "image/png; PrxMsg: Filter GIF" re-requested without Accept-Encoding JumpTo: http://wwwq32.megaupload.com/gencap.php?910d01bf689dde2e.gif RESP 2847 : Vary killed: Accept-Encoding RESP 2847 : Time: 13:19:07::875 +++RESP 2847+++ HTTP/1.1 200 OK Date: Thu, 21 Oct 2010 11:19:50 GMT Server: Apache Content-Encoding: gzip Content-Length: 797 Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Content-Type: image/png; PrxMsg: Filter GIF Cache-Control: public, max-age=86400 Last-Modified: Thu, 21 Oct 2010 11:19:07 GMT; PrxMsg: added |.*.URL-ID: (2847) http://wwwq32.megaupload.com/gencap.php?910d01bf689dde2e.gif +++CLOSE 2847+++ BlockList 2848: in Exceptions-U, line 1102 GET 2848 : User Keywords: .a_gifs:0. BlockList 2848: in Danger, line 56 => LOGwin open ? BlockList 2848: in Mem-SpoofVars, line 1 GET 2848 : Time: 13:19:07::937 +++GET 2848+++ GET /gencap.php?910d01bf689dde2e.gif HTTP/1.1 Host: wwwq32.megaupload.com Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Referer: http://www.megaupload.com/?d=GF17TSWR Connection: keep-alive Client-IP: 195.173.128.127 User-Agent: Via: 1.1 cso08sqd01:3128 (Squid/2.3.STABLE4), 1.1 bibserv0593:3128 (Squid/2.1.PATCH1) X-Forwarded-For: 195.173.128.127 RESP 2848 : Compressed "image/png; PrxMsg: Filter GIF" re-requested without Accept-Encoding JumpTo: http://wwwq32.megaupload.com/gencap.php?910d01bf689dde2e.gif RESP 2848 : Vary killed: Accept-Encoding RESP 2848 : Time: 13:19:08::500 +++RESP 2848+++ HTTP/1.1 200 OK Date: Thu, 21 Oct 2010 11:19:50 GMT Server: Apache Content-Encoding: gzip Content-Length: 797 Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Content-Type: image/png; PrxMsg: Filter GIF Cache-Control: public, max-age=86400 Last-Modified: Thu, 21 Oct 2010 11:19:08 GMT; PrxMsg: added |.*.URL-ID: (2848) http://wwwq32.megaupload.com/gencap.php?910d01bf689dde2e.gif +++CLOSE 2848+++ BlockList 2849: in Exceptions-U, line 1102 GET 2849 : User Keywords: .a_gifs:0. BlockList 2849: in Danger, line 56 => LOGwin open ? BlockList 2849: in Mem-SpoofVars, line 1 GET 2849 : Time: 13:19:08::546 +++GET 2849+++ GET /gencap.php?910d01bf689dde2e.gif HTTP/1.1 Host: wwwq32.megaupload.com Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Referer: http://www.megaupload.com/?d=GF17TSWR Connection: keep-alive Client-IP: 195.173.128.127 User-Agent: Via: 1.1 cso08sqd01:3128 (Squid/2.3.STABLE4), 1.1 bibserv0593:3128 (Squid/2.1.PATCH1) X-Forwarded-For: 195.173.128.127 RESP 2849 : Compressed "image/png; PrxMsg: Filter GIF" re-requested without Accept-Encoding JumpTo: http://wwwq32.megaupload.com/gencap.php?910d01bf689dde2e.gif RESP 2849 : Vary killed: Accept-Encoding RESP 2849 : Time: 13:19:08::921 +++RESP 2849+++ HTTP/1.1 200 OK Date: Thu, 21 Oct 2010 11:19:51 GMT Server: Apache Content-Encoding: gzip Content-Length: 797 Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Content-Type: image/png; PrxMsg: Filter GIF Cache-Control: public, max-age=86400 Last-Modified: Thu, 21 Oct 2010 11:19:08 GMT; PrxMsg: added |.*.URL-ID: (2849) http://wwwq32.megaupload.com/gencap.php?910d01bf689dde2e.gif +++CLOSE 2849+++ BlockList 2850: in Exceptions-U, line 1102 GET 2850 : User Keywords: .a_gifs:0. BlockList 2850: in Danger, line 56 => LOGwin open ? BlockList 2850: in Mem-SpoofVars, line 1 GET 2850 : Time: 13:19:08::984 +++GET 2850+++ GET /gencap.php?910d01bf689dde2e.gif HTTP/1.1 Host: wwwq32.megaupload.com Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Referer: http://www.megaupload.com/?d=GF17TSWR Connection: keep-alive Client-IP: 195.173.128.127 User-Agent: Via: 1.1 cso08sqd01:3128 (Squid/2.3.STABLE4), 1.1 bibserv0593:3128 (Squid/2.1.PATCH1) X-Forwarded-For: 195.173.128.127 RESP 2850 : Compressed "image/png; PrxMsg: Filter GIF" re-requested without Accept-Encoding JumpTo: http://wwwq32.megaupload.com/gencap.php?910d01bf689dde2e.gif RESP 2850 : Vary killed: Accept-Encoding RESP 2850 : Time: 13:19:09::375 +++RESP 2850+++ HTTP/1.1 200 OK Date: Thu, 21 Oct 2010 11:19:51 GMT Server: Apache Content-Encoding: gzip Content-Length: 797 Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Content-Type: image/png; PrxMsg: Filter GIF Cache-Control: public, max-age=86400 Last-Modified: Thu, 21 Oct 2010 11:19:09 GMT; PrxMsg: added |.*.URL-ID: (2850) http://wwwq32.megaupload.com/gencap.php?910d01bf689dde2e.gif +++CLOSE 2850+++ BlockList 2851: in Exceptions-U, line 1102 GET 2851 : User Keywords: .a_gifs:0. BlockList 2851: in Danger, line 56 => LOGwin open ? BlockList 2851: in Mem-SpoofVars, line 1 GET 2851 : Time: 13:19:09::437 +++GET 2851+++ GET /gencap.php?910d01bf689dde2e.gif HTTP/1.1 Host: wwwq32.megaupload.com Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Referer: http://www.megaupload.com/?d=GF17TSWR Connection: keep-alive Client-IP: 195.173.128.127 User-Agent: Via: 1.1 cso08sqd01:3128 (Squid/2.3.STABLE4), 1.1 bibserv0593:3128 (Squid/2.1.PATCH1) X-Forwarded-For: 195.173.128.127 RESP 2851 : Compressed "image/png; PrxMsg: Filter GIF" re-requested without Accept-Encoding JumpTo: http://wwwq32.megaupload.com/gencap.php?910d01bf689dde2e.gif RESP 2851 : Vary killed: Accept-Encoding RESP 2851 : Time: 13:19:09::859 +++RESP 2851+++ HTTP/1.1 200 OK Date: Thu, 21 Oct 2010 11:19:52 GMT Server: Apache Content-Encoding: gzip Content-Length: 797 Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Content-Type: image/png; PrxMsg: Filter GIF Cache-Control: public, max-age=86400 Last-Modified: Thu, 21 Oct 2010 11:19:09 GMT; PrxMsg: added |.*.URL-ID: (2851) http://wwwq32.megaupload.com/gencap.php?910d01bf689dde2e.gif +++CLOSE 2851+++ BlockList 2852: in Exceptions-U, line 1102 GET 2852 : User Keywords: .a_gifs:0. BlockList 2852: in Danger, line 56 => LOGwin open ? BlockList 2852: in Mem-SpoofVars, line 1 GET 2852 : Time: 13:19:09::906 +++GET 2852+++ GET /gencap.php?910d01bf689dde2e.gif HTTP/1.1 Host: wwwq32.megaupload.com Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Referer: http://www.megaupload.com/?d=GF17TSWR Connection: keep-alive Client-IP: 195.173.128.127 User-Agent: Via: 1.1 cso08sqd01:3128 (Squid/2.3.STABLE4), 1.1 bibserv0593:3128 (Squid/2.1.PATCH1) X-Forwarded-For: 195.173.128.127 RESP 2852 : Compressed "image/png; PrxMsg: Filter GIF" re-requested without Accept-Encoding JumpTo: http://wwwq32.megaupload.com/gencap.php?910d01bf689dde2e.gif RESP 2852 : Vary killed: Accept-Encoding RESP 2852 : Time: 13:19:10::296 +++RESP 2852+++ HTTP/1.1 200 OK Date: Thu, 21 Oct 2010 11:19:52 GMT Server: Apache Content-Encoding: gzip Content-Length: 797 Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Content-Type: image/png; PrxMsg: Filter GIF Cache-Control: public, max-age=86400 Last-Modified: Thu, 21 Oct 2010 11:19:10 GMT; PrxMsg: added |.*.URL-ID: (2852) http://wwwq32.megaupload.com/gencap.php?910d01bf689dde2e.gif +++CLOSE 2852+++ BlockList 2853: in Exceptions-U, line 1102 GET 2853 : User Keywords: .a_gifs:0. BlockList 2853: in Danger, line 56 => LOGwin open ? BlockList 2853: in Mem-SpoofVars, line 1 GET 2853 : Time: 13:19:10::359 +++GET 2853+++ GET /gencap.php?910d01bf689dde2e.gif HTTP/1.1 Host: wwwq32.megaupload.com Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Referer: http://www.megaupload.com/?d=GF17TSWR Connection: keep-alive Client-IP: 195.173.128.127 User-Agent: Via: 1.1 cso08sqd01:3128 (Squid/2.3.STABLE4), 1.1 bibserv0593:3128 (Squid/2.1.PATCH1) X-Forwarded-For: 195.173.128.127 RESP 2853 : Compressed "image/png; PrxMsg: Filter GIF" re-requested without Accept-Encoding JumpTo: http://wwwq32.megaupload.com/gencap.php?910d01bf689dde2e.gif RESP 2853 : Vary killed: Accept-Encoding RESP 2853 : Time: 13:19:10::734 +++RESP 2853+++ HTTP/1.1 200 OK Date: Thu, 21 Oct 2010 11:19:53 GMT Server: Apache Content-Encoding: gzip Content-Length: 797 Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Content-Type: image/png; PrxMsg: Filter GIF Cache-Control: public, max-age=86400 Last-Modified: Thu, 21 Oct 2010 11:19:10 GMT; PrxMsg: added |.*.URL-ID: (2853) http://wwwq32.megaupload.com/gencap.php?910d01bf689dde2e.gif +++CLOSE 2853+++ BlockList 2854: in Exceptions-U, line 1102 GET 2854 : User Keywords: .a_gifs:0. BlockList 2854: in Danger, line 56 => LOGwin open ? BlockList 2854: in Mem-SpoofVars, line 1 GET 2854 : Time: 13:19:10::796 +++GET 2854+++ GET /gencap.php?910d01bf689dde2e.gif HTTP/1.1 Host: wwwq32.megaupload.com Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Referer: http://www.megaupload.com/?d=GF17TSWR Connection: keep-alive Client-IP: 195.173.128.127 User-Agent: Via: 1.1 cso08sqd01:3128 (Squid/2.3.STABLE4), 1.1 bibserv0593:3128 (Squid/2.1.PATCH1) X-Forwarded-For: 195.173.128.127 RESP 2854 : Compressed "image/png; PrxMsg: Filter GIF" re-requested without Accept-Encoding JumpTo: http://wwwq32.megaupload.com/gencap.php?910d01bf689dde2e.gif RESP 2854 : Vary killed: Accept-Encoding RESP 2854 : Time: 13:19:11::203 +++RESP 2854+++ HTTP/1.1 200 OK Date: Thu, 21 Oct 2010 11:19:53 GMT Server: Apache Content-Encoding: gzip Content-Length: 797 Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Content-Type: image/png; PrxMsg: Filter GIF Cache-Control: public, max-age=86400 Last-Modified: Thu, 21 Oct 2010 11:19:11 GMT; PrxMsg: added |.*.URL-ID: (2854) http://wwwq32.megaupload.com/gencap.php?910d01bf689dde2e.gif +++CLOSE 2854+++ BlockList 2855: in Exceptions-U, line 1102 GET 2855 : User Keywords: .a_gifs:0. BlockList 2855: in Danger, line 56 => LOGwin open ? BlockList 2855: in Mem-SpoofVars, line 1 GET 2855 : Time: 13:19:11::250 +++GET 2855+++ GET /gencap.php?910d01bf689dde2e.gif HTTP/1.1 Host: wwwq32.megaupload.com Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Referer: http://www.megaupload.com/?d=GF17TSWR Connection: keep-alive Client-IP: 195.173.128.127 User-Agent: Via: 1.1 cso08sqd01:3128 (Squid/2.3.STABLE4), 1.1 bibserv0593:3128 (Squid/2.1.PATCH1) X-Forwarded-For: 195.173.128.127 RESP 2855 : Compressed "image/png; PrxMsg: Filter GIF" re-requested without Accept-Encoding JumpTo: http://wwwq32.megaupload.com/gencap.php?910d01bf689dde2e.gif RESP 2855 : Vary killed: Accept-Encoding RESP 2855 : Time: 13:19:11::703 +++RESP 2855+++ HTTP/1.1 200 OK Date: Thu, 21 Oct 2010 11:19:54 GMT Server: Apache Content-Encoding: gzip Content-Length: 797 Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Content-Type: image/png; PrxMsg: Filter GIF Cache-Control: public, max-age=86400 Last-Modified: Thu, 21 Oct 2010 11:19:11 GMT; PrxMsg: added |.*.URL-ID: (2855) http://wwwq32.megaupload.com/gencap.php?910d01bf689dde2e.gif +++CLOSE 2855+++ BlockList 2856: in Exceptions-U, line 1102 GET 2856 : User Keywords: .a_gifs:0. BlockList 2856: in Danger, line 56 => LOGwin open ? BlockList 2856: in Mem-SpoofVars, line 1 GET 2856 : Time: 13:19:11::750 +++GET 2856+++ GET /gencap.php?910d01bf689dde2e.gif HTTP/1.1 Host: wwwq32.megaupload.com Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Referer: http://www.megaupload.com/?d=GF17TSWR Connection: keep-alive Client-IP: 195.173.128.127 User-Agent: Via: 1.1 cso08sqd01:3128 (Squid/2.3.STABLE4), 1.1 bibserv0593:3128 (Squid/2.1.PATCH1) X-Forwarded-For: 195.173.128.127 RESP 2856 : Compressed "image/png; PrxMsg: Filter GIF" re-requested without Accept-Encoding JumpTo: http://wwwq32.megaupload.com/gencap.php?910d01bf689dde2e.gif RESP 2856 : Vary killed: Accept-Encoding RESP 2856 : Time: 13:19:12::125 +++RESP 2856+++ HTTP/1.1 200 OK Date: Thu, 21 Oct 2010 11:19:54 GMT Server: Apache Content-Encoding: gzip Content-Length: 797 Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Content-Type: image/png; PrxMsg: Filter GIF Cache-Control: public, max-age=86400 Last-Modified: Thu, 21 Oct 2010 11:19:12 GMT; PrxMsg: added |.*.URL-ID: (2856) http://wwwq32.megaupload.com/gencap.php?910d01bf689dde2e.gif +++CLOSE 2856+++ BlockList 2857: in Exceptions-U, line 1102 GET 2857 : User Keywords: .a_gifs:0. BlockList 2857: in Danger, line 56 => LOGwin open ? BlockList 2857: in Mem-SpoofVars, line 1 GET 2857 : Time: 13:19:12::171 +++GET 2857+++ GET /gencap.php?910d01bf689dde2e.gif HTTP/1.1 Host: wwwq32.megaupload.com Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Referer: http://www.megaupload.com/?d=GF17TSWR Connection: keep-alive Client-IP: 195.173.128.127 User-Agent: Via: 1.1 cso08sqd01:3128 (Squid/2.3.STABLE4), 1.1 bibserv0593:3128 (Squid/2.1.PATCH1) X-Forwarded-For: 195.173.128.127 RESP 2857 : Compressed "image/png; PrxMsg: Filter GIF" re-requested without Accept-Encoding JumpTo: http://wwwq32.megaupload.com/gencap.php?910d01bf689dde2e.gif RESP 2857 : Vary killed: Accept-Encoding RESP 2857 : Time: 13:19:12::609 +++RESP 2857+++ HTTP/1.1 200 OK Date: Thu, 21 Oct 2010 11:19:54 GMT Server: Apache Content-Encoding: gzip Content-Length: 797 Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Content-Type: image/png; PrxMsg: Filter GIF Cache-Control: public, max-age=86400 Last-Modified: Thu, 21 Oct 2010 11:19:12 GMT; PrxMsg: added |.*.URL-ID: (2857) http://wwwq32.megaupload.com/gencap.php?910d01bf689dde2e.gif +++CLOSE 2857+++ BlockList 2858: in Exceptions-U, line 1102 GET 2858 : User Keywords: .a_gifs:0. BlockList 2858: in Danger, line 56 => LOGwin open ? BlockList 2858: in Mem-SpoofVars, line 1 GET 2858 : Time: 13:19:12::671 +++GET 2858+++ GET /gencap.php?910d01bf689dde2e.gif HTTP/1.1 Host: wwwq32.megaupload.com Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Referer: http://www.megaupload.com/?d=GF17TSWR Connection: keep-alive Client-IP: 195.173.128.127 User-Agent: Via: 1.1 cso08sqd01:3128 (Squid/2.3.STABLE4), 1.1 bibserv0593:3128 (Squid/2.1.PATCH1) X-Forwarded-For: 195.173.128.127 RESP 2858 : Compressed "image/png; PrxMsg: Filter GIF" re-requested without Accept-Encoding JumpTo: http://wwwq32.megaupload.com/gencap.php?910d01bf689dde2e.gif RESP 2858 : Vary killed: Accept-Encoding RESP 2858 : Time: 13:19:13::125 +++RESP 2858+++ HTTP/1.1 200 OK Date: Thu, 21 Oct 2010 11:19:55 GMT Server: Apache Content-Encoding: gzip Content-Length: 797 Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Content-Type: image/png; PrxMsg: Filter GIF Cache-Control: public, max-age=86400 Last-Modified: Thu, 21 Oct 2010 11:19:13 GMT; PrxMsg: added |.*.URL-ID: (2858) http://wwwq32.megaupload.com/gencap.php?910d01bf689dde2e.gif +++CLOSE 2858+++ GET 2859 : Time: 13:19:13::171 RESP 2859 : Time: 13:19:13::171