Overview

overview

8

Static

static

1

NordVPNSetup.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    359s
  • max time network
    357s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/03/2024, 13:34 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NordVPNSetup.exe

  • Size

    1.7MB

  • MD5

    59cb69a08fdd9cb4b0539e3356df1d4d

  • SHA1

    0c773a0a76f821780c002d527bee387b98904569

  • SHA256

    bea34078c360c71fcadc1a86ebd397d081f0d589913ad43970c1a3983231f522

  • SHA512

    51d4f3d396d183bc5dcaaa0a26cf024fade9b5e5c0e73e1d2ee7663ba26bc55e799beb488d5bab8d8252147b33df6ea1209ebd730124a919940e899758842ec2

  • SSDEEP

    24576:u7FUDowAyrTVE3U5Fg23TD2D+Fz3ifFUwo433RfFcdnOtksSm:uBuZrEUWq0t9D7l

Score
8/10
discoverypersistence

Malware Config

Signatures

  • Downloads MZ/PE file
  • Drops file in Drivers directory 3 IoCs
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 15 IoCs
  • Loads dropped DLL 64 IoCs
  • Modifies file permissions 1 TTPs 18 IoCs
    discovery
  • Registers COM server for autorun 1 TTPs 4 IoCs
    persistence
  • Unexpected DNS network traffic destination 8 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in System32 directory 44 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 10 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Kills process with taskkill 1 IoCs
    evasion
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 31 IoCs
  • Modifies system certificate store 2 TTPs 21 IoCs
    evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: LoadsDriver 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 28 IoCs
  • Suspicious use of FindShellTrayWindow 8 IoCs
  • Suspicious use of SendNotifyMessage 4 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NordVPNSetup.exe
    "C:\Users\Admin\AppData\Local\Temp\NordVPNSetup.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3196
    • C:\Users\Admin\AppData\Local\Temp\is-SEQ7S.tmp\NordVPNSetup.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-SEQ7S.tmp\NordVPNSetup.tmp" /SL5="$901CA,890440,866304,C:\Users\Admin\AppData\Local\Temp\NordVPNSetup.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Windows directory
      • Modifies system certificate store
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:4160
      • C:\Users\Admin\AppData\Local\Temp\is-JDQU9.tmp\NordVPNSetup.exe
        "C:\Users\Admin\AppData\Local\Temp\is-JDQU9.tmp\NordVPNSetup.exe" /webinstaller=true /DIR="C:\Program Files\NordVPN" /guid=3998bf15-b5ef-4fc1-aeb0-60363fb479a2
        3⤵
        • Executes dropped EXE
        • Suspicious use of WriteProcessMemory
        PID:4572
        • C:\Users\Admin\AppData\Local\Temp\is-NSCRT.tmp\NordVPNSetup.tmp
          "C:\Users\Admin\AppData\Local\Temp\is-NSCRT.tmp\NordVPNSetup.tmp" /SL5="$50066,46811598,866304,C:\Users\Admin\AppData\Local\Temp\is-JDQU9.tmp\NordVPNSetup.exe" /webinstaller=true /DIR="C:\Program Files\NordVPN" /guid=3998bf15-b5ef-4fc1-aeb0-60363fb479a2
          4⤵
          • Checks computer location settings
          • Executes dropped EXE
          • Loads dropped DLL
          • Drops file in Program Files directory
          • Modifies registry class
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of WriteProcessMemory
          PID:4740
          • C:\Windows\SysWOW64\taskkill.exe
            "C:\Windows\system32\taskkill.exe" /f /im NordVPN.exe
            5⤵
            • Kills process with taskkill
            • Suspicious use of AdjustPrivilegeToken
            PID:1128
          • C:\Users\Admin\AppData\Local\Temp\is-Q2C98.tmp\NordUpdaterSetup.exe
            "C:\Users\Admin\AppData\Local\Temp\is-Q2C98.tmp\NordUpdaterSetup.exe" /VERYSILENT /SUPPRESSMSGBOXES /NOCANCEL /NORESTART /RESTARTEXITCODE=3010 /NOCLOSEAPPLICATIONS
            5⤵
            • Executes dropped EXE
            • Suspicious use of WriteProcessMemory
            PID:1836
            • C:\Users\Admin\AppData\Local\Temp\is-VGAA0.tmp\NordUpdaterSetup.tmp
              "C:\Users\Admin\AppData\Local\Temp\is-VGAA0.tmp\NordUpdaterSetup.tmp" /SL5="$2024C,3309281,910336,C:\Users\Admin\AppData\Local\Temp\is-Q2C98.tmp\NordUpdaterSetup.exe" /VERYSILENT /SUPPRESSMSGBOXES /NOCANCEL /NORESTART /RESTARTEXITCODE=3010 /NOCLOSEAPPLICATIONS
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Drops file in Program Files directory
              • Suspicious use of FindShellTrayWindow
              • Suspicious use of WriteProcessMemory
              PID:2744
              • C:\Windows\system32\icacls.exe
                "C:\Windows\system32\icacls.exe" "C:\Program Files\NordUpdater" /inheritance:r
                7⤵
                • Modifies file permissions
                PID:3584
              • C:\Windows\system32\icacls.exe
                "C:\Windows\system32\icacls.exe" "C:\Program Files\NordUpdater" /grant *S-1-5-32-545:(OI)(CI)(RX)
                7⤵
                • Modifies file permissions
                PID:2084
              • C:\Windows\system32\icacls.exe
                "C:\Windows\system32\icacls.exe" "C:\Program Files\NordUpdater" /grant *S-1-5-32-544:(OI)(CI)(F)
                7⤵
                • Modifies file permissions
                PID:1756
              • C:\Windows\system32\icacls.exe
                "C:\Windows\system32\icacls.exe" "C:\Program Files\NordUpdater" /grant *S-1-5-18:(OI)(CI)(F)
                7⤵
                • Modifies file permissions
                PID:940
              • C:\Windows\system32\icacls.exe
                "C:\Windows\system32\icacls.exe" C:\ProgramData\NordUpdater /inheritance:d
                7⤵
                • Modifies file permissions
                PID:732
              • C:\Windows\system32\icacls.exe
                "C:\Windows\system32\icacls.exe" C:\ProgramData\NordUpdater /remove Users /T
                7⤵
                • Modifies file permissions
                PID:4388
              • C:\Windows\system32\icacls.exe
                "C:\Windows\system32\icacls.exe" C:\ProgramData\NordUpdater /grant Users:(RX)
                7⤵
                • Modifies file permissions
                PID:3216
              • C:\Windows\system32\icacls.exe
                "C:\Windows\system32\icacls.exe" C:\ProgramData\NordUpdater\logs /grant Users:(OI)(CI)(RX)
                7⤵
                • Modifies file permissions
                PID:4944
              • C:\Windows\system32\icacls.exe
                "C:\Windows\system32\icacls.exe" C:\ProgramData\NordUpdater\updates /grant Users:(OI)(CI)(RX)
                7⤵
                • Modifies file permissions
                PID:4468
          • C:\Windows\system32\icacls.exe
            "C:\Windows\system32\icacls.exe" C:\ProgramData\NordVPN /inheritance:d
            5⤵
            • Modifies file permissions
            PID:3224
          • C:\Windows\system32\icacls.exe
            "C:\Windows\system32\icacls.exe" C:\ProgramData\NordVPN /remove Users /T
            5⤵
            • Modifies file permissions
            PID:4624
          • C:\Windows\system32\icacls.exe
            "C:\Windows\system32\icacls.exe" C:\ProgramData\NordVPN /grant Users:(RX)
            5⤵
            • Modifies file permissions
            PID:2716
          • C:\Windows\system32\icacls.exe
            "C:\Windows\system32\icacls.exe" C:\ProgramData\NordVPN\logs /grant Users:(OI)(CI)(RX)
            5⤵
            • Modifies file permissions
            PID:1456
          • C:\Windows\system32\icacls.exe
            "C:\Windows\system32\icacls.exe" C:\ProgramData\NordVPN\affiliates.json /grant Users:(RX)
            5⤵
            • Modifies file permissions
            PID:4052
          • C:\Windows\system32\icacls.exe
            "C:\Windows\system32\icacls.exe" "C:\Program Files\NordVPN" /inheritance:r
            5⤵
            • Modifies file permissions
            PID:4620
          • C:\Windows\system32\icacls.exe
            "C:\Windows\system32\icacls.exe" "C:\Program Files\NordVPN" /grant *S-1-5-32-545:(OI)(CI)(RX)
            5⤵
            • Modifies file permissions
            PID:2324
          • C:\Windows\system32\icacls.exe
            "C:\Windows\system32\icacls.exe" "C:\Program Files\NordVPN" /grant *S-1-5-32-544:(OI)(CI)(F)
            5⤵
            • Modifies file permissions
            PID:4780
          • C:\Windows\system32\icacls.exe
            "C:\Windows\system32\icacls.exe" "C:\Program Files\NordVPN" /grant *S-1-5-18:(OI)(CI)(F)
            5⤵
            • Modifies file permissions
            PID:1312
          • C:\Program Files\NordVPN\NordVPN.exe
            "C:\Program Files\NordVPN\NordVPN.exe"
            5⤵
            • Checks computer location settings
            • Executes dropped EXE
            • Loads dropped DLL
            • Registers COM server for autorun
            • Adds Run key to start application
            • Drops file in Program Files directory
            • Modifies registry class
            • Modifies system certificate store
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SendNotifyMessage
            PID:3584
  • C:\Program Files\NordUpdater\NordUpdateService.exe
    "C:\Program Files\NordUpdater\NordUpdateService.exe"
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • Drops file in System32 directory
    • Modifies data under HKEY_USERS
    • Suspicious use of AdjustPrivilegeToken
    PID:1840
  • C:\Program Files\NordVPN\nordvpn-service.exe
    "C:\Program Files\NordVPN\nordvpn-service.exe"
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • Drops file in System32 directory
    • Modifies data under HKEY_USERS
    • Modifies system certificate store
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4920
    • C:\Windows\system32\cmd.exe
      "C:\Windows\system32\cmd.exe" /C pnputil /enum-devices /class Net /drivers
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1576
      • C:\Windows\system32\pnputil.exe
        pnputil /enum-devices /class Net /drivers
        3⤵
        • Checks SCSI registry key(s)
        PID:5040
    • C:\Windows\system32\cmd.exe
      "C:\Windows\system32\cmd.exe" /C pnputil /add-driver "C:\Program Files\NordVPN\7.19.4.0\Drivers/OemVista.inf" /install
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3204
      • C:\Windows\system32\pnputil.exe
        pnputil /add-driver "C:\Program Files\NordVPN\7.19.4.0\Drivers/OemVista.inf" /install
        3⤵
        • Drops file in Windows directory
        • Checks SCSI registry key(s)
        PID:4684
    • C:\Program Files\NordVPN\7.19.4.0\TapDriver\tapctl.exe
      "C:\Program Files\NordVPN\7.19.4.0\TapDriver/tapctl.exe" list --hwid tapnordvpn
      2⤵
      • Executes dropped EXE
      PID:2808
    • C:\Program Files\NordVPN\7.19.4.0\TapDriver\tapctl.exe
      "C:\Program Files\NordVPN\7.19.4.0\TapDriver/tapctl.exe" create --hwid tapnordvpn
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:4124
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
    1⤵
    • Drops file in Windows directory
    • Checks SCSI registry key(s)
    • Suspicious use of AdjustPrivilegeToken
    PID:2148
    • C:\Windows\system32\DrvInst.exe
      DrvInst.exe "4" "0" "C:\Windows\TEMP\{eaa5b5bb-857e-c24b-8915-c44d3385c41b}\OemVista.inf" "9" "45e106d67" "000000000000014C" "Service-0x0-3e7$\Default" "0000000000000158" "208" "C:\Program Files\NordVPN\7.19.4.0\Drivers"
      2⤵
      • Drops file in System32 directory
      • Drops file in Windows directory
      • Checks SCSI registry key(s)
      • Modifies data under HKEY_USERS
      PID:4520
    • C:\Windows\system32\DrvInst.exe
      DrvInst.exe "2" "1" "ROOT\NET\0000" "C:\Windows\INF\oem3.inf" "oem3.inf:3beb73aff103cc24:tapnordvpn.ndi:9.0.0.23:tapnordvpn," "42b53aaff" "000000000000014C"
      2⤵
      • Drops file in Drivers directory
      • Drops file in Windows directory
      • Checks SCSI registry key(s)
      • Suspicious use of AdjustPrivilegeToken
      PID:3920
  • C:\Program Files\NordVPN\NordVPN.exe
    "C:\Program Files\NordVPN\NordVPN.exe"
    1⤵
    • Executes dropped EXE
    • Suspicious use of AdjustPrivilegeToken
    PID:2504
  • C:\Program Files\NordVPN\NordVPN.exe
    "C:\Program Files\NordVPN\NordVPN.exe"
    1⤵
    • Executes dropped EXE
    • Suspicious use of AdjustPrivilegeToken
    PID:3568
  • C:\Program Files\NordVPN\NordVPN.exe
    "C:\Program Files\NordVPN\NordVPN.exe"
    1⤵
    • Executes dropped EXE
    • Suspicious use of AdjustPrivilegeToken
    PID:5168
  • C:\Program Files\NordVPN\NordVPN.exe
    "C:\Program Files\NordVPN\NordVPN.exe"
    1⤵
    • Executes dropped EXE
    • Suspicious use of AdjustPrivilegeToken
    PID:5676
  • C:\Program Files\NordVPN\NordVPN.exe
    "C:\Program Files\NordVPN\NordVPN.exe"
    1⤵
    • Executes dropped EXE
    • Suspicious use of AdjustPrivilegeToken
    PID:1332

Network

  • flag-us
    DNS
    241.150.49.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    241.150.49.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    209.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    209.178.17.96.in-addr.arpa
    IN PTR
    Response
    209.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-209deploystaticakamaitechnologiescom
  • flag-us
    DNS
    73.31.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    73.31.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    api.nordvpn.com
    NordVPNSetup.tmp
    Remote address:
    8.8.8.8:53
    Request
    api.nordvpn.com
    IN A
    Response
    api.nordvpn.com
    IN A
    104.19.159.190
    api.nordvpn.com
    IN A
    104.16.208.203
  • flag-us
    GET
    https://api.nordvpn.com/v1/helpers/ips/insights
    NordVPNSetup.tmp
    Remote address:
    104.19.159.190:443
    Request
    GET /v1/helpers/ips/insights HTTP/1.1
    User-Agent: Nord.Setup/1.0.0.0
    Host: api.nordvpn.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Sun, 10 Mar 2024 13:35:22 GMT
    Content-Type: application/json;charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    vary: Accept-Encoding
    x-accept-before: 1710120922
    x-authorization: key-id="rsa-key-1",algorithm="rsa-sha256"
    x-digest: c3c0a231c38a5f2c11a57359e5966315d309e30d66a581dab80188661cc15921
    x-signature: NivsU74FnhmAzvPFzmtjb9m3UGkVH85px7VMAAGjPhg6Cn33tykh/YZCOn1UDswm99Q+4KfL6X5mlREU5whsGbkBEcU93w9Cs6S2+3x+tW4sFwGh8TtIr1mty9OGUmQsKAojLJ9RLLBAgzV8ImBy7W4ii0jV/sww8glQWf6E8bSQveqsaccsd7LaODze8P+K34RUBMQqOSwzjw1ufyw1TwZfimCcW0ZqP9brQi3NrMuvdm5CiqyYZLCmf9j/bOqFdik4X1lT8H8KG5Jvhg9Ml1bnrXk/Bsx4K4nWq0lI02Sl4369Rz53bWhyddRnIk1GhRaPWIuXtZjABkw8Bhiq52ZFxebrN2IzgXnygy5Rt4jUayaqCV4xbbEvAjhLhw/egkYsF8XJiUfaNJwgZyh9zJvXMTtMhMBdIjf+159wRg7274xRlW1aaG6fP1XC6weR8NwOuFFhNaN7v2rg3WZhBvi/1bdAcYxJMzWmfTlFC2eM6tPt3whg1wBgcAzCDH9QSqZmuz7cjjCzJ97JI2C00yp0rPsIoh7xZh98doqKkevv0kXNXmkBIOwwde6Kku+2WkRpDUfcpHoQ5wCJW8V486nwsYuN+k5ftZtptjy+pDUspKbFbxRvfY+R7FMQNnp/pWuFn95WSteYlJ+NjvbSMKWlwb9kcNITynPVMrW1GyE=
    x-host-signature: YZF03U9L4u65W6U8bZVWu1+xaxhzkaFVjkcCPCYPlBJhRLy2NHEN0dI/Htqli9N7L2y3fAaS5/MnGS5oT+1ii2/63JPkVV/RQFrdKGBiXepOy9LeK1nOkKLSnz0Y6Ar/8lIGqjODSZag5onn8tODedhywm8Ykq6ERcvtpBjjD+XzOOTnnTcQW4Fae4KM0bOF/8UTOzEveQsobw8+3AOykEd8bDg7Bf2OzJuzzy+crZV76se0tW9l7JZxiPNyqWK8VBbWrtlOwfUxMnObe2dettZk5HKS+z4KUUmJqtFbvys8cxDpWeNGj0WZesaaRHhZFp+x/HOGfDqkjd2UjM8OerZxEeolAzei/flsjTf9xdPzubZuXFcayyUbUNz+qwpRNZAY0jSIRBNKuP2dzilqs2+Dc2LwcWVycLjCasdJF7WRRFWEYF+YEHGLyJoWY/pFjZ7XrZ6AtkMWQW63xj6QxYiiCYQxbcCymrFCGo6aoDiKHlhTnIE0hjsv/9eSby3VO9IaQTcgiIsGCpAUyTmb9Ex6anvZdctElfDFlQs/gTMwGNH2IJEkkxDq/NrM2QYOhvnqA2A/kjE0Xm0A6B/jWKd2R01nTweQGWEtV5FXSs+DV84fRayVy1MqYBbZKogc0EVV8SkXRvzuZnsXM5nq9MZzH5e5EdlrzmcH38R06KE=
    CF-Cache-Status: DYNAMIC
    Set-Cookie: __cf_bm=wUBXJZwfRNHgjLqDQMtpNMSgmEyOZ25FCWi3l2uv3N8-1710077722-1.0.1.1-USwIdZfoge3s8rRBbpdDE0mNWWI4lCKgxyVsTH4YcgeNAD2OiodqiNzaphSzrL63Y4sgfbVhSWwzTzsCtHRKkt.3PnYtPimfsdSkBVutz6o; path=/; expires=Sun, 10-Mar-24 14:05:22 GMT; domain=.nordvpn.com; HttpOnly; Secure; SameSite=None
    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
    Server: cloudflare
    CF-RAY: 8623b0037e8a412e-LHR
    alt-svc: h3=":443"; ma=86400
  • flag-us
    GET
    https://api.nordvpn.com/v1/helpers/ips/insights
    NordVPNSetup.tmp
    Remote address:
    104.19.159.190:443
    Request
    GET /v1/helpers/ips/insights HTTP/1.1
    User-Agent: Nord.Setup/1.0.0.0
    Host: api.nordvpn.com
    Response
    HTTP/1.1 200 OK
    Date: Sun, 10 Mar 2024 13:35:25 GMT
    Content-Type: application/json;charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    vary: Accept-Encoding
    x-accept-before: 1710120925
    x-authorization: key-id="rsa-key-1",algorithm="rsa-sha256"
    x-digest: c3c0a231c38a5f2c11a57359e5966315d309e30d66a581dab80188661cc15921
    x-signature: fe68k6BV6EI5i2Ey6PF1QE1xpM/LH3jihtl50xzdEO1VDMNRTaOj+mtEPom6R64pZLMV02yOPEZcJCOhTp6hHp93a6T4ZBl0UXt9x3azU0jHJe9BMLaSds8O8iY25Yx/W0LWMvSgBI8yhaL8F9EU+V6AUHJPB/NQrpWgleL0rw4nUm9QECfic/21u9EmM96oreAdb3nUj/3r+xPkRAKpaI/T+yYCR7JVayIsVU/PrjLnq0s9AUPhLghXoZVwvq4mRG+oVhPNAUBWwjJdZtmlVY0zkoB7vSr2TgTecoLJOtZU80q2b8LuV1vGjDwqxPl1gJdcGnnEGVhNvCQIqpLcO7jard/Mi2npuh3gNclC6oOzjsdSqBkR3yGIsZNhozISfjJt1yYqQUFZe6qZz4tlv+bCu+sEfRGVofHoltqjE1YBKNZxSRKl1mC7KGd5myZSAsdG+J34mBVGoAAZkAs1nXOXfhJvXtE9oJYfZEHAhezijcM6nSO/rTXjab+GTs9VKjMBwUQ/g5TSMVJny1Z7WAAtDAC4hiqM78AD216GcGZ3uLV7N0EJ3YLim4Z/5oiqAiD8abEe/2DgBxWg7rhJvy4oz6KuTICHuZ6YxonTmXdNCHVnhW+6su1Ovsrkg30Gpz6Z7sBrW7Ig8K7SsNcMVQalVbqQpesgApJSjJK2N0g=
    x-host-signature: YZF03U9L4u65W6U8bZVWu1+xaxhzkaFVjkcCPCYPlBJhRLy2NHEN0dI/Htqli9N7L2y3fAaS5/MnGS5oT+1ii2/63JPkVV/RQFrdKGBiXepOy9LeK1nOkKLSnz0Y6Ar/8lIGqjODSZag5onn8tODedhywm8Ykq6ERcvtpBjjD+XzOOTnnTcQW4Fae4KM0bOF/8UTOzEveQsobw8+3AOykEd8bDg7Bf2OzJuzzy+crZV76se0tW9l7JZxiPNyqWK8VBbWrtlOwfUxMnObe2dettZk5HKS+z4KUUmJqtFbvys8cxDpWeNGj0WZesaaRHhZFp+x/HOGfDqkjd2UjM8OerZxEeolAzei/flsjTf9xdPzubZuXFcayyUbUNz+qwpRNZAY0jSIRBNKuP2dzilqs2+Dc2LwcWVycLjCasdJF7WRRFWEYF+YEHGLyJoWY/pFjZ7XrZ6AtkMWQW63xj6QxYiiCYQxbcCymrFCGo6aoDiKHlhTnIE0hjsv/9eSby3VO9IaQTcgiIsGCpAUyTmb9Ex6anvZdctElfDFlQs/gTMwGNH2IJEkkxDq/NrM2QYOhvnqA2A/kjE0Xm0A6B/jWKd2R01nTweQGWEtV5FXSs+DV84fRayVy1MqYBbZKogc0EVV8SkXRvzuZnsXM5nq9MZzH5e5EdlrzmcH38R06KE=
    CF-Cache-Status: DYNAMIC
    Set-Cookie: __cf_bm=JAmixqBzdpyPtlBZhF29VCK0EIZ21sN5RImz6x7d4Og-1710077725-1.0.1.1-6o72LFSrR0SqVFwY6eVwOpY28baWtvVrEIen4t7RrcecqljzDjS4mFVFZQblEIz5ar0KUIkyZr4O8Y.JM8uHBqguanWCdQd831W00JOQzsw; path=/; expires=Sun, 10-Mar-24 14:05:25 GMT; domain=.nordvpn.com; HttpOnly; Secure; SameSite=None
    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
    Server: cloudflare
    CF-RAY: 8623b015f9cb412e-LHR
    alt-svc: h3=":443"; ma=86400
  • flag-us
    GET
    https://api.nordvpn.com/v1/helpers/ips/insights
    NordVPNSetup.tmp
    Remote address:
    104.19.159.190:443
    Request
    GET /v1/helpers/ips/insights HTTP/1.1
    User-Agent: Nord.Setup/1.0.0.0
    Host: api.nordvpn.com
    Response
    HTTP/1.1 200 OK
    Date: Sun, 10 Mar 2024 13:35:32 GMT
    Content-Type: application/json;charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    vary: Accept-Encoding
    x-accept-before: 1710120932
    x-authorization: key-id="rsa-key-1",algorithm="rsa-sha256"
    x-digest: c3c0a231c38a5f2c11a57359e5966315d309e30d66a581dab80188661cc15921
    x-signature: FBQy6RhbtPYu0mEUfnwaIaPATRN07tugvCA+6xEs5+cRR+488J1WsCKpBZa8A7VMjIzxnb0UZ6yQtgqlXWeKb+A1TSAI1RcMON2mm3Dyos7uBcNLSkCVo3yYIFod/A8R6FCehvriq3WhYeFiI6tHSAzsku8B7fRBej7vSlWFn0MLs8uzMvLACExTPHP2c6YemqxXPvNP+9dZiOWBrdx21y4GHkGQxWWN12PE0umIkyUDyZ5IWlmpHCscx6u8FMH2KtpG7gds2lDzpCVScFCnl8GaKyUDw3vc+L3TonA2jE8RwOfJzaeX28wMWK9ZG/ub3eF73u44Fq8Q+u5URT4OF0ghwgYY4y0I4MKp6BlX5jWOaXbXBzGZ+TonTfarg7FY7XgFKtiuZ0y1OVNfTsCac5MGAcfYek5GF5yYQv4ZSDP3tqfcqT4BWwuY705yK9J3m+gnZwVU/qzSAsDEQeUiwfO4BkzoIgUMJItODRaQ3ot6gBk8IZgeDbAASA9ut+SjuPvwg9GjPeU3F2fEVDa2b7RuL1J4XufIsZqI6y78hDJOvQN3+PcjoZAYVaM4AZoY7SR7brHR/2rPF/85wJ0+U7pDqrsOIxODlclIVCkiXjMwdnKAmpXZjqheY3j0d16kS9bKr0n6Jg0ms8fFz2nIj17urohU4+FluTnsj03b3zs=
    x-host-signature: YZF03U9L4u65W6U8bZVWu1+xaxhzkaFVjkcCPCYPlBJhRLy2NHEN0dI/Htqli9N7L2y3fAaS5/MnGS5oT+1ii2/63JPkVV/RQFrdKGBiXepOy9LeK1nOkKLSnz0Y6Ar/8lIGqjODSZag5onn8tODedhywm8Ykq6ERcvtpBjjD+XzOOTnnTcQW4Fae4KM0bOF/8UTOzEveQsobw8+3AOykEd8bDg7Bf2OzJuzzy+crZV76se0tW9l7JZxiPNyqWK8VBbWrtlOwfUxMnObe2dettZk5HKS+z4KUUmJqtFbvys8cxDpWeNGj0WZesaaRHhZFp+x/HOGfDqkjd2UjM8OerZxEeolAzei/flsjTf9xdPzubZuXFcayyUbUNz+qwpRNZAY0jSIRBNKuP2dzilqs2+Dc2LwcWVycLjCasdJF7WRRFWEYF+YEHGLyJoWY/pFjZ7XrZ6AtkMWQW63xj6QxYiiCYQxbcCymrFCGo6aoDiKHlhTnIE0hjsv/9eSby3VO9IaQTcgiIsGCpAUyTmb9Ex6anvZdctElfDFlQs/gTMwGNH2IJEkkxDq/NrM2QYOhvnqA2A/kjE0Xm0A6B/jWKd2R01nTweQGWEtV5FXSs+DV84fRayVy1MqYBbZKogc0EVV8SkXRvzuZnsXM5nq9MZzH5e5EdlrzmcH38R06KE=
    CF-Cache-Status: DYNAMIC
    Set-Cookie: __cf_bm=ZP5x1ddKNXEUusA5GkXuJBJwDZR_AyuHcohqga1rlMk-1710077732-1.0.1.1-aE5aHo2OekOi61Ug68chE0ZH2Ocb_eafT38xcwbrOKIEZ.pgbIJbeQl6VfpKcBD8wn9KbsOK8pzREyyZ5Ly0.llhgeIlqCXzUPxRxTu5GEI; path=/; expires=Sun, 10-Mar-24 14:05:32 GMT; domain=.nordvpn.com; HttpOnly; Secure; SameSite=None
    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
    Server: cloudflare
    CF-RAY: 8623b0465d6a412e-LHR
    alt-svc: h3=":443"; ma=86400
  • flag-us
    GET
    https://api.nordvpn.com/v1/helpers/ips/insights
    NordVPNSetup.tmp
    Remote address:
    104.19.159.190:443
    Request
    GET /v1/helpers/ips/insights HTTP/1.1
    User-Agent: Nord.Setup/1.0.0.0
    Host: api.nordvpn.com
    Response
    HTTP/1.1 200 OK
    Date: Sun, 10 Mar 2024 13:35:52 GMT
    Content-Type: application/json;charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    vary: Accept-Encoding
    x-accept-before: 1710120952
    x-authorization: key-id="rsa-key-1",algorithm="rsa-sha256"
    x-digest: c3c0a231c38a5f2c11a57359e5966315d309e30d66a581dab80188661cc15921
    x-signature: NYL/YLHrnWvPaahpjfKcZGV3X3gebtOWvhVQfi3E1D1oRAv8IyDb/z7w2pPZQ/N4s6GekuKUPmqss8q6sT7gzKltCSONewljkJDMwo9EkiDDp3MYEX/V4p8JDswE9FBb/7Li/3p9cWiVpRPspkhI4axaFNUrO29T59/nB7OyuwjwFjDNvB6cxsPBZBtc/XA+8y8vcbfXROExf8uagJihoRalNMHS+v9wTXgAdJQZG0l1V7ISVpEpQvQtwlvFIpYuB5UqJgm6r/5iaUAZCohdsn6OCPf+f6okXjJc3UYpdNWCOZw60ZJnuGSweLbkb2w2IcQxQfkLzUmnKgvxMTY6OGTZDWDJvHEKyj7EodobSLpsCS+xzsUpU8wGci2hK73y4ho0LFEKPDKjgeHk9Jl8mbwgq6JoQxyPIx2wmO9tH75kGad19j6Q4uJrNl54M0gBKL42gGsL35ZNqdpebL5G2rlTbmVHV+4YHVlRAKlBYddZjvpwhxv+gD98Sj0FrOvo8Z/116U62YvX6O5Kygvc2oqBrSVJUqAsz6IWc1naRWiBSZrz8W9TWwlpdyW5/I8We82TuJv/ry9CQ+jEs1HhoOvrmy+wihMs24IxABIpxdmRDAilqE8ePgC1o0xo+/MQ+FqeNYdckjcGaqQtAgwwZoJPNnUnIO6o78Z1Ti7icEg=
    x-host-signature: YZF03U9L4u65W6U8bZVWu1+xaxhzkaFVjkcCPCYPlBJhRLy2NHEN0dI/Htqli9N7L2y3fAaS5/MnGS5oT+1ii2/63JPkVV/RQFrdKGBiXepOy9LeK1nOkKLSnz0Y6Ar/8lIGqjODSZag5onn8tODedhywm8Ykq6ERcvtpBjjD+XzOOTnnTcQW4Fae4KM0bOF/8UTOzEveQsobw8+3AOykEd8bDg7Bf2OzJuzzy+crZV76se0tW9l7JZxiPNyqWK8VBbWrtlOwfUxMnObe2dettZk5HKS+z4KUUmJqtFbvys8cxDpWeNGj0WZesaaRHhZFp+x/HOGfDqkjd2UjM8OerZxEeolAzei/flsjTf9xdPzubZuXFcayyUbUNz+qwpRNZAY0jSIRBNKuP2dzilqs2+Dc2LwcWVycLjCasdJF7WRRFWEYF+YEHGLyJoWY/pFjZ7XrZ6AtkMWQW63xj6QxYiiCYQxbcCymrFCGo6aoDiKHlhTnIE0hjsv/9eSby3VO9IaQTcgiIsGCpAUyTmb9Ex6anvZdctElfDFlQs/gTMwGNH2IJEkkxDq/NrM2QYOhvnqA2A/kjE0Xm0A6B/jWKd2R01nTweQGWEtV5FXSs+DV84fRayVy1MqYBbZKogc0EVV8SkXRvzuZnsXM5nq9MZzH5e5EdlrzmcH38R06KE=
    CF-Cache-Status: DYNAMIC
    Set-Cookie: __cf_bm=JddABoCPBfmHMrTvg.qh.9rEwkh8gsTXocpk6laTfPw-1710077752-1.0.1.1-zj805jUQb2HOHku5B5vqLm2YkTHnzixrzuG8p9XhYo20VWcUSfcaovpmDfVTLo24yqgSm2ZaiOf79_bDF1gbQPI4qo_QlYTY4yVjmZcSbzI; path=/; expires=Sun, 10-Mar-24 14:05:52 GMT; domain=.nordvpn.com; HttpOnly; Secure; SameSite=None
    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
    Server: cloudflare
    CF-RAY: 8623b0c0bd83412e-LHR
    alt-svc: h3=":443"; ma=86400
  • flag-us
    DNS
    190.159.19.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    190.159.19.104.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    applytics.zwyr157wwiu6eior.com
    NordVPNSetup.tmp
    Remote address:
    8.8.8.8:53
    Request
    applytics.zwyr157wwiu6eior.com
    IN A
    Response
    applytics.zwyr157wwiu6eior.com
    IN A
    104.19.184.81
    applytics.zwyr157wwiu6eior.com
    IN A
    104.19.185.81
  • flag-us
    POST
    https://applytics.zwyr157wwiu6eior.com/appevent
    NordVPNSetup.tmp
    Remote address:
    104.19.184.81:443
    Request
    POST /appevent HTTP/1.1
    User-Agent: Nord.Setup/1.0.0.0
    Content-Type: application/x-www-form-urlencoded
    Host: applytics.zwyr157wwiu6eior.com
    Content-Length: 154
    Expect: 100-continue
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Sun, 10 Mar 2024 13:35:22 GMT
    Content-Length: 0
    Connection: keep-alive
    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
    CF-Cache-Status: DYNAMIC
    Server: cloudflare
    CF-RAY: 8623b006eb5a23c0-LHR
    alt-svc: h3=":443"; ma=86400
  • flag-us
    POST
    https://applytics.zwyr157wwiu6eior.com/appevent
    NordVPNSetup.tmp
    Remote address:
    104.19.184.81:443
    Request
    POST /appevent HTTP/1.1
    User-Agent: Nord.Setup/1.0.0.0
    Content-Type: application/x-www-form-urlencoded
    Host: applytics.zwyr157wwiu6eior.com
    Content-Length: 157
    Expect: 100-continue
    Response
    HTTP/1.1 200 OK
    Date: Sun, 10 Mar 2024 13:35:25 GMT
    Content-Length: 0
    Connection: keep-alive
    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
    CF-Cache-Status: DYNAMIC
    Server: cloudflare
    CF-RAY: 8623b016eb2023c0-LHR
    alt-svc: h3=":443"; ma=86400
  • flag-us
    POST
    https://applytics.zwyr157wwiu6eior.com/appevent
    NordVPNSetup.tmp
    Remote address:
    104.19.184.81:443
    Request
    POST /appevent HTTP/1.1
    User-Agent: Nord.Setup/1.0.0.0
    Content-Type: application/x-www-form-urlencoded
    Host: applytics.zwyr157wwiu6eior.com
    Content-Length: 158
    Expect: 100-continue
    Response
    HTTP/1.1 200 OK
    Date: Sun, 10 Mar 2024 13:35:33 GMT
    Content-Length: 0
    Connection: keep-alive
    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
    CF-Cache-Status: DYNAMIC
    Server: cloudflare
    CF-RAY: 8623b0477e2523c0-LHR
    alt-svc: h3=":443"; ma=86400
  • flag-us
    POST
    https://applytics.zwyr157wwiu6eior.com/appevent
    NordVPNSetup.tmp
    Remote address:
    104.19.184.81:443
    Request
    POST /appevent HTTP/1.1
    User-Agent: Nord.Setup/1.0.0.0
    Content-Type: application/x-www-form-urlencoded
    Host: applytics.zwyr157wwiu6eior.com
    Content-Length: 155
    Expect: 100-continue
    Response
    HTTP/1.1 200 OK
    Date: Sun, 10 Mar 2024 13:35:52 GMT
    Content-Length: 0
    Connection: keep-alive
    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
    CF-Cache-Status: DYNAMIC
    Server: cloudflare
    CF-RAY: 8623b0c1a80223c0-LHR
    alt-svc: h3=":443"; ma=86400
  • flag-us
    DNS
    81.184.19.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    81.184.19.104.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    133.211.185.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    133.211.185.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    downloads.nordcdn.com
    NordUpdateService.exe
    Remote address:
    8.8.8.8:53
    Request
    downloads.nordcdn.com
    IN A
    Response
    downloads.nordcdn.com
    IN A
    104.17.207.237
    downloads.nordcdn.com
    IN A
    104.17.208.237
  • flag-us
    GET
    https://downloads.nordcdn.com/apps/windows/NordVPN/latest/NordVPNInstall.exe
    NordVPNSetup.tmp
    Remote address:
    104.17.207.237:443
    Request
    GET /apps/windows/NordVPN/latest/NordVPNInstall.exe HTTP/1.1
    Connection: Keep-Alive
    User-Agent: Inno Setup 6.2.1
    Host: downloads.nordcdn.com
    Response
    HTTP/1.1 302 Moved Temporarily
    Date: Sun, 10 Mar 2024 13:35:25 GMT
    Transfer-Encoding: chunked
    Connection: keep-alive
    Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Expires: Thu, 01 Jan 1970 00:00:01 GMT
    Location: https://downloads77.nordcdn.com/apps/windows/NordVPN/latest/NordVPNInstall.exe
    Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
    Server: cloudflare
    CF-RAY: 8623b017988f23ad-LHR
  • flag-us
    DNS
    downloads77.nordcdn.com
    NordVPNSetup.tmp
    Remote address:
    8.8.8.8:53
    Request
    downloads77.nordcdn.com
    IN A
    Response
    downloads77.nordcdn.com
    IN CNAME
    1360714245.rsc.cdn77.org
    1360714245.rsc.cdn77.org
    IN A
    89.187.167.6
    1360714245.rsc.cdn77.org
    IN A
    195.181.164.18
  • flag-gb
    GET
    https://downloads77.nordcdn.com/apps/windows/NordVPN/latest/NordVPNInstall.exe
    NordVPNSetup.tmp
    Remote address:
    89.187.167.6:443
    Request
    GET /apps/windows/NordVPN/latest/NordVPNInstall.exe HTTP/1.1
    Connection: Keep-Alive
    User-Agent: Inno Setup 6.2.1
    Host: downloads77.nordcdn.com
    Response
    HTTP/1.1 200 OK
    Date: Sun, 10 Mar 2024 13:35:25 GMT
    Content-Type: application/octet-stream
    Content-Length: 47711344
    Connection: keep-alive
    Last-Modified: Thu, 29 Feb 2024 08:23:08 GMT
    etag: 65e03eec2d80470
    X-Authorization: key-id="rsa-key-1",algorithm="rsa-sha256"
    X-Digest: 0be537bea8f9a77635e27688b8f189dcd90ee063c7048f802132876b4510db40
    X-Accept-Before: 1709762170
    X-Signature: GVmVTovr8rMDCAplGmkp3vKhyZjFPsp0dIHg7DoYkkcAMZQbAnIdaEPKcxyJr+Mee1D9xAsEa5ws4GqwHdWN5Doq/n0/szU1paq9nyxSC/YxOAjckCnExWUGhwYRnFwH7RReqD+LCENsO90NmXSeFcKTjFdJ+LzX7GIV2j5NZOJgfJqI5+nEGDGa8BUtV66FKbjnh/M02UCfJ/sxk/quY3A79rp1WwMsKE3b6rFphbJallA7SHi7CPvWHnXPugrzfO6LHVtrRSCdih8gux39rzfPJyADyVm3bVR6RoXfTi0xAYpRmIam6XvsgR2AOmIqYOLzYkHI0ub3cgUxIU6uWktpHKdp02M/PBx4jZ9my5hTXg4Ab0hHRfFghgqlXfCtV+HDjzfOtXe09ZmnNSfi34f3rVLfqXOr8KO3pEo85MMQrmSKj7htBUZ9IT8l2tYm1yb/HJYt3rszUlJhN1g03I6gCLEc1Ekd6+xXjnKdYSYUMJWY4hEkX392a9dzaxQa+XM916qO/IYhuS/SB1fD80nkUGXP1RbQy0KfrXpar06ablow3hAPmcFN68kYcIHl1CLf0Pkr5nOfdd02NUnGsF1hYwvBByfcHfw57ieMbC2QpMLkBF3XP3ORVkfqGUKxCPTdoOMMhTmhlE0H6Z2ZFKWJ4OpyNYV5IS4j8bCQGUc=
    X-Frame-Options: SAMEORIGIN
    X-77-NZT: EwwBWbunAQH3+HYFAAwBuUwKDAH3aQIAAAgBnJIhJwGB
    X-77-NZT-Ray: 9a26d7269ad2715e1db7ed6541d04426
    X-Accel-Expires: @1710755772
    X-77-Cache: HIT
    X-Accel-Date: 1709719589
    X-77-Age: 358753
    Server: CDN77-Turbo
    X-Cache: HIT
    X-Age: 358136
    X-77-POP: londonGB
    Accept-Ranges: bytes
  • flag-us
    DNS
    237.207.17.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    237.207.17.104.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    237.207.17.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    237.207.17.104.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    237.207.17.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    237.207.17.104.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    237.207.17.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    237.207.17.104.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    237.207.17.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    237.207.17.104.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    6.167.187.89.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    6.167.187.89.in-addr.arpa
    IN PTR
    Response
    6.167.187.89.in-addr.arpa
    IN PTR
    651634330loncdn77com
  • flag-us
    DNS
    6.167.187.89.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    6.167.187.89.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    226.21.18.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    226.21.18.104.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    226.20.18.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    226.20.18.104.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    28.118.140.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    28.118.140.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    232.168.11.51.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    232.168.11.51.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    103.169.127.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    103.169.127.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    206.23.85.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    206.23.85.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    217.135.221.88.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    217.135.221.88.in-addr.arpa
    IN PTR
    Response
    217.135.221.88.in-addr.arpa
    IN PTR
    a88-221-135-217deploystaticakamaitechnologiescom
  • flag-us
    DNS
    26.35.223.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    26.35.223.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    dual-a-0001.a-msedge.net
    dual-a-0001.a-msedge.net
    IN A
    204.79.197.200
    dual-a-0001.a-msedge.net
    IN A
    13.107.21.200
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301483_19RYSE32QNNQ30Z96&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301483_19RYSE32QNNQ30Z96&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 97422
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 03F86BE8499146FE947A53A69DCA0518 Ref B: LON04EDGE0616 Ref C: 2024-03-10T13:36:05Z
    date: Sun, 10 Mar 2024 13:36:05 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301244_17N91ZKZSGROIQHSO&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301244_17N91ZKZSGROIQHSO&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 455966
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 17DB630D2CBF4D7986EF08C50F2D3464 Ref B: LON04EDGE0616 Ref C: 2024-03-10T13:36:05Z
    date: Sun, 10 Mar 2024 13:36:05 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301653_1VKC04F354IQVXJN4&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301653_1VKC04F354IQVXJN4&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 91993
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: D9B634FD7A534F2E863628EF116BE41D Ref B: LON04EDGE0616 Ref C: 2024-03-10T13:36:05Z
    date: Sun, 10 Mar 2024 13:36:05 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239340418565_1OUCQO7VP7RV95UTY&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239340418565_1OUCQO7VP7RV95UTY&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 483188
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: A27540FE3D97484580A337A29255B1E8 Ref B: LON04EDGE0616 Ref C: 2024-03-10T13:36:05Z
    date: Sun, 10 Mar 2024 13:36:05 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301050_1PONXOEJ6RIZQGBZT&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301050_1PONXOEJ6RIZQGBZT&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 223754
    content-type: image/jpeg
    x-cache: TCP_MISS
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: E12B1A0D41DC4C6C84A37E40218647EF Ref B: LON04EDGE0616 Ref C: 2024-03-10T13:36:05Z
    date: Sun, 10 Mar 2024 13:36:05 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239340418566_1KUOCUMD7VRU52NBF&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239340418566_1KUOCUMD7VRU52NBF&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 210530
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: F889DC94CC604CB584BD26D67EBB0A92 Ref B: LON04EDGE0616 Ref C: 2024-03-10T13:36:12Z
    date: Sun, 10 Mar 2024 13:36:12 GMT
  • flag-us
    DNS
    210.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    210.178.17.96.in-addr.arpa
    IN PTR
    Response
    210.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-210deploystaticakamaitechnologiescom
  • flag-us
    GET
    https://api.nordvpn.com/v1/helpers/ips/insights
    NordVPNSetup.tmp
    Remote address:
    104.19.159.190:443
    Request
    GET /v1/helpers/ips/insights HTTP/1.1
    User-Agent: Nord.Setup/1.0.0.0
    Host: api.nordvpn.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Sun, 10 Mar 2024 13:36:43 GMT
    Content-Type: application/json;charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    vary: Accept-Encoding
    x-accept-before: 1710121003
    x-authorization: key-id="rsa-key-1",algorithm="rsa-sha256"
    x-digest: c3c0a231c38a5f2c11a57359e5966315d309e30d66a581dab80188661cc15921
    x-signature: TN4vtE7quyFHN9iWOEzryl7d+VOChnwT4N3HLN08OcHRBH5yWXD3ut/EnjZE6RkYfSXEcIdodNy0YvhwjI6m3Fd6ITVYQoj49cJ7euBe4F8X0uVsYF44fWBve1JSAseHFE3nMdbTefMYqYMG1zu6UUivHNM3fwKF3JDUbpm4liSa6qJwwtu2c9uwGii/lPB3RAHJAfa1hx/7eI6TmyvUMDRYzt3p5bVEyfenfSp6E9YTAHjW6BSRUzYKYFfxiKWBvCKyK+R8ccHsv/kyLIl63N4vYjejkOkGoQFYUnTZr05WmvltpfNAEh8dCVXkKY1GvM2CU0uta6er+xoHrQu5AFS+duaFVmG+8sHmeXN3fd6xmqCCUp7JIUZpyE6bUs1LcBOTYELWh966RBpqfdq7wGL5vqpcAzINNlpgYXvYB6aMES3YtrJCcXIe1yDrgFcAK2E5I6x6QWYOnv9rbRYt2iHPsLoXlYeGjq0lY9lI4dHkGRmDXoQXGaQsEZ2sMI5K6jyMLB73Gib5UsQos61pasZYYAwXsosXyoodTYmzGOQFXsIrSVNErgRrQx/9q6zei/LSHtz/O113mrG0JkW8XMQYgu2ZBscmnMAXFT5unl+fARnD6KeWVpAu8ppClX9sEIN1h4sEIhKk2adNI578Yaz8SECDhC7z34iebC7qhe0=
    x-host-signature: YZF03U9L4u65W6U8bZVWu1+xaxhzkaFVjkcCPCYPlBJhRLy2NHEN0dI/Htqli9N7L2y3fAaS5/MnGS5oT+1ii2/63JPkVV/RQFrdKGBiXepOy9LeK1nOkKLSnz0Y6Ar/8lIGqjODSZag5onn8tODedhywm8Ykq6ERcvtpBjjD+XzOOTnnTcQW4Fae4KM0bOF/8UTOzEveQsobw8+3AOykEd8bDg7Bf2OzJuzzy+crZV76se0tW9l7JZxiPNyqWK8VBbWrtlOwfUxMnObe2dettZk5HKS+z4KUUmJqtFbvys8cxDpWeNGj0WZesaaRHhZFp+x/HOGfDqkjd2UjM8OerZxEeolAzei/flsjTf9xdPzubZuXFcayyUbUNz+qwpRNZAY0jSIRBNKuP2dzilqs2+Dc2LwcWVycLjCasdJF7WRRFWEYF+YEHGLyJoWY/pFjZ7XrZ6AtkMWQW63xj6QxYiiCYQxbcCymrFCGo6aoDiKHlhTnIE0hjsv/9eSby3VO9IaQTcgiIsGCpAUyTmb9Ex6anvZdctElfDFlQs/gTMwGNH2IJEkkxDq/NrM2QYOhvnqA2A/kjE0Xm0A6B/jWKd2R01nTweQGWEtV5FXSs+DV84fRayVy1MqYBbZKogc0EVV8SkXRvzuZnsXM5nq9MZzH5e5EdlrzmcH38R06KE=
    CF-Cache-Status: DYNAMIC
    Set-Cookie: __cf_bm=YxGDKGZP29VdhmxnjCsqUGNfBKjnvnzVMtjOD0xU5y8-1710077803-1.0.1.1-pXEhj9wdzJxvv9gow3P2AGdcjYuMOIiGF0joes91cWScsacf1qN1QAOsGWI8jUZtxHMGoTlmaIfIe4cJr7USmF4OgSCe_Tc9SQnJCjWlEGI; path=/; expires=Sun, 10-Mar-24 14:06:43 GMT; domain=.nordvpn.com; HttpOnly; Secure; SameSite=None
    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
    Server: cloudflare
    CF-RAY: 8623b1fdfdd5639d-LHR
    alt-svc: h3=":443"; ma=86400
  • flag-us
    GET
    https://api.nordvpn.com/v1/helpers/ips/insights
    NordVPNSetup.tmp
    Remote address:
    104.19.159.190:443
    Request
    GET /v1/helpers/ips/insights HTTP/1.1
    User-Agent: Nord.Setup/1.0.0.0
    Host: api.nordvpn.com
    Response
    HTTP/1.1 200 OK
    Date: Sun, 10 Mar 2024 13:37:12 GMT
    Content-Type: application/json;charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    vary: Accept-Encoding
    x-accept-before: 1710121031
    x-authorization: key-id="rsa-key-1",algorithm="rsa-sha256"
    x-digest: c3c0a231c38a5f2c11a57359e5966315d309e30d66a581dab80188661cc15921
    x-signature: cx3VZPzZMMlhV+8GT4+G/PIPr6Qk414kNmz/tDLc8vigUqFyyiAI9I8RCkVcnF5ONj3IwhqzYyzWjfZRFZXQ/CcZYgVfcNLonYwJhqphM9bRaDnvBpC5Vs8H5Zj3fz649+GheoipictU6d1xIoO1qC6v5qQryD/uPah0TNod+icVGGVwhZFLPP82gvug4+CSBNTQu7CHRmrKYMSsKXbU7wJKB5A4LCZR75k2r5aSrDxA+a7I7QOGu2slY40vFfwdxZw4ca7GyW6xqLh4XLRH5rG2h41lgDEyvQs8UY1f9Vpc4nsh8LGqtSRCwjkspotuz8ww8I40cqgWDd0eRIis6WllcODO+ETy7L8Jrd9c4BhJ9o0v7c+YHgPLsdEO7ssGl/IrkOZK36nBZHhH4d3AxoCdP2pnPct7C6CDE4pZ6BRVQHzpTdhignVrDSiZlZbE7DtazlC7/OqerfbwVqC40PmlwJnvVrQoKO+HLWDNHglXlGjtWaAvRWd+fYZGy4hb5YV0kp/oe/yNZO8MoUSeAY7kfn3F6dPDBDs3xXBeUQI2e4x9boexW28hG4qPSRClMsqnNndQAhdRjiyDvFDBQo1wNMRuyreKyXF180mCBa1JDbZbBorQ10zeEEtr8m1a6bfBeqnDiy+H39wD0bGpONHjMOJEFyu4d5MYQX7gFis=
    x-host-signature: YZF03U9L4u65W6U8bZVWu1+xaxhzkaFVjkcCPCYPlBJhRLy2NHEN0dI/Htqli9N7L2y3fAaS5/MnGS5oT+1ii2/63JPkVV/RQFrdKGBiXepOy9LeK1nOkKLSnz0Y6Ar/8lIGqjODSZag5onn8tODedhywm8Ykq6ERcvtpBjjD+XzOOTnnTcQW4Fae4KM0bOF/8UTOzEveQsobw8+3AOykEd8bDg7Bf2OzJuzzy+crZV76se0tW9l7JZxiPNyqWK8VBbWrtlOwfUxMnObe2dettZk5HKS+z4KUUmJqtFbvys8cxDpWeNGj0WZesaaRHhZFp+x/HOGfDqkjd2UjM8OerZxEeolAzei/flsjTf9xdPzubZuXFcayyUbUNz+qwpRNZAY0jSIRBNKuP2dzilqs2+Dc2LwcWVycLjCasdJF7WRRFWEYF+YEHGLyJoWY/pFjZ7XrZ6AtkMWQW63xj6QxYiiCYQxbcCymrFCGo6aoDiKHlhTnIE0hjsv/9eSby3VO9IaQTcgiIsGCpAUyTmb9Ex6anvZdctElfDFlQs/gTMwGNH2IJEkkxDq/NrM2QYOhvnqA2A/kjE0Xm0A6B/jWKd2R01nTweQGWEtV5FXSs+DV84fRayVy1MqYBbZKogc0EVV8SkXRvzuZnsXM5nq9MZzH5e5EdlrzmcH38R06KE=
    CF-Cache-Status: DYNAMIC
    Set-Cookie: __cf_bm=djfwN7c_9oEaIk.X1UHDTa15D.Crz_aFOSOpm2w6uLE-1710077832-1.0.1.1-0emcgWm.rLyVAl9QUHb2xKiroVU7rpaN54qtBN3Pv3kBZhvPAVytIecvZhvl90nFOvBIwLZfe8QpK2WVZGWNPQ3nB8E5y0K4_Npm_Sh_5is; path=/; expires=Sun, 10-Mar-24 14:07:12 GMT; domain=.nordvpn.com; HttpOnly; Secure; SameSite=None
    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
    Server: cloudflare
    CF-RAY: 8623b2b19bb5639d-LHR
    alt-svc: h3=":443"; ma=86400
  • flag-us
    GET
    https://api.nordvpn.com/v1/helpers/ips/insights
    NordVPNSetup.tmp
    Remote address:
    104.19.159.190:443
    Request
    GET /v1/helpers/ips/insights HTTP/1.1
    User-Agent: Nord.Setup/1.0.0.0
    Host: api.nordvpn.com
    Response
    HTTP/1.1 200 OK
    Date: Sun, 10 Mar 2024 13:37:12 GMT
    Content-Type: application/json;charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    vary: Accept-Encoding
    x-accept-before: 1710121032
    x-authorization: key-id="rsa-key-1",algorithm="rsa-sha256"
    x-digest: c3c0a231c38a5f2c11a57359e5966315d309e30d66a581dab80188661cc15921
    x-signature: mHQhwlQfQ28AAP6b2uqev52Gxh/wI8tPf9u5zlma3m0E77tLmRay7eyD4VMFC3Qk8zcFZrrCw85YcBva2B0VDuzzLY8ElOfZqeF47Z5mGen3CDndHlPrHc5A2a7AgmIPt75qUHro8Q903ghwFb5yFyoHoQZaVRYOY8jcMwoRIHHSQh6JB+fQbqUhGrCWusEx4oQ137tAOEWltlzlRkQNiMu+ZMGKjaaHyeMIB7zd+hlG6QhkRjodJa1ID7RDphnLfv2alObiL+54Rm2PPeaZJLGeOi4ZxyRyF79FRt3/HAXYxYEUUg0wTgQtf/rEZKQEoIQ+C6NVGRHLIsy6o4Xw9pHsdj50BvlpAg8Q/J157fJQzaTkQFLoPkgLydLnAzwndEjer7wIR6KctdxI0DIN1Xxf++f2jDkrkcvspI9pgGMej2pZvJXBNC1nWP1qb2EJ51RbUrsajxqiLPGY0xdV3b5DHAuH5n6qRqCCRq4Q4dElq6K0q/YACjkXMS+/wRkLdrYL0WaKdyFTuB3Qky9ZXnGwFXYA/uyefmLJ0NIs8p7CivvnFT+FwRfg9+BYp+cctuFlSYUkUd5j5/drbHRzMaJSLNUW3FKUUFIZNKnlZGpa2rxTxxMYg7kyXvl0zlPq/qG+Fez7/i3a4kXkixH5l7HqbbTvrXV4f9HwEenr2gw=
    x-host-signature: YZF03U9L4u65W6U8bZVWu1+xaxhzkaFVjkcCPCYPlBJhRLy2NHEN0dI/Htqli9N7L2y3fAaS5/MnGS5oT+1ii2/63JPkVV/RQFrdKGBiXepOy9LeK1nOkKLSnz0Y6Ar/8lIGqjODSZag5onn8tODedhywm8Ykq6ERcvtpBjjD+XzOOTnnTcQW4Fae4KM0bOF/8UTOzEveQsobw8+3AOykEd8bDg7Bf2OzJuzzy+crZV76se0tW9l7JZxiPNyqWK8VBbWrtlOwfUxMnObe2dettZk5HKS+z4KUUmJqtFbvys8cxDpWeNGj0WZesaaRHhZFp+x/HOGfDqkjd2UjM8OerZxEeolAzei/flsjTf9xdPzubZuXFcayyUbUNz+qwpRNZAY0jSIRBNKuP2dzilqs2+Dc2LwcWVycLjCasdJF7WRRFWEYF+YEHGLyJoWY/pFjZ7XrZ6AtkMWQW63xj6QxYiiCYQxbcCymrFCGo6aoDiKHlhTnIE0hjsv/9eSby3VO9IaQTcgiIsGCpAUyTmb9Ex6anvZdctElfDFlQs/gTMwGNH2IJEkkxDq/NrM2QYOhvnqA2A/kjE0Xm0A6B/jWKd2R01nTweQGWEtV5FXSs+DV84fRayVy1MqYBbZKogc0EVV8SkXRvzuZnsXM5nq9MZzH5e5EdlrzmcH38R06KE=
    CF-Cache-Status: DYNAMIC
    Set-Cookie: __cf_bm=st9kQTB3ix34xX4Weh_2KbLQFOo82UN8Erh7LOvc4yc-1710077832-1.0.1.1-SWbBMIj9oK_sV2BzQhEH_ue9GGYLidhG_n3l1gDDpxLbOQsse52Fz7I1OKGuszrHVi8UJi4BBr9qgDDB0X8y3MEEI7zIGRb_OCsUb64gdmk; path=/; expires=Sun, 10-Mar-24 14:07:12 GMT; domain=.nordvpn.com; HttpOnly; Secure; SameSite=None
    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
    Server: cloudflare
    CF-RAY: 8623b2b24d09639d-LHR
    alt-svc: h3=":443"; ma=86400
  • flag-us
    GET
    https://api.nordvpn.com/v1/helpers/ips/insights
    NordVPNSetup.tmp
    Remote address:
    104.19.159.190:443
    Request
    GET /v1/helpers/ips/insights HTTP/1.1
    User-Agent: Nord.Setup/1.0.0.0
    Host: api.nordvpn.com
    Response
    HTTP/1.1 200 OK
    Date: Sun, 10 Mar 2024 13:37:12 GMT
    Content-Type: application/json;charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    vary: Accept-Encoding
    x-accept-before: 1710121032
    x-authorization: key-id="rsa-key-1",algorithm="rsa-sha256"
    x-digest: c3c0a231c38a5f2c11a57359e5966315d309e30d66a581dab80188661cc15921
    x-signature: mHQhwlQfQ28AAP6b2uqev52Gxh/wI8tPf9u5zlma3m0E77tLmRay7eyD4VMFC3Qk8zcFZrrCw85YcBva2B0VDuzzLY8ElOfZqeF47Z5mGen3CDndHlPrHc5A2a7AgmIPt75qUHro8Q903ghwFb5yFyoHoQZaVRYOY8jcMwoRIHHSQh6JB+fQbqUhGrCWusEx4oQ137tAOEWltlzlRkQNiMu+ZMGKjaaHyeMIB7zd+hlG6QhkRjodJa1ID7RDphnLfv2alObiL+54Rm2PPeaZJLGeOi4ZxyRyF79FRt3/HAXYxYEUUg0wTgQtf/rEZKQEoIQ+C6NVGRHLIsy6o4Xw9pHsdj50BvlpAg8Q/J157fJQzaTkQFLoPkgLydLnAzwndEjer7wIR6KctdxI0DIN1Xxf++f2jDkrkcvspI9pgGMej2pZvJXBNC1nWP1qb2EJ51RbUrsajxqiLPGY0xdV3b5DHAuH5n6qRqCCRq4Q4dElq6K0q/YACjkXMS+/wRkLdrYL0WaKdyFTuB3Qky9ZXnGwFXYA/uyefmLJ0NIs8p7CivvnFT+FwRfg9+BYp+cctuFlSYUkUd5j5/drbHRzMaJSLNUW3FKUUFIZNKnlZGpa2rxTxxMYg7kyXvl0zlPq/qG+Fez7/i3a4kXkixH5l7HqbbTvrXV4f9HwEenr2gw=
    x-host-signature: YZF03U9L4u65W6U8bZVWu1+xaxhzkaFVjkcCPCYPlBJhRLy2NHEN0dI/Htqli9N7L2y3fAaS5/MnGS5oT+1ii2/63JPkVV/RQFrdKGBiXepOy9LeK1nOkKLSnz0Y6Ar/8lIGqjODSZag5onn8tODedhywm8Ykq6ERcvtpBjjD+XzOOTnnTcQW4Fae4KM0bOF/8UTOzEveQsobw8+3AOykEd8bDg7Bf2OzJuzzy+crZV76se0tW9l7JZxiPNyqWK8VBbWrtlOwfUxMnObe2dettZk5HKS+z4KUUmJqtFbvys8cxDpWeNGj0WZesaaRHhZFp+x/HOGfDqkjd2UjM8OerZxEeolAzei/flsjTf9xdPzubZuXFcayyUbUNz+qwpRNZAY0jSIRBNKuP2dzilqs2+Dc2LwcWVycLjCasdJF7WRRFWEYF+YEHGLyJoWY/pFjZ7XrZ6AtkMWQW63xj6QxYiiCYQxbcCymrFCGo6aoDiKHlhTnIE0hjsv/9eSby3VO9IaQTcgiIsGCpAUyTmb9Ex6anvZdctElfDFlQs/gTMwGNH2IJEkkxDq/NrM2QYOhvnqA2A/kjE0Xm0A6B/jWKd2R01nTweQGWEtV5FXSs+DV84fRayVy1MqYBbZKogc0EVV8SkXRvzuZnsXM5nq9MZzH5e5EdlrzmcH38R06KE=
    CF-Cache-Status: DYNAMIC
    Set-Cookie: __cf_bm=plEYQB1d0_PCGzogC0kQxuA_lpsVp4x1ZwbefdXetNw-1710077832-1.0.1.1-u0HHbNlIKp9_ISdUmjH7yeS.XgpVMdigrrVR55DBABbaJmhuBKcBd3HLwzHva1MSll0W3IaTJD3ufx9g923koYouLBS8vjrgG4vJfKkzemI; path=/; expires=Sun, 10-Mar-24 14:07:12 GMT; domain=.nordvpn.com; HttpOnly; Secure; SameSite=None
    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
    Server: cloudflare
    CF-RAY: 8623b2b2fe26639d-LHR
    alt-svc: h3=":443"; ma=86400
  • flag-us
    GET
    https://api.nordvpn.com/v1/helpers/ips/insights
    NordVPNSetup.tmp
    Remote address:
    104.19.159.190:443
    Request
    GET /v1/helpers/ips/insights HTTP/1.1
    User-Agent: Nord.Setup/1.0.0.0
    Host: api.nordvpn.com
    Response
    HTTP/1.1 200 OK
    Date: Sun, 10 Mar 2024 13:37:12 GMT
    Content-Type: application/json;charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    vary: Accept-Encoding
    x-accept-before: 1710121032
    x-authorization: key-id="rsa-key-1",algorithm="rsa-sha256"
    x-digest: c3c0a231c38a5f2c11a57359e5966315d309e30d66a581dab80188661cc15921
    x-signature: mHQhwlQfQ28AAP6b2uqev52Gxh/wI8tPf9u5zlma3m0E77tLmRay7eyD4VMFC3Qk8zcFZrrCw85YcBva2B0VDuzzLY8ElOfZqeF47Z5mGen3CDndHlPrHc5A2a7AgmIPt75qUHro8Q903ghwFb5yFyoHoQZaVRYOY8jcMwoRIHHSQh6JB+fQbqUhGrCWusEx4oQ137tAOEWltlzlRkQNiMu+ZMGKjaaHyeMIB7zd+hlG6QhkRjodJa1ID7RDphnLfv2alObiL+54Rm2PPeaZJLGeOi4ZxyRyF79FRt3/HAXYxYEUUg0wTgQtf/rEZKQEoIQ+C6NVGRHLIsy6o4Xw9pHsdj50BvlpAg8Q/J157fJQzaTkQFLoPkgLydLnAzwndEjer7wIR6KctdxI0DIN1Xxf++f2jDkrkcvspI9pgGMej2pZvJXBNC1nWP1qb2EJ51RbUrsajxqiLPGY0xdV3b5DHAuH5n6qRqCCRq4Q4dElq6K0q/YACjkXMS+/wRkLdrYL0WaKdyFTuB3Qky9ZXnGwFXYA/uyefmLJ0NIs8p7CivvnFT+FwRfg9+BYp+cctuFlSYUkUd5j5/drbHRzMaJSLNUW3FKUUFIZNKnlZGpa2rxTxxMYg7kyXvl0zlPq/qG+Fez7/i3a4kXkixH5l7HqbbTvrXV4f9HwEenr2gw=
    x-host-signature: YZF03U9L4u65W6U8bZVWu1+xaxhzkaFVjkcCPCYPlBJhRLy2NHEN0dI/Htqli9N7L2y3fAaS5/MnGS5oT+1ii2/63JPkVV/RQFrdKGBiXepOy9LeK1nOkKLSnz0Y6Ar/8lIGqjODSZag5onn8tODedhywm8Ykq6ERcvtpBjjD+XzOOTnnTcQW4Fae4KM0bOF/8UTOzEveQsobw8+3AOykEd8bDg7Bf2OzJuzzy+crZV76se0tW9l7JZxiPNyqWK8VBbWrtlOwfUxMnObe2dettZk5HKS+z4KUUmJqtFbvys8cxDpWeNGj0WZesaaRHhZFp+x/HOGfDqkjd2UjM8OerZxEeolAzei/flsjTf9xdPzubZuXFcayyUbUNz+qwpRNZAY0jSIRBNKuP2dzilqs2+Dc2LwcWVycLjCasdJF7WRRFWEYF+YEHGLyJoWY/pFjZ7XrZ6AtkMWQW63xj6QxYiiCYQxbcCymrFCGo6aoDiKHlhTnIE0hjsv/9eSby3VO9IaQTcgiIsGCpAUyTmb9Ex6anvZdctElfDFlQs/gTMwGNH2IJEkkxDq/NrM2QYOhvnqA2A/kjE0Xm0A6B/jWKd2R01nTweQGWEtV5FXSs+DV84fRayVy1MqYBbZKogc0EVV8SkXRvzuZnsXM5nq9MZzH5e5EdlrzmcH38R06KE=
    CF-Cache-Status: DYNAMIC
    Set-Cookie: __cf_bm=iK_rolnPxXPcLALiMwWEqQlo21vxvfo5m9mAcBIoVGU-1710077832-1.0.1.1-s8vMXBtUA4pdEcF8SZy3IPkCUWsSVekycecdBbguipAOjEakDgGpwsAWQAfSgg5CZ3mB_3_tlVYa74Xb8BsNze6Ni36ontR9bdSlwjVMsMQ; path=/; expires=Sun, 10-Mar-24 14:07:12 GMT; domain=.nordvpn.com; HttpOnly; Secure; SameSite=None
    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
    Server: cloudflare
    CF-RAY: 8623b2b39f3c639d-LHR
    alt-svc: h3=":443"; ma=86400
  • flag-us
    GET
    https://api.nordvpn.com/v1/helpers/ips/insights
    NordVPNSetup.tmp
    Remote address:
    104.19.159.190:443
    Request
    GET /v1/helpers/ips/insights HTTP/1.1
    User-Agent: Nord.Setup/1.0.0.0
    Host: api.nordvpn.com
    Response
    HTTP/1.1 200 OK
    Date: Sun, 10 Mar 2024 13:37:16 GMT
    Content-Type: application/json;charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    vary: Accept-Encoding
    x-accept-before: 1710121036
    x-authorization: key-id="rsa-key-1",algorithm="rsa-sha256"
    x-digest: c3c0a231c38a5f2c11a57359e5966315d309e30d66a581dab80188661cc15921
    x-signature: PDPCdzd46BrsuoyTnEdRGkC66JUKpuQUsDlIizCkMuxsaKkY35Sn1c4Hsy2XAjkQYn6bawRDmliepGbQYAMlq7AsYIkjbt28cgugH6ppg8nVv94R/AQPId1TYVlMM4Yx24mXgLvfgggUlvO8Ev+PRAM/uJa3X1KXZLZmdVXfaSeU/h2txMO9iQSl/9xhMAFzKNZr54mf+SY8se4iagGO/LXeLqjoew2zXpG9xO0PQk0JqBDCyq00/zw2PovIu917LYfAsMBz8knr3bmGjaHLmADq+U6BicxN5l+ZXXMR78VTRAfVoIB6WjPBuNsX9fyOC6dJDPXDajtWYx6pD7Rx9iDbF0/42L9qnpyWAvFiDkLGiOgSETB3QpDoArWxhyUKjBduYJCvnu/Px6uRDeRKoQLHH7wpIZxaXRYzupZwC1f6tE4Ag7dsaNuGaSE+0OW8r4ehMjqIRVAfIgHXaBPa5qS6GU6EUeMq73ajQISPK0DZxpbUhOdNqCqKgV4NTlz9LNqDjcfeKN15D+RkxO3maoiZKS6Z7Irmmm0LTAYlvGgzfTbt7RNfMOWZUcgQPZbw3k579u+VmS7bxiTsdQQdoYVfHppGxCSrTvD0j8FVzN9DMYaKlBEh3MTZzqr5cF+0r1ATemaZppNFj4KVHDXNGeRvBEJYErpieEwkLzx91iA=
    x-host-signature: YZF03U9L4u65W6U8bZVWu1+xaxhzkaFVjkcCPCYPlBJhRLy2NHEN0dI/Htqli9N7L2y3fAaS5/MnGS5oT+1ii2/63JPkVV/RQFrdKGBiXepOy9LeK1nOkKLSnz0Y6Ar/8lIGqjODSZag5onn8tODedhywm8Ykq6ERcvtpBjjD+XzOOTnnTcQW4Fae4KM0bOF/8UTOzEveQsobw8+3AOykEd8bDg7Bf2OzJuzzy+crZV76se0tW9l7JZxiPNyqWK8VBbWrtlOwfUxMnObe2dettZk5HKS+z4KUUmJqtFbvys8cxDpWeNGj0WZesaaRHhZFp+x/HOGfDqkjd2UjM8OerZxEeolAzei/flsjTf9xdPzubZuXFcayyUbUNz+qwpRNZAY0jSIRBNKuP2dzilqs2+Dc2LwcWVycLjCasdJF7WRRFWEYF+YEHGLyJoWY/pFjZ7XrZ6AtkMWQW63xj6QxYiiCYQxbcCymrFCGo6aoDiKHlhTnIE0hjsv/9eSby3VO9IaQTcgiIsGCpAUyTmb9Ex6anvZdctElfDFlQs/gTMwGNH2IJEkkxDq/NrM2QYOhvnqA2A/kjE0Xm0A6B/jWKd2R01nTweQGWEtV5FXSs+DV84fRayVy1MqYBbZKogc0EVV8SkXRvzuZnsXM5nq9MZzH5e5EdlrzmcH38R06KE=
    CF-Cache-Status: DYNAMIC
    Set-Cookie: __cf_bm=rRkZ9zISZg4NsJ1d.ylanPQGSoXCeM0gbJi54vynl7M-1710077836-1.0.1.1-iB7XklUJBEHp0Bn4oxf7rPJ81qvwbvHVrZLbroUcmRmMIfpx1KD.Ohtqqpm77rhXQD61ZzJ.SNqyImUQj_2iGK7UwW0SKzoJhIZJ7LrDeYE; path=/; expires=Sun, 10-Mar-24 14:07:16 GMT; domain=.nordvpn.com; HttpOnly; Secure; SameSite=None
    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
    Server: cloudflare
    CF-RAY: 8623b2cb8f89639d-LHR
    alt-svc: h3=":443"; ma=86400
  • flag-us
    GET
    https://api.nordvpn.com/v1/helpers/ips/insights
    NordVPNSetup.tmp
    Remote address:
    104.19.159.190:443
    Request
    GET /v1/helpers/ips/insights HTTP/1.1
    User-Agent: Nord.Setup/1.0.0.0
    Host: api.nordvpn.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Sun, 10 Mar 2024 13:36:43 GMT
    Content-Type: application/json;charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    vary: Accept-Encoding
    x-accept-before: 1710121003
    x-authorization: key-id="rsa-key-1",algorithm="rsa-sha256"
    x-digest: c3c0a231c38a5f2c11a57359e5966315d309e30d66a581dab80188661cc15921
    x-signature: TN4vtE7quyFHN9iWOEzryl7d+VOChnwT4N3HLN08OcHRBH5yWXD3ut/EnjZE6RkYfSXEcIdodNy0YvhwjI6m3Fd6ITVYQoj49cJ7euBe4F8X0uVsYF44fWBve1JSAseHFE3nMdbTefMYqYMG1zu6UUivHNM3fwKF3JDUbpm4liSa6qJwwtu2c9uwGii/lPB3RAHJAfa1hx/7eI6TmyvUMDRYzt3p5bVEyfenfSp6E9YTAHjW6BSRUzYKYFfxiKWBvCKyK+R8ccHsv/kyLIl63N4vYjejkOkGoQFYUnTZr05WmvltpfNAEh8dCVXkKY1GvM2CU0uta6er+xoHrQu5AFS+duaFVmG+8sHmeXN3fd6xmqCCUp7JIUZpyE6bUs1LcBOTYELWh966RBpqfdq7wGL5vqpcAzINNlpgYXvYB6aMES3YtrJCcXIe1yDrgFcAK2E5I6x6QWYOnv9rbRYt2iHPsLoXlYeGjq0lY9lI4dHkGRmDXoQXGaQsEZ2sMI5K6jyMLB73Gib5UsQos61pasZYYAwXsosXyoodTYmzGOQFXsIrSVNErgRrQx/9q6zei/LSHtz/O113mrG0JkW8XMQYgu2ZBscmnMAXFT5unl+fARnD6KeWVpAu8ppClX9sEIN1h4sEIhKk2adNI578Yaz8SECDhC7z34iebC7qhe0=
    x-host-signature: YZF03U9L4u65W6U8bZVWu1+xaxhzkaFVjkcCPCYPlBJhRLy2NHEN0dI/Htqli9N7L2y3fAaS5/MnGS5oT+1ii2/63JPkVV/RQFrdKGBiXepOy9LeK1nOkKLSnz0Y6Ar/8lIGqjODSZag5onn8tODedhywm8Ykq6ERcvtpBjjD+XzOOTnnTcQW4Fae4KM0bOF/8UTOzEveQsobw8+3AOykEd8bDg7Bf2OzJuzzy+crZV76se0tW9l7JZxiPNyqWK8VBbWrtlOwfUxMnObe2dettZk5HKS+z4KUUmJqtFbvys8cxDpWeNGj0WZesaaRHhZFp+x/HOGfDqkjd2UjM8OerZxEeolAzei/flsjTf9xdPzubZuXFcayyUbUNz+qwpRNZAY0jSIRBNKuP2dzilqs2+Dc2LwcWVycLjCasdJF7WRRFWEYF+YEHGLyJoWY/pFjZ7XrZ6AtkMWQW63xj6QxYiiCYQxbcCymrFCGo6aoDiKHlhTnIE0hjsv/9eSby3VO9IaQTcgiIsGCpAUyTmb9Ex6anvZdctElfDFlQs/gTMwGNH2IJEkkxDq/NrM2QYOhvnqA2A/kjE0Xm0A6B/jWKd2R01nTweQGWEtV5FXSs+DV84fRayVy1MqYBbZKogc0EVV8SkXRvzuZnsXM5nq9MZzH5e5EdlrzmcH38R06KE=
    CF-Cache-Status: DYNAMIC
    Set-Cookie: __cf_bm=tL_fjQ8LQGE1Q6Bo8QQrnBFlhyUWTehdXeCXys9nW.M-1710077803-1.0.1.1-FRmwHThdJlk7H5GB27Z8c6ZiluTKahaIE7bWY1U7EVLRqaZ7mO25nu29TLIFG80.wSJ5G1idzAdI95NnXB30.rysAIpsTcoYRUA.emB4wkk; path=/; expires=Sun, 10-Mar-24 14:06:43 GMT; domain=.nordvpn.com; HttpOnly; Secure; SameSite=None
    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
    Server: cloudflare
    CF-RAY: 8623b1fdfb5b6524-LHR
    alt-svc: h3=":443"; ma=86400
  • flag-us
    GET
    https://api.nordvpn.com/v1/helpers/ips/insights
    NordVPNSetup.tmp
    Remote address:
    104.19.159.190:443
    Request
    GET /v1/helpers/ips/insights HTTP/1.1
    User-Agent: Nord.Setup/1.0.0.0
    Host: api.nordvpn.com
    Response
    HTTP/1.1 200 OK
    Date: Sun, 10 Mar 2024 13:37:12 GMT
    Content-Type: application/json;charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    vary: Accept-Encoding
    x-accept-before: 1710121032
    x-authorization: key-id="rsa-key-1",algorithm="rsa-sha256"
    x-digest: c3c0a231c38a5f2c11a57359e5966315d309e30d66a581dab80188661cc15921
    x-signature: mHQhwlQfQ28AAP6b2uqev52Gxh/wI8tPf9u5zlma3m0E77tLmRay7eyD4VMFC3Qk8zcFZrrCw85YcBva2B0VDuzzLY8ElOfZqeF47Z5mGen3CDndHlPrHc5A2a7AgmIPt75qUHro8Q903ghwFb5yFyoHoQZaVRYOY8jcMwoRIHHSQh6JB+fQbqUhGrCWusEx4oQ137tAOEWltlzlRkQNiMu+ZMGKjaaHyeMIB7zd+hlG6QhkRjodJa1ID7RDphnLfv2alObiL+54Rm2PPeaZJLGeOi4ZxyRyF79FRt3/HAXYxYEUUg0wTgQtf/rEZKQEoIQ+C6NVGRHLIsy6o4Xw9pHsdj50BvlpAg8Q/J157fJQzaTkQFLoPkgLydLnAzwndEjer7wIR6KctdxI0DIN1Xxf++f2jDkrkcvspI9pgGMej2pZvJXBNC1nWP1qb2EJ51RbUrsajxqiLPGY0xdV3b5DHAuH5n6qRqCCRq4Q4dElq6K0q/YACjkXMS+/wRkLdrYL0WaKdyFTuB3Qky9ZXnGwFXYA/uyefmLJ0NIs8p7CivvnFT+FwRfg9+BYp+cctuFlSYUkUd5j5/drbHRzMaJSLNUW3FKUUFIZNKnlZGpa2rxTxxMYg7kyXvl0zlPq/qG+Fez7/i3a4kXkixH5l7HqbbTvrXV4f9HwEenr2gw=
    x-host-signature: YZF03U9L4u65W6U8bZVWu1+xaxhzkaFVjkcCPCYPlBJhRLy2NHEN0dI/Htqli9N7L2y3fAaS5/MnGS5oT+1ii2/63JPkVV/RQFrdKGBiXepOy9LeK1nOkKLSnz0Y6Ar/8lIGqjODSZag5onn8tODedhywm8Ykq6ERcvtpBjjD+XzOOTnnTcQW4Fae4KM0bOF/8UTOzEveQsobw8+3AOykEd8bDg7Bf2OzJuzzy+crZV76se0tW9l7JZxiPNyqWK8VBbWrtlOwfUxMnObe2dettZk5HKS+z4KUUmJqtFbvys8cxDpWeNGj0WZesaaRHhZFp+x/HOGfDqkjd2UjM8OerZxEeolAzei/flsjTf9xdPzubZuXFcayyUbUNz+qwpRNZAY0jSIRBNKuP2dzilqs2+Dc2LwcWVycLjCasdJF7WRRFWEYF+YEHGLyJoWY/pFjZ7XrZ6AtkMWQW63xj6QxYiiCYQxbcCymrFCGo6aoDiKHlhTnIE0hjsv/9eSby3VO9IaQTcgiIsGCpAUyTmb9Ex6anvZdctElfDFlQs/gTMwGNH2IJEkkxDq/NrM2QYOhvnqA2A/kjE0Xm0A6B/jWKd2R01nTweQGWEtV5FXSs+DV84fRayVy1MqYBbZKogc0EVV8SkXRvzuZnsXM5nq9MZzH5e5EdlrzmcH38R06KE=
    CF-Cache-Status: DYNAMIC
    Set-Cookie: __cf_bm=d2X2LUW1N.YHFmpLGCBWB9vKaKAEDkG8qmBT8uXtMHg-1710077832-1.0.1.1-DDouNOczhq0pgF88M7B1YuwwFoWS5gkWJd3Nj.W.OETqGbQ76UcdTT4r0uA6BPPzUvq63gvSEPAgQYvVxVDsolWaCwIK15aeatnIltyrTNY; path=/; expires=Sun, 10-Mar-24 14:07:12 GMT; domain=.nordvpn.com; HttpOnly; Secure; SameSite=None
    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
    Server: cloudflare
    CF-RAY: 8623b2b1bbe86524-LHR
    alt-svc: h3=":443"; ma=86400
  • flag-us
    GET
    https://api.nordvpn.com/v1/helpers/ips/insights
    NordVPNSetup.tmp
    Remote address:
    104.19.159.190:443
    Request
    GET /v1/helpers/ips/insights HTTP/1.1
    User-Agent: Nord.Setup/1.0.0.0
    Host: api.nordvpn.com
    Response
    HTTP/1.1 200 OK
    Date: Sun, 10 Mar 2024 13:37:12 GMT
    Content-Type: application/json;charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    vary: Accept-Encoding
    x-accept-before: 1710121032
    x-authorization: key-id="rsa-key-1",algorithm="rsa-sha256"
    x-digest: c3c0a231c38a5f2c11a57359e5966315d309e30d66a581dab80188661cc15921
    x-signature: mHQhwlQfQ28AAP6b2uqev52Gxh/wI8tPf9u5zlma3m0E77tLmRay7eyD4VMFC3Qk8zcFZrrCw85YcBva2B0VDuzzLY8ElOfZqeF47Z5mGen3CDndHlPrHc5A2a7AgmIPt75qUHro8Q903ghwFb5yFyoHoQZaVRYOY8jcMwoRIHHSQh6JB+fQbqUhGrCWusEx4oQ137tAOEWltlzlRkQNiMu+ZMGKjaaHyeMIB7zd+hlG6QhkRjodJa1ID7RDphnLfv2alObiL+54Rm2PPeaZJLGeOi4ZxyRyF79FRt3/HAXYxYEUUg0wTgQtf/rEZKQEoIQ+C6NVGRHLIsy6o4Xw9pHsdj50BvlpAg8Q/J157fJQzaTkQFLoPkgLydLnAzwndEjer7wIR6KctdxI0DIN1Xxf++f2jDkrkcvspI9pgGMej2pZvJXBNC1nWP1qb2EJ51RbUrsajxqiLPGY0xdV3b5DHAuH5n6qRqCCRq4Q4dElq6K0q/YACjkXMS+/wRkLdrYL0WaKdyFTuB3Qky9ZXnGwFXYA/uyefmLJ0NIs8p7CivvnFT+FwRfg9+BYp+cctuFlSYUkUd5j5/drbHRzMaJSLNUW3FKUUFIZNKnlZGpa2rxTxxMYg7kyXvl0zlPq/qG+Fez7/i3a4kXkixH5l7HqbbTvrXV4f9HwEenr2gw=
    x-host-signature: YZF03U9L4u65W6U8bZVWu1+xaxhzkaFVjkcCPCYPlBJhRLy2NHEN0dI/Htqli9N7L2y3fAaS5/MnGS5oT+1ii2/63JPkVV/RQFrdKGBiXepOy9LeK1nOkKLSnz0Y6Ar/8lIGqjODSZag5onn8tODedhywm8Ykq6ERcvtpBjjD+XzOOTnnTcQW4Fae4KM0bOF/8UTOzEveQsobw8+3AOykEd8bDg7Bf2OzJuzzy+crZV76se0tW9l7JZxiPNyqWK8VBbWrtlOwfUxMnObe2dettZk5HKS+z4KUUmJqtFbvys8cxDpWeNGj0WZesaaRHhZFp+x/HOGfDqkjd2UjM8OerZxEeolAzei/flsjTf9xdPzubZuXFcayyUbUNz+qwpRNZAY0jSIRBNKuP2dzilqs2+Dc2LwcWVycLjCasdJF7WRRFWEYF+YEHGLyJoWY/pFjZ7XrZ6AtkMWQW63xj6QxYiiCYQxbcCymrFCGo6aoDiKHlhTnIE0hjsv/9eSby3VO9IaQTcgiIsGCpAUyTmb9Ex6anvZdctElfDFlQs/gTMwGNH2IJEkkxDq/NrM2QYOhvnqA2A/kjE0Xm0A6B/jWKd2R01nTweQGWEtV5FXSs+DV84fRayVy1MqYBbZKogc0EVV8SkXRvzuZnsXM5nq9MZzH5e5EdlrzmcH38R06KE=
    CF-Cache-Status: DYNAMIC
    Set-Cookie: __cf_bm=Aek.Da8pUvE0TCtfebj67jv3vQH3I_tGaH4skaFX_ko-1710077832-1.0.1.1-Qd79czFIeTZ4EwijGMZ_lbOShF_hBZone.mWZbazoGJXSRDWiiNewrOjD757UPJcVUW1Bykg4AmE6YuGLdR5GBKm0CwmUzSTcxfM536wqGk; path=/; expires=Sun, 10-Mar-24 14:07:12 GMT; domain=.nordvpn.com; HttpOnly; Secure; SameSite=None
    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
    Server: cloudflare
    CF-RAY: 8623b2b25ce56524-LHR
    alt-svc: h3=":443"; ma=86400
  • flag-us
    GET
    https://api.nordvpn.com/v1/helpers/ips/insights
    NordVPNSetup.tmp
    Remote address:
    104.19.159.190:443
    Request
    GET /v1/helpers/ips/insights HTTP/1.1
    User-Agent: Nord.Setup/1.0.0.0
    Host: api.nordvpn.com
    Response
    HTTP/1.1 200 OK
    Date: Sun, 10 Mar 2024 13:37:12 GMT
    Content-Type: application/json;charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    vary: Accept-Encoding
    x-accept-before: 1710121032
    x-authorization: key-id="rsa-key-1",algorithm="rsa-sha256"
    x-digest: c3c0a231c38a5f2c11a57359e5966315d309e30d66a581dab80188661cc15921
    x-signature: mHQhwlQfQ28AAP6b2uqev52Gxh/wI8tPf9u5zlma3m0E77tLmRay7eyD4VMFC3Qk8zcFZrrCw85YcBva2B0VDuzzLY8ElOfZqeF47Z5mGen3CDndHlPrHc5A2a7AgmIPt75qUHro8Q903ghwFb5yFyoHoQZaVRYOY8jcMwoRIHHSQh6JB+fQbqUhGrCWusEx4oQ137tAOEWltlzlRkQNiMu+ZMGKjaaHyeMIB7zd+hlG6QhkRjodJa1ID7RDphnLfv2alObiL+54Rm2PPeaZJLGeOi4ZxyRyF79FRt3/HAXYxYEUUg0wTgQtf/rEZKQEoIQ+C6NVGRHLIsy6o4Xw9pHsdj50BvlpAg8Q/J157fJQzaTkQFLoPkgLydLnAzwndEjer7wIR6KctdxI0DIN1Xxf++f2jDkrkcvspI9pgGMej2pZvJXBNC1nWP1qb2EJ51RbUrsajxqiLPGY0xdV3b5DHAuH5n6qRqCCRq4Q4dElq6K0q/YACjkXMS+/wRkLdrYL0WaKdyFTuB3Qky9ZXnGwFXYA/uyefmLJ0NIs8p7CivvnFT+FwRfg9+BYp+cctuFlSYUkUd5j5/drbHRzMaJSLNUW3FKUUFIZNKnlZGpa2rxTxxMYg7kyXvl0zlPq/qG+Fez7/i3a4kXkixH5l7HqbbTvrXV4f9HwEenr2gw=
    x-host-signature: YZF03U9L4u65W6U8bZVWu1+xaxhzkaFVjkcCPCYPlBJhRLy2NHEN0dI/Htqli9N7L2y3fAaS5/MnGS5oT+1ii2/63JPkVV/RQFrdKGBiXepOy9LeK1nOkKLSnz0Y6Ar/8lIGqjODSZag5onn8tODedhywm8Ykq6ERcvtpBjjD+XzOOTnnTcQW4Fae4KM0bOF/8UTOzEveQsobw8+3AOykEd8bDg7Bf2OzJuzzy+crZV76se0tW9l7JZxiPNyqWK8VBbWrtlOwfUxMnObe2dettZk5HKS+z4KUUmJqtFbvys8cxDpWeNGj0WZesaaRHhZFp+x/HOGfDqkjd2UjM8OerZxEeolAzei/flsjTf9xdPzubZuXFcayyUbUNz+qwpRNZAY0jSIRBNKuP2dzilqs2+Dc2LwcWVycLjCasdJF7WRRFWEYF+YEHGLyJoWY/pFjZ7XrZ6AtkMWQW63xj6QxYiiCYQxbcCymrFCGo6aoDiKHlhTnIE0hjsv/9eSby3VO9IaQTcgiIsGCpAUyTmb9Ex6anvZdctElfDFlQs/gTMwGNH2IJEkkxDq/NrM2QYOhvnqA2A/kjE0Xm0A6B/jWKd2R01nTweQGWEtV5FXSs+DV84fRayVy1MqYBbZKogc0EVV8SkXRvzuZnsXM5nq9MZzH5e5EdlrzmcH38R06KE=
    CF-Cache-Status: DYNAMIC
    Set-Cookie: __cf_bm=AOuZaQ6D48PJHRNI7RQ3YdDOXy6kmECp109MkBBoQuA-1710077832-1.0.1.1-P2eMt8T.jzV6c2aRhM311ZKhHlWcvNUIEAXSyrdXpb7OVuW9.pFtXBIOuivGtUSqp1Zz2rIU81hk.tL7IIdkwaxiqtn8peL6MaByL3Vk_6s; path=/; expires=Sun, 10-Mar-24 14:07:12 GMT; domain=.nordvpn.com; HttpOnly; Secure; SameSite=None
    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
    Server: cloudflare
    CF-RAY: 8623b2b2fddf6524-LHR
    alt-svc: h3=":443"; ma=86400
  • flag-us
    GET
    https://api.nordvpn.com/v1/helpers/ips/insights
    NordVPNSetup.tmp
    Remote address:
    104.19.159.190:443
    Request
    GET /v1/helpers/ips/insights HTTP/1.1
    User-Agent: Nord.Setup/1.0.0.0
    Host: api.nordvpn.com
    Response
    HTTP/1.1 200 OK
    Date: Sun, 10 Mar 2024 13:37:16 GMT
    Content-Type: application/json;charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    vary: Accept-Encoding
    x-accept-before: 1710121031
    x-authorization: key-id="rsa-key-1",algorithm="rsa-sha256"
    x-digest: c3c0a231c38a5f2c11a57359e5966315d309e30d66a581dab80188661cc15921
    x-signature: cx3VZPzZMMlhV+8GT4+G/PIPr6Qk414kNmz/tDLc8vigUqFyyiAI9I8RCkVcnF5ONj3IwhqzYyzWjfZRFZXQ/CcZYgVfcNLonYwJhqphM9bRaDnvBpC5Vs8H5Zj3fz649+GheoipictU6d1xIoO1qC6v5qQryD/uPah0TNod+icVGGVwhZFLPP82gvug4+CSBNTQu7CHRmrKYMSsKXbU7wJKB5A4LCZR75k2r5aSrDxA+a7I7QOGu2slY40vFfwdxZw4ca7GyW6xqLh4XLRH5rG2h41lgDEyvQs8UY1f9Vpc4nsh8LGqtSRCwjkspotuz8ww8I40cqgWDd0eRIis6WllcODO+ETy7L8Jrd9c4BhJ9o0v7c+YHgPLsdEO7ssGl/IrkOZK36nBZHhH4d3AxoCdP2pnPct7C6CDE4pZ6BRVQHzpTdhignVrDSiZlZbE7DtazlC7/OqerfbwVqC40PmlwJnvVrQoKO+HLWDNHglXlGjtWaAvRWd+fYZGy4hb5YV0kp/oe/yNZO8MoUSeAY7kfn3F6dPDBDs3xXBeUQI2e4x9boexW28hG4qPSRClMsqnNndQAhdRjiyDvFDBQo1wNMRuyreKyXF180mCBa1JDbZbBorQ10zeEEtr8m1a6bfBeqnDiy+H39wD0bGpONHjMOJEFyu4d5MYQX7gFis=
    x-host-signature: YZF03U9L4u65W6U8bZVWu1+xaxhzkaFVjkcCPCYPlBJhRLy2NHEN0dI/Htqli9N7L2y3fAaS5/MnGS5oT+1ii2/63JPkVV/RQFrdKGBiXepOy9LeK1nOkKLSnz0Y6Ar/8lIGqjODSZag5onn8tODedhywm8Ykq6ERcvtpBjjD+XzOOTnnTcQW4Fae4KM0bOF/8UTOzEveQsobw8+3AOykEd8bDg7Bf2OzJuzzy+crZV76se0tW9l7JZxiPNyqWK8VBbWrtlOwfUxMnObe2dettZk5HKS+z4KUUmJqtFbvys8cxDpWeNGj0WZesaaRHhZFp+x/HOGfDqkjd2UjM8OerZxEeolAzei/flsjTf9xdPzubZuXFcayyUbUNz+qwpRNZAY0jSIRBNKuP2dzilqs2+Dc2LwcWVycLjCasdJF7WRRFWEYF+YEHGLyJoWY/pFjZ7XrZ6AtkMWQW63xj6QxYiiCYQxbcCymrFCGo6aoDiKHlhTnIE0hjsv/9eSby3VO9IaQTcgiIsGCpAUyTmb9Ex6anvZdctElfDFlQs/gTMwGNH2IJEkkxDq/NrM2QYOhvnqA2A/kjE0Xm0A6B/jWKd2R01nTweQGWEtV5FXSs+DV84fRayVy1MqYBbZKogc0EVV8SkXRvzuZnsXM5nq9MZzH5e5EdlrzmcH38R06KE=
    CF-Cache-Status: DYNAMIC
    Set-Cookie: __cf_bm=Ie8en6BaCCkcgProihhbbPo2jUWmbSp4B_5LguFxmlI-1710077836-1.0.1.1-dCEgKK94ZLX94CESsdCY9e2fmI7bEowr.bUdqfhCFn2abbbmWSzuHXPClLW7W.Sw3rch2b1YMduhYONfMJfEjVzB68haMYXKbbst7Wa3ny0; path=/; expires=Sun, 10-Mar-24 14:07:16 GMT; domain=.nordvpn.com; HttpOnly; Secure; SameSite=None
    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
    Server: cloudflare
    CF-RAY: 8623b2cb8d216524-LHR
    alt-svc: h3=":443"; ma=86400
  • flag-us
    POST
    https://applytics.zwyr157wwiu6eior.com/appevent
    NordVPNSetup.tmp
    Remote address:
    104.19.184.81:443
    Request
    POST /appevent HTTP/1.1
    User-Agent: Nord.Setup/1.0.0.0
    Content-Type: application/x-www-form-urlencoded
    Host: applytics.zwyr157wwiu6eior.com
    Content-Length: 174
    Expect: 100-continue
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Sun, 10 Mar 2024 13:36:43 GMT
    Content-Length: 0
    Connection: keep-alive
    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
    CF-Cache-Status: DYNAMIC
    Server: cloudflare
    CF-RAY: 8623b1fffb0377b7-LHR
    alt-svc: h3=":443"; ma=86400
  • flag-us
    POST
    https://applytics.zwyr157wwiu6eior.com/appevent
    NordVPNSetup.tmp
    Remote address:
    104.19.184.81:443
    Request
    POST /appevent HTTP/1.1
    User-Agent: Nord.Setup/1.0.0.0
    Content-Type: application/x-www-form-urlencoded
    Host: applytics.zwyr157wwiu6eior.com
    Content-Length: 162
    Expect: 100-continue
    Response
    HTTP/1.1 200 OK
    Date: Sun, 10 Mar 2024 13:37:12 GMT
    Content-Length: 0
    Connection: keep-alive
    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
    CF-Cache-Status: DYNAMIC
    Server: cloudflare
    CF-RAY: 8623b2b28afa77b7-LHR
    alt-svc: h3=":443"; ma=86400
  • flag-us
    POST
    https://applytics.zwyr157wwiu6eior.com/appevent
    NordVPNSetup.tmp
    Remote address:
    104.19.184.81:443
    Request
    POST /appevent HTTP/1.1
    User-Agent: Nord.Setup/1.0.0.0
    Content-Type: application/x-www-form-urlencoded
    Host: applytics.zwyr157wwiu6eior.com
    Content-Length: 162
    Expect: 100-continue
    Response
    HTTP/1.1 200 OK
    Date: Sun, 10 Mar 2024 13:37:12 GMT
    Content-Length: 0
    Connection: keep-alive
    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
    CF-Cache-Status: DYNAMIC
    Server: cloudflare
    CF-RAY: 8623b2b34c1c77b7-LHR
    alt-svc: h3=":443"; ma=86400
  • flag-us
    POST
    https://applytics.zwyr157wwiu6eior.com/appevent
    NordVPNSetup.tmp
    Remote address:
    104.19.184.81:443
    Request
    POST /appevent HTTP/1.1
    User-Agent: Nord.Setup/1.0.0.0
    Content-Type: application/x-www-form-urlencoded
    Host: applytics.zwyr157wwiu6eior.com
    Content-Length: 162
    Expect: 100-continue
    Response
    HTTP/1.1 200 OK
    Date: Sun, 10 Mar 2024 13:37:12 GMT
    Content-Length: 0
    Connection: keep-alive
    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
    CF-Cache-Status: DYNAMIC
    Server: cloudflare
    CF-RAY: 8623b2b40d4477b7-LHR
    alt-svc: h3=":443"; ma=86400
  • flag-us
    POST
    https://applytics.zwyr157wwiu6eior.com/appevent
    NordVPNSetup.tmp
    Remote address:
    104.19.184.81:443
    Request
    POST /appevent HTTP/1.1
    User-Agent: Nord.Setup/1.0.0.0
    Content-Type: application/x-www-form-urlencoded
    Host: applytics.zwyr157wwiu6eior.com
    Content-Length: 161
    Expect: 100-continue
    Response
    HTTP/1.1 200 OK
    Date: Sun, 10 Mar 2024 13:37:12 GMT
    Content-Length: 0
    Connection: keep-alive
    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
    CF-Cache-Status: DYNAMIC
    Server: cloudflare
    CF-RAY: 8623b2b50ed077b7-LHR
    alt-svc: h3=":443"; ma=86400
  • flag-us
    POST
    https://applytics.zwyr157wwiu6eior.com/appevent
    NordVPNSetup.tmp
    Remote address:
    104.19.184.81:443
    Request
    POST /appevent HTTP/1.1
    User-Agent: Nord.Setup/1.0.0.0
    Content-Type: application/x-www-form-urlencoded
    Host: applytics.zwyr157wwiu6eior.com
    Content-Length: 161
    Expect: 100-continue
    Response
    HTTP/1.1 200 OK
    Date: Sun, 10 Mar 2024 13:37:16 GMT
    Content-Length: 0
    Connection: keep-alive
    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
    CF-Cache-Status: DYNAMIC
    Server: cloudflare
    CF-RAY: 8623b2cc6e6d77b7-LHR
    alt-svc: h3=":443"; ma=86400
  • flag-us
    POST
    https://applytics.zwyr157wwiu6eior.com/appevent
    NordVPNSetup.tmp
    Remote address:
    104.19.184.81:443
    Request
    POST /appevent HTTP/1.1
    User-Agent: Nord.Setup/1.0.0.0
    Content-Type: application/x-www-form-urlencoded
    Host: applytics.zwyr157wwiu6eior.com
    Content-Length: 170
    Expect: 100-continue
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Sun, 10 Mar 2024 13:36:43 GMT
    Content-Length: 0
    Connection: keep-alive
    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
    CF-Cache-Status: DYNAMIC
    Server: cloudflare
    CF-RAY: 8623b1fffe6a48cd-LHR
    alt-svc: h3=":443"; ma=86400
  • flag-us
    POST
    https://applytics.zwyr157wwiu6eior.com/appevent
    NordVPNSetup.tmp
    Remote address:
    104.19.184.81:443
    Request
    POST /appevent HTTP/1.1
    User-Agent: Nord.Setup/1.0.0.0
    Content-Type: application/x-www-form-urlencoded
    Host: applytics.zwyr157wwiu6eior.com
    Content-Length: 162
    Expect: 100-continue
    Response
    HTTP/1.1 200 OK
    Date: Sun, 10 Mar 2024 13:37:12 GMT
    Content-Length: 0
    Connection: keep-alive
    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
    CF-Cache-Status: DYNAMIC
    Server: cloudflare
    CF-RAY: 8623b2b2aad548cd-LHR
    alt-svc: h3=":443"; ma=86400
  • flag-us
    POST
    https://applytics.zwyr157wwiu6eior.com/appevent
    NordVPNSetup.tmp
    Remote address:
    104.19.184.81:443
    Request
    POST /appevent HTTP/1.1
    User-Agent: Nord.Setup/1.0.0.0
    Content-Type: application/x-www-form-urlencoded
    Host: applytics.zwyr157wwiu6eior.com
    Content-Length: 162
    Expect: 100-continue
    Response
    HTTP/1.1 200 OK
    Date: Sun, 10 Mar 2024 13:37:12 GMT
    Content-Length: 0
    Connection: keep-alive
    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
    CF-Cache-Status: DYNAMIC
    Server: cloudflare
    CF-RAY: 8623b2b36bb248cd-LHR
    alt-svc: h3=":443"; ma=86400
  • flag-us
    POST
    https://applytics.zwyr157wwiu6eior.com/appevent
    NordVPNSetup.tmp
    Remote address:
    104.19.184.81:443
    Request
    POST /appevent HTTP/1.1
    User-Agent: Nord.Setup/1.0.0.0
    Content-Type: application/x-www-form-urlencoded
    Host: applytics.zwyr157wwiu6eior.com
    Content-Length: 170
    Expect: 100-continue
    Response
    HTTP/1.1 200 OK
    Date: Sun, 10 Mar 2024 13:37:12 GMT
    Content-Length: 0
    Connection: keep-alive
    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
    CF-Cache-Status: DYNAMIC
    Server: cloudflare
    CF-RAY: 8623b2b43c9c48cd-LHR
    alt-svc: h3=":443"; ma=86400
  • flag-us
    POST
    https://applytics.zwyr157wwiu6eior.com/appevent
    NordVPNSetup.tmp
    Remote address:
    104.19.184.81:443
    Request
    POST /appevent HTTP/1.1
    User-Agent: Nord.Setup/1.0.0.0
    Content-Type: application/x-www-form-urlencoded
    Host: applytics.zwyr157wwiu6eior.com
    Content-Length: 161
    Expect: 100-continue
    Response
    HTTP/1.1 200 OK
    Date: Sun, 10 Mar 2024 13:37:16 GMT
    Content-Length: 0
    Connection: keep-alive
    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
    CF-Cache-Status: DYNAMIC
    Server: cloudflare
    CF-RAY: 8623b2cc7de248cd-LHR
    alt-svc: h3=":443"; ma=86400
  • flag-us
    DNS
    in.appcenter.ms
    NordUpdateService.exe
    Remote address:
    8.8.8.8:53
    Request
    in.appcenter.ms
    IN A
    Response
    in.appcenter.ms
    IN CNAME
    in2-prod-east-us2-23fa330.trafficmanager.net
    in2-prod-east-us2-23fa330.trafficmanager.net
    IN CNAME
    in2-gw2-02-ce7dd027.eastus2.cloudapp.azure.com
    in2-gw2-02-ce7dd027.eastus2.cloudapp.azure.com
    IN A
    40.70.161.102
  • flag-sg
    DNS
    downloads.napps-2.com
    nordvpn-service.exe
    Remote address:
    103.86.99.100:53
    Request
    downloads.napps-2.com
    IN A
    Response
    downloads.napps-2.com
    IN A
    104.18.18.19
    downloads.napps-2.com
    IN A
    104.18.19.19
  • flag-au
    DNS
    downloads.napps-2.com
    nordvpn-service.exe
    Remote address:
    103.86.96.100:53
    Request
    downloads.napps-2.com
    IN A
    Response
    downloads.napps-2.com
    IN A
    104.18.18.19
    downloads.napps-2.com
    IN A
    104.18.19.19
  • flag-sg
    DNS
    downloads.napps-2.com
    nordvpn-service.exe
    Remote address:
    103.86.99.100:53
    Request
    downloads.napps-2.com
    IN A
    Response
    downloads.napps-2.com
    IN A
    104.18.19.19
    downloads.napps-2.com
    IN A
    104.18.18.19
  • flag-us
    DNS
    downloads.napps-2.com
    nordvpn-service.exe
    Remote address:
    8.8.8.8:53
    Request
    downloads.napps-2.com
    IN A
    Response
    downloads.napps-2.com
    IN A
    104.18.19.19
    downloads.napps-2.com
    IN A
    104.18.18.19
  • flag-us
    DNS
    100.99.86.103.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    100.99.86.103.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    100.99.86.103.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    100.99.86.103.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    100.96.86.103.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    100.96.86.103.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    100.96.86.103.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    100.96.86.103.in-addr.arpa
    IN PTR
    Response
  • flag-au
    DNS
    downloads.napps-2.com
    nordvpn-service.exe
    Remote address:
    103.86.96.100:53
    Request
    downloads.napps-2.com
    IN A
    Response
    downloads.napps-2.com
    IN A
    104.18.18.19
    downloads.napps-2.com
    IN A
    104.18.19.19
  • flag-us
    DNS
    downloads.napps-2.com
    nordvpn-service.exe
    Remote address:
    8.8.8.8:53
    Request
    downloads.napps-2.com
    IN A
    Response
    downloads.napps-2.com
    IN A
    104.18.18.19
    downloads.napps-2.com
    IN A
    104.18.19.19
  • flag-us
    DNS
    downloads.napps-2.com
    nordvpn-service.exe
    Remote address:
    8.8.8.8:53
    Request
    downloads.napps-2.com
    IN A
    Response
    downloads.napps-2.com
    IN A
    104.18.18.19
    downloads.napps-2.com
    IN A
    104.18.19.19
  • flag-us
    DNS
    downloads.napps-2.com
    nordvpn-service.exe
    Remote address:
    8.8.8.8:53
    Request
    downloads.napps-2.com
    IN A
    Response
    downloads.napps-2.com
    IN A
    104.18.18.19
    downloads.napps-2.com
    IN A
    104.18.19.19
  • flag-us
    GET
    https://downloads.napps-2.com/apps/windows/FeatureConfig/Meshnet.sha1
    nordvpn-service.exe
    Remote address:
    104.18.19.19:443
    Request
    GET /apps/windows/FeatureConfig/Meshnet.sha1 HTTP/1.1
    User-Agent: NordService windows (main/7.19.4.0) windows/Microsoft Windows NT 10.0.19041.0
    Nord-Agent: {"App":"NordVPN Service","Platform":"Windows","AppVersion":"7.19.4.0","OS":"Microsoft Windows NT 10.0.19041.0","DeviceInfo":"x64","AdditionalInfo":"default"}
    Accept: application/json
    Accept-Encoding: gzip,deflate
    Host: downloads.napps-2.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Sun, 10 Mar 2024 13:37:33 GMT
    Content-Type: application/octet-stream
    Content-Length: 82
    Connection: keep-alive
    Last-Modified: Fri, 08 Mar 2024 15:49:17 GMT
    etag: 65eb337d52
    X-Authorization: key-id="rsa-key-1",algorithm="rsa-sha256"
    X-Digest: 7b61b618c906c4798294e2ae73a0ea5917be310958c3a58917f740b827c892be
    X-Accept-Before: 1709958406
    X-Signature: QIhAemVXPia+culxDV1JnmOCE6xim3MYuvLKCOIV+LCZRFY3W5lAYLaWr9MD6m7kKx1H8UjGH9MnSnIBnXoXUpG1/CX1CvCBZSnQU6wO6mY9y8fP1nVyIzpWXIETCrOUlIiTsaYvMoRwA5jMqTegGy2MxiAgw4+WSun5xWtf+idBYOTyTnhVPcMCImoh2M0t8ZKu3oBn8zIX9OEm9wutOqVYCvi30wNV1xzChfYUOnWRox6tuWa7RbGf2KfnfRaLwAITjT7XcgxhJupFrtSPvvJcogrBBf59Cc5ejFuevEVqQ0Zpvm8E7ct1QjNOsUifQ5LJTPb7Ebcz6GyQn3KegLnKUPg5ZTyjwAIwvy+ABypy6ItWJ57kjOHqx+FSkhT7YzWPHrBnwxYV2FxlRzAzAsol3+UbCwvlu5l9r9GLlTmuy6U0udx0Rhlge5AfzC6FvCf/6ABpMjTf4o8A/tn7Cirpke2VgDu7jhGFUGJQ6to4cQ2vsA2ngkNwx+mQjWlMFHbw+ajI3Eni+ge+Fi8Lous/XI2ZKoxR7opyfLefbuFjmehK05qCBezHWfCaplkclgSkWhPQvI3f+L35OruVNcfQuf3O7X2dT5w1aAUBqpcPTsgWBuTY1QCtXsEybF8DRNhZcCACKH/Mh0QparCEo2VlTVLwBKdxAA4VVjnffU0=
    X-Frame-Options: SAMEORIGIN
    CF-Cache-Status: HIT
    Age: 349
    Expires: Sun, 10 Mar 2024 14:07:33 GMT
    Cache-Control: public, max-age=1800
    Accept-Ranges: bytes
    Vary: Accept-Encoding
    Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
    X-Content-Type-Options: nosniff
    Server: cloudflare
    CF-RAY: 8623b33a985e643c-LHR
  • flag-us
    GET
    https://downloads.napps-2.com/apps/windows/FeatureConfig/SharedConfig.json
    nordvpn-service.exe
    Remote address:
    104.18.19.19:443
    Request
    GET /apps/windows/FeatureConfig/SharedConfig.json HTTP/1.1
    User-Agent: NordService windows (main/7.19.4.0) windows/Microsoft Windows NT 10.0.19041.0
    Nord-Agent: {"App":"NordVPN Service","Platform":"Windows","AppVersion":"7.19.4.0","OS":"Microsoft Windows NT 10.0.19041.0","DeviceInfo":"x64","AdditionalInfo":"default"}
    Accept: application/json
    Accept-Encoding: gzip,deflate
    Host: downloads.napps-2.com
    Response
    HTTP/1.1 200 OK
    Date: Sun, 10 Mar 2024 13:37:34 GMT
    Content-Type: application/json
    Transfer-Encoding: chunked
    Connection: keep-alive
    Last-Modified: Fri, 08 Mar 2024 15:49:43 GMT
    Vary: Accept-Encoding
    X-Authorization: key-id="rsa-key-1",algorithm="rsa-sha256"
    X-Digest: 035eea020d07c2cebcb1fe1d42ad50527095ede77db74c81fd28f74f2cefe672
    X-Accept-Before: 1709958713
    X-Signature: Te6CI3EtOYn8i45YXSAwxUaqBTa2Eg0TDePniTDB1JOtpaVF1oKxKey8X5LzHQyySGS2tyc+wQnwZgqmOjHWAYZEbSfcgWKxQcZVWU+6fU4FHb/roetoYp3WNADMyA1MjLsO0SNFTOmr3DRHzFQMNdKl03u1XuU2e8TXfFQqg6oKlZ/QQpVplKtWic/SyQByQeu0ncbBIqHlokZsgHG+2If0dzSykFd2aM3ZoepWGJKJqr2f3HEWbHUDWFg016N+Og1r3c+JuhhrmDEbmvH2FDDRI1XhYDYWZpu2Tn6+nrAns0a48hT9FEFfHIjTvVx3wvclQr2Fif9LAubBQJM7d/zxpkRYSksbsaV3AyRpU0WFDQmFcxI1dSqsoV7p4Sx3A6Q8F+u7KSaAPlQOvh0dDpqo5bCb7uAsmICtARqJccNmYd4BrLxGBXZaFXD4f7wgCyRYft2g6n4O/x1Z5Og7Qlrre3sudwDR8Wuqtf/XeW4/ftT8XaNQh7GKcSPuaQvS7284imz1CBjiTU4KvQWP3TyclR+OfjQWIbHlhAkHd2qD+gG9SZ2kctq8PoXXRI0GlkCbpAth5019xIpVGetExkTGO8CmmLjvh3fQqJYFxeMRxW2Tw9eZNFN2p4VRwCUppN+ynwb+Dwg30MMmjS/HToiMlz02uyDQAg0CEZtiU+Q=
    Content-Encoding: gzip
    X-Frame-Options: SAMEORIGIN
    CF-Cache-Status: HIT
    Age: 67
    Expires: Sun, 10 Mar 2024 14:07:34 GMT
    Cache-Control: public, max-age=1800
    Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
    X-Content-Type-Options: nosniff
    Server: cloudflare
    CF-RAY: 8623b33b79c2643c-LHR
  • flag-us
    GET
    https://downloads.napps-2.com/apps/windows/FeatureConfig/AbTests.json
    nordvpn-service.exe
    Remote address:
    104.18.19.19:443
    Request
    GET /apps/windows/FeatureConfig/AbTests.json HTTP/1.1
    User-Agent: NordService windows (main/7.19.4.0) windows/Microsoft Windows NT 10.0.19041.0
    Nord-Agent: {"App":"NordVPN Service","Platform":"Windows","AppVersion":"7.19.4.0","OS":"Microsoft Windows NT 10.0.19041.0","DeviceInfo":"x64","AdditionalInfo":"default"}
    Accept: application/json
    Accept-Encoding: gzip,deflate
    Host: downloads.napps-2.com
    Response
    HTTP/1.1 200 OK
    Date: Sun, 10 Mar 2024 13:37:34 GMT
    Content-Type: application/json
    Transfer-Encoding: chunked
    Connection: keep-alive
    Last-Modified: Fri, 08 Mar 2024 15:48:42 GMT
    Vary: Accept-Encoding
    X-Authorization: key-id="rsa-key-1",algorithm="rsa-sha256"
    X-Digest: 20b95fed671b47c5b46c7c2ff089ff57df2b39a9d47946ae484f64f57e113d21
    X-Accept-Before: 1709958750
    X-Signature: VsQ0a/p5JVs7Wm2g4WRDF4BVPHq0M2AIYjU8yOxDh7UUgX1d/n3RcvigXLepeSo4VyI3i2BNgUwEAxhJtd3D79ky1GMRT5CqO9IDAWGfQSS2LKhD/O2G51tULRlQIt07X5qBdC2mPNxyKxkVF+9L9ViWL6jYjkwcQU136DilfMfC/Fl8p0sM3HaLUlfPGXFmgiIIDxnxMNRtf9ZJMmkp1bkIm2pnOP+pUssY3x3Pd4huSVAIC1a5VRrDEg9Lte90BPaoSP8tbjIFx1M5RjBR6tiwqDGxNkY8kkH2nyYtU4cAJgby9keIQI1OVXm/P98f5ttSn4p24PIRFGEKG2dN9lgYS0MOhpndTJpKOqFq+g/XdDFlowW/S0Wbu5LoRkPY48jLFVwUX7Rnf7ZEMgg25/hD23tHBSBKvTT/QK1AsdvJWB3XRo/CbuWvxzvElV6y91nqd58o/YOuld7EWy5KdrJLux61iuu4egQ0H0j/js/oANHvujHLzkzb3CL5Sa6gGBoQAw8gZPXH1HECosHD8L21Q8UZXTwyInzLaQrNnf1m7zO8ydVsy0tC5M9ZV6dsj3B8MHzfVvFNk2BWXi/t5hyyTfz1QjrbLPauMOGEYJlLNE3MqdVG2ULaVZB0qMjhWgKmVS/Hu+Zgu7vG5UqW9vRPuD1yZ4JGNayfyqBMwdw=
    Content-Encoding: gzip
    X-Frame-Options: SAMEORIGIN
    CF-Cache-Status: HIT
    Age: 10697
    Expires: Sun, 10 Mar 2024 14:07:34 GMT
    Cache-Control: public, max-age=1800
    Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
    X-Content-Type-Options: nosniff
    Server: cloudflare
    CF-RAY: 8623b33bda49643c-LHR
  • flag-us
    GET
    https://downloads.napps-2.com/configs/templates/ovpn_xor/1.0/template.xslt
    nordvpn-service.exe
    Remote address:
    104.18.19.19:443
    Request
    GET /configs/templates/ovpn_xor/1.0/template.xslt HTTP/1.1
    User-Agent: NordService windows (main/7.19.4.0) windows/Microsoft Windows NT 10.0.19041.0
    Nord-Agent: {"App":"NordVPN Service","Platform":"Windows","AppVersion":"7.19.4.0","OS":"Microsoft Windows NT 10.0.19041.0","DeviceInfo":"x64","AdditionalInfo":"default"}
    Accept: application/json
    Accept-Encoding: gzip,deflate
    Host: downloads.napps-2.com
    Response
    HTTP/1.1 200 OK
    Date: Sun, 10 Mar 2024 13:38:32 GMT
    Content-Type: application/octet-stream
    Content-Length: 4259
    Connection: keep-alive
    Last-Modified: Tue, 23 Aug 2022 11:46:02 GMT
    etag: 6304bdfa10a3
    X-Authorization: key-id="rsa-key-1",algorithm="rsa-sha256"
    X-Digest: 56c2e8781f54a083aa5a3b19b8e018ab96917e0bfe79be8593161f2f2954276c
    X-Accept-Before: 1709947857
    X-Signature: j2MLeGp4polaon6r/ubKWYXQ3P8Q7umLsf+zJQYUcmBW+R3sSR8WMCc3tnCDCSW1R8IoNaodoAM80Q8BLjwp5gbdLyvNlkwxcLZCad0BFmWq/i561Fk8xnFN4DvIFgFb1qkH1/1bDNmTI0MGsT4FLpYqCUr///B5gjg0maj5i1Hj2a5GpcepssBbSrkcfDK0WjF2XfxLyCFYvn5MKCOmDbxdhpUClgoMUW/rItJvZvXHAVtVsl6i8Y59gVt7u8bKukx3UatGAaKArf1QnMEeyX+UfcJ0OqbI0w+lMDj/G3pZS2HIRnsWYZB8TsaN0DxgsrkhkifzaKO49rtyW1BU9/vwAg6RXocJjf2+3VENSylTPEVpPOryy13mVxkUBxi4rkCUdz3SPxnpDDrJOmi0vhMpWJ78s+65fZxKN/mGxiJ3SWUzm8qSZxHTb6HnHKnV7X/w4qVeXvO9+ZRlc+/J2EtgxN/m2OR3PjLtRs+AvrnnyzJo7WNWHTjlnb5cm8hU0xLyzirowbe2gEptUEKWYDYuV6ZtmWAf4KX+wu7V+oNGF6dkY4g0MPzjW3S3pPJVgH9N7ai7/t7OzSn2jMkslxYGEJeAOgHlDOJjpO7bCjMKgG/MgP/2WG4l9NnU5Z1+q7ltopNM0o96YsFvprZAY9/U1OPY580U0dTUfigJxMM=
    X-Frame-Options: SAMEORIGIN
    CF-Cache-Status: HIT
    Age: 137
    Expires: Sun, 10 Mar 2024 14:08:32 GMT
    Cache-Control: public, max-age=1800
    Accept-Ranges: bytes
    Vary: Accept-Encoding
    Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
    X-Content-Type-Options: nosniff
    Server: cloudflare
    CF-RAY: 8623b4a99ae7643c-LHR
  • flag-us
    GET
    https://downloads.napps-2.com/configs/templates/ovpn/1.0/template.xslt
    nordvpn-service.exe
    Remote address:
    104.18.19.19:443
    Request
    GET /configs/templates/ovpn/1.0/template.xslt HTTP/1.1
    User-Agent: NordService windows (main/7.19.4.0) windows/Microsoft Windows NT 10.0.19041.0
    Nord-Agent: {"App":"NordVPN Service","Platform":"Windows","AppVersion":"7.19.4.0","OS":"Microsoft Windows NT 10.0.19041.0","DeviceInfo":"x64","AdditionalInfo":"default"}
    Accept: application/json
    Accept-Encoding: gzip,deflate
    Host: downloads.napps-2.com
    Response
    HTTP/1.1 200 OK
    Date: Sun, 10 Mar 2024 13:38:36 GMT
    Content-Type: application/octet-stream
    Content-Length: 3615
    Connection: keep-alive
    Last-Modified: Tue, 23 Aug 2022 11:46:02 GMT
    etag: 6304bdfae1f
    X-Authorization: key-id="rsa-key-1",algorithm="rsa-sha256"
    X-Digest: d6ed263761188a215ce302b69fe0b73b6dc796f5935206c56d2f9e1694c00635
    X-Accept-Before: 1709947865
    X-Signature: iVXcP/da+tWr6Oc8T90nCRCq4mqDatnOW8fsAYpP2Zn7Rn3D/64AD+v6rlIQMw+uHsWybEEvy2tpaQAirHUYNVkHQt04TrJZ/SkRgvvR1CBN9yreWl/RYzgkBugcyoRBVxRDa4MpM76W85LgllPSuQOPq3IB4IIdk/WBRk/GvdpkdKbMb6ycsuw+B1A1bMCFCjs/leEnwr0sqQEHAVz+ZI/uBgeJmu5sSXgyrkYFBhs2UFkX43+MmhWzCFPCvffetwpv7JyssSHf1dF0KOqNTSaZBTqFK4iUToSeoYu9+SB1aQ1rgba6xstKr45FOWxx0fWSajYZfXf9H+RVsy+k5DyKRIvRiauXJhLdfjOtbakgggz7+onNvLPBwJIyKXUSoNBAqMX89nctjMLbnS4qyKkHAzvWYlxqknj2m2l0y4av1HPY75jH+8/OWsshIXvlX+sGmt7etMNRP+yhJb5E55Bc+yZ9xf2zjGw9l5ID1Vmxi5v3bBDCW/JnSgj7t0OohXXb10uTjJVgmpSnA20/gK4TZr0zmy0UukWPGWGZyj/M05stqBgXTbK7uyKZkwgcJspBQp0/vqLs8rzEgclM30/enDR6GxhEArDuPd4ZXYqGefvu+/Ib5WWRCPdasPPEGf6UmvbMmcNXgF2SAB9a5G2UciBRlJ/GP2ZbG/8CyCM=
    X-Frame-Options: SAMEORIGIN
    CF-Cache-Status: HIT
    Age: 140
    Expires: Sun, 10 Mar 2024 14:08:36 GMT
    Cache-Control: public, max-age=1800
    Accept-Ranges: bytes
    Vary: Accept-Encoding
    Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
    X-Content-Type-Options: nosniff
    Server: cloudflare
    CF-RAY: 8623b4c2af82643c-LHR
  • flag-us
    GET
    https://downloads.napps-2.com/apps/windows/FeatureConfig/AbTests.sha1
    nordvpn-service.exe
    Remote address:
    104.18.18.19:443
    Request
    GET /apps/windows/FeatureConfig/AbTests.sha1 HTTP/1.1
    User-Agent: NordService windows (main/7.19.4.0) windows/Microsoft Windows NT 10.0.19041.0
    Nord-Agent: {"App":"NordVPN Service","Platform":"Windows","AppVersion":"7.19.4.0","OS":"Microsoft Windows NT 10.0.19041.0","DeviceInfo":"x64","AdditionalInfo":"default"}
    Accept: application/json
    Accept-Encoding: gzip,deflate
    Host: downloads.napps-2.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Sun, 10 Mar 2024 13:37:33 GMT
    Content-Type: application/octet-stream
    Content-Length: 82
    Connection: keep-alive
    Last-Modified: Fri, 08 Mar 2024 15:48:47 GMT
    etag: 65eb335f52
    X-Authorization: key-id="rsa-key-1",algorithm="rsa-sha256"
    X-Digest: ce649667074d3edaa467aaee954eeb93ac6dce79fc34c6f501d742158247db17
    X-Accept-Before: 1709958589
    X-Signature: YTEPpsf10LjJERV1nK4l3m6d9WF/yaEqz9Qes7tEWqP3P1A4poc9PmP8Y0tt/VmeChTdsnzUeC10DsgNBZQCqHa9OLw8NmybpCt24G1ER05kd+dokZsOJfpkNcMldAobzqgZShaNujh1QXP1EYyM2Z8N0V1z54f5V7KZcOdsk4siLzpjcrUYNU7ghlwpzG/vwH83Ip4yaWVffpxh8PC63abotjrY0kEoInD9mlLzBwaI7mu9vCwCIVgzxMr1BlK2r56ow5nzF6PgZF9GF3/KvSJOS0TL+lM+F9tr7QP10jCVhXGq35+goZbGJuRV0pNfTjpTjynAKIeWNGCJ5/VAIJlRAQHnRk7pheTOaWOt3laMw9Pexbg/7NQRygZd57Tfm3sPKKRSSlcMNCqwpNsR605SpU32ZfDQ2Y7nk4c3evxDR+8HBP6hcWA6jbEjhdESBvtSjB1r05AqQbL+EMdA+CAgXpqCeNjTfkWYUDYiOURmGJi3kcNv6+a83xmL9Z8s/u5GyIskmiot5pgimF3Nwxv0MlPSoRBq5ty47ehpvRNci5mdfsvBKbAwTN+5rUq+izogM8utHQOcQU2L3JWlAO/3fd6pOeonMgmfRggtsZwLYAnZCAoXWeoGDS2SMLIcb6F+LTxYdChPC7ZuelMtSGk47TLbzSDaw9YyxOoVgBQ=
    X-Frame-Options: SAMEORIGIN
    CF-Cache-Status: HIT
    Age: 292
    Expires: Sun, 10 Mar 2024 14:07:33 GMT
    Cache-Control: public, max-age=1800
    Accept-Ranges: bytes
    Vary: Accept-Encoding
    Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
    X-Content-Type-Options: nosniff
    Server: cloudflare
    CF-RAY: 8623b33afb0863c7-LHR
  • flag-us
    GET
    https://downloads.napps-2.com/apps/windows/FeatureConfig/SharedConfig.sha1
    nordvpn-service.exe
    Remote address:
    104.18.18.19:443
    Request
    GET /apps/windows/FeatureConfig/SharedConfig.sha1 HTTP/1.1
    User-Agent: NordService windows (main/7.19.4.0) windows/Microsoft Windows NT 10.0.19041.0
    Nord-Agent: {"App":"NordVPN Service","Platform":"Windows","AppVersion":"7.19.4.0","OS":"Microsoft Windows NT 10.0.19041.0","DeviceInfo":"x64","AdditionalInfo":"default"}
    Accept: application/json
    Accept-Encoding: gzip,deflate
    Host: downloads.napps-2.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Sun, 10 Mar 2024 13:37:33 GMT
    Content-Type: application/octet-stream
    Content-Length: 82
    Connection: keep-alive
    Last-Modified: Fri, 08 Mar 2024 15:49:47 GMT
    etag: 65eb339b52
    X-Authorization: key-id="rsa-key-1",algorithm="rsa-sha256"
    X-Digest: 45e97da9dfa4431cabd4805658cf619a7d1b5a4a1aaae0e71ff40652561420ac
    X-Accept-Before: 1709958562
    X-Signature: WXeQ1i8vg0U5ZHaKJfFA5DemGIOBOhqTRMFHkbppQ07YjdcwlQpIw9NMdEy7LAjVh6f0CBI26jTuqFHAWAyzrSgrpUtdkSNSWn6ORfYwg1PwgAsrrrLmJMiipUo9+v/n0Dvthg8SwDkswVRCYKwprhV5tj7vxNLjoQBg/cp3XxNj+IQrfp4vEfJqxzsOXAt48x80QgnE9xIbZBcUQG/YcMcxx9vXesdXI91LP3gvB+yCa/ddS0+cFmPmNQBvIDsTzLi59XMj80l50ScR2PgE2oPxqJTKMKDa6QZkQaFdHdrPGs6+XLZB5iMhargo7JI3fnQ66jX1yjlZRHQ1D+HFWIexZWMJB9/bklLwCXr3Z8RI/tWzpQTNlXQeYxNSbosmTEqpvECCDsHbXGj+8Jtqxo+tZ8qQiJpq4SI6zXzTI9YP4z189Nv0U4DJjpQNCX8BhcerAUtt7SLL7E6xMWc1hjKODHmg68OUYNgwq5Xy29ypmIHk+erJDoeTcfIwgMSdCwSGlIQMvJDMxQB3QNX/b2hQq2wNm875IdhEdXVbqH+i8rBM8nImfrcFK/upHTLriY+RXMdj6yJrzToxnOREdC3i3JAb5opRCnlmmdBGvy8KSDR2Qr07O3oUy4L5NxjCgQ2oYormpBhRjWnu+VRwyGeX11jmvWlrtX94p3INrgU=
    X-Frame-Options: SAMEORIGIN
    CF-Cache-Status: HIT
    Age: 293
    Expires: Sun, 10 Mar 2024 14:07:33 GMT
    Cache-Control: public, max-age=1800
    Accept-Ranges: bytes
    Vary: Accept-Encoding
    Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
    X-Content-Type-Options: nosniff
    Server: cloudflare
    CF-RAY: 8623b33a9ab088bf-LHR
  • flag-us
    GET
    https://downloads.napps-2.com/apps/windows/FeatureConfig/SharedConfig.sha1
    nordvpn-service.exe
    Remote address:
    104.18.18.19:443
    Request
    GET /apps/windows/FeatureConfig/SharedConfig.sha1 HTTP/1.1
    User-Agent: NordService windows (main/7.19.4.0) windows/Microsoft Windows NT 10.0.19041.0
    Nord-Agent: {"App":"NordVPN Service","Platform":"Windows","AppVersion":"7.19.4.0","OS":"Microsoft Windows NT 10.0.19041.0","DeviceInfo":"x64","AdditionalInfo":"default"}
    Accept: application/json
    Accept-Encoding: gzip,deflate
    Host: downloads.napps-2.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Sun, 10 Mar 2024 13:37:33 GMT
    Content-Type: application/octet-stream
    Content-Length: 82
    Connection: keep-alive
    Last-Modified: Fri, 08 Mar 2024 15:49:47 GMT
    etag: 65eb339b52
    X-Authorization: key-id="rsa-key-1",algorithm="rsa-sha256"
    X-Digest: 45e97da9dfa4431cabd4805658cf619a7d1b5a4a1aaae0e71ff40652561420ac
    X-Accept-Before: 1709958455
    X-Signature: mw8d1K3dCGbxMWx6SNZoW1O8d9/taxwQc1eZhZu6PUEumHuZfNQf+p6aPZmC1kJ6pm1gXIKzENkB8txXKowUDDKNxLhVeUzASeutzojfLBftu5xq8VYKwuACu3p5ZNPcJ0HKnCwccJDgUEoj1QBDAtRPFP+rLNByjKRKdp9+mSsGxrEvlXMWRtPl4qvScnuN7CZKcXFyR3w7+NmIts9QcpVBa3ch24JO9T3eH7dsFkFklR+8nXYIDOryyePD9en19DuIymWnzGyQqHRwSo4Sjr+LKYz9soupZ7ONv3k8cnPkenG35Fp+LgVouHAndw4roNCkOkRnSNs9RT40Ig2nsZHM0NPUg48rK59znCr7MB9gTeuJQnnBEtOpHHoTJBiurTpXKhrjLaXUyET0UC94Qb60QGJ82TeDl9QFn+HG9jUYvXwy418X23IFJeIxRFe7E+Z7YcZcbNzEgaNeMlTeAKaJesVQ6Key2Tj4mwSow0CFZzbHR7EBDJY0hjiqBlODQqqTRdaEPVo3Jo688IM8qnjXhPAGoZ1wKIqvwwPMM3XIo7EoG8eivCCUxr7De+AgLL41SbFZwOnVSJ7aq25+j2BKCTu4Xx501W2fX9bOkSC0G9itlAa0TvkgBs0S0YUNVZoRN1cbukXdOZCjxtyXc0sNW6zMcHxGEGyoQZfkhg8=
    X-Frame-Options: SAMEORIGIN
    CF-Cache-Status: HIT
    Age: 293
    Expires: Sun, 10 Mar 2024 14:07:33 GMT
    Cache-Control: public, max-age=1800
    Accept-Ranges: bytes
    Vary: Accept-Encoding
    Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
    X-Content-Type-Options: nosniff
    Server: cloudflare
    CF-RAY: 8623b33a9b08dd7b-LHR
  • flag-us
    GET
    https://downloads.napps-2.com/apps/windows/NordVPN/remoteConfig/remote.json
    nordvpn-service.exe
    Remote address:
    104.18.18.19:443
    Request
    GET /apps/windows/NordVPN/remoteConfig/remote.json HTTP/1.1
    User-Agent: NordService windows (main/7.19.4.0) windows/Microsoft Windows NT 10.0.19041.0
    Nord-Agent: {"App":"NordVPN Service","Platform":"Windows","AppVersion":"7.19.4.0","OS":"Microsoft Windows NT 10.0.19041.0","DeviceInfo":"x64","AdditionalInfo":"default"}
    Accept: application/json
    Accept-Encoding: gzip,deflate
    Host: downloads.napps-2.com
    Response
    HTTP/1.1 200 OK
    Date: Sun, 10 Mar 2024 13:37:33 GMT
    Content-Type: application/json
    Transfer-Encoding: chunked
    Connection: keep-alive
    Last-Modified: Tue, 05 Mar 2024 14:33:37 GMT
    Vary: Accept-Encoding
    X-Authorization: key-id="rsa-key-1",algorithm="rsa-sha256"
    X-Digest: 6136bc4e77373bd531ada0c1c15c7d3f571503f6e879e8ad782305ed18b2bcd3
    X-Accept-Before: 1709947861
    X-Signature: JG5maH04UoMHcgyWaWY7U9JV0mdsppxkBasuoDvf8iKijrZ1sFLxJfTv3mgI/av63tKutF1mMwlUrPf5z7RL2Uq9FedutT36v+4FjLKS6TbQ7SyWcgESCn6KcMm33UwC/o+IFD9whS81osCScv5Ta5s6M9pZinWDrcniDSY/VMntIcR3ponpYi3G28HfkcmfeRiBoK5CEbNLP6tIAFKnLVNHZlvSSSEUVsaS3dD0/CunrzGo8MRPNf7oSivKIPupqeJXu5/9eO2hyBu1FBpUFk12eWZutOU4Cm3LikDXuVvRCvk9ShyyDZw7SqKHBlmqV5fGD4EtKo3sfz1pVn53j1+n9t0CxHkHIDtJHGp5Zt90R2/KCTkwv73wFjQJzxuAhDVgc6Dcgsvoyn1KIDhJmjTfNK/HQxhFJXwXLfpL2YmQsi7dKX26v2hXaTBh0nDUh0yk3CXYaNqtePFj20yu2GRiQ8NiJtBvCnfCMP1MgsKRcnltk6cbg37l19b31XkVKqYF222OfafoshqyFK6L1SP9TuGVJMXHmZzdG1mXIcTB6g4BgzM2W5eEHjq9xHavfB6SfwurMrzIog2ouPH1jeFzK9UPQtzahlWKG42JSOjgY/CDNUN/2PYzMdm+yifF6vi6Vgl1VSEcuxpYJ2WCuFSrr/NA9gYzvslKAiTlxnY=
    Content-Encoding: gzip
    X-Frame-Options: SAMEORIGIN
    CF-Cache-Status: HIT
    Age: 194
    Expires: Sun, 10 Mar 2024 14:07:33 GMT
    Cache-Control: public, max-age=1800
    Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
    X-Content-Type-Options: nosniff
    Server: cloudflare
    CF-RAY: 8623b33b6bb2dd7b-LHR
  • flag-us
    GET
    https://downloads.napps-2.com/apps/windows/FeatureConfig/NordVPNService.sha1
    nordvpn-service.exe
    Remote address:
    104.18.18.19:443
    Request
    GET /apps/windows/FeatureConfig/NordVPNService.sha1 HTTP/1.1
    User-Agent: NordService windows (main/7.19.4.0) windows/Microsoft Windows NT 10.0.19041.0
    Nord-Agent: {"App":"NordVPN Service","Platform":"Windows","AppVersion":"7.19.4.0","OS":"Microsoft Windows NT 10.0.19041.0","DeviceInfo":"x64","AdditionalInfo":"default"}
    Accept: application/json
    Accept-Encoding: gzip,deflate
    Host: downloads.napps-2.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Sun, 10 Mar 2024 13:37:33 GMT
    Content-Type: application/octet-stream
    Content-Length: 82
    Connection: keep-alive
    Last-Modified: Fri, 08 Mar 2024 15:49:35 GMT
    etag: 65eb338f52
    X-Authorization: key-id="rsa-key-1",algorithm="rsa-sha256"
    X-Digest: 1a4aaf4d1033a8067b1925fc5064cb06ff221da4941f81fa8636bd079b1b99bb
    X-Accept-Before: 1709958574
    X-Signature: nJtM/dLOyeN4oQVQ834HU1rguZt32zaPBImXPm/UyZW/VJFfzAGzQkULUVnyx3Nkdp7X9vyj6czMNnr6i61Kadc4Ycp7mUAdyGm8t7LhFt0yhcBo6h8BwvEZ2F62LwPOafUYrD9iQGCFIn+IM7Tk8NpAjd92tYxJtWMUEFfbu/85HwB2izNrb2lePAXoCK6FJ39TLO+HF6R9KUUtmFsH3WQBnWjOstFAO89dCCwzdczdAumHXWO7S5Bpj4vvNYJtlBRY1XBa4dZ7LKtAZXsE+uKpdAO2M5kuqVKXUqHQkxPpRhv6nuBMMwN6ijHgNFvrEWuk54g52a404Gl6TZNFjf2zvmwDEHkarxM4aHiwHYDrCdWMsCvV4/aiYr8BfgC+5Mk1HRPoSuE2XhAFUevgdycrE35eqXymiukZveQpLvynn1bL4B5aBqssKIkRXo/d56PImrM9jMsMtTZ8PF+aXkFEQD9olrFE1xZV/0s4UnmfnwmKHUhazMkwzaE4RqXT5D67qqvQxgyuRmn+s70PoCj3v1EX+DXe5vp1jP8Ej7YFa++74h/uqXfqpvqYmTgc3VgSL9sNG4GunktjD0WISRDw3D8EEguDVHppC5PWzmAqwZLiZ3NdLMBTzC9ejVkajpeLHGK8GldnafdqrWytQKiC8lauVjMRpiBqLHXZ6Kg=
    X-Frame-Options: SAMEORIGIN
    CF-Cache-Status: HIT
    Age: 291
    Expires: Sun, 10 Mar 2024 14:07:33 GMT
    Cache-Control: public, max-age=1800
    Accept-Ranges: bytes
    Vary: Accept-Encoding
    Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
    X-Content-Type-Options: nosniff
    Server: cloudflare
    CF-RAY: 8623b33ac8ebdc19-LHR
  • flag-us
    GET
    https://downloads.napps-2.com/apps/windows/FeatureConfig/NordVPNService.json
    nordvpn-service.exe
    Remote address:
    104.18.19.19:443
    Request
    GET /apps/windows/FeatureConfig/NordVPNService.json HTTP/1.1
    User-Agent: NordService windows (main/7.19.4.0) windows/Microsoft Windows NT 10.0.19041.0
    Nord-Agent: {"App":"NordVPN Service","Platform":"Windows","AppVersion":"7.19.4.0","OS":"Microsoft Windows NT 10.0.19041.0","DeviceInfo":"x64","AdditionalInfo":"default"}
    Accept: application/json
    Accept-Encoding: gzip,deflate
    Host: downloads.napps-2.com
    Response
    HTTP/1.1 200 OK
    Date: Sun, 10 Mar 2024 13:37:34 GMT
    Content-Type: application/json
    Transfer-Encoding: chunked
    Connection: keep-alive
    Last-Modified: Fri, 08 Mar 2024 15:49:31 GMT
    Vary: Accept-Encoding
    X-Authorization: key-id="rsa-key-1",algorithm="rsa-sha256"
    X-Digest: 155c3f36597a32566da8d5c169cb4b66211a5a2f86e2e35ecb726260163a50a4
    X-Accept-Before: 1709958829
    X-Signature: UXd1FuipeBarGBuvmuIjO82DMqh3n6f6TRF3xX/XNIBs4aqgLGdJ+Jq3aml7KjfOviSxMqbfcB+o7B7QBwaTQsMCY7OeSRXGTq/ra+TnRrvuxPEn1W4sLj31119sgTxQYn5aBIvSgMYvUoydUh2a3I0KsFD+3I/tj/p/R83oE1z92X8nMzbb0WZqvwxcM3mWBd289iZSInvbTmsIjgWXYjTbGe+uqAJUJJjNLxZFdyIQYKdGQrfwRbXCVljHE7dXjm4jVZ1NMBRtAHAJrsvgmX/PT+vzKDfUIZSwHjQs1gga8+Hk1zO9TYHOY6HVW5NnAI5MWh+QvqxQhSDStk6zKuSa6Y8FLqgJH1onFpV6LyRwctfiMvBsaM2tPE+5dNmh1AGGN4/3h24eObDPO/N3HKkVmXP7qokMkCgk8ZJXU5innm8I0DgiSICdYvrRSKDOJGrHp4p9lG6VJVzAvlk/sHth0oxBfWoS33W7SCuOuLUrnRUVLZbnnqdlrungINdN4Fryt+Eb2a8xtn9Pbr+Rr1/WJnme226KHgpjtX7cWZI9Kw5sbn94UOBDWvvQ0/R42iDsVW2hYzeEAASPatZOb/ZmkpxPU1nhmDe8MpqugQHGt3oaA6dS2khyaolt1sdSmO7K1dFxB+/DYvdHzwOVJp1G3jN4Wgjil6erz6wVw9Y=
    Content-Encoding: gzip
    X-Frame-Options: SAMEORIGIN
    CF-Cache-Status: HIT
    Age: 7335
    Expires: Sun, 10 Mar 2024 14:07:34 GMT
    Cache-Control: public, max-age=1800
    Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
    X-Content-Type-Options: nosniff
    Server: cloudflare
    CF-RAY: 8623b33d5ff0dc8f-LHR
  • flag-us
    GET
    https://downloads.napps-2.com/apps/windows/FeatureConfig/SharedConfig.json
    nordvpn-service.exe
    Remote address:
    104.18.19.19:443
    Request
    GET /apps/windows/FeatureConfig/SharedConfig.json HTTP/1.1
    User-Agent: NordService windows (main/7.19.4.0) windows/Microsoft Windows NT 10.0.19041.0
    Nord-Agent: {"App":"NordVPN Service","Platform":"Windows","AppVersion":"7.19.4.0","OS":"Microsoft Windows NT 10.0.19041.0","DeviceInfo":"x64","AdditionalInfo":"default"}
    Accept: application/json
    Accept-Encoding: gzip,deflate
    Host: downloads.napps-2.com
    Response
    HTTP/1.1 200 OK
    Date: Sun, 10 Mar 2024 13:37:34 GMT
    Content-Type: application/json
    Transfer-Encoding: chunked
    Connection: keep-alive
    Last-Modified: Fri, 08 Mar 2024 15:49:43 GMT
    Vary: Accept-Encoding
    X-Authorization: key-id="rsa-key-1",algorithm="rsa-sha256"
    X-Digest: 035eea020d07c2cebcb1fe1d42ad50527095ede77db74c81fd28f74f2cefe672
    X-Accept-Before: 1709958792
    X-Signature: RONcilieEvBqt691/sLeVTJBjaj3GG1s8aT+Xn6BLu1x0hS4COOuXvqKCKjr3cELPrtsnPt340AQdaDCuTBoCAd+RrFiuIWsYedlzljPP1nyylIWcdtX9/gvaUjuv5MRGtaVCMEyptBnndVOOH70ZJVkMUlXHRhmw7ZePmOsbmKykhOpFiJpBzs0+QDf9x2X8zYRWucPcuee6Us/96frfUslVRIryroeoWfGz713rqAhTR3DgVGspgIsiJty3ViFAOioCqShhKMMqbJpu7a7yLcHCciCxv1hyrMsipSRfZDNO4nifm3xTEYmO9SaKzKEgn/qiq04+V15tvdqMt75EFDol1I1SMeebigk5ZqtPa4ZZRX0ltoXGlBXhu1p8TyouDL9hgKnLTLtlcgVXzqmeDa3ZoCjBC21pBy8eBWfi0NWuLTPHnebHKvWWOKgR1srn49SPbozvkj1L7S95zZwJongZ+Hw1I7LvUZASKJNF3g2HIvAxYkm9shqLZYCMEtqbU/c9BT1I7sVcDOYjxteyzke9gkUYRPL2lPWoD8ydDEQNecgEDpTLMaf95emUOWe/Hii8rBVrOgW+mJmJJ+lhce7nuKLYmyqX3uPMxhdqFduOUYeCYfsjIDXMXoN75o/wOO57z297FiwGTyf+3jFmMtXPzGnUlEMm/CazeswJHs=
    Content-Encoding: gzip
    X-Frame-Options: SAMEORIGIN
    CF-Cache-Status: HIT
    Age: 10322
    Expires: Sun, 10 Mar 2024 14:07:34 GMT
    Cache-Control: public, max-age=1800
    Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
    X-Content-Type-Options: nosniff
    Server: cloudflare
    CF-RAY: 8623b33e5969dc8f-LHR
  • flag-us
    GET
    https://downloads.napps-2.com/apps/windows/FeatureConfig/Meshnet.json
    nordvpn-service.exe
    Remote address:
    104.18.19.19:443
    Request
    GET /apps/windows/FeatureConfig/Meshnet.json HTTP/1.1
    User-Agent: NordService windows (main/7.19.4.0) windows/Microsoft Windows NT 10.0.19041.0
    Nord-Agent: {"App":"NordVPN Service","Platform":"Windows","AppVersion":"7.19.4.0","OS":"Microsoft Windows NT 10.0.19041.0","DeviceInfo":"x64","AdditionalInfo":"default"}
    Accept: application/json
    Accept-Encoding: gzip,deflate
    Host: downloads.napps-2.com
    Response
    HTTP/1.1 200 OK
    Date: Sun, 10 Mar 2024 13:37:34 GMT
    Content-Type: application/json
    Transfer-Encoding: chunked
    Connection: keep-alive
    Last-Modified: Fri, 08 Mar 2024 15:49:13 GMT
    Vary: Accept-Encoding
    X-Authorization: key-id="rsa-key-1",algorithm="rsa-sha256"
    X-Digest: 848a79d3ef445aabf040188fbbac2c90c9a342cd55593bf3d8d6e4db9da1cf70
    X-Accept-Before: 1709958739
    X-Signature: kxsPjNO9NbcVu/jRckMNG4gtPCP2Y1DJJjRXM1L3kQ2C88Gt0I4+ooSlvUUe5TiLa8KURszqGE6kQb+U2VGF/gW6yCZD6UepHY47GRmFBVksQ1TqJPwSPCQBSf2Q2Ffvuqd7h6fSPlWgFwEOAlq9bLJa4UoE+24omZdPHuoPFQiahXtRXY2wYW9yhkClhGBuBEe865vH7+4mtlPA7Pu3zHNGKzyhzaSvEoPeLwr0yOtJf9sC/SlfCYcNDb43uEq6QbA4ILxdAMABO3XcblLaS1+eIx/z0u0LaY954ExhfNnEDJJvBVeqJuORjPyFCceNxvjVDcZKWl6JPAZu7H0O7VULhvkURUhPaTlMIliGF+TXK3FkQVJoTDws+jurCkbwwWsLMwLfjqclyTSylAQh8Bc4Zw878vXOADzXLwboGzF2mQ4ErojcSPeCeXceRDIbIPWCC+hVsP/A8BqvaUnpmFkAQekogXGJgtijyqOUqpeveEQwbIPa/gT5ecdc3bglP/ba+pb/8UUNC+551Edz1ZWscdZI2YSCazsG/ouBARxKnzYTb1tCcattu1RcHW4cDpbtTyTkzZsC89zeuxlwYF/KDe2ykN3udjlxlpT0//sA8vaNtqgrJx8dosT3yh2T7sfQlyKeP5eVa/njMtHlkMlzbux/VybnMsswWA/drJ4=
    Content-Encoding: gzip
    X-Frame-Options: SAMEORIGIN
    CF-Cache-Status: HIT
    Age: 9940
    Expires: Sun, 10 Mar 2024 14:07:34 GMT
    Cache-Control: public, max-age=1800
    Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
    X-Content-Type-Options: nosniff
    Server: cloudflare
    CF-RAY: 8623b33ea9cedc8f-LHR
  • flag-us
    DNS
    19.19.18.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    19.19.18.104.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    19.19.18.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    19.19.18.104.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    19.18.18.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    19.18.18.104.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    19.18.18.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    19.18.18.104.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    bugs-notify.nordvpn.com
    nordvpn-service.exe
    Remote address:
    8.8.8.8:53
    Request
    bugs-notify.nordvpn.com
    IN A
    Response
    bugs-notify.nordvpn.com
    IN A
    104.19.159.190
    bugs-notify.nordvpn.com
    IN A
    104.16.208.203
  • flag-us
    DNS
    bugs-notify.nordvpn.com
    nordvpn-service.exe
    Remote address:
    8.8.8.8:53
    Request
    bugs-notify.nordvpn.com
    IN A
    Response
    bugs-notify.nordvpn.com
    IN A
    104.19.159.190
    bugs-notify.nordvpn.com
    IN A
    104.16.208.203
  • flag-us
    POST
    https://bugs-notify.nordvpn.com/
    nordvpn-service.exe
    Remote address:
    104.19.159.190:443
    Request
    POST / HTTP/1.1
    Content-Type: application/json
    Bugsnag-Api-Key: 7a12a911c8337a8db1fa4bf465462dd1
    Bugsnag-Payload-Version: 4
    Bugsnag-Sent-At: 2024-03-10T13:37:37.4725506Z
    Host: bugs-notify.nordvpn.com
    Content-Length: 11022
    Expect: 100-continue
    Connection: Close
    Response
    HTTP/1.1 200 OK
    Date: Sun, 10 Mar 2024 13:37:39 GMT
    Content-Type: text/plain; charset=utf-8
    Content-Length: 2
    Connection: close
    Access-Control-Allow-Origin: *
    Bugsnag-Event-Id: 65edb7a300dd39c4f08b0000
    Via: 1.1 google
    Alt-Svc: h3=":443"; ma=86400
    X-Robots-Tag: noindex, nofollow, nosnippet, noarchive, none, noodp, notranslate, noimageindex, unavailable_after: 7 Jul 2007 16:30:00 GMT
    CF-Cache-Status: DYNAMIC
    Set-Cookie: __cf_bm=tECkvIoTAuF1v7obfjSJJYr_ph.RmYFQuHY1qeiVlYg-1710077859-1.0.1.1-093.atJPGw22iGdpN_c9JjBDrGKekZfkB61gbnc98FrRFMUiX.83mRGTMGNFhFhM960mM2DPANe9E6.If6nvWVAQurnd8jj9ak5DhlricZY; path=/; expires=Sun, 10-Mar-24 14:07:39 GMT; domain=.nordvpn.com; HttpOnly; Secure
    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
    Server: cloudflare
    CF-RAY: 8623b35a1fa38871-LHR
  • flag-us
    POST
    https://bugs-notify.nordvpn.com/
    nordvpn-service.exe
    Remote address:
    104.19.159.190:443
    Request
    POST / HTTP/1.1
    Content-Type: application/json
    Bugsnag-Api-Key: 7a12a911c8337a8db1fa4bf465462dd1
    Bugsnag-Payload-Version: 4
    Bugsnag-Sent-At: 2024-03-10T13:37:37.5193133Z
    Host: bugs-notify.nordvpn.com
    Content-Length: 13857
    Expect: 100-continue
    Connection: Close
    Response
    HTTP/1.1 200 OK
    Date: Sun, 10 Mar 2024 13:37:39 GMT
    Content-Type: text/plain; charset=utf-8
    Content-Length: 2
    Connection: close
    Access-Control-Allow-Origin: *
    Bugsnag-Event-Id: 65edb7a300dd7cc7ef150000
    Via: 1.1 google
    Alt-Svc: h3=":443"; ma=86400
    X-Robots-Tag: noindex, nofollow, nosnippet, noarchive, none, noodp, notranslate, noimageindex, unavailable_after: 7 Jul 2007 16:30:00 GMT
    CF-Cache-Status: DYNAMIC
    Set-Cookie: __cf_bm=vrQfTdO0UenUorKKi5RT76aDOYvifDe35ri5IqlMfkY-1710077859-1.0.1.1-Z16jHrvliSsnGFXmLZJ8.y55tk_4SYqT5MOIVBrSr2._6nPSGVtqKbcvLddZ1LO2HwYpsgwcNlZ.Fy_H236VWZGUnd1tk0FF4oACdR7.P.g; path=/; expires=Sun, 10-Mar-24 14:07:39 GMT; domain=.nordvpn.com; HttpOnly; Secure
    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
    Server: cloudflare
    CF-RAY: 8623b35a4f16654c-LHR
  • flag-us
    POST
    https://bugs-notify.nordvpn.com/
    nordvpn-service.exe
    Remote address:
    104.19.159.190:443
    Request
    POST / HTTP/1.1
    Content-Type: application/json
    Bugsnag-Api-Key: 7a12a911c8337a8db1fa4bf465462dd1
    Bugsnag-Payload-Version: 4
    Bugsnag-Sent-At: 2024-03-10T13:37:37.5193133Z
    Host: bugs-notify.nordvpn.com
    Content-Length: 13585
    Expect: 100-continue
    Connection: Close
    Response
    HTTP/1.1 200 OK
    Date: Sun, 10 Mar 2024 13:37:39 GMT
    Content-Type: text/plain; charset=utf-8
    Content-Length: 2
    Connection: close
    Access-Control-Allow-Origin: *
    Bugsnag-Event-Id: 65edb7a300ddc955fe8b0000
    Via: 1.1 google
    Alt-Svc: h3=":443"; ma=86400
    X-Robots-Tag: noindex, nofollow, nosnippet, noarchive, none, noodp, notranslate, noimageindex, unavailable_after: 7 Jul 2007 16:30:00 GMT
    CF-Cache-Status: DYNAMIC
    Set-Cookie: __cf_bm=vBsXFClffN9LRuKwAVArZuRtQCm_Q60XqBwLoMFtq2U-1710077859-1.0.1.1-rhiSo6WNvPBTXO8sAwLDDT3WK9WLC2hxZzELxTlaDshI0.oCZzUGY6lHFUzXeE7mN6JzL0.gQO6CP60L6TujuvGH.LLpJNfLJI.ACFU9SQ4; path=/; expires=Sun, 10-Mar-24 14:07:39 GMT; domain=.nordvpn.com; HttpOnly; Secure
    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
    Server: cloudflare
    CF-RAY: 8623b35e8dc17750-LHR
  • flag-us
    DNS
    102.161.70.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    102.161.70.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    102.161.70.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    102.161.70.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    195.201.50.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    195.201.50.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    195.201.50.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    195.201.50.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    114.110.16.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    114.110.16.96.in-addr.arpa
    IN PTR
    Response
    114.110.16.96.in-addr.arpa
    IN PTR
    a96-16-110-114deploystaticakamaitechnologiescom
  • flag-us
    DNS
    114.110.16.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    114.110.16.96.in-addr.arpa
    IN PTR
    Response
    114.110.16.96.in-addr.arpa
    IN PTR
    a96-16-110-114deploystaticakamaitechnologiescom
  • flag-us
    DNS
    81.171.91.138.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    81.171.91.138.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    81.171.91.138.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    81.171.91.138.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    in.appcenter.ms
    NordUpdateService.exe
    Remote address:
    8.8.8.8:53
    Request
    in.appcenter.ms
    IN A
    Response
    in.appcenter.ms
    IN CNAME
    in2-prod-east-us2-23fa330.trafficmanager.net
    in2-prod-east-us2-23fa330.trafficmanager.net
    IN CNAME
    in2-gw2-02-ce7dd027.eastus2.cloudapp.azure.com
    in2-gw2-02-ce7dd027.eastus2.cloudapp.azure.com
    IN A
    40.70.161.102
  • flag-us
    DNS
    in.appcenter.ms
    NordUpdateService.exe
    Remote address:
    8.8.8.8:53
    Request
    in.appcenter.ms
    IN A
    Response
    in.appcenter.ms
    IN CNAME
    in2-prod-east-us2-23fa330.trafficmanager.net
    in2-prod-east-us2-23fa330.trafficmanager.net
    IN CNAME
    in2-gw2-02-ce7dd027.eastus2.cloudapp.azure.com
    in2-gw2-02-ce7dd027.eastus2.cloudapp.azure.com
    IN A
    40.70.161.102
  • flag-us
    GET
    https://downloads.nordcdn.com/apps/windows/meta/NordVPN/latest/versionv2.xml
    NordUpdateService.exe
    Remote address:
    104.17.207.237:443
    Request
    GET /apps/windows/meta/NordVPN/latest/versionv2.xml HTTP/1.1
    User-Agent: BGU/1.4.2.146
    Host: downloads.nordcdn.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Sun, 10 Mar 2024 13:38:02 GMT
    Content-Type: text/xml
    Transfer-Encoding: chunked
    Connection: keep-alive
    Last-Modified: Fri, 08 Mar 2024 16:23:32 GMT
    Vary: Accept-Encoding
    X-Authorization: key-id="rsa-key-1",algorithm="rsa-sha256"
    X-Digest: f8f2a0dd0f04e6acdf2c24722d9d25681284037681f62c8b8cf743a5cce19e13
    X-Accept-Before: 1709958388
    X-Signature: SuzIPvES8Aujp6v0hNRZRykFYE4QMLejJdXRqv5g+8WMuz8HsO+tk6JTTr251d1aA7gi49l8erjNRBS1VKFITIN2YdHvOZE2zWKirNoT447W9ciyji0xKny8uqpquwuudkIsrHcw8Cd2VeV/WGrGHHZPqGytUz+1WNqIHUmKaoq5dlR5NJCkiRh2fd2ys89fDkGsb2retS9uJ4HQBXmKlgU04GftBGPB8u+ennBlcQw4qvI8S9slTy4mQKoJxl9piPcUUft6Q0k5+h3LH8H+UkRj1Qze+PdAEp6kMymFiFs0s7MtMfMbaaxnC42d9qegYFQS/QiFPi6GlMjOJbbiEvadpAvmdCH0VCnkzF5z0idm6GGg03b5NpHHcBx+Y5VwuBXdZ6LMgbD/6P/nz42EzSoYGuBpBkqoDGeMZIPuziWrcBPdbg3NFMXYsQsxEA/NAsCkJS3/xZsnkpWYgE/ERkR7no647VBhcofWloQMeyyhZxWoTEMoFyBKXFPa5nWbQOqnYIwC37+eqQkeLEImpgV13AY6UdU/f/QYDTIt/5eM6OInCopvxgzXVlgBE+Qvzm6JOV02/ctqRvrayo9S/iwUbZY/6QquWOTuhWWT8+6A30xz4lG3RrPqoAHv0eszegQ+7PA9cALbKFu9Rlx4GZJWn3fndXvzmxbGmGq5h9Q=
    X-Frame-Options: SAMEORIGIN
    CF-Cache-Status: HIT
    Age: 679
    Expires: Sun, 10 Mar 2024 14:08:02 GMT
    Cache-Control: public, max-age=1800
    Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
    Server: cloudflare
    CF-RAY: 8623b3edba7e773e-LHR
  • flag-au
    DNS
    downloads.napps-2.com
    nordvpn-service.exe
    Remote address:
    103.86.96.100:53
    Request
    downloads.napps-2.com
    IN A
    Response
    downloads.napps-2.com
    IN A
    104.18.18.19
    downloads.napps-2.com
    IN A
    104.18.19.19
  • flag-au
    DNS
    downloads.napps-2.com
    nordvpn-service.exe
    Remote address:
    103.86.96.100:53
    Request
    downloads.napps-2.com
    IN A
    Response
    downloads.napps-2.com
    IN A
    104.18.19.19
    downloads.napps-2.com
    IN A
    104.18.18.19
  • flag-us
    GET
    https://downloads.napps-2.com/apps/windows/FeatureConfig/DnsTracing.sha1
    NordVPN.exe
    Remote address:
    104.18.18.19:443
    Request
    GET /apps/windows/FeatureConfig/DnsTracing.sha1 HTTP/1.1
    User-Agent: NordApp windows (main/7.19.4.0) windows/Microsoft Windows NT 10.0.19041.0
    Nord-Agent: {"App":"NordVPN App","Platform":"Windows","AppVersion":"7.19.4.0","OS":"Microsoft Windows NT 10.0.19041.0","DeviceInfo":"x64","AdditionalInfo":"default"}
    Accept: application/json
    Accept-Encoding: gzip,deflate
    Host: downloads.napps-2.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Sun, 10 Mar 2024 13:38:16 GMT
    Content-Type: application/octet-stream
    Content-Length: 82
    Connection: keep-alive
    Last-Modified: Fri, 08 Mar 2024 15:48:59 GMT
    etag: 65eb336b52
    X-Authorization: key-id="rsa-key-1",algorithm="rsa-sha256"
    X-Digest: cb5ebb07dda053803eaabd2dd66503af170d54a77a7c301f133438ac3f3139f0
    X-Accept-Before: 1709958653
    X-Signature: SX5QWYzgRwoZEFStZZhiumsYsEw/50wdHibUGZxD9LH/9foibeifhBl2u1aMCyk3q8Gkp5iCBGK4RPnjxyU43jD7+yB4mA7fWeVLzPtXDgQ3MHfurDJgsQqHeLlVmaN2teeq+puG+ZPdwjShu9Aud4dbz3F3K1Mpez3/qEeFBtO4eS/rf895xMVfe89CQ0LlyPxMSOQnMw8VAUSDqHEAsODZXt2vFJYIFSkyQLZ+kHHRr4k+TutVPMjGD2dnB+MkZLbpoW0gWHRR4ucVwiVS+meKp81uVsvLcwgKyZyxcEt3bbM32gHvE8WxKgQ4GMrONxopa/OmumGOleavYtxRlIeabGQovuk55fx07cDWxobnbqgWmbfp3/KYvjG1nmWT9p/+1vyykydyqI7uaMhUw4ciAHbcCl7KvbDV7ZdFmpk3viubrAnD1qLCJOr6ry+pTrEB1sL4Y9T2YAUa9SfB1UqjShiuirF/OFX7NaKBW4TncZZR2ODhNRbmzO+X+wxfPmepVxG3+Kbt29v7JySeuQx4nqKgvUgFSbLrGItsTkv4SCMFu0FmKBGO9rIq9Ud0V7b8giFalFOY05PeFvk63a2G5CH+K6eKS2hAwNjhy8MytXX1IytrMXQzm0QHTg7TqkzKT9P9cPK04yaKu9XPAkNV32koj+LeNLz/O8hhA2Q=
    X-Frame-Options: SAMEORIGIN
    CF-Cache-Status: HIT
    Age: 391
    Expires: Sun, 10 Mar 2024 14:08:16 GMT
    Cache-Control: public, max-age=1800
    Accept-Ranges: bytes
    Vary: Accept-Encoding
    Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
    X-Content-Type-Options: nosniff
    Server: cloudflare
    CF-RAY: 8623b444fba16352-LHR
  • flag-us
    GET
    https://downloads.napps-2.com/apps/windows/FeatureConfig/Connection.sha1
    NordVPN.exe
    Remote address:
    104.18.18.19:443
    Request
    GET /apps/windows/FeatureConfig/Connection.sha1 HTTP/1.1
    User-Agent: NordApp windows (main/7.19.4.0) windows/Microsoft Windows NT 10.0.19041.0
    Nord-Agent: {"App":"NordVPN App","Platform":"Windows","AppVersion":"7.19.4.0","OS":"Microsoft Windows NT 10.0.19041.0","DeviceInfo":"x64","AdditionalInfo":"default"}
    Accept: application/json
    Accept-Encoding: gzip,deflate
    Host: downloads.napps-2.com
    Response
    HTTP/1.1 200 OK
    Date: Sun, 10 Mar 2024 13:38:16 GMT
    Content-Type: application/octet-stream
    Content-Length: 82
    Connection: keep-alive
    Last-Modified: Fri, 08 Mar 2024 15:48:53 GMT
    etag: 65eb336552
    X-Authorization: key-id="rsa-key-1",algorithm="rsa-sha256"
    X-Digest: c4d8a29576c9f2f0516cda00a4b8fd8449969e6a9458a2072b6cdbe31452ab9c
    X-Accept-Before: 1709958766
    X-Signature: l+wX7uZNr37Ki8yux6lqhxYxccQo3P28O2IGGGsAsrMaEvTHGbR5MiiJ/+3qFZCqrRif6IEl+qcVi+q2jad6vrAaIGfhmjEKZ6lGE5JBAQm28D5OXFDIYiOZAV1KMvnZdTDP1oWD7aqYowLNPRUyk64o8LTxsbk8KPxr9yZ4IEs3SigPiV8DoKlek2kjC+Oe1ZSWJ8wRbk93GzlNi8HPyyUuKSgEtZi3u6Jx82O1A49G4qV2MadQ0zLlrveTNWFiyTX/U2glhhAbfUDstdbfzqDqQmWVoWUg9h77bTnsoZNn9wnxVkti2SMEaY6VX3HwibhWfAJjYADFusjhm3yzpAkwMoGUDs4YX2s4ZFkRNRJkVjyrs2s2eGxjChwmwosKIO3yFkUElhAULcbUA8ID397Ygdyti3HbT6Mh1ueIgZzX+g0hAgB41GjtvIc99+SgowoL/OeMh353P7CuEfmCgucqiyyAxB1YrNg36NUvj7whmLmyATFyq/QluTHwLztfAAvEEqFxWFFt/PdUHzUfXf+JxgMgouthKkwEUUq/2aeZyhP3kpXkeD//XbTJ4WDQP4GqRAGhkbUdtDnVFNaTiWZ4BEGVNI1uHkxSYwr1jxA5aich9+wnT22t7rbq90P7E7pEZ7Gs0DQijzXCWHciZFYQZtuR0Me8ERj04w+q6kk=
    X-Frame-Options: SAMEORIGIN
    CF-Cache-Status: HIT
    Age: 266
    Expires: Sun, 10 Mar 2024 14:08:16 GMT
    Cache-Control: public, max-age=1800
    Accept-Ranges: bytes
    Vary: Accept-Encoding
    Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
    X-Content-Type-Options: nosniff
    Server: cloudflare
    CF-RAY: 8623b445cd4e6352-LHR
  • flag-us
    GET
    https://downloads.napps-2.com/apps/windows/FeatureConfig/SharedConfig.sha1
    NordVPN.exe
    Remote address:
    104.18.18.19:443
    Request
    GET /apps/windows/FeatureConfig/SharedConfig.sha1 HTTP/1.1
    User-Agent: NordApp windows (main/7.19.4.0) windows/Microsoft Windows NT 10.0.19041.0
    Nord-Agent: {"App":"NordVPN App","Platform":"Windows","AppVersion":"7.19.4.0","OS":"Microsoft Windows NT 10.0.19041.0","DeviceInfo":"x64","AdditionalInfo":"default"}
    Accept: application/json
    Accept-Encoding: gzip,deflate
    Host: downloads.napps-2.com
    Response
    HTTP/1.1 200 OK
    Date: Sun, 10 Mar 2024 13:38:16 GMT
    Content-Type: application/octet-stream
    Content-Length: 82
    Connection: keep-alive
    Last-Modified: Fri, 08 Mar 2024 15:49:47 GMT
    etag: 65eb339b52
    X-Authorization: key-id="rsa-key-1",algorithm="rsa-sha256"
    X-Digest: 45e97da9dfa4431cabd4805658cf619a7d1b5a4a1aaae0e71ff40652561420ac
    X-Accept-Before: 1709958455
    X-Signature: mw8d1K3dCGbxMWx6SNZoW1O8d9/taxwQc1eZhZu6PUEumHuZfNQf+p6aPZmC1kJ6pm1gXIKzENkB8txXKowUDDKNxLhVeUzASeutzojfLBftu5xq8VYKwuACu3p5ZNPcJ0HKnCwccJDgUEoj1QBDAtRPFP+rLNByjKRKdp9+mSsGxrEvlXMWRtPl4qvScnuN7CZKcXFyR3w7+NmIts9QcpVBa3ch24JO9T3eH7dsFkFklR+8nXYIDOryyePD9en19DuIymWnzGyQqHRwSo4Sjr+LKYz9soupZ7ONv3k8cnPkenG35Fp+LgVouHAndw4roNCkOkRnSNs9RT40Ig2nsZHM0NPUg48rK59znCr7MB9gTeuJQnnBEtOpHHoTJBiurTpXKhrjLaXUyET0UC94Qb60QGJ82TeDl9QFn+HG9jUYvXwy418X23IFJeIxRFe7E+Z7YcZcbNzEgaNeMlTeAKaJesVQ6Key2Tj4mwSow0CFZzbHR7EBDJY0hjiqBlODQqqTRdaEPVo3Jo688IM8qnjXhPAGoZ1wKIqvwwPMM3XIo7EoG8eivCCUxr7De+AgLL41SbFZwOnVSJ7aq25+j2BKCTu4Xx501W2fX9bOkSC0G9itlAa0TvkgBs0S0YUNVZoRN1cbukXdOZCjxtyXc0sNW6zMcHxGEGyoQZfkhg8=
    X-Frame-Options: SAMEORIGIN
    CF-Cache-Status: HIT
    Age: 337
    Expires: Sun, 10 Mar 2024 14:08:16 GMT
    Cache-Control: public, max-age=1800
    Accept-Ranges: bytes
    Vary: Accept-Encoding
    Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
    X-Content-Type-Options: nosniff
    Server: cloudflare
    CF-RAY: 8623b445dd6d6352-LHR
  • flag-us
    GET
    https://downloads.napps-2.com/apps/windows/FeatureConfig/LibmooseEventsToggle.sha1
    NordVPN.exe
    Remote address:
    104.18.18.19:443
    Request
    GET /apps/windows/FeatureConfig/LibmooseEventsToggle.sha1 HTTP/1.1
    User-Agent: NordApp windows (main/7.19.4.0) windows/Microsoft Windows NT 10.0.19041.0
    Nord-Agent: {"App":"NordVPN App","Platform":"Windows","AppVersion":"7.19.4.0","OS":"Microsoft Windows NT 10.0.19041.0","DeviceInfo":"x64","AdditionalInfo":"default"}
    Accept: application/json
    Accept-Encoding: gzip,deflate
    Host: downloads.napps-2.com
    Response
    HTTP/1.1 200 OK
    Date: Sun, 10 Mar 2024 13:38:16 GMT
    Content-Type: application/octet-stream
    Content-Length: 82
    Connection: keep-alive
    Last-Modified: Fri, 08 Mar 2024 15:49:05 GMT
    etag: 65eb337152
    X-Authorization: key-id="rsa-key-1",algorithm="rsa-sha256"
    X-Digest: 226fafa35fe7de457006831d45d0aa6440a65e50f6737c14336d83e1eeee9ffa
    X-Accept-Before: 1709958689
    X-Signature: PY5SyIUV/77/6RVsvH34j472x3eLhrnvNOh4JCH8j05XSikhdV7dsx9m+daRrwj7Hz1i4iR7vYXv3JtJChg5Hx8IY6flLKYj3joj6vZoQxsDcDY9ceiYi+pl0C0SpnmidbBVIcaxVOS+NhQVrCUQttixJ/Yt0SLGtMGVq2k/fvBGaXT0Ty9TughvOl6WQdlQgRCwsPCrjINPnsT6JSXCtNwqFCLUb2vsWme8igIDc2J9P/6QIEXvPNtUlrVAX6KblUrJSbwX6R5ZzUtbDI2IASZXrLGPK+JBLzDm/yGt7iuMTiULAmfVZCX1wgYmTNTYvxs9I710WkaIlQnshBijHuqsT9k6e+OoRfHdY6RPCCrB/zc8V7GV4268TMUE4kWta8zrDu1s9TH/tZwIzJ2O+2ri4cuYauMj88nRf9OJGqglvNlRU/ZmVo56vTac9MnOf0tc2O3zB+wc5wTgXZVc5U10aU6OOPCTqvP8ljIL/gBjzcIA87zgHO7bIn24kovImgoc9bge8c1xt/NZe+teYsuiQQF/+YeN2zrMxd4z61EEzRq1eW9GkwmYxhB01lIknjn03PdFPP1Gg2SGqcHN95I5+cbvQnhKh5e1JlW3cjLLEdDwJLooGUWyyjz1JHlStEaUixIFNTXgIMoAQieO2Tj/XXsHYir/ShGrwJFLdeI=
    X-Frame-Options: SAMEORIGIN
    CF-Cache-Status: HIT
    Age: 339
    Expires: Sun, 10 Mar 2024 14:08:16 GMT
    Cache-Control: public, max-age=1800
    Accept-Ranges: bytes
    Vary: Accept-Encoding
    Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
    X-Content-Type-Options: nosniff
    Server: cloudflare
    CF-RAY: 8623b445ed896352-LHR
  • flag-us
    GET
    https://downloads.napps-2.com/apps/windows/FeatureConfig/ThreatProtection.sha1
    NordVPN.exe
    Remote address:
    104.18.18.19:443
    Request
    GET /apps/windows/FeatureConfig/ThreatProtection.sha1 HTTP/1.1
    User-Agent: NordApp windows (main/7.19.4.0) windows/Microsoft Windows NT 10.0.19041.0
    Nord-Agent: {"App":"NordVPN App","Platform":"Windows","AppVersion":"7.19.4.0","OS":"Microsoft Windows NT 10.0.19041.0","DeviceInfo":"x64","AdditionalInfo":"default"}
    Accept: application/json
    Accept-Encoding: gzip,deflate
    Host: downloads.napps-2.com
    Response
    HTTP/1.1 200 OK
    Date: Sun, 10 Mar 2024 13:38:16 GMT
    Content-Type: application/octet-stream
    Content-Length: 82
    Connection: keep-alive
    Last-Modified: Fri, 08 Mar 2024 15:49:53 GMT
    etag: 65eb33a152
    X-Authorization: key-id="rsa-key-1",algorithm="rsa-sha256"
    X-Digest: 52895913caa88a671e49164ecc0b13fdb1a860dd8388fd08cafcdab1d7afd469
    X-Accept-Before: 1709958520
    X-Signature: Oplhc7WfvEHOCdLhUUyazkOXyendNClD0UFN1nQX/nsBWYlbrukDpcu9zuKr8S0GhMTz7E8CRWhS4Tzmrp2bYhUoyXAFMPoj3eR3gLBZX9LmW8wijfgLJXVNomsDMSHgqU/poxMnocHWGvGy8GjohBUQPPfyDOOFQ8h6YxSGy4K4M5Sql0rEhVBO2WW45KZP+tVCLr9XD5N0pBq3o6wQXCW32rsl/nQvny13wbd5hycXQ8ks0KykbWfaZW0/mpxpWsXZvn6cUSnjAA7jH/n/wY//b1qybx4QNdwoO+NohWYQoWILaCum4vFv0wFG55WlB4w5wvnxfeOaG3AxkS2RRSLsAHyLwSdyFqzT1JsdnkRhuz2myAp2UpBFnrOh30ykGdIMiMBZkXDK/Fm6PcdO8FornS/86eH9hbnYJZkwuKevFdt1rmH2kdWI4KFTkiqWm3CZK9PGZG6oRfQN85MPIcGBab1Hh4vWt34AE0bcFIPEvO9/rcg3Gmi9iCDiNhaEgGEUT3vaC6JNZpxQLsCjImeV9xXOdHUTUVWjBHClln7+sxKn8OU6Eo+1jsTa994AYm1OqGsbeNdNsdSi3vivABLpp1aZ2v6R9Ibc9FDl6tMvQ4HlloLGOw7nlnSYDqU5v/XTCqkvtCXahvfoIraFe7XPuWFGXyIs7Tz/9uLQXYY=
    X-Frame-Options: SAMEORIGIN
    CF-Cache-Status: HIT
    Age: 335
    Expires: Sun, 10 Mar 2024 14:08:16 GMT
    Cache-Control: public, max-age=1800
    Accept-Ranges: bytes
    Vary: Accept-Encoding
    Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
    X-Content-Type-Options: nosniff
    Server: cloudflare
    CF-RAY: 8623b445fd996352-LHR
  • flag-us
    GET
    https://downloads.napps-2.com/apps/windows/FeatureConfig/SharedConfig.json
    NordVPN.exe
    Remote address:
    104.18.18.19:443
    Request
    GET /apps/windows/FeatureConfig/SharedConfig.json HTTP/1.1
    User-Agent: NordApp windows (main/7.19.4.0) windows/Microsoft Windows NT 10.0.19041.0
    Nord-Agent: {"App":"NordVPN App","Platform":"Windows","AppVersion":"7.19.4.0","OS":"Microsoft Windows NT 10.0.19041.0","DeviceInfo":"x64","AdditionalInfo":"default"}
    Accept: application/json
    Accept-Encoding: gzip,deflate
    Host: downloads.napps-2.com
    Response
    HTTP/1.1 200 OK
    Date: Sun, 10 Mar 2024 13:38:16 GMT
    Content-Type: application/json
    Transfer-Encoding: chunked
    Connection: keep-alive
    Last-Modified: Fri, 08 Mar 2024 15:49:43 GMT
    Vary: Accept-Encoding
    X-Authorization: key-id="rsa-key-1",algorithm="rsa-sha256"
    X-Digest: 035eea020d07c2cebcb1fe1d42ad50527095ede77db74c81fd28f74f2cefe672
    X-Accept-Before: 1709958713
    X-Signature: Te6CI3EtOYn8i45YXSAwxUaqBTa2Eg0TDePniTDB1JOtpaVF1oKxKey8X5LzHQyySGS2tyc+wQnwZgqmOjHWAYZEbSfcgWKxQcZVWU+6fU4FHb/roetoYp3WNADMyA1MjLsO0SNFTOmr3DRHzFQMNdKl03u1XuU2e8TXfFQqg6oKlZ/QQpVplKtWic/SyQByQeu0ncbBIqHlokZsgHG+2If0dzSykFd2aM3ZoepWGJKJqr2f3HEWbHUDWFg016N+Og1r3c+JuhhrmDEbmvH2FDDRI1XhYDYWZpu2Tn6+nrAns0a48hT9FEFfHIjTvVx3wvclQr2Fif9LAubBQJM7d/zxpkRYSksbsaV3AyRpU0WFDQmFcxI1dSqsoV7p4Sx3A6Q8F+u7KSaAPlQOvh0dDpqo5bCb7uAsmICtARqJccNmYd4BrLxGBXZaFXD4f7wgCyRYft2g6n4O/x1Z5Og7Qlrre3sudwDR8Wuqtf/XeW4/ftT8XaNQh7GKcSPuaQvS7284imz1CBjiTU4KvQWP3TyclR+OfjQWIbHlhAkHd2qD+gG9SZ2kctq8PoXXRI0GlkCbpAth5019xIpVGetExkTGO8CmmLjvh3fQqJYFxeMRxW2Tw9eZNFN2p4VRwCUppN+ynwb+Dwg30MMmjS/HToiMlz02uyDQAg0CEZtiU+Q=
    Content-Encoding: gzip
    X-Frame-Options: SAMEORIGIN
    CF-Cache-Status: HIT
    Age: 109
    Expires: Sun, 10 Mar 2024 14:08:16 GMT
    Cache-Control: public, max-age=1800
    Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
    X-Content-Type-Options: nosniff
    Server: cloudflare
    CF-RAY: 8623b4460da96352-LHR
  • flag-us
    GET
    https://downloads.napps-2.com/apps/windows/FeatureConfig/NordVPN.json
    NordVPN.exe
    Remote address:
    104.18.18.19:443
    Request
    GET /apps/windows/FeatureConfig/NordVPN.json HTTP/1.1
    User-Agent: NordApp windows (main/7.19.4.0) windows/Microsoft Windows NT 10.0.19041.0
    Nord-Agent: {"App":"NordVPN App","Platform":"Windows","AppVersion":"7.19.4.0","OS":"Microsoft Windows NT 10.0.19041.0","DeviceInfo":"x64","AdditionalInfo":"default"}
    Accept: application/json
    Accept-Encoding: gzip,deflate
    Host: downloads.napps-2.com
    Response
    HTTP/1.1 200 OK
    Date: Sun, 10 Mar 2024 13:38:16 GMT
    Content-Type: application/json
    Transfer-Encoding: chunked
    Connection: keep-alive
    Last-Modified: Fri, 08 Mar 2024 15:49:25 GMT
    Vary: Accept-Encoding
    X-Authorization: key-id="rsa-key-1",algorithm="rsa-sha256"
    X-Digest: 6f003df6b3369fd54d774bdca1fa4aee2ff258e0c2e441ab2610ac0544906fe3
    X-Accept-Before: 1709958744
    X-Signature: d6z3hJtT6NtS2Rgcj8LwnsGdzsZqwN+IUuZr0mGRaIcFg4NWoP8YeFAjVoQZOiklhLk7IpBhau/kN31L/Gv7AiA92nRKhBrLE5hjR7c0DmwNhpShfiYdNYD7UCStQPzAwfXFD0yumH4xmHmTyi+9UrJ5IHvaTFe2NOWQE6sQkZ6QR7FVrmguhXhcAfklgDQ+ohYs2GiRCIV0RIs5zXHIezTxkjHhRYXux+CbLY9COK3PXG87naKO49wltkRo/wzvIeeGu3bGkUyBEuncJJiL+1fTz2BvwaG61ujGJsNHj8NNNemRDpQdWd9fkNN8MWIUfp1pXiev8X30LQ9ojxf2oysjUCb+4Y3hB74u6R6ZW56fyRZiDT2fDhhK0UwcSoWVVqh/50bwsOzozgPa7YlEtFLFXEjhCaIcB9/A5QP7nsmVvj57CtNxYMSK0LmgQaBTs8/HeC+AfD3zt3AstBXjs00fCsL8k1IVfY5FJS2rKZIQNr5+nEtUOPiyWd2Kex88UL/gFgaQL4BXyMfUVLL3VsHnjM2/mRTjj28eIb5LYivYdJzcDF8lP3RJ+jPlN1PeyE+DuM9VutIOj9hLJUKXx7BkQjnkTE4JefAiglcvqElQ83vpWhCZObIyzk8AjXZzndO1T74eaVagkoIjAiRDxXc2LMGEkY/Mqi8RMlGzFVc=
    Content-Encoding: gzip
    X-Frame-Options: SAMEORIGIN
    CF-Cache-Status: HIT
    Age: 9912
    Expires: Sun, 10 Mar 2024 14:08:16 GMT
    Cache-Control: public, max-age=1800
    Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
    X-Content-Type-Options: nosniff
    Server: cloudflare
    CF-RAY: 8623b44818dd6352-LHR
  • flag-us
    GET
    https://downloads.napps-2.com/apps/windows/FeatureConfig/Connection.json
    NordVPN.exe
    Remote address:
    104.18.18.19:443
    Request
    GET /apps/windows/FeatureConfig/Connection.json HTTP/1.1
    User-Agent: NordApp windows (main/7.19.4.0) windows/Microsoft Windows NT 10.0.19041.0
    Nord-Agent: {"App":"NordVPN App","Platform":"Windows","AppVersion":"7.19.4.0","OS":"Microsoft Windows NT 10.0.19041.0","DeviceInfo":"x64","AdditionalInfo":"default"}
    Accept: application/json
    Accept-Encoding: gzip,deflate
    Host: downloads.napps-2.com
    Response
    HTTP/1.1 200 OK
    Date: Sun, 10 Mar 2024 13:38:16 GMT
    Content-Type: application/json
    Transfer-Encoding: chunked
    Connection: keep-alive
    Last-Modified: Fri, 08 Mar 2024 15:48:49 GMT
    Vary: Accept-Encoding
    X-Authorization: key-id="rsa-key-1",algorithm="rsa-sha256"
    X-Digest: 3d14706b304811064acc337f8d52be1d4d056b20c15fb21de24181eb8b2629ee
    X-Accept-Before: 1709958860
    X-Signature: B8NvJukvrt9oUYwksAK+1hHFicP3ztCOjImJoObdEKxcjBOyFYXKjkyVRDmqBo7CgEQcDJBxBy1hNVS9YUIuURcgOlQG3AOFcYiQYBUEglOY9KmxIJKDMJHZC9HzFT+TkgkSDTBD/bv7X6918YZDpmo38U0boyYK6MPJHIdQE75S/0DaZ1SmihLtiSrgxI64CoM6T6aOUIEAOi5H3MO5TbKokb8MdPZYmS1CisvnkclfGxu4XeHNXUMEK5Wcav14tR77tbCJwqXDsZ4ewe/bEIhijjCiOuiG+RQjYRKRsq/3m2SWGnkdCYk2wqMtXIF/a4ZN1jl4RHMUCxGVuXuKh1933YEapmL+Fv10UGLpSadu3PddWfXoo4gNOF1VmxAt1KkHUN1oL5ZOb3K34q9FPz31T/UBAWlTBjCFQUA5/cKjlPlofh1nbNpFU/lpnjdcaVdrT7GZYn508uJ4L4lYh1WBFkEUz9d/bnxecvXfyO1sCf3iU1k7jXzlGleo7wlN5SFWM5+NZaQnabPruVMFI9qPbi98cAlf7dSaOovMVKgXByzXtqr5AfMKFSnXnOlMRnJK1+ND8FE14/n9wQNYfa7IzaM6zJRFow0TW5hl4H29a95dJLt9RgbNI24IOdAHL6LjH5+EI1EuhxCd33CE8V7RbUkrI6pEaQGrXa0rROM=
    Content-Encoding: gzip
    X-Frame-Options: SAMEORIGIN
    CF-Cache-Status: HIT
    Age: 5419
    Expires: Sun, 10 Mar 2024 14:08:16 GMT
    Cache-Control: public, max-age=1800
    Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
    X-Content-Type-Options: nosniff
    Server: cloudflare
    CF-RAY: 8623b44828fc6352-LHR
  • flag-us
    GET
    https://downloads.napps-2.com/apps/windows/FeatureConfig/SharedConfig.json
    NordVPN.exe
    Remote address:
    104.18.18.19:443
    Request
    GET /apps/windows/FeatureConfig/SharedConfig.json HTTP/1.1
    User-Agent: NordApp windows (main/7.19.4.0) windows/Microsoft Windows NT 10.0.19041.0
    Nord-Agent: {"App":"NordVPN App","Platform":"Windows","AppVersion":"7.19.4.0","OS":"Microsoft Windows NT 10.0.19041.0","DeviceInfo":"x64","AdditionalInfo":"default"}
    Accept: application/json
    Accept-Encoding: gzip,deflate
    Host: downloads.napps-2.com
    Response
    HTTP/1.1 200 OK
    Date: Sun, 10 Mar 2024 13:38:17 GMT
    Content-Type: application/json
    Transfer-Encoding: chunked
    Connection: keep-alive
    Last-Modified: Fri, 08 Mar 2024 15:49:43 GMT
    Vary: Accept-Encoding
    X-Authorization: key-id="rsa-key-1",algorithm="rsa-sha256"
    X-Digest: 035eea020d07c2cebcb1fe1d42ad50527095ede77db74c81fd28f74f2cefe672
    X-Accept-Before: 1709958713
    X-Signature: Te6CI3EtOYn8i45YXSAwxUaqBTa2Eg0TDePniTDB1JOtpaVF1oKxKey8X5LzHQyySGS2tyc+wQnwZgqmOjHWAYZEbSfcgWKxQcZVWU+6fU4FHb/roetoYp3WNADMyA1MjLsO0SNFTOmr3DRHzFQMNdKl03u1XuU2e8TXfFQqg6oKlZ/QQpVplKtWic/SyQByQeu0ncbBIqHlokZsgHG+2If0dzSykFd2aM3ZoepWGJKJqr2f3HEWbHUDWFg016N+Og1r3c+JuhhrmDEbmvH2FDDRI1XhYDYWZpu2Tn6+nrAns0a48hT9FEFfHIjTvVx3wvclQr2Fif9LAubBQJM7d/zxpkRYSksbsaV3AyRpU0WFDQmFcxI1dSqsoV7p4Sx3A6Q8F+u7KSaAPlQOvh0dDpqo5bCb7uAsmICtARqJccNmYd4BrLxGBXZaFXD4f7wgCyRYft2g6n4O/x1Z5Og7Qlrre3sudwDR8Wuqtf/XeW4/ftT8XaNQh7GKcSPuaQvS7284imz1CBjiTU4KvQWP3TyclR+OfjQWIbHlhAkHd2qD+gG9SZ2kctq8PoXXRI0GlkCbpAth5019xIpVGetExkTGO8CmmLjvh3fQqJYFxeMRxW2Tw9eZNFN2p4VRwCUppN+ynwb+Dwg30MMmjS/HToiMlz02uyDQAg0CEZtiU+Q=
    Content-Encoding: gzip
    X-Frame-Options: SAMEORIGIN
    CF-Cache-Status: HIT
    Age: 110
    Expires: Sun, 10 Mar 2024 14:08:17 GMT
    Cache-Control: public, max-age=1800
    Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
    X-Content-Type-Options: nosniff
    Server: cloudflare
    CF-RAY: 8623b44839306352-LHR
  • flag-us
    GET
    https://downloads.napps-2.com/apps/windows/FeatureConfig/LibmooseEventsToggle.json
    NordVPN.exe
    Remote address:
    104.18.18.19:443
    Request
    GET /apps/windows/FeatureConfig/LibmooseEventsToggle.json HTTP/1.1
    User-Agent: NordApp windows (main/7.19.4.0) windows/Microsoft Windows NT 10.0.19041.0
    Nord-Agent: {"App":"NordVPN App","Platform":"Windows","AppVersion":"7.19.4.0","OS":"Microsoft Windows NT 10.0.19041.0","DeviceInfo":"x64","AdditionalInfo":"default"}
    Accept: application/json
    Accept-Encoding: gzip,deflate
    Host: downloads.napps-2.com
    Response
    HTTP/1.1 200 OK
    Date: Sun, 10 Mar 2024 13:38:17 GMT
    Content-Type: application/json
    Transfer-Encoding: chunked
    Connection: keep-alive
    Last-Modified: Fri, 08 Mar 2024 15:49:01 GMT
    Vary: Accept-Encoding
    X-Authorization: key-id="rsa-key-1",algorithm="rsa-sha256"
    X-Digest: 6108ed46f0b3c3ef24a990a9c2a34fb59a6a0123f1742bd6ee8f67d0273c3802
    X-Accept-Before: 1709958953
    X-Signature: nDvmaZNz6gCYLB45PuC6awvln/w5ZiAa6eGOrIvOa/Bws558MhOi7LGJeZKrFADYUeQWX4nXr8lgvtDbSuVX7oakYDt6ZD5Z/0oFesyO8QkootRTKVzPcwOuRA4N05JA8JQLwTrqy25o0MWIbT0REn1OlX/yZtJKu/im0Y8rruS+LwX8FckgMlg4ojaHTl+J74lnTvouCBs6yfQlY/Tcf7o1TcSktL0G+poVG+oC3aH00Hhh5dmn0qgV3pxirp3fWQGTIiIL5wsvj4T829hgo8LpzhWOJuy+4o1dpa50y7LqUQRKmi29GDJH/8qdMp/pPYZ/uPF+hPwt4oX7XBqiih7btk0s15D0a42TXkAGgFwPVhBEvoTiMjPbSJej1dsCUOtRRrWKvRyMXS7smb12I7ilP44/3UPKZvkA1o53Ea4azclWNt3j3la1UlbiJdBem1c2BHfJ0GwZZJC+X8A091Zp4XkEQeyIOxw6hTm/f+Qx1sumbdVJx40S1+DSfIiPHTmeKXWwbrYzgBXw6MdiYjmLuPga4HEWCweZffOnRPzbZNxbh/hTLgoXD1TXagVBL1bCSnAkgRcppnUXQbhLP/8m6SaUYpG/oSuJQ+EIFkHoObm7K1RNdiCnPAckYtwgOOvJ1kgLSNYlsWmSEzdd+i3FhVDg2gZhDcc3B6zY3mQ=
    Content-Encoding: gzip
    X-Frame-Options: SAMEORIGIN
    CF-Cache-Status: HIT
    Age: 5531
    Expires: Sun, 10 Mar 2024 14:08:17 GMT
    Cache-Control: public, max-age=1800
    Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
    X-Content-Type-Options: nosniff
    Server: cloudflare
    CF-RAY: 8623b44849546352-LHR
  • flag-us
    GET
    https://downloads.napps-2.com/apps/windows/FeatureConfig/ThreatProtection.json
    NordVPN.exe
    Remote address:
    104.18.18.19:443
    Request
    GET /apps/windows/FeatureConfig/ThreatProtection.json HTTP/1.1
    User-Agent: NordApp windows (main/7.19.4.0) windows/Microsoft Windows NT 10.0.19041.0
    Nord-Agent: {"App":"NordVPN App","Platform":"Windows","AppVersion":"7.19.4.0","OS":"Microsoft Windows NT 10.0.19041.0","DeviceInfo":"x64","AdditionalInfo":"default"}
    Accept: application/json
    Accept-Encoding: gzip,deflate
    Host: downloads.napps-2.com
    Response
    HTTP/1.1 200 OK
    Date: Sun, 10 Mar 2024 13:38:17 GMT
    Content-Type: application/json
    Transfer-Encoding: chunked
    Connection: keep-alive
    Last-Modified: Fri, 08 Mar 2024 15:49:49 GMT
    Vary: Accept-Encoding
    X-Authorization: key-id="rsa-key-1",algorithm="rsa-sha256"
    X-Digest: 9ccc3474ed9c88c93b65698b3f173705723ed8209dd7a608c3bf1a5616f924c6
    X-Accept-Before: 1709958576
    X-Signature: j1W3+ewGWoQxFLF54hOzSuNUK2YrIodPZeabZaRuWxGkNlChXDeK5to0O3FIXpf222knlt1/+Nqf8btPH+8mLtyAnu/I4NDEBbPnE4HDJNZaCFD0cBnThR1FbLODwaX/YewQhwniUxABF9AsictD2Is87f00u2U0yhv88V/CMVzzI5GrXQKhBVnXPlJZZUuF4OC7Yy+FNp8e3BDP5qsPeZ+eI5TMMkHCjZO+7tpeBDIcJ6Ix8sCLaA3KizsmlYjlCLfOdhhfY/gx+InIjUBBJZ4MZQ9odGvD8mgRiqLTDEhegY22GydUsUiXM87Du9+mRCK/DdKTLkTPB9rWgqcvUJHCyg1PLrcllVzY7tOWR5COBav55mxbwY91dWeMoNSNVacIp2FPDWae5kdNY4ZHCQ0AjaioutjcIJmzZGsVWqR7mQq3bkfkc5STJa99auLwRxcfeQg2bTUnZT1xELKRuywEyJR9Pxv2K4NALXaXknaEOtX0xS2TY8nOMKq/W0bLDYG4gHZcJEF070yXbZS6/WgUDOGnVVKxblRwrH3VjNd7NFgRHDxeOMHSPkzGjfPTIALz41L0ujWV+DYsn8YwnGyQjg0JIFgyyxP8C++lBuGrq7kljw5LKW2D2/63F3GtiUkAQ7Bp/adIS0vAq/cI61rcyL7Jnt2g0Oww0v7NLWo=
    Content-Encoding: gzip
    X-Frame-Options: SAMEORIGIN
    CF-Cache-Status: HIT
    Age: 10744
    Expires: Sun, 10 Mar 2024 14:08:17 GMT
    Cache-Control: public, max-age=1800
    Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
    X-Content-Type-Options: nosniff
    Server: cloudflare
    CF-RAY: 8623b44859826352-LHR
  • flag-us
    GET
    https://downloads.napps-2.com/apps/windows/map/mercatorClustersConfiguration.json
    NordVPN.exe
    Remote address:
    104.18.18.19:443
    Request
    GET /apps/windows/map/mercatorClustersConfiguration.json HTTP/1.1
    User-Agent: NordApp windows (main/7.19.4.0) windows/Microsoft Windows NT 10.0.19041.0
    Nord-Agent: {"App":"NordVPN App","Platform":"Windows","AppVersion":"7.19.4.0","OS":"Microsoft Windows NT 10.0.19041.0","DeviceInfo":"x64","AdditionalInfo":"default"}
    Accept: application/json
    Accept-Encoding: gzip,deflate
    Host: downloads.napps-2.com
    Response
    HTTP/1.1 200 OK
    Date: Sun, 10 Mar 2024 13:39:23 GMT
    Content-Type: application/json
    Transfer-Encoding: chunked
    Connection: keep-alive
    Last-Modified: Tue, 05 Sep 2023 07:43:39 GMT
    Vary: Accept-Encoding
    X-Authorization: key-id="rsa-key-1",algorithm="rsa-sha256"
    X-Digest: 34e0d780dd5e424c56edda8e485a1221c777202a3bcd0699925fccb064ce4113
    X-Accept-Before: 1709947883
    X-Signature: mu6PeC3v/A5DMBm8GsyLgGLm2DZngefR90cWXcQDwkcJD9myW04p+7+zVeAUvRQr0ZCGTh6T1yvRZTwgcIUCL0hc7poHauRz21Ima8cS0Pa4lC2CMK//md3V54x9BAQFaRuMdyNcbnkk9inh9qJ0attAimFEEejrvxKAo+zzVJLCVRUCpKIoybsDS6L+paP766ZRLX7e6+r4tw7TrsO9aTxdHJka2ImMd0S8x60s0hSXY2vuZrmeirFgETvZCr7w7K9lV3fDNfYQgIBvBfLFt6Ae9BRhR8ifdMF3GgjKbXJWFsjWHKeQ9oQlaPRYmdGpps8rNtud2tkEdoL60HNaSUSn5b95PxJlLw+coPULpddiQLh4Q4wuhUKgvQ25TjvtKdkHad3A95LG47yMcS5nZLLhOsqZm/1MpaAeOk0Rd3wY3iNlje0WXLdTHesvTharGdLR+7Wy3GQFk+GHD1IGB1vbkm1ZRSjVKLsgXG90/IsSrPapHwcRa0liycBVyf2Cl3qM5VSi/DDk5LSzTU6t1I9ih28jTMwuap8A8o8XN0i8W9qweppbCQvyNIHFMr1cW4qjZEosd0SJE03XKlJnJ17HByz8VyK3/ZyXPJklFCePJcdsBn6klZdIXdEqtXFD7cjLOQKkqikpIabg8DrcYnhgrB8RzyUKYiQg8ueZKnk=
    Content-Encoding: gzip
    X-Frame-Options: SAMEORIGIN
    CF-Cache-Status: HIT
    Age: 173
    Expires: Sun, 10 Mar 2024 14:09:23 GMT
    Cache-Control: public, max-age=1800
    Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
    X-Content-Type-Options: nosniff
    Server: cloudflare
    CF-RAY: 8623b5e4caf66352-LHR
  • flag-us
    GET
    https://napps-2.com/v2/servers?limit=20000000
    NordVPN.exe
    Remote address:
    104.18.18.19:443
    Request
    GET /v2/servers?limit=20000000 HTTP/1.1
    User-Agent: NordApp windows (main/7.19.4.0) windows/Microsoft Windows NT 10.0.19041.0
    Nord-Agent: {"App":"NordVPN App","Platform":"Windows","AppVersion":"7.19.4.0","OS":"Microsoft Windows NT 10.0.19041.0","DeviceInfo":"x64","AdditionalInfo":"default"}
    Accept: application/json
    Accept-Encoding: gzip,deflate
    Host: napps-2.com
    Response
    HTTP/1.1 200 OK
    Date: Sun, 10 Mar 2024 13:39:30 GMT
    Content-Type: application/json;charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    content-encoding: gzip
    vary: Accept-Encoding
    x-accept-before: 1710121170
    x-authorization: key-id="rsa-key-1",algorithm="rsa-sha256"
    x-digest: e42cd5d80236d6fe84b4aa63300e1ad40dcc207ee01436b96afdfdde11c5bcf1
    x-signature: J9gPvD8i1Ye67jGSUST0p2G696EJCwuS8gGYmtwyJy8uIFk9thtHw9yquhq6UBVYHoRVq6TmXTr5z9+BjvXmM7GKWRqzqO8LKeV4IkXCdeeWihedL4S3sfTKVC1AjbpDzbW3e8+Zu0bRmyVG+Lnlced+UJaZHvu9Amg818z8V/tEieiNA//Oq8aCvqfiunFozWQqhO6BxzMUMWchuzl9x8DZ4sKH6PNfkIK52bTgdWwrKd79O1Sg8uDy5uFKuyKxjMP0wPxtYhKvIq6LFKKKAofSH3bckzFJmolOVMTTbCdrf/BkgCn89uZ4rbq3cV1hM76OXT2SBHffoISrniTrkpkA4wRe8qVqUys4WCqb+4ZkdrfpXZ/++jaBgMv5YPEx2e6yYTsNWSrheX0q9pGZUJly0LUAc1BEkq8waa8ZtzC+plpHy/2fQUOOTA9od2FmRH8sxtBWI2TEQzP6dAls27qPVHQ/0zrmQN+3ZqjSplXeaGdMjeVCLca2lhP5x409+47X8Sog8/insnNdNCXwUcEbnEXleFmMYrhZzPsPzLBu7qjjN2mfMK3H2SnaUZn7GIe3ySeyOpmuTKBojH53GpvXwaJIp2MqcJ9JLUURcp6j/xFgO7t6EgPo/pWurwMdmLLX0fvGy5yIeLQI5Vqn//3CK/qgiA6NhSN7JAU1rpY=
    x-host-signature: NQbSKXTNiM441wXvm/cHR2VVrID5mH4VCvSfiFZ7mniziMNl0jzUF/PvvMrLyLMFPtICM19C6/jN+yJ+guzBjx7R6IaNOcz31TBiXeye5YlXJZqP+K8ML8Y5wVRbKw4G6NN+DswOgTphKiw0eXpoRUTpnQLPnPwobL5NdY4qEPTPcv9/dERnJXk5SC0KoPoh/GEbgEcopii4VKSkKRqLyll7fFpCqsdo/FgQR6rHpfvt67Uxqaz1444S1Kh3UXORssp8OazBVl/ye2vEVo3MiyifVpsGjQx9ACtz6j6FlToMM0LAVxYIu8Xsc05MjvBnGkVVo9Xfki41YkF+Hmu3EBwYDRyIyJHJl9IetgyQnMWTnBlCI1Y+CVbgO2m3exD3V+zTTu3Zrk1HPA1BE+RNM8Zit64RxHysU+FJqW7uHdyBb792W9O6/WkRT0nfRFvxzWPL2zJbZzow+UjUrm0JkUvMB3MRhE9cgj59n7jU7h95ndPByZ71gUVQUVecTVD9P52MCWE95nQtU+d5jxjSgGbKnpWVsxu3T3pWDlfdYCY2SJiSWH1IGUojnOFi6Lzk2+0gw15rAoZmjvm2wvoPrwZtRUihp2caOlKtHLEydc6/Im9Ia2EnryK3dDew9UaSUVbZJDJrwW0ya8NED78MY8PerUmyErWKVzhUIecrTb4=
    CF-Cache-Status: DYNAMIC
    Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
    X-Content-Type-Options: nosniff
    Server: cloudflare
    CF-RAY: 8623b6145ffd6352-LHR
  • flag-us
    GET
    https://napps-2.com/v1/helpers/ips/insights
    NordVPN.exe
    Remote address:
    104.18.18.19:443
    Request
    GET /v1/helpers/ips/insights HTTP/1.1
    User-Agent: NordApp windows (main/7.19.4.0) windows/Microsoft Windows NT 10.0.19041.0
    Nord-Agent: {"App":"NordVPN App","Platform":"Windows","AppVersion":"7.19.4.0","OS":"Microsoft Windows NT 10.0.19041.0","DeviceInfo":"x64","AdditionalInfo":"default"}
    Accept: application/json
    Accept-Encoding: gzip,deflate
    Host: napps-2.com
    Response
    HTTP/1.1 200 OK
    Date: Sun, 10 Mar 2024 13:39:57 GMT
    Content-Type: application/json;charset=utf-8
    Content-Length: 185
    Connection: keep-alive
    content-encoding: gzip
    vary: Accept-Encoding
    x-accept-before: 1710121197
    x-authorization: key-id="rsa-key-1",algorithm="rsa-sha256"
    x-digest: c3c0a231c38a5f2c11a57359e5966315d309e30d66a581dab80188661cc15921
    x-signature: F8NbybFAbUDEAZ3SXLx/rfINoqZFnySRqn5eqm5tbx917FEaQhNk8QsrqoJYLYdEYo1MbT5X1BKi1G8upvybILx15z3NmiVxbgU/RMojEgHrfWnMxj/BmCksg5PT7pN1rL1uywOSq2b6qhqaOCT3+ZA/0Lsrt6v0noWSoND8R+LBDEF7ymnow4zc1sraKoJZcGYO15lLSKfidMTeVZ5vB/mYd9OVQftXWOzp6V2ZeuxyVpz7ppLJk2je6CHMxK4mzTmAuj/0v8HgPJcA/1I/PGZZd0nShZ9gLvkcLZHXqABaYFkQbS5jc3GgexUUQzBbfSe5uOPQ8Anj9W/I55RdFSxhR24naO/FshBE6rmP4t0TZjeJ+9wIB3zgh4JiHnR078eWdsKau4/SNyPe334hOJl5OEkLngDsm61x1MFicKWs1bJYVTDhFxuWDE26fubqvUYWddw0qGkeUt7DWMgVgSUXK+sgIAk6dZx2eRF8/4QeGXCAZfFsp7sJo42AfjEjOaUNi+VGSqmLz+6PFU9pJtoplzBBchMZUD+/AcuWSUfhWc8ne1RHdIp588hAuYtECi3UFZcvrI+jL0vvAst7Hl7RpV/9TMcv5wvlz9uHPsJcqxbFUNvx/LPuGEu11cokA4JYu6FWoeS7DxzuZTSm5z7H6IaVm7WWiaFgXcLoQss=
    x-host-signature: NQbSKXTNiM441wXvm/cHR2VVrID5mH4VCvSfiFZ7mniziMNl0jzUF/PvvMrLyLMFPtICM19C6/jN+yJ+guzBjx7R6IaNOcz31TBiXeye5YlXJZqP+K8ML8Y5wVRbKw4G6NN+DswOgTphKiw0eXpoRUTpnQLPnPwobL5NdY4qEPTPcv9/dERnJXk5SC0KoPoh/GEbgEcopii4VKSkKRqLyll7fFpCqsdo/FgQR6rHpfvt67Uxqaz1444S1Kh3UXORssp8OazBVl/ye2vEVo3MiyifVpsGjQx9ACtz6j6FlToMM0LAVxYIu8Xsc05MjvBnGkVVo9Xfki41YkF+Hmu3EBwYDRyIyJHJl9IetgyQnMWTnBlCI1Y+CVbgO2m3exD3V+zTTu3Zrk1HPA1BE+RNM8Zit64RxHysU+FJqW7uHdyBb792W9O6/WkRT0nfRFvxzWPL2zJbZzow+UjUrm0JkUvMB3MRhE9cgj59n7jU7h95ndPByZ71gUVQUVecTVD9P52MCWE95nQtU+d5jxjSgGbKnpWVsxu3T3pWDlfdYCY2SJiSWH1IGUojnOFi6Lzk2+0gw15rAoZmjvm2wvoPrwZtRUihp2caOlKtHLEydc6/Im9Ia2EnryK3dDew9UaSUVbZJDJrwW0ya8NED78MY8PerUmyErWKVzhUIecrTb4=
    CF-Cache-Status: DYNAMIC
    Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
    X-Content-Type-Options: nosniff
    Server: cloudflare
    CF-RAY: 8623b6bb8de76352-LHR
  • flag-us
    GET
    https://downloads.napps-2.com/apps/windows/FeatureConfig/NordVPN.sha1
    NordVPN.exe
    Remote address:
    104.18.18.19:443
    Request
    GET /apps/windows/FeatureConfig/NordVPN.sha1 HTTP/1.1
    User-Agent: NordApp windows (main/7.19.4.0) windows/Microsoft Windows NT 10.0.19041.0
    Nord-Agent: {"App":"NordVPN App","Platform":"Windows","AppVersion":"7.19.4.0","OS":"Microsoft Windows NT 10.0.19041.0","DeviceInfo":"x64","AdditionalInfo":"default"}
    Accept: application/json
    Accept-Encoding: gzip,deflate
    Host: downloads.napps-2.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Sun, 10 Mar 2024 13:38:16 GMT
    Content-Type: application/octet-stream
    Content-Length: 82
    Connection: keep-alive
    Last-Modified: Fri, 08 Mar 2024 15:49:29 GMT
    etag: 65eb338952
    X-Authorization: key-id="rsa-key-1",algorithm="rsa-sha256"
    X-Digest: 0c448d68d21753aab98deed1c16521341a27d899a1cd68d8879fd20759acf2f3
    X-Accept-Before: 1709958715
    X-Signature: AD92Vlvghs5PYtR4HK+LrJRjS3OU7yH2k88hxAe47tYcANGM/XTwIBVKsg+jpS2uc9P+mZ1uL7LBizjtTdqRgZLxrqJIhWguQaqGR1dTm6ZY9pt0vb8Uu9OHQXKF+U7F7p/e5gmsAx5a46HP+z+Bx+PPYHFZBzPyx2BEOFm6YTsqGH7gwuQdfIu1+zCTixDLaEkIGq+//YC/yVDwqNwJ5dvN+e15lL4TYzXJS49PhHX1eYV4PkHFZE7PZIR1XKOjrhUSbVmaR1fu+B1jMqe8xpVljsiduCPyIh6D/RJ3CUI0949bymR1aa596gDi+GuvNdQd00qWszvOiZUts5xhF1xyIaW3oaq51Y20aSnzl/EsYcSxvYrloyaKYIgWKfHsygmXirIvh2X7KUjiWXvqwDhvb3KY5npJhGtugdExfD59Siu3ytdyZJNc1QONbGo+vwdCA+PsD0GZnqVY+JUWxX5WSC30LSqU3YB1oYVkPu724i41Poob1B7QODrsL/inNaBVzntVsKfUoq8U+yt2JWIGGsM3rTr3A6J08ElHFMeVe3mRC+3eQrZXtpnTx8N9ZvSWGEzf+9cMjoQI2yiBgdZVdlh4T1NhOKA8lHlAtzp91my3/NE3V9y8EZUqsKJmEimVh7CA/9B7xiV+A9WQb3BXmE3COGYA+8Bqcn2fxyw=
    X-Frame-Options: SAMEORIGIN
    CF-Cache-Status: HIT
    Age: 353
    Expires: Sun, 10 Mar 2024 14:08:16 GMT
    Cache-Control: public, max-age=1800
    Accept-Ranges: bytes
    Vary: Accept-Encoding
    Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
    X-Content-Type-Options: nosniff
    Server: cloudflare
    CF-RAY: 8623b444d9c506ed-LHR
  • flag-us
    GET
    https://downloads.napps-2.com/apps/windows/FeatureConfig/AbTests.sha1
    NordVPN.exe
    Remote address:
    104.18.18.19:443
    Request
    GET /apps/windows/FeatureConfig/AbTests.sha1 HTTP/1.1
    User-Agent: NordApp windows (main/7.19.4.0) windows/Microsoft Windows NT 10.0.19041.0
    Nord-Agent: {"App":"NordVPN App","Platform":"Windows","AppVersion":"7.19.4.0","OS":"Microsoft Windows NT 10.0.19041.0","DeviceInfo":"x64","AdditionalInfo":"default"}
    Accept: application/json
    Accept-Encoding: gzip,deflate
    Host: downloads.napps-2.com
    Response
    HTTP/1.1 200 OK
    Date: Sun, 10 Mar 2024 13:38:16 GMT
    Content-Type: application/octet-stream
    Content-Length: 82
    Connection: keep-alive
    Last-Modified: Fri, 08 Mar 2024 15:48:47 GMT
    etag: 65eb335f52
    X-Authorization: key-id="rsa-key-1",algorithm="rsa-sha256"
    X-Digest: ce649667074d3edaa467aaee954eeb93ac6dce79fc34c6f501d742158247db17
    X-Accept-Before: 1709958676
    X-Signature: U5RpFb9S8NkgHMljAE6SH4tpd/veEzxx1NgA2WdBtlcXSRt24iy8IzwAmiAWk9MLvtok8yerIhnG+sbhT9rDKv1qHVLHpNa0q0RzRjqcV4df8I3GZYuDUB81BLdquhtWxL5tVQNIfP09fgh2HcD3QI6gF6KDfiT/netxwZKgB3h7nMEJJnhfywHmHTNCDRL9aRipTbH8L+RzyNQW+FIDph/GCIFklktnC3YllL5INXIYPrBoj5s6v2B8GxWqCjbpy5b+dUv0k/VD6YWB9qcJX/9kdQrP2zLebykOZTXcCVAX0f82k8E2dj1Nfzoqmc0xa1xGyjQ6tnra/l2ZLVZ31oD4M9WRh3mYrZTaMlMI4ZlUeaf0tJ+FKKCRQnJg2RmDfULk65R0Fne953rZid0oM6tMH+pKvVObRGPZHccXJntgeY1CPvjipO7dGiOMVhJ7P+H19tiDaVVUpXbLn/c+HNVh1bGPxPfXKIMlG1Kn8GIpd8VLDvOUSrxza7oNmp4j3LxVQV8y+mw7qnl7tJfhyPGeUF1fDOQdh/JFI2+m+MyqYZWSsWzlWN5aoh8p+zA2F4LVZmlr84iobM6UicG2y1lmeUupaJmPWg6Pcz3arNYS5HXKHEkcfKwaBZyE2i3nsEhio7ZbSopzAcnykYOzql6jRqsVxRBnpRRscSdzXYQ=
    X-Frame-Options: SAMEORIGIN
    CF-Cache-Status: HIT
    Age: 333
    Expires: Sun, 10 Mar 2024 14:08:16 GMT
    Cache-Control: public, max-age=1800
    Accept-Ranges: bytes
    Vary: Accept-Encoding
    Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
    X-Content-Type-Options: nosniff
    Server: cloudflare
    CF-RAY: 8623b447cbf906ed-LHR
  • flag-us
    GET
    https://downloads.napps-2.com/apps/windows/FeatureConfig/Meshnet.sha1
    NordVPN.exe
    Remote address:
    104.18.18.19:443
    Request
    GET /apps/windows/FeatureConfig/Meshnet.sha1 HTTP/1.1
    User-Agent: NordApp windows (main/7.19.4.0) windows/Microsoft Windows NT 10.0.19041.0
    Nord-Agent: {"App":"NordVPN App","Platform":"Windows","AppVersion":"7.19.4.0","OS":"Microsoft Windows NT 10.0.19041.0","DeviceInfo":"x64","AdditionalInfo":"default"}
    Accept: application/json
    Accept-Encoding: gzip,deflate
    Host: downloads.napps-2.com
    Response
    HTTP/1.1 200 OK
    Date: Sun, 10 Mar 2024 13:38:16 GMT
    Content-Type: application/octet-stream
    Content-Length: 82
    Connection: keep-alive
    Last-Modified: Fri, 08 Mar 2024 15:49:17 GMT
    etag: 65eb337d52
    X-Authorization: key-id="rsa-key-1",algorithm="rsa-sha256"
    X-Digest: 7b61b618c906c4798294e2ae73a0ea5917be310958c3a58917f740b827c892be
    X-Accept-Before: 1709958712
    X-Signature: Xk+1fqLJnOVCfcns8Yg5Uct26KrflOIAEhrBIfXOs1pO0hwtiFwCXegPrcEP50vhVgPcU8fxPWlpEGP+VBCBbzXDStnKvmowEkCXfCvb1ZRr5bVAZVAtC0KPBwUGKUZa0ne2C9WqweDyUQVyyQn/XTZh7SKCq4PXP55Toun5aHCXH4euU4jFCUU8cF8OfACPqfCr3GsKZ4W3UGOLBVT4ejPdzGWUpCuFjaje5gW92+HBluA0HWx2HxH5lT+jL6LXPQtZNYxcE6h9XUq95n+4O2qU56Xzg1TeN2TKE+xMkPCQU7av2f1smKCxkzk4CNnuiTy0WtnTIH8K+DLM9/22ecEQSEKewX5zOiuLFk2lTJMeMvhxiT/IgCRnnQr6n96nBwqM0O0a/e+F+Hqr5Nx15uCBgZjbPD/KVxprAHnsVI1f32trhHL6vYz0MVKdkRZ7SR97g6gbisWBXfcY6LA9PvHURJx0gpWnao7SSa9IFLII2p/sapfiX0cbD8RZOYztDZBn4oEJ2wXVIPQCnstj3kjzOhLIB84kDhIMBTfsh/WclMpBug+wfE3Y+kfu3nQBq/FdfenPlktKtjZH6nGx7gfVXWHf83Q8IoUbm0rburv0lW88gvNAbcklnVmNqXkG+gC1ROmElOelwvqV8AtU8h64m2jRZQIy7GoidfSZ04w=
    X-Frame-Options: SAMEORIGIN
    CF-Cache-Status: HIT
    Age: 359
    Expires: Sun, 10 Mar 2024 14:08:16 GMT
    Cache-Control: public, max-age=1800
    Accept-Ranges: bytes
    Vary: Accept-Encoding
    Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
    X-Content-Type-Options: nosniff
    Server: cloudflare
    CF-RAY: 8623b447ec0806ed-LHR
  • flag-us
    GET
    https://downloads.napps-2.com/apps/windows/FeatureConfig/NordVPN.sha1
    NordVPN.exe
    Remote address:
    104.18.18.19:443
    Request
    GET /apps/windows/FeatureConfig/NordVPN.sha1 HTTP/1.1
    User-Agent: NordApp windows (main/7.19.4.0) windows/Microsoft Windows NT 10.0.19041.0
    Nord-Agent: {"App":"NordVPN App","Platform":"Windows","AppVersion":"7.19.4.0","OS":"Microsoft Windows NT 10.0.19041.0","DeviceInfo":"x64","AdditionalInfo":"default"}
    Accept: application/json
    Accept-Encoding: gzip,deflate
    Host: downloads.napps-2.com
    Response
    HTTP/1.1 200 OK
    Date: Sun, 10 Mar 2024 13:38:16 GMT
    Content-Type: application/octet-stream
    Content-Length: 82
    Connection: keep-alive
    Last-Modified: Fri, 08 Mar 2024 15:49:29 GMT
    etag: 65eb338952
    X-Authorization: key-id="rsa-key-1",algorithm="rsa-sha256"
    X-Digest: 0c448d68d21753aab98deed1c16521341a27d899a1cd68d8879fd20759acf2f3
    X-Accept-Before: 1709958715
    X-Signature: AD92Vlvghs5PYtR4HK+LrJRjS3OU7yH2k88hxAe47tYcANGM/XTwIBVKsg+jpS2uc9P+mZ1uL7LBizjtTdqRgZLxrqJIhWguQaqGR1dTm6ZY9pt0vb8Uu9OHQXKF+U7F7p/e5gmsAx5a46HP+z+Bx+PPYHFZBzPyx2BEOFm6YTsqGH7gwuQdfIu1+zCTixDLaEkIGq+//YC/yVDwqNwJ5dvN+e15lL4TYzXJS49PhHX1eYV4PkHFZE7PZIR1XKOjrhUSbVmaR1fu+B1jMqe8xpVljsiduCPyIh6D/RJ3CUI0949bymR1aa596gDi+GuvNdQd00qWszvOiZUts5xhF1xyIaW3oaq51Y20aSnzl/EsYcSxvYrloyaKYIgWKfHsygmXirIvh2X7KUjiWXvqwDhvb3KY5npJhGtugdExfD59Siu3ytdyZJNc1QONbGo+vwdCA+PsD0GZnqVY+JUWxX5WSC30LSqU3YB1oYVkPu724i41Poob1B7QODrsL/inNaBVzntVsKfUoq8U+yt2JWIGGsM3rTr3A6J08ElHFMeVe3mRC+3eQrZXtpnTx8N9ZvSWGEzf+9cMjoQI2yiBgdZVdlh4T1NhOKA8lHlAtzp91my3/NE3V9y8EZUqsKJmEimVh7CA/9B7xiV+A9WQb3BXmE3COGYA+8Bqcn2fxyw=
    X-Frame-Options: SAMEORIGIN
    CF-Cache-Status: HIT
    Age: 353
    Expires: Sun, 10 Mar 2024 14:08:16 GMT
    Cache-Control: public, max-age=1800
    Accept-Ranges: bytes
    Vary: Accept-Encoding
    Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
    X-Content-Type-Options: nosniff
    Server: cloudflare
    CF-RAY: 8623b447fc1106ed-LHR
  • flag-us
    GET
    https://downloads.napps-2.com/apps/windows/FeatureConfig/UserJourney.sha1
    NordVPN.exe
    Remote address:
    104.18.18.19:443
    Request
    GET /apps/windows/FeatureConfig/UserJourney.sha1 HTTP/1.1
    User-Agent: NordApp windows (main/7.19.4.0) windows/Microsoft Windows NT 10.0.19041.0
    Nord-Agent: {"App":"NordVPN App","Platform":"Windows","AppVersion":"7.19.4.0","OS":"Microsoft Windows NT 10.0.19041.0","DeviceInfo":"x64","AdditionalInfo":"default"}
    Accept: application/json
    Accept-Encoding: gzip,deflate
    Host: downloads.napps-2.com
    Response
    HTTP/1.1 200 OK
    Date: Sun, 10 Mar 2024 13:38:16 GMT
    Content-Type: application/octet-stream
    Content-Length: 82
    Connection: keep-alive
    Last-Modified: Fri, 08 Mar 2024 15:50:00 GMT
    etag: 65eb33a852
    X-Authorization: key-id="rsa-key-1",algorithm="rsa-sha256"
    X-Digest: cf025485920417e83e1393e7bc9098c19b215d3150d22541afc83d2d47994736
    X-Accept-Before: 1709958690
    X-Signature: ZJC7hDbjXDHB1jY45xHgLasoJ+TuAKpZASRRWNFLorGA0Q8Q+hGbhibVs18prmhMEbILEHIM6PaoG3OeD9zYEsOY0sjVL4y763mr58CYbK+WoD1QZGZUrPgRyy6+XEC9PgYvyBj3zb1jUSnU9YD+cunlDtFke+ETCN/+FB9XwMd6hLKa4+aNby0wY1cLiK6OWsZ+gqr6hT/43ImW/SqkxgXHr22fNi3N2/99p2G0s5MJsuXp9m7FuB+zx4+6O4V6fscICbu1S8vSMaawJTmENzCY2yDZ/H/VzvPeN2046f1SU21OGdgvP8gYkjty4ozYYaGwBZ/UPOK6LF9BxLzO7mLBc3C9wAvaNoEElZJGU7gFW+fr+3ZIQW+Awt1RN4g4ktSfT4cN2KdUTo3kdNnNWq3vDO1eT70s45NxOn1r8S8kzkBSfo7uyul8xNOSozMYqppol1FgmuWbqeAsD9SZqyiAG8s39V21u3VUC8SVVxFCBHaSJgx7u42Q7rw0kunxzen4goB6xofDdZ0Y0revfoGirD7J3thWKrc9rvD+Ye4T2tfQMi+zsmVy6V6ngLhPCL2MbZbS7OqGzSSW8PACau1KGTUnVqPq63pMoUiAQkwLjk5jjU7x6WLfua8a3nNdIApFj2AsAvVVHhpYaH43YNwVqrZttJJefEP2Jn476OQ=
    X-Frame-Options: SAMEORIGIN
    CF-Cache-Status: HIT
    Age: 161
    Expires: Sun, 10 Mar 2024 14:08:16 GMT
    Cache-Control: public, max-age=1800
    Accept-Ranges: bytes
    Vary: Accept-Encoding
    Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
    X-Content-Type-Options: nosniff
    Server: cloudflare
    CF-RAY: 8623b4480c1806ed-LHR
  • flag-us
    GET
    https://downloads.napps-2.com/apps/windows/FeatureConfig/DnsTracing.json
    NordVPN.exe
    Remote address:
    104.18.18.19:443
    Request
    GET /apps/windows/FeatureConfig/DnsTracing.json HTTP/1.1
    User-Agent: NordApp windows (main/7.19.4.0) windows/Microsoft Windows NT 10.0.19041.0
    Nord-Agent: {"App":"NordVPN App","Platform":"Windows","AppVersion":"7.19.4.0","OS":"Microsoft Windows NT 10.0.19041.0","DeviceInfo":"x64","AdditionalInfo":"default"}
    Accept: application/json
    Accept-Encoding: gzip,deflate
    Host: downloads.napps-2.com
    Response
    HTTP/1.1 200 OK
    Date: Sun, 10 Mar 2024 13:38:16 GMT
    Content-Type: application/json
    Transfer-Encoding: chunked
    Connection: keep-alive
    Last-Modified: Fri, 08 Mar 2024 15:48:55 GMT
    Vary: Accept-Encoding
    X-Authorization: key-id="rsa-key-1",algorithm="rsa-sha256"
    X-Digest: 81d03f0f9b8f86c0b66bf682f532b92c5a52f03f1c162f3cfae1d62e2c3631ae
    X-Accept-Before: 1709994804
    X-Signature: R+6Za583+uhEuhKBAT6s9wlNaPWnsb7yumRtdhRSlJ2tVnYtFf7UGV2aiBocKpEAdc7Ql41NSEDOh9NumHwxEkapi5qBLZwfW0Am5RfWYSN12l9UB2Dj3+CAmHvhOdq3nZo2+gvy4iD+IdtA3PO9r4SOCnEMWRH+ST0TiezgwC7QF28qyy5dXEQDntynmvYIMNsIK3Mve7lZfji+txtoOzGafTJ5QHCD7bAOOdUeO7d3+f+rFtPgaGOKQ7prD8HQ+2qx3xFuGAd8UfjSeZjZrX/kFciWzCViW8NFdSVbygZUK92dK0A3N68mBF6hzdTa/92MjajwbOqax4CTnF/nMgPOE7fJFcbyguUiR37TSM9X7s9EvvXBxy//OR6s12ZlGFIh9uuZ3z0huMsWxvhXjAZ8JtMg1SLJewd0Iy5+paSF1PHoPcN+RRX5Ud2eLhoxmxd6Ug/ObTZtNtnEVRGtwEKbNE5cdoLG9Plt32GbsZQh502oopZozGoEDJcF9cMCu1JmOKszow2bZRcwQkn/nIecqNSWOTAJsn1rnFNeG++IadMnIJAWJnRSKTOw5xaW1Es/PvVKNtodS5al4oHuAJ4bzIle0WbSDpTR0cYmAFBHH6f+zRI75njkvldG1ZoKFKOjEe3MEKFO1K2JADnpt4mDcPJbAGXIsnzpF0ZByIA=
    Content-Encoding: gzip
    X-Frame-Options: SAMEORIGIN
    CF-Cache-Status: HIT
    Age: 8396
    Expires: Sun, 10 Mar 2024 14:08:16 GMT
    Cache-Control: public, max-age=1800
    Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
    X-Content-Type-Options: nosniff
    Server: cloudflare
    CF-RAY: 8623b4481c1c06ed-LHR
  • flag-us
    GET
    https://downloads.napps-2.com/apps/windows/FeatureConfig/AbTests.json
    NordVPN.exe
    Remote address:
    104.18.18.19:443
    Request
    GET /apps/windows/FeatureConfig/AbTests.json HTTP/1.1
    User-Agent: NordApp windows (main/7.19.4.0) windows/Microsoft Windows NT 10.0.19041.0
    Nord-Agent: {"App":"NordVPN App","Platform":"Windows","AppVersion":"7.19.4.0","OS":"Microsoft Windows NT 10.0.19041.0","DeviceInfo":"x64","AdditionalInfo":"default"}
    Accept: application/json
    Accept-Encoding: gzip,deflate
    Host: downloads.napps-2.com
    Response
    HTTP/1.1 200 OK
    Date: Sun, 10 Mar 2024 13:38:16 GMT
    Content-Type: application/json
    Transfer-Encoding: chunked
    Connection: keep-alive
    Last-Modified: Fri, 08 Mar 2024 15:48:42 GMT
    Vary: Accept-Encoding
    X-Authorization: key-id="rsa-key-1",algorithm="rsa-sha256"
    X-Digest: 20b95fed671b47c5b46c7c2ff089ff57df2b39a9d47946ae484f64f57e113d21
    X-Accept-Before: 1709958780
    X-Signature: U38dHI70PPeZbC16SKyb9YKYMBDuZicSCt7ryTDAni9Dcv6CMjmTp8ahdhPDIRbWWSoLgGk//OWP+ZiP5qQmJHidR8w+yVsCZ8m2ycXT7ohZYLe6nsftu2/TjLsfX40zhMb+FqJp8b2uNnJX7HSzwA54QTf7Wq4Eta2NfuvjqV89fYdkah3b6IAMX15rUrZhhGZULTboiUkhOQdw3gowt3nXThrRf/rrWQ/DBpXj/DVBqQ5hetR5E+dG9WYiRYnYHupBAjfRf2Ph7zNHsUomUVQbNhZLE4AU4ECFFu64n+660HJiQALvSTncCphaO/KXccfsRJZEFIqJ07skzvxtI4XBQmwk9YqUQyUfr16cuAbvC06B9K66m9orHDNUmLJax0Ft88mWovXQIDr/wM3ooCn/YSAIuWYzP8h1UuK5fHA6s/H/OF9petKycoDiG1lkDyKclWJiLZbdgNKU+VCUpb9IYUQiwb3DBvlCd8uj4RUu52bz6c5EJFP/qDrRTa4tmTvGMv/EulCIEqHa6v/mud12KPXZma6oOFYZLCcLBmRNkpZ2kB1vIsiPrWfBfPqFZXySgp/+iPVsR6PxgOIe6rnwhz+E9hXho0qMBnPR/ASDFdyYy0Je2lmHcatMhutQY7+DdeUNq2jPI+l1m03irG6wIg3cOpDcX1E8SnpPiZg=
    Content-Encoding: gzip
    X-Frame-Options: SAMEORIGIN
    CF-Cache-Status: HIT
    Age: 10283
    Expires: Sun, 10 Mar 2024 14:08:16 GMT
    Cache-Control: public, max-age=1800
    Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
    X-Content-Type-Options: nosniff
    Server: cloudflare
    CF-RAY: 8623b4482c2906ed-LHR
  • flag-us
    GET
    https://downloads.napps-2.com/apps/windows/FeatureConfig/Meshnet.json
    NordVPN.exe
    Remote address:
    104.18.18.19:443
    Request
    GET /apps/windows/FeatureConfig/Meshnet.json HTTP/1.1
    User-Agent: NordApp windows (main/7.19.4.0) windows/Microsoft Windows NT 10.0.19041.0
    Nord-Agent: {"App":"NordVPN App","Platform":"Windows","AppVersion":"7.19.4.0","OS":"Microsoft Windows NT 10.0.19041.0","DeviceInfo":"x64","AdditionalInfo":"default"}
    Accept: application/json
    Accept-Encoding: gzip,deflate
    Host: downloads.napps-2.com
    Response
    HTTP/1.1 200 OK
    Date: Sun, 10 Mar 2024 13:38:17 GMT
    Content-Type: application/json
    Transfer-Encoding: chunked
    Connection: keep-alive
    Last-Modified: Fri, 08 Mar 2024 15:49:13 GMT
    Vary: Accept-Encoding
    X-Authorization: key-id="rsa-key-1",algorithm="rsa-sha256"
    X-Digest: 848a79d3ef445aabf040188fbbac2c90c9a342cd55593bf3d8d6e4db9da1cf70
    X-Accept-Before: 1709958805
    X-Signature: GxbqMBop0YpHEprweZ6Kqkx8KH96+zVegfJSUv37yJ2Drexs0wtFvHopt4FAaYwGenoYRG7kU5Txl9VwmV/J8UM9WxS22x4AKR7/NwLMKqPLLHuQ47sYy7MhRc4x0+5PgIZotsRro0hbk2qI8ZB7lZHQW+ZhTuFCnFsidHWB+o2ETyhCdNjIDWWpBtZmnk+TWUyP/3KXzuuZuzcrrWzvXZJKUVgGSMj/jo6bgbm3VEsBvEomQv4a3PryVxBitTePyAizpHG+9KwjGfo40LDA0qXudanEz0k9v2tJNh9treS+3Uykcucd5AqjlDrKm10znSdm+6f6var957jSe599HJxT8z0OWypuuu4auRm58k6CNqG7XCWqqBSRUJbogau1i/komLrYe8rwySHYjZLDLTv9as7HZG6UlZAfaUgEFZpjPGqdykjiV6B3+zAI0SklxfCTLflGYytagaqxJuRsUSx7xPFYox13GF1xi/o2nV0jsPyhylfaVSQxWFaGA4RGcxG7GkomCKzCGdmeYq5CUCfBiBYQuFqYpD1Cy2omX588j8HeD/YhWPgaK4QxkYorZCPrebG/hBCT/4O+VGsyTREueh+COpezk64wIyjpZ8QV1CXHGzWFBEXzfCLhGI/5zvezINA70Gm+r8im33XuA4ykfA1+ak5ZK9eOhzU+fys=
    Content-Encoding: gzip
    X-Frame-Options: SAMEORIGIN
    CF-Cache-Status: HIT
    Age: 10622
    Expires: Sun, 10 Mar 2024 14:08:17 GMT
    Cache-Control: public, max-age=1800
    Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
    X-Content-Type-Options: nosniff
    Server: cloudflare
    CF-RAY: 8623b4483c3b06ed-LHR
  • flag-us
    GET
    https://downloads.napps-2.com/apps/windows/FeatureConfig/NordVPN.json
    NordVPN.exe
    Remote address:
    104.18.18.19:443
    Request
    GET /apps/windows/FeatureConfig/NordVPN.json HTTP/1.1
    User-Agent: NordApp windows (main/7.19.4.0) windows/Microsoft Windows NT 10.0.19041.0
    Nord-Agent: {"App":"NordVPN App","Platform":"Windows","AppVersion":"7.19.4.0","OS":"Microsoft Windows NT 10.0.19041.0","DeviceInfo":"x64","AdditionalInfo":"default"}
    Accept: application/json
    Accept-Encoding: gzip,deflate
    Host: downloads.napps-2.com
    Response
    HTTP/1.1 200 OK
    Date: Sun, 10 Mar 2024 13:38:17 GMT
    Content-Type: application/json
    Transfer-Encoding: chunked
    Connection: keep-alive
    Last-Modified: Fri, 08 Mar 2024 15:49:25 GMT
    Vary: Accept-Encoding
    X-Authorization: key-id="rsa-key-1",algorithm="rsa-sha256"
    X-Digest: 6f003df6b3369fd54d774bdca1fa4aee2ff258e0c2e441ab2610ac0544906fe3
    X-Accept-Before: 1709958744
    X-Signature: d6z3hJtT6NtS2Rgcj8LwnsGdzsZqwN+IUuZr0mGRaIcFg4NWoP8YeFAjVoQZOiklhLk7IpBhau/kN31L/Gv7AiA92nRKhBrLE5hjR7c0DmwNhpShfiYdNYD7UCStQPzAwfXFD0yumH4xmHmTyi+9UrJ5IHvaTFe2NOWQE6sQkZ6QR7FVrmguhXhcAfklgDQ+ohYs2GiRCIV0RIs5zXHIezTxkjHhRYXux+CbLY9COK3PXG87naKO49wltkRo/wzvIeeGu3bGkUyBEuncJJiL+1fTz2BvwaG61ujGJsNHj8NNNemRDpQdWd9fkNN8MWIUfp1pXiev8X30LQ9ojxf2oysjUCb+4Y3hB74u6R6ZW56fyRZiDT2fDhhK0UwcSoWVVqh/50bwsOzozgPa7YlEtFLFXEjhCaIcB9/A5QP7nsmVvj57CtNxYMSK0LmgQaBTs8/HeC+AfD3zt3AstBXjs00fCsL8k1IVfY5FJS2rKZIQNr5+nEtUOPiyWd2Kex88UL/gFgaQL4BXyMfUVLL3VsHnjM2/mRTjj28eIb5LYivYdJzcDF8lP3RJ+jPlN1PeyE+DuM9VutIOj9hLJUKXx7BkQjnkTE4JefAiglcvqElQ83vpWhCZObIyzk8AjXZzndO1T74eaVagkoIjAiRDxXc2LMGEkY/Mqi8RMlGzFVc=
    Content-Encoding: gzip
    X-Frame-Options: SAMEORIGIN
    CF-Cache-Status: HIT
    Age: 8526
    Expires: Sun, 10 Mar 2024 14:08:17 GMT
    Cache-Control: public, max-age=1800
    Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
    X-Content-Type-Options: nosniff
    Server: cloudflare
    CF-RAY: 8623b4485c4b06ed-LHR
  • flag-us
    GET
    https://downloads.napps-2.com/apps/windows/FeatureConfig/UserJourney.json
    NordVPN.exe
    Remote address:
    104.18.18.19:443
    Request
    GET /apps/windows/FeatureConfig/UserJourney.json HTTP/1.1
    User-Agent: NordApp windows (main/7.19.4.0) windows/Microsoft Windows NT 10.0.19041.0
    Nord-Agent: {"App":"NordVPN App","Platform":"Windows","AppVersion":"7.19.4.0","OS":"Microsoft Windows NT 10.0.19041.0","DeviceInfo":"x64","AdditionalInfo":"default"}
    Accept: application/json
    Accept-Encoding: gzip,deflate
    Host: downloads.napps-2.com
    Response
    HTTP/1.1 200 OK
    Date: Sun, 10 Mar 2024 13:38:17 GMT
    Content-Type: application/json
    Transfer-Encoding: chunked
    Connection: keep-alive
    Last-Modified: Fri, 08 Mar 2024 15:49:56 GMT
    Vary: Accept-Encoding
    X-Authorization: key-id="rsa-key-1",algorithm="rsa-sha256"
    X-Digest: 2eb48507989fa543c8d0511408ea04afb02026cc89b39eaae13d28f7dec0aeed
    X-Accept-Before: 1709958877
    X-Signature: G0V1Qfkn1B67Bp5Ikas7fRFoZp0VnRoQCB4PQ7YDc+CPR67d6CEGJhSnIg1y9UFRP2cOeCqLlxhkr1KT3es9vWsxVrCWdpYVib7EEITXcFJ/PUK+0de/srwPon8XD/7J96expbL6Gm3gOQ6KwqFgXIt23CAdELhXZgHvb99QWU1eb+4Qlf4JNXc4nMPYhjQzxZFfABWlPNo9K0UDECr+ohlDPrDCW8cyKoN0+GjjdxobwjSaWs+zRETc1JSMUzCbwOpbKkZaPiyTiQrjKu5m+htV6C3YLqKrUE9wjEpPKdPZMD3PGVyvcvOgNq85+h6xr5devUBnvuHJ2aUMzDPYpvGMakQr9ptTsKJ4fPL5IvYaKOostlPTOV6JFzJ9kY33epeHzyDtjDMiNFRv6D6NuuUXQ7NI+sMPr6HgERvEGhcum2K141Z5ZlAW0Pcl6FLw/O41yaC9+B2xhai3aJLNyskR9Qqot2HcJmyyvXE/Kd579RcCYfWVfaJvF5GT2tHqpv9PdVp8yrgPHJlmIaLFozrsLWvdv3be2Vg9hQt/405pfpf6FbfUP6QfyFmYErZ4wGiRot8l84+4u4X1RH3+FcChkNS3twVOgkZmrl5Bg1fXeF38Vt6aprCWBWw0cnxJ/sh1/tWCLLr1+jl3FzaXquU27a4mnCTrHvM8idEXsV8=
    Content-Encoding: gzip
    X-Frame-Options: SAMEORIGIN
    CF-Cache-Status: HIT
    Age: 5220
    Expires: Sun, 10 Mar 2024 14:08:17 GMT
    Cache-Control: public, max-age=1800
    Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
    X-Content-Type-Options: nosniff
    Server: cloudflare
    CF-RAY: 8623b4486c6006ed-LHR
  • flag-us
    GET
    https://downloads.napps-2.com/apps/windows/FeatureConfig/SharedConfig.sha1
    NordVPN.exe
    Remote address:
    104.18.19.19:443
    Request
    GET /apps/windows/FeatureConfig/SharedConfig.sha1 HTTP/1.1
    User-Agent: NordApp windows (main/7.19.4.0) windows/Microsoft Windows NT 10.0.19041.0
    Nord-Agent: {"App":"NordVPN App","Platform":"Windows","AppVersion":"7.19.4.0","OS":"Microsoft Windows NT 10.0.19041.0","DeviceInfo":"x64","AdditionalInfo":"default"}
    Accept: application/json
    Accept-Encoding: gzip,deflate
    Host: downloads.napps-2.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Sun, 10 Mar 2024 13:38:16 GMT
    Content-Type: application/octet-stream
    Content-Length: 82
    Connection: keep-alive
    Last-Modified: Fri, 08 Mar 2024 15:49:47 GMT
    etag: 65eb339b52
    X-Authorization: key-id="rsa-key-1",algorithm="rsa-sha256"
    X-Digest: 45e97da9dfa4431cabd4805658cf619a7d1b5a4a1aaae0e71ff40652561420ac
    X-Accept-Before: 1709958431
    X-Signature: FEMr21zpIes0sAlNZlAz9TuaKqLSjU+tQuNLvu4woNiSodMAmpylIy5/TqxDhGyklkqP2Ucy8ll0u3MvFxczUC4ziIxLF4WQyclHGxIsLsGDP49kU4bTy6AyRV7r73g69ZNDNwREdo9RTKNap1vCYqMc2aPHXGl3mOdUibnchDjIqXQVjmeTg7QTxfHIzYrNhZyi2MwUxDaOJyHGSnE3d/IMhiK6wZX6HwSa5UMCJy0vtnVheifPgNh0QVgYB2MYhHiOFK4pR6uxkZVNadEqRViSAucVhLJXhSWm6zMDcJYbQPEJrSgaSU6SuA3yPhn5O4P6Qbl9t7MWb03wXqgEErsP6As5tiHHPbI4GUCEqx++3b6BFDmJXh7HL5L9h2JcQezDTZfbRLfLMkL/zmn6fP6RLMFj0UNbbAiN3eEZdKRzaCLepE1K4Ab4PWZ5XAhBn1FFuqB/1D6mtYRPYad0ze6rgibjR7l3iCPAhEZM9nTb8I7RAVsnhfP94ksKa6n/Lui8Ul9iq6HF7wowKmUxMX6t2vwdxLs6B8LKP6sMQYZFWn7ml7WXzVwi8yTsTXyvcmlNgAy7S2s3vJFgKC3HRVuFS7M3vCRBJyS0BIbxdJX3m/nNuLluiSxbqZXzIo5Nz5Xd/nyia+FcecoBbCiueJ9SVeyyxn8qlB1HCOfiOkw=
    X-Frame-Options: SAMEORIGIN
    CF-Cache-Status: HIT
    Age: 354
    Expires: Sun, 10 Mar 2024 14:08:16 GMT
    Cache-Control: public, max-age=1800
    Accept-Ranges: bytes
    Vary: Accept-Encoding
    Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
    X-Content-Type-Options: nosniff
    Server: cloudflare
    CF-RAY: 8623b444dc2906bd-LHR
  • flag-sg
    DNS
    napps-2.com
    NordVPN.exe
    Remote address:
    103.86.99.100:53
    Request
    napps-2.com
    IN A
    Response
    napps-2.com
    IN A
    104.18.18.19
    napps-2.com
    IN A
    104.18.19.19
  • flag-us
    DNS
    applytics.nordvpn.com
    NordVPN.exe
    Remote address:
    8.8.8.8:53
    Request
    applytics.nordvpn.com
    IN A
    Response
    applytics.nordvpn.com
    IN A
    172.67.180.146
    applytics.nordvpn.com
    IN A
    104.21.67.201
  • flag-us
    DNS
    applytics.nordvpn.com
    NordVPN.exe
    Remote address:
    8.8.8.8:53
    Request
    applytics.nordvpn.com
    IN A
    Response
    applytics.nordvpn.com
    IN A
    104.21.67.201
    applytics.nordvpn.com
    IN A
    172.67.180.146
  • flag-us
    POST
    https://applytics.nordvpn.com/v2/app/events
    NordVPN.exe
    Remote address:
    172.67.180.146:443
    Request
    POST /v2/app/events HTTP/1.1
    User-Agent: Moose/0.30.0 (Microsoft Windows NT 10.0.19041.0; windows x86_64) (NordVPN/7.19.4.0) user_interface/show
    Content-Type: application/json
    Host: applytics.nordvpn.com
    Content-Length: 7501
    Expect: 100-continue
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Sun, 10 Mar 2024 13:39:24 GMT
    Content-Length: 0
    Connection: keep-alive
    strict-transport-security: max-age=15724800; includeSubDomains
    CF-Cache-Status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gAeBT0gjkZsQvDmFGSSjWfg4IJbIT2wnR5kutab8O84lY%2B8G%2BLJvvrsGAcdk9jGTHjPDgeDZXoqRBNnKkgW6bBz%2BmjXEQoKtLFBbnScGlTHTLWh9D%2BHOSfaMYacz8S1g8adIA740SU0%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 8623b5ea8a7d23f6-LHR
    alt-svc: h3=":443"; ma=86400
  • flag-us
    DNS
    146.180.67.172.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    146.180.67.172.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    146.180.67.172.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    146.180.67.172.in-addr.arpa
    IN PTR
  • flag-au
    DNS
    downloads.nordcdn.com
    NordUpdateService.exe
    Remote address:
    103.86.96.100:53
    Request
    downloads.nordcdn.com
    IN A
    Response
    downloads.nordcdn.com
    IN A
    104.17.207.237
    downloads.nordcdn.com
    IN A
    104.17.208.237
  • flag-us
    GET
    https://downloads.nordcdn.com/apps/windows/meta/NordVPN/latest/versionv2.xml
    NordVPN.exe
    Remote address:
    104.17.207.237:443
    Request
    GET /apps/windows/meta/NordVPN/latest/versionv2.xml HTTP/1.1
    User-Agent: NordVPN_sandbox/7.19.4.0
    Host: downloads.nordcdn.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Sun, 10 Mar 2024 13:40:22 GMT
    Content-Type: text/xml
    Transfer-Encoding: chunked
    Connection: keep-alive
    Last-Modified: Fri, 08 Mar 2024 16:23:32 GMT
    Vary: Accept-Encoding
    X-Authorization: key-id="rsa-key-1",algorithm="rsa-sha256"
    X-Digest: f8f2a0dd0f04e6acdf2c24722d9d25681284037681f62c8b8cf743a5cce19e13
    X-Accept-Before: 1709958388
    X-Signature: SuzIPvES8Aujp6v0hNRZRykFYE4QMLejJdXRqv5g+8WMuz8HsO+tk6JTTr251d1aA7gi49l8erjNRBS1VKFITIN2YdHvOZE2zWKirNoT447W9ciyji0xKny8uqpquwuudkIsrHcw8Cd2VeV/WGrGHHZPqGytUz+1WNqIHUmKaoq5dlR5NJCkiRh2fd2ys89fDkGsb2retS9uJ4HQBXmKlgU04GftBGPB8u+ennBlcQw4qvI8S9slTy4mQKoJxl9piPcUUft6Q0k5+h3LH8H+UkRj1Qze+PdAEp6kMymFiFs0s7MtMfMbaaxnC42d9qegYFQS/QiFPi6GlMjOJbbiEvadpAvmdCH0VCnkzF5z0idm6GGg03b5NpHHcBx+Y5VwuBXdZ6LMgbD/6P/nz42EzSoYGuBpBkqoDGeMZIPuziWrcBPdbg3NFMXYsQsxEA/NAsCkJS3/xZsnkpWYgE/ERkR7no647VBhcofWloQMeyyhZxWoTEMoFyBKXFPa5nWbQOqnYIwC37+eqQkeLEImpgV13AY6UdU/f/QYDTIt/5eM6OInCopvxgzXVlgBE+Qvzm6JOV02/ctqRvrayo9S/iwUbZY/6QquWOTuhWWT8+6A30xz4lG3RrPqoAHv0eszegQ+7PA9cALbKFu9Rlx4GZJWn3fndXvzmxbGmGq5h9Q=
    X-Frame-Options: SAMEORIGIN
    CF-Cache-Status: HIT
    Age: 818
    Expires: Sun, 10 Mar 2024 14:10:22 GMT
    Cache-Control: public, max-age=1800
    Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
    Server: cloudflare
    CF-RAY: 8623b7589c29dd33-LHR
  • 104.19.159.190:443
    https://api.nordvpn.com/v1/helpers/ips/insights
    tls, http
    NordVPNSetup.tmp
    1.6kB
     14.9kB
     19
    22

    HTTP Request

    GET https://api.nordvpn.com/v1/helpers/ips/insights

    HTTP Response

    200

    HTTP Request

    GET https://api.nordvpn.com/v1/helpers/ips/insights

    HTTP Response

    200

    HTTP Request

    GET https://api.nordvpn.com/v1/helpers/ips/insights

    HTTP Response

    200

    HTTP Request

    GET https://api.nordvpn.com/v1/helpers/ips/insights

    HTTP Response

    200
  • 104.19.184.81:443
    https://applytics.zwyr157wwiu6eior.com/appevent
    tls, http
    NordVPNSetup.tmp
    2.7kB
     5.3kB
     19
    18

    HTTP Request

    POST https://applytics.zwyr157wwiu6eior.com/appevent

    HTTP Response

    200

    HTTP Request

    POST https://applytics.zwyr157wwiu6eior.com/appevent

    HTTP Response

    200

    HTTP Request

    POST https://applytics.zwyr157wwiu6eior.com/appevent

    HTTP Response

    200

    HTTP Request

    POST https://applytics.zwyr157wwiu6eior.com/appevent

    HTTP Response

    200
  • 104.17.207.237:443
    https://downloads.nordcdn.com/apps/windows/NordVPN/latest/NordVPNInstall.exe
    tls, http
    NordVPNSetup.tmp
    859 B
     6.2kB
     9
    8

    HTTP Request

    GET https://downloads.nordcdn.com/apps/windows/NordVPN/latest/NordVPNInstall.exe

    HTTP Response

    302
  • 89.187.167.6:443
    https://downloads77.nordcdn.com/apps/windows/NordVPN/latest/NordVPNInstall.exe
    tls, http
    NordVPNSetup.tmp
    3.0MB
     57.0MB
     40615
    41217

    HTTP Request

    GET https://downloads77.nordcdn.com/apps/windows/NordVPN/latest/NordVPNInstall.exe

    HTTP Response

    200
  • 20.231.121.79:80
    46 B
     1
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     8.1kB
     16
    14
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.4kB
     8.1kB
     17
    14
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.5kB
     8.1kB
     17
    13
  • 204.79.197.200:443
    https://tse1.mm.bing.net/th?id=OADD2.10239340418566_1KUOCUMD7VRU52NBF&pid=21.2&w=1080&h=1920&c=4
    tls, http2
    57.9kB
     1.6MB
     1195
    1189

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301483_19RYSE32QNNQ30Z96&pid=21.2&w=1080&h=1920&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301244_17N91ZKZSGROIQHSO&pid=21.2&w=1920&h=1080&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301653_1VKC04F354IQVXJN4&pid=21.2&w=1080&h=1920&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239340418565_1OUCQO7VP7RV95UTY&pid=21.2&w=1920&h=1080&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301050_1PONXOEJ6RIZQGBZT&pid=21.2&w=1920&h=1080&c=4

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239340418566_1KUOCUMD7VRU52NBF&pid=21.2&w=1080&h=1920&c=4

    HTTP Response

    200
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.4kB
     8.1kB
     17
    13
  • 104.19.159.190:443
    https://api.nordvpn.com/v1/helpers/ips/insights
    tls, http
    NordVPNSetup.tmp
    2.3kB
     22.6kB
     26
    33

    HTTP Request

    GET https://api.nordvpn.com/v1/helpers/ips/insights

    HTTP Response

    200

    HTTP Request

    GET https://api.nordvpn.com/v1/helpers/ips/insights

    HTTP Request

    GET https://api.nordvpn.com/v1/helpers/ips/insights

    HTTP Request

    GET https://api.nordvpn.com/v1/helpers/ips/insights

    HTTP Request

    GET https://api.nordvpn.com/v1/helpers/ips/insights

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Request

    GET https://api.nordvpn.com/v1/helpers/ips/insights

    HTTP Response

    200
  • 104.19.159.190:443
    https://api.nordvpn.com/v1/helpers/ips/insights
    tls, http
    NordVPNSetup.tmp
    2.0kB
     17.8kB
     21
    30

    HTTP Request

    GET https://api.nordvpn.com/v1/helpers/ips/insights

    HTTP Response

    200

    HTTP Request

    GET https://api.nordvpn.com/v1/helpers/ips/insights

    HTTP Request

    GET https://api.nordvpn.com/v1/helpers/ips/insights

    HTTP Request

    GET https://api.nordvpn.com/v1/helpers/ips/insights

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Request

    GET https://api.nordvpn.com/v1/helpers/ips/insights

    HTTP Response

    200
  • 104.19.184.81:443
    https://applytics.zwyr157wwiu6eior.com/appevent
    tls, http
    NordVPNSetup.tmp
    3.7kB
     5.9kB
     21
    23

    HTTP Request

    POST https://applytics.zwyr157wwiu6eior.com/appevent

    HTTP Response

    200

    HTTP Request

    POST https://applytics.zwyr157wwiu6eior.com/appevent

    HTTP Response

    200

    HTTP Request

    POST https://applytics.zwyr157wwiu6eior.com/appevent

    HTTP Response

    200

    HTTP Request

    POST https://applytics.zwyr157wwiu6eior.com/appevent

    HTTP Response

    200

    HTTP Request

    POST https://applytics.zwyr157wwiu6eior.com/appevent

    HTTP Response

    200

    HTTP Request

    POST https://applytics.zwyr157wwiu6eior.com/appevent

    HTTP Response

    200
  • 104.19.184.81:443
    https://applytics.zwyr157wwiu6eior.com/appevent
    tls, http
    NordVPNSetup.tmp
    3.2kB
     5.4kB
     19
    19

    HTTP Request

    POST https://applytics.zwyr157wwiu6eior.com/appevent

    HTTP Response

    200

    HTTP Request

    POST https://applytics.zwyr157wwiu6eior.com/appevent

    HTTP Response

    200

    HTTP Request

    POST https://applytics.zwyr157wwiu6eior.com/appevent

    HTTP Response

    200

    HTTP Request

    POST https://applytics.zwyr157wwiu6eior.com/appevent

    HTTP Response

    200

    HTTP Request

    POST https://applytics.zwyr157wwiu6eior.com/appevent

    HTTP Response

    200
  • 40.70.161.102:443
    in.appcenter.ms
    NordUpdateService.exe
    260 B
     5
  • 40.70.161.102:443
    in.appcenter.ms
    tls
    NordUpdateService.exe
    8.2kB
     6.9kB
     28
    20
  • 104.18.19.19:443
    https://downloads.napps-2.com/configs/templates/ovpn/1.0/template.xslt
    tls, http
    nordvpn-service.exe
    3.6kB
     22.1kB
     26
    30

    HTTP Request

    GET https://downloads.napps-2.com/apps/windows/FeatureConfig/Meshnet.sha1

    HTTP Response

    200

    HTTP Request

    GET https://downloads.napps-2.com/apps/windows/FeatureConfig/SharedConfig.json

    HTTP Response

    200

    HTTP Request

    GET https://downloads.napps-2.com/apps/windows/FeatureConfig/AbTests.json

    HTTP Response

    200

    HTTP Request

    GET https://downloads.napps-2.com/configs/templates/ovpn_xor/1.0/template.xslt

    HTTP Response

    200

    HTTP Request

    GET https://downloads.napps-2.com/configs/templates/ovpn/1.0/template.xslt

    HTTP Response

    200
  • 104.18.18.19:443
    https://downloads.napps-2.com/apps/windows/FeatureConfig/AbTests.sha1
    tls, http
    nordvpn-service.exe
    1.3kB
     6.6kB
     12
    11

    HTTP Request

    GET https://downloads.napps-2.com/apps/windows/FeatureConfig/AbTests.sha1

    HTTP Response

    200
  • 104.18.18.19:443
    https://downloads.napps-2.com/apps/windows/FeatureConfig/SharedConfig.sha1
    tls, http
    nordvpn-service.exe
    1.3kB
     6.6kB
     12
    11

    HTTP Request

    GET https://downloads.napps-2.com/apps/windows/FeatureConfig/SharedConfig.sha1

    HTTP Response

    200
  • 104.18.18.19:443
    https://downloads.napps-2.com/apps/windows/NordVPN/remoteConfig/remote.json
    tls, http
    nordvpn-service.exe
    1.9kB
     12.6kB
     17
    19

    HTTP Request

    GET https://downloads.napps-2.com/apps/windows/FeatureConfig/SharedConfig.sha1

    HTTP Response

    200

    HTTP Request

    GET https://downloads.napps-2.com/apps/windows/NordVPN/remoteConfig/remote.json

    HTTP Response

    200
  • 104.18.18.19:443
    https://downloads.napps-2.com/apps/windows/FeatureConfig/NordVPNService.sha1
    tls, http
    nordvpn-service.exe
    1.3kB
     6.6kB
     12
    11

    HTTP Request

    GET https://downloads.napps-2.com/apps/windows/FeatureConfig/NordVPNService.sha1

    HTTP Response

    200
  • 104.18.19.19:443
    https://downloads.napps-2.com/apps/windows/FeatureConfig/Meshnet.json
    tls, http
    nordvpn-service.exe
    2.4kB
     7.0kB
     15
    16

    HTTP Request

    GET https://downloads.napps-2.com/apps/windows/FeatureConfig/NordVPNService.json

    HTTP Response

    200

    HTTP Request

    GET https://downloads.napps-2.com/apps/windows/FeatureConfig/SharedConfig.json

    HTTP Request

    GET https://downloads.napps-2.com/apps/windows/FeatureConfig/Meshnet.json

    HTTP Response

    200

    HTTP Response

    200
  • 40.70.161.102:443
    in.appcenter.ms
    tls
    NordUpdateService.exe
    2.4kB
     6.3kB
     18
    14
  • 104.19.159.190:443
    https://bugs-notify.nordvpn.com/
    tls, http
    nordvpn-service.exe
    12.4kB
     5.5kB
     18
    14

    HTTP Request

    POST https://bugs-notify.nordvpn.com/

    HTTP Response

    200
  • 104.19.159.190:443
    https://bugs-notify.nordvpn.com/
    tls, http
    nordvpn-service.exe
    15.3kB
     5.5kB
     20
    15

    HTTP Request

    POST https://bugs-notify.nordvpn.com/

    HTTP Response

    200
  • 104.19.159.190:443
    https://bugs-notify.nordvpn.com/
    tls, http
    nordvpn-service.exe
    15.1kB
     1.5kB
     19
    11

    HTTP Request

    POST https://bugs-notify.nordvpn.com/

    HTTP Response

    200
  • 104.17.207.237:443
    https://downloads.nordcdn.com/apps/windows/meta/NordVPN/latest/versionv2.xml
    tls, http
    NordUpdateService.exe
    989 B
     10.3kB
     12
    15

    HTTP Request

    GET https://downloads.nordcdn.com/apps/windows/meta/NordVPN/latest/versionv2.xml

    HTTP Response

    200
  • 104.18.18.19:443
    https://napps-2.com/v1/helpers/ips/insights
    tls, http
    NordVPN.exe
    17.7kB
     434.6kB
     201
    352

    HTTP Request

    GET https://downloads.napps-2.com/apps/windows/FeatureConfig/DnsTracing.sha1

    HTTP Response

    200

    HTTP Request

    GET https://downloads.napps-2.com/apps/windows/FeatureConfig/Connection.sha1

    HTTP Request

    GET https://downloads.napps-2.com/apps/windows/FeatureConfig/SharedConfig.sha1

    HTTP Request

    GET https://downloads.napps-2.com/apps/windows/FeatureConfig/LibmooseEventsToggle.sha1

    HTTP Request

    GET https://downloads.napps-2.com/apps/windows/FeatureConfig/ThreatProtection.sha1

    HTTP Request

    GET https://downloads.napps-2.com/apps/windows/FeatureConfig/SharedConfig.json

    HTTP Request

    GET https://downloads.napps-2.com/apps/windows/FeatureConfig/NordVPN.json

    HTTP Response

    200

    HTTP Response

    200

    HTTP Request

    GET https://downloads.napps-2.com/apps/windows/FeatureConfig/Connection.json

    HTTP Request

    GET https://downloads.napps-2.com/apps/windows/FeatureConfig/SharedConfig.json

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Request

    GET https://downloads.napps-2.com/apps/windows/FeatureConfig/LibmooseEventsToggle.json

    HTTP Request

    GET https://downloads.napps-2.com/apps/windows/FeatureConfig/ThreatProtection.json

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Request

    GET https://downloads.napps-2.com/apps/windows/map/mercatorClustersConfiguration.json

    HTTP Response

    200

    HTTP Request

    GET https://napps-2.com/v2/servers?limit=20000000

    HTTP Response

    200

    HTTP Request

    GET https://napps-2.com/v1/helpers/ips/insights

    HTTP Response

    200
  • 104.18.18.19:443
    https://downloads.napps-2.com/apps/windows/FeatureConfig/UserJourney.json
    tls, http
    NordVPN.exe
    8.8kB
     24.3kB
     35
    48

    HTTP Request

    GET https://downloads.napps-2.com/apps/windows/FeatureConfig/NordVPN.sha1

    HTTP Response

    200

    HTTP Request

    GET https://downloads.napps-2.com/apps/windows/FeatureConfig/AbTests.sha1

    HTTP Request

    GET https://downloads.napps-2.com/apps/windows/FeatureConfig/Meshnet.sha1

    HTTP Request

    GET https://downloads.napps-2.com/apps/windows/FeatureConfig/NordVPN.sha1

    HTTP Request

    GET https://downloads.napps-2.com/apps/windows/FeatureConfig/UserJourney.sha1

    HTTP Request

    GET https://downloads.napps-2.com/apps/windows/FeatureConfig/DnsTracing.json

    HTTP Response

    200

    HTTP Request

    GET https://downloads.napps-2.com/apps/windows/FeatureConfig/AbTests.json

    HTTP Response

    200

    HTTP Response

    200

    HTTP Request

    GET https://downloads.napps-2.com/apps/windows/FeatureConfig/Meshnet.json

    HTTP Response

    200

    HTTP Request

    GET https://downloads.napps-2.com/apps/windows/FeatureConfig/NordVPN.json

    HTTP Response

    200

    HTTP Request

    GET https://downloads.napps-2.com/apps/windows/FeatureConfig/UserJourney.json

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200
  • 104.18.19.19:443
    https://downloads.napps-2.com/apps/windows/FeatureConfig/SharedConfig.sha1
    tls, http
    NordVPN.exe
    1.3kB
     6.6kB
     12
    11

    HTTP Request

    GET https://downloads.napps-2.com/apps/windows/FeatureConfig/SharedConfig.sha1

    HTTP Response

    200
  • 172.67.180.146:443
    https://applytics.nordvpn.com/v2/app/events
    tls, http
    NordVPN.exe
    8.8kB
     3.9kB
     15
    10

    HTTP Request

    POST https://applytics.nordvpn.com/v2/app/events

    HTTP Response

    200
  • 104.17.207.237:443
    https://downloads.nordcdn.com/apps/windows/meta/NordVPN/latest/versionv2.xml
    tls, http
    NordVPN.exe
    1.1kB
     10.3kB
     14
    14

    HTTP Request

    GET https://downloads.nordcdn.com/apps/windows/meta/NordVPN/latest/versionv2.xml

    HTTP Response

    200
  • 8.8.8.8:53
    241.150.49.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    241.150.49.20.in-addr.arpa

  • 8.8.8.8:53
    209.178.17.96.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    209.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    73.31.126.40.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    73.31.126.40.in-addr.arpa

  • 8.8.8.8:53
    api.nordvpn.com
    dns
    NordVPNSetup.tmp
    61 B
     93 B
     1
    1

    DNS Request

    api.nordvpn.com

    DNS Response

    104.19.159.190
    104.16.208.203

  • 8.8.8.8:53
    190.159.19.104.in-addr.arpa
    dns
    73 B
     135 B
     1
    1

    DNS Request

    190.159.19.104.in-addr.arpa

  • 8.8.8.8:53
    applytics.zwyr157wwiu6eior.com
    dns
    NordVPNSetup.tmp
    76 B
     108 B
     1
    1

    DNS Request

    applytics.zwyr157wwiu6eior.com

    DNS Response

    104.19.184.81
    104.19.185.81

  • 8.8.8.8:53
    81.184.19.104.in-addr.arpa
    dns
    72 B
     134 B
     1
    1

    DNS Request

    81.184.19.104.in-addr.arpa

  • 8.8.8.8:53
    133.211.185.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    133.211.185.52.in-addr.arpa

  • 8.8.8.8:53
    downloads.nordcdn.com
    dns
    NordUpdateService.exe
    67 B
     99 B
     1
    1

    DNS Request

    downloads.nordcdn.com

    DNS Response

    104.17.207.237
    104.17.208.237

  • 8.8.8.8:53
    downloads77.nordcdn.com
    dns
    NordVPNSetup.tmp
    69 B
     139 B
     1
    1

    DNS Request

    downloads77.nordcdn.com

    DNS Response

    89.187.167.6
    195.181.164.18

  • 8.8.8.8:53
    237.207.17.104.in-addr.arpa
    dns
    365 B
     135 B
     5
    1

    DNS Request

    237.207.17.104.in-addr.arpa

    DNS Request

    237.207.17.104.in-addr.arpa

    DNS Request

    237.207.17.104.in-addr.arpa

    DNS Request

    237.207.17.104.in-addr.arpa

    DNS Request

    237.207.17.104.in-addr.arpa

  • 8.8.8.8:53
    6.167.187.89.in-addr.arpa
    dns
    142 B
     108 B
     2
    1

    DNS Request

    6.167.187.89.in-addr.arpa

    DNS Request

    6.167.187.89.in-addr.arpa

  • 8.8.8.8:53
    226.21.18.104.in-addr.arpa
    dns
    72 B
     134 B
     1
    1

    DNS Request

    226.21.18.104.in-addr.arpa

  • 8.8.8.8:53
    226.20.18.104.in-addr.arpa
    dns
    72 B
     134 B
     1
    1

    DNS Request

    226.20.18.104.in-addr.arpa

  • 8.8.8.8:53
    28.118.140.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    28.118.140.52.in-addr.arpa

  • 8.8.8.8:53
    232.168.11.51.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    232.168.11.51.in-addr.arpa

  • 8.8.8.8:53
    103.169.127.40.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    103.169.127.40.in-addr.arpa

  • 8.8.8.8:53
    206.23.85.13.in-addr.arpa
    dns
    71 B
     145 B
     1
    1

    DNS Request

    206.23.85.13.in-addr.arpa

  • 8.8.8.8:53
    217.135.221.88.in-addr.arpa
    dns
    73 B
     139 B
     1
    1

    DNS Request

    217.135.221.88.in-addr.arpa

  • 8.8.8.8:53
    26.35.223.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    26.35.223.20.in-addr.arpa

  • 8.8.8.8:53
    tse1.mm.bing.net
    dns
    62 B
     173 B
     1
    1

    DNS Request

    tse1.mm.bing.net

    DNS Response

    204.79.197.200
    13.107.21.200

  • 8.8.8.8:53
    210.178.17.96.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    210.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    in.appcenter.ms
    dns
    NordUpdateService.exe
    61 B
     195 B
     1
    1

    DNS Request

    in.appcenter.ms

    DNS Response

    40.70.161.102

  • 103.86.99.100:53
    downloads.napps-2.com
    dns
    nordvpn-service.exe
    78 B
     110 B
     1
    1

    DNS Request

    downloads.napps-2.com

    DNS Response

    104.18.18.19
    104.18.19.19

  • 103.86.96.100:53
    downloads.napps-2.com
    dns
    nordvpn-service.exe
    78 B
     110 B
     1
    1

    DNS Request

    downloads.napps-2.com

    DNS Response

    104.18.18.19
    104.18.19.19

  • 103.86.99.100:53
    downloads.napps-2.com
    dns
    nordvpn-service.exe
    78 B
     110 B
     1
    1

    DNS Request

    downloads.napps-2.com

    DNS Response

    104.18.19.19
    104.18.18.19

  • 8.8.8.8:53
    downloads.napps-2.com
    dns
    nordvpn-service.exe
    78 B
     110 B
     1
    1

    DNS Request

    downloads.napps-2.com

    DNS Response

    104.18.19.19
    104.18.18.19

  • 8.8.8.8:53
    100.99.86.103.in-addr.arpa
    dns
    144 B
     320 B
     2
    2

    DNS Request

    100.99.86.103.in-addr.arpa

    DNS Request

    100.99.86.103.in-addr.arpa

  • 8.8.8.8:53
    100.96.86.103.in-addr.arpa
    dns
    144 B
     320 B
     2
    2

    DNS Request

    100.96.86.103.in-addr.arpa

    DNS Request

    100.96.86.103.in-addr.arpa

  • 103.86.96.100:53
    downloads.napps-2.com
    dns
    nordvpn-service.exe
    78 B
     110 B
     1
    1

    DNS Request

    downloads.napps-2.com

    DNS Response

    104.18.18.19
    104.18.19.19

  • 8.8.8.8:53
    downloads.napps-2.com
    dns
    nordvpn-service.exe
    78 B
     110 B
     1
    1

    DNS Request

    downloads.napps-2.com

    DNS Response

    104.18.18.19
    104.18.19.19

  • 8.8.8.8:53
    downloads.napps-2.com
    dns
    nordvpn-service.exe
    134 B
     198 B
     2
    2

    DNS Request

    downloads.napps-2.com

    DNS Request

    downloads.napps-2.com

    DNS Response

    104.18.18.19
    104.18.19.19

    DNS Response

    104.18.18.19
    104.18.19.19

  • 8.8.8.8:53
    19.19.18.104.in-addr.arpa
    dns
    142 B
     266 B
     2
    2

    DNS Request

    19.19.18.104.in-addr.arpa

    DNS Request

    19.19.18.104.in-addr.arpa

  • 8.8.8.8:53
    19.18.18.104.in-addr.arpa
    dns
    142 B
     266 B
     2
    2

    DNS Request

    19.18.18.104.in-addr.arpa

    DNS Request

    19.18.18.104.in-addr.arpa

  • 8.8.8.8:53
    bugs-notify.nordvpn.com
    dns
    nordvpn-service.exe
    138 B
     202 B
     2
    2

    DNS Request

    bugs-notify.nordvpn.com

    DNS Request

    bugs-notify.nordvpn.com

    DNS Response

    104.19.159.190
    104.16.208.203

    DNS Response

    104.19.159.190
    104.16.208.203

  • 8.8.8.8:53
    102.161.70.40.in-addr.arpa
    dns
    144 B
     292 B
     2
    2

    DNS Request

    102.161.70.40.in-addr.arpa

    DNS Request

    102.161.70.40.in-addr.arpa

  • 8.8.8.8:53
    195.201.50.20.in-addr.arpa
    dns
    144 B
     316 B
     2
    2

    DNS Request

    195.201.50.20.in-addr.arpa

    DNS Request

    195.201.50.20.in-addr.arpa

  • 8.8.8.8:53
    114.110.16.96.in-addr.arpa
    dns
    144 B
     274 B
     2
    2

    DNS Request

    114.110.16.96.in-addr.arpa

    DNS Request

    114.110.16.96.in-addr.arpa

  • 8.8.8.8:53
    81.171.91.138.in-addr.arpa
    dns
    144 B
     292 B
     2
    2

    DNS Request

    81.171.91.138.in-addr.arpa

    DNS Request

    81.171.91.138.in-addr.arpa

  • 8.8.8.8:53
    in.appcenter.ms
    dns
    NordUpdateService.exe
    122 B
     390 B
     2
    2

    DNS Request

    in.appcenter.ms

    DNS Request

    in.appcenter.ms

    DNS Response

    40.70.161.102

    DNS Response

    40.70.161.102

  • 103.86.96.100:53
    downloads.napps-2.com
    dns
    nordvpn-service.exe
    78 B
     110 B
     1
    1

    DNS Request

    downloads.napps-2.com

    DNS Response

    104.18.18.19
    104.18.19.19

  • 103.86.96.100:53
    downloads.napps-2.com
    dns
    nordvpn-service.exe
    78 B
     110 B
     1
    1

    DNS Request

    downloads.napps-2.com

    DNS Response

    104.18.19.19
    104.18.18.19

  • 103.86.99.100:53
    napps-2.com
    dns
    NordVPN.exe
    68 B
     100 B
     1
    1

    DNS Request

    napps-2.com

    DNS Response

    104.18.18.19
    104.18.19.19

  • 8.8.8.8:53
    applytics.nordvpn.com
    dns
    NordVPN.exe
    134 B
     198 B
     2
    2

    DNS Request

    applytics.nordvpn.com

    DNS Request

    applytics.nordvpn.com

    DNS Response

    172.67.180.146
    104.21.67.201

    DNS Response

    104.21.67.201
    172.67.180.146

  • 8.8.8.8:53
    146.180.67.172.in-addr.arpa
    dns
    146 B
     135 B
     2
    1

    DNS Request

    146.180.67.172.in-addr.arpa

    DNS Request

    146.180.67.172.in-addr.arpa

  • 103.86.96.100:53
    downloads.nordcdn.com
    dns
    NordUpdateService.exe
    78 B
     110 B
     1
    1

    DNS Request

    downloads.nordcdn.com

    DNS Response

    104.17.207.237
    104.17.208.237

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\NordUpdater\1.4.2.146\Bugsnag.dll
    Filesize

    80KB

    MD5

    0ac686b5a48d31841c3a551e9273cc2d

    SHA1

    3c1feec435368a2835f4b9257a1292c74073bba4

    SHA256

    1e72d04ef57e39126b94ebbd890176a231ff535c84bf04e73c2dc4263513dd0e

    SHA512

    70d10a222a682a2b4039725e9343ebf05968ff2ef5f0cd299d72d145f0ef7b943763cd84112a7a14871c7f39048efe47f2dc687793fc6c96d40a5e736f2a7f02

    Download Submit

  • C:\Program Files\NordUpdater\1.4.2.146\Flare.Net.dll
    Filesize

    53KB

    MD5

    5509f1d9cad6b8e9f115d2fcd7ecf15f

    SHA1

    ed5a6749b1bb73a25b7cb140be6071a56eac9bee

    SHA256

    193b23e5fd12147dfb9881e1ebfa7f91fb5557f40763f6be6534f6d3f8617778

    SHA512

    daa4f90720faa28b9a67e623a226eb9d7a0b52d201adf25300facb999b8fe1db7198d653ee4624052cfc009fed03dc7e850145e40f55613ed7094cb264000d5d

    Download Submit

  • C:\Program Files\NordUpdater\1.4.2.146\Google.Protobuf.dll
    Filesize

    451KB

    MD5

    b2f02e02cd7172e3e106a3c5f696ddc1

    SHA1

    9a3738bd26d6f246ca382690fb00103796cb695c

    SHA256

    319c4c3f9d4a0f792076b652aeac44899ec505e30a055cad25afeabf422f12c1

    SHA512

    7ec7a28a4b7db771d25529c086505d72e518b83817dc31d572c68ba99749f76eb7cd1315a3f82efe4390d2a64e2532c86e148369697d49be1f6f93a7241f3a39

    Download Submit

  • C:\Program Files\NordUpdater\1.4.2.146\Grpc.Core.Api.dll
    Filesize

    68KB

    MD5

    578d1aafa4a7af470efcf4a13fd149a0

    SHA1

    62ca6a257554cb23413bb40a02ab601ee3299363

    SHA256

    6e713703d71beb479a6890ccc8f577b8ba155a6258f7ae0390a1e9e37e68bc0f

    SHA512

    100815092348b89c3cdc751a62fe1b4a20981b4577b4131ce36570c79879d75ec28f9ee0952d00f1f9017d681a85db939bba228c8cff2058a3ab150e805452c5

    Download Submit

  • C:\Program Files\NordUpdater\1.4.2.146\Liberation.Configuration.dll
    Filesize

    16KB

    MD5

    58f22270aa830debe165171b61089599

    SHA1

    c46effc685d4d6aae5649b4fac9511bdea0a2e59

    SHA256

    5c16a6927e07efcd24fa09689d618bc7650a15fb07af44e9b776b903ef721ffa

    SHA512

    f13cf4794e3ebd8312bb22f117e815c5804aaf209f48b92e6e3f4aa927b17237905648dd2bc745ba5aa2067e7797f371dfdaf826b73656841e840ef9c1a2c37b

    Download Submit

  • C:\Program Files\NordUpdater\1.4.2.146\Liberation.OS.dll
    Filesize

    113KB

    MD5

    8360e53bad6e7c42782840add24e2b70

    SHA1

    aa123595d2e19058725fcaacf9acb2adc2f0228a

    SHA256

    4e981cc535e12fbb728aba0d544e0b628377aea41c2520530dd7865902dd76c0

    SHA512

    75f000579cc480c9b9dcd66da36609b4eefbe95c966736769ea45a6eb1efdb3d6974503dd9b4aad18bbc183c66063acca35b278a67cdcaaf6bc9998fe4255eb0

    Download Submit

  • C:\Program Files\NordUpdater\1.4.2.146\Microsoft.AppCenter.Analytics.dll
    Filesize

    27KB

    MD5

    1de2f5747d6b92e477b82c275b56a87a

    SHA1

    dcf7fdfd1d6fd4fb91ed2d0af9450bb2a520a6c0

    SHA256

    35dbbf633d82f3045cff04dcfebb345d97ca591ef65e15d3c34bdb8e73b731ff

    SHA512

    8ab9a786fe0fb25d473e3c66d592dc4d1b65695bfcc3d6b9f6f4834e24fc413fe239cf30fa2d691853200f7e7ed809da703c0f13d4b996fad3cda532a9c708f3

    Download Submit

  • C:\Program Files\NordUpdater\1.4.2.146\Microsoft.AppCenter.Crashes.dll
    Filesize

    53KB

    MD5

    9b1a9a9a6e59eae42761d7d663e657a3

    SHA1

    3bdae1f8cb7a4cff32d61e384722f107d6840366

    SHA256

    55c69e05b12bd022c6245bf42e7af9642da5ccb5a17464ea706c50d705356905

    SHA512

    9a0182610433fffd2e43460830f9c06ee83ab6774f607e011d53c01c2521e626b4236c19d46c2f88aaaf0fbad6a4abba096f82cfed9e3a6d12cabb15bd79ad9d

    Download Submit

  • C:\Program Files\NordUpdater\1.4.2.146\Microsoft.AppCenter.dll
    Filesize

    128KB

    MD5

    36ea619d40b33c56dff55c65560f8995

    SHA1

    d19b328ab592677375fe469fdb8bccaf510df2ee

    SHA256

    b598fb64ab003c4dfef5c29acc764f7f537fafdaea19264836b862a84c960a33

    SHA512

    1ebe91519ffd0a91716ed6229a950a273969a377984b22b5150eb058b194d0a21e0697ce27651696a3f64181ed17587968910ae87924b5c7f477542cc69c91b3

    Download Submit

  • C:\Program Files\NordUpdater\1.4.2.146\Microsoft.Bcl.AsyncInterfaces.dll
    Filesize

    23KB

    MD5

    651cb444aef25ba4e052c006b1fb180a

    SHA1

    85870805e5606d40f53c97d82efeae79fd607863

    SHA256

    4c8a7521ac501203f0b43859de5237629e5b30d62db6908b1f9a837d6230125b

    SHA512

    7816196bf90f7cd8819466d7a570ef1f14e695443fa900f093d084e8587afd9e4f82d36388d113f572dc2f3c94a4f8c7cba601698b4bf8ef065b70ceed5d27ca

    Download Submit

  • C:\Program Files\NordUpdater\1.4.2.146\Microsoft.Extensions.DependencyInjection.Abstractions.dll
    Filesize

    48KB

    MD5

    2d704374f4b6b0cfa0a941e8c291e9a4

    SHA1

    865855aa4a398044e8271792a040459aa1c94503

    SHA256

    c6d54bbe9977c760a5033393150cebbc3931b9b17bf84e9c47112a3ef85888fa

    SHA512

    68c68facb074d3bb21e82fa7a1d80b47cd6b1c7296bc13d556cbceca16d5ece7cda89a785f121c4232ecc0e55f5a50325daae4e4909ed189c296b8f46cedbe83

    Download Submit

  • C:\Program Files\NordUpdater\1.4.2.146\Microsoft.Extensions.DependencyInjection.dll
    Filesize

    84KB

    MD5

    ba6665530c8ce8ce241bc20ee1a67e6e

    SHA1

    44feebf7aaa1f99008656a938c4fb7f49a8eb7ce

    SHA256

    24ac15611ffc08058c9a5e96cb3bbb0daba5b30a86c83c434f2a85632f4db0b6

    SHA512

    bb0822af4e2e846ef2f06c9ccb9541c917b04e9acecf5426eedef24c6f2ecda2994f583bf9ab0f56306505d99ed0fbc251fca869a5054b0f556cbe964ed95b01

    Download Submit

  • C:\Program Files\NordUpdater\1.4.2.146\Microsoft.Win32.Registry.dll
    Filesize

    28KB

    MD5

    78df142d938d554c47870fe0db67da1e

    SHA1

    f77d900b816087c71c92660bf8d1646c1f5691c8

    SHA256

    e648015d94e83b6e2a18afcd859a998423b330dcce8f82bb23149b95ba12d925

    SHA512

    7ffefd8014c9974ddde5ce738d27dc1baad66b2d9b358e32be0b52fca7ad2f9c2d710e624b39d467d2d9c2eba6fd410268341c18662194081792d638b533cfa3

    Download Submit

  • C:\Program Files\NordUpdater\1.4.2.146\NLog.dll
    Filesize

    928KB

    MD5

    97683f51f9b45723a391c8aa7b48f1ae

    SHA1

    e377bc4445cc4ace5d39c186a1aef5d0099f3fa8

    SHA256

    051bcff9b3d1d59d4ecf5e3e0be1d58896e4b19c9fd414a3a2c88371535933f9

    SHA512

    dfde063e791e6a6ef5bf8966cd273b99fb9e62fc0e9942c21088ad2fd922423b71af0565e73844bce46bf76fe7f3aba74e6ad761951a41728120d494b71f74cf

    Download Submit

  • C:\Program Files\NordUpdater\1.4.2.146\Newtonsoft.Json.dll
    Filesize

    694KB

    MD5

    077dae3610c77bdcd2fdb8c4d0b6bab0

    SHA1

    6e07d149def44e00a787d40c83e238756448a07b

    SHA256

    b2fd18df7f77e114370344a80890cae9199a77305b4b53c21467d346dce493f3

    SHA512

    6d635be8ecd5df1b10d8a98992884d6529337b0b691449f8fe5123a02fb10aa74fedf5583a8b73db642c9fe013065692c74e1032cfc8970235719e245e0d55e1

    Download Submit

  • C:\Program Files\NordUpdater\1.4.2.146\Nord.Communication.UpdateService.NordSecurityCenter.dll
    Filesize

    60KB

    MD5

    504196b75838cda7c828b55159986360

    SHA1

    c404f019858815cc6dc266355fdaea0adf54a519

    SHA256

    553a349ca98bbbfbea35d6999a771dadfa6dd206cbe19f20476da374f21b4d36

    SHA512

    554da02cfb873086fcd5cb9667cd7e9a862b0a618cdc2c209d5ab2e06769728610f582ee0eee51eb93d0ee8b450c3f457045e2826c8c0b74bcce1a99b0abbdd6

    Download Submit

  • C:\Program Files\NordUpdater\1.4.2.146\Nord.Communication.UpdateService.dll
    Filesize

    69KB

    MD5

    a7c6b02fda76fcabdcd30329340b32ff

    SHA1

    5dbd42c1ff496aad623f7d7f8837886a31b60303

    SHA256

    01b488f6f57aa32c7b4c23ad293bec4571143b40b02ccdf954073672062b9c3a

    SHA512

    b5aa969fc843bdfbb269aa7eb41c5603c7d33fadd0eb01049ae4f0eec9c42bbba7180ca90253b25fde16cb6e8cd6fa6824fe32b8838079d88bde58ca97fbd9d0

    Download Submit

  • C:\Program Files\NordUpdater\1.4.2.146\Nord.Grpc.NamedPipes.dll
    Filesize

    74KB

    MD5

    08084a60edb8e593ddfd69f4ded4a18a

    SHA1

    d161ff7c951d76a8b970dcbb33ab292578645d88

    SHA256

    6001190c9d3a4f11ce615695785cafaeb3f869d96228fb5f091c4cf53fd7da07

    SHA512

    42f39a4b160d4cddbb5fd6c5c1bc151b5f6e544a5db81f7fc6932c34d736e07b8a204153dd551fcda0a388409e635304cc7e0b705203a5b17da3b4c5f64df44c

    Download Submit

  • C:\Program Files\NordUpdater\1.4.2.146\Nord.Logging.Abstractions.dll
    Filesize

    19KB

    MD5

    3a2a6b1a57b3352e21ef5cba11c1e866

    SHA1

    91122af5fbddcaf52ba63fa18665404494aec6a0

    SHA256

    f5a72b066436abd1c4a1e2399199291a7e442010be88ae362ec5f179223d5fd4

    SHA512

    c12c21552e3685f5601c545d15f66ebeb980cd43ba15c4a4388e044a9289a7504aa85736d9c708a6c5d5139badb9b2b1af5f9a5b05c1505f2663cb8fcd3c2edc

    Download Submit

  • C:\Program Files\NordUpdater\1.4.2.146\Nord.Logging.dll
    Filesize

    28KB

    MD5

    02ca991de34de519966627b527410d0a

    SHA1

    912a81290499c8e6e9cb278c3d85e25bb47ce61a

    SHA256

    5ab9bedd0b484f9404cdfda8d974d08795f10cb12158cf21c0bac21286c2a25b

    SHA512

    e21364feca009c5c7acfe5af61178ed0bb7a12f4841c365a0f60cb03132219129532638ac2d4bd26015fad8596e6279d52035ad509b1522be72947a3aa192cf3

    Download Submit

  • C:\Program Files\NordUpdater\1.4.2.146\Nord.SecureData.dll
    Filesize

    18KB

    MD5

    1c940a2dbbcffd32b34a8b4ee11d25e5

    SHA1

    04df5eb9b45b0ba9b311a3e2cbd5f84c169edfe7

    SHA256

    1d4ae768697a12cb2e54ed56f274d66ee93d13ab9ff5003f7bed6fbbb0af61bc

    SHA512

    78b40eb68a4acb5ae836b6406861e88ad55f46d275913e4d73cf9bb468ee97e4d9cf2fe7d61dc50509c199b468bc44d6e292952d8bd4cb155ec2cd90dc01fe86

    Download Submit

  • C:\Program Files\NordUpdater\1.4.2.146\NordSecurity.Communication.Ipc.Annotations.dll
    Filesize

    36KB

    MD5

    4bdc7137a6e6c226daafa154f8af6db4

    SHA1

    8cee4cb03ca33d194ef9a85e8f6625a8bf5f377f

    SHA256

    d579fac203a388804d2e979bb7b421578690b9fe7fa5b0345bc0d5ec8a77d6ff

    SHA512

    0432a09a30a780d6adca8011513096cc469925265eaf7100340556b7ba70de02b85a111c37bfe23004e9ffbe769d9a1d3865ca3d86b14a4733a029b0e20800dd

    Download Submit

  • C:\Program Files\NordUpdater\1.4.2.146\NordSecurity.Communication.Ipc.Core.dll
    Filesize

    81KB

    MD5

    971730c37ad5479bbea26b03fdab3a99

    SHA1

    ad8b37012075f00f43538e36f12b52cab2d10c26

    SHA256

    01a5f6d4e76f726b1be3e9a4e6eb396e90230c788436f6dc92cfc5d677958023

    SHA512

    93110ad5694f915d1fcef98671ebcd9f58da5ae9aa91ed95323579980acc8468f8f071103a93b2e46a1c994b597bb41f64bcc474e858a03ca47fe2bfb8f2ce38

    Download Submit

  • C:\Program Files\NordUpdater\1.4.2.146\SQLitePCLRaw.batteries_v2.dll
    Filesize

    22KB

    MD5

    236f90748eef78702fc000299b595691

    SHA1

    a08fad01d3383ebf1ccd58cfb2d8ef599406730e

    SHA256

    896b328e11fe2f4f882bb0b488896cc7cf7b4d9256283ef15fb395c10093785c

    SHA512

    573b91b21bb22226fec5459f848baa927511047ad1d01a63bba46c939299af18d579864672bbc196c540ab9eb374ae113f7f279563d9035d4b2391ee775b2bd2

    Download Submit

  • C:\Program Files\NordUpdater\1.4.2.146\SQLitePCLRaw.core.dll
    Filesize

    60KB

    MD5

    dbde17a7f6bbb946f796f4164e0d5751

    SHA1

    afde4bc909c41dd5162899775ce799234a2aa383

    SHA256

    20b6d144cc043b25c716b2ab4a8ddb3aa7552b0caf0229a1114e55dc4522cd2e

    SHA512

    1e6121c8759bfba037bfb6b4a0478b92816d40548d7d96f55713f4faa43e6a253efec78b21582f83b0abf83c0bbd0f351bf2419f85528b878cdd87b029dfabf1

    Download Submit

  • C:\Program Files\NordUpdater\1.4.2.146\SQLitePCLRaw.provider.dynamic_cdecl.dll
    Filesize

    74KB

    MD5

    99784af99a867e4d39485c35beb33967

    SHA1

    8e00e2edbb4ea3595ea5c71fd9de4da50e4c77af

    SHA256

    01525cd0551c92dd1d42a59352ddb029f7fb7485f85b65f58a6913fa641f1a94

    SHA512

    16e16bb78d77df12774f2a240b9276ca9aa747d2fd6547910b0f6cfefb88f2c2acaa29ece1aec428d612c5f44d6e2c52d62e6868d2fc5f78575e9a4d6b37f4a1

    Download Submit

  • C:\Program Files\NordUpdater\1.4.2.146\SQLitePCLRaw.provider.winsqlite3.dll
    Filesize

    50KB

    MD5

    5322ae9e71be1739e627457504c56244

    SHA1

    31b087ba274a62fe077ee1d5c5865a9449720f9e

    SHA256

    6169f3dba4157c16d2331a75120b0aea6499ef8f9f641993bed0c09d502948ab

    SHA512

    af70ddb3ffbc9da59c0ab81fbd75e3c67e7411e157b9ec7b2cbe031eed7b119d96900729a39aea8a2d6447a856022412a3c832dfdba788a3c2600e072136d5c1

    Download Submit

  • C:\Program Files\NordUpdater\1.4.2.146\System.Buffers.dll
    Filesize

    22KB

    MD5

    f7cc0cfa9abba6625adb02dcf3c3b6b7

    SHA1

    7936a41ecb2ef695ffefd18660663620ec0a4166

    SHA256

    851ab00b1de3990ce21122cce6b7ba66f25129e6acaa41777c64d060eaaf6cad

    SHA512

    0ac672b63d05ecb0813f3319b578a744903738d9656c0c237e3e360bca27f322571c935c1e116acf42406749da398490c0b6b7021f9adfe43d09a724aa74d19e

    Download Submit

  • C:\Program Files\NordUpdater\1.4.2.146\System.Memory.dll
    Filesize

    140KB

    MD5

    450fdce96c012f80f48a5d2148c177e1

    SHA1

    1971e069e0fc1dd0bcb9ab94b7b29059f553bb9c

    SHA256

    a569747b83b59e5995abf69f6a3f2ba82257f3f37965aee7d1ad6e7da8cde3d1

    SHA512

    9cac0d87eb9e8482e8b7679d55f5c53fe5b2add7dc6ef7220611e1fa489f67d901347b38671f82098c2e54f57072adba2a76e34549a0d22d80e5b69314bd3c22

    Download Submit

  • C:\Program Files\NordUpdater\1.4.2.146\System.Numerics.Vectors.dll
    Filesize

    108KB

    MD5

    116e776bf3e5c939f2063160eccd1b3c

    SHA1

    d076a91154bbfa3fb99837da2ad71b63154e5359

    SHA256

    14965daff02f14c99e36918a31824f3f0c1f5a420c789d9a08bb3cf3c26d9224

    SHA512

    756e48ffea705ca6a54eae53ca0a0441605e58916edb3e855b41d0b300e2375a9f5e3a4d3904eab738a4cd83fa4b5ace4d951ddbc6ef1995e956470d078582fc

    Download Submit

  • C:\Program Files\NordUpdater\1.4.2.146\System.Runtime.CompilerServices.Unsafe.dll
    Filesize

    19KB

    MD5

    7fbcd312a3a30032d0fe422c15342d73

    SHA1

    24bfdcc803de48e4b73ad350a8972d8126b6b899

    SHA256

    4ca0b277015056db623028e8245e2a5d0045d9cc3749ff7c9ee4f484a4367f73

    SHA512

    c58db49187c64dbb70e650e0a6d9a5731f8987e38722ffcdee525c3d0a8f24d11698e01df870cd77e16f86e492f0e75fca9cd78f5d17dacb61e57169f1b02343

    Download Submit

  • C:\Program Files\NordUpdater\1.4.2.146\System.Security.Cryptography.ProtectedData.dll
    Filesize

    20KB

    MD5

    a374cc5f0f5cdbd301606573fdd723c3

    SHA1

    47464e52923f5c09d6256ea731654ad989f122d2

    SHA256

    2386bb2d7ce20b691e96fa64ba40f146480ba08ac0405f002e85f8b5e50c9c0c

    SHA512

    a5c607341b549a644ffcdf4c103a7fbdf091c5dee56c1af49ed780240c99ad053a327943e7b8b2b350b7856534e4d260377ad6c4cc285e928d5b0e5815d90618

    Download Submit

  • C:\Program Files\NordUpdater\1.4.2.146\System.Threading.Tasks.Extensions.dll
    Filesize

    27KB

    MD5

    c9558593dbae3c54e66f210dcea89aa3

    SHA1

    4b6a51df96f9228594f00141b5ea1b4cd6dba111

    SHA256

    fa46976e1b1d06052b7c6a002aa7a27e7efec935a6f7b7fc41c4356f3265d3e7

    SHA512

    63da07afad850dcf038585f4eec009a16e562b0dba28b256fe98fe8e5c4a095621c946552f92e865daee9a5226264ac54c4555a889a806162552607f7acf3890

    Download Submit

  • C:\Program Files\NordUpdater\1.4.2.146\UpdaterWindowsService.dll
    Filesize

    260KB

    MD5

    a33a8eb9e4d175745e5db872d85e0ea2

    SHA1

    c12bcb05dcc8e4823d68ecb6cb96413ec5162562

    SHA256

    2a7676c19aa23b83824902af6271dde3fb5073fe51d921a0258747f49c64c133

    SHA512

    e8231f851af82025a2c74eca1003b1e5a4458838fc3c6b8c2c8511d45d3b405081d02f00f0d28c63c466bd19281280c332e8d78ac8da8f64a36fc68d497e0e17

    Download Submit

  • C:\Program Files\NordUpdater\1.4.2.146\e_sqlite3.dll
    Filesize

    1.6MB

    MD5

    d9c41ea1a7a9e090102da6a0323098a0

    SHA1

    99cff5e9ab8b62e9ac33c1b859c5e2e468b3ca51

    SHA256

    74393f64419aaf6655d60dff125c7ecd3adf1a76a7aba0afc38e6dc362ed7902

    SHA512

    fb37edcb561e0b33afceb39b8875c8db4b527eadcf59ab9874736fe74579c058b8d0a7b30cae21d995516dca0c11840121e20df16d7c67cd8ee757206c7e84cd

    Download Submit

  • C:\Program Files\NordUpdater\Nord.Common.dll
    Filesize

    41KB

    MD5

    93b54ae5ab538c423aa42e0ad9f21369

    SHA1

    54217b5a2fb10b7f786837c3a9dca98ddc03a07c

    SHA256

    c748e1761528e54cb6637e46a50c39a1bb5e8f951ae19ebe64c3f424eb774181

    SHA512

    3bcd7772251c0c59e76f345c218e972cb07dcf14dedc3f07ab90d658470770883d41ae0671bc87796097b6fcfa12476202d1d0633c07ef4fd0d338ac00d214ac

    Download Submit

  • C:\Program Files\NordUpdater\NordUpdateService.exe
    Filesize

    290KB

    MD5

    c59d83ce3b43dd07757910b4c1694b40

    SHA1

    7671aad5be051ef18ecd733c36ad58edb8a98297

    SHA256

    e99fd45109ffdf65e427a60c6846aa7adc6da833a97273ae99c7f6dcade0f7ca

    SHA512

    aac5b5c549f47ffbafac11a8f132d5202e9edf4389c4a4d25b569f7031c898e5aa490d8a56d4b4db5644ffc0d54d3e76492eec775b5ce3352a60c31b949570af

    Download Submit

  • C:\Program Files\NordUpdater\unins000.dat
    Filesize

    65KB

    MD5

    35e1449d17a9f689b4cfe839e34e017d

    SHA1

    f4b7f7ba311abf37115f9b4b0131a93857ef9633

    SHA256

    51d205adc2b7aa539e2666c5771df5282421cdb495b1d3c9afe9786ed919fd8b

    SHA512

    b2b1bb280bf2d54361b723b6ec0b083873cedbef2bd60a16b3a12d8be2ddf3ff906ce14dde9cf8d887d65e98569c1b553a13f1f98c0c082ddeb44c62224f52e1

    Download Submit

  • C:\Program Files\NordUpdater\unins000.exe
    Filesize

    14KB

    MD5

    9a3a0890693b43897e344124b247a3ed

    SHA1

    8d8f342a3618451cb860b82de5abf9a7ae634647

    SHA256

    c53e27f2ae6063b02ccbf4af76e8cb4cce20d861fa0c1da578800e028680078b

    SHA512

    bdac94fc251fa217f58c9988adde4d7ea5ce8d69874fc2ccb8cde688f8b7aab0af69a1a3d101d5b05132ee04087eca578da813e9a576604fe22e659b468a7a53

    Download Submit

  • C:\Program Files\NordUpdater\unins000.msg
    Filesize

    14KB

    MD5

    934e647fc033ab8e188ba9e2959e4667

    SHA1

    0a9fa3f67eb5f6765d09cdc00090ed8002ce9be3

    SHA256

    c0a4a53df934afa491b8d7d2f7432c2b0b2ed18ba39722946fda2a7292b142ba

    SHA512

    4469408e04df9de06b1edb59459aa3ff11a65ef7585c4856bc3569160c070552e289eb620fa6f764dcab071e787ee61883448cf7b932b0fbbb88b56a2ea7d3a3

    Download Submit

  • C:\Program Files\NordVPN\7.19.4.0\Diagnostics.exe
    Filesize

    384KB

    MD5

    e372fb56e39e8e80805cf029a7694929

    SHA1

    c511eff7ec70f5a49a25a6b46c4e9ebe0ca33d14

    SHA256

    51402a655c74a29f165e958842c7e5207759d99cdd68b4a169a78d6278c4427f

    SHA512

    442ee1a70ed95ec375641a887780463fb718caa95b923d05ed89aa85bcd8c8f3cf236a35873e836b7f837f6bf98bc309c93b40fc4b861d6ca5874ca435489ae9

    Download Submit

  • C:\Program Files\NordVPN\7.19.4.0\Nord.Common.dll
    Filesize

    40KB

    MD5

    4029f5f83160e495ece0c84ef6fe7420

    SHA1

    ad0b784e16343c3a25c3c7e4eb2dde7331a1f9fa

    SHA256

    bde128af8478d5c60917fd637bd9d62cccffd1fb2e594779595f30abcc6b6b21

    SHA512

    303fc5145c964bc2f0c4060a86d57ccce21cb09a2c13fb8559fef44917355c06e43f9091cc792757c8ffb588d8b6b069dfb26d6ab2e280156a016e22808804b2

    Download Submit

  • C:\Program Files\NordVPN\NordVPN.exe
    Filesize

    257KB

    MD5

    ff4568edc9fce6309a363f53e8265850

    SHA1

    74f421d5b757f9e5a9526ba390b59f4a871ce3da

    SHA256

    6788f84fe5b1c321575c35da92f6ba775dea7937fcad83409119dbf8ba2d8aa0

    SHA512

    a7e13a77e3bffb697fdb019eccd9a8d629659c875e8a47203b57e886ae241f96a6a97600404d4fbf9eb010a1a31d6fe282a9c6685a970af5a13960fb350d74fe

    Download Submit

  • C:\Program Files\NordVPN\Resources\toast.ico
    Filesize

    87KB

    MD5

    81cddd84c0faeb97dfb495ddfea1764d

    SHA1

    65c4da96f72f73489623e1d3c2ce32ec2e804147

    SHA256

    d1c0c7eaf223cab955a8d29e019566028227b7d8b74fc8aa8fe65fa782e02738

    SHA512

    a5fe3fe49aae367e2ed6c9c740db8b322bf5a781d5f0c23637fdde950502e4aaea7fc5e7d55315896cd382222bb42043918856d8a2325571ff2a2f7dbbcd7641

    Download Submit

  • C:\ProgramData\NordVPN\affiliates.json
    Filesize

    4B

    MD5

    73792b9af3fc811b105441cc773526b1

    SHA1

    3dbd0a28528cc971d576c7a6dd2bda7edda4042f

    SHA256

    bac6a76645c48064f198e711301492ace386110831d381f33ba68a3db6847bd4

    SHA512

    e936ca3804e4d2e2eca9700f143f01db1e07f01f4f5cd1fd2cfa94f19ba5a33812d6ea320364edeeb5b9ae86ca309ea48f16039accb12f86e0eb1cbd980b76a5

    Download Submit

  • C:\ProgramData\NordVPN\configs\templates\template.xslt
    Filesize

    3KB

    MD5

    c79bd4b94b0b83d4a3e1588614524a95

    SHA1

    26a2ac217abd39a15773d2e3d2a6aa2ac7d45369

    SHA256

    d6ed263761188a215ce302b69fe0b73b6dc796f5935206c56d2f9e1694c00635

    SHA512

    b0e4926b49ec76fc0fb66021598f836e34b61a7540769346b9a0689ca7dc11bb65309ced8444f7a9d80727858720387b99b1eb49d6819b07f257acbd7f3ef0ea

    Download Submit

  • C:\ProgramData\NordVPN\configs\templates\xor_template.xslt
    Filesize

    4KB

    MD5

    542e0102aa5dc40e3cb21c84ae94d053

    SHA1

    e48cc5b7c06513b86180c52270e85dd08e74c86a

    SHA256

    56c2e8781f54a083aa5a3b19b8e018ab96917e0bfe79be8593161f2f2954276c

    SHA512

    74d2394514e8f13244517c225c2e4dc17f2a9f796b437d7c7f7ac8635654f4677a490e8879a1e52aa8ffe0b769124dfe173db3ae97f9ccb369fd67e7d12eaf27

    Download Submit

  • C:\ProgramData\NordVPN\nordvpn-service\7.19.4.0\ju2mjnan.newcfg
    Filesize

    902B

    MD5

    b395a6db5cd3e99a5ecbc41c35758049

    SHA1

    dab92fcb83db2b28feba50ecca39c0f604b080c2

    SHA256

    75db4c95ba71c05aa6c913ac23f72051ae0ed3189cfa4c8baf98d80c99965ea8

    SHA512

    e08b368897208139e87d13b385e72bd6c9048be5ece3c50ddce32e9414a13a65295ac93a25e33a6f5e5a8911316d71a6a556fbc82ec297cfc4a4dbc45700c426

    Download Submit

  • C:\ProgramData\NordVPN\nordvpn-service\7.19.4.0\nordvpn-service.config
    Filesize

    1KB

    MD5

    16daa4a64136fa2c988375d10796b52a

    SHA1

    50631093219f3885b1d2c8593db00245184e4b97

    SHA256

    c7b5952e9d6005865df46521887dc56659dbf49a11f14b8cf92ad3b50875cb8e

    SHA512

    99771c4181bd51037c18da79f49c47e5cc68590420cf23f7d8a001ba6e025d0fa268acd27b48f05d9a45241b3cb93d6d42a8315eec0aa672641758b859f0c88d

    Download Submit

  • C:\ProgramData\NordVPN\nordvpn-service\7.19.4.0\rgjodbdu.newcfg
    Filesize

    901B

    MD5

    21324aa4f306fe524fd1a940b6bfbe1c

    SHA1

    e99e918c548feb355679a9a16b71d37f6d687bf0

    SHA256

    61bac056613aa8aed2d5a554648865382effbba6dad0efe36c87b3da5fae9993

    SHA512

    e8aa0e891f596cb755fb32121218976d9191b054526baf2f71cc7a6804e8d78549e0672cd99982133dd8fb899f99f17bdbfa91fc33c9c7337e086959a8c95c5f

    Download Submit

  • C:\ProgramData\NordVPN\records\auditevents
    Filesize

    8KB

    MD5

    8360789ce2861de7b27a441bfb591aaf

    SHA1

    1b25fcb243cd36eeb17bb51a57dbd3317d8fc1df

    SHA256

    6f0775bdf95a341c645718620c3056b1fa268384d1a005f521cce7de262b404c

    SHA512

    6600fe617b1b194d6a10a97772eb74d0e0b9c7fe9af58be4e9e2a5374caf02ffe6c849084569c1f5d967fa386d78c782f1b4480affb629644323b9d6f61b68be

    Download Submit

  • C:\ProgramData\NordVPN\records\auditevents
    Filesize

    32KB

    MD5

    e69fc42de2b34378c0c9d3f629d26620

    SHA1

    9d4cf89bfdec02f7ce7937d254394835d27c2194

    SHA256

    9c10af70340bd845988f862de8025b73c8b6462965c9e6bf80d81d80004df533

    SHA512

    9a0c40cc810194a139965b5ae5af8bc2e03465db142b81bd1a0862db0f2767f75a364651c89d70d0354ab0f1797777d46d9a6b0b24ea4573a4835cadd7729713

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\NordVPNSetup.tmp.log
    Filesize

    932B

    MD5

    87c54d4da204ea1d4fc9489bd45d06e3

    SHA1

    f9ca47f0b16aa375eaf991dc83aec09678e6f749

    SHA256

    c282cbbfd81749788f382185502d567ca75e78030781b498e9ba976fe4d96f63

    SHA512

    172fe3085c22a5b595929e2837174412d1007335b3ef6682ac560b9ec728b2d27664ddb458a79adc59fe1344077a71719660b3b911f926b7080bfb49bff9dc21

    Download Submit

  • C:\Users\Admin\AppData\Local\NordVPN\NordVPN.exe_Path_lyd2et14emxyzyihmgzycn2rdelxpwpj\7.19.4.0\iflotzce.newcfg
    Filesize

    14KB

    MD5

    b54e1270a9f3cae97344c3df86d733a1

    SHA1

    df40eb62ad32e9c6b192f4d164fbd787579f0f7e

    SHA256

    b6d162820d84dbea379e092473198e74c5a5a3b14968b4d1234cdd7e1f599300

    SHA512

    b1568ba2d2f42676fc1eeb522981970d73bff52c5406074b40b8976f49798b8d507aed294487f24ced56a9708fa40dfff61da1d84593a6c7cb51fcb6201140e6

    Download Submit

  • C:\Users\Admin\AppData\Local\NordVPN\NordVPN.exe_Path_lyd2et14emxyzyihmgzycn2rdelxpwpj\7.19.4.0\user.config
    Filesize

    14KB

    MD5

    caab8986ed616467fe0b29e20018bac3

    SHA1

    acdf1996271ad16f536f649e8b54a7d0d114297a

    SHA256

    c7cef86cdac3cfa830934d2ee9b1cc93826fa4f6c23795109964396ea9c7abb0

    SHA512

    8f0e615c07a0d3533c49230bdb2a0c9d3ee22809e7e40fcb3e6a34db50c09034fe8cbf51b9bd5fe39ce9da8fba5254c2095537a9ed0dfcbf32154a35dacceab1

    Download Submit

  • C:\Users\Admin\AppData\Local\NordVPN\NordVPN.exe_Path_lyd2et14emxyzyihmgzycn2rdelxpwpj\7.19.4.0\user.config
    Filesize

    14KB

    MD5

    afa38120ecb33009e9eef559c7e6ab81

    SHA1

    fd3c3852ee76da101ae8a0a0e43ab82cd42f6f11

    SHA256

    2719c8c0ca07d96d96a25ce6b9e78d5a739b2debb0757666683d9f64544a11e1

    SHA512

    46fa85c885eb572504e35926515679b6a018922deee46d1c6a17b90a6f01cdccc389b7e14ed06956c60af0c5197446a6410431f69d24eea5a34f4a98246fbde1

    Download Submit

  • C:\Users\Admin\AppData\Local\NordVPN\NordVPN.exe_Path_lyd2et14emxyzyihmgzycn2rdelxpwpj\7.19.4.0\user.config
    Filesize

    1KB

    MD5

    0b100aafa19f8083696d78921cbef6ea

    SHA1

    4d8cec5423420504a7dc3352b571f925e2c7cfaf

    SHA256

    ee6510bfc617cd9b8020228c7be54fcf8dd2db981d5d0fac51a10d47f6d59bc5

    SHA512

    47943775a783227d673df0f0fe22fc17444eed84f5c4c430c71a067726454b7ea116638404f52e3bb00e5ee12ab9f28d694f9b4d9996db8e1da71ca59f5276c6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-JDQU9.tmp\Nord.Setup.dll
    Filesize

    40KB

    MD5

    b18bd486c5718397bc65d77a16ce2593

    SHA1

    58fe73e27c5c04e6915c5358f698f7fe8c2b5af8

    SHA256

    0bbf32b0553ca1292602e8c2c0458e075fdee2c8b6ef8ea81e924a86bc065f3c

    SHA512

    f4ffa1c8983914c41657fecc11c9324caa5899ad875b9687da8ffcf79ab189f19d6f926e16f09f240de9e6b22e26691fae785ed95657af310de5bf6c58ce8e0e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-JDQU9.tmp\NordVPNSetup.exe
    Filesize

    22.8MB

    MD5

    7d8e75625345de31a28d3e02109bbd92

    SHA1

    6863b702c34793fd09d7ba8fb2a27dd49f880a55

    SHA256

    6c79acea11afe807cd798f3bcffe22b50655d43fa1409491e41e4be46300c75a

    SHA512

    8547deb41db355689f9c8696b5d0c56a9f5652ec0ccea9497aad3ec293a4495e04ac3fab1e0c80ecf18c8729c0cff6739c0ddf2689aa19cab3d710cb37b94564

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-JDQU9.tmp\NordVPNSetup.exe
    Filesize

    260KB

    MD5

    ae83624c3dde1a8e3cd118129af1552c

    SHA1

    3426473e947b2ce9a5a1564cf1bb1db71473f24c

    SHA256

    bb5a76ccb14e1679581ad2db35a3930df7d7c98944b0bc557a14b404e019f1b6

    SHA512

    4f4bcdb78456be0acfb5f7eb1228ac3075bb081911f42e921a6673e5ea743eea3054531eb513bc4b81ed33c5c30188b3476095fca8802c8ebc6b45c6120e42fa

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-JDQU9.tmp\NordVPNSetup.exe
    Filesize

    15.0MB

    MD5

    e6c64703bbcac6db122ea2a7153f8fbc

    SHA1

    6310c8892dd07a9397636dda1daf2bff646149ef

    SHA256

    b68fe91323a097e19c470a8242fe2afa1f450b51c8f81c3055c8da6eec51cf86

    SHA512

    c73d28b72cf4c786863149f88a084ae67954fbc782c4a566d00b3de9005aa71cbfe5bece32445932f8a973e60eda1e7d684314a5372a991755804af147d359f9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-NSCRT.tmp\NordVPNSetup.tmp
    Filesize

    3.1MB

    MD5

    db18234544148ad0ee00d1126807ad88

    SHA1

    06d4cfd67b26d14af03239b2ceeba1da3fca2064

    SHA256

    6323e212f9925316b00e110c1b217e9ec239b90afe2d93bb3e6999e1aae29fad

    SHA512

    7a367b7d71510009b0bef73beb64818b2503a0423f350c2ef73a28519873e03702ef53c55969ef14cb6dddc421bb9b694fa714fdda19ba57fc4d102d8bc56531

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-Q2C98.tmp\Nord.Setup.dll
    Filesize

    43KB

    MD5

    80e4af01f2399fde9fcba64fc25afd88

    SHA1

    43791db4576e119f6e762fca5a97e008b11172d2

    SHA256

    6b30244e8b857f10073e2015930b5f54938f90e80970208b5a39ef0f008e199f

    SHA512

    9d8044d935669567289bb7cf3a2452d407262ad81905d9b5474ba77aa289c15e0bacc5123661516744eb86d36ae81aa73ec432e77fba0598bd8b9b99e100611b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-Q2C98.tmp\NordUpdaterSetup.exe
    Filesize

    2.4MB

    MD5

    9250141e4619953f35327e91446ad7ac

    SHA1

    4096915e8c9079a9eaba71b217a807597a2f3bbd

    SHA256

    64d851bc0129e19d2d86591d6d69c5a3e6c9280671e95f38182fdc22c0358cb1

    SHA512

    5d8ca221e5ec1882772c3564433dd8b4f2e5547b1666e45906631f593f0415cd155c2dbe4e5a418296162bbaa8440bde8bf9a4a5421090486d2e1e989095db3b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-Q2C98.tmp\NordUpdaterSetup.exe
    Filesize

    576KB

    MD5

    1b767c430cf1445cad3a864d92a10ab2

    SHA1

    a77d19d4d532d14a1e6b340c56f3ed58b885c8c9

    SHA256

    5ff251b9c5527f0229fa299b586941961d7c9ee3b321300bb932dc74eb5f89cb

    SHA512

    01bacb9db85312599f77935ccd254258232aa15e945e278733070cc1946e577fcb6d4a796cf8b5134b7511ae1673ec8d29e9c9b1e9556477211d0228b4df5522

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-Q2C98.tmp\VerifyTrust.dll
    Filesize

    85KB

    MD5

    def84359897fe0ae2cabce3c578c0e17

    SHA1

    fd2e3532c4f36cd978ead93f4e8093cf657edae0

    SHA256

    63049b84528a9c18886902c9497ec302a562212c1fbee3254b57d4cbe5c94a95

    SHA512

    932d75e63c22d616d5a842ddcf793c7f20bedacabd6c964f105a7fb7ee370bb6a12b118619eddd1447dd8b3882e0dbfc3ad7eeb340d3a02ccceb07b94dc93f9c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-Q2C98.tmp\isxdl.dll
    Filesize

    169KB

    MD5

    7998a1a52eedde342de34b4147006419

    SHA1

    8fad49145668b4387d233e296b6f57342c7a1a55

    SHA256

    48003909f632c53e9ab7edaf8660b6a12070325d733c7c14f0e3c2d72487a8fc

    SHA512

    5d217922dfeecae213dfa950c3bdd402c27fc8ffec0de31ec6a457811c45a230e0a940d2dd8736be192785dfb77cfeba7bb6bda74ff0050a9ee1b05c3c4486b4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-QS3NT.tmp\VerifyTrust.dll
    Filesize

    85KB

    MD5

    9b43bdd1a7462708a192f4429d9c8404

    SHA1

    7ad954e4a8a365d1bdf1d35f40543185503ffa74

    SHA256

    d28b6de6ac3cc185909696f030ef278f92605f37e6c864e60bb1190f2d264014

    SHA512

    8de746fd4bc7aa765c117e5a116d0bbe7ad514feb9b9a0ce270b5f9edce0f338a4db96f32aa6e26087a95624717e9049508f04db7b826cfbefbce520499c7e3e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-QS3NT.tmp\isxdl.dll
    Filesize

    170KB

    MD5

    0f714846f9ae8a60f5cdb4811377b23f

    SHA1

    80033367772bac128fefa8707ad64b4b27cf0c34

    SHA256

    98d547efb2bb65c32cc278beed99c4c9ce83e63f0032ad327fbc5241cdbaab90

    SHA512

    5149814592ffd2f756f60dbfc8bf10dc7c91e3c8b4a8d1c881dc0c3b2ecc6ffcf98fbd6b7e0cbf2d85d02e314b8ccf8f6d1646198553365c5560fb267bacddf7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-SEQ7S.tmp\NordVPNSetup.tmp
    Filesize

    3.1MB

    MD5

    29ca787f3a0d83846b7318d02fccb583

    SHA1

    b3688c01bef0e9f1fe62dc831926df3ca92b3778

    SHA256

    746b972e21acb59e4086b5b25fe53ef2cddcecfa94dd56ad68c8e5bab9960c3c

    SHA512

    a6c21bf5590dc91a5d9bc729d9c04c20b54341d3270efd2fb7d2b548d7dc7b23a1a351147a07dfd569e901a608cb44533304de10725cb02fec781cada80b8e3b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-VGAA0.tmp\NordUpdaterSetup.tmp
    Filesize

    3.1MB

    MD5

    f4a031a108c586a85e5646fbecd1dadd

    SHA1

    c3e3d1edc6752a7b05419cb147851dcd249fb3bd

    SHA256

    601f7293c047baeae7f1467311794706476d1087a955bc3813236d3c0366cf04

    SHA512

    6dd791bf95d808854c2ff3ef8c83f81f73ba7d8e270a9abf407d5f00d5a47a64b7bba74f40e4c871ac6121c5b9e94a8f178bcb333d0d926b3284cb480a939576

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\2bcef060ace5a6db.customDestinations-ms
    Filesize

    10KB

    MD5

    3b7eb2a32ea564ec9fb6af3277f8b0be

    SHA1

    940ec62faf1d392c54788522e456acb3b7492505

    SHA256

    7365ee21447d4341a5e7a4f5060f8ded23b4478cb70f49b48ef12cddc0466bef

    SHA512

    e3f5bd5f5f39a265e1fe2e2118f594c05e3994739ec19d1e0b5d3a4938095d71f90c3c52b88a28fee2d88d463570ed5a9768158332a517311c3f9330191500a2

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\2bcef060ace5a6db.customDestinations-ms
    Filesize

    10KB

    MD5

    86dccacd210ad1f1fdd6c2c964f3bdb6

    SHA1

    3d90eab8c2dbb62d46decb5430fc637f04235064

    SHA256

    b53a9f808294f113e413bef40d9516c8f2ad1765240c42d1268430358d207358

    SHA512

    22d0c641938d6ee6cda9131dbfc5e588f6fafcad2005dae7af3d5b3b614a7ed72c64b49e98681f6835a709053e267ced1eac4ce835079f79effae47cd12b26f6

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\2bcef060ace5a6db.customDestinations-ms
    Filesize

    10KB

    MD5

    a14d9d54a3b6aeeec908b67005062409

    SHA1

    dae019db586f960de983a894455284f4065af71b

    SHA256

    e1edfaf0787b3200ccd50a7861ef7a23baad85036ecea1f2cc3a3d9c413ecf91

    SHA512

    b65dcf70fc719b03a47de2d0a6a2a3323da21fe8af82e08695874d3a7976387e19fa0ea6145ea636234e8dfe11539ee19c5c7cb155cb0fc7f6ec0b10e598909b

    Download Submit

  • C:\Windows\Temp\Tmp3F51.tmp
    Filesize

    782B

    MD5

    4ee28ea0e8c6d8bee2db4e4521123b53

    SHA1

    0c42741f31bc5c915fc0d4a2908ee43f372d06bd

    SHA256

    fb1aa055dff33e58012f7c6b9d85eaf7234ecdce31e05f7caadebb76ee4fadad

    SHA512

    f95e1a3e4f5e32bda6d1f9d30c6d750e61fee372f5eea5519b83bfaffe6008ac508547306957b4de3bf5b43bbd2f684f1b8042312eebbc6ea3614c4b13cbbe8c

    Download Submit

  • C:\Windows\Temp\Tmp3F72.tmp
    Filesize

    804B

    MD5

    8120a2a5bbe15b94b00ec360f3b58674

    SHA1

    a52a5eec1c4b8400f6649bfdd55e8c39f0f53c12

    SHA256

    669fce0c7d292a008fd26854c1aa1dd3a7af9c255f0091af809c6eb21f6f70d6

    SHA512

    87d7ac253c7deb10c03ecd8f7a239dab778f4da1fc91e64c6960299e756e10e7bd52c6420e54311b7cb34a0689f99edac8f4995c33e484ba9f90cd7ea84e89dd

    Download Submit

  • C:\Windows\Temp\{eaa5b5bb-857e-c24b-8915-c44d3385c41b}\OemVista.inf
    Filesize

    7KB

    MD5

    0d719e9779f64ab6499ccf7452f99c9b

    SHA1

    8e170acbbb222588a05d4b22105ce056c342859a

    SHA256

    fa56f77404e9fa7723d95a493f206f1bfd2644d83af984b92a45c94a2ea4f7e5

    SHA512

    6904c34f93a3fc4276f113faffd14084a50e136a7bb5e31129c3bf030fe2b6d1b5c2f919eafa2e322f01db57a5376a2c2fca37f402a8e51f7161c5d016565050

    Download Submit

  • C:\Windows\Temp\{eaa5b5bb-857e-c24b-8915-c44d3385c41b}\tapnordvpn.cat
    Filesize

    10KB

    MD5

    ae5e7a3609077ef8ef287a90fa34599e

    SHA1

    0046cf86bb16e8aa8f036684a79e8ee2e47a6e96

    SHA256

    50315c54f0f5727df5b00047757ab038d9946e2859deeacfa8d5d9d050b3fd8a

    SHA512

    08efcec283a564a4956c7583209b403d6727e1cec08a4ac5241e897f40bbbb6b3f6bf3d4a08e2d2df7ac89826168367bb56a39dd1ad5d0cfcf3ce72760d5f0c0

    Download Submit

  • C:\Windows\Temp\{eaa5b5bb-857e-c24b-8915-c44d3385c41b}\tapnordvpn.sys
    Filesize

    48KB

    MD5

    adbefa4c0ad655eae60fd5b58e6e7be4

    SHA1

    c18fcab0dbaaf6407441a596411f33c454d8a345

    SHA256

    b64ae9f92a2542ec8ce063f81ba96894076f2d5eba37e25c47018d0db38ef503

    SHA512

    acb5498c70cc57e9b5667e1115ef1dcd7b345f619cf7a8734117f1f85dd2091787a4f9be3af8c306ba0b897b04644c936f242ef65d7b397a1a60cfa6a315ca66

    Download Submit

  • memory/1836-296-0x0000000000400000-0x00000000004EB000-memory.dmp

    Filesize

    940KB

    Download

  • memory/1836-155-0x0000000000400000-0x00000000004EB000-memory.dmp

    Filesize

    940KB

    Download

  • memory/1840-982-0x000001A0EFC00000-0x000001A0EFC18000-memory.dmp

    Filesize

    96KB

    Download

  • memory/1840-443-0x000001A0EE0E0000-0x000001A0EE0FA000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1840-1125-0x000001A0EE1A0000-0x000001A0EE1B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1840-1124-0x00007FFC79E50000-0x00007FFC7A911000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/1840-1057-0x000001A0EE1A0000-0x000001A0EE1B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1840-1058-0x000001A0EFD80000-0x000001A0EFD92000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1840-1055-0x000001A0F0520000-0x000001A0F0594000-memory.dmp

    Filesize

    464KB

    Download

  • memory/1840-1052-0x000001A0EFD60000-0x000001A0EFD76000-memory.dmp

    Filesize

    88KB

    Download

  • memory/1840-990-0x000001A0EFCE0000-0x000001A0EFCF4000-memory.dmp

    Filesize

    80KB

    Download

  • memory/1840-1044-0x000001A0EFD20000-0x000001A0EFD3E000-memory.dmp

    Filesize

    120KB

    Download

  • memory/1840-983-0x000001A0EFBB0000-0x000001A0EFBBC000-memory.dmp

    Filesize

    48KB

    Download

  • memory/1840-995-0x000001A0EFD00000-0x000001A0EFD14000-memory.dmp

    Filesize

    80KB

    Download

  • memory/1840-979-0x000001A0EFBD0000-0x000001A0EFBF2000-memory.dmp

    Filesize

    136KB

    Download

  • memory/1840-373-0x000001A0D5AD0000-0x000001A0D5ADE000-memory.dmp

    Filesize

    56KB

    Download

  • memory/1840-372-0x000001A0D5AA0000-0x000001A0D5AAE000-memory.dmp

    Filesize

    56KB

    Download

  • memory/1840-377-0x00007FFC79E50000-0x00007FFC7A911000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/1840-378-0x000001A0EE1A0000-0x000001A0EE1B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1840-412-0x000001A0EE090000-0x000001A0EE0D4000-memory.dmp

    Filesize

    272KB

    Download

  • memory/1840-428-0x000001A0EE040000-0x000001A0EE050000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1840-440-0x000001A0EE070000-0x000001A0EE090000-memory.dmp

    Filesize

    128KB

    Download

  • memory/1840-978-0x000001A0F06B0000-0x000001A0F0836000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/1840-444-0x000001A0EE050000-0x000001A0EE058000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1840-451-0x000001A0EE060000-0x000001A0EE06A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/1840-476-0x000001A0EEF60000-0x000001A0EF04A000-memory.dmp

    Filesize

    936KB

    Download

  • memory/1840-503-0x000001A0EE120000-0x000001A0EE138000-memory.dmp

    Filesize

    96KB

    Download

  • memory/1840-508-0x000001A0EE110000-0x000001A0EE11A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/1840-519-0x000001A0EE100000-0x000001A0EE10A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/1840-532-0x000001A0EE140000-0x000001A0EE150000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1840-558-0x000001A0EEC60000-0x000001A0EEC88000-memory.dmp

    Filesize

    160KB

    Download

  • memory/1840-912-0x000001A0EF0F0000-0x000001A0EF108000-memory.dmp

    Filesize

    96KB

    Download

  • memory/1840-580-0x000001A0EE150000-0x000001A0EE160000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1840-583-0x000001A0EE160000-0x000001A0EE16A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/1840-689-0x000001A0EF110000-0x000001A0EF1C2000-memory.dmp

    Filesize

    712KB

    Download

  • memory/1840-704-0x000001A0EF1D0000-0x000001A0EF246000-memory.dmp

    Filesize

    472KB

    Download

  • memory/1840-827-0x000001A0EE170000-0x000001A0EE17A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/1840-828-0x000001A0EED70000-0x000001A0EED82000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1840-839-0x000001A0EED90000-0x000001A0EEDA6000-memory.dmp

    Filesize

    88KB

    Download

  • memory/1840-852-0x000001A0EF050000-0x000001A0EF076000-memory.dmp

    Filesize

    152KB

    Download

  • memory/1840-855-0x000001A0EE190000-0x000001A0EE198000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1840-858-0x000001A0EE180000-0x000001A0EE188000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1840-887-0x000001A0EF0E0000-0x000001A0EF0E8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1840-886-0x000001A0EE1A0000-0x000001A0EE1B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2744-162-0x0000000000A00000-0x0000000000A01000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2744-295-0x0000000000400000-0x0000000000727000-memory.dmp

    Filesize

    3.2MB

    Download

  • memory/3196-118-0x0000000000400000-0x00000000004E1000-memory.dmp

    Filesize

    900KB

    Download

  • memory/3196-26-0x0000000000400000-0x00000000004E1000-memory.dmp

    Filesize

    900KB

    Download

  • memory/3196-0-0x0000000000400000-0x00000000004E1000-memory.dmp

    Filesize

    900KB

    Download

  • memory/3584-1713-0x0000000070BC0000-0x0000000070BE1000-memory.dmp

    Filesize

    132KB

    Download

  • memory/3584-1717-0x00000000708F0000-0x0000000070905000-memory.dmp

    Filesize

    84KB

    Download

  • memory/3584-1716-0x0000000070910000-0x00000000709C3000-memory.dmp

    Filesize

    716KB

    Download

  • memory/3584-1715-0x00000000709D0000-0x0000000070AC3000-memory.dmp

    Filesize

    972KB

    Download

  • memory/3584-1714-0x0000000070AD0000-0x0000000070BBE000-memory.dmp

    Filesize

    952KB

    Download

  • memory/3584-1591-0x0000000070BF0000-0x0000000070D0F000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/4160-25-0x0000000007CA0000-0x00000000081CC000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/4160-115-0x0000000000400000-0x000000000071B000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/4160-27-0x0000000000400000-0x000000000071B000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/4160-24-0x0000000074B80000-0x0000000074B90000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4160-23-0x0000000003780000-0x0000000003790000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4160-19-0x00000000742E0000-0x0000000074A90000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4160-116-0x00000000742E0000-0x0000000074A90000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4160-61-0x0000000000400000-0x000000000071B000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/4160-5-0x0000000000A10000-0x0000000000A11000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4160-55-0x0000000000400000-0x000000000071B000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/4160-18-0x00000000042E0000-0x00000000042F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4160-58-0x0000000000A10000-0x0000000000A11000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4160-112-0x0000000000400000-0x000000000071B000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/4160-62-0x00000000742E0000-0x0000000074A90000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4160-60-0x00000000042E0000-0x00000000042F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4572-1347-0x0000000000400000-0x00000000004E1000-memory.dmp

    Filesize

    900KB

    Download

  • memory/4572-71-0x0000000000400000-0x00000000004E1000-memory.dmp

    Filesize

    900KB

    Download

  • memory/4572-63-0x0000000000400000-0x00000000004E1000-memory.dmp

    Filesize

    900KB

    Download

  • memory/4740-1149-0x0000000000400000-0x000000000071C000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/4740-69-0x00000000008F0000-0x00000000008F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4740-140-0x0000000003720000-0x0000000003730000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4740-1289-0x0000000000400000-0x000000000071C000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/4740-890-0x0000000000400000-0x000000000071C000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/4740-145-0x0000000000400000-0x000000000071C000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/4740-120-0x0000000000400000-0x000000000071C000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/4740-1056-0x0000000000400000-0x000000000071C000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/4740-142-0x0000000074700000-0x0000000074710000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4740-143-0x0000000073E60000-0x0000000074610000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4740-141-0x00000000035F0000-0x0000000003600000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4740-157-0x0000000073E60000-0x0000000074610000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4740-366-0x0000000000400000-0x000000000071C000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/4740-154-0x00000000035F0000-0x0000000003600000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4740-149-0x0000000000400000-0x000000000071C000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/4740-1345-0x0000000000400000-0x000000000071C000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/4740-146-0x00000000008F0000-0x00000000008F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4920-1155-0x00007FFC79E50000-0x00007FFC7A911000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4920-1761-0x0000000070860000-0x000000007086F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/4920-1760-0x00000000709D0000-0x0000000070AC3000-memory.dmp

    Filesize

    972KB

    Download

  • memory/4920-1759-0x0000000070870000-0x00000000708E8000-memory.dmp

    Filesize

    480KB

    Download

  • memory/4920-1375-0x0000000070BF0000-0x0000000070D0F000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/4920-1151-0x00000230FB390000-0x00000230FB39E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/4920-1150-0x00000230FB360000-0x00000230FB36E000-memory.dmp

    Filesize

    56KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.