Network Analysis

GET /download?cid=7AD84143EE0A85E3&resid=7AD84143EE0A85E3%21116&authkey=AC5XLhzUJFsHZoI HTTP/1.1 User-Agent: zipo Host: onedrive.live.com

HTTP/1.1 302 Found Cache-Control: no-cache, no-store Pragma: no-cache Content-Type: text/html Expires: -1 Location: https://pxpura.sn.files.1drv.com/y4mTqQTnzr4pGog1oK2eUPWO2zTo_rsFVTPrpApe4AHExcxal8onplEHYAAHWZNuE9mQhEnNg9mAhgaH0pBJMGNkXeaGGjPLQpFd_j-WYlkCZkVMaTJvVVJjW_SKqjQMixM8CLUN84M--myYDNmTgV_V3qzQm-iqfWRzhMNFnAhWkZySZurqkZI9uWlpe74bVG0ncBzFZPMFBkPTrVXY5kkcw/Ibbuwegvliephobtwakpuytjburrfsv?download&psid=1 Set-Cookie: E=P:2GZV4XBY2Yg=:MDSRbSXlMBXoUeIVaQp3XuwRm+pcpwfy9tFVknWYxS0=:F; domain=.live.com; path=/ Set-Cookie: xid=148bafc0-3061-42a0-8f7b-fcc2285c7a75&&RD00155D5E9D04&262; domain=.live.com; path=/ Set-Cookie: xidseq=1; domain=.live.com; path=/ Set-Cookie: LD=; domain=.live.com; expires=Thu, 05-Aug-2021 22:46:48 GMT; path=/ Set-Cookie: wla42=; domain=live.com; expires=Fri, 13-Aug-2021 00:26:49 GMT; path=/ X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-MSNServer: RD00155D5E9D04 X-ODWebServer: canadaeast1-odwebpl X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: A0E93F00E0F34CEE84F1807CE42D7E22 Ref B: SLAEDGE1112 Ref C: 2021-08-06T00:26:48Z Date: Fri, 06 Aug 2021 00:26:48 GMT Content-Length: 0

GET /y4mTqQTnzr4pGog1oK2eUPWO2zTo_rsFVTPrpApe4AHExcxal8onplEHYAAHWZNuE9mQhEnNg9mAhgaH0pBJMGNkXeaGGjPLQpFd_j-WYlkCZkVMaTJvVVJjW_SKqjQMixM8CLUN84M--myYDNmTgV_V3qzQm-iqfWRzhMNFnAhWkZySZurqkZI9uWlpe74bVG0ncBzFZPMFBkPTrVXY5kkcw/Ibbuwegvliephobtwakpuytjburrfsv?download&psid=1 HTTP/1.1 User-Agent: zipo Host: pxpura.sn.files.1drv.com Connection: Keep-Alive

HTTP/1.1 200 OK Cache-Control: public Content-Length: 275456 Content-Type: application/octet-stream Content-Location: https://pxpura.sn.files.1drv.com/y4m_hTYWutZ9x-4L4oQlQlBxJQ6CWrX_toBkMyvG9oKcKEV-zWrAtObDtTGZvT_uuPkKfyGyjjgveFAT7-2qgrI14y4frCfoCWVJeFiAvg_Djj3yFp3cB3nPdMoG8XfQoKGJyHAHwJpDphDwJj130k-PCllWvR_OBtb82ne0NvIlRcPUPgG6OmZ3MPBSPPcHRbr Expires: Thu, 04 Nov 2021 00:26:50 GMT Last-Modified: Thu, 05 Aug 2021 08:08:00 GMT Accept-Ranges: bytes ETag: 7AD84143EE0A85E3!116.2 P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo" X-MSNSERVER: SN4PPF50D1732A4 Strict-Transport-Security: max-age=31536000; includeSubDomains MS-CV: plEzXY+IuE+IsA7m5hJ74g.0 X-SqlDataOrigin: S CTag: aYzo3QUQ4NDE0M0VFMEE4NUUzITExNi4yNTc X-PreAuthInfo: rv;poba; Content-Disposition: attachment; filename="Ibbuwegvliephobtwakpuytjburrfsv" X-Content-Type-Options: nosniff X-StreamOrigin: X X-AsmVersion: UNKNOWN; 19.725.719.2003 X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: ED866BD050374377BD35B3256946E9D5 Ref B: SLAEDGE1019 Ref C: 2021-08-06T00:26:49Z Date: Fri, 06 Aug 2021 00:26:49 GMT

GET /download?cid=7AD84143EE0A85E3&resid=7AD84143EE0A85E3%21116&authkey=AC5XLhzUJFsHZoI HTTP/1.1 User-Agent: aswe Host: onedrive.live.com Cache-Control: no-cache Cookie: E=P:2GZV4XBY2Yg=:MDSRbSXlMBXoUeIVaQp3XuwRm+pcpwfy9tFVknWYxS0=:F; xid=148bafc0-3061-42a0-8f7b-fcc2285c7a75&&RD00155D5E9D04&262; xidseq=1; wla42=

HTTP/1.1 302 Found Cache-Control: no-cache, no-store Pragma: no-cache Content-Type: text/html Expires: -1 Location: https://pxpura.sn.files.1drv.com/y4m8w-5fZ5LYe9NvVGuehLoV03XV3EjZKx4NG5hd09m24ST9gDlTm2Pa-Km4mTTC7Q7Beyz15BqxFhaTLmMe4oLSytmfOwepooZRHdsg484fbqDCfa2Y7LI5MFnkvBtX4hFVimoAiiwVVwYt1z0CaG3TepVkT1NCz34co9aNrbAg4vM0IdJjZKsHKKek2lcjZnWtot_ri4C5lKlxcM7drBzVQ/Ibbuwegvliephobtwakpuytjburrfsv?download&psid=1 Set-Cookie: E=P:+ZJx4nBY2Yg=:7nke9xIcInQOt92w62CBR1V4zegLYfqH5lVvpx9kXQs=:F; domain=.live.com; path=/ Set-Cookie: xidseq=2; domain=.live.com; path=/ Set-Cookie: LD=; domain=.live.com; expires=Thu, 05-Aug-2021 22:46:50 GMT; path=/ Set-Cookie: wla42=; domain=live.com; expires=Fri, 13-Aug-2021 00:26:51 GMT; path=/ X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-MSNServer: RD00155D5E9D04 X-ODWebServer: canadaeast1-odwebpl X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: 641BFA1AC37F4317B721C1AF756D61F4 Ref B: SLAEDGE1112 Ref C: 2021-08-06T00:26:50Z Date: Fri, 06 Aug 2021 00:26:50 GMT Content-Length: 0

GET /y4m8w-5fZ5LYe9NvVGuehLoV03XV3EjZKx4NG5hd09m24ST9gDlTm2Pa-Km4mTTC7Q7Beyz15BqxFhaTLmMe4oLSytmfOwepooZRHdsg484fbqDCfa2Y7LI5MFnkvBtX4hFVimoAiiwVVwYt1z0CaG3TepVkT1NCz34co9aNrbAg4vM0IdJjZKsHKKek2lcjZnWtot_ri4C5lKlxcM7drBzVQ/Ibbuwegvliephobtwakpuytjburrfsv?download&psid=1 HTTP/1.1 User-Agent: aswe Host: pxpura.sn.files.1drv.com Cache-Control: no-cache Connection: Keep-Alive

HTTP/1.1 200 OK Cache-Control: public Content-Length: 275456 Content-Type: application/octet-stream Content-Location: https://pxpura.sn.files.1drv.com/y4m_hTYWutZ9x-4L4oQlQlBxJQ6CWrX_toBkMyvG9oKcKEV-zWrAtObDtTGZvT_uuPkKfyGyjjgveFAT7-2qgrI14y4frCfoCWVJeFiAvg_Djj3yFp3cB3nPdMoG8XfQoKGJyHAHwJpDphDwJj130k-PCllWvR_OBtb82ne0NvIlRcPUPgG6OmZ3MPBSPPcHRbr Expires: Thu, 04 Nov 2021 00:26:51 GMT Last-Modified: Thu, 05 Aug 2021 08:08:00 GMT Accept-Ranges: bytes ETag: 7AD84143EE0A85E3!116.2 P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo" X-MSNSERVER: SN3PPF5BE2DA8D3 Strict-Transport-Security: max-age=31536000; includeSubDomains MS-CV: 76wq4m0A4UO47aPxY+Gk5w.0 X-SqlDataOrigin: S CTag: aYzo3QUQ4NDE0M0VFMEE4NUUzITExNi4yNTc X-PreAuthInfo: rv;poba; Content-Disposition: attachment; filename="Ibbuwegvliephobtwakpuytjburrfsv" X-Content-Type-Options: nosniff X-StreamOrigin: X X-AsmVersion: UNKNOWN; 19.725.719.2003 X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: E343971136624647A6BD86F52A5407F2 Ref B: SLAEDGE1116 Ref C: 2021-08-06T00:26:51Z Date: Fri, 06 Aug 2021 00:26:51 GMT

GET /6mam/ HTTP/1.1 Accept: */* User-Agent: Windows Explorer Host: www.hanasugisaki.com Connection: Keep-Alive Cache-Control: no-cache

HTTP/1.1 200 OK Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Content-Type: text/html; charset=UTF-8 Date: Fri, 06 Aug 2021 00:28:00 GMT Expires: Mon, 26 Jul 1997 05:00:00 GMT Last-Modified: Fri, 06 Aug 2021 00:28:00 GMT Pragma: no-cache Server: NginX Vary: Accept-Encoding X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_OcSbTu178b9XnsMsdIRfLzOtxl57QHdfYRpRUviNtXGjPe0fR2S8wscZiCnFOL4IF1PA/vvzbBpMIDo528Ynlw== X-Cache-Miss-From: parking-68df7fd5c5-v5zrw Transfer-Encoding: chunked

POST /6mam/ HTTP/1.1 Host: www.bgpetty.com Connection: close Content-Length: 280 Cache-Control: no-cache Origin: http://www.bgpetty.com User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) Content-Type: application/x-www-form-urlencoded Accept: */* Referer: http://www.bgpetty.com/6mam/ Accept-Language: en-US Accept-Encoding: gzip, deflate

HTTP/1.1 404 Not Found Date: Fri, 06 Aug 2021 00:27:07 GMT Server: Apache Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 X-UA-Compatible: IE=edge Link: <http://bgpetty.com/wp-json/>; rel="https://api.w.org/" X-TEC-API-VERSION: v1 X-TEC-API-ROOT: http://bgpetty.com/wp-json/tribe/events/v1/ X-TEC-API-ORIGIN: http://bgpetty.com Upgrade: h2,h2c Connection: Upgrade, close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8

GET /6mam/?gf=DVd1UroJa56TibiaZjHEwxXkZ0tEKWvQ6wjwLM6s02wKD9/hiFlWC8bXo6c3n9F1pHO/GanB&WbJ=vFNt3 HTTP/1.1 Host: www.bgpetty.com Connection: close

HTTP/1.1 301 Moved Permanently Date: Fri, 06 Aug 2021 00:27:07 GMT Server: Apache Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 X-UA-Compatible: IE=edge X-Redirect-By: WordPress Upgrade: h2,h2c Connection: Upgrade, close Location: http://bgpetty.com/6mam/?gf=DVd1UroJa56TibiaZjHEwxXkZ0tEKWvQ6wjwLM6s02wKD9/hiFlWC8bXo6c3n9F1pHO/GanB&WbJ=vFNt3 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8

POST /6mam/ HTTP/1.1 Host: www.kykyryky.art Connection: close Content-Length: 280 Cache-Control: no-cache Origin: http://www.kykyryky.art User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) Content-Type: application/x-www-form-urlencoded Accept: */* Referer: http://www.kykyryky.art/6mam/ Accept-Language: en-US Accept-Encoding: gzip, deflate

HTTP/1.1 404 Not Found Server: nginx Date: Fri, 06 Aug 2021 00:27:14 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Content-Encoding: gzip

GET /6mam/?gf=YhmCqIEbUGfuw5buP1ux4NwPyUbKdSmuBWvVd54Q/24mN/u1gMwH9i6nnbSMiSrA5lPx01TB&WbJ=vFNt3 HTTP/1.1 Host: www.kykyryky.art Connection: close

HTTP/1.1 404 Not Found Server: nginx Date: Fri, 06 Aug 2021 00:27:14 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close

POST /6mam/ HTTP/1.1 Host: www.trendyheld.com Connection: close Content-Length: 280 Cache-Control: no-cache Origin: http://www.trendyheld.com User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) Content-Type: application/x-www-form-urlencoded Accept: */* Referer: http://www.trendyheld.com/6mam/ Accept-Language: en-US Accept-Encoding: gzip, deflate

GET /6mam/?gf=E0pe+Y2v4UDt+w4IAz5H/oSd7jolrcEyLMhuwDlQLqgXY2i3h8ADuPLB2g4wdc2gmmszQyxl&WbJ=vFNt3 HTTP/1.1 Host: www.trendyheld.com Connection: close

HTTP/1.1 403 Forbidden Date: Fri, 06 Aug 2021 00:27:25 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Sorting-Hat-PodId: -1 X-Request-ID: 62adc012-3d35-4184-8d49-ca00b6e7cf65 X-XSS-Protection: 1; mode=block X-Download-Options: noopen X-Content-Type-Options: nosniff X-Permitted-Cross-Domain-Policies: none X-Dc: gcp-us-central1 CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 67a423ad2b7231e5-LAX alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

POST /6mam/ HTTP/1.1 Host: www.scientiaxliv.com Connection: close Content-Length: 280 Cache-Control: no-cache Origin: http://www.scientiaxliv.com User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) Content-Type: application/x-www-form-urlencoded Accept: */* Referer: http://www.scientiaxliv.com/6mam/ Accept-Language: en-US Accept-Encoding: gzip, deflate

HTTP/1.1 405 Not Allowed Server: openresty Date: Fri, 06 Aug 2021 00:27:31 GMT Content-Type: text/html Content-Length: 556 X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_OTxMr2Od6I7gCVlAY3n96OLXaJajzSIQyExGYQBkLDAmtTTuhdyuCIOcLoWyuTESUn05jWne6r1z2148xw2Dmg Via: 1.1 google Connection: close

GET /6mam/?gf=BjPyK/gh05BndaRlxx73WDfQM5Dt6PhPoAEuUgvv1xovO5wVmySbhw6hu25djVRDujkCPznz&WbJ=vFNt3 HTTP/1.1 Host: www.scientiaxliv.com Connection: close

HTTP/1.1 403 Forbidden Server: openresty Date: Fri, 06 Aug 2021 00:27:31 GMT Content-Type: text/html Content-Length: 275 ETag: "610650f1-113" Via: 1.1 google Connection: close

GET /6mam/?gf=jkvtMSvddI2VYlq0mp5CmeoamuID3EfQPD4PCCzv2+e72zsfqy8mt6+jtGJRzfNUMKA78SWG&WbJ=vFNt3 HTTP/1.1 Host: www.hanasugisaki.com Connection: close

HTTP/1.1 301 Moved Permanently Content-Type: text/html; charset=utf-8 Location: https://www.hanasugisaki.com/6mam/?gf=jkvtMSvddI2VYlq0mp5CmeoamuID3EfQPD4PCCzv2+e72zsfqy8mt6+jtGJRzfNUMKA78SWG&WbJ=vFNt3 Date: Fri, 06 Aug 2021 00:27:57 GMT Content-Length: 159 Connection: close

POST /6mam/ HTTP/1.1 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Windows Explorer Host: www.hanasugisaki.com Content-Length: 279 Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently Location: https://www.hanasugisaki.com/6mam/ Date: Fri, 06 Aug 2021 00:27:58 GMT Content-Length: 0

POST /6mam/ HTTP/1.1 Host: www.hibachiexpressnctogo.com Connection: close Content-Length: 280 Cache-Control: no-cache Origin: http://www.hibachiexpressnctogo.com User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) Content-Type: application/x-www-form-urlencoded Accept: */* Referer: http://www.hibachiexpressnctogo.com/6mam/ Accept-Language: en-US Accept-Encoding: gzip, deflate

HTTP/1.1 403 Forbidden Server: CloudFront Date: Fri, 06 Aug 2021 00:28:03 GMT Content-Type: text/html Content-Length: 1053 Connection: close X-Cache: Error from cloudfront Via: 1.1 1163a5104eac3e0cc4c55b23f4f28867.cloudfront.net (CloudFront) X-Amz-Cf-Pop: ICN51-C2 X-Amz-Cf-Id: Uds4IeG8JkInhQDHOIUziIB6bzzMncMaxoZucK8YtbQVCaLS5TAx6Q==

GET /6mam/?gf=0HG4+iy4HM9z+nt9884ETIsw7S4XNgMIsS4SVeWydW0ESnQUZ/hCKdKQ9SnakUxepzgcXLa3&WbJ=vFNt3 HTTP/1.1 Host: www.hibachiexpressnctogo.com Connection: close

HTTP/1.1 301 Moved Permanently Server: CloudFront Date: Fri, 06 Aug 2021 00:28:03 GMT Content-Type: text/html Content-Length: 183 Connection: close Location: https://www.hibachiexpressnctogo.com/6mam/?gf=0HG4+iy4HM9z+nt9884ETIsw7S4XNgMIsS4SVeWydW0ESnQUZ/hCKdKQ9SnakUxepzgcXLa3&WbJ=vFNt3 X-Cache: Redirect from cloudfront Via: 1.1 3dd24013b0b99bf4ea490be8808572d8.cloudfront.net (CloudFront) X-Amz-Cf-Pop: ICN51-C2 X-Amz-Cf-Id: 6hQib0AXfaLn13Vk_LO0cW2iL_N4123Hl8XD8ylo5o2Ll-5L89o1jw==