Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
127s -
max time network
140s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
-
submitted
05/12/2022, 10:41 UTC
General
-
Target
https://telegra.ph/VN-873697-12-03#'s
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 5 IoCs
-
Suspicious use of FindShellTrayWindow 34 IoCs
-
Suspicious use of SendNotifyMessage 32 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" https://telegra.ph/VN-873697-12-03#'s1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fefb264f50,0x7fefb264f60,0x7fefb264f702⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1108,3075719250263440314,4444853376053936228,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1216 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1108,3075719250263440314,4444853376053936228,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1120 /prefetch:22⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1108,3075719250263440314,4444853376053936228,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1732 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1108,3075719250263440314,4444853376053936228,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2040 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1108,3075719250263440314,4444853376053936228,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2052 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1108,3075719250263440314,4444853376053936228,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3116 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1108,3075719250263440314,4444853376053936228,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3376 /prefetch:22⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1108,3075719250263440314,4444853376053936228,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2896 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1108,3075719250263440314,4444853376053936228,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3928 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1108,3075719250263440314,4444853376053936228,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2136 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1108,3075719250263440314,4444853376053936228,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=544 /prefetch:82⤵
-
Network
-
DNStelegra.phRemote address:8.8.8.8:53Requesttelegra.phIN AResponsetelegra.phIN A149.154.164.13 -
DNSaccounts.google.comRemote address:8.8.8.8:53Requestaccounts.google.comIN AResponseaccounts.google.comIN A142.251.36.45
-
DNSclients2.google.comRemote address:8.8.8.8:53Requestclients2.google.comIN AResponseclients2.google.comIN CNAMEclients.l.google.comclients.l.google.comIN A172.217.168.238
-
GEThttps://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=89.0.4389.114&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D115%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D115%2526e%253D1Remote address:172.217.168.238:443RequestGET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=89.0.4389.114&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D115%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D115%2526e%253D1 HTTP/2.0
host: clients2.google.com
x-goog-update-interactivity: fg
x-goog-update-appid: nmmhkkegccagdldgiimedpiccmgmieda,pkedcjkdefgpdelpbcmbmeomcjbeemfm
x-goog-update-updater: chromecrx-89.0.4389.114
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
POSThttps://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standardRemote address:142.251.36.45:443RequestPOST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/2.0
host: accounts.google.com
content-length: 1
origin: https://www.google.com
content-type: application/x-www-form-urlencoded
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
GEThttps://telegra.ph/VN-873697-12-03Remote address:149.154.164.13:443RequestGET /VN-873697-12-03 HTTP/2.0
host: telegra.ph
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
server: nginx/1.20.1
date: Mon, 05 Dec 2022 10:41:54 GMT
content-type: text/html; charset=utf-8
content-length: 2229
x-frame-options: SAMEORIGIN
pragma: no-cache
cache-control: no-store
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
-
GEThttps://telegra.ph/css/quill.core.min.cssRemote address:149.154.164.13:443RequestGET /css/quill.core.min.css HTTP/2.0
host: telegra.ph
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://telegra.ph/VN-873697-12-03
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
server: nginx/1.20.1
date: Mon, 05 Dec 2022 10:41:54 GMT
content-type: text/css
last-modified: Mon, 14 Nov 2016 18:41:34 GMT
etag: W/"582a055e-1c16"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
-
GEThttps://telegra.ph/css/core.min.css?46Remote address:149.154.164.13:443RequestGET /css/core.min.css?46 HTTP/2.0
host: telegra.ph
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://telegra.ph/VN-873697-12-03
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
server: nginx/1.20.1
date: Mon, 05 Dec 2022 10:41:54 GMT
content-type: text/css
last-modified: Tue, 21 Dec 2021 00:38:19 GMT
etag: W/"61c121fb-38df3"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
-
GEThttps://telegra.ph/js/jquery.min.jsRemote address:149.154.164.13:443RequestGET /js/jquery.min.js HTTP/2.0
host: telegra.ph
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://telegra.ph/VN-873697-12-03
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
server: nginx/1.20.1
date: Mon, 05 Dec 2022 10:41:54 GMT
content-type: application/javascript
last-modified: Wed, 09 Nov 2016 17:39:54 GMT
etag: W/"58235f6a-1762a"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
-
GEThttps://telegra.ph/js/jquery.selection.min.jsRemote address:149.154.164.13:443RequestGET /js/jquery.selection.min.js HTTP/2.0
host: telegra.ph
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://telegra.ph/VN-873697-12-03
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
server: nginx/1.20.1
date: Mon, 05 Dec 2022 10:41:54 GMT
content-type: application/javascript
last-modified: Fri, 18 Nov 2016 17:42:12 GMT
etag: W/"582f3d74-a96"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
-
GEThttps://telegra.ph/js/autosize.min.jsRemote address:149.154.164.13:443RequestGET /js/autosize.min.js HTTP/2.0
host: telegra.ph
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://telegra.ph/VN-873697-12-03
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
server: nginx/1.20.1
date: Mon, 05 Dec 2022 10:41:54 GMT
content-type: application/javascript
last-modified: Fri, 18 Nov 2016 12:56:51 GMT
etag: W/"582efa93-d5b"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
-
GEThttps://telegra.ph/js/load-image.all.min.js?1Remote address:149.154.164.13:443RequestGET /js/load-image.all.min.js?1 HTTP/2.0
host: telegra.ph
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://telegra.ph/VN-873697-12-03
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
server: nginx/1.20.1
date: Mon, 05 Dec 2022 10:41:54 GMT
content-type: application/javascript
last-modified: Tue, 20 Dec 2016 17:17:36 GMT
etag: W/"585967b0-4184"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
-
GEThttps://telegra.ph/js/quill.min.js?9Remote address:149.154.164.13:443RequestGET /js/quill.min.js?9 HTTP/2.0
host: telegra.ph
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://telegra.ph/VN-873697-12-03
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
server: nginx/1.20.1
date: Mon, 05 Dec 2022 10:41:54 GMT
content-type: application/javascript
last-modified: Thu, 26 Oct 2017 12:06:45 GMT
etag: W/"59f1cfd5-31477"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
-
GEThttps://telegra.ph/js/core.min.js?63Remote address:149.154.164.13:443RequestGET /js/core.min.js?63 HTTP/2.0
host: telegra.ph
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://telegra.ph/VN-873697-12-03
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
server: nginx/1.20.1
date: Mon, 05 Dec 2022 10:41:54 GMT
content-type: application/javascript
last-modified: Mon, 11 Apr 2022 15:14:50 GMT
etag: W/"625445ea-c06b"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
-
GEThttps://telegra.ph/file/5ec8c68c878f0dff21c54.jpgRemote address:149.154.164.13:443RequestGET /file/5ec8c68c878f0dff21c54.jpg HTTP/2.0
host: telegra.ph
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://telegra.ph/VN-873697-12-03
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
server: nginx/1.20.1
date: Mon, 05 Dec 2022 10:41:54 GMT
content-type: image/jpeg
content-length: 134280
cache-control: max-age=2592000, public
expires: Wed, 04 Jan 2023 10:41:54 GMT
etag: "8a2b177c16c7f411dce0fb5d29d367895e687391"
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
-
GEThttps://telegra.ph/images/icons.png?1Remote address:149.154.164.13:443RequestGET /images/icons.png?1 HTTP/2.0
host: telegra.ph
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://telegra.ph/VN-873697-12-03
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
server: nginx/1.20.1
date: Mon, 05 Dec 2022 10:41:54 GMT
content-type: image/png
content-length: 3295
last-modified: Tue, 22 Nov 2016 01:40:43 GMT
etag: "5833a21b-cdf"
strict-transport-security: max-age=31536000; includeSubDomains; preload
accept-ranges: bytes
-
POSThttps://edit.telegra.ph/checkRemote address:149.154.164.13:443RequestPOST /check HTTP/2.0
host: edit.telegra.ph
content-length: 29
accept: application/json, text/javascript, */*; q=0.01
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
content-type: application/x-www-form-urlencoded; charset=UTF-8
origin: https://telegra.ph
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://telegra.ph/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
server: nginx/1.20.1
date: Mon, 05 Dec 2022 10:41:54 GMT
content-type: image/x-icon
content-length: 5430
last-modified: Tue, 22 Nov 2016 15:54:16 GMT
etag: "58346a28-1536"
strict-transport-security: max-age=31536000; includeSubDomains; preload
accept-ranges: bytes
-
GEThttps://telegra.ph/favicon.ico?1Remote address:149.154.164.13:443RequestGET /favicon.ico?1 HTTP/2.0
host: telegra.ph
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://telegra.ph/VN-873697-12-03
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
server: nginx/1.20.1
date: Mon, 05 Dec 2022 10:41:55 GMT
content-type: application/json; charset=utf-8
content-length: 76
access-control-allow-origin: https://telegra.ph
access-control-allow-credentials: true
set-cookie: tph_auth_alert=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; secure; HttpOnly
pragma: no-cache
cache-control: no-store
content-encoding: gzip
strict-transport-security: max-age=35768000
-
DNSedgedl.me.gvt1.comRemote address:8.8.8.8:53Requestedgedl.me.gvt1.comIN AResponseedgedl.me.gvt1.comIN A34.104.35.123
-
GEThttp://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crxRemote address:34.104.35.123:80RequestGET /edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx HTTP/1.1
Host: edgedl.me.gvt1.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 200 OK
accept-ranges: bytes
content-disposition: attachment
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
x-request-id: ab7978c1-2ebb-40fe-a988-004528475669
content-length: 248531
date: Sun, 04 Dec 2022 13:41:35 GMT
age: 75602
last-modified: Fri, 25 Feb 2022 22:08:36 GMT
etag: "c994e6"
content-type: application/x-chrome-extension
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
coprocessor-response: download-server
-
DNSdns.googleRemote address:8.8.8.8:53Requestdns.googleIN AResponsedns.googleIN A8.8.8.8dns.googleIN A8.8.4.4
-
DNSdns.googleRemote address:8.8.8.8:53Requestdns.googleIN AResponsedns.googleIN A8.8.8.8dns.googleIN A8.8.4.4
-
GEThttps://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAARemote address:8.8.8.8:443RequestGET /dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
host: dns.google
accept: application/dns-message
accept-language: *
user-agent: Chrome
accept-encoding: identity
-
GEThttps://dns.google/dns-query?dns=AAABAAABAAAAAAABA3NzbAdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAARemote address:8.8.8.8:443RequestGET /dns-query?dns=AAABAAABAAAAAAABA3NzbAdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
host: dns.google
accept: application/dns-message
accept-language: *
user-agent: Chrome
accept-encoding: identity
-
GEThttps://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAARemote address:8.8.8.8:443RequestGET /dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
host: dns.google
accept: application/dns-message
accept-language: *
user-agent: Chrome
accept-encoding: identity
-
GEThttps://dns.google/dns-query?dns=AAABAAABAAAAAAABCXRyYW5zbGF0ZQpnb29nbGVhcGlzA2NvbQAAAQABAAApEAAAAAAAAEsADABHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAARemote address:8.8.8.8:443RequestGET /dns-query?dns=AAABAAABAAAAAAABCXRyYW5zbGF0ZQpnb29nbGVhcGlzA2NvbQAAAQABAAApEAAAAAAAAEsADABHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
host: dns.google
accept: application/dns-message
accept-language: *
user-agent: Chrome
accept-encoding: identity
-
GEThttps://ssl.gstatic.com/safebrowsing/csd/client_model_v5_variation_6.pbRemote address:216.58.208.99:443RequestGET /safebrowsing/csd/client_model_v5_variation_6.pb HTTP/2.0
host: ssl.gstatic.com
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
GEThttps://t.me/_websync_?path=VN-873697-12-03&hash=9d163289f66ef4feb3Remote address:149.154.167.99:443RequestGET /_websync_?path=VN-873697-12-03&hash=9d163289f66ef4feb3 HTTP/2.0
host: t.me
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://telegra.ph/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
server: nginx/1.18.0
date: Mon, 05 Dec 2022 10:41:54 GMT
content-type: text/javascript
content-length: 25
pragma: no-cache
cache-control: no-store
content-encoding: gzip
strict-transport-security: max-age=35768000
-
GEThttps://content-autofill.googleapis.com/v1/pages/ChRDaHJvbWUvODkuMC40Mzg5LjExNBIQCZtOkeam0viJEgUNSoWeUg==?alt=protoRemote address:142.251.39.106:443RequestGET /v1/pages/ChRDaHJvbWUvODkuMC40Mzg5LjExNBIQCZtOkeam0viJEgUNSoWeUg==?alt=proto HTTP/2.0
host: content-autofill.googleapis.com
x-goog-encode-response-if-executable: base64
x-goog-api-key: AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
x-client-data: CLfmygE=
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
GEThttps://translate.googleapis.com/translate_a/l?client=chrome&hl=en&key=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgwRemote address:172.217.168.202:443RequestGET /translate_a/l?client=chrome&hl=en&key=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/2.0
host: translate.googleapis.com
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept-encoding: gzip, deflate, br
-
GEThttps://propaymentss.expert/request_tds.phpRemote address:190.115.19.207:443RequestGET /request_tds.php HTTP/2.0
host: propaymentss.expert
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept: */*
origin: https://votouv.bitbucket.io
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://votouv.bitbucket.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
set-cookie: __ddg1_=ZsazMqxbcAjZm9tiueP7; Domain=.propaymentss.expert; HttpOnly; Path=/; Expires=Tue, 05-Dec-2023 10:42:16 GMT
date: Mon, 05 Dec 2022 10:42:16 GMT
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=15768000; includeSubdomains; preload
access-control-allow-origin: *
x-frame-options: ALLOWALL
x-content-type-options: nosniff
content-encoding: gzip
-
DNSapps.identrust.comRemote address:8.8.8.8:53Requestapps.identrust.comIN AResponseapps.identrust.comIN CNAMEidentrust.edgesuite.netidentrust.edgesuite.netIN CNAMEa1952.dscq.akamai.neta1952.dscq.akamai.netIN A104.109.143.75a1952.dscq.akamai.netIN A104.109.143.91
-
GEThttp://apps.identrust.com/roots/dstrootcax3.p7cRemote address:104.109.143.75:80RequestGET /roots/dstrootcax3.p7c HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: apps.identrust.com
ResponseHTTP/1.1 200 OK
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=15768000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' *.identrust.com
Last-Modified: Mon, 20 Jun 2022 20:24:00 GMT
ETag: "37d-5e1e6e25c9800"
Accept-Ranges: bytes
Content-Length: 893
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Content-Type: application/pkcs7-mime
Cache-Control: max-age=3600
Expires: Mon, 05 Dec 2022 11:42:16 GMT
Date: Mon, 05 Dec 2022 10:42:16 GMT
Connection: keep-alive
-
GEThttps://viplinklineplus.top//tds/ol25Remote address:188.114.97.0:443RequestGET //tds/ol25 HTTP/2.0
host: viplinklineplus.top
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://votouv.bitbucket.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 302
date: Mon, 05 Dec 2022 10:42:16 GMT
content-type: text/html; charset=utf-8
location: http://viplinklineplus.top/a08r?tds=1&url_id=9131&url_full_id=1
content-security-policy: upgrade-insecure-requests;
set-cookie: __ddg1_=Hy6h0IOJQ2n2HXE0beOO; Domain=.viplinklineplus.top; HttpOnly; Path=/; Expires=Tue, 05-Dec-2023 10:42:16 GMT
strict-transport-security: max-age=15768000; includeSubdomains; preload
access-control-allow-origin: *
x-frame-options: ALLOWALL
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f0yXaJjCdVir3b3ZcwZHfZFJaI7TxZRHkSscU1elNiFOQH2bwRksTW3284J6uD0kg%2Bz6ZnlfQeaOU7%2FusUpS%2FsZPq2y2Vg33cWGi8W5WQGxdBJewxsB7ZAme5JY%2BQSriDpaDhNy5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774c2c955e260e33-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
-
GEThttps://viplinklineplus.top/a08r?tds=1&url_id=9131&url_full_id=1Remote address:188.114.97.0:443RequestGET /a08r?tds=1&url_id=9131&url_full_id=1 HTTP/2.0
host: viplinklineplus.top
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __ddg1_=Hy6h0IOJQ2n2HXE0beOO
ResponseHTTP/2.0 200
date: Mon, 05 Dec 2022 10:42:16 GMT
content-type: text/html; charset=utf-8
content-security-policy: upgrade-insecure-requests;
set-cookie: cookieID=317258; expires=Wed, 04-Jan-2023 10:42:16 GMT; Max-Age=2592000; path=/; domain=viplinklineplus.top
strict-transport-security: max-age=15768000; includeSubdomains; preload
access-control-allow-origin: *
x-frame-options: ALLOWALL
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z%2FGUGw7gsyPepX1bcYOCZ5PYylZozR04KbB81FiYyBEGY1FFDih8hTiglJ4IVnD4l5SLSB7VVbgLpItGLwbCkTON0CvpJelxK8k7CRV%2BXGBrjbPOj5De9QaCerNtuS2JzGO%2BVUgt"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774c2c961f830e33-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
-
GEThttps://viplinklineplus.top/js/jquery.syotimer.jsRemote address:188.114.97.0:443RequestGET /js/jquery.syotimer.js HTTP/2.0
host: viplinklineplus.top
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://viplinklineplus.top/a08r?tds=1&url_id=9131&url_full_id=1
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __ddg1_=Hy6h0IOJQ2n2HXE0beOO
cookie: cookieID=317258
ResponseHTTP/2.0 200
date: Mon, 05 Dec 2022 10:42:16 GMT
content-type: application/javascript
content-security-policy: upgrade-insecure-requests;
last-modified: Tue, 25 Jun 2019 09:48:00 GMT
etag: W/"5d11edd0-286f"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
vary: Accept-Encoding
age: 4455
ddg-cache-status: HIT
cache-control: max-age=14400
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fERxyTvv7mldXQmenO%2FAeG2PCXeY13SUQLrkpKJhsBnNr%2F2S7n4ihusrxnrF%2BpFcAYJYzNQuNys%2F3KCuaya2Q4OtuGX%2Fa5kxDnr374yZzXwKBuCAwjkCTlyMnGQ7y6aMZ%2Bl4DbiN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774c2c9729070e33-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
-
GEThttps://code.jquery.com/jquery-2.1.3.min.jsRemote address:69.16.175.10:443RequestGET /jquery-2.1.3.min.js HTTP/2.0
host: code.jquery.com
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://viplinklineplus.top/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
GEThttps://e-pay.plus/i/product/842/8429.jpgRemote address:190.115.19.162:443RequestGET /i/product/842/8429.jpg HTTP/2.0
host: e-pay.plus
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://viplinklineplus.top/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
set-cookie: __ddg1_=uzxZ1kcPcIxoQa0Bk2ro; Domain=.e-pay.plus; HttpOnly; Path=/; Expires=Tue, 05-Dec-2023 10:42:17 GMT
date: Thu, 01 Dec 2022 10:42:25 GMT
content-type: image/jpeg
content-length: 80900
last-modified: Thu, 17 Jun 2021 01:52:51 GMT
etag: "60caaaf3-13c04"
strict-transport-security: max-age=15768000; includeSubdomains; preload
access-control-allow-origin: *
x-frame-options: ALLOWALL
x-content-type-options: nosniff
accept-ranges: bytes
age: 345592
ddg-cache-status: HIT
-
GEThttps://rosepow34.buzz/eperevod/Remote address:104.21.43.119:443RequestGET /eperevod/ HTTP/2.0
host: rosepow34.buzz
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://viplinklineplus.top/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
date: Mon, 05 Dec 2022 10:42:17 GMT
content-type: text/html
strict-transport-security: max-age=31536000; preload
last-modified: Thu, 26 May 2022 08:41:08 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=V9vnaH37oIcVCeMh5LzJLa2PyVaHolxsyMwzpdriwJOpFNY4eJGxe7eInBmihYBmGo3mLeJAZoQyYkSLX77nT0tBY%2F62iNmuJFsYbnfQqxGWZftY7lHJsaSSt87idIhUeg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774c2c9bbc0a0115-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
-
GEThttps://rosepow34.buzz/eperevod/nicepage.cssRemote address:104.21.43.119:443RequestGET /eperevod/nicepage.css HTTP/2.0
host: rosepow34.buzz
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://rosepow34.buzz/eperevod/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
date: Mon, 05 Dec 2022 10:42:17 GMT
content-type: text/css
strict-transport-security: max-age=31536000; preload
last-modified: Tue, 27 Jul 2021 12:25:24 GMT
etag: W/"1dfa-5c819f6ce3500"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F7I9GJ1pJm2GVRgYx%2Fj1mPM1UnsvtVnse6wYUSVGP860vKFsN4sMaVYgFn1PurVfgut2RoT3rI%2FZB3qlKCAs%2BwyhHw0Ow%2FzAfe3vSc5C4jlQCT3YXVO%2FJsz1H1pVmcXEiQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 774c2c9d5d010115-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
-
GEThttps://rosepow34.buzz/eperevod/index.css?ver=1.0Remote address:104.21.43.119:443RequestGET /eperevod/index.css?ver=1.0 HTTP/2.0
host: rosepow34.buzz
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://rosepow34.buzz/eperevod/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
date: Mon, 05 Dec 2022 10:42:17 GMT
content-type: application/javascript
strict-transport-security: max-age=31536000; preload
last-modified: Wed, 16 Jun 2021 23:28:32 GMT
etag: W/"15d84-5c4ea72dc8800"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LjTljwyIkQpVgwieW9bvbQYVaIX5IM1OZMabDRI65%2F0InqQvpkleCCWxfgJZP0a5296zgCMiIdqLEl%2BGKl5B%2FSOp8E%2F4PXDImsLoCTqoLq4%2FVJxeWqy15LEiCXSaCtD8PA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 774c2c9d6d0c0115-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
-
GEThttps://rosepow34.buzz/eperevod/zen.js?rand=10Remote address:104.21.43.119:443RequestGET /eperevod/zen.js?rand=10 HTTP/2.0
host: rosepow34.buzz
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://rosepow34.buzz/eperevod/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
date: Mon, 05 Dec 2022 10:42:18 GMT
content-type: application/javascript
strict-transport-security: max-age=31536000; preload
last-modified: Wed, 09 Nov 2022 23:56:36 GMT
etag: W/"2cc8-5ed126824f500"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f7WPOSg3l7cxSLXoSi7OreSN7lMOW813Vz8CbC58pJH5bgzgRxkg3fS5ZQ1HdillhvTRQipFTcQnYMT1THrtLKTK1qGP3JJ3Uy1rDoRfxYc8doFPLV8Ovm9v3SWTI%2BV1%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 774c2c9d6d0b0115-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
-
GEThttps://rosepow34.buzz/eperevod/jquery.jsRemote address:104.21.43.119:443RequestGET /eperevod/jquery.js HTTP/2.0
host: rosepow34.buzz
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://rosepow34.buzz/eperevod/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
date: Mon, 05 Dec 2022 10:42:18 GMT
content-type: image/jpeg
content-length: 24775
strict-transport-security: max-age=31536000; preload
last-modified: Wed, 16 Jun 2021 23:28:32 GMT
etag: "60c7-5c4ea72dc8800"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sXZEBhIjIIYNCUuuRhshHoSIAUoCCA1Cp%2BpTJWpoVhrqCfu9RVdPpE6ttZrRK8bkbgEC%2Fyg7zwsA1MG5fRpPG2VPL%2B9p6RiWXC01QZkCylfcWtRwPU30x9HaAAZyZZ9FTQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 774c2c9d6d100115-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
-
GEThttps://rosepow34.buzz/eperevod/nicepage.jsRemote address:104.21.43.119:443RequestGET /eperevod/nicepage.js HTTP/2.0
host: rosepow34.buzz
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://rosepow34.buzz/eperevod/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
date: Mon, 05 Dec 2022 10:42:18 GMT
content-type: application/javascript
strict-transport-security: max-age=31536000; preload
last-modified: Wed, 16 Jun 2021 23:28:32 GMT
etag: W/"270ee-5c4ea72dc8800"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HrtBLS%2Bkz28rHUFg%2FUqdjbdKGgCQd3ke3bVvztVq7HnWDIQ0jm8UeR5z4h1VPkg29my3wSQ%2FFvP78DrzsDhWnUEzi2Gab5a%2BN%2BxqCSMCg%2FBbgPyCzIJbxtrwEIuqz9TxJw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 774c2c9d6d0d0115-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
-
GEThttps://rosepow34.buzz/eperevod/images/letter-d-arrow-logo_18849-228-crop-u33449_2x.jpgRemote address:104.21.43.119:443RequestGET /eperevod/images/letter-d-arrow-logo_18849-228-crop-u33449_2x.jpg HTTP/2.0
host: rosepow34.buzz
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://rosepow34.buzz/eperevod/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
date: Mon, 05 Dec 2022 10:42:18 GMT
content-type: image/jpeg
content-length: 8081
strict-transport-security: max-age=31536000; preload
last-modified: Wed, 16 Jun 2021 23:28:32 GMT
etag: "1f91-5c4ea72dc8800"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IE735TK7v7aOyi6ovdnYKuMHO0C7NyFWX9eaNgrWm3J1C8qJPCeaIHOLvFAvRsfzIpeQm%2FLoOCzR34JGg%2BpUGOMQxy3QjdFuLAXkNKJnzS4WulIdkqP6dNN1%2FdCwdPb0wQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 774c2c9d6d0e0115-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
-
GEThttps://rosepow34.buzz/eperevod/images/white2.jpgRemote address:104.21.43.119:443RequestGET /eperevod/images/white2.jpg HTTP/2.0
host: rosepow34.buzz
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://rosepow34.buzz/eperevod/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
date: Mon, 05 Dec 2022 10:42:18 GMT
content-type: text/css
strict-transport-security: max-age=31536000; preload
last-modified: Wed, 16 Jun 2021 23:28:32 GMT
etag: W/"10f4f8-5c4ea72dc8800"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oE0AMY1A%2FJHaVwrEaGG%2FG9W%2FxUtFhPIFyYS%2BsaCf28SMAkdAZ19gwrqjVfuE2wKYSKNbPgFNqyqSpzbzNZ6XdPxzcsSNf2Md%2BJFHuG6F0iKjg45r8qk1AqJf7BrJe6TkEw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 774c2c9d5cfe0115-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
-
GEThttps://rosepow34.buzz/eperevod/images/check.jpgRemote address:104.21.43.119:443RequestGET /eperevod/images/check.jpg HTTP/2.0
host: rosepow34.buzz
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://rosepow34.buzz/eperevod/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
date: Mon, 05 Dec 2022 10:42:18 GMT
content-type: image/jpeg
content-length: 35708
strict-transport-security: max-age=31536000; preload
last-modified: Wed, 16 Jun 2021 23:28:32 GMT
etag: "8b7c-5c4ea72dc8800"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IkU0jhyCdU5YTTKOkUMjIqKoHf8L44cKbO%2F3KzOo14ab5WQ%2BSmYRfLWGB2lWN4jbYUnAIfXaTqNxF9RQrOukHsttf3LayjQHJrgGN64YQqzp0dwpEnO8n23AAcVRKBnMKA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 774c2c9d6d110115-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
-
GEThttps://rosepow34.buzz/eperevod/geo.phpRemote address:104.21.43.119:443RequestGET /eperevod/geo.php HTTP/2.0
host: rosepow34.buzz
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://rosepow34.buzz/eperevod/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
date: Mon, 05 Dec 2022 10:42:18 GMT
content-type: text/html
strict-transport-security: max-age=31536000; preload
x-powered-by: PHP/5.4.16
set-cookie: last_page=index.html; expires=Mon, 16-Jan-2023 02:42:18 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N%2B2cSckw2drJAns%2FGTbOtYMUlnJGrD8hOy8b2rrK9UOAbKrUe4V23t1OrRvLmQJXFrQtdM4kvoUiqOF3OrpUL2yjSlCwIibpZ3ZJtfpkE1Axlu8iyjRcDQf3%2Bs%2FmojThNA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774c2ca10f320115-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
-
GEThttps://rosepow34.buzz/eperevod/pages.php?this_page=Remote address:104.21.43.119:443RequestGET /eperevod/pages.php?this_page= HTTP/2.0
host: rosepow34.buzz
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://rosepow34.buzz/eperevod/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
date: Mon, 05 Dec 2022 10:42:18 GMT
content-type: image/vnd.microsoft.icon
strict-transport-security: max-age=31536000; preload
last-modified: Wed, 16 Jun 2021 23:28:32 GMT
etag: W/"443e-5c4ea72dc8800"
cache-control: max-age=14400
cf-cache-status: HIT
age: 484
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UL6uFZEaUm%2Fh5PbN6umNCA6s0hR7kOtJpBQ4%2FwVx%2BuujhopSfEjTo1%2Fm%2BnIgz%2Fac4pf6MZD66EBOzxbKWIkICW1y9X5SoONkoNpZkw7eC2T%2BvNmT1Y3Hso91QcWjm7Ssdw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 774c2ca22fcb0115-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
-
GEThttps://rosepow34.buzz/eperevod/images/favicon.icoRemote address:104.21.43.119:443RequestGET /eperevod/images/favicon.ico HTTP/2.0
host: rosepow34.buzz
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://rosepow34.buzz/eperevod/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
date: Mon, 05 Dec 2022 10:42:18 GMT
content-type: text/html
strict-transport-security: max-age=31536000; preload
x-powered-by: PHP/5.4.16
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=13DG%2B1pCenQ5j6NG1xnN1i7jBh0jMMbgE1uhgBaY%2FVAwkIheDYujCm8SKPUL2P0%2BoNqbet%2BEbc%2F5nPgaDL1cEPopTkvZYH0vZosgK0oXi2MKftY5xdVjA064gV3uhevcUw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774c2ca10f310115-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
-
GEThttps://rosepow34.buzz/eperevod/zen.jsonRemote address:104.21.43.119:443RequestGET /eperevod/zen.json HTTP/2.0
host: rosepow34.buzz
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://rosepow34.buzz/eperevod/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: last_page=index.html
ResponseHTTP/2.0 200
date: Mon, 05 Dec 2022 10:42:18 GMT
content-type: application/json
strict-transport-security: max-age=31536000; preload
last-modified: Wed, 23 Nov 2022 20:15:36 GMT
etag: W/"13c1-5ee28f390aa00"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P3GD9R2AnrwRl2w1JLminRuUJXRJLORS5smtIrwPuPKoiU8XpzqMDraivOsCBHgwAy%2FGalmZO6Sz5fsMqvfvyjLPzGODVJpAldPGeq7rIPaKgjaOx94OVq4vLI4BeBrerg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774c2ca2a8190115-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
-
GEThttps://rosepow34.buzz/eperevod/checkpay.htmlRemote address:104.21.43.119:443RequestGET /eperevod/checkpay.html HTTP/2.0
host: rosepow34.buzz
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
referer: https://rosepow34.buzz/eperevod/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: last_page=index.html
ResponseHTTP/2.0 200
date: Mon, 05 Dec 2022 10:42:57 GMT
content-type: text/html
strict-transport-security: max-age=31536000; preload
last-modified: Sat, 11 Sep 2021 13:55:26 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0Zb0C50YHk4tkUCF87AQVszU%2FyCN7vJILwyQcf63X%2F4g3HyCRTWxFAZTE73yjudhNIP0Gt7SjSmjPWWHbZZmGnQzeRc7uHLOtvAw%2FqWmbZH5OteQflPMycxI%2FH7KkKdCKg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774c2d939e760115-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
-
GEThttps://rosepow34.buzz/eperevod/checkpay.cssRemote address:104.21.43.119:443RequestGET /eperevod/checkpay.css HTTP/2.0
host: rosepow34.buzz
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://rosepow34.buzz/eperevod/checkpay.html
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: last_page=index.html
ResponseHTTP/2.0 200
date: Mon, 05 Dec 2022 10:42:57 GMT
content-type: text/css
strict-transport-security: max-age=31536000; preload
last-modified: Wed, 16 Jun 2021 23:28:32 GMT
etag: W/"ece-5c4ea72dc8800"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LUqIj0%2BSj3EY2MOzkuBdKDYPwQRo6elR0mbjQRHTnrzm64%2BbTP5QN%2Bm7PAvSOsB3TdL2j7WAT3gM3GYbovbZEYVvPsUIfV8m4Wzx4UClZOgB9BvsQLlxa3Y2F9%2B0BhoUww%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 774c2d951f6b0115-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
-
GEThttps://rosepow34.buzz/eperevod/zen.jsRemote address:104.21.43.119:443RequestGET /eperevod/zen.js HTTP/2.0
host: rosepow34.buzz
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://rosepow34.buzz/eperevod/checkpay.html
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: last_page=index.html
ResponseHTTP/2.0 200
date: Mon, 05 Dec 2022 10:42:57 GMT
content-type: application/javascript
strict-transport-security: max-age=31536000; preload
last-modified: Wed, 09 Nov 2022 23:56:36 GMT
etag: W/"2cc8-5ed126824f500"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qifrF7th1yCQUYK34NbYvBtVxGlaUari7Qe13nS7krFjm8mGY0aAKpp2%2B0QfLZL6qjaBX9mkAjYALbiSQrYLwJIt7FTGiNBsMyRpFZ%2FDfpKVOWzAFl3qZhEw4aRuW%2Fivaw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 774c2d951f6f0115-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
-
GEThttps://rosepow34.buzz/eperevod/images/126ca6bcc2616e4edf09f466e9925396.gifRemote address:104.21.43.119:443RequestGET /eperevod/images/126ca6bcc2616e4edf09f466e9925396.gif HTTP/2.0
host: rosepow34.buzz
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://rosepow34.buzz/eperevod/checkpay.html
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: last_page=index.html
ResponseHTTP/2.0 200
date: Mon, 05 Dec 2022 10:42:57 GMT
content-type: image/png
content-length: 38729
strict-transport-security: max-age=31536000; preload
last-modified: Wed, 16 Jun 2021 23:28:32 GMT
etag: "9749-5c4ea72dc8800"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cuOguIYof8HYmY53NjoOVu11xYGwng9xhvNSflshrhXqgsah6%2BjZ1gFY3HLtY%2FBWrA4GWBM57WfCI19SWlet4afFtasSvp7f72M4Sv6BfvvjBPmDbtAZnw%2FpQaK93Mcpzw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 774c2d952f780115-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
-
GEThttps://rosepow34.buzz/eperevod/images/cropped-galochka.png?rand=e469Remote address:104.21.43.119:443RequestGET /eperevod/images/cropped-galochka.png?rand=e469 HTTP/2.0
host: rosepow34.buzz
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://rosepow34.buzz/eperevod/checkpay.html
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: last_page=index.html
ResponseHTTP/2.0 200
date: Mon, 05 Dec 2022 10:42:57 GMT
content-type: image/gif
content-length: 236058
strict-transport-security: max-age=31536000; preload
last-modified: Wed, 16 Jun 2021 23:28:32 GMT
etag: "39a1a-5c4ea72dc8800"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I3xNwELNoBWfMgqCWfzNl0YmcC4i7RdiL0bXDg%2BBxDZUtcQoPpQB83S%2BcTIhs4uAVmn3qg9zCo1EzkAPp9iKZC%2FxZODXrznm5cT86o92WZNYhsCzeALMXL1v22oUr%2BWk3g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 774c2d951f700115-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
-
GEThttps://rosepow34.buzz/eperevod/pages.php?this_page=checkpay.htmlRemote address:104.21.43.119:443RequestGET /eperevod/pages.php?this_page=checkpay.html HTTP/2.0
host: rosepow34.buzz
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://rosepow34.buzz/eperevod/checkpay.html
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: last_page=index.html
ResponseHTTP/2.0 200
date: Mon, 05 Dec 2022 10:42:58 GMT
content-type: text/html
strict-transport-security: max-age=31536000; preload
x-powered-by: PHP/5.4.16
set-cookie: last_page=checkpay.html; expires=Mon, 16-Jan-2023 02:42:58 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TkNXgq58kJuXw23rCMAfCLHAro9ufO0mULoyePLExJf7YbEe8sWhR0uCTfuB2SGNa8h7QdD0V8gUGQplR6udb%2F0aqSAnZpNKY4R6vjJHJpRpxTfz7HEWGaPukPpA7mEdUw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774c2d9aca930115-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
-
GEThttps://rosepow34.buzz/eperevod/images/white2.jpg?rand=8ba5Remote address:104.21.43.119:443RequestGET /eperevod/images/white2.jpg?rand=8ba5 HTTP/2.0
host: rosepow34.buzz
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://rosepow34.buzz/eperevod/checkpay.html
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: last_page=checkpay.html
ResponseHTTP/2.0 200
date: Mon, 05 Dec 2022 10:43:06 GMT
content-type: image/jpeg
content-length: 24775
strict-transport-security: max-age=31536000; preload
last-modified: Wed, 16 Jun 2021 23:28:32 GMT
etag: "60c7-5c4ea72dc8800"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h1F5vE%2FRjeXOpmdJlud0B%2BeLoAAfZ5EwWLHqq82GtX%2FP7KyjE6VLP%2B5N9xnxQ2iHlL5DRh58%2BWaaSTzagaZXAr9VmUZJVYX1L8YtDwzyxmpUDm4cV3tfBHrF6o9opaUXCA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 774c2dcd3d4c0115-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
-
GEThttps://rosepow34.buzz/eperevod/support.htmlRemote address:104.21.43.119:443RequestGET /eperevod/support.html HTTP/2.0
host: rosepow34.buzz
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://rosepow34.buzz/eperevod/checkpay.html
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: last_page=checkpay.html
ResponseHTTP/2.0 200
date: Mon, 05 Dec 2022 10:43:11 GMT
content-type: text/html
strict-transport-security: max-age=31536000; preload
last-modified: Wed, 23 Nov 2022 20:18:42 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Aqy%2BNmhQS1COCcFm3f8FLNG8IPrgMZfX5AM0rzJ6u1CN%2FzFQNrg%2BafPpbCf55dHhhtYPb%2FgXMbf5DZYP8w4pxklfhO5J0mj0qvCJpW5hTSWNYnH2ZHHbSOdfmSR4JgQaCg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774c2decef890115-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
-
GEThttps://rosepow34.buzz/eperevod/support.cssRemote address:104.21.43.119:443RequestGET /eperevod/support.css HTTP/2.0
host: rosepow34.buzz
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://rosepow34.buzz/eperevod/support.html
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: last_page=checkpay.html
ResponseHTTP/2.0 200
date: Mon, 05 Dec 2022 10:43:12 GMT
content-type: text/css
strict-transport-security: max-age=31536000; preload
last-modified: Wed, 16 Jun 2021 23:28:32 GMT
etag: W/"140b-5c4ea72dc8800"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rJo8EfJAlNgyW5sHZH9fitNpYkDD4gCl2hiwWGwkQawadbkmEZ0MZdMWreIgOhFC6I2sg5rXymalm9myXGPtQGwaaKnAFlQnRVPBs63zXFky5PqhvGD2Rfh8FSwzQcdBtw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 774c2def98bc0115-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
-
GEThttps://rosepow34.buzz/eperevod/js/main.jsRemote address:104.21.43.119:443RequestGET /eperevod/js/main.js HTTP/2.0
host: rosepow34.buzz
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://rosepow34.buzz/eperevod/support.html
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: last_page=checkpay.html
ResponseHTTP/2.0 200
date: Mon, 05 Dec 2022 10:43:12 GMT
content-type: application/javascript
strict-transport-security: max-age=31536000; preload
last-modified: Wed, 23 Nov 2022 20:21:50 GMT
etag: W/"190-5ee2909e4a2bc"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dYafmqx5V0WfD4DZfabd%2Feqm9oX5w846Rq1vFfF5CcshfJPiayqEQRSJaLyY7cTIuNa%2BGaZckQwcf8hmY5x9uod2yx18XvxOZKc6oCnMmAQ6I0Te9AAVZOBQNDL2A8juFw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 774c2defb8d00115-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
-
GEThttps://rosepow34.buzz/eperevod/images/tild3764-6436-4262-b534-386530643137__logo_set_1_2.pngRemote address:104.21.43.119:443RequestGET /eperevod/images/tild3764-6436-4262-b534-386530643137__logo_set_1_2.png HTTP/2.0
host: rosepow34.buzz
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://rosepow34.buzz/eperevod/support.html
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: last_page=checkpay.html
ResponseHTTP/2.0 200
date: Mon, 05 Dec 2022 10:43:12 GMT
content-type: image/png
content-length: 7522
strict-transport-security: max-age=31536000; preload
last-modified: Wed, 16 Jun 2021 23:28:32 GMT
etag: "1d62-5c4ea72dc8800"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wk2r9c2D1V9phQggnV4f%2FkU%2FX5o5G7%2FKMnHh7mO5vqztjkbyG9vjbOcHlkKCZyDlpzZMsAQZJJujX6egt4eHzy9MlSJEtZSm2HnXrIFccC6hDbOvRVskWzzlKDPWhqvMAw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 774c2df169b80115-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
-
GEThttps://rosepow34.buzz/eperevod/pages.php?this_page=support.htmlRemote address:104.21.43.119:443RequestGET /eperevod/pages.php?this_page=support.html HTTP/2.0
host: rosepow34.buzz
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://rosepow34.buzz/eperevod/support.html
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: last_page=checkpay.html
ResponseHTTP/2.0 200
date: Mon, 05 Dec 2022 10:43:15 GMT
content-type: text/html
strict-transport-security: max-age=31536000; preload
x-powered-by: PHP/5.4.16
set-cookie: last_page=support.html; expires=Mon, 16-Jan-2023 02:43:15 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iKj4J1p86EUeAPbDBkuh0%2FhizM5kGgzwH%2FcjLpjo5FYu0l5Noa4AGGYu6HtPCr5%2Fu450m9ky5yqg4GqH7qwEpcLOjm5afqLRC2jeGxq4x%2FUM9AAD5by08ykn6a7o1z6%2Fsw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774c2e044c0f0115-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
-
GEThttps://pr0paymentss.expert/buy_domain.phpRemote address:190.115.26.190:443RequestGET /buy_domain.php HTTP/2.0
host: pr0paymentss.expert
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://rosepow34.buzz/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
set-cookie: __ddg1_=jhcahJk1KxzCY6QlDbXX; Domain=.pr0paymentss.expert; HttpOnly; Path=/; Expires=Tue, 05-Dec-2023 10:42:18 GMT
date: Mon, 05 Dec 2022 10:42:19 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
content-encoding: gzip
-
GEThttps://pr0paymentss.expert/buy_domain.phpRemote address:190.115.26.190:443RequestGET /buy_domain.php HTTP/2.0
host: pr0paymentss.expert
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://rosepow34.buzz/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
set-cookie: __ddg1_=PmW1CAdCWs8KYyHVHU2s; Domain=.pr0paymentss.expert; HttpOnly; Path=/; Expires=Tue, 05-Dec-2023 10:42:58 GMT
date: Mon, 05 Dec 2022 10:42:58 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
content-encoding: gzip
-
GEThttps://pr0paymentss.expert/buy_domain.phpRemote address:190.115.26.190:443RequestGET /buy_domain.php HTTP/2.0
host: pr0paymentss.expert
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://rosepow34.buzz/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
set-cookie: __ddg1_=qpuoIltHbMAL0DWJk8Q4; Domain=.pr0paymentss.expert; HttpOnly; Path=/; Expires=Tue, 05-Dec-2023 10:43:19 GMT
date: Mon, 05 Dec 2022 10:43:19 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
content-encoding: gzip
-
DNSdns.googleRemote address:8.8.8.8:53Requestdns.googleIN AResponsedns.googleIN A8.8.4.4dns.googleIN A8.8.8.8
-
GEThttps://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAARemote address:8.8.4.4:443RequestGET /dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
host: dns.google
accept: application/dns-message
accept-language: *
user-agent: Chrome
accept-encoding: identity
-
GEThttps://dns.google/dns-query?dns=AAABAAABAAAAAAABDHNhZmVicm93c2luZwpnb29nbGVhcGlzA2NvbQAAAQABAAApEAAAAAAAAEgADABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAARemote address:8.8.4.4:443RequestGET /dns-query?dns=AAABAAABAAAAAAABDHNhZmVicm93c2luZwpnb29nbGVhcGlzA2NvbQAAAQABAAApEAAAAAAAAEgADABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
host: dns.google
accept: application/dns-message
accept-language: *
user-agent: Chrome
accept-encoding: identity
-
GEThttps://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$req=Ch0KDGdvb2dsZWNocm9tZRINODkuMC40Mzg5LjExNBoMCAUQASIEIAEgAigBGgwIARABIgQgASACKAEaDAgDEAEiBCABIAIoARoMCAcQASIEIAEgAigBGgwIARABIgQgASACKAMaDAgBEAgiBCABIAIoBBoMCAkQASIEIAEgAigGGgwIDxABIgQgASACKAEaDAgKEAgiBCABIAIoARoMCAkQASIEIAEgAigBGgwICBABIgQgASACKAEaDAgNEAEiBCABIAIoARoMCA4QASIEIAEgAigBGgwIEBABIgQgASACKAEiAggB&$ct=application/x-protobuf&key=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgwRemote address:142.250.179.170:443RequestGET /v4/threatListUpdates:fetch?$req=Ch0KDGdvb2dsZWNocm9tZRINODkuMC40Mzg5LjExNBoMCAUQASIEIAEgAigBGgwIARABIgQgASACKAEaDAgDEAEiBCABIAIoARoMCAcQASIEIAEgAigBGgwIARABIgQgASACKAMaDAgBEAgiBCABIAIoBBoMCAkQASIEIAEgAigGGgwIDxABIgQgASACKAEaDAgKEAgiBCABIAIoARoMCAkQASIEIAEgAigBGgwICBABIgQgASACKAEaDAgNEAEiBCABIAIoARoMCA4QASIEIAEgAigBGgwIEBABIgQgASACKAEiAggB&$ct=application/x-protobuf&key=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/2.0
host: safebrowsing.googleapis.com
x-http-method-override: POST
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept-encoding: gzip, deflate, br
-
172.217.168.238:443https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=89.0.4389.114&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D115%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D115%2526e%253D1tls, http2
HTTP Request
GET https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=89.0.4389.114&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D115%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D115%2526e%253D1 -
142.251.36.45:443https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standardtls, http2
HTTP Request
POST https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard -
149.154.164.13:443https://telegra.ph/favicon.ico?1tls, http2
HTTP Request
GET https://telegra.ph/VN-873697-12-03HTTP Response
200HTTP Request
GET https://telegra.ph/css/quill.core.min.cssHTTP Request
GET https://telegra.ph/css/core.min.css?46HTTP Request
GET https://telegra.ph/js/jquery.min.jsHTTP Request
GET https://telegra.ph/js/jquery.selection.min.jsHTTP Request
GET https://telegra.ph/js/autosize.min.jsHTTP Request
GET https://telegra.ph/js/load-image.all.min.js?1HTTP Request
GET https://telegra.ph/js/quill.min.js?9HTTP Request
GET https://telegra.ph/js/core.min.js?63HTTP Request
GET https://telegra.ph/file/5ec8c68c878f0dff21c54.jpgHTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Request
GET https://telegra.ph/images/icons.png?1HTTP Request
POST https://edit.telegra.ph/checkHTTP Response
200HTTP Request
GET https://telegra.ph/favicon.ico?1HTTP Response
200HTTP Response
200 -
34.104.35.123:80http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crxhttp
HTTP Request
GET http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crxHTTP Response
200 -
8.8.8.8:443https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3NzbAdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtls, http2
HTTP Request
GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHTTP Request
GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3NzbAdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -
8.8.8.8:443https://dns.google/dns-query?dns=AAABAAABAAAAAAABCXRyYW5zbGF0ZQpnb29nbGVhcGlzA2NvbQAAAQABAAApEAAAAAAAAEsADABHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtls, http2
HTTP Request
GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHTTP Request
GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABCXRyYW5zbGF0ZQpnb29nbGVhcGlzA2NvbQAAAQABAAApEAAAAAAAAEsADABHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -
216.58.208.99:443
-
216.58.208.99:443https://ssl.gstatic.com/safebrowsing/csd/client_model_v5_variation_6.pbtls, http2
HTTP Request
GET https://ssl.gstatic.com/safebrowsing/csd/client_model_v5_variation_6.pb -
149.154.167.99:443https://t.me/_websync_?path=VN-873697-12-03&hash=9d163289f66ef4feb3tls, http2
HTTP Request
GET https://t.me/_websync_?path=VN-873697-12-03&hash=9d163289f66ef4feb3HTTP Response
200 -
142.251.39.106:443https://content-autofill.googleapis.com/v1/pages/ChRDaHJvbWUvODkuMC40Mzg5LjExNBIQCZtOkeam0viJEgUNSoWeUg==?alt=prototls, http2
HTTP Request
GET https://content-autofill.googleapis.com/v1/pages/ChRDaHJvbWUvODkuMC40Mzg5LjExNBIQCZtOkeam0viJEgUNSoWeUg==?alt=proto -
172.217.168.202:443
-
172.217.168.202:443https://translate.googleapis.com/translate_a/l?client=chrome&hl=en&key=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgwtls, http2
HTTP Request
GET https://translate.googleapis.com/translate_a/l?client=chrome&hl=en&key=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw -
18.205.93.10:443votouv.bitbucket.iotls
-
18.205.93.10:443votouv.bitbucket.iotls
-
190.115.19.207:443https://propaymentss.expert/request_tds.phptls, http2
HTTP Request
GET https://propaymentss.expert/request_tds.phpHTTP Response
200 -
104.109.143.75:80http://apps.identrust.com/roots/dstrootcax3.p7chttp
HTTP Request
GET http://apps.identrust.com/roots/dstrootcax3.p7cHTTP Response
200 -
188.114.97.0:443https://viplinklineplus.top/js/jquery.syotimer.jstls, http2
HTTP Request
GET https://viplinklineplus.top//tds/ol25HTTP Response
302HTTP Request
GET https://viplinklineplus.top/a08r?tds=1&url_id=9131&url_full_id=1HTTP Response
200HTTP Request
GET https://viplinklineplus.top/js/jquery.syotimer.jsHTTP Response
200 -
188.114.97.0:443viplinklineplus.toptls, https
-
69.16.175.10:443https://code.jquery.com/jquery-2.1.3.min.jstls, http2
HTTP Request
GET https://code.jquery.com/jquery-2.1.3.min.js -
190.115.19.162:443https://e-pay.plus/i/product/842/8429.jpgtls, http2
HTTP Request
GET https://e-pay.plus/i/product/842/8429.jpgHTTP Response
200 -
104.21.43.119:443https://rosepow34.buzz/eperevod/pages.php?this_page=support.htmltls, http2
HTTP Request
GET https://rosepow34.buzz/eperevod/HTTP Response
200HTTP Request
GET https://rosepow34.buzz/eperevod/nicepage.cssHTTP Request
GET https://rosepow34.buzz/eperevod/index.css?ver=1.0HTTP Request
GET https://rosepow34.buzz/eperevod/zen.js?rand=10HTTP Request
GET https://rosepow34.buzz/eperevod/jquery.jsHTTP Request
GET https://rosepow34.buzz/eperevod/nicepage.jsHTTP Request
GET https://rosepow34.buzz/eperevod/images/letter-d-arrow-logo_18849-228-crop-u33449_2x.jpgHTTP Request
GET https://rosepow34.buzz/eperevod/images/white2.jpgHTTP Request
GET https://rosepow34.buzz/eperevod/images/check.jpgHTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Request
GET https://rosepow34.buzz/eperevod/geo.phpHTTP Request
GET https://rosepow34.buzz/eperevod/pages.php?this_page=HTTP Request
GET https://rosepow34.buzz/eperevod/images/favicon.icoHTTP Response
200HTTP Response
200HTTP Response
200HTTP Request
GET https://rosepow34.buzz/eperevod/zen.jsonHTTP Response
200HTTP Request
GET https://rosepow34.buzz/eperevod/checkpay.htmlHTTP Response
200HTTP Request
GET https://rosepow34.buzz/eperevod/checkpay.cssHTTP Request
GET https://rosepow34.buzz/eperevod/zen.jsHTTP Request
GET https://rosepow34.buzz/eperevod/images/126ca6bcc2616e4edf09f466e9925396.gifHTTP Request
GET https://rosepow34.buzz/eperevod/images/cropped-galochka.png?rand=e469HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Request
GET https://rosepow34.buzz/eperevod/pages.php?this_page=checkpay.htmlHTTP Response
200HTTP Request
GET https://rosepow34.buzz/eperevod/images/white2.jpg?rand=8ba5HTTP Response
200HTTP Request
GET https://rosepow34.buzz/eperevod/support.htmlHTTP Response
200HTTP Request
GET https://rosepow34.buzz/eperevod/support.cssHTTP Request
GET https://rosepow34.buzz/eperevod/js/main.jsHTTP Response
200HTTP Response
200HTTP Request
GET https://rosepow34.buzz/eperevod/images/tild3764-6436-4262-b534-386530643137__logo_set_1_2.pngHTTP Response
200HTTP Request
GET https://rosepow34.buzz/eperevod/pages.php?this_page=support.htmlHTTP Response
200 -
104.21.43.119:443rosepow34.buzztls, https
-
190.115.26.190:443https://pr0paymentss.expert/buy_domain.phptls, http2
HTTP Request
GET https://pr0paymentss.expert/buy_domain.phpHTTP Response
200HTTP Request
GET https://pr0paymentss.expert/buy_domain.phpHTTP Response
200HTTP Request
GET https://pr0paymentss.expert/buy_domain.phpHTTP Response
200 -
8.8.4.4:443https://dns.google/dns-query?dns=AAABAAABAAAAAAABDHNhZmVicm93c2luZwpnb29nbGVhcGlzA2NvbQAAAQABAAApEAAAAAAAAEgADABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtls, http2
HTTP Request
GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHTTP Request
GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABDHNhZmVicm93c2luZwpnb29nbGVhcGlzA2NvbQAAAQABAAApEAAAAAAAAEgADABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -
142.250.179.170:443https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$req=Ch0KDGdvb2dsZWNocm9tZRINODkuMC40Mzg5LjExNBoMCAUQASIEIAEgAigBGgwIARABIgQgASACKAEaDAgDEAEiBCABIAIoARoMCAcQASIEIAEgAigBGgwIARABIgQgASACKAMaDAgBEAgiBCABIAIoBBoMCAkQASIEIAEgAigGGgwIDxABIgQgASACKAEaDAgKEAgiBCABIAIoARoMCAkQASIEIAEgAigBGgwICBABIgQgASACKAEaDAgNEAEiBCABIAIoARoMCA4QASIEIAEgAigBGgwIEBABIgQgASACKAEiAggB&$ct=application/x-protobuf&key=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgwtls, http2
HTTP Request
GET https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$req=Ch0KDGdvb2dsZWNocm9tZRINODkuMC40Mzg5LjExNBoMCAUQASIEIAEgAigBGgwIARABIgQgASACKAEaDAgDEAEiBCABIAIoARoMCAcQASIEIAEgAigBGgwIARABIgQgASACKAMaDAgBEAgiBCABIAIoBBoMCAkQASIEIAEgAigGGgwIDxABIgQgASACKAEaDAgKEAgiBCABIAIoARoMCAkQASIEIAEgAigBGgwICBABIgQgASACKAEaDAgNEAEiBCABIAIoARoMCA4QASIEIAEgAigBGgwIEBABIgQgASACKAEiAggB&$ct=application/x-protobuf&key=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
-
8.8.8.8:53telegra.phdns
DNS Request
telegra.ph
DNS Response
149.154.164.13
-
8.8.8.8:53accounts.google.comdns
DNS Request
accounts.google.com
DNS Response
142.251.36.45
-
8.8.8.8:53clients2.google.comdns
DNS Request
clients2.google.com
DNS Response
172.217.168.238
-
8.8.8.8:53edgedl.me.gvt1.comdns
DNS Request
edgedl.me.gvt1.com
DNS Response
34.104.35.123
-
8.8.8.8:53dns.googledns
DNS Request
dns.google
DNS Response
8.8.8.88.8.4.4
-
8.8.8.8:53dns.googledns
DNS Request
dns.google
DNS Response
8.8.8.88.8.4.4
-
8.8.8.8:443dns.googlehttps
-
8.8.8.8:443dns.googlehttps
-
8.8.8.8:53apps.identrust.comdns
DNS Request
apps.identrust.com
DNS Response
104.109.143.75104.109.143.91
-
8.8.8.8:443dns.googlehttps
-
8.8.8.8:53dns.googledns
DNS Request
dns.google
DNS Response
8.8.4.48.8.8.8
-
8.8.4.4:443dns.googlehttps
-
142.251.39.106:443https
-
8.8.4.4:443dns.googlehttps
-
224.0.0.251:5353