Overview

URLbayfiles.com/Sfd4l2E8ye/ProtonVPN_1.18.5_rar
IP 45.154.253.151 (United Kingdom)
ASN#41634 Svea Hosting AB
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2022-11-11 18:41:30 UTC
StatusLoading report..
IDS alerts0
Blocklist alert13
urlquery alerts No alerts detected
Tags None

Domain Summary (19)

Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
ocsp.digicert.com (4) 86 2012-05-21 07:02:23 UTC 2020-05-02 20:58:10 UTC 93.184.220.29
ikadmethe.xyz (6) 0 2022-11-07 22:37:45 UTC 2022-11-11 14:47:25 UTC 54.230.111.65 Unknown ranking
ocsp.pki.goog (3) 175 2018-07-01 06:43:07 UTC 2020-05-02 20:58:16 UTC 142.250.74.35
pogothere.xyz (3) 0 2022-09-04 19:11:25 UTC 2022-11-11 09:37:39 UTC 172.64.106.19 Unknown ranking
r3.o.lencr.org (9) 344 No data No data 23.36.77.32
vjs.zencdn.net (2) 4968 2012-05-21 08:26:59 UTC 2020-01-22 07:07:55 UTC 151.101.86.217
itahandkeight.xyz (3) 0 2022-10-23 11:27:59 UTC 2022-11-11 09:37:40 UTC 172.67.208.217 Unknown ranking
accounts.google.com (3) 81 2016-09-05 09:39:47 UTC 2022-11-11 12:34:44 UTC 216.58.207.237
policityseriod.info (10) 0 2018-11-10 12:18:32 UTC 2022-11-11 16:29:25 UTC 103.224.212.220 Unknown ranking
www.facebook.com (1) 99 2012-05-21 00:23:41 UTC 2021-06-08 06:38:51 UTC 31.13.72.36
firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-11-11 05:46:42 UTC 34.102.187.140
bayfiles.com (23) 376602 2012-05-24 16:09:40 UTC 2022-11-11 14:07:45 UTC 45.154.253.151
bayfiles.com (23) 376602 2012-05-24 16:09:40 UTC 2022-11-11 14:07:45 UTC 45.154.253.150
content-signature-2.cdn.mozilla.net (1) 1152 No data No data 34.160.144.191
contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-11-11 05:51:39 UTC 34.117.237.239
djv99sxoqpv11.cloudfront.net (4) 0 2021-10-07 14:52:14 UTC 2022-11-11 06:47:15 UTC 54.230.245.37 Unknown ranking
e1.o.lencr.org (7) 6159 No data No data 23.36.76.226
push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2020-05-03 10:09:39 UTC 35.165.143.157
img-getpocket.cdn.mozilla.net (6) 1631 2018-06-21 23:36:00 UTC 2020-02-19 04:43:25 UTC 34.120.237.76

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
 No alerts detected

PhishTank
 No alerts detected

Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-11-11 2 djv99sxoqpv11.cloudfront.net/3SGxSVnQrAzwwSzwFNmtDfVphYUJuBiE5GjhROz5AMBYmE (...) Malware
2022-11-11 2 djv99sxoqpv11.cloudfront.net/YZ0RoRkkEKwYgdhMtDHt+VHNbdXxBLhspJxd5BgUKHj4cK (...) Malware
2022-11-11 2 djv99sxoqpv11.cloudfront.net/4RE5SOGYnITxeWTAnNgVRd3lhC1ViJCFXCDRzGFkSPjc+W (...) Malware
2022-11-11 2 policityseriod.info/QkMzNXc5YUBCKDcxXxdNYCtHQQcxeRwaFSM6VVwbJzAdVhgvbEBCWSg (...) Malware
2022-11-11 2 policityseriod.info/Z3NFbjM8UXJdBFRBc0wfRVFpTFEFQyYLCgQVaF4GARJoWlBTRmhXC1F (...) Malware
2022-11-11 2 policityseriod.info/ Malware
2022-11-11 2 policityseriod.info/ Malware
2022-11-11 2 policityseriod.info/ Malware
2022-11-11 2 policityseriod.info/ Malware
2022-11-11 2 policityseriod.info/ Malware
2022-11-11 2 policityseriod.info/ Malware
2022-11-11 2 policityseriod.info/ Malware
2022-11-11 2 policityseriod.info/ Malware

mnemonic secure dns
 No alerts detected

Quad9 DNS
 No alerts detected


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 45.154.253.151
Date UQ / IDS / BL URL IP
2023-01-31 14:18:03 +0000 0 - 0 - 4 anonfiles.com/Ub66jeVfy1/OzMinerBeta1.1V_exe 45.154.253.151
2023-01-29 14:40:30 +0000 0 - 0 - 4 anonfiles.com/v6jaqfP7x2 45.154.253.151
2023-01-28 19:52:41 +0000 0 - 0 - 4 anonfiles.com/i6D5hbS7y2/Undertale_-_BITS_AND (...) 45.154.253.151
2023-01-28 17:44:32 +0000 0 - 0 - 4 anonfiles.com/F2v8VaG5x6/Fundamentals_of_Buil (...) 45.154.253.151
2023-01-26 17:38:29 +0000 0 - 0 - 2 anonfiles.com/l0s0ic58p0 45.154.253.151


Last 5 reports on ASN: Svea Hosting AB
Date UQ / IDS / BL URL IP
2023-02-01 23:31:32 +0000 0 - 0 - 4 cdn-117.anonfiles.com/ddU1r94eyd/8d880300-167 (...) 195.96.151.69
2023-02-01 21:52:03 +0000 0 - 0 - 4 cdn-142.anonfiles.com/o185kcV5yc/27642046-167 (...) 195.96.151.35
2023-02-01 21:50:42 +0000 0 - 0 - 4 cdn-119.anonfiles.com/Q1PeR6T9yf/0207fef1-167 (...) 195.96.151.71
2023-02-01 19:23:50 +0000 0 - 0 - 4 cdn-130.anonfiles.com/Mak445U2ya/975747ab-167 (...) 195.96.151.85
2023-02-01 19:09:42 +0000 0 - 0 - 4 cdn-133.anonfiles.com/Y5S453G0y7/7a030c0b-167 (...) 195.96.151.88


Last 5 reports on domain: bayfiles.com
Date UQ / IDS / BL URL IP
2023-01-30 19:30:43 +0000 0 - 0 - 19 cdn-111.bayfiles.com/12xey6i2y0/90f5bdfd-1675 (...) 195.96.151.60
2023-01-30 19:30:40 +0000 0 - 0 - 16 cdn-111.bayfiles.com/12xey6i2y0/90f5bdfd-1675 (...) 195.96.151.60
2023-01-29 21:15:49 +0000 0 - 0 - 17 cdn-141.bayfiles.com/mdo3ddcbyf/b71526df-1675 (...) 195.96.151.34
2023-01-29 21:15:31 +0000 0 - 0 - 15 cdn-141.bayfiles.com/mdo3ddcbyf/b71526df-1675 (...) 195.96.151.34
2023-01-29 18:00:57 +0000 0 - 0 - 16 cdn-129.bayfiles.com/mdo3ddcbyf/35352820-1674 (...) 195.96.151.84


Last 5 reports with similar screenshot
Date UQ / IDS / BL URL IP
2023-01-28 21:43:25 +0000 0 - 0 - 16 bayfiles.com/z6TcCeLby1 45.154.253.152
2023-01-27 18:36:25 +0000 0 - 0 - 15 bayfiles.com/Je94v6K7ya/Antler_v3.0_HTML_rar 45.154.253.152
2023-01-21 19:12:16 +0000 0 - 0 - 13 cdn-114.bayfiles.com/066fZdOayd/51a9e31c-1674 (...) 195.96.151.66
2023-01-21 18:54:07 +0000 0 - 0 - 12 cdn-114.bayfiles.com/066fZdOayd/51a9e31c-1674 (...) 195.96.151.66
2023-01-11 02:05:59 +0000 0 - 3 - 13 cdn-116.bayfiles.com/dbsfz7J8y3/0909d9dd-1672 (...) 195.96.151.68

JavaScript

Executed Scripts (13)

Executed Evals (0)

Executed Writes (0)


HTTP Transactions (89)


Request Response
                                        
                                            GET /Sfd4l2E8ye/ProtonVPN_1.18.5_rar HTTP/1.1 
Host: bayfiles.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         45.154.253.150
HTTP/1.1 301 Moved Permanently
Content-Type: text/html
                                        
Server: nginx
Date: Fri, 11 Nov 2022 18:41:19 GMT
Content-Length: 162
Connection: keep-alive
Location: https://bayfiles.com/Sfd4l2E8ye/ProtonVPN_1.18.5_rar


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   162
Md5:    4f8e702cc244ec5d4de32740c0ecbd97
Sha1:   3adb1f02d5b6054de0046e367c1d687b6cdf7aff
Sha256: 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "D3F75D03561D6A47D19370292E821A86E58381466F0C69386A21175DE55882FF"
Last-Modified: Fri, 11 Nov 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13573
Expires: Fri, 11 Nov 2022 22:27:32 GMT
Date: Fri, 11 Nov 2022 18:41:19 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5345
Cache-Control: max-age=148753
Date: Fri, 11 Nov 2022 18:41:19 GMT
Etag: "636e247f-1d7"
Expires: Sun, 13 Nov 2022 12:00:32 GMT
Last-Modified: Fri, 11 Nov 2022 10:31:27 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "17894427C471F7FA02CA274795DC55DF1BFC99D7BD83F9EE36249394035110FD"
Last-Modified: Wed, 09 Nov 2022 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2479
Expires: Fri, 11 Nov 2022 19:22:38 GMT
Date: Fri, 11 Nov 2022 18:41:19 GMT
Connection: keep-alive

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Alert, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 11 Nov 2022 17:43:54 GMT
cache-control: public,max-age=3600
age: 3445
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    4736bac84ca28f2b1e961159fb4ea098
Sha1:   1319612979f53896fcfeacd4215c2715d4951e4c
Sha256: 5e81213e111ddf68c7f884f72b4e06fc4dc95eb902c3cf0762236b2418840dba
                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: zuOL38/WMYdn4mr85nS0snhYxCw+yRdiiPVvIgRoaqIvHWdXMiGEKRsmJEhtKtBpBY3zep0a0dI=
x-amz-request-id: XFZJHA5ME3P1Y6YG
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 11 Nov 2022 17:49:54 GMT
age: 3085
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    67d5a988edcda47bc3b3b3f65d32b4b6
Sha1:   d4f0e0da8b3690cc7da925026d3414b68c7d954f
Sha256: 55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "4E67BC9D874C02418110193ADABEB585C88F6BF838D500098BF9A3DA21BE0D03"
Last-Modified: Fri, 11 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9945
Expires: Fri, 11 Nov 2022 21:27:04 GMT
Date: Fri, 11 Nov 2022 18:41:19 GMT
Connection: keep-alive

                                        
                                            GET /Sfd4l2E8ye/ProtonVPN_1.18.5_rar HTTP/1.1 
Host: bayfiles.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

search
                                         45.154.253.151
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Fri, 11 Nov 2022 18:41:19 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
x-vdc: Yes
cache-control: public, max-age=60
x-oe: N
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (481)
Size:   2755
Md5:    fc24f2851d8ae21a36b0f6ac1120af69
Sha1:   c77e8f492b4e85818f23dfe3ce5127385ef307b0
Sha256: f22529f73fc996cd32a75c36351e4e93475e79dc36193ac4ce4e550ef43fb9b1
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Fri, 11 Nov 2022 18:41:19 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /css/bayfiles.css?1667332315 HTTP/1.1 
Host: bayfiles.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/Sfd4l2E8ye/ProtonVPN_1.18.5_rar
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         45.154.253.151
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: nginx
Date: Fri, 11 Nov 2022 18:41:20 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
cache-control: public, max-age=3600
x-oe: Y
x-oh: 2104
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (65452)
Size:   25354
Md5:    896df88019eabed295bc78a2f053ab92
Sha1:   1bca351d99600fb10583eb28c638dd58482535a0
Sha256: b1555a31747d1f471ea748a1363cf9c588d66dd15dcf42cf7fa0b2911d0424d0
                                        
                                            GET /sw.js HTTP/1.1 
Host: bayfiles.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/Sfd4l2E8ye/ProtonVPN_1.18.5_rar
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         45.154.253.151
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
                                        
Server: nginx
Date: Fri, 11 Nov 2022 18:41:20 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
x-vdch: Yes
cache-control: public, max-age=14400
x-oe: Y
x-oh: 10737
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (39060), with no line terminators
Size:   14388
Md5:    fefdeff3180d9772f08a2cadce9a55b0
Sha1:   5610f0290b7f4c81c57a65703825fc2830aeac96
Sha256: 0009589421c540c0b0ee37fde74f5373962096bc8e9869a953b4cb59547a8f61
                                        
                                            GET /js/app.js?1667332315 HTTP/1.1 
Host: bayfiles.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/Sfd4l2E8ye/ProtonVPN_1.18.5_rar
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         45.154.253.151
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
                                        
Server: nginx
Date: Fri, 11 Nov 2022 18:41:20 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
cache-control: public, max-age=3600
x-oe: Y
x-oh: 232
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (63238)
Size:   57886
Md5:    ba67ff13fd07739a7037fbc27b2a1955
Sha1:   3e253f69b2f12659c541de122c6bce0ed82ba369
Sha256: 1cb363c41be4b3558b7b97b28bb7620cf532033c8a7a0035020831c104aaf818
                                        
                                            GET /img/flags/24/no.png HTTP/1.1 
Host: bayfiles.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/Sfd4l2E8ye/ProtonVPN_1.18.5_rar
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         45.154.253.151
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx
Date: Fri, 11 Nov 2022 18:41:20 GMT
Content-Length: 611
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 616
accept-ranges: bytes


--- Additional Info ---
Magic:  PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Size:   611
Md5:    f14ac70aa6dd4d371671c0e6d7cba4e3
Sha1:   1139e3acd6e073bffb59157cbc10af72ed757218
Sha256: 9a4473862ea2b9bd1c5e1543900416e693b33516cae53fde32e1c3a83d3382e4
                                        
                                            GET /img/flags/24/br.png HTTP/1.1 
Host: bayfiles.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/Sfd4l2E8ye/ProtonVPN_1.18.5_rar
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         45.154.253.151
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx
Date: Fri, 11 Nov 2022 18:41:20 GMT
Content-Length: 1115
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 755
accept-ranges: bytes


--- Additional Info ---
Magic:  PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Size:   1115
Md5:    6a5938d2e7f7d6f4026d6eb1b4b4f2cd
Sha1:   7a038177fe4deec455d61d3e9c90019fa4727d40
Sha256: 0ab6c46e677fa7e49b6344fcde39c06ff6c014d9163571cdb36f8b5fc59c17eb
                                        
                                            GET /img/flags/24/se.png HTTP/1.1 
Host: bayfiles.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/Sfd4l2E8ye/ProtonVPN_1.18.5_rar
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         45.154.253.151
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx
Date: Fri, 11 Nov 2022 18:41:20 GMT
Content-Length: 581
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 844
accept-ranges: bytes


--- Additional Info ---
Magic:  PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Size:   581
Md5:    c9b1e40987c4411b4a7d13c07a8843aa
Sha1:   cfce93be3ba77e4e30033d25e2e5c6a37da1b27d
Sha256: 8c04b3b52d605637bb4c6a26449c45e5320a3f33f14e8c737ce599433bc19f14
                                        
                                            GET /img/flags/24/dk.png HTTP/1.1 
Host: bayfiles.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/Sfd4l2E8ye/ProtonVPN_1.18.5_rar
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         45.154.253.151
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx
Date: Fri, 11 Nov 2022 18:41:20 GMT
Content-Length: 537
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 3991
accept-ranges: bytes


--- Additional Info ---
Magic:  PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Size:   537
Md5:    b6ebe55a7d176720cd2b1003298187a8
Sha1:   930858408b9af1f79c430bbe15c185db555a7815
Sha256: 07575cf7a8d7d2b8edfbea80f8e8a228ecc56a03a567bc60c0ef4dc6ac0f328a
                                        
                                            GET /7.3.0/video.min.js HTTP/1.1 
Host: vjs.zencdn.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         151.101.86.217
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
last-modified: Fri, 26 Oct 2018 18:06:27 GMT
etag: "057f19acd50fc7e3ad917dd600889ee5"
cache-control: public, max-age=31536000
content-encoding: gzip
date: Fri, 11 Nov 2022 18:41:20 GMT
x-served-by: cache-bma1668-BMA
x-cache: HIT
x-cache-hits: 2
vary: Accept-Encoding
access-control-allow-origin: *
timing-allow-origin: *
content-length: 132230
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (65141)
Size:   132230
Md5:    e296d874aca2a1550b409394be51efaa
Sha1:   c184c030e9aab3d03de27bc588919e249d5ccdf7
Sha256: 401c15b7916797f936e9d8443945ef22e0f93305655c057a92c8d9b80c327c9f
                                        
                                            GET /7.3.0/video-js.min.css HTTP/1.1 
Host: vjs.zencdn.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         151.101.86.217
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
last-modified: Fri, 26 Oct 2018 18:06:27 GMT
etag: "895e6b29db41953ef6197815c6be59d3"
cache-control: public, max-age=31536000
content-encoding: gzip
date: Fri, 11 Nov 2022 18:41:20 GMT
x-served-by: cache-bma1668-BMA
x-cache: HIT
x-cache-hits: 3924
vary: Accept-Encoding
access-control-allow-origin: *
timing-allow-origin: *
content-length: 9673
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (35998), with no line terminators
Size:   9673
Md5:    3397ce943db8add2728dccd9a3b8b8bc
Sha1:   a57bbb7546a458fe57d72d06baab950125260cc9
Sha256: 5779043d07e39f23d64752c34c3113055eaaadf57fcd02f366cb028485e626ba
                                        
                                            GET /img/flags/24/fr.png HTTP/1.1 
Host: bayfiles.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/Sfd4l2E8ye/ProtonVPN_1.18.5_rar
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         45.154.253.151
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx
Date: Fri, 11 Nov 2022 18:41:20 GMT
Content-Length: 536
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 690
accept-ranges: bytes


--- Additional Info ---
Magic:  PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Size:   536
Md5:    e81efecf1a1b1d3a17d00a904c5cc3c9
Sha1:   1203894dbfc8363302dc709d852c05a4dd8bf9dc
Sha256: 54df4beda3ad05d5c621511ff15b2882588ff457e36132035d5f21fb29f2a750
                                        
                                            GET /img/flags/24/in.png HTTP/1.1 
Host: bayfiles.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/Sfd4l2E8ye/ProtonVPN_1.18.5_rar
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         45.154.253.151
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx
Date: Fri, 11 Nov 2022 18:41:20 GMT
Content-Length: 593
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 906
accept-ranges: bytes


--- Additional Info ---
Magic:  PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Size:   593
Md5:    ccaf96cfc341dc9a17e24b96bef223ff
Sha1:   8791d6db6628e0fb21b847ab94484f0c615e38ac
Sha256: 728e008d94e2e3bae2679d50a051562f1ccce1fd604196c7880a3d96f3070354
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Alert, Last-Modified, Cache-Control, Retry-After, Content-Length, Expires, ETag, Pragma, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 11 Nov 2022 18:24:58 GMT
cache-control: public,max-age=3600
age: 982
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            GET /img/flags/24/pl.png HTTP/1.1 
Host: bayfiles.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/Sfd4l2E8ye/ProtonVPN_1.18.5_rar
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         45.154.253.151
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx
Date: Fri, 11 Nov 2022 18:41:20 GMT
Content-Length: 347
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 932
accept-ranges: bytes


--- Additional Info ---
Magic:  PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Size:   347
Md5:    baf3aff7caef0be58f29b41f20a0e4db
Sha1:   11c840dfa1f1bd22a04aa1fa53fcac95f381b9a6
Sha256: 0a3a8803b7a137166a04369522ec2b31513dcd4c07e2120107c55d9a7f7b646f
                                        
                                            GET /img/flags/24/jp.png HTTP/1.1 
Host: bayfiles.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/Sfd4l2E8ye/ProtonVPN_1.18.5_rar
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         45.154.253.151
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx
Date: Fri, 11 Nov 2022 18:41:20 GMT
Content-Length: 599
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 924
accept-ranges: bytes


--- Additional Info ---
Magic:  PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Size:   599
Md5:    857f6f0e0886a3729b758b7241e42e61
Sha1:   a7be973a93c6ad51cf07a9f21a5dd72cc3e15680
Sha256: 8e7b1cd46120293756d1f21bac4de809d2895c7c26dc7586e3e2a09a0f7c1d64
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5919
Cache-Control: max-age=144251
Date: Fri, 11 Nov 2022 18:41:20 GMT
Etag: "636e10ac-1d7"
Expires: Sun, 13 Nov 2022 10:45:31 GMT
Last-Modified: Fri, 11 Nov 2022 09:06:52 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /?xsvjd=737333 HTTP/1.1 
Host: djv99sxoqpv11.cloudfront.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         54.230.245.37
HTTP/2 200 OK
                                        
content-length: 98042
date: Fri, 11 Nov 2022 18:41:20 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Miss from cloudfront
via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: dWhc9ISOWsB-MJGqq6j5YIl-WDEsLryNDtnaSOpkCRJyq2rDZBpiAg==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (15945)
Size:   98042
Md5:    7184c77f87e4b8303bd708512dd74331
Sha1:   8a91196e4890c3e8de03de7e195d229a6037cc43
Sha256: 2669905efd2c909200d9f8afff918d6ee35cf530473c8ca9d8d0a019944d7036
                                        
                                            GET /img/flags/24/es.png HTTP/1.1 
Host: bayfiles.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/Sfd4l2E8ye/ProtonVPN_1.18.5_rar
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         45.154.253.151
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx
Date: Fri, 11 Nov 2022 18:41:20 GMT
Content-Length: 666
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 969
accept-ranges: bytes


--- Additional Info ---
Magic:  PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Size:   666
Md5:    5fa381a8eb16d9e673d32980e7fd1710
Sha1:   fc29fbbebe97109ef1d16a0d4a65637d6b725ac8
Sha256: 7b6f223153c8eda1b541326f9cd66aeb53a28801c58c4de751fd2f9f6f1d96ff
                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 346
ETag: "740F652687019D3FFCE89B73E24FBF53E665E3BF5C59FCBDED4DD68FDBEE3D3F"
Last-Modified: Fri, 11 Nov 2022 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7559
Expires: Fri, 11 Nov 2022 20:47:19 GMT
Date: Fri, 11 Nov 2022 18:41:20 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 346
ETag: "740F652687019D3FFCE89B73E24FBF53E665E3BF5C59FCBDED4DD68FDBEE3D3F"
Last-Modified: Fri, 11 Nov 2022 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7559
Expires: Fri, 11 Nov 2022 20:47:19 GMT
Date: Fri, 11 Nov 2022 18:41:20 GMT
Connection: keep-alive

                                        
                                            GET /img/flags/24/kr.png HTTP/1.1 
Host: bayfiles.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/Sfd4l2E8ye/ProtonVPN_1.18.5_rar
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         45.154.253.151
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx
Date: Fri, 11 Nov 2022 18:41:20 GMT
Content-Length: 988
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 922
accept-ranges: bytes


--- Additional Info ---
Magic:  PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Size:   988
Md5:    cb22f00511d088a71e84f8c1c864caed
Sha1:   6599812ed106bda6017487287e12bc836570649f
Sha256: 09a03e08c73db3d8fb50241f004b69d673ec8ea90a6ca7252d66ce821d0b6db1
                                        
                                            GET /SUJUVnkoIDc7Rih/NnAMOy5pc0sPZ2YQHSM0bW8KMS0lJg94c3o1FSY3MDALJiwgeBcsNnFkP3oREy4qHywFJDgzNSMFAz4EGjsNDSQCJhEQFx4jOyAHYRETIRAbLEwIDxYPFAwBARIyMy4iGS0MJzAVMAYOEhAQKgAzJjgjFCYDEHkBGQENDyAzZksHBzhuKiAbOREABxAfEhoEEgViSwMTGSM7ARM+ECEcAAQFDi0IFRcDKnINGS4ROjkDITkhMT88LQgzMUAAEzAiISQLYBc+eCcNOx0MGDguShMWDiIhJAs8HioTIw44NwEBPzoeEyUsc0sLFRx7HSUMOWccECsFFRsfegAMSRt7BTszbHASAyE5IRoCNBELIxhKEwYeYCEODDkEMSUhDWU3DicVOU4DABEjODAyLgQefCYNOzcoJxE5FyhyAXATOi06JkQgKmAuAz0EBR0+InsZLws HTTP/1.1 
Host: ikadmethe.xyz
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         54.230.111.65
HTTP/2 200 OK
content-type: text/html
                                        
content-length: 1199
date: Fri, 11 Nov 2022 18:41:20 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: XHu0PaJkSn6FcV1dlSuqCNh2uAbndgQp8MSHc1uPBtYw6lCOIMKhHg==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3048), with no line terminators
Size:   1199
Md5:    813cd494707c20db5ce72caf55ee3ebb
Sha1:   f2822b3fd928a6e32700c2bfd011d65bfc16ef80
Sha256: 6864ccb287d17c41fdc091fa4c69d4196a1364bfb3b86953ecb06aa425e1a62a
                                        
                                            GET /bHJwSDMNEBMlDA1PEm5GHh5NbQEqV0IOVwYESXFAFB0BOEVdQ14rXwMHFC5BAxwEZl0JBlV6dVggNX1gIzUpJno4ChUfZy0cPi9lPhZDJFsvQyYheS80KAt3Pgg3Dlg/IhorFl4wJz9mJD0oGn4kMTIyagRGOwJgLUMyHXIEOzQNdTpAOT59AAISK3QLHyMJWBoRCSBpJBg1O30HASIBWjZCJBlXWTsKeXAoCxchfhRDJQldGEozDX1eFB44YygLHzljOUomEWsUGyYgeQQUNwF5Oh8AbQEuFgc7WDUqCCFnG0oBLXQ1FiYZaR4rMS9WDxwAe3AVIBgudEE4Ow10Kks1P187EScKWiknPnpVBiQUCmBUGhQ/XAsWHn1ZLzQqeVUBPxQeez0dP3hcKDsZDUIkJCELVV47Pht7Ph06P2U0VBo7XAICTQJSGAgJJFAPMQc HTTP/1.1 
Host: ikadmethe.xyz
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         54.230.111.65
HTTP/2 200 OK
content-type: text/html
                                        
content-length: 1189
date: Fri, 11 Nov 2022 18:41:20 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: NUsSjO_DtEweQ529LsumGfFF2i1bccS2bxBZke1FxwH_gXqBDfQmYA==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3036), with no line terminators
Size:   1189
Md5:    fd60c74fe033ed52a5dc5ce0180370ce
Sha1:   e565110871f5672811cb718f0ea0eede80038b4a
Sha256: 7360e08a17643378b22754610478154f9a3dd9799d7deda844d0ec0ddf5fb5ad
                                        
                                            GET /VXRySEU0FhElejRJEG4wJxhPbXcTUUAOIT8CS3E2LRsDODNkRVwrKToBFi43OhoGZiswAFd6AwwuQhoqBx8ZDQ4iLRUsLRgANgAxcEYwHg0bFhYQPRc4Gjs1HwwWfQcyITkAL2EXORsycEYwES0iTD4eNWUgGycqFic8HhwWAzgCdANHED8cMjccPHwEIDcCICwlOxgiEAU4GR89IxUKfQYsIAYhHRgiBTIQGz4ZIi8zQAZyAw0dKxxmACosEz0bFx0PZj8fBnIDDj8KDh1NJhETJjEQDhNlMToKfAQaETkcZgAqBi1gHhchH2QjOgYrA0ZDBiEdHzMBFHgHBgIuH0Y+JhdgIhwaHDFHHh8cAwRABDJhRjYbBDg8QA4kFDwaECYALkAqPR9BJRljPwcdJjVoGjELPC8AHS0c HTTP/1.1 
Host: ikadmethe.xyz
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         54.230.111.65
HTTP/2 200 OK
content-type: text/html
                                        
content-length: 1169
date: Fri, 11 Nov 2022 18:41:20 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: WDsdsAeK_bitBDCLOOVniisafpN7r4OrAaAQX83noPdSusZT1nu3Dg==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3013), with no line terminators
Size:   1169
Md5:    380ea7ad7414fb6c1998fa99f8fbb35b
Sha1:   5b0716b9ad972f8df302b4cf03ef70108c110b1f
Sha256: 47bbd4926fbfb68b21c5f37c4e0983dc0f2c8457e8a542949d9806e423b5f047
                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 1twQ0k/cMJfUDZ5UM59IaA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         35.165.143.157
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: RL46W2eojIQZquWFx9laDajXF08=

                                        
                                            GET /img/flags/24/fi.png HTTP/1.1 
Host: bayfiles.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/Sfd4l2E8ye/ProtonVPN_1.18.5_rar
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         45.154.253.151
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx
Date: Fri, 11 Nov 2022 18:41:20 GMT
Content-Length: 456
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 481
accept-ranges: bytes


--- Additional Info ---
Magic:  PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Size:   456
Md5:    0ea9115d18d5210d4f1db520881faa3a
Sha1:   09829c2b7b5e4bae28d62b1dff90220f28c3bdf5
Sha256: 544fee9d1bff8bc83865ab87538924de207ebe4848787496c7308b91b539b6da
                                        
                                            GET /YzYxdnBMCVIFTQFidzMSDXxSNEM5U2AgGypSZx48O2d3Tyc2RRcCGQcLBkVHUAUEUAAKUgxHSEVFRRcEFkUMR1YKWFcZTUVADEdeUxgDWEFFQwxHVhdGUBFNUhBBAgQPCwBARlsHCERAWwYFQUI HTTP/1.1 
Host: itahandkeight.xyz
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         172.67.208.217
HTTP/2 204 No Content
                                        
date: Fri, 11 Nov 2022 18:41:21 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XDinCRKu9ebJGbv8UusDyyodIu5CgzgxSqnfmEeOSEVWbYys6J%2BFuBG4pL25shYTnJ6Kpk%2BeHomNF3rR0N7G1aWoWz3XZkn%2BjbhjDbiJhPCLK5OtTh339M59zn6g2eiMADj4Zg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 768929598bf8b4f9-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

                                        
                                            GET /TTd2VlJiCBUlbxpvHicGIEMFBRR4AiM7awNiRSIBLAcCDzchA1AiOykKQWVlfgRFcCIkU0tndD5DFyInPgpHcDsjURlrdDsKR3hheRlFZnx5EQNrY2tDBjc1cAZQJiY5W0tnZHsPR29gfQ9GYmd8 HTTP/1.1 
Host: itahandkeight.xyz
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         172.67.208.217
HTTP/2 204 No Content
                                        
date: Fri, 11 Nov 2022 18:41:21 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1YS%2F1gkG%2Fs8fYoqeA00aoB%2BvErrh9O0WQb26GIY5tFgmo4yaJtHPTdUOWxkAG5JufhzReSV9xOc6PLkk5vsawvDJ3BtyJg5jAnvjPQK%2FXH1qXb%2FDzHQfMYOdsR8Z5xf4o5YxiA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 768929597be8b4f9-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

                                        
                                            GET /a1ZxRjhEaRI1BQk8GRRpBmcpB28tZyZ3WyQPOTZbMzEBL1s9PVcyUQ9rRnMOWGFHYEgCMkx0AU0lBSdMHiVMdx4COBcpBU0gTHcWW3hHdhZacAR7CU0iASdfVmdXNkwfOkx3Dl1uQH8KW25Bcg5f HTTP/1.1 
Host: itahandkeight.xyz
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         172.67.208.217
HTTP/2 204 No Content
                                        
date: Fri, 11 Nov 2022 18:41:21 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qAJWUudvj3jxxZKJt3RVv55%2FidE4EI9ex3a3DmUfDOm5TqiCZOwrlzdrOh1G15Lu8Nd%2BYVw0Fl4qjaeE0CpDQbJq8vKfxbUZ0RKohZVnc7y9gTvuwd0Vk4TkAxC%2BIcjWD0jLAQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 768929597bebb4f9-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 346
ETag: "740F652687019D3FFCE89B73E24FBF53E665E3BF5C59FCBDED4DD68FDBEE3D3F"
Last-Modified: Fri, 11 Nov 2022 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7558
Expires: Fri, 11 Nov 2022 20:47:19 GMT
Date: Fri, 11 Nov 2022 18:41:21 GMT
Connection: keep-alive

                                        
                                            GET /static/logo.png HTTP/1.1 
Host: bayfiles.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/Sfd4l2E8ye/ProtonVPN_1.18.5_rar
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         45.154.253.151
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx
Date: Fri, 11 Nov 2022 18:41:21 GMT
Content-Length: 38607
Connection: keep-alive
last-modified: Fri, 16 Sep 2022 20:22:41 GMT
etag: "6324db11-96cf"


--- Additional Info ---
Magic:  PNG image data, 292 x 251, 8-bit/color RGBA, non-interlaced\012- data
Size:   38607
Md5:    d39dfc9566d5264e198224dc249dd6bb
Sha1:   67ec60e7df6257a32f41e45e6877dc65f036ef0f
Sha256: 0b959f7dd25865a8a0636b6bb81d523c07fb03f76905313b9b8d677ae294b25a
                                        
                                            GET /img/file/filetypes/ext/rar.png?1663356888 HTTP/1.1 
Host: bayfiles.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/Sfd4l2E8ye/ProtonVPN_1.18.5_rar
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         45.154.253.151
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx
Date: Fri, 11 Nov 2022 18:41:21 GMT
Content-Length: 631
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 97
accept-ranges: bytes


--- Additional Info ---
Magic:  PNG image data, 16 x 16, 8-bit colormap, non-interlaced\012- data
Size:   631
Md5:    d33954367bc5d15c7f0e01857e7ae8ea
Sha1:   b8b5ba4e52c439feed2b51c7f982be6f4dee3aae
Sha256: a6f8963dd8d602e135e8b860b7e48badfd78c2b1bef9ec362a39ce2fc484606f
                                        
                                            GET /3SGxSVnQrAzwwSzwFNmtDfVphYUJuBiE5GjhROz5AMBYmECUDKzlvOTEedCIOLFFicBgpAjVrUi0CMWtFbg02NEl8SiYmGyNRKDcMPQ42JQMuBHQjFXUBPSwdJAAzc0YOWXxmUXpceiEdJgg9IQdtXmI4AG1eYmdEZlx3ZTZtXmIhHSZaZnNHCklgZgx+WH-dlNm1eYiQCbV8TZ0R9QmJ/UXpcNTMXIwN3ZDJ6XGNmRHlcY3NGeAo7JBEuAypzRg5dYmNaeEona0U HTTP/1.1 
Host: djv99sxoqpv11.cloudfront.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ikadmethe.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         54.230.245.37
HTTP/2 200 OK
                                        
content-length: 454
date: Fri, 11 Nov 2022 18:41:21 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 7829hxglHV4tiuP03NJZJuiMNPDHewt7dlMOIp1xt0sWoFADzm6aZw==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (587), with no line terminators
Size:   454
Md5:    7559406ca06163a6ac2efa7b14acbf08
Sha1:   f4bce1368608a9bd089d2ef4ffca1df35efc6e6c
Sha256: fb94a30c980c51a77fce0af1ebd21375adbed655eaef2876ad3d97ec2ec64bbb

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /YZ0RoRkkEKwYgdhMtDHt+VHNbdXxBLhspJxd5BgUKHj4cKSw+Yhw8LVp0TiooCSNVYCwJJ1V3bwYgCnt9QTEJeyQIPgEqJQZhWgB8SXRNdHlPMwEoLQgzG2N7VyocY3tXdVhoeUJ3KmN7VzMBKH9TYVsEbFV0EHB9QncqY3tXNh5jeiZ1WHNnV21NdHkAIQ-stJkJ2LnR5VnRYd3lWYVp2Lw42DSAmH2FaAHhXcUZ2bxJ5WQ HTTP/1.1 
Host: djv99sxoqpv11.cloudfront.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ikadmethe.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         54.230.245.37
HTTP/2 200 OK
                                        
content-length: 182
date: Fri, 11 Nov 2022 18:41:21 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: urN-pQla4JuWgb_NY4Y1CUoivsKO1IF90516zAXYVMlHGNVDYs5Y4Q==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   182
Md5:    3902642e56ebbfd1f323297d042ad581
Sha1:   c2768bae375fcb2d452fb940f255bcba828c762b
Sha256: 65081637de1ece63175d22e108b812a484c819a488757dab12b4d04b010e4565

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /4RE5SOGYnITxeWTAnNgVRd3lhC1ViJCFXCDRzGFkSPjc+WwUHOXRMHCBzYh4KJSA1BUAhIDEFV2IvNlpbcGgmSAkvcyhZHjEsNksRIiZ0TQd5Iz1CDygiMx1UAnt8CEN2fnpPDyoqPU8VYXxiVhJhfGIJVmp+dwskYXxiTw8qeGYdVQZrYAgecnp3CyRhfG-JKEGF9EwlWcWBiEUN2fjVdBS8hdwogdn5jCFZ1fmMdVHQoO0oDIiEqHVQCf2INSHRoJwVX HTTP/1.1 
Host: djv99sxoqpv11.cloudfront.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ikadmethe.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         54.230.245.37
HTTP/2 200 OK
                                        
content-length: 540
date: Fri, 11 Nov 2022 18:41:21 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: LQ-PTjhuAgKwCwB3lFxQoU5HuDK6Mqh1vf9WT88sR2T3ofP250OMsQ==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (754), with no line terminators
Size:   540
Md5:    ae2973401a055b92b994f64d4afd6441
Sha1:   2835f1299564d85f156eb30f887c57e06ebc75df
Sha256: 706758e4a6e3c47735860ba0d2ac5e7ec07f3d922ec6ede357289201a156f39d

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /img/flags/24/us.png HTTP/1.1 
Host: bayfiles.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/Sfd4l2E8ye/ProtonVPN_1.18.5_rar
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         45.154.253.151
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx
Date: Fri, 11 Nov 2022 18:41:21 GMT
Content-Length: 656
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 920
accept-ranges: bytes


--- Additional Info ---
Magic:  PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Size:   656
Md5:    ae506a6c014bfeb8d8cbfdfbe94c14c9
Sha1:   f4e74440c4e79e71959b9b8f799f2e8a7e15b7ee
Sha256: bc6dd978e70894c8a0148e6806f4fde9566ee59349adb03c02a61a3b2e25b6f1
                                        
                                            GET /img/flags/24/de.png HTTP/1.1 
Host: bayfiles.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/Sfd4l2E8ye/ProtonVPN_1.18.5_rar
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         45.154.253.151
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx
Date: Fri, 11 Nov 2022 18:41:21 GMT
Content-Length: 483
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 521
accept-ranges: bytes


--- Additional Info ---
Magic:  PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Size:   483
Md5:    9f8cc07c258bcd2de0c7900861e20ffc
Sha1:   fed97219e44693d4f3918fc4037b325732225d81
Sha256: 07cd5a4cad20604f77dced9c7d8a92ca9ae3321718e5a1935296e4d75f921a19
                                        
                                            GET /img/flags/24/ru.png HTTP/1.1 
Host: bayfiles.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/Sfd4l2E8ye/ProtonVPN_1.18.5_rar
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         45.154.253.151
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx
Date: Fri, 11 Nov 2022 18:41:21 GMT
Content-Length: 403
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 906
accept-ranges: bytes


--- Additional Info ---
Magic:  PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Size:   403
Md5:    d8df89b036e6afb48f72d2440831bad0
Sha1:   04abb4b29dae9c6f1ac0f1d8a507aabe26a3be35
Sha256: 2db4b55326c0ef7cd3caf53e835ae1f38629da1d1c2f5a127e0785165b16078c
                                        
                                            GET /img/favicon/favicon-32x32-bayfiles.png?1663356888 HTTP/1.1 
Host: bayfiles.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/Sfd4l2E8ye/ProtonVPN_1.18.5_rar
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         45.154.253.151
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx
Date: Fri, 11 Nov 2022 18:41:21 GMT
Content-Length: 1368
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 693
accept-ranges: bytes


--- Additional Info ---
Magic:  PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Size:   1368
Md5:    9549584e9288a5dd9d163daa26a6f34d
Sha1:   0c7a71967bd4570770aa9b1043a1d82cd8969252
Sha256: d18e625001a778074faea9e00ae801988818827c121732ba020390e84897578e
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "D3B12B77B946D1E6922DC631CD1F332954D1BFC11B4BFA9AF4237F09CFF52F48"
Last-Modified: Fri, 11 Nov 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2003
Expires: Fri, 11 Nov 2022 19:14:44 GMT
Date: Fri, 11 Nov 2022 18:41:21 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5910
Cache-Control: max-age=123704
Date: Fri, 11 Nov 2022 18:41:21 GMT
Etag: "636dc073-1d7"
Expires: Sun, 13 Nov 2022 05:03:05 GMT
Last-Modified: Fri, 11 Nov 2022 03:24:35 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.35
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 11 Nov 2022 18:41:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.35
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 11 Nov 2022 18:41:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 345
ETag: "F73104743472729224589CE94D83002291A5123328BDD34660334857D6491204"
Last-Modified: Thu, 10 Nov 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11604
Expires: Fri, 11 Nov 2022 21:54:45 GMT
Date: Fri, 11 Nov 2022 18:41:21 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 345
ETag: "F73104743472729224589CE94D83002291A5123328BDD34660334857D6491204"
Last-Modified: Thu, 10 Nov 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11604
Expires: Fri, 11 Nov 2022 21:54:45 GMT
Date: Fri, 11 Nov 2022 18:41:21 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 345
ETag: "F73104743472729224589CE94D83002291A5123328BDD34660334857D6491204"
Last-Modified: Thu, 10 Nov 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11604
Expires: Fri, 11 Nov 2022 21:54:45 GMT
Date: Fri, 11 Nov 2022 18:41:21 GMT
Connection: keep-alive

                                        
                                            GET /utx?cb=hQon6shHkoTo&top=bayfiles.com&tid=737333 HTTP/1.1 
Host: ikadmethe.xyz
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bayfiles.com
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         54.230.111.65
HTTP/2 204 No Content
                                        
date: Fri, 11 Nov 2022 18:41:21 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://bayfiles.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Fri, 11 Nov 2022 18:42:21 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: BXrDmaSxm49MoNZYVsyEbYYDKUqPG_JNJ78_c0TPpO353YoJeONsQA==
X-Firefox-Spdy: h2

                                        
                                            GET /utx?cb=F3yS1F1nW6nR&top=bayfiles.com&tid=756376 HTTP/1.1 
Host: ikadmethe.xyz
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bayfiles.com
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         54.230.111.65
HTTP/2 204 No Content
                                        
date: Fri, 11 Nov 2022 18:41:21 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://bayfiles.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Fri, 11 Nov 2022 18:42:21 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ZUwlGytLWpz9Tsj2CSzQ8c6lNCTbFo1ueqGH8k35nCnmrqZuSeuMbg==
X-Firefox-Spdy: h2

                                        
                                            GET /multi?cs=SUdEY1BwfnRUZnBxdVtheXV3UGQ&abt=0&red=1&sm=76&k=&v=1.0.60.1&sts=0&prn=0&emb=0&tid=756376&rxy=1280_1024&fs=1&ref=https%3A%2F%2Fbayfiles.com%2FSfd4l2E8ye%2FProtonVPN_1.18.5_rar&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&_Dpg8=1668192081076&crc=1 HTTP/1.1 
Host: ikadmethe.xyz
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bayfiles.com
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         54.230.111.65
HTTP/2 200 OK
content-type: text/plain
                                        
content-length: 1550
date: Fri, 11 Nov 2022 18:41:21 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://bayfiles.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=7ca8537c-5dc0-46e1-b469-dea705e627ca
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: po9-g6j8_XAEiM1RR6Ev9CvVI1UDBn0ZGzTbuKQniWflBedIcJnVMA==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (3211), with no line terminators
Size:   1550
Md5:    db81dfc1d0794febdbaafe4f31d05ff2
Sha1:   3fb4294c7eb88f98cb5f0671b95c3867e322a224
Sha256: 5fc1d4a5f3284c808dbc4aeb6ad18ae9841b59ac133a303a068bbbd70777c414
                                        
                                            GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1 
Host: accounts.google.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         216.58.207.237
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
                                        
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 11 Nov 2022 18:41:21 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-2112939984%3A1668192081791908&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAvk4-3G1GalzgxOQwjEHOjdaJlhY6_t-OqMug0rgUjhAm6uba5mrWLT946Y1XpkCuYHlYVaZg
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-Lguo52vB6OsYMKICfXCMiw' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 396
server: GSE
set-cookie: __Host-GAPS=1:SxwyVdqmQiLM27xQUIb-VUr-Dpaf5g:O-f6Si3ZOHCRNsC6;Path=/;Expires=Sun, 10-Nov-2024 18:41:21 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (381)
Size:   396
Md5:    8215d641bce86481da9ed73700a544bb
Sha1:   655771ca4cddeaed6c3fa6e4541d79e533d89e29
Sha256: 9ff24f980d5e274b9bd518df95d2630712b6200765f0f3a95bcdcdd2303e2725
                                        
                                            GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1 
Host: accounts.google.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         216.58.207.237
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
                                        
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 11 Nov 2022 18:41:21 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S2080702815%3A1668192081841769&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAsp1Gtyzd1xeWmLDNlHWdCXwj9pYS7TmhLTsU6g2yLixCu5_9FBR5_DnwXTFeaWHCmAfXeOZw
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-ybO7nwb0RkdhF5DnfSYBGA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 393
server: GSE
set-cookie: __Host-GAPS=1:UESlOQVRCEvQxSfC0JlgAfYWxlowVg:pLu6cZL0QfxQRhya;Path=/;Expires=Sun, 10-Nov-2024 18:41:21 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (384)
Size:   393
Md5:    89799421b708c56378babe54326bbf87
Sha1:   f0e821b2d8c968a8df9066e8a0839b640008b6a3
Sha256: 6b179186607859af9bb8399de85f6add1f4c700393d733ec788d0cab4bb59790
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.35
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 11 Nov 2022 18:41:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5910
Cache-Control: max-age=123704
Date: Fri, 11 Nov 2022 18:41:21 GMT
Etag: "636dc073-1d7"
Expires: Sun, 13 Nov 2022 05:03:05 GMT
Last-Modified: Fri, 11 Nov 2022 03:24:35 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 345
ETag: "F73104743472729224589CE94D83002291A5123328BDD34660334857D6491204"
Last-Modified: Thu, 10 Nov 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11604
Expires: Fri, 11 Nov 2022 21:54:45 GMT
Date: Fri, 11 Nov 2022 18:41:21 GMT
Connection: keep-alive

                                        
                                            GET /QkMzNXc5YUBCKDcxXxdNYCtHQQcxeRwaFSM6VVwbJzAdVhgvbEBCWSgwERlVMS5VF01zbxFBFiUcWlFVeGEEBkBxcQUXW2AwRlcoKycBF01gIVEFFCd6UFNacnZVVFp2IAcAWnt7BQRadHRVDEMjdAZWRiQgEUg HTTP/1.1 
Host: policityseriod.info
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         103.224.212.220
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Date: Fri, 11 Nov 2022 18:41:21 GMT
Server: Apache/2.4.38 (Debian)
Set-Cookie: __tad=1668192081.3739163; expires=Mon, 08-Nov-2032 18:41:21 GMT; Max-Age=315360000
Location: http://ww25.policityseriod.info/QkMzNXc5YUBCKDcxXxdNYCtHQQcxeRwaFSM6VVwbJzAdVhgvbEBCWSgwERlVMS5VF01zbxFBFiUcWlFVeGEEBkBxcQUXW2AwRlcoKycBF01gIVEFFCd6UFNacnZVVFp2IAcAWnt7BQRadHRVDEMjdAZWRiQgEUg?subid1=20221112-0541-2107-9b32-3cf7f77d1b7b
Content-Length: 0
Connection: close


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /sw.js?Z3NFbjM8UXJdBFRBc0wfRVFpTFEFQyYLCgQVaF4GARJoWlBTRmhXC1FCaFgEAUpxDwRSEHQIUEVfZ1sBAxJ3D1VSXn0PUFJecVYFV14kCwZSXn1aBVAVI18EUBB9DBFLUTYZEUtRNQFfDhAsGkoUFjcHXANdLABVCFFpTAZJQWcz HTTP/1.1 
Host: bayfiles.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

search
                                         45.154.253.151
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
                                        
Server: nginx
Date: Fri, 11 Nov 2022 18:41:22 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
x-vdch: Yes
cache-control: public, max-age=14400
x-oe: Y
x-oh: 10744
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (39060), with no line terminators
Size:   14388
Md5:    fefdeff3180d9772f08a2cadce9a55b0
Sha1:   5610f0290b7f4c81c57a65703825fc2830aeac96
Sha256: 0009589421c540c0b0ee37fde74f5373962096bc8e9869a953b4cb59547a8f61
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "08E24124F809F1AB7E6960355EFCB419E13DD5FB6063C31CAF04E11EBDB7A5CF"
Last-Modified: Fri, 11 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6377
Expires: Fri, 11 Nov 2022 20:27:39 GMT
Date: Fri, 11 Nov 2022 18:41:22 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "08E24124F809F1AB7E6960355EFCB419E13DD5FB6063C31CAF04E11EBDB7A5CF"
Last-Modified: Fri, 11 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6377
Expires: Fri, 11 Nov 2022 20:27:39 GMT
Date: Fri, 11 Nov 2022 18:41:22 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "08E24124F809F1AB7E6960355EFCB419E13DD5FB6063C31CAF04E11EBDB7A5CF"
Last-Modified: Fri, 11 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6377
Expires: Fri, 11 Nov 2022 20:27:39 GMT
Date: Fri, 11 Nov 2022 18:41:22 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "08E24124F809F1AB7E6960355EFCB419E13DD5FB6063C31CAF04E11EBDB7A5CF"
Last-Modified: Fri, 11 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6377
Expires: Fri, 11 Nov 2022 20:27:39 GMT
Date: Fri, 11 Nov 2022 18:41:22 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "08E24124F809F1AB7E6960355EFCB419E13DD5FB6063C31CAF04E11EBDB7A5CF"
Last-Modified: Fri, 11 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6377
Expires: Fri, 11 Nov 2022 20:27:39 GMT
Date: Fri, 11 Nov 2022 18:41:22 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fad1abae5-6437-44bf-8428-756b825e5be6.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8294
x-amzn-requestid: 5dab4522-fca9-4ada-ad6f-3305c9686315
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bZ4u3H7PoAMF02g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636d6e5e-756c150c40fe6fff3ae7a609;Sampled=0
x-amzn-remapped-date: Thu, 10 Nov 2022 21:34:22 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: FXIS1Gr_-3RUm6WPZCVcjaefD3hehHV-IwO-ieFeUqeoPAE7vajlsg==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 cd858042f70b416ca05e042acf3908a4.cloudfront.net (CloudFront), 1.1 google
date: Thu, 10 Nov 2022 21:46:51 GMT
etag: "815a4a1eb8c8e2a138fb3d65ba777b0c18fa15d0"
age: 75271
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8294
Md5:    88c9931a009690991e73c5b37a1aa085
Sha1:   815a4a1eb8c8e2a138fb3d65ba777b0c18fa15d0
Sha256: 74e70391889e4b46742033b1d5daccfec415ba2ee999e429d1013fd4a1ebc61a
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6f7d2f5-4807-4bbd-a3db-7a239962aca5.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5583
x-amzn-requestid: e844f42a-e87e-4e61-8c97-137c07c5ae28
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bNeQ9Ho7IAMF5_g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63687739-62c44d2f7d23632e74895bd8;Sampled=0
x-amzn-remapped-date: Mon, 07 Nov 2022 03:10:49 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: uHlIN1IVGCFUVl5lx5pFSux0YncseT2HQjiwFDL9eaEaBa9CdnCl8g==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 0d4ebcaa87ba94709def0eaac9371e5a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 11 Nov 2022 04:18:29 GMT
age: 51773
etag: "691f59b65ca9fde4f59bbf96b37071e07351f190"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5583
Md5:    85c6f450b38f41a2fb924d6d9a9cbff8
Sha1:   691f59b65ca9fde4f59bbf96b37071e07351f190
Sha256: c8f877488a2cf65f0d9829384fd4113847722a1b4df94b6b1d5788699689722c
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1c9847f2-3b5e-4950-9792-a512af36da58.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6517
x-amzn-requestid: 7884aa37-c94f-49d4-b6a4-c6bd66026d2c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: apxD3EeYIAMFYAA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-635a2ee5-337e8e0949f5020713fcab58;Sampled=0
x-amzn-remapped-date: Thu, 27 Oct 2022 07:10:29 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: kXRfJbLr7ErTvJIW0rjpcqxHA0zvN6XOPrszlIzXBgaJkJGWzkoyGw==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 2324edbcb8fc72f617442c65f36a40fc.cloudfront.net (CloudFront), 1.1 google
date: Thu, 10 Nov 2022 22:00:02 GMT
age: 74480
etag: "96de8f2627e1103c5e6beb5d64cdbc09f97fce82"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6517
Md5:    f29164fb4dd64d9ce60566fbebd40f0a
Sha1:   96de8f2627e1103c5e6beb5d64cdbc09f97fce82
Sha256: 8eba6095edfed1ee1402c050727f81b8a9942625fd1c9cbb3bac4e51ee178577
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F50b47142-be82-4ddc-85e8-45dc7102abe9.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6696
x-amzn-requestid: 19f91da1-beeb-400a-b4c0-059851ca839f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bNeQ_F3doAMFr6A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63687739-2ef73e121ff2c3cf0e95b450;Sampled=0
x-amzn-remapped-date: Mon, 07 Nov 2022 03:10:49 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: GgmLFeCzBEuR8gcEDGr8nBYW4xUUkIKZi0m8_TZ5quDeLmkROXm2_g==
via: 1.1 27f6faf9790b5a2877fb528fa31f7922.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 11 Nov 2022 07:45:28 GMT
age: 39354
etag: "7339ad7b4f37cc37cb712207a7b3a5ac9355d9dc"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6696
Md5:    90a78b0f806c0c5ef5e7128cc37b2edf
Sha1:   7339ad7b4f37cc37cb712207a7b3a5ac9355d9dc
Sha256: 770a2247a0f8d6b44c61cecc8a11e9882e4dd39269e181eef52cf6816407022b
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3e7dc40a-e47f-44b5-b3b4-87b10cd8669d.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10671
x-amzn-requestid: 1b6053eb-64ac-4c24-a750-c1b8cd69157f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bJEh8GxPoAMFhPA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6366b472-56c6a3bc07ec89ab56d4f3bd;Sampled=0
x-amzn-remapped-date: Sat, 05 Nov 2022 19:07:30 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: qJeWGvC4DM_d3k66OHN2V19elou-xoSNkep1BNalBO0NtKyQtAFzNQ==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 001e7070d795018d01b93988b9723742.cloudfront.net (CloudFront), 1.1 google
date: Fri, 11 Nov 2022 03:31:46 GMT
age: 54576
etag: "5fe340bf33ac219f6a3d44810f31d0a8796c83a9"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10671
Md5:    e72f32944d6f03e005f7b6f3e87d8c72
Sha1:   5fe340bf33ac219f6a3d44810f31d0a8796c83a9
Sha256: bcdcba30210d276996d0fe749bbfc69d666ae11ddfbfdb57307e4bb4d6e43d1f
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe4094512-9a5a-47aa-9796-9f630fb1c13f.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8581
x-amzn-requestid: 385174fe-153f-448f-be5e-9ea3b5757ff9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bZ4u1EYOIAMFncA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636d6e5e-6084a34f58df22037275e676;Sampled=0
x-amzn-remapped-date: Thu, 10 Nov 2022 21:34:22 GMT
x-amz-cf-pop: YVR50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: MhIq0Vdxah99pPo_O7gkhrq9Nekkxld2lv0955wr0yJzcP3g6LAH8g==
via: 1.1 dfc972676b24a6d23251d4f298dfa08c.cloudfront.net (CloudFront), 1.1 b36bf2c460ac693ce304817aed073112.cloudfront.net (CloudFront), 1.1 google
date: Thu, 10 Nov 2022 21:46:56 GMT
age: 75266
etag: "e0d1ebb35a16c686eae3d31eb85ac72278459b05"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8581
Md5:    13f7b6eea163326da8c58ae5c09efccd
Sha1:   e0d1ebb35a16c686eae3d31eb85ac72278459b05
Sha256: 13f2f428acb7806808d957a8167ab2c139a5d0f59798671465717f2b39b914a9
                                        
                                            GET /Z3NFbjM8UXJdBFRBc0wfRVFpTFEFQyYLCgQVaF4GARJoWlBTRmhXC1FCaFgEAUpxDwRSEHQIUEVfZ1sBAxJ3D1VSXn0PUFJecVYFV14kCwZSXn1aBVAVI18EUBB9DBFLUTYZEUtRNQFfDhAsGkoUFjcHXANdLABVCFFpTAZJQWcz HTTP/1.1 
Host: policityseriod.info
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

search
                                         103.224.212.220
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Date: Fri, 11 Nov 2022 18:41:22 GMT
Server: Apache/2.4.38 (Debian)
Set-Cookie: __tad=1668192082.4036622; expires=Mon, 08-Nov-2032 18:41:22 GMT; Max-Age=315360000
Location: http://ww25.policityseriod.info/Z3NFbjM8UXJdBFRBc0wfRVFpTFEFQyYLCgQVaF4GARJoWlBTRmhXC1FCaFgEAUpxDwRSEHQIUEVfZ1sBAxJ3D1VSXn0PUFJecVYFV14kCwZSXn1aBVAVI18EUBB9DBFLUTYZEUtRNQFfDhAsGkoUFjcHXANdLABVCFFpTAZJQWcz?subid1=20221112-0541-22dd-abb4-f02cc2aa107c
Content-Length: 0
Connection: close


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            POST / HTTP/1.1 
Host: policityseriod.info
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 390
Origin: https://bayfiles.com
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         103.224.212.220
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Date: Fri, 11 Nov 2022 18:41:22 GMT
Server: Apache/2.4.38 (Debian)
Set-Cookie: __tad=1668192082.2485211; expires=Mon, 08-Nov-2032 18:41:22 GMT; Max-Age=315360000
Location: http://ww25.policityseriod.info/?subid1=20221112-0541-2235-901a-f651f860d3a3
Content-Length: 0
Connection: close


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            POST / HTTP/1.1 
Host: policityseriod.info
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bayfiles.com/
Content-Type: text/plain;charset=UTF-8
Origin: https://bayfiles.com
Content-Length: 358
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         103.224.212.220
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Date: Fri, 11 Nov 2022 18:41:23 GMT
Server: Apache/2.4.38 (Debian)
Set-Cookie: __tad=1668192083.4712038; expires=Mon, 08-Nov-2032 18:41:23 GMT; Max-Age=315360000
Location: http://ww25.policityseriod.info/?subid1=20221112-0541-23c0-ba46-0d878c4dc82b
Content-Length: 0
Connection: close


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            POST / HTTP/1.1 
Host: policityseriod.info
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 778
Origin: https://bayfiles.com
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         103.224.212.220
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Date: Fri, 11 Nov 2022 18:41:23 GMT
Server: Apache/2.4.38 (Debian)
Set-Cookie: __tad=1668192083.6544983; expires=Mon, 08-Nov-2032 18:41:23 GMT; Max-Age=315360000
Location: http://ww25.policityseriod.info/?subid1=20221112-0541-23c4-9fed-3008c1fd4caa
Content-Length: 0
Connection: close


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            POST / HTTP/1.1 
Host: policityseriod.info
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bayfiles.com/
Content-Type: text/plain;charset=UTF-8
Origin: https://bayfiles.com
Content-Length: 352
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         103.224.212.220
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Date: Fri, 11 Nov 2022 18:41:23 GMT
Server: Apache/2.4.38 (Debian)
Set-Cookie: __tad=1668192083.8485442; expires=Mon, 08-Nov-2032 18:41:23 GMT; Max-Age=315360000
Location: http://ww25.policityseriod.info/?subid1=20221112-0541-236a-b20f-f130063f8b03
Content-Length: 0
Connection: close


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            POST / HTTP/1.1 
Host: policityseriod.info
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 780
Origin: https://bayfiles.com
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         103.224.212.220
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Date: Fri, 11 Nov 2022 18:41:23 GMT
Server: Apache/2.4.38 (Debian)
Set-Cookie: __tad=1668192083.6971036; expires=Mon, 08-Nov-2032 18:41:23 GMT; Max-Age=315360000
Location: http://ww25.policityseriod.info/?subid1=20221112-0541-23cf-9d12-f5272693149e
Content-Length: 0
Connection: close


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            POST / HTTP/1.1 
Host: policityseriod.info
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 397
Origin: https://bayfiles.com
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         103.224.212.220
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Date: Fri, 11 Nov 2022 18:41:23 GMT
Server: Apache/2.4.38 (Debian)
Set-Cookie: __tad=1668192083.4853860; expires=Mon, 08-Nov-2032 18:41:23 GMT; Max-Age=315360000
Location: http://ww25.policityseriod.info/?subid1=20221112-0541-2344-9f2a-f537c6ef0e32
Content-Length: 0
Connection: close


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            POST / HTTP/1.1 
Host: policityseriod.info
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 394
Origin: https://bayfiles.com
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         103.224.212.220
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Date: Fri, 11 Nov 2022 18:41:23 GMT
Server: Apache/2.4.38 (Debian)
Set-Cookie: __tad=1668192083.7291143; expires=Mon, 08-Nov-2032 18:41:23 GMT; Max-Age=315360000
Location: http://ww25.policityseriod.info/?subid1=20221112-0541-2318-b3d4-0c7d882c9377
Content-Length: 0
Connection: close


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            POST / HTTP/1.1 
Host: policityseriod.info
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bayfiles.com/
Content-Type: text/plain;charset=UTF-8
Origin: https://bayfiles.com
Content-Length: 353
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         103.224.212.220
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Date: Fri, 11 Nov 2022 18:41:23 GMT
Server: Apache/2.4.38 (Debian)
Set-Cookie: __tad=1668192083.5086050; expires=Mon, 08-Nov-2032 18:41:23 GMT; Max-Age=315360000
Location: http://ww25.policityseriod.info/?subid1=20221112-0541-2352-983a-e2c80249a3e7
Content-Length: 0
Connection: close


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /asd100.bin HTTP/1.1 
Host: pogothere.xyz
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bayfiles.com/
Origin: https://bayfiles.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

search
                                         172.64.106.19
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
date: Fri, 11 Nov 2022 18:41:21 GMT
access-control-allow-origin: https://bayfiles.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 6257
last-modified: Fri, 11 Nov 2022 16:57:04 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1w7zS8EVP%2Bk2PYjkC5NAZqGQITlFtXvGkLpsUecGZcR43R3vePhGfkQogCNHUR4k1mlK%2BW%2FDiVOK8QwdmN9Bgs5mUp2im2srAS6%2B07WCOx4ZACgXAeGXoXU00soinlR%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7689295f4a13772c-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1 
Host: www.facebook.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         31.13.72.36
HTTP/2 200 OK
content-type: text/html; charset="utf-8"
                                        
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
x-fb-debug: dh2JzIuqApQ8ET/cnhl2lYTjewplOzTbGnR4dHmokU67lw3fUFzlAF1AnjxV+LCq5eJ4YJozDeM7NH1zahfYOA==
date: Fri, 11 Nov 2022 18:41:21 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /asd100.bin HTTP/1.1 
Host: pogothere.xyz
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bayfiles.com/
Origin: https://bayfiles.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

search
                                         172.64.106.19
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
date: Fri, 11 Nov 2022 18:41:21 GMT
access-control-allow-origin: https://bayfiles.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 6257
last-modified: Fri, 11 Nov 2022 16:57:04 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OY9CdF0uSgjlK2TYMPtw2sKKhDCMBVtpUbH4zAHpp%2FCDO9DKqcwJ4UErj7lDl00vIs4E9NahMAyL%2FoZd2fvjH6vUt9UYLauZIk9udBV0myEBKb1%2BGq5hUbxeyUaYB8rQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7689295f4a12772c-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /v3/signin/identifier?dsh=S-2112939984%3A1668192081791908&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAvk4-3G1GalzgxOQwjEHOjdaJlhY6_t-OqMug0rgUjhAm6uba5mrWLT946Y1XpkCuYHlYVaZg HTTP/1.1 
Host: accounts.google.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bayfiles.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         216.58.207.237
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
                                        
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 11 Nov 2022 18:41:21 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi/external"}]}
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-3lSya2bSw-IX7-5wOm7oyA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET / HTTP/1.1 
Host: pogothere.xyz
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bayfiles.com/
Origin: https://bayfiles.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         172.64.106.19
HTTP/2 200 OK
content-type: text/plain
                                        
date: Fri, 11 Nov 2022 18:41:21 GMT
set-cookie: csu=2072703643868237@1@1668192081; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://bayfiles.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2zonmKU2RAOnIP8iQCjHJ6PXwKBRE%2Fh0fT4BIoAnwv%2FTKIGQC0FRk71Er%2Fi88zd%2BSwkLXixWbVWjrZItj9VQV0qUgh3treSCJ%2F5fI6sTgdH4t3iLJH45bZOIbQkhV5pm"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7689295f4a10772c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---