First, the hacker registers a domain and places a regular website at this address, for example, https://www.vsecurelabs.co/. As an IP address, he indicates to the provider the IP of his PC from which the attack will be carried out. As soon as the victim opens this resource, his computer is told the IP address of the attacking machine. Finally, the attacked PC tries to load the home page of the attacker’s website. Heffner’s Rebind utility, launched on the hacker’s computer, recognizes this request, captures the victim’s IP address and redirects it to a subdomain (for example, https://www.vsecurelabs.co/). This causes the victim computer to re-send the IP request, but this time to the subdomain. The Rebind program responds with two IP addresses – the victim’s own IP address and the victim’s IP address recorded in the previous step. Next, the attacked PC requests the content of the website – this time from the subdomain https://www.vsecurelabs.co/. At this point, the hacker sends a special Rebind program to the victim and blocks all connections to the attacking computer that were made over HTTP through port 80.