Network Analysis

GET / HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: yandex.ru

HTTP/1.1 200 Ok Accept-CH: Viewport-Width, DPR, Device-Memory, RTT, Downlink, ECT Accept-CH-Lifetime: 31536000 Cache-Control: no-cache,no-store,max-age=0,must-revalidate Content-Security-Policy: media-src *.cdn.ngenix.net blob: *.strm.yandex.net *.strm.yandex.ru *.yandex.net strm.yandex.ru yandex.ru yandex.st yastatic.net banners.adfox.ru content.adfox.ru yastat.net data:;child-src passport.yandex.ru yandex.ru yastatic.net 'self' blob: zen.yandex.ru awaps.yandex.net yandexadexchange.net *.yandexadexchange.net storage.mds.yandex.net *.yandex.ru banners.adfox.ru yastat.net mc.yandex.ru mc.yandex.md passport.yandex.ru;connect-src *.cdn.ngenix.net *.mc.yandex.ru *.strm.yandex.net adstat.yandex.ru auto.ru blob: favicon.yandex.net log.strm.yandex.ru mc.yandex.com thequestion.ru www.kinopoisk.ru zen-yandex-ru.cdnclab.net yandex.ru yastatic.net yastat.net 'self' portal-xiva.yandex.net wss://portal-xiva.yandex.net strm.yandex.ru mobile.yandex.net yabs.yandex.ru wss://webasr.voicetech.yandex.net zen.yandex.ru *.mediascope.mc.yandex.ru *.strm.yandex.ru frontend.vh.yandex.ru wss://push.yandex.ru an.yandex.ru mc.yandex.ru yandex.st matchid.adfox.yandex.ru adfox.yandex.ru ads.adfox.ru ads6.adfox.ru jstracer.yandex.ru awaps.yandex.net awaps.yandex.ru mc.admetrica.ru;style-src 'unsafe-inline' yastatic.net zen.yandex.ru yandex.st banners.adfox.ru content.adfox.ru yastat.net;img-src *.verify.yandex.ru auto.ru strm.yandex.net thequestion.ru www.kinopoisk.ru zen-yandex-ru.cdnclab.net 'self' yastatic.net data: yandex.ru resize.yandex.net *.strm.yandex.net strm.yandex.ru avatars.mds.yandex.net favicon.yandex.net yabs.yandex.ru zen.yandex.ru s3.mds.yandex.net zen.s3.yandex.net *.mediascope.mc.yandex.ru ad.adriver.ru bs.serving-sys.com ad.doubleclick.net gdeby.hit.gemius.pl mc.yandex.ru verify.yandex.ru px.moatads.com mc.admetrica.ru wcm-ru.frontend.weborama.fr wcm.solution.weborama.fr amc.yandex.ru tns-counter.ru *.tns-counter.ru avatars-fast.yandex.net banners.adfox.ru content.adfox.ru ads.adfox.ru ads6.adfox.ru yastat.net storage.mds.yandex.net an.yandex.ru awaps.yandex.net awaps.yandex.ru gdero.hit.gemius.pl pixel.adlooxtracking.com tps.doubleverify.com pixel.adsafeprotected.com impression.appsflyer.com mc.yandex.com;report-uri https://csp.yandex.net/csp?project=morda&from=morda.big.ru&showid=1633592374.94051.85207.176020&h=stable-morda-man-yp-430&csp=new&date=20211007&yandexuid=7114319251633592374;script-src 'nonce-3rRHD+6VbcqPpsS+YqeuiQ==' mc.yandex.com zen-yandex-ru.cdnclab.net yastatic.net yandex.ru 'self' zen.yandex.ru an.yandex.ru yandex.st mc.yandex.ru banners.adfox.ru ads.adfox.ru ads6.adfox.ru yastat.net;default-src yastatic.net yastat.net zen.yandex.ru awaps.yandex.net awaps.yandex.ru;font-src yastatic.net zen.yandex.ru an.yandex.ru yastat.net data: 'self';object-src avatars.mds.yandex.net Content-Type: text/html; charset=UTF-8 Date: Thu, 07 Oct 2021 07:39:35 GMT Expires: Thu, 07 Oct 2021 07:39:35 GMT Last-Modified: Thu, 07 Oct 2021 07:39:35 GMT NEL: {"report_to": "network-errors", "max_age": 86400, "success_fraction": 0.001, "failure_fraction": 0.1} P3P: policyref="/w3c/p3p.xml", CP="NON DSP ADM DEV PSD IVDo OUR IND STP PHY PRE NAV UNI" Report-To: { "group": "network-errors", "max_age": 86400, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]} Set-Cookie: yp=1636184375.ygu.1; Expires=Sun, 05-Oct-2031 07:39:35 GMT; Domain=.yandex.ru; Path=/ Set-Cookie: mda=0; Expires=Fri, 04-Feb-2022 07:39:34 GMT; Domain=.yandex.ru; Path=/ Set-Cookie: yandex_gid=10635; Expires=Sat, 06-Nov-2021 07:39:35 GMT; Domain=.yandex.ru; Path=/ Set-Cookie: yandexuid=7114319251633592374; Path=/; Domain=.yandex.ru; Expires=Sun, 05-Oct-2031 07:39:35 GMT; Secure Set-Cookie: is_gdpr=0; Path=/; Domain=.yandex.ru; Expires=Sat, 07 Oct 2023 07:39:34 GMT Set-Cookie: is_gdpr_b=CKDNLhDiSSgC; Path=/; Domain=.yandex.ru; Expires=Sat, 07 Oct 2023 07:39:34 GMT Set-Cookie: _yasc=OksR5cxhSkvZg+lBiO5yzh7no/xEBjseBM0gtncOJTWakZA0; domain=.yandex.ru; path=/; expires=Sat, 06-Nov-2021 07:39:34 GMT; secure Set-Cookie: i=TXkSzprxhB7plFXwqWCrqhGQ6z1NOdx+Ks99g9IEzshDewm6F88gzjeRPYixjjqCklodoRmwgwjUSm9kxJJU+HcKoXY=; Expires=Sat, 07-Oct-2023 07:39:34 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly Strict-Transport-Security: max-age=31536000; includeSubDomains Transfer-Encoding: chunked X-Content-Type-Options: nosniff X-Frame-Options: DENY X-Requestid: 1633592374.94051.85207.176020 X-Yandex-Req-Id: 1633592374933396-6091855718111431925-man1-2801-ef2-man-l7-balancer-8080-BAL-3744

GET /widget HTTP/1.1 Connection: Keep-Alive Referer: https://ipinfo.io/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: ipinfo.io

HTTP/1.1 200 OK access-control-allow-origin: * x-frame-options: DENY x-xss-protection: 1; mode=block x-content-type-options: nosniff referrer-policy: strict-origin-when-cross-origin content-type: application/json; charset=utf-8 content-length: 856 date: Thu, 07 Oct 2021 07:39:39 GMT x-envoy-upstream-service-time: 20 vary: Accept-Encoding Via: 1.1 google Alt-Svc: clear

GET /attachments/882087629896691744/894083102190764052/Cube_WW14.bmp HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: cdn.discordapp.com Cache-Control: no-cache

HTTP/1.1 200 OK Date: Thu, 07 Oct 2021 07:39:40 GMT Content-Type: image/x-ms-bmp Content-Length: 536064 Connection: keep-alive CF-Ray: 69a57a1bd96012da-ICN Accept-Ranges: bytes Age: 355912 Cache-Control: public, max-age=31536000 Content-Disposition: attachment;%20filename=Cube_WW14.bmp ETag: "34f00bd852d270517b0d3116e328c619" Expires: Fri, 07 Oct 2022 07:39:40 GMT Last-Modified: Sun, 03 Oct 2021 04:47:02 GMT Vary: Accept-Encoding CF-Cache-Status: HIT Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" x-goog-generation: 1633236422874027 x-goog-hash: crc32c=dO358g== x-goog-hash: md5=NPAL2FLScFF7DTEW4yjGGQ== x-goog-metageneration: 1 x-goog-storage-class: STANDARD x-goog-stored-content-encoding: identity x-goog-stored-content-length: 536064 X-GUploader-UploadID: ADPycdt4qK3x2-wOSnuth4mzxlFCLLtORl78UpC85rmtkBcv21VwpDWGVN4AkTV1Xqo1InAFEexy1vwFJOUp4C1qQlNKE_momA X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZusULHfmxOmd02tiZMJBQ93s0E0%2BFBEpexaR3kbLBLDjcR53b9dLwGO7YVKTYFiPcIBCu%2F8yro8so4OXyTXIPrK2agPYHDMkmHRHd%2Faa3kzdbwifV6jXUGBr6Z4KqgHIWygOFQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare

GET /attachments/891021838312931420/895238855698051082/PL_Client.bmp HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Host: cdn.discordapp.com Cache-Control: no-cache

HTTP/1.1 200 OK Date: Thu, 07 Oct 2021 07:39:42 GMT Content-Type: image/x-ms-bmp Content-Length: 1300996 Connection: keep-alive CF-Ray: 69a57a24dff40f9c-ICN Accept-Ranges: bytes Age: 80311 Cache-Control: public, max-age=31536000 Content-Disposition: attachment;%20filename=PL_Client.bmp ETag: "5c6b4c34ed881fd8559bb252caf6e887" Expires: Fri, 07 Oct 2022 07:39:42 GMT Last-Modified: Wed, 06 Oct 2021 09:19:35 GMT Vary: Accept-Encoding CF-Cache-Status: HIT Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" x-goog-generation: 1633511975988815 x-goog-hash: crc32c=rqLs/A== x-goog-hash: md5=XGtMNO2IH9hVm7JSyvbohw== x-goog-metageneration: 1 x-goog-storage-class: STANDARD x-goog-stored-content-encoding: identity x-goog-stored-content-length: 1300996 X-GUploader-UploadID: ADPycdvGSiHuwQToUA74MGfsFjAFdjmZSsudEEvXhQRzG2B9d8nCK5tiPbagOCqEum2hqYqjzU_kNSCss1TgS8df6eNr86cA4g X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KjunyR6yOh4EpciP944F3Zpp9DJvJ2wc6%2FH4%2Fl2DNdPwfvopRZMZJ%2BM3zTseXx0Y75AeF7c1OkCzforBvx%2FaMbSS%2FfRShwFhkwWkX5ktVD5%2BO349nXQoW7cCh8se17V34M4Krg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare

GET /widget HTTP/1.1 Connection: Keep-Alive Referer: https://ipinfo.io/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: ipinfo.io

HTTP/1.1 200 OK access-control-allow-origin: * x-frame-options: DENY x-xss-protection: 1; mode=block x-content-type-options: nosniff referrer-policy: strict-origin-when-cross-origin content-type: application/json; charset=utf-8 content-length: 856 date: Thu, 07 Oct 2021 07:39:42 GMT x-envoy-upstream-service-time: 25 vary: Accept-Encoding Via: 1.1 google Alt-Svc: clear

GET /attachments/882087629896691744/890166075864543242/installer_2021-09-21_16-31.bmp HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: cdn.discordapp.com Cache-Control: no-cache

HTTP/1.1 200 OK Date: Thu, 07 Oct 2021 07:39:52 GMT Content-Type: image/x-ms-bmp Content-Length: 195072 Connection: keep-alive CF-Ray: 69a57a635c39e9c4-ICN Accept-Ranges: bytes Age: 1260267 Cache-Control: public, max-age=31536000 Content-Disposition: attachment;%20filename=installer_2021-09-21_16-31.bmp ETag: "6204c8a17955659856af5a12899414f5" Expires: Fri, 07 Oct 2022 07:39:52 GMT Last-Modified: Wed, 22 Sep 2021 09:22:11 GMT Vary: Accept-Encoding CF-Cache-Status: HIT Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" x-goog-generation: 1632302531016068 x-goog-hash: crc32c=/sfDOg== x-goog-hash: md5=YgTIoXlVZZhWr1oSiZQU9Q== x-goog-metageneration: 1 x-goog-storage-class: STANDARD x-goog-stored-content-encoding: identity x-goog-stored-content-length: 195072 X-GUploader-UploadID: ADPycdsmEThEYlVECM-emhq3TgLPHld8LJEVhahtYVka7dl-VpGwW7c5dMGjxl0FbSiAnlzsFibvgAnJx0awiRW3QtY X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WrKbAMq7zzXqW%2FkK2FU1Wzucj1LxTcQDktpdkj8amSLsRNbdE5fcmsZYiEcSRT0FHZnVtgrgQQQHHEqkSHy6oO%2FDuVxfPflBVh2cbmcsw0ZRhqqcru7oQ8fcmbp7mtxVfocXWg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare

GET /attachments/882087629896691744/890166081547825162/LivelyScreenRecLy2109.bmp HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: cdn.discordapp.com Cache-Control: no-cache

HTTP/1.1 200 OK Date: Thu, 07 Oct 2021 07:39:52 GMT Content-Type: image/x-ms-bmp Content-Length: 1575424 Connection: keep-alive CF-Ray: 69a57a6359c60154-ICN Accept-Ranges: bytes Age: 1289731 Cache-Control: public, max-age=31536000 Content-Disposition: attachment;%20filename=LivelyScreenRecLy2109.bmp ETag: "2b3291f262d10bf7111cceadd232103c" Expires: Fri, 07 Oct 2022 07:39:52 GMT Last-Modified: Wed, 22 Sep 2021 09:22:12 GMT Vary: Accept-Encoding CF-Cache-Status: HIT Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" x-goog-generation: 1632302532379731 x-goog-hash: crc32c=z5S+6Q== x-goog-hash: md5=KzKR8mLRC/cRHM6t0jIQPA== x-goog-metageneration: 1 x-goog-storage-class: STANDARD x-goog-stored-content-encoding: identity x-goog-stored-content-length: 1575424 X-GUploader-UploadID: ADPycdsaNEpvdLyqMBon2cJ3WSVtx013x9msCS_It5CDDAJ0cpjcBkYwe6CF92kx0lBxruMmMbF46OJTtHC6istSVXk X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RQQLcdYbyK4XxtgAg8n1kAsjDrePF2Gn4G6%2BCMSGQsoelKPOe1Oo%2BvhqoZS9PR4wPz1zQ1uozjLcUbNKLGLRIoyR3WX9%2Bmzgf1oUtWZ8s8LEnurVQ2VuYgYA13Hbk64pnOjnZQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare

GET /sfx_123_207.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: dc-repository.com Cache-Control: no-cache

HTTP/1.1 200 OK Date: Thu, 07 Oct 2021 07:39:52 GMT Content-Type: application/octet-stream Content-Length: 1233725 Connection: keep-alive last-modified: Thu, 23 Sep 2021 10:32:17 GMT etag: "614c57b1-12d33d" Cache-Control: max-age=14400 CF-Cache-Status: HIT Age: 3988 Accept-Ranges: bytes Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mf%2F4uI6wAOlAGnU38CuU0Qi2ZrYXhC1687ukZhy70SrFJdSHfsVDFxGOg3W8I1vd6VndJ9NtaSBM%2FmsYl2QTEafqLan3BbSPA4Bdoe9kxhKSWVvQY3B72k8AYxPsGBhbZGmzJg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 69a57a65897a0a4e-KIX alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET / HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36 Host: www.listincode.com Cache-Control: no-cache

HTTP/1.1 200 OK Server: nginx Date: Thu, 07 Oct 2021 07:39:57 GMT Content-Type: text/html Content-Length: 2 Connection: keep-alive X-Powered-By: PHP/5.4.45 Access-Control-Allow-Origin: *

GET /14Jup7 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36 Host: iplogger.org Cache-Control: no-cache

HTTP/1.1 200 OK Server: nginx Date: Thu, 07 Oct 2021 07:39:58 GMT Content-Type: image/png Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=rq68vdq10s6lf01apo2mji5s14; path=/; HttpOnly Pragma: no-cache Set-Cookie: clhf03028ja=175.208.134.150; expires=Wed, 18-Jul-2029 05:49:51 GMT; Max-Age=245455793; path=/ Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Cache-Control: no-cache Expires: Thu, 01 Jan 1970 00:00:01 GMT Answers: 1 whoami: 2545b4ccbc3d20c553c5c74e8fab8603327ecdc0f45cc13358586ab2a94d337e Strict-Transport-Security: max-age=31536000; preload X-Frame-Options: DENY

GET /Sharefolder.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: publishersharef.s3.eu-north-1.amazonaws.com Cache-Control: no-cache

HTTP/1.1 200 OK x-amz-id-2: bQtR5bvttsznjgcGBuvN7ZDraeXlNNeXUGYMGnMsxeSFrkix38/+ff2XBAN0dnSt8rKbVNsd+ZQ= x-amz-request-id: PXNA811HHBWY6VVD Date: Thu, 07 Oct 2021 07:41:05 GMT Last-Modified: Mon, 04 Oct 2021 12:41:39 GMT ETag: "168f3e8c4657a0fe90a2338f3971f6ed" Accept-Ranges: bytes Content-Type: application/x-msdownload Server: AmazonS3 Content-Length: 758976

POST /Series/SuperNitou.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: connectini.net Content-Length: 51 Expect: 100-continue Connection: Keep-Alive

HTTP/1.1 100 Continue

GET /proxies.txt HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: 45.133.1.182

HTTP/1.1 200 OK Date: Thu, 07 Oct 2021 07:39:38 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Thu, 23 Sep 2021 13:50:07 GMT ETag: "9cb-5cca9e899c901" Accept-Ranges: bytes Content-Length: 2507 Vary: Accept-Encoding Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/plain

POST /service/communication.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Content-Length: 25 Host: 37.0.8.119

HTTP/1.1 200 OK Date: Thu, 07 Oct 2021 07:39:39 GMT Server: Apache/2.4.47 (Win64) OpenSSL/1.1.1k PHP/7.3.28 X-Powered-By: PHP/7.3.28 Content-Length: 3 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

POST /service/communication.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Content-Length: 73 Host: 37.0.8.119

HTTP/1.1 200 OK Date: Thu, 07 Oct 2021 07:39:39 GMT Server: Apache/2.4.47 (Win64) OpenSSL/1.1.1k PHP/7.3.28 X-Powered-By: PHP/7.3.28 Content-Length: 90 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

GET /proxies.txt HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Host: 45.133.1.182

HTTP/1.1 200 OK Date: Thu, 07 Oct 2021 07:39:41 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Thu, 23 Sep 2021 13:50:07 GMT ETag: "9cb-5cca9e899c901" Accept-Ranges: bytes Content-Length: 2507 Vary: Accept-Encoding Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/plain

GET /base/api/statistics.php HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Host: 37.0.8.119

HTTP/1.1 200 OK Date: Thu, 07 Oct 2021 07:39:41 GMT Server: Apache/2.4.47 (Win64) OpenSSL/1.1.1k PHP/7.3.28 X-Powered-By: PHP/7.3.28 Content-Length: 94 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

POST /base/api/getData.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Content-Length: 389 Host: 37.0.8.119

HTTP/1.1 200 OK Date: Thu, 07 Oct 2021 07:39:42 GMT Server: Apache/2.4.47 (Win64) OpenSSL/1.1.1k PHP/7.3.28 X-Powered-By: PHP/7.3.28 Content-Length: 108 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

POST /base/api/getData.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Content-Length: 133 Host: 37.0.8.119

HTTP/1.1 200 OK Date: Thu, 07 Oct 2021 07:39:43 GMT Server: Apache/2.4.47 (Win64) OpenSSL/1.1.1k PHP/7.3.28 X-Powered-By: PHP/7.3.28 Content-Length: 108 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

HEAD /download/NiceProcessX64.bmp HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: 45.133.1.107 Content-Length: 0 Cache-Control: no-cache

HTTP/1.1 200 OK Date: Thu, 07 Oct 2021 07:39:44 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Sat, 11 Sep 2021 15:36:23 GMT ETag: "4fa00-5cbb9fe84ddf3" Accept-Ranges: bytes Content-Length: 326144 Content-Type: image/x-ms-bmp

GET /download/NiceProcessX64.bmp HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: 45.133.1.107 Cache-Control: no-cache

HTTP/1.1 200 OK Date: Thu, 07 Oct 2021 07:39:44 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Sat, 11 Sep 2021 15:36:23 GMT ETag: "4fa00-5cbb9fe84ddf3" Accept-Ranges: bytes Content-Length: 326144 Content-Type: image/x-ms-bmp

POST /base/api/getData.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Content-Length: 133 Host: 37.0.8.119

HTTP/1.1 200 OK Date: Thu, 07 Oct 2021 07:39:51 GMT Server: Apache/2.4.47 (Win64) OpenSSL/1.1.1k PHP/7.3.28 X-Powered-By: PHP/7.3.28 Content-Length: 1856 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

HEAD /pub.php?pub=two HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: 194.145.227.159 Content-Length: 0 Cache-Control: no-cache

HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Thu, 07 Oct 2021 07:39:52 GMT Content-Type: application/octet-stream Connection: keep-alive X-Powered-By: PHP/5.4.16 Content-Description: File Transfer Content-Disposition: attachment; filename=setup.exe Content-Transfer-Encoding: binary

HEAD /pub3.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: threesmallhills.com Content-Length: 0 Cache-Control: no-cache

HTTP/1.1 200 OK Date: Thu, 07 Oct 2021 07:39:52 GMT Server: Apache/2.4.38 (Debian) Last-Modified: Thu, 07 Oct 2021 07:26:02 GMT ETag: "39000-5cdbe2ccd85ef" Accept-Ranges: bytes Content-Length: 233472 Connection: close Content-Type: application/x-msdos-program

HEAD /askhelp58/askinstall58.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: www.nqhobby.com Content-Length: 0 Cache-Control: no-cache

HTTP/1.1 302 Found Server: nginx Date: Thu, 07 Oct 2021 07:39:52 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive X-Powered-By: PHP/5.6.40 Location: http://www.nqhobby.com/askinstall58.exe

HEAD /adsli/md7_7dfj.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: ukcom.pw Content-Length: 0 Cache-Control: no-cache

HTTP/1.1 200 OK Content-Length: 2228736 Content-Type: application/octet-stream Last-Modified: Wed, 06 Oct 2021 03:21:36 GMT Accept-Ranges: bytes ETag: "ad4a54561bad71:0" Server: Microsoft-IIS/8.5 Date: Wed, 06 Oct 2021 23:39:51 GMT

HEAD /CalcCryptoInstalww.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: install-cb.ru Content-Length: 0 Cache-Control: no-cache

HTTP/1.1 200 OK Server: nginx Date: Thu, 07 Oct 2021 07:39:52 GMT Content-Type: application/octet-stream Content-Length: 3868032 Last-Modified: Wed, 06 Oct 2021 18:29:04 GMT Connection: keep-alive ETag: "615deaf0-3b0580" Accept-Ranges: bytes

GET /pub3.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: threesmallhills.com Cache-Control: no-cache

HTTP/1.1 200 OK Date: Thu, 07 Oct 2021 07:39:53 GMT Server: Apache/2.4.38 (Debian) Last-Modified: Thu, 07 Oct 2021 07:26:02 GMT ETag: "39000-5cdbe2ccd85ef" Accept-Ranges: bytes Content-Length: 233472 Connection: close Content-Type: application/x-msdos-program

GET /adsli/md7_7dfj.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: ukcom.pw Cache-Control: no-cache

HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Wed, 06 Oct 2021 03:21:36 GMT Accept-Ranges: bytes ETag: "ad4a54561bad71:0" Server: Microsoft-IIS/8.5 Date: Wed, 06 Oct 2021 23:39:51 GMT Content-Length: 2228736

GET /pub.php?pub=two HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: 194.145.227.159 Cache-Control: no-cache

HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Thu, 07 Oct 2021 07:39:52 GMT Content-Type: application/octet-stream Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/5.4.16 Content-Description: File Transfer Content-Disposition: attachment; filename=setup.exe Content-Transfer-Encoding: binary

HEAD /askinstall58.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: www.nqhobby.com Content-Length: 0 Cache-Control: no-cache Connection: Keep-Alive

HTTP/1.1 200 OK Server: nginx Date: Thu, 07 Oct 2021 07:39:52 GMT Content-Type: application/octet-stream Content-Length: 1521152 Last-Modified: Thu, 07 Oct 2021 03:18:45 GMT Connection: keep-alive ETag: "615e6715-173600" Accept-Ranges: bytes

GET /CalcCryptoInstalww.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: install-cb.ru Cache-Control: no-cache

HTTP/1.1 200 OK Server: nginx Date: Thu, 07 Oct 2021 07:39:53 GMT Content-Type: application/octet-stream Content-Length: 3868032 Last-Modified: Wed, 06 Oct 2021 18:29:04 GMT Connection: keep-alive ETag: "615deaf0-3b0580" Accept-Ranges: bytes

GET /askhelp58/askinstall58.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: www.nqhobby.com Cache-Control: no-cache

HTTP/1.1 302 Found Server: nginx Date: Thu, 07 Oct 2021 07:39:53 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive X-Powered-By: PHP/5.6.40 Location: http://www.nqhobby.com/askinstall58.exe

GET /askinstall58.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: www.nqhobby.com Cache-Control: no-cache Connection: Keep-Alive

HTTP/1.1 200 OK Server: nginx Date: Thu, 07 Oct 2021 07:39:53 GMT Content-Type: application/octet-stream Content-Length: 1521152 Last-Modified: Thu, 07 Oct 2021 03:18:45 GMT Connection: keep-alive ETag: "615e6715-173600" Accept-Ranges: bytes

GET /seemorebty/il.php?e=CsOtXVBhUjDrvtRgizng8F7v HTTP/1.1 Connection: Keep-Alive Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image webp,image apng, q=0.8,application signed-exchange v=b3 Accept-Language: en-US,en;q=0.9 Referer: https://www.facebook.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit 537.36 (KHTML, like Gecko) Chrome 70.0.3538.110 Safari 537.36 Host: 186.2.171.3

HTTP/1.1 200 OK Server: ddos-guard Connection: keep-alive Keep-Alive: timeout=60 Set-Cookie: __ddg1=8mRqApWh0s7bITuEyd81; Domain=.171.3; HttpOnly; Path=/; Expires=Fri, 07-Oct-2022 07:39:58 GMT Date: Thu, 07 Oct 2021 07:39:23 GMT Upgrade: h2 Content-Length: 0 Content-Type: text/html; charset=UTF-8

GET / HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36 Host: www.iyiqian.com Cache-Control: no-cache

HTTP/1.1 200 OK Server: nginx Date: Thu, 07 Oct 2021 07:39:39 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 16 Connection: keep-alive X-Powered-By: PHP/5.6.40

POST /Home/Index/lkdinl HTTP/1.1 Content-Type: application/x-www-form-urlencoded;charset=utf-8 User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36 Host: www.cjnovone.top Content-Length: 221 Cache-Control: no-cache

HTTP/1.1 200 OK Server: nginx Date: Thu, 07 Oct 2021 07:40:15 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive X-Powered-By: PHP/5.6.40 Set-Cookie: PHPSESSID=91jo1v9u40og30f72nv0a0kc90; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Access-Control-Allow-Origin: *

HEAD /Installer_Provider/ShareFolder.exe HTTP/1.1 Accept: */* User-Agent: InnoDownloadPlugin/1.5 Host: safialinks.com Content-Length: 0 Connection: Keep-Alive Cache-Control: no-cache

HTTP/1.1 200 OK Date: Thu, 07 Oct 2021 07:41:07 GMT Server: Apache Last-Modified: Mon, 04 Oct 2021 16:02:32 GMT ETag: "9d600-5cd890a629600" Accept-Ranges: bytes Content-Length: 644608 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: application/x-msdos-program

GET /Installer_Provider/ShareFolder.exe HTTP/1.1 Accept: */* User-Agent: InnoDownloadPlugin/1.5 Host: safialinks.com Connection: Keep-Alive Cache-Control: no-cache

HTTP/1.1 200 OK Date: Thu, 07 Oct 2021 07:41:07 GMT Server: Apache Last-Modified: Mon, 04 Oct 2021 16:02:32 GMT ETag: "9d600-5cd890a629600" Accept-Ranges: bytes Content-Length: 644608 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: application/x-msdos-program

POST /base/api/getData.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Content-Length: 413 Host: 37.0.8.119

HTTP/1.1 200 OK Date: Thu, 07 Oct 2021 07:41:17 GMT Server: Apache/2.4.47 (Win64) OpenSSL/1.1.1k PHP/7.3.28 X-Powered-By: PHP/7.3.28 Content-Length: 108 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

GET /roots/dstrootcax3.p7c HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: apps.identrust.com

HTTP/1.1 200 OK x-amz-id-2: 9Ndhy35PBwObEEDhFu8m9nRCQ/hiAbsPwcUKSsvbPqJZJ0WsXbYVgxyyqLESkKu0S2T3wvjUvPw= x-amz-request-id: 0KJ190E262CQYRBJ Date: Thu, 07 Oct 2021 07:41:20 GMT Cache-Control: public, max-age=31536000 Expires: Mon, 30 Sep 2024 11:59:59 GMT Last-Modified: Tue, 05 Oct 2021 13:35:16 GMT ETag: "d4ae187b4574036c2d76b6df8a8c1a30" Content-Type: application/pkcs7-mime Server: AmazonS3 Content-Length: 893

GET /Widgets/FolderShare.exe HTTP/1.1 Host: safialinks.com Connection: Keep-Alive

HTTP/1.1 200 OK Date: Thu, 07 Oct 2021 07:41:23 GMT Server: Apache Last-Modified: Mon, 27 Sep 2021 11:36:59 GMT ETag: "bc800-5ccf883d15179" Accept-Ranges: bytes Content-Length: 772096 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: application/x-msdos-program

GET /xJRtjaHLw25uhP75sj4j5SDQa3dAyG/BestCPM/Soft_Manager_Cpm.exe HTTP/1.1 Host: safialinks.com

HTTP/1.1 200 OK Date: Thu, 07 Oct 2021 07:41:28 GMT Server: Apache Last-Modified: Mon, 04 Oct 2021 14:37:06 GMT ETag: "53400-5cd87d8da0880" Accept-Ranges: bytes Content-Length: 340992 Content-Type: application/x-msdos-program