bayfiles.com/Sfd4l2E8ye/ProtonVPN_1.18.5_rar
45.154.253.150301 Moved Permanently 162 B URL HTTP/1.1 bayfiles.com/Sfd4l2E8ye/ProtonVPN_1.18.5_rar
IP 45.154.253.150:0
ASN #41634 Svea Hosting AB
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /Sfd4l2E8ye/ProtonVPN_1.18.5_rar HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Fri, 11 Nov 2022 18:41:19 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://bayfiles.com/Sfd4l2E8ye/ProtonVPN_1.18.5_rar
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 3d0727e32cd103ddd4b73f28c81758aa
197a7bf43d63723fc532c23c6dced68d5cc36652
d3f75d03561d6a47d19370292e821a86e58381466f0c69386a21175de55882ff
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D3F75D03561D6A47D19370292E821A86E58381466F0C69386A21175DE55882FF"
Last-Modified: Fri, 11 Nov 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13573
Expires: Fri, 11 Nov 2022 22:27:32 GMT
Date: Fri, 11 Nov 2022 18:41:19 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 4edf853c470fcec0ab277c78527f3c2d
de93530ce15337e671c488d9fe05e7091d4956f0
b9d7976b398b1243ff8a571ddd3975d3a1317d69101061bdb1a755b3b56620e6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5345
Cache-Control: max-age=148753
Content-Type: application/ocsp-response
Date: Fri, 11 Nov 2022 18:41:19 GMT
Etag: "636e247f-1d7"
Expires: Sun, 13 Nov 2022 12:00:32 GMT
Last-Modified: Fri, 11 Nov 2022 10:31:27 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 2b57492bf85f4ae6abbd1641b17dc9ab
008e71ec05d47bf025ca64e17da2ea1bd8e71111
17894427c471f7fa02ca274795dc55df1bfc99d7bd83f9ee36249394035110fd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "17894427C471F7FA02CA274795DC55DF1BFC99D7BD83F9EE36249394035110FD"
Last-Modified: Wed, 09 Nov 2022 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2479
Expires: Fri, 11 Nov 2022 19:22:38 GMT
Date: Fri, 11 Nov 2022 18:41:19 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 4736bac84ca28f2b1e961159fb4ea098
1319612979f53896fcfeacd4215c2715d4951e4c
5e81213e111ddf68c7f884f72b4e06fc4dc95eb902c3cf0762236b2418840dba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Alert, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 11 Nov 2022 17:43:54 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 3445
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: zuOL38/WMYdn4mr85nS0snhYxCw+yRdiiPVvIgRoaqIvHWdXMiGEKRsmJEhtKtBpBY3zep0a0dI=
x-amz-request-id: XFZJHA5ME3P1Y6YG
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 11 Nov 2022 17:49:54 GMT
age: 3085
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f5305cd40d9d86d8b0d75814ecbd81df
b705b4fa4e72ebd8194a9bd177922058b8d9cfea
4e67bc9d874c02418110193adabeb585c88f6bf838d500098bf9a3da21be0d03
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4E67BC9D874C02418110193ADABEB585C88F6BF838D500098BF9A3DA21BE0D03"
Last-Modified: Fri, 11 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9945
Expires: Fri, 11 Nov 2022 21:27:04 GMT
Date: Fri, 11 Nov 2022 18:41:19 GMT
Connection: keep-alive
bayfiles.com/Sfd4l2E8ye/ProtonVPN_1.18.5_rar
45.154.253.151200 OK 2.8 kB URL HTTP/1.1 bayfiles.com/Sfd4l2E8ye/ProtonVPN_1.18.5_rar
IP 45.154.253.151:0
ASN #41634 Svea Hosting AB
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (481)
Hash fc24f2851d8ae21a36b0f6ac1120af69
c77e8f492b4e85818f23dfe3ce5127385ef307b0
f22529f73fc996cd32a75c36351e4e93475e79dc36193ac4ce4e550ef43fb9b1
GET /Sfd4l2E8ye/ProtonVPN_1.18.5_rar HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 11 Nov 2022 18:41:19 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
x-vdc: Yes
cache-control: public, max-age=60
x-oe: N
Content-Encoding: gzip
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 11 Nov 2022 18:41:19 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
bayfiles.com/css/bayfiles.css?1667332315
45.154.253.151200 OK 25 kB URL HTTP/1.1 bayfiles.com/css/bayfiles.css?1667332315
IP 45.154.253.151:0
ASN #41634 Svea Hosting AB
File type ASCII text, with very long lines (65452)
Hash 896df88019eabed295bc78a2f053ab92
1bca351d99600fb10583eb28c638dd58482535a0
b1555a31747d1f471ea748a1363cf9c588d66dd15dcf42cf7fa0b2911d0424d0
GET /css/bayfiles.css?1667332315 HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/Sfd4l2E8ye/ProtonVPN_1.18.5_rar
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 11 Nov 2022 18:41:20 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
cache-control: public, max-age=3600
x-oe: Y
x-oh: 2104
Content-Encoding: gzip
bayfiles.com/sw.js
45.154.253.151200 OK 14 kB IP 45.154.253.151:0
ASN #41634 Svea Hosting AB
File type ASCII text, with very long lines (39060), with no line terminators
Hash fefdeff3180d9772f08a2cadce9a55b0
5610f0290b7f4c81c57a65703825fc2830aeac96
0009589421c540c0b0ee37fde74f5373962096bc8e9869a953b4cb59547a8f61
GET /sw.js HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/Sfd4l2E8ye/ProtonVPN_1.18.5_rar
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 11 Nov 2022 18:41:20 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
x-vdch: Yes
cache-control: public, max-age=14400
x-oe: Y
x-oh: 10737
Content-Encoding: gzip
bayfiles.com/js/app.js?1667332315
45.154.253.151200 OK 58 kB URL HTTP/1.1 bayfiles.com/js/app.js?1667332315
IP 45.154.253.151:0
ASN #41634 Svea Hosting AB
File type ASCII text, with very long lines (63238)
Hash ba67ff13fd07739a7037fbc27b2a1955
3e253f69b2f12659c541de122c6bce0ed82ba369
1cb363c41be4b3558b7b97b28bb7620cf532033c8a7a0035020831c104aaf818
GET /js/app.js?1667332315 HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/Sfd4l2E8ye/ProtonVPN_1.18.5_rar
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 11 Nov 2022 18:41:20 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
cache-control: public, max-age=3600
x-oe: Y
x-oh: 232
Content-Encoding: gzip
bayfiles.com/img/flags/24/no.png
45.154.253.151200 OK 611 B URL HTTP/1.1 bayfiles.com/img/flags/24/no.png
IP 45.154.253.151:0
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash f14ac70aa6dd4d371671c0e6d7cba4e3
1139e3acd6e073bffb59157cbc10af72ed757218
9a4473862ea2b9bd1c5e1543900416e693b33516cae53fde32e1c3a83d3382e4
GET /img/flags/24/no.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/Sfd4l2E8ye/ProtonVPN_1.18.5_rar
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 11 Nov 2022 18:41:20 GMT
Content-Type: image/png
Content-Length: 611
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 616
accept-ranges: bytes
bayfiles.com/img/flags/24/br.png
45.154.253.151200 OK 1.1 kB URL HTTP/1.1 bayfiles.com/img/flags/24/br.png
IP 45.154.253.151:0
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash 6a5938d2e7f7d6f4026d6eb1b4b4f2cd
7a038177fe4deec455d61d3e9c90019fa4727d40
0ab6c46e677fa7e49b6344fcde39c06ff6c014d9163571cdb36f8b5fc59c17eb
GET /img/flags/24/br.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/Sfd4l2E8ye/ProtonVPN_1.18.5_rar
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 11 Nov 2022 18:41:20 GMT
Content-Type: image/png
Content-Length: 1115
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 755
accept-ranges: bytes
bayfiles.com/img/flags/24/se.png
45.154.253.151200 OK 581 B URL HTTP/1.1 bayfiles.com/img/flags/24/se.png
IP 45.154.253.151:0
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash c9b1e40987c4411b4a7d13c07a8843aa
cfce93be3ba77e4e30033d25e2e5c6a37da1b27d
8c04b3b52d605637bb4c6a26449c45e5320a3f33f14e8c737ce599433bc19f14
GET /img/flags/24/se.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/Sfd4l2E8ye/ProtonVPN_1.18.5_rar
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 11 Nov 2022 18:41:20 GMT
Content-Type: image/png
Content-Length: 581
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 844
accept-ranges: bytes
bayfiles.com/img/flags/24/dk.png
45.154.253.151200 OK 537 B URL HTTP/1.1 bayfiles.com/img/flags/24/dk.png
IP 45.154.253.151:0
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash b6ebe55a7d176720cd2b1003298187a8
930858408b9af1f79c430bbe15c185db555a7815
07575cf7a8d7d2b8edfbea80f8e8a228ecc56a03a567bc60c0ef4dc6ac0f328a
GET /img/flags/24/dk.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/Sfd4l2E8ye/ProtonVPN_1.18.5_rar
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 11 Nov 2022 18:41:20 GMT
Content-Type: image/png
Content-Length: 537
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 3991
accept-ranges: bytes
vjs.zencdn.net/7.3.0/video.min.js
151.101.86.217200 OK 132 kB URL HTTP/2 vjs.zencdn.net/7.3.0/video.min.js
IP 151.101.86.217:0
File type Unicode text, UTF-8 text, with very long lines (65141)
Size 132 kB (132230 bytes)
Hash e296d874aca2a1550b409394be51efaa
c184c030e9aab3d03de27bc588919e249d5ccdf7
401c15b7916797f936e9d8443945ef22e0f93305655c057a92c8d9b80c327c9f
GET /7.3.0/video.min.js HTTP/1.1
Host: vjs.zencdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Fri, 26 Oct 2018 18:06:27 GMT
etag: "057f19acd50fc7e3ad917dd600889ee5"
cache-control: public, max-age=31536000
content-type: application/javascript; charset=utf-8
content-encoding: gzip
date: Fri, 11 Nov 2022 18:41:20 GMT
x-served-by: cache-bma1668-BMA
x-cache: HIT
x-cache-hits: 2
vary: Accept-Encoding
access-control-allow-origin: *
timing-allow-origin: *
content-length: 132230
X-Firefox-Spdy: h2
vjs.zencdn.net/7.3.0/video-js.min.css
151.101.86.217200 OK 9.7 kB URL HTTP/2 vjs.zencdn.net/7.3.0/video-js.min.css
IP 151.101.86.217:0
File type ASCII text, with very long lines (35998), with no line terminators
Hash 3397ce943db8add2728dccd9a3b8b8bc
a57bbb7546a458fe57d72d06baab950125260cc9
5779043d07e39f23d64752c34c3113055eaaadf57fcd02f366cb028485e626ba
GET /7.3.0/video-js.min.css HTTP/1.1
Host: vjs.zencdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Fri, 26 Oct 2018 18:06:27 GMT
etag: "895e6b29db41953ef6197815c6be59d3"
cache-control: public, max-age=31536000
content-type: text/css; charset=utf-8
content-encoding: gzip
date: Fri, 11 Nov 2022 18:41:20 GMT
x-served-by: cache-bma1668-BMA
x-cache: HIT
x-cache-hits: 3924
vary: Accept-Encoding
access-control-allow-origin: *
timing-allow-origin: *
content-length: 9673
X-Firefox-Spdy: h2
bayfiles.com/img/flags/24/fr.png
45.154.253.151200 OK 536 B URL HTTP/1.1 bayfiles.com/img/flags/24/fr.png
IP 45.154.253.151:0
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash e81efecf1a1b1d3a17d00a904c5cc3c9
1203894dbfc8363302dc709d852c05a4dd8bf9dc
54df4beda3ad05d5c621511ff15b2882588ff457e36132035d5f21fb29f2a750
GET /img/flags/24/fr.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/Sfd4l2E8ye/ProtonVPN_1.18.5_rar
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 11 Nov 2022 18:41:20 GMT
Content-Type: image/png
Content-Length: 536
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 690
accept-ranges: bytes
bayfiles.com/img/flags/24/in.png
45.154.253.151200 OK 593 B URL HTTP/1.1 bayfiles.com/img/flags/24/in.png
IP 45.154.253.151:0
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash ccaf96cfc341dc9a17e24b96bef223ff
8791d6db6628e0fb21b847ab94484f0c615e38ac
728e008d94e2e3bae2679d50a051562f1ccce1fd604196c7880a3d96f3070354
GET /img/flags/24/in.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/Sfd4l2E8ye/ProtonVPN_1.18.5_rar
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 11 Nov 2022 18:41:20 GMT
Content-Type: image/png
Content-Length: 593
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 906
accept-ranges: bytes
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Last-Modified, Cache-Control, Retry-After, Content-Length, Expires, ETag, Pragma, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 11 Nov 2022 18:24:58 GMT
cache-control: public,max-age=3600
age: 982
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
bayfiles.com/img/flags/24/pl.png
45.154.253.151200 OK 347 B URL HTTP/1.1 bayfiles.com/img/flags/24/pl.png
IP 45.154.253.151:0
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash baf3aff7caef0be58f29b41f20a0e4db
11c840dfa1f1bd22a04aa1fa53fcac95f381b9a6
0a3a8803b7a137166a04369522ec2b31513dcd4c07e2120107c55d9a7f7b646f
GET /img/flags/24/pl.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/Sfd4l2E8ye/ProtonVPN_1.18.5_rar
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 11 Nov 2022 18:41:20 GMT
Content-Type: image/png
Content-Length: 347
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 932
accept-ranges: bytes
bayfiles.com/img/flags/24/jp.png
45.154.253.151200 OK 599 B URL HTTP/1.1 bayfiles.com/img/flags/24/jp.png
IP 45.154.253.151:0
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash 857f6f0e0886a3729b758b7241e42e61
a7be973a93c6ad51cf07a9f21a5dd72cc3e15680
8e7b1cd46120293756d1f21bac4de809d2895c7c26dc7586e3e2a09a0f7c1d64
GET /img/flags/24/jp.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/Sfd4l2E8ye/ProtonVPN_1.18.5_rar
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 11 Nov 2022 18:41:20 GMT
Content-Type: image/png
Content-Length: 599
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 924
accept-ranges: bytes
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash f7ff606fbc8634c858bbc04b69f55cf6
2441de2cba649239efd0dae7a878d7ef2245c0b4
95154e0dbb7e827b8f893cc141f986c29634ead618256470d753429aa65a0548
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5919
Cache-Control: max-age=144251
Content-Type: application/ocsp-response
Date: Fri, 11 Nov 2022 18:41:20 GMT
Etag: "636e10ac-1d7"
Expires: Sun, 13 Nov 2022 10:45:31 GMT
Last-Modified: Fri, 11 Nov 2022 09:06:52 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471
djv99sxoqpv11.cloudfront.net/?xsvjd=737333
54.230.245.37200 OK 98 kB URL HTTP/2 djv99sxoqpv11.cloudfront.net/?xsvjd=737333
IP 54.230.245.37:0
File type Unicode text, UTF-8 text, with very long lines (15945)
Hash 7184c77f87e4b8303bd708512dd74331
8a91196e4890c3e8de03de7e195d229a6037cc43
2669905efd2c909200d9f8afff918d6ee35cf530473c8ca9d8d0a019944d7036
GET /?xsvjd=737333 HTTP/1.1
Host: djv99sxoqpv11.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 98042
date: Fri, 11 Nov 2022 18:41:20 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Miss from cloudfront
via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: dWhc9ISOWsB-MJGqq6j5YIl-WDEsLryNDtnaSOpkCRJyq2rDZBpiAg==
X-Firefox-Spdy: h2
bayfiles.com/img/flags/24/es.png
45.154.253.151200 OK 666 B URL HTTP/1.1 bayfiles.com/img/flags/24/es.png
IP 45.154.253.151:0
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash 5fa381a8eb16d9e673d32980e7fd1710
fc29fbbebe97109ef1d16a0d4a65637d6b725ac8
7b6f223153c8eda1b541326f9cd66aeb53a28801c58c4de751fd2f9f6f1d96ff
GET /img/flags/24/es.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/Sfd4l2E8ye/ProtonVPN_1.18.5_rar
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 11 Nov 2022 18:41:20 GMT
Content-Type: image/png
Content-Length: 666
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 969
accept-ranges: bytes
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f28c003fb99185fa17e93ae9d1e3745f
611f4cbbead973c39305a7453144d7487e63620c
740f652687019d3ffce89b73e24fbf53e665e3bf5c59fcbded4dd68fdbee3d3f
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "740F652687019D3FFCE89B73E24FBF53E665E3BF5C59FCBDED4DD68FDBEE3D3F"
Last-Modified: Fri, 11 Nov 2022 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7559
Expires: Fri, 11 Nov 2022 20:47:19 GMT
Date: Fri, 11 Nov 2022 18:41:20 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f28c003fb99185fa17e93ae9d1e3745f
611f4cbbead973c39305a7453144d7487e63620c
740f652687019d3ffce89b73e24fbf53e665e3bf5c59fcbded4dd68fdbee3d3f
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "740F652687019D3FFCE89B73E24FBF53E665E3BF5C59FCBDED4DD68FDBEE3D3F"
Last-Modified: Fri, 11 Nov 2022 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7559
Expires: Fri, 11 Nov 2022 20:47:19 GMT
Date: Fri, 11 Nov 2022 18:41:20 GMT
Connection: keep-alive
bayfiles.com/img/flags/24/kr.png
45.154.253.151200 OK 988 B URL HTTP/1.1 bayfiles.com/img/flags/24/kr.png
IP 45.154.253.151:0
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash cb22f00511d088a71e84f8c1c864caed
6599812ed106bda6017487287e12bc836570649f
09a03e08c73db3d8fb50241f004b69d673ec8ea90a6ca7252d66ce821d0b6db1
GET /img/flags/24/kr.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/Sfd4l2E8ye/ProtonVPN_1.18.5_rar
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 11 Nov 2022 18:41:20 GMT
Content-Type: image/png
Content-Length: 988
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 922
accept-ranges: bytes
ikadmethe.xyz/SUJUVnkoIDc7Rih/NnAMOy5pc0sPZ2YQHSM0bW8KMS0lJg94c3o1FSY3MDALJiwgeBcsNnFkP3oREy4qHywFJDgzNSMFAz4EGjsNDSQCJhEQFx4jOyAHYRETIRAbLEwIDxYPFAwBARIyMy4iGS0MJzAVMAYOEhAQKgAzJjgjFCYDEHkBGQENDyAzZksHBzhuKiAbOREABxAfEhoEEgViSwMTGSM7ARM+ECEcAAQFDi0IFRcDKnINGS4ROjkDITkhMT88LQgzMUAAEzAiISQLYBc+eCcNOx0MGDguShMWDiIhJAs8HioTIw44NwEBPzoeEyUsc0sLFRx7HSUMOWccECsFFRsfegAMSRt7BTszbHASAyE5IRoCNBELIxhKEwYeYCEODDkEMSUhDWU3DicVOU4DABEjODAyLgQefCYNOzcoJxE5FyhyAXATOi06JkQgKmAuAz0EBR0+InsZLws
54.230.111.65200 OK 1.2 kB URL HTTP/2 ikadmethe.xyz/SUJUVnkoIDc7Rih/NnAMOy5pc0sPZ2YQHSM0bW8KMS0lJg94c3o1FSY3MDALJiwgeBcsNnFkP3oREy4qHywFJDgzNSMFAz4EGjsNDSQCJhEQFx4jOyAHYRETIRAbLEwIDxYPFAwBARIyMy4iGS0MJzAVMAYOEhAQKgAzJjgjFCYDEHkBGQENDyAzZksHBzhuKiAbOREABxAfEhoEEgViSwMTGSM7ARM+ECEcAAQFDi0IFRcDKnINGS4ROjkDITkhMT88LQgzMUAAEzAiISQLYBc+eCcNOx0MGDguShMWDiIhJAs8HioTIw44NwEBPzoeEyUsc0sLFRx7HSUMOWccECsFFRsfegAMSRt7BTszbHASAyE5IRoCNBELIxhKEwYeYCEODDkEMSUhDWU3DicVOU4DABEjODAyLgQefCYNOzcoJxE5FyhyAXATOi06JkQgKmAuAz0EBR0+InsZLws
IP 54.230.111.65:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3048), with no line terminators
Hash 813cd494707c20db5ce72caf55ee3ebb
f2822b3fd928a6e32700c2bfd011d65bfc16ef80
6864ccb287d17c41fdc091fa4c69d4196a1364bfb3b86953ecb06aa425e1a62a
GET /SUJUVnkoIDc7Rih/NnAMOy5pc0sPZ2YQHSM0bW8KMS0lJg94c3o1FSY3MDALJiwgeBcsNnFkP3oREy4qHywFJDgzNSMFAz4EGjsNDSQCJhEQFx4jOyAHYRETIRAbLEwIDxYPFAwBARIyMy4iGS0MJzAVMAYOEhAQKgAzJjgjFCYDEHkBGQENDyAzZksHBzhuKiAbOREABxAfEhoEEgViSwMTGSM7ARM+ECEcAAQFDi0IFRcDKnINGS4ROjkDITkhMT88LQgzMUAAEzAiISQLYBc+eCcNOx0MGDguShMWDiIhJAs8HioTIw44NwEBPzoeEyUsc0sLFRx7HSUMOWccECsFFRsfegAMSRt7BTszbHASAyE5IRoCNBELIxhKEwYeYCEODDkEMSUhDWU3DicVOU4DABEjODAyLgQefCYNOzcoJxE5FyhyAXATOi06JkQgKmAuAz0EBR0+InsZLws HTTP/1.1
Host: ikadmethe.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1199
date: Fri, 11 Nov 2022 18:41:20 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: XHu0PaJkSn6FcV1dlSuqCNh2uAbndgQp8MSHc1uPBtYw6lCOIMKhHg==
X-Firefox-Spdy: h2
ikadmethe.xyz/bHJwSDMNEBMlDA1PEm5GHh5NbQEqV0IOVwYESXFAFB0BOEVdQ14rXwMHFC5BAxwEZl0JBlV6dVggNX1gIzUpJno4ChUfZy0cPi9lPhZDJFsvQyYheS80KAt3Pgg3Dlg/IhorFl4wJz9mJD0oGn4kMTIyagRGOwJgLUMyHXIEOzQNdTpAOT59AAISK3QLHyMJWBoRCSBpJBg1O30HASIBWjZCJBlXWTsKeXAoCxchfhRDJQldGEozDX1eFB44YygLHzljOUomEWsUGyYgeQQUNwF5Oh8AbQEuFgc7WDUqCCFnG0oBLXQ1FiYZaR4rMS9WDxwAe3AVIBgudEE4Ow10Kks1P187EScKWiknPnpVBiQUCmBUGhQ/XAsWHn1ZLzQqeVUBPxQeez0dP3hcKDsZDUIkJCELVV47Pht7Ph06P2U0VBo7XAICTQJSGAgJJFAPMQc
54.230.111.65200 OK 1.2 kB URL HTTP/2 ikadmethe.xyz/bHJwSDMNEBMlDA1PEm5GHh5NbQEqV0IOVwYESXFAFB0BOEVdQ14rXwMHFC5BAxwEZl0JBlV6dVggNX1gIzUpJno4ChUfZy0cPi9lPhZDJFsvQyYheS80KAt3Pgg3Dlg/IhorFl4wJz9mJD0oGn4kMTIyagRGOwJgLUMyHXIEOzQNdTpAOT59AAISK3QLHyMJWBoRCSBpJBg1O30HASIBWjZCJBlXWTsKeXAoCxchfhRDJQldGEozDX1eFB44YygLHzljOUomEWsUGyYgeQQUNwF5Oh8AbQEuFgc7WDUqCCFnG0oBLXQ1FiYZaR4rMS9WDxwAe3AVIBgudEE4Ow10Kks1P187EScKWiknPnpVBiQUCmBUGhQ/XAsWHn1ZLzQqeVUBPxQeez0dP3hcKDsZDUIkJCELVV47Pht7Ph06P2U0VBo7XAICTQJSGAgJJFAPMQc
IP 54.230.111.65:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3036), with no line terminators
Hash fd60c74fe033ed52a5dc5ce0180370ce
e565110871f5672811cb718f0ea0eede80038b4a
7360e08a17643378b22754610478154f9a3dd9799d7deda844d0ec0ddf5fb5ad
GET /bHJwSDMNEBMlDA1PEm5GHh5NbQEqV0IOVwYESXFAFB0BOEVdQ14rXwMHFC5BAxwEZl0JBlV6dVggNX1gIzUpJno4ChUfZy0cPi9lPhZDJFsvQyYheS80KAt3Pgg3Dlg/IhorFl4wJz9mJD0oGn4kMTIyagRGOwJgLUMyHXIEOzQNdTpAOT59AAISK3QLHyMJWBoRCSBpJBg1O30HASIBWjZCJBlXWTsKeXAoCxchfhRDJQldGEozDX1eFB44YygLHzljOUomEWsUGyYgeQQUNwF5Oh8AbQEuFgc7WDUqCCFnG0oBLXQ1FiYZaR4rMS9WDxwAe3AVIBgudEE4Ow10Kks1P187EScKWiknPnpVBiQUCmBUGhQ/XAsWHn1ZLzQqeVUBPxQeez0dP3hcKDsZDUIkJCELVV47Pht7Ph06P2U0VBo7XAICTQJSGAgJJFAPMQc HTTP/1.1
Host: ikadmethe.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1189
date: Fri, 11 Nov 2022 18:41:20 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: NUsSjO_DtEweQ529LsumGfFF2i1bccS2bxBZke1FxwH_gXqBDfQmYA==
X-Firefox-Spdy: h2
ikadmethe.xyz/VXRySEU0FhElejRJEG4wJxhPbXcTUUAOIT8CS3E2LRsDODNkRVwrKToBFi43OhoGZiswAFd6AwwuQhoqBx8ZDQ4iLRUsLRgANgAxcEYwHg0bFhYQPRc4Gjs1HwwWfQcyITkAL2EXORsycEYwES0iTD4eNWUgGycqFic8HhwWAzgCdANHED8cMjccPHwEIDcCICwlOxgiEAU4GR89IxUKfQYsIAYhHRgiBTIQGz4ZIi8zQAZyAw0dKxxmACosEz0bFx0PZj8fBnIDDj8KDh1NJhETJjEQDhNlMToKfAQaETkcZgAqBi1gHhchH2QjOgYrA0ZDBiEdHzMBFHgHBgIuH0Y+JhdgIhwaHDFHHh8cAwRABDJhRjYbBDg8QA4kFDwaECYALkAqPR9BJRljPwcdJjVoGjELPC8AHS0c
54.230.111.65200 OK 1.2 kB URL HTTP/2 ikadmethe.xyz/VXRySEU0FhElejRJEG4wJxhPbXcTUUAOIT8CS3E2LRsDODNkRVwrKToBFi43OhoGZiswAFd6AwwuQhoqBx8ZDQ4iLRUsLRgANgAxcEYwHg0bFhYQPRc4Gjs1HwwWfQcyITkAL2EXORsycEYwES0iTD4eNWUgGycqFic8HhwWAzgCdANHED8cMjccPHwEIDcCICwlOxgiEAU4GR89IxUKfQYsIAYhHRgiBTIQGz4ZIi8zQAZyAw0dKxxmACosEz0bFx0PZj8fBnIDDj8KDh1NJhETJjEQDhNlMToKfAQaETkcZgAqBi1gHhchH2QjOgYrA0ZDBiEdHzMBFHgHBgIuH0Y+JhdgIhwaHDFHHh8cAwRABDJhRjYbBDg8QA4kFDwaECYALkAqPR9BJRljPwcdJjVoGjELPC8AHS0c
IP 54.230.111.65:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3013), with no line terminators
Hash 380ea7ad7414fb6c1998fa99f8fbb35b
5b0716b9ad972f8df302b4cf03ef70108c110b1f
47bbd4926fbfb68b21c5f37c4e0983dc0f2c8457e8a542949d9806e423b5f047
GET /VXRySEU0FhElejRJEG4wJxhPbXcTUUAOIT8CS3E2LRsDODNkRVwrKToBFi43OhoGZiswAFd6AwwuQhoqBx8ZDQ4iLRUsLRgANgAxcEYwHg0bFhYQPRc4Gjs1HwwWfQcyITkAL2EXORsycEYwES0iTD4eNWUgGycqFic8HhwWAzgCdANHED8cMjccPHwEIDcCICwlOxgiEAU4GR89IxUKfQYsIAYhHRgiBTIQGz4ZIi8zQAZyAw0dKxxmACosEz0bFx0PZj8fBnIDDj8KDh1NJhETJjEQDhNlMToKfAQaETkcZgAqBi1gHhchH2QjOgYrA0ZDBiEdHzMBFHgHBgIuH0Y+JhdgIhwaHDFHHh8cAwRABDJhRjYbBDg8QA4kFDwaECYALkAqPR9BJRljPwcdJjVoGjELPC8AHS0c HTTP/1.1
Host: ikadmethe.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1169
date: Fri, 11 Nov 2022 18:41:20 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: WDsdsAeK_bitBDCLOOVniisafpN7r4OrAaAQX83noPdSusZT1nu3Dg==
X-Firefox-Spdy: h2
push.services.mozilla.com/
35.165.143.157101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.165.143.157:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 1twQ0k/cMJfUDZ5UM59IaA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: RL46W2eojIQZquWFx9laDajXF08=
bayfiles.com/img/flags/24/fi.png
45.154.253.151200 OK 456 B URL HTTP/1.1 bayfiles.com/img/flags/24/fi.png
IP 45.154.253.151:0
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash 0ea9115d18d5210d4f1db520881faa3a
09829c2b7b5e4bae28d62b1dff90220f28c3bdf5
544fee9d1bff8bc83865ab87538924de207ebe4848787496c7308b91b539b6da
GET /img/flags/24/fi.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/Sfd4l2E8ye/ProtonVPN_1.18.5_rar
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 11 Nov 2022 18:41:20 GMT
Content-Type: image/png
Content-Length: 456
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 481
accept-ranges: bytes
itahandkeight.xyz/YzYxdnBMCVIFTQFidzMSDXxSNEM5U2AgGypSZx48O2d3Tyc2RRcCGQcLBkVHUAUEUAAKUgxHSEVFRRcEFkUMR1YKWFcZTUVADEdeUxgDWEFFQwxHVhdGUBFNUhBBAgQPCwBARlsHCERAWwYFQUI
172.67.208.217204 No Content 0 B URL HTTP/2 itahandkeight.xyz/YzYxdnBMCVIFTQFidzMSDXxSNEM5U2AgGypSZx48O2d3Tyc2RRcCGQcLBkVHUAUEUAAKUgxHSEVFRRcEFkUMR1YKWFcZTUVADEdeUxgDWEFFQwxHVhdGUBFNUhBBAgQPCwBARlsHCERAWwYFQUI
IP 172.67.208.217:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /YzYxdnBMCVIFTQFidzMSDXxSNEM5U2AgGypSZx48O2d3Tyc2RRcCGQcLBkVHUAUEUAAKUgxHSEVFRRcEFkUMR1YKWFcZTUVADEdeUxgDWEFFQwxHVhdGUBFNUhBBAgQPCwBARlsHCERAWwYFQUI HTTP/1.1
Host: itahandkeight.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Fri, 11 Nov 2022 18:41:21 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XDinCRKu9ebJGbv8UusDyyodIu5CgzgxSqnfmEeOSEVWbYys6J%2BFuBG4pL25shYTnJ6Kpk%2BeHomNF3rR0N7G1aWoWz3XZkn%2BjbhjDbiJhPCLK5OtTh339M59zn6g2eiMADj4Zg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 768929598bf8b4f9-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
itahandkeight.xyz/TTd2VlJiCBUlbxpvHicGIEMFBRR4AiM7awNiRSIBLAcCDzchA1AiOykKQWVlfgRFcCIkU0tndD5DFyInPgpHcDsjURlrdDsKR3hheRlFZnx5EQNrY2tDBjc1cAZQJiY5W0tnZHsPR29gfQ9GYmd8
172.67.208.217204 No Content 0 B URL HTTP/2 itahandkeight.xyz/TTd2VlJiCBUlbxpvHicGIEMFBRR4AiM7awNiRSIBLAcCDzchA1AiOykKQWVlfgRFcCIkU0tndD5DFyInPgpHcDsjURlrdDsKR3hheRlFZnx5EQNrY2tDBjc1cAZQJiY5W0tnZHsPR29gfQ9GYmd8
IP 172.67.208.217:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /TTd2VlJiCBUlbxpvHicGIEMFBRR4AiM7awNiRSIBLAcCDzchA1AiOykKQWVlfgRFcCIkU0tndD5DFyInPgpHcDsjURlrdDsKR3hheRlFZnx5EQNrY2tDBjc1cAZQJiY5W0tnZHsPR29gfQ9GYmd8 HTTP/1.1
Host: itahandkeight.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Fri, 11 Nov 2022 18:41:21 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1YS%2F1gkG%2Fs8fYoqeA00aoB%2BvErrh9O0WQb26GIY5tFgmo4yaJtHPTdUOWxkAG5JufhzReSV9xOc6PLkk5vsawvDJ3BtyJg5jAnvjPQK%2FXH1qXb%2FDzHQfMYOdsR8Z5xf4o5YxiA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 768929597be8b4f9-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
itahandkeight.xyz/a1ZxRjhEaRI1BQk8GRRpBmcpB28tZyZ3WyQPOTZbMzEBL1s9PVcyUQ9rRnMOWGFHYEgCMkx0AU0lBSdMHiVMdx4COBcpBU0gTHcWW3hHdhZacAR7CU0iASdfVmdXNkwfOkx3Dl1uQH8KW25Bcg5f
172.67.208.217204 No Content 0 B URL HTTP/2 itahandkeight.xyz/a1ZxRjhEaRI1BQk8GRRpBmcpB28tZyZ3WyQPOTZbMzEBL1s9PVcyUQ9rRnMOWGFHYEgCMkx0AU0lBSdMHiVMdx4COBcpBU0gTHcWW3hHdhZacAR7CU0iASdfVmdXNkwfOkx3Dl1uQH8KW25Bcg5f
IP 172.67.208.217:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /a1ZxRjhEaRI1BQk8GRRpBmcpB28tZyZ3WyQPOTZbMzEBL1s9PVcyUQ9rRnMOWGFHYEgCMkx0AU0lBSdMHiVMdx4COBcpBU0gTHcWW3hHdhZacAR7CU0iASdfVmdXNkwfOkx3Dl1uQH8KW25Bcg5f HTTP/1.1
Host: itahandkeight.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Fri, 11 Nov 2022 18:41:21 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qAJWUudvj3jxxZKJt3RVv55%2FidE4EI9ex3a3DmUfDOm5TqiCZOwrlzdrOh1G15Lu8Nd%2BYVw0Fl4qjaeE0CpDQbJq8vKfxbUZ0RKohZVnc7y9gTvuwd0Vk4TkAxC%2BIcjWD0jLAQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 768929597bebb4f9-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f28c003fb99185fa17e93ae9d1e3745f
611f4cbbead973c39305a7453144d7487e63620c
740f652687019d3ffce89b73e24fbf53e665e3bf5c59fcbded4dd68fdbee3d3f
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "740F652687019D3FFCE89B73E24FBF53E665E3BF5C59FCBDED4DD68FDBEE3D3F"
Last-Modified: Fri, 11 Nov 2022 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7558
Expires: Fri, 11 Nov 2022 20:47:19 GMT
Date: Fri, 11 Nov 2022 18:41:21 GMT
Connection: keep-alive
bayfiles.com/static/logo.png
45.154.253.151200 OK 39 kB URL HTTP/1.1 bayfiles.com/static/logo.png
IP 45.154.253.151:0
ASN #41634 Svea Hosting AB
File type PNG image data, 292 x 251, 8-bit/color RGBA, non-interlaced\012- data
Hash d39dfc9566d5264e198224dc249dd6bb
67ec60e7df6257a32f41e45e6877dc65f036ef0f
0b959f7dd25865a8a0636b6bb81d523c07fb03f76905313b9b8d677ae294b25a
GET /static/logo.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/Sfd4l2E8ye/ProtonVPN_1.18.5_rar
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 11 Nov 2022 18:41:21 GMT
Content-Type: image/png
Content-Length: 38607
Connection: keep-alive
last-modified: Fri, 16 Sep 2022 20:22:41 GMT
etag: "6324db11-96cf"
bayfiles.com/img/file/filetypes/ext/rar.png?1663356888
45.154.253.151200 OK 631 B URL HTTP/1.1 bayfiles.com/img/file/filetypes/ext/rar.png?1663356888
IP 45.154.253.151:0
ASN #41634 Svea Hosting AB
File type PNG image data, 16 x 16, 8-bit colormap, non-interlaced\012- data
Hash d33954367bc5d15c7f0e01857e7ae8ea
b8b5ba4e52c439feed2b51c7f982be6f4dee3aae
a6f8963dd8d602e135e8b860b7e48badfd78c2b1bef9ec362a39ce2fc484606f
GET /img/file/filetypes/ext/rar.png?1663356888 HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/Sfd4l2E8ye/ProtonVPN_1.18.5_rar
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 11 Nov 2022 18:41:21 GMT
Content-Type: image/png
Content-Length: 631
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 97
accept-ranges: bytes
djv99sxoqpv11.cloudfront.net/3SGxSVnQrAzwwSzwFNmtDfVphYUJuBiE5GjhROz5AMBYmECUDKzlvOTEedCIOLFFicBgpAjVrUi0CMWtFbg02NEl8SiYmGyNRKDcMPQ42JQMuBHQjFXUBPSwdJAAzc0YOWXxmUXpceiEdJgg9IQdtXmI4AG1eYmdEZlx3ZTZtXmIhHSZaZnNHCklgZgx+WH-dlNm1eYiQCbV8TZ0R9QmJ/UXpcNTMXIwN3ZDJ6XGNmRHlcY3NGeAo7JBEuAypzRg5dYmNaeEona0U
54.230.245.37200 OK 454 B URL HTTP/2 djv99sxoqpv11.cloudfront.net/3SGxSVnQrAzwwSzwFNmtDfVphYUJuBiE5GjhROz5AMBYmECUDKzlvOTEedCIOLFFicBgpAjVrUi0CMWtFbg02NEl8SiYmGyNRKDcMPQ42JQMuBHQjFXUBPSwdJAAzc0YOWXxmUXpceiEdJgg9IQdtXmI4AG1eYmdEZlx3ZTZtXmIhHSZaZnNHCklgZgx+WH-dlNm1eYiQCbV8TZ0R9QmJ/UXpcNTMXIwN3ZDJ6XGNmRHlcY3NGeAo7JBEuAypzRg5dYmNaeEona0U
IP 54.230.245.37:0
File type ASCII text, with very long lines (587), with no line terminators
Hash 7559406ca06163a6ac2efa7b14acbf08
f4bce1368608a9bd089d2ef4ffca1df35efc6e6c
fb94a30c980c51a77fce0af1ebd21375adbed655eaef2876ad3d97ec2ec64bbb
Analyzer Verdict Alert fortinet Malware
GET /3SGxSVnQrAzwwSzwFNmtDfVphYUJuBiE5GjhROz5AMBYmECUDKzlvOTEedCIOLFFicBgpAjVrUi0CMWtFbg02NEl8SiYmGyNRKDcMPQ42JQMuBHQjFXUBPSwdJAAzc0YOWXxmUXpceiEdJgg9IQdtXmI4AG1eYmdEZlx3ZTZtXmIhHSZaZnNHCklgZgx+WH-dlNm1eYiQCbV8TZ0R9QmJ/UXpcNTMXIwN3ZDJ6XGNmRHlcY3NGeAo7JBEuAypzRg5dYmNaeEona0U HTTP/1.1
Host: djv99sxoqpv11.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ikadmethe.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 454
date: Fri, 11 Nov 2022 18:41:21 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 7829hxglHV4tiuP03NJZJuiMNPDHewt7dlMOIp1xt0sWoFADzm6aZw==
X-Firefox-Spdy: h2
djv99sxoqpv11.cloudfront.net/YZ0RoRkkEKwYgdhMtDHt+VHNbdXxBLhspJxd5BgUKHj4cKSw+Yhw8LVp0TiooCSNVYCwJJ1V3bwYgCnt9QTEJeyQIPgEqJQZhWgB8SXRNdHlPMwEoLQgzG2N7VyocY3tXdVhoeUJ3KmN7VzMBKH9TYVsEbFV0EHB9QncqY3tXNh5jeiZ1WHNnV21NdHkAIQ-stJkJ2LnR5VnRYd3lWYVp2Lw42DSAmH2FaAHhXcUZ2bxJ5WQ
54.230.245.37200 OK 182 B URL HTTP/2 djv99sxoqpv11.cloudfront.net/YZ0RoRkkEKwYgdhMtDHt+VHNbdXxBLhspJxd5BgUKHj4cKSw+Yhw8LVp0TiooCSNVYCwJJ1V3bwYgCnt9QTEJeyQIPgEqJQZhWgB8SXRNdHlPMwEoLQgzG2N7VyocY3tXdVhoeUJ3KmN7VzMBKH9TYVsEbFV0EHB9QncqY3tXNh5jeiZ1WHNnV21NdHkAIQ-stJkJ2LnR5VnRYd3lWYVp2Lw42DSAmH2FaAHhXcUZ2bxJ5WQ
IP 54.230.245.37:0
File type ASCII text, with no line terminators
Hash 3902642e56ebbfd1f323297d042ad581
c2768bae375fcb2d452fb940f255bcba828c762b
65081637de1ece63175d22e108b812a484c819a488757dab12b4d04b010e4565
Analyzer Verdict Alert fortinet Malware
GET /YZ0RoRkkEKwYgdhMtDHt+VHNbdXxBLhspJxd5BgUKHj4cKSw+Yhw8LVp0TiooCSNVYCwJJ1V3bwYgCnt9QTEJeyQIPgEqJQZhWgB8SXRNdHlPMwEoLQgzG2N7VyocY3tXdVhoeUJ3KmN7VzMBKH9TYVsEbFV0EHB9QncqY3tXNh5jeiZ1WHNnV21NdHkAIQ-stJkJ2LnR5VnRYd3lWYVp2Lw42DSAmH2FaAHhXcUZ2bxJ5WQ HTTP/1.1
Host: djv99sxoqpv11.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ikadmethe.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 182
date: Fri, 11 Nov 2022 18:41:21 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: urN-pQla4JuWgb_NY4Y1CUoivsKO1IF90516zAXYVMlHGNVDYs5Y4Q==
X-Firefox-Spdy: h2
djv99sxoqpv11.cloudfront.net/4RE5SOGYnITxeWTAnNgVRd3lhC1ViJCFXCDRzGFkSPjc+WwUHOXRMHCBzYh4KJSA1BUAhIDEFV2IvNlpbcGgmSAkvcyhZHjEsNksRIiZ0TQd5Iz1CDygiMx1UAnt8CEN2fnpPDyoqPU8VYXxiVhJhfGIJVmp+dwskYXxiTw8qeGYdVQZrYAgecnp3CyRhfG-JKEGF9EwlWcWBiEUN2fjVdBS8hdwogdn5jCFZ1fmMdVHQoO0oDIiEqHVQCf2INSHRoJwVX
54.230.245.37200 OK 540 B URL HTTP/2 djv99sxoqpv11.cloudfront.net/4RE5SOGYnITxeWTAnNgVRd3lhC1ViJCFXCDRzGFkSPjc+WwUHOXRMHCBzYh4KJSA1BUAhIDEFV2IvNlpbcGgmSAkvcyhZHjEsNksRIiZ0TQd5Iz1CDygiMx1UAnt8CEN2fnpPDyoqPU8VYXxiVhJhfGIJVmp+dwskYXxiTw8qeGYdVQZrYAgecnp3CyRhfG-JKEGF9EwlWcWBiEUN2fjVdBS8hdwogdn5jCFZ1fmMdVHQoO0oDIiEqHVQCf2INSHRoJwVX
IP 54.230.245.37:0
File type ASCII text, with very long lines (754), with no line terminators
Hash ae2973401a055b92b994f64d4afd6441
2835f1299564d85f156eb30f887c57e06ebc75df
706758e4a6e3c47735860ba0d2ac5e7ec07f3d922ec6ede357289201a156f39d
Analyzer Verdict Alert fortinet Malware
GET /4RE5SOGYnITxeWTAnNgVRd3lhC1ViJCFXCDRzGFkSPjc+WwUHOXRMHCBzYh4KJSA1BUAhIDEFV2IvNlpbcGgmSAkvcyhZHjEsNksRIiZ0TQd5Iz1CDygiMx1UAnt8CEN2fnpPDyoqPU8VYXxiVhJhfGIJVmp+dwskYXxiTw8qeGYdVQZrYAgecnp3CyRhfG-JKEGF9EwlWcWBiEUN2fjVdBS8hdwogdn5jCFZ1fmMdVHQoO0oDIiEqHVQCf2INSHRoJwVX HTTP/1.1
Host: djv99sxoqpv11.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ikadmethe.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 540
date: Fri, 11 Nov 2022 18:41:21 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: LQ-PTjhuAgKwCwB3lFxQoU5HuDK6Mqh1vf9WT88sR2T3ofP250OMsQ==
X-Firefox-Spdy: h2
bayfiles.com/img/flags/24/us.png
45.154.253.151200 OK 656 B URL HTTP/1.1 bayfiles.com/img/flags/24/us.png
IP 45.154.253.151:0
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash ae506a6c014bfeb8d8cbfdfbe94c14c9
f4e74440c4e79e71959b9b8f799f2e8a7e15b7ee
bc6dd978e70894c8a0148e6806f4fde9566ee59349adb03c02a61a3b2e25b6f1
GET /img/flags/24/us.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/Sfd4l2E8ye/ProtonVPN_1.18.5_rar
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 11 Nov 2022 18:41:21 GMT
Content-Type: image/png
Content-Length: 656
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 920
accept-ranges: bytes
bayfiles.com/img/flags/24/de.png
45.154.253.151200 OK 483 B URL HTTP/1.1 bayfiles.com/img/flags/24/de.png
IP 45.154.253.151:0
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash 9f8cc07c258bcd2de0c7900861e20ffc
fed97219e44693d4f3918fc4037b325732225d81
07cd5a4cad20604f77dced9c7d8a92ca9ae3321718e5a1935296e4d75f921a19
GET /img/flags/24/de.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/Sfd4l2E8ye/ProtonVPN_1.18.5_rar
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 11 Nov 2022 18:41:21 GMT
Content-Type: image/png
Content-Length: 483
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 521
accept-ranges: bytes
bayfiles.com/img/flags/24/ru.png
45.154.253.151200 OK 403 B URL HTTP/1.1 bayfiles.com/img/flags/24/ru.png
IP 45.154.253.151:0
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash d8df89b036e6afb48f72d2440831bad0
04abb4b29dae9c6f1ac0f1d8a507aabe26a3be35
2db4b55326c0ef7cd3caf53e835ae1f38629da1d1c2f5a127e0785165b16078c
GET /img/flags/24/ru.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/Sfd4l2E8ye/ProtonVPN_1.18.5_rar
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 11 Nov 2022 18:41:21 GMT
Content-Type: image/png
Content-Length: 403
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 906
accept-ranges: bytes
bayfiles.com/img/favicon/favicon-32x32-bayfiles.png?1663356888
45.154.253.151200 OK 1.4 kB URL HTTP/1.1 bayfiles.com/img/favicon/favicon-32x32-bayfiles.png?1663356888
IP 45.154.253.151:0
ASN #41634 Svea Hosting AB
File type PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash 9549584e9288a5dd9d163daa26a6f34d
0c7a71967bd4570770aa9b1043a1d82cd8969252
d18e625001a778074faea9e00ae801988818827c121732ba020390e84897578e
GET /img/favicon/favicon-32x32-bayfiles.png?1663356888 HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/Sfd4l2E8ye/ProtonVPN_1.18.5_rar
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 11 Nov 2022 18:41:21 GMT
Content-Type: image/png
Content-Length: 1368
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 693
accept-ranges: bytes
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c23a1d914063fa31290cb112dde250f3
cd06d4dc3c1f5b4ca991ba4d1fa6b3f1fb917fa1
d3b12b77b946d1e6922dc631cd1f332954d1bfc11b4bfa9af4237f09cff52f48
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D3B12B77B946D1E6922DC631CD1F332954D1BFC11B4BFA9AF4237F09CFF52F48"
Last-Modified: Fri, 11 Nov 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2003
Expires: Fri, 11 Nov 2022 19:14:44 GMT
Date: Fri, 11 Nov 2022 18:41:21 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash d84a911b820c140cf4e3da2af665b63c
fbee3b2193231404844c0ecb6e8f72d02d30e997
7f0381e9de205bbe3e0cab3e7e40afced0d58bb25b8df4715d1406c702624d14
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5910
Cache-Control: max-age=123704
Content-Type: application/ocsp-response
Date: Fri, 11 Nov 2022 18:41:21 GMT
Etag: "636dc073-1d7"
Expires: Sun, 13 Nov 2022 05:03:05 GMT
Last-Modified: Fri, 11 Nov 2022 03:24:35 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 43e77312eb1fe87b78c7335565ad91e0
121493fd255c444f54ab21ef95d70a6b071eed11
a3ea328acdc6b1af8e29b8bf2dc16ae587bd7323d930d3c52efd665e510a108b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 11 Nov 2022 18:41:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 43e77312eb1fe87b78c7335565ad91e0
121493fd255c444f54ab21ef95d70a6b071eed11
a3ea328acdc6b1af8e29b8bf2dc16ae587bd7323d930d3c52efd665e510a108b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 11 Nov 2022 18:41:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f1038b317b66d4d5b0d612c9e02f70ed
a58b72ac927008a8949f345b3fd879c2794960ae
f73104743472729224589ce94d83002291a5123328bdd34660334857d6491204
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "F73104743472729224589CE94D83002291A5123328BDD34660334857D6491204"
Last-Modified: Thu, 10 Nov 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11604
Expires: Fri, 11 Nov 2022 21:54:45 GMT
Date: Fri, 11 Nov 2022 18:41:21 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f1038b317b66d4d5b0d612c9e02f70ed
a58b72ac927008a8949f345b3fd879c2794960ae
f73104743472729224589ce94d83002291a5123328bdd34660334857d6491204
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "F73104743472729224589CE94D83002291A5123328BDD34660334857D6491204"
Last-Modified: Thu, 10 Nov 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11604
Expires: Fri, 11 Nov 2022 21:54:45 GMT
Date: Fri, 11 Nov 2022 18:41:21 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f1038b317b66d4d5b0d612c9e02f70ed
a58b72ac927008a8949f345b3fd879c2794960ae
f73104743472729224589ce94d83002291a5123328bdd34660334857d6491204
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "F73104743472729224589CE94D83002291A5123328BDD34660334857D6491204"
Last-Modified: Thu, 10 Nov 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11604
Expires: Fri, 11 Nov 2022 21:54:45 GMT
Date: Fri, 11 Nov 2022 18:41:21 GMT
Connection: keep-alive
ikadmethe.xyz/utx?cb=hQon6shHkoTo&top=bayfiles.com&tid=737333
54.230.111.65204 No Content 0 B URL HTTP/2 ikadmethe.xyz/utx?cb=hQon6shHkoTo&top=bayfiles.com&tid=737333
IP 54.230.111.65:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=hQon6shHkoTo&top=bayfiles.com&tid=737333 HTTP/1.1
Host: ikadmethe.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bayfiles.com
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Fri, 11 Nov 2022 18:41:21 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://bayfiles.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Fri, 11 Nov 2022 18:42:21 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: BXrDmaSxm49MoNZYVsyEbYYDKUqPG_JNJ78_c0TPpO353YoJeONsQA==
X-Firefox-Spdy: h2
ikadmethe.xyz/utx?cb=F3yS1F1nW6nR&top=bayfiles.com&tid=756376
54.230.111.65204 No Content 0 B URL HTTP/2 ikadmethe.xyz/utx?cb=F3yS1F1nW6nR&top=bayfiles.com&tid=756376
IP 54.230.111.65:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=F3yS1F1nW6nR&top=bayfiles.com&tid=756376 HTTP/1.1
Host: ikadmethe.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bayfiles.com
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Fri, 11 Nov 2022 18:41:21 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://bayfiles.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Fri, 11 Nov 2022 18:42:21 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ZUwlGytLWpz9Tsj2CSzQ8c6lNCTbFo1ueqGH8k35nCnmrqZuSeuMbg==
X-Firefox-Spdy: h2
ikadmethe.xyz/multi?cs=SUdEY1BwfnRUZnBxdVtheXV3UGQ&abt=0&red=1&sm=76&k=&v=1.0.60.1&sts=0&prn=0&emb=0&tid=756376&rxy=1280_1024&fs=1&ref=https%3A%2F%2Fbayfiles.com%2FSfd4l2E8ye%2FProtonVPN_1.18.5_rar&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&_Dpg8=1668192081076&crc=1
54.230.111.65200 OK 1.6 kB URL HTTP/2 ikadmethe.xyz/multi?cs=SUdEY1BwfnRUZnBxdVtheXV3UGQ&abt=0&red=1&sm=76&k=&v=1.0.60.1&sts=0&prn=0&emb=0&tid=756376&rxy=1280_1024&fs=1&ref=https%3A%2F%2Fbayfiles.com%2FSfd4l2E8ye%2FProtonVPN_1.18.5_rar&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&_Dpg8=1668192081076&crc=1
IP 54.230.111.65:0
File type ASCII text, with very long lines (3211), with no line terminators
Hash db81dfc1d0794febdbaafe4f31d05ff2
3fb4294c7eb88f98cb5f0671b95c3867e322a224
5fc1d4a5f3284c808dbc4aeb6ad18ae9841b59ac133a303a068bbbd70777c414
GET /multi?cs=SUdEY1BwfnRUZnBxdVtheXV3UGQ&abt=0&red=1&sm=76&k=&v=1.0.60.1&sts=0&prn=0&emb=0&tid=756376&rxy=1280_1024&fs=1&ref=https%3A%2F%2Fbayfiles.com%2FSfd4l2E8ye%2FProtonVPN_1.18.5_rar&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&_Dpg8=1668192081076&crc=1 HTTP/1.1
Host: ikadmethe.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bayfiles.com
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/plain
content-length: 1550
date: Fri, 11 Nov 2022 18:41:21 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://bayfiles.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=7ca8537c-5dc0-46e1-b469-dea705e627ca
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: po9-g6j8_XAEiM1RR6Ev9CvVI1UDBn0ZGzTbuKQniWflBedIcJnVMA==
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
216.58.207.237302 Found 396 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP 216.58.207.237:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (381)
Hash 8215d641bce86481da9ed73700a544bb
655771ca4cddeaed6c3fa6e4541d79e533d89e29
9ff24f980d5e274b9bd518df95d2630712b6200765f0f3a95bcdcdd2303e2725
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 11 Nov 2022 18:41:21 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-2112939984%3A1668192081791908&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAvk4-3G1GalzgxOQwjEHOjdaJlhY6_t-OqMug0rgUjhAm6uba5mrWLT946Y1XpkCuYHlYVaZg
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-Lguo52vB6OsYMKICfXCMiw' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 396
server: GSE
set-cookie: __Host-GAPS=1:SxwyVdqmQiLM27xQUIb-VUr-Dpaf5g:O-f6Si3ZOHCRNsC6;Path=/;Expires=Sun, 10-Nov-2024 18:41:21 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
216.58.207.237302 Found 393 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP 216.58.207.237:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (384)
Hash 89799421b708c56378babe54326bbf87
f0e821b2d8c968a8df9066e8a0839b640008b6a3
6b179186607859af9bb8399de85f6add1f4c700393d733ec788d0cab4bb59790
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 11 Nov 2022 18:41:21 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S2080702815%3A1668192081841769&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAsp1Gtyzd1xeWmLDNlHWdCXwj9pYS7TmhLTsU6g2yLixCu5_9FBR5_DnwXTFeaWHCmAfXeOZw
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-ybO7nwb0RkdhF5DnfSYBGA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 393
server: GSE
set-cookie: __Host-GAPS=1:UESlOQVRCEvQxSfC0JlgAfYWxlowVg:pLu6cZL0QfxQRhya;Path=/;Expires=Sun, 10-Nov-2024 18:41:21 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 05bb9af901ca5b651e88fcbe236711f5
18412da7fc2d868fc74bc3e7c44b4add4bbbdef9
9b87e90e4f5356da47fd562f7d06c8fbdef90d011e8c20e5687afbeaf6e7d29b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 11 Nov 2022 18:41:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash d84a911b820c140cf4e3da2af665b63c
fbee3b2193231404844c0ecb6e8f72d02d30e997
7f0381e9de205bbe3e0cab3e7e40afced0d58bb25b8df4715d1406c702624d14
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5910
Cache-Control: max-age=123704
Content-Type: application/ocsp-response
Date: Fri, 11 Nov 2022 18:41:21 GMT
Etag: "636dc073-1d7"
Expires: Sun, 13 Nov 2022 05:03:05 GMT
Last-Modified: Fri, 11 Nov 2022 03:24:35 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f1038b317b66d4d5b0d612c9e02f70ed
a58b72ac927008a8949f345b3fd879c2794960ae
f73104743472729224589ce94d83002291a5123328bdd34660334857d6491204
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "F73104743472729224589CE94D83002291A5123328BDD34660334857D6491204"
Last-Modified: Thu, 10 Nov 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11604
Expires: Fri, 11 Nov 2022 21:54:45 GMT
Date: Fri, 11 Nov 2022 18:41:21 GMT
Connection: keep-alive
policityseriod.info/QkMzNXc5YUBCKDcxXxdNYCtHQQcxeRwaFSM6VVwbJzAdVhgvbEBCWSgwERlVMS5VF01zbxFBFiUcWlFVeGEEBkBxcQUXW2AwRlcoKycBF01gIVEFFCd6UFNacnZVVFp2IAcAWnt7BQRadHRVDEMjdAZWRiQgEUg
103.224.212.220302 Found 0 B URL HTTP/1.1 policityseriod.info/QkMzNXc5YUBCKDcxXxdNYCtHQQcxeRwaFSM6VVwbJzAdVhgvbEBCWSgwERlVMS5VF01zbxFBFiUcWlFVeGEEBkBxcQUXW2AwRlcoKycBF01gIVEFFCd6UFNacnZVVFp2IAcAWnt7BQRadHRVDEMjdAZWRiQgEUg
IP 103.224.212.220:0
ASN #133618 Trellian Pty. Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
GET /QkMzNXc5YUBCKDcxXxdNYCtHQQcxeRwaFSM6VVwbJzAdVhgvbEBCWSgwERlVMS5VF01zbxFBFiUcWlFVeGEEBkBxcQUXW2AwRlcoKycBF01gIVEFFCd6UFNacnZVVFp2IAcAWnt7BQRadHRVDEMjdAZWRiQgEUg HTTP/1.1
Host: policityseriod.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Date: Fri, 11 Nov 2022 18:41:21 GMT
Server: Apache/2.4.38 (Debian)
Set-Cookie: __tad=1668192081.3739163; expires=Mon, 08-Nov-2032 18:41:21 GMT; Max-Age=315360000
Location: http://ww25.policityseriod.info/QkMzNXc5YUBCKDcxXxdNYCtHQQcxeRwaFSM6VVwbJzAdVhgvbEBCWSgwERlVMS5VF01zbxFBFiUcWlFVeGEEBkBxcQUXW2AwRlcoKycBF01gIVEFFCd6UFNacnZVVFp2IAcAWnt7BQRadHRVDEMjdAZWRiQgEUg?subid1=20221112-0541-2107-9b32-3cf7f77d1b7b
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8
bayfiles.com/sw.js?Z3NFbjM8UXJdBFRBc0wfRVFpTFEFQyYLCgQVaF4GARJoWlBTRmhXC1FCaFgEAUpxDwRSEHQIUEVfZ1sBAxJ3D1VSXn0PUFJecVYFV14kCwZSXn1aBVAVI18EUBB9DBFLUTYZEUtRNQFfDhAsGkoUFjcHXANdLABVCFFpTAZJQWcz
45.154.253.151200 OK 14 kB URL HTTP/1.1 bayfiles.com/sw.js?Z3NFbjM8UXJdBFRBc0wfRVFpTFEFQyYLCgQVaF4GARJoWlBTRmhXC1FCaFgEAUpxDwRSEHQIUEVfZ1sBAxJ3D1VSXn0PUFJecVYFV14kCwZSXn1aBVAVI18EUBB9DBFLUTYZEUtRNQFfDhAsGkoUFjcHXANdLABVCFFpTAZJQWcz
IP 45.154.253.151:0
ASN #41634 Svea Hosting AB
File type ASCII text, with very long lines (39060), with no line terminators
Hash fefdeff3180d9772f08a2cadce9a55b0
5610f0290b7f4c81c57a65703825fc2830aeac96
0009589421c540c0b0ee37fde74f5373962096bc8e9869a953b4cb59547a8f61
GET /sw.js?Z3NFbjM8UXJdBFRBc0wfRVFpTFEFQyYLCgQVaF4GARJoWlBTRmhXC1FCaFgEAUpxDwRSEHQIUEVfZ1sBAxJ3D1VSXn0PUFJecVYFV14kCwZSXn1aBVAVI18EUBB9DBFLUTYZEUtRNQFfDhAsGkoUFjcHXANdLABVCFFpTAZJQWcz HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 11 Nov 2022 18:41:22 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
x-vdch: Yes
cache-control: public, max-age=14400
x-oe: Y
x-oh: 10744
Content-Encoding: gzip
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash fb29db48daab83bcaed56b72093619cc
e0e0a09d729ffb1c41411419768896f1e1eb3346
08e24124f809f1ab7e6960355efcb419e13dd5fb6063c31caf04e11ebdb7a5cf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "08E24124F809F1AB7E6960355EFCB419E13DD5FB6063C31CAF04E11EBDB7A5CF"
Last-Modified: Fri, 11 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6377
Expires: Fri, 11 Nov 2022 20:27:39 GMT
Date: Fri, 11 Nov 2022 18:41:22 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash fb29db48daab83bcaed56b72093619cc
e0e0a09d729ffb1c41411419768896f1e1eb3346
08e24124f809f1ab7e6960355efcb419e13dd5fb6063c31caf04e11ebdb7a5cf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "08E24124F809F1AB7E6960355EFCB419E13DD5FB6063C31CAF04E11EBDB7A5CF"
Last-Modified: Fri, 11 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6377
Expires: Fri, 11 Nov 2022 20:27:39 GMT
Date: Fri, 11 Nov 2022 18:41:22 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash fb29db48daab83bcaed56b72093619cc
e0e0a09d729ffb1c41411419768896f1e1eb3346
08e24124f809f1ab7e6960355efcb419e13dd5fb6063c31caf04e11ebdb7a5cf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "08E24124F809F1AB7E6960355EFCB419E13DD5FB6063C31CAF04E11EBDB7A5CF"
Last-Modified: Fri, 11 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6377
Expires: Fri, 11 Nov 2022 20:27:39 GMT
Date: Fri, 11 Nov 2022 18:41:22 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash fb29db48daab83bcaed56b72093619cc
e0e0a09d729ffb1c41411419768896f1e1eb3346
08e24124f809f1ab7e6960355efcb419e13dd5fb6063c31caf04e11ebdb7a5cf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "08E24124F809F1AB7E6960355EFCB419E13DD5FB6063C31CAF04E11EBDB7A5CF"
Last-Modified: Fri, 11 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6377
Expires: Fri, 11 Nov 2022 20:27:39 GMT
Date: Fri, 11 Nov 2022 18:41:22 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash fb29db48daab83bcaed56b72093619cc
e0e0a09d729ffb1c41411419768896f1e1eb3346
08e24124f809f1ab7e6960355efcb419e13dd5fb6063c31caf04e11ebdb7a5cf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "08E24124F809F1AB7E6960355EFCB419E13DD5FB6063C31CAF04E11EBDB7A5CF"
Last-Modified: Fri, 11 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6377
Expires: Fri, 11 Nov 2022 20:27:39 GMT
Date: Fri, 11 Nov 2022 18:41:22 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fad1abae5-6437-44bf-8428-756b825e5be6.jpeg
34.120.237.76200 OK 8.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fad1abae5-6437-44bf-8428-756b825e5be6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 88c9931a009690991e73c5b37a1aa085
815a4a1eb8c8e2a138fb3d65ba777b0c18fa15d0
74e70391889e4b46742033b1d5daccfec415ba2ee999e429d1013fd4a1ebc61a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fad1abae5-6437-44bf-8428-756b825e5be6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8294
x-amzn-requestid: 5dab4522-fca9-4ada-ad6f-3305c9686315
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bZ4u3H7PoAMF02g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636d6e5e-756c150c40fe6fff3ae7a609;Sampled=0
x-amzn-remapped-date: Thu, 10 Nov 2022 21:34:22 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: FXIS1Gr_-3RUm6WPZCVcjaefD3hehHV-IwO-ieFeUqeoPAE7vajlsg==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 cd858042f70b416ca05e042acf3908a4.cloudfront.net (CloudFront), 1.1 google
date: Thu, 10 Nov 2022 21:46:51 GMT
etag: "815a4a1eb8c8e2a138fb3d65ba777b0c18fa15d0"
content-type: image/jpeg
age: 75271
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6f7d2f5-4807-4bbd-a3db-7a239962aca5.jpeg
34.120.237.76200 OK 5.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6f7d2f5-4807-4bbd-a3db-7a239962aca5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 85c6f450b38f41a2fb924d6d9a9cbff8
691f59b65ca9fde4f59bbf96b37071e07351f190
c8f877488a2cf65f0d9829384fd4113847722a1b4df94b6b1d5788699689722c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6f7d2f5-4807-4bbd-a3db-7a239962aca5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5583
x-amzn-requestid: e844f42a-e87e-4e61-8c97-137c07c5ae28
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bNeQ9Ho7IAMF5_g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63687739-62c44d2f7d23632e74895bd8;Sampled=0
x-amzn-remapped-date: Mon, 07 Nov 2022 03:10:49 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: uHlIN1IVGCFUVl5lx5pFSux0YncseT2HQjiwFDL9eaEaBa9CdnCl8g==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 0d4ebcaa87ba94709def0eaac9371e5a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 11 Nov 2022 04:18:29 GMT
age: 51773
etag: "691f59b65ca9fde4f59bbf96b37071e07351f190"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1c9847f2-3b5e-4950-9792-a512af36da58.jpeg
34.120.237.76200 OK 6.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1c9847f2-3b5e-4950-9792-a512af36da58.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f29164fb4dd64d9ce60566fbebd40f0a
96de8f2627e1103c5e6beb5d64cdbc09f97fce82
8eba6095edfed1ee1402c050727f81b8a9942625fd1c9cbb3bac4e51ee178577
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1c9847f2-3b5e-4950-9792-a512af36da58.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6517
x-amzn-requestid: 7884aa37-c94f-49d4-b6a4-c6bd66026d2c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: apxD3EeYIAMFYAA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-635a2ee5-337e8e0949f5020713fcab58;Sampled=0
x-amzn-remapped-date: Thu, 27 Oct 2022 07:10:29 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: kXRfJbLr7ErTvJIW0rjpcqxHA0zvN6XOPrszlIzXBgaJkJGWzkoyGw==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 2324edbcb8fc72f617442c65f36a40fc.cloudfront.net (CloudFront), 1.1 google
date: Thu, 10 Nov 2022 22:00:02 GMT
age: 74480
etag: "96de8f2627e1103c5e6beb5d64cdbc09f97fce82"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F50b47142-be82-4ddc-85e8-45dc7102abe9.jpeg
34.120.237.76200 OK 6.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F50b47142-be82-4ddc-85e8-45dc7102abe9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 90a78b0f806c0c5ef5e7128cc37b2edf
7339ad7b4f37cc37cb712207a7b3a5ac9355d9dc
770a2247a0f8d6b44c61cecc8a11e9882e4dd39269e181eef52cf6816407022b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F50b47142-be82-4ddc-85e8-45dc7102abe9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6696
x-amzn-requestid: 19f91da1-beeb-400a-b4c0-059851ca839f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bNeQ_F3doAMFr6A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63687739-2ef73e121ff2c3cf0e95b450;Sampled=0
x-amzn-remapped-date: Mon, 07 Nov 2022 03:10:49 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: GgmLFeCzBEuR8gcEDGr8nBYW4xUUkIKZi0m8_TZ5quDeLmkROXm2_g==
via: 1.1 27f6faf9790b5a2877fb528fa31f7922.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 11 Nov 2022 07:45:28 GMT
age: 39354
etag: "7339ad7b4f37cc37cb712207a7b3a5ac9355d9dc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3e7dc40a-e47f-44b5-b3b4-87b10cd8669d.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3e7dc40a-e47f-44b5-b3b4-87b10cd8669d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e72f32944d6f03e005f7b6f3e87d8c72
5fe340bf33ac219f6a3d44810f31d0a8796c83a9
bcdcba30210d276996d0fe749bbfc69d666ae11ddfbfdb57307e4bb4d6e43d1f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3e7dc40a-e47f-44b5-b3b4-87b10cd8669d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10671
x-amzn-requestid: 1b6053eb-64ac-4c24-a750-c1b8cd69157f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bJEh8GxPoAMFhPA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6366b472-56c6a3bc07ec89ab56d4f3bd;Sampled=0
x-amzn-remapped-date: Sat, 05 Nov 2022 19:07:30 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: qJeWGvC4DM_d3k66OHN2V19elou-xoSNkep1BNalBO0NtKyQtAFzNQ==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 001e7070d795018d01b93988b9723742.cloudfront.net (CloudFront), 1.1 google
date: Fri, 11 Nov 2022 03:31:46 GMT
age: 54576
etag: "5fe340bf33ac219f6a3d44810f31d0a8796c83a9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe4094512-9a5a-47aa-9796-9f630fb1c13f.jpeg
34.120.237.76200 OK 8.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe4094512-9a5a-47aa-9796-9f630fb1c13f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 13f7b6eea163326da8c58ae5c09efccd
e0d1ebb35a16c686eae3d31eb85ac72278459b05
13f2f428acb7806808d957a8167ab2c139a5d0f59798671465717f2b39b914a9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe4094512-9a5a-47aa-9796-9f630fb1c13f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8581
x-amzn-requestid: 385174fe-153f-448f-be5e-9ea3b5757ff9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bZ4u1EYOIAMFncA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636d6e5e-6084a34f58df22037275e676;Sampled=0
x-amzn-remapped-date: Thu, 10 Nov 2022 21:34:22 GMT
x-amz-cf-pop: YVR50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: MhIq0Vdxah99pPo_O7gkhrq9Nekkxld2lv0955wr0yJzcP3g6LAH8g==
via: 1.1 dfc972676b24a6d23251d4f298dfa08c.cloudfront.net (CloudFront), 1.1 b36bf2c460ac693ce304817aed073112.cloudfront.net (CloudFront), 1.1 google
date: Thu, 10 Nov 2022 21:46:56 GMT
age: 75266
etag: "e0d1ebb35a16c686eae3d31eb85ac72278459b05"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
policityseriod.info/Z3NFbjM8UXJdBFRBc0wfRVFpTFEFQyYLCgQVaF4GARJoWlBTRmhXC1FCaFgEAUpxDwRSEHQIUEVfZ1sBAxJ3D1VSXn0PUFJecVYFV14kCwZSXn1aBVAVI18EUBB9DBFLUTYZEUtRNQFfDhAsGkoUFjcHXANdLABVCFFpTAZJQWcz
103.224.212.220302 Found 0 B URL HTTP/1.1 policityseriod.info/Z3NFbjM8UXJdBFRBc0wfRVFpTFEFQyYLCgQVaF4GARJoWlBTRmhXC1FCaFgEAUpxDwRSEHQIUEVfZ1sBAxJ3D1VSXn0PUFJecVYFV14kCwZSXn1aBVAVI18EUBB9DBFLUTYZEUtRNQFfDhAsGkoUFjcHXANdLABVCFFpTAZJQWcz
IP 103.224.212.220:0
ASN #133618 Trellian Pty. Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
GET /Z3NFbjM8UXJdBFRBc0wfRVFpTFEFQyYLCgQVaF4GARJoWlBTRmhXC1FCaFgEAUpxDwRSEHQIUEVfZ1sBAxJ3D1VSXn0PUFJecVYFV14kCwZSXn1aBVAVI18EUBB9DBFLUTYZEUtRNQFfDhAsGkoUFjcHXANdLABVCFFpTAZJQWcz HTTP/1.1
Host: policityseriod.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Date: Fri, 11 Nov 2022 18:41:22 GMT
Server: Apache/2.4.38 (Debian)
Set-Cookie: __tad=1668192082.4036622; expires=Mon, 08-Nov-2032 18:41:22 GMT; Max-Age=315360000
Location: http://ww25.policityseriod.info/Z3NFbjM8UXJdBFRBc0wfRVFpTFEFQyYLCgQVaF4GARJoWlBTRmhXC1FCaFgEAUpxDwRSEHQIUEVfZ1sBAxJ3D1VSXn0PUFJecVYFV14kCwZSXn1aBVAVI18EUBB9DBFLUTYZEUtRNQFfDhAsGkoUFjcHXANdLABVCFFpTAZJQWcz?subid1=20221112-0541-22dd-abb4-f02cc2aa107c
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8
policityseriod.info/
103.224.212.220302 Found 0 B IP 103.224.212.220:0
ASN #133618 Trellian Pty. Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
POST / HTTP/1.1
Host: policityseriod.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 390
Origin: https://bayfiles.com
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Date: Fri, 11 Nov 2022 18:41:22 GMT
Server: Apache/2.4.38 (Debian)
Set-Cookie: __tad=1668192082.2485211; expires=Mon, 08-Nov-2032 18:41:22 GMT; Max-Age=315360000
Location: http://ww25.policityseriod.info/?subid1=20221112-0541-2235-901a-f651f860d3a3
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8
policityseriod.info/
103.224.212.220302 Found 0 B IP 103.224.212.220:0
ASN #133618 Trellian Pty. Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
POST / HTTP/1.1
Host: policityseriod.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bayfiles.com/
Content-Type: text/plain;charset=UTF-8
Origin: https://bayfiles.com
Content-Length: 358
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Date: Fri, 11 Nov 2022 18:41:23 GMT
Server: Apache/2.4.38 (Debian)
Set-Cookie: __tad=1668192083.4712038; expires=Mon, 08-Nov-2032 18:41:23 GMT; Max-Age=315360000
Location: http://ww25.policityseriod.info/?subid1=20221112-0541-23c0-ba46-0d878c4dc82b
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8
policityseriod.info/
103.224.212.220302 Found 0 B IP 103.224.212.220:0
ASN #133618 Trellian Pty. Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
POST / HTTP/1.1
Host: policityseriod.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 778
Origin: https://bayfiles.com
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Date: Fri, 11 Nov 2022 18:41:23 GMT
Server: Apache/2.4.38 (Debian)
Set-Cookie: __tad=1668192083.6544983; expires=Mon, 08-Nov-2032 18:41:23 GMT; Max-Age=315360000
Location: http://ww25.policityseriod.info/?subid1=20221112-0541-23c4-9fed-3008c1fd4caa
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8
policityseriod.info/
103.224.212.220302 Found 0 B IP 103.224.212.220:0
ASN #133618 Trellian Pty. Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
POST / HTTP/1.1
Host: policityseriod.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bayfiles.com/
Content-Type: text/plain;charset=UTF-8
Origin: https://bayfiles.com
Content-Length: 352
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Date: Fri, 11 Nov 2022 18:41:23 GMT
Server: Apache/2.4.38 (Debian)
Set-Cookie: __tad=1668192083.8485442; expires=Mon, 08-Nov-2032 18:41:23 GMT; Max-Age=315360000
Location: http://ww25.policityseriod.info/?subid1=20221112-0541-236a-b20f-f130063f8b03
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8
policityseriod.info/
103.224.212.220302 Found 0 B IP 103.224.212.220:0
ASN #133618 Trellian Pty. Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
POST / HTTP/1.1
Host: policityseriod.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 780
Origin: https://bayfiles.com
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Date: Fri, 11 Nov 2022 18:41:23 GMT
Server: Apache/2.4.38 (Debian)
Set-Cookie: __tad=1668192083.6971036; expires=Mon, 08-Nov-2032 18:41:23 GMT; Max-Age=315360000
Location: http://ww25.policityseriod.info/?subid1=20221112-0541-23cf-9d12-f5272693149e
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8
policityseriod.info/
103.224.212.220302 Found 0 B IP 103.224.212.220:0
ASN #133618 Trellian Pty. Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
POST / HTTP/1.1
Host: policityseriod.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 397
Origin: https://bayfiles.com
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Date: Fri, 11 Nov 2022 18:41:23 GMT
Server: Apache/2.4.38 (Debian)
Set-Cookie: __tad=1668192083.4853860; expires=Mon, 08-Nov-2032 18:41:23 GMT; Max-Age=315360000
Location: http://ww25.policityseriod.info/?subid1=20221112-0541-2344-9f2a-f537c6ef0e32
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8
policityseriod.info/
103.224.212.220302 Found 0 B IP 103.224.212.220:0
ASN #133618 Trellian Pty. Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
POST / HTTP/1.1
Host: policityseriod.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 394
Origin: https://bayfiles.com
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Date: Fri, 11 Nov 2022 18:41:23 GMT
Server: Apache/2.4.38 (Debian)
Set-Cookie: __tad=1668192083.7291143; expires=Mon, 08-Nov-2032 18:41:23 GMT; Max-Age=315360000
Location: http://ww25.policityseriod.info/?subid1=20221112-0541-2318-b3d4-0c7d882c9377
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8
policityseriod.info/
103.224.212.220302 Found 0 B IP 103.224.212.220:0
ASN #133618 Trellian Pty. Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
POST / HTTP/1.1
Host: policityseriod.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bayfiles.com/
Content-Type: text/plain;charset=UTF-8
Origin: https://bayfiles.com
Content-Length: 353
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Date: Fri, 11 Nov 2022 18:41:23 GMT
Server: Apache/2.4.38 (Debian)
Set-Cookie: __tad=1668192083.5086050; expires=Mon, 08-Nov-2032 18:41:23 GMT; Max-Age=315360000
Location: http://ww25.policityseriod.info/?subid1=20221112-0541-2352-983a-e2c80249a3e7
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8
pogothere.xyz/asd100.bin
172.64.106.19200 OK 0 B IP 172.64.106.19:0
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bayfiles.com/
Origin: https://bayfiles.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 11 Nov 2022 18:41:21 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://bayfiles.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 6257
last-modified: Fri, 11 Nov 2022 16:57:04 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1w7zS8EVP%2Bk2PYjkC5NAZqGQITlFtXvGkLpsUecGZcR43R3vePhGfkQogCNHUR4k1mlK%2BW%2FDiVOK8QwdmN9Bgs5mUp2im2srAS6%2B07WCOx4ZACgXAeGXoXU00soinlR%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7689295f4a13772c-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
31.13.72.36200 OK 0 B URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP 31.13.72.36:0
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: dh2JzIuqApQ8ET/cnhl2lYTjewplOzTbGnR4dHmokU67lw3fUFzlAF1AnjxV+LCq5eJ4YJozDeM7NH1zahfYOA==
date: Fri, 11 Nov 2022 18:41:21 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.106.19200 OK 0 B IP 172.64.106.19:0
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bayfiles.com/
Origin: https://bayfiles.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 11 Nov 2022 18:41:21 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://bayfiles.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 6257
last-modified: Fri, 11 Nov 2022 16:57:04 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OY9CdF0uSgjlK2TYMPtw2sKKhDCMBVtpUbH4zAHpp%2FCDO9DKqcwJ4UErj7lDl00vIs4E9NahMAyL%2FoZd2fvjH6vUt9UYLauZIk9udBV0myEBKb1%2BGq5hUbxeyUaYB8rQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7689295f4a12772c-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?dsh=S-2112939984%3A1668192081791908&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAvk4-3G1GalzgxOQwjEHOjdaJlhY6_t-OqMug0rgUjhAm6uba5mrWLT946Y1XpkCuYHlYVaZg
216.58.207.237403 Forbidden 0 B URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S-2112939984%3A1668192081791908&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAvk4-3G1GalzgxOQwjEHOjdaJlhY6_t-OqMug0rgUjhAm6uba5mrWLT946Y1XpkCuYHlYVaZg
IP 216.58.207.237:0
GET /v3/signin/identifier?dsh=S-2112939984%3A1668192081791908&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAvk4-3G1GalzgxOQwjEHOjdaJlhY6_t-OqMug0rgUjhAm6uba5mrWLT946Y1XpkCuYHlYVaZg HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bayfiles.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 11 Nov 2022 18:41:21 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi/external"}]}
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-3lSya2bSw-IX7-5wOm7oyA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
pogothere.xyz/
172.64.106.19200 OK 0 B IP 172.64.106.19:0
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bayfiles.com/
Origin: https://bayfiles.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 11 Nov 2022 18:41:21 GMT
content-type: text/plain
set-cookie: csu=2072703643868237@1@1668192081; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://bayfiles.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2zonmKU2RAOnIP8iQCjHJ6PXwKBRE%2Fh0fT4BIoAnwv%2FTKIGQC0FRk71Er%2Fi88zd%2BSwkLXixWbVWjrZItj9VQV0qUgh3treSCJ%2F5fI6sTgdH4t3iLJH45bZOIbQkhV5pm"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7689295f4a10772c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2