bayfiles.com/Je94v6K7ya/Antler_v3.0_HTML_rar
45.154.253.151301 Moved Permanently 162 B URL HTTP/1.1 bayfiles.com/Je94v6K7ya/Antler_v3.0_HTML_rar
IP 45.154.253.151:0
ASN #41634 Svea Hosting AB
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /Je94v6K7ya/Antler_v3.0_HTML_rar HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Fri, 27 Jan 2023 18:36:14 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://bayfiles.com/Je94v6K7ya/Antler_v3.0_HTML_rar
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 9fbe85f42e8ae8ae41cc12df5f98b141
949fa36ff0f22f72565fd584bef094dd4de23037
184d3e4df4bce559b4d7c4836372f5fd2de9782a96b04d364230b7d695d737d8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "184D3E4DF4BCE559B4D7C4836372F5FD2DE9782A96B04D364230B7D695D737D8"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9289
Expires: Fri, 27 Jan 2023 21:11:03 GMT
Date: Fri, 27 Jan 2023 18:36:14 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 2405562765b49b2782ebd2e2994851d5
be7ac8e558f7875bb1fb86ab5ec674424a5ff269
422cfa907461cb7b93b9089d600052f9e94951e5e0c93d97651905002e48ad3e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "422CFA907461CB7B93B9089D600052F9E94951E5E0C93D97651905002E48AD3E"
Last-Modified: Thu, 26 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4367
Expires: Fri, 27 Jan 2023 19:49:01 GMT
Date: Fri, 27 Jan 2023 18:36:14 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash dcd75ca6daca51c5e39d431468511793
07f76d3bf23d65c9110d810fa71a994e39e085d3
73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Backoff, Content-Length, Alert, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 27 Jan 2023 17:42:59 GMT
content-type: application/json
age: 3195
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 69f73ac59327cd9ad7d99816ccfcc03e
c54844f82dbee0d5ee4c8ce344eb0139373e6c6b
e81c685b2d8f0e31b89e5cfc911a2c5a99a556646830ac5a8468d991b5e871a3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E81C685B2D8F0E31B89E5CFC911A2C5A99A556646830AC5A8468D991B5E871A3"
Last-Modified: Thu, 26 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7424
Expires: Fri, 27 Jan 2023 20:39:58 GMT
Date: Fri, 27 Jan 2023 18:36:14 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: PnXbGeavD4/Dz7OfTXu3e3Fbs7KvS3/+mNLVWUrxpNnsOa+vwjC1tSxRarnobhVu0kdWeuZKyk82LkVVgE7oKA==
x-amz-request-id: 37RM3RVY1GG975SM
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 27 Jan 2023 17:49:30 GMT
age: 2804
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 27 Jan 2023 18:36:14 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash f05bfc4033d7e70010829f195109089e
f2240ad290d0d14a2ad79bb3f791beb72c27b61d
2c78df9d8dbb9bad1fa1eae98b65f4a80f1f77e1416c3eb37ccbd340210134dd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2C78DF9D8DBB9BAD1FA1EAE98B65F4A80F1F77E1416C3EB37CCBD340210134DD"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14667
Expires: Fri, 27 Jan 2023 22:40:41 GMT
Date: Fri, 27 Jan 2023 18:36:14 GMT
Connection: keep-alive
bayfiles.com/Je94v6K7ya/Antler_v3.0_HTML_rar
45.154.253.150200 OK 2.8 kB URL HTTP/1.1 bayfiles.com/Je94v6K7ya/Antler_v3.0_HTML_rar
IP 45.154.253.150:0
ASN #41634 Svea Hosting AB
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (610)
Hash 4fe1de503fad835c730b0785accb11c3
70b4135a576b3ca372f9c71b65406f6a6c810d66
ee0ec71d18f79cae38da0c8d05e54b87c590b2c931e905bbeee54efb2c77091d
GET /Je94v6K7ya/Antler_v3.0_HTML_rar HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 27 Jan 2023 18:36:14 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
x-vdc: Yes
cache-control: public, max-age=60
x-oe: Y
x-oh: 1
Content-Encoding: gzip
bayfiles.com/css/bayfiles.css?1668606177
45.154.253.150200 OK 25 kB URL HTTP/1.1 bayfiles.com/css/bayfiles.css?1668606177
IP 45.154.253.150:0
ASN #41634 Svea Hosting AB
File type ASCII text, with very long lines (65452)
Hash 896df88019eabed295bc78a2f053ab92
1bca351d99600fb10583eb28c638dd58482535a0
b1555a31747d1f471ea748a1363cf9c588d66dd15dcf42cf7fa0b2911d0424d0
GET /css/bayfiles.css?1668606177 HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/Je94v6K7ya/Antler_v3.0_HTML_rar
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 27 Jan 2023 18:36:14 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
cache-control: public, max-age=3600
x-oe: Y
x-oh: 833
Content-Encoding: gzip
bayfiles.com/js/app.js?1668606177
45.154.253.150200 OK 58 kB URL HTTP/1.1 bayfiles.com/js/app.js?1668606177
IP 45.154.253.150:0
ASN #41634 Svea Hosting AB
File type ASCII text, with very long lines (63238)
Hash ba67ff13fd07739a7037fbc27b2a1955
3e253f69b2f12659c541de122c6bce0ed82ba369
1cb363c41be4b3558b7b97b28bb7620cf532033c8a7a0035020831c104aaf818
GET /js/app.js?1668606177 HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/Je94v6K7ya/Antler_v3.0_HTML_rar
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 27 Jan 2023 18:36:14 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
cache-control: public, max-age=3600
x-oe: Y
x-oh: 484
Content-Encoding: gzip
vjs.zencdn.net/7.3.0/video-js.min.css
151.101.2.217200 OK 9.7 kB URL HTTP/2 vjs.zencdn.net/7.3.0/video-js.min.css
IP 151.101.2.217:0
File type ASCII text, with very long lines (35998), with no line terminators
Hash 3397ce943db8add2728dccd9a3b8b8bc
a57bbb7546a458fe57d72d06baab950125260cc9
5779043d07e39f23d64752c34c3113055eaaadf57fcd02f366cb028485e626ba
GET /7.3.0/video-js.min.css HTTP/1.1
Host: vjs.zencdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Fri, 26 Oct 2018 18:06:27 GMT
etag: "895e6b29db41953ef6197815c6be59d3"
cache-control: public, max-age=31536000
content-type: text/css; charset=utf-8
content-encoding: gzip
date: Fri, 27 Jan 2023 18:36:14 GMT
x-served-by: cache-bma1661-BMA
x-cache: HIT
x-cache-hits: 14242
vary: Accept-Encoding
access-control-allow-origin: *
timing-allow-origin: *
content-length: 9673
X-Firefox-Spdy: h2
bayfiles.com/img/flags/24/kr.png
45.154.253.150200 OK 988 B URL HTTP/1.1 bayfiles.com/img/flags/24/kr.png
IP 45.154.253.150:0
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash cb22f00511d088a71e84f8c1c864caed
6599812ed106bda6017487287e12bc836570649f
09a03e08c73db3d8fb50241f004b69d673ec8ea90a6ca7252d66ce821d0b6db1
GET /img/flags/24/kr.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/Je94v6K7ya/Antler_v3.0_HTML_rar
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 27 Jan 2023 18:36:14 GMT
Content-Type: image/png
Content-Length: 988
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 432
accept-ranges: bytes
bayfiles.com/img/flags/24/fr.png
45.154.253.150200 OK 536 B URL HTTP/1.1 bayfiles.com/img/flags/24/fr.png
IP 45.154.253.150:0
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash e81efecf1a1b1d3a17d00a904c5cc3c9
1203894dbfc8363302dc709d852c05a4dd8bf9dc
54df4beda3ad05d5c621511ff15b2882588ff457e36132035d5f21fb29f2a750
GET /img/flags/24/fr.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/Je94v6K7ya/Antler_v3.0_HTML_rar
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 27 Jan 2023 18:36:14 GMT
Content-Type: image/png
Content-Length: 536
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 733
accept-ranges: bytes
bayfiles.com/img/flags/24/br.png
45.154.253.150200 OK 1.1 kB URL HTTP/1.1 bayfiles.com/img/flags/24/br.png
IP 45.154.253.150:0
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash 6a5938d2e7f7d6f4026d6eb1b4b4f2cd
7a038177fe4deec455d61d3e9c90019fa4727d40
0ab6c46e677fa7e49b6344fcde39c06ff6c014d9163571cdb36f8b5fc59c17eb
GET /img/flags/24/br.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/Je94v6K7ya/Antler_v3.0_HTML_rar
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 27 Jan 2023 18:36:14 GMT
Content-Type: image/png
Content-Length: 1115
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 610
accept-ranges: bytes
vjs.zencdn.net/7.3.0/video.min.js
151.101.2.217200 OK 132 kB URL HTTP/2 vjs.zencdn.net/7.3.0/video.min.js
IP 151.101.2.217:0
File type Unicode text, UTF-8 text, with very long lines (65141)
Size 132 kB (132230 bytes)
Hash e296d874aca2a1550b409394be51efaa
c184c030e9aab3d03de27bc588919e249d5ccdf7
401c15b7916797f936e9d8443945ef22e0f93305655c057a92c8d9b80c327c9f
GET /7.3.0/video.min.js HTTP/1.1
Host: vjs.zencdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Fri, 26 Oct 2018 18:06:27 GMT
etag: "057f19acd50fc7e3ad917dd600889ee5"
cache-control: public, max-age=31536000
content-type: application/javascript; charset=utf-8
content-encoding: gzip
date: Fri, 27 Jan 2023 18:36:14 GMT
x-served-by: cache-bma1661-BMA
x-cache: HIT
x-cache-hits: 1
vary: Accept-Encoding
access-control-allow-origin: *
timing-allow-origin: *
content-length: 132230
X-Firefox-Spdy: h2
bayfiles.com/img/flags/24/de.png
45.154.253.150200 OK 483 B URL HTTP/1.1 bayfiles.com/img/flags/24/de.png
IP 45.154.253.150:0
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash 9f8cc07c258bcd2de0c7900861e20ffc
fed97219e44693d4f3918fc4037b325732225d81
07cd5a4cad20604f77dced9c7d8a92ca9ae3321718e5a1935296e4d75f921a19
GET /img/flags/24/de.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/Je94v6K7ya/Antler_v3.0_HTML_rar
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 27 Jan 2023 18:36:14 GMT
Content-Type: image/png
Content-Length: 483
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 614
accept-ranges: bytes
bayfiles.com/img/flags/24/dk.png
45.154.253.150200 OK 537 B URL HTTP/1.1 bayfiles.com/img/flags/24/dk.png
IP 45.154.253.150:0
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash b6ebe55a7d176720cd2b1003298187a8
930858408b9af1f79c430bbe15c185db555a7815
07575cf7a8d7d2b8edfbea80f8e8a228ecc56a03a567bc60c0ef4dc6ac0f328a
GET /img/flags/24/dk.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/Je94v6K7ya/Antler_v3.0_HTML_rar
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 27 Jan 2023 18:36:15 GMT
Content-Type: image/png
Content-Length: 537
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 618
accept-ranges: bytes
bayfiles.com/img/flags/24/us.png
45.154.253.150200 OK 656 B URL HTTP/1.1 bayfiles.com/img/flags/24/us.png
IP 45.154.253.150:0
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash ae506a6c014bfeb8d8cbfdfbe94c14c9
f4e74440c4e79e71959b9b8f799f2e8a7e15b7ee
bc6dd978e70894c8a0148e6806f4fde9566ee59349adb03c02a61a3b2e25b6f1
GET /img/flags/24/us.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/Je94v6K7ya/Antler_v3.0_HTML_rar
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 27 Jan 2023 18:36:15 GMT
Content-Type: image/png
Content-Length: 656
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 567
accept-ranges: bytes
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Last-Modified, ETag, Expires, Backoff, Content-Length, Cache-Control, Alert, Retry-After, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 27 Jan 2023 17:41:40 GMT
age: 3275
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
djv99sxoqpv11.cloudfront.net/?xsvjd=737333
54.230.245.107200 OK 98 kB URL HTTP/2 djv99sxoqpv11.cloudfront.net/?xsvjd=737333
IP 54.230.245.107:0
File type Unicode text, UTF-8 text, with very long lines (15948)
Hash 7abf616654b3812f7f7b1cb16275100e
80e4ab7401efbf6e648532061019a0842a66697d
4858b1dc7a80bb60123124543661febbf275f507d304635cb6f4d9f45c7854d3
GET /?xsvjd=737333 HTTP/1.1
Host: djv99sxoqpv11.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 98161
date: Fri, 27 Jan 2023 18:36:15 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Miss from cloudfront
via: 1.1 ee04daa979e7a02cc5ca472521bc18a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: _sGQBAdtGq1kshEYaGVrcCQPBX-SuKh2hPbrvsUJT9Z_J_1xQErn4Q==
X-Firefox-Spdy: h2
bayfiles.com/img/flags/24/es.png
45.154.253.150200 OK 666 B URL HTTP/1.1 bayfiles.com/img/flags/24/es.png
IP 45.154.253.150:0
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash 5fa381a8eb16d9e673d32980e7fd1710
fc29fbbebe97109ef1d16a0d4a65637d6b725ac8
7b6f223153c8eda1b541326f9cd66aeb53a28801c58c4de751fd2f9f6f1d96ff
GET /img/flags/24/es.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/Je94v6K7ya/Antler_v3.0_HTML_rar
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 27 Jan 2023 18:36:15 GMT
Content-Type: image/png
Content-Length: 666
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 721
accept-ranges: bytes
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 16a7b6a7128312e2f985d30df18c4487
6017bff79ffb525d9c7f9f32b999b74b5dc69602
663fd12209627f08e759c2ed1c76278a5da79dae1e0b46082dd1bb44775f7a16
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "663FD12209627F08E759C2ED1C76278A5DA79DAE1E0B46082DD1BB44775F7A16"
Last-Modified: Fri, 27 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3350
Expires: Fri, 27 Jan 2023 19:32:05 GMT
Date: Fri, 27 Jan 2023 18:36:15 GMT
Connection: keep-alive
ocsp.pki.goog/s/gts1p5/jrItU-VjrKU
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/jrItU-VjrKU
IP 142.250.74.131:0
Hash b5a426356e45a7ded61d0d5635b2e810
0fd493c1d6a7fe8764a1ed52333221a1682073ff
547d009d8dad85608fbacf98e2220f071bda2ec4bfe62cbf1d704690dd59c59c
POST /s/gts1p5/jrItU-VjrKU HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 18:36:15 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/s/gts1p5/jrItU-VjrKU
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/jrItU-VjrKU
IP 142.250.74.131:0
Hash b5a426356e45a7ded61d0d5635b2e810
0fd493c1d6a7fe8764a1ed52333221a1682073ff
547d009d8dad85608fbacf98e2220f071bda2ec4bfe62cbf1d704690dd59c59c
POST /s/gts1p5/jrItU-VjrKU HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 18:36:15 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/s/gts1p5/jrItU-VjrKU
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/jrItU-VjrKU
IP 142.250.74.131:0
Hash b5a426356e45a7ded61d0d5635b2e810
0fd493c1d6a7fe8764a1ed52333221a1682073ff
547d009d8dad85608fbacf98e2220f071bda2ec4bfe62cbf1d704690dd59c59c
POST /s/gts1p5/jrItU-VjrKU HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 18:36:15 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
bayfiles.com/img/flags/24/no.png
45.154.253.150200 OK 611 B URL HTTP/1.1 bayfiles.com/img/flags/24/no.png
IP 45.154.253.150:0
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash f14ac70aa6dd4d371671c0e6d7cba4e3
1139e3acd6e073bffb59157cbc10af72ed757218
9a4473862ea2b9bd1c5e1543900416e693b33516cae53fde32e1c3a83d3382e4
GET /img/flags/24/no.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/Je94v6K7ya/Antler_v3.0_HTML_rar
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 27 Jan 2023 18:36:15 GMT
Content-Type: image/png
Content-Length: 611
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 507
accept-ranges: bytes
foortowatch.xyz/aTRmQUEIVgUsfggJBGc0G1hbZHMvEVQHJQNCX3gyEVsXMTdYBUgiLQZBAiczBloSby8MQENzBxllVQMRCk4vJgkQcTAFFQpuLXF1L1cjJXk4dSAtBgNDBRkFJ3oqJjVfc1YMACpjNxsREAQPICk8EVQHIDhQLwtxWBFUBxc/AA8JKAF7IAIYDHgjdQUzZiMzBDgNVRcrGnA+EiknewElCSVDLzUALEdVAiwCczNydQ19Jy0jJUwRNBcOdSATFi9wIHIHKG4REyMlZjcmAyxyCxAvUVA0LBsqUlYIAgthJDAQIXYLEC9RcTE4cC5RVxgDKGIweBBZRFcTBkREJyIGM3cANgcsbg0MDjhTLHMZBw0HB3IvdS0DGzt/JHgwOGw0ORAhASIALyN1AC0YKFceGCwoYgUtCRNQMQAAP3YAcRgKV1cYdz1TK2crGlsIMXwITC4ZciZOMBsOC2U+Fw4
54.230.111.128200 OK 1.2 kB URL HTTP/2 foortowatch.xyz/aTRmQUEIVgUsfggJBGc0G1hbZHMvEVQHJQNCX3gyEVsXMTdYBUgiLQZBAiczBloSby8MQENzBxllVQMRCk4vJgkQcTAFFQpuLXF1L1cjJXk4dSAtBgNDBRkFJ3oqJjVfc1YMACpjNxsREAQPICk8EVQHIDhQLwtxWBFUBxc/AA8JKAF7IAIYDHgjdQUzZiMzBDgNVRcrGnA+EiknewElCSVDLzUALEdVAiwCczNydQ19Jy0jJUwRNBcOdSATFi9wIHIHKG4REyMlZjcmAyxyCxAvUVA0LBsqUlYIAgthJDAQIXYLEC9RcTE4cC5RVxgDKGIweBBZRFcTBkREJyIGM3cANgcsbg0MDjhTLHMZBw0HB3IvdS0DGzt/JHgwOGw0ORAhASIALyN1AC0YKFceGCwoYgUtCRNQMQAAP3YAcRgKV1cYdz1TK2crGlsIMXwITC4ZciZOMBsOC2U+Fw4
IP 54.230.111.128:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3048), with no line terminators
Hash 29008c7a51b40ae8def7e81498066e86
d0d9811f7a362182f3a016b846af9dc8e3549a9d
a5950661b6184e7da23914f6a716baf03c7bd93abe5c973fcb09594be52e0057
GET /aTRmQUEIVgUsfggJBGc0G1hbZHMvEVQHJQNCX3gyEVsXMTdYBUgiLQZBAiczBloSby8MQENzBxllVQMRCk4vJgkQcTAFFQpuLXF1L1cjJXk4dSAtBgNDBRkFJ3oqJjVfc1YMACpjNxsREAQPICk8EVQHIDhQLwtxWBFUBxc/AA8JKAF7IAIYDHgjdQUzZiMzBDgNVRcrGnA+EiknewElCSVDLzUALEdVAiwCczNydQ19Jy0jJUwRNBcOdSATFi9wIHIHKG4REyMlZjcmAyxyCxAvUVA0LBsqUlYIAgthJDAQIXYLEC9RcTE4cC5RVxgDKGIweBBZRFcTBkREJyIGM3cANgcsbg0MDjhTLHMZBw0HB3IvdS0DGzt/JHgwOGw0ORAhASIALyN1AC0YKFceGCwoYgUtCRNQMQAAP3YAcRgKV1cYdz1TK2crGlsIMXwITC4ZciZOMBsOC2U+Fw4 HTTP/1.1
Host: foortowatch.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1198
date: Fri, 27 Jan 2023 18:36:15 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 d9fb4c3794a085bb4ee2c5798c2cb1b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: A4Tn8CRxmkzI7aVF8oMyYOiR41zgTT1p3sVbCHyfgMzBCdWFW54SCg==
X-Firefox-Spdy: h2
foortowatch.xyz/NE1jMXZVLwBcSVVwARcDRiFeFERyaFF3El47WggFTCISQQAFfE1SGls4B1cEWyMXHxhROUYDMEwfUl0EUQsAWjhTGAZQMnk6JwEgUy4OCC9gfyVZO0wqO34iUCYrWQFnDglSHXc3EHU1ZxwTcyV6aFF3PkMEGVQbWAMldS9EHQ9rE3kkCAcgXyEbexwEBzFmOFwBMUIuZAUMQj5DfVR/IkcUImI7DSsbBSxVJAwDM2YIVHoMXAIwWTBNKVJFEm4VB0k+dghWeAxtLiACPAUsMmQ7VyM1QSFfJVZVRUwULF88BSwxRiR7FSVFIl8+NWgbQC8idjBOKyUcEQIuDWcGcxxWSBJ2JQJiMX49AmQ8UBc7UlMGDydZBQwGK0ksZCA1AhdyOSprGFAiN1oGWgQ3cCx8GSZeP2F4KHQubj07XSxaFDBJIWccRVsFWyMTDANQCC5fOUchJ2E5ZR8H
54.230.111.128200 OK 1.2 kB URL HTTP/2 foortowatch.xyz/NE1jMXZVLwBcSVVwARcDRiFeFERyaFF3El47WggFTCISQQAFfE1SGls4B1cEWyMXHxhROUYDMEwfUl0EUQsAWjhTGAZQMnk6JwEgUy4OCC9gfyVZO0wqO34iUCYrWQFnDglSHXc3EHU1ZxwTcyV6aFF3PkMEGVQbWAMldS9EHQ9rE3kkCAcgXyEbexwEBzFmOFwBMUIuZAUMQj5DfVR/IkcUImI7DSsbBSxVJAwDM2YIVHoMXAIwWTBNKVJFEm4VB0k+dghWeAxtLiACPAUsMmQ7VyM1QSFfJVZVRUwULF88BSwxRiR7FSVFIl8+NWgbQC8idjBOKyUcEQIuDWcGcxxWSBJ2JQJiMX49AmQ8UBc7UlMGDydZBQwGK0ksZCA1AhdyOSprGFAiN1oGWgQ3cCx8GSZeP2F4KHQubj07XSxaFDBJIWccRVsFWyMTDANQCC5fOUchJ2E5ZR8H
IP 54.230.111.128:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3046), with no line terminators
Hash 36dc0e8fed59dd2c014347219512ae19
12fdedd87d46b762ee29ad25904e9d3abab3a6cb
720a3ff2c27299b6bce5209d335597495fbf72de1b358999dc015f64a76512f5
GET /NE1jMXZVLwBcSVVwARcDRiFeFERyaFF3El47WggFTCISQQAFfE1SGls4B1cEWyMXHxhROUYDMEwfUl0EUQsAWjhTGAZQMnk6JwEgUy4OCC9gfyVZO0wqO34iUCYrWQFnDglSHXc3EHU1ZxwTcyV6aFF3PkMEGVQbWAMldS9EHQ9rE3kkCAcgXyEbexwEBzFmOFwBMUIuZAUMQj5DfVR/IkcUImI7DSsbBSxVJAwDM2YIVHoMXAIwWTBNKVJFEm4VB0k+dghWeAxtLiACPAUsMmQ7VyM1QSFfJVZVRUwULF88BSwxRiR7FSVFIl8+NWgbQC8idjBOKyUcEQIuDWcGcxxWSBJ2JQJiMX49AmQ8UBc7UlMGDydZBQwGK0ksZCA1AhdyOSprGFAiN1oGWgQ3cCx8GSZeP2F4KHQubj07XSxaFDBJIWccRVsFWyMTDANQCC5fOUchJ2E5ZR8H HTTP/1.1
Host: foortowatch.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1197
date: Fri, 27 Jan 2023 18:36:15 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 d9fb4c3794a085bb4ee2c5798c2cb1b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 55s-6I4LWKW2FsLsi9RwlXPnbQy_0p2GxdPj_f0DccAt3ZgS2MTbvA==
X-Firefox-Spdy: h2
foortowatch.xyz/MXViWE9QFwE1cFBIAH46QxlffX13UFAeK1sDW2E8SRoTKDkAREw7I14ABj49XhsWdiFUAUdqCVYsOgojZiEvGwhGBkdqCXU3NzwOZiQnDSR/IgM/FXk9CgF9aSckEgoDQCQWN14dJA0JaDgYGRxpRQEZB0tFLQ0ZeD8tHn92JjcVd2kkKBIZeUwxGh1rLAAKGmQzND9/aTcRPAxlIzEKCmgfABp+YyA0PD92DTs8DEtEAR4oVTQDLwJhNCcaPXBEIB0cAx41DSVrNAMvAmY9Myw5c0UwEAUCAiANHkkhAAoVYjsJGj1wDS8bHnYFGw0KYyQGLwF4IDR1K0EjIwkXdR87DxpLPzo5HnsnMB4dQTQJCghnIVs5CkkwJhYkRTAwMQFeNFMKLmctWx8XdCBEMjxeGxJlOQYDNDYLfQdbHxp6GQ
54.230.111.128200 OK 1.2 kB URL HTTP/2 foortowatch.xyz/MXViWE9QFwE1cFBIAH46QxlffX13UFAeK1sDW2E8SRoTKDkAREw7I14ABj49XhsWdiFUAUdqCVYsOgojZiEvGwhGBkdqCXU3NzwOZiQnDSR/IgM/FXk9CgF9aSckEgoDQCQWN14dJA0JaDgYGRxpRQEZB0tFLQ0ZeD8tHn92JjcVd2kkKBIZeUwxGh1rLAAKGmQzND9/aTcRPAxlIzEKCmgfABp+YyA0PD92DTs8DEtEAR4oVTQDLwJhNCcaPXBEIB0cAx41DSVrNAMvAmY9Myw5c0UwEAUCAiANHkkhAAoVYjsJGj1wDS8bHnYFGw0KYyQGLwF4IDR1K0EjIwkXdR87DxpLPzo5HnsnMB4dQTQJCghnIVs5CkkwJhYkRTAwMQFeNFMKLmctWx8XdCBEMjxeGxJlOQYDNDYLfQdbHxp6GQ
IP 54.230.111.128:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3022), with no line terminators
Hash 076325f802c8ed143e21271ed4f22ccd
628d04dee3aefcf5963336d359de876d27b9491f
bbc247c746c7b46067ec3952ebf8bbf5a29cca4b0f98ce880eec7d747bcbfc11
GET /MXViWE9QFwE1cFBIAH46QxlffX13UFAeK1sDW2E8SRoTKDkAREw7I14ABj49XhsWdiFUAUdqCVYsOgojZiEvGwhGBkdqCXU3NzwOZiQnDSR/IgM/FXk9CgF9aSckEgoDQCQWN14dJA0JaDgYGRxpRQEZB0tFLQ0ZeD8tHn92JjcVd2kkKBIZeUwxGh1rLAAKGmQzND9/aTcRPAxlIzEKCmgfABp+YyA0PD92DTs8DEtEAR4oVTQDLwJhNCcaPXBEIB0cAx41DSVrNAMvAmY9Myw5c0UwEAUCAiANHkkhAAoVYjsJGj1wDS8bHnYFGw0KYyQGLwF4IDR1K0EjIwkXdR87DxpLPzo5HnsnMB4dQTQJCghnIVs5CkkwJhYkRTAwMQFeNFMKLmctWx8XdCBEMjxeGxJlOQYDNDYLfQdbHxp6GQ HTTP/1.1
Host: foortowatch.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1176
date: Fri, 27 Jan 2023 18:36:15 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 d9fb4c3794a085bb4ee2c5798c2cb1b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: S7D5YmnLc0aZlVR22JsGnDDFywRQRG-Tzo0paSE9lUds4ssx2w2vVQ==
X-Firefox-Spdy: h2
selsattherean.xyz/VE5BMDN7cSJDDjB8KWl+Az4RaHQjCRkAYQUvEHZRBiItRXASA2dEWjBzdgMEZ31yFkM9KnwBFSc6IERGJ3NwFlo6KC4NFSJzcB4AYGByAR1maDQNAnI6MVFUaX9nQEcgInwBBWN6eQQHYXl0AABh
104.21.47.245204 No Content 0 B URL HTTP/2 selsattherean.xyz/VE5BMDN7cSJDDjB8KWl+Az4RaHQjCRkAYQUvEHZRBiItRXASA2dEWjBzdgMEZ31yFkM9KnwBFSc6IERGJ3NwFlo6KC4NFSJzcB4AYGByAR1maDQNAnI6MVFUaX9nQEcgInwBBWN6eQQHYXl0AABh
IP 104.21.47.245:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /VE5BMDN7cSJDDjB8KWl+Az4RaHQjCRkAYQUvEHZRBiItRXASA2dEWjBzdgMEZ31yFkM9KnwBFSc6IERGJ3NwFlo6KC4NFSJzcB4AYGByAR1maDQNAnI6MVFUaX9nQEcgInwBBWN6eQQHYXl0AABh HTTP/1.1
Host: selsattherean.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Fri, 27 Jan 2023 18:36:15 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Skqv77rieRIfgas%2BZxur1yuJ8YHkc8WkJ6pGtmSl43CZVcVzXu2nJBRn%2B6nyL2sfYk0ZO5soQK4T0riMcoG1rxcI3Tl4CHIYrNpNRncuEjZMMQDncs3PUSUQODKqOnxuK5nSYQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 790397c45bbfb503-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
selsattherean.xyz/WDJWbmJ3DTUdXwwBH18xNUZjPyMCBgE2OB5wOF8DPgIHJgcee3AaCzwPYV1VawFjSBIxVmtfWn5BIg8WLUFrX0QxXDABX35Ea19MaBxkQFB+R2tfRCxCNwlfaRQmGhY0D2dYVWwKYlpXbwdmW1Y
104.21.47.245204 No Content 0 B URL HTTP/2 selsattherean.xyz/WDJWbmJ3DTUdXwwBH18xNUZjPyMCBgE2OB5wOF8DPgIHJgcee3AaCzwPYV1VawFjSBIxVmtfWn5BIg8WLUFrX0QxXDABX35Ea19MaBxkQFB+R2tfRCxCNwlfaRQmGhY0D2dYVWwKYlpXbwdmW1Y
IP 104.21.47.245:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /WDJWbmJ3DTUdXwwBH18xNUZjPyMCBgE2OB5wOF8DPgIHJgcee3AaCzwPYV1VawFjSBIxVmtfWn5BIg8WLUFrX0QxXDABX35Ea19MaBxkQFB+R2tfRCxCNwlfaRQmGhY0D2dYVWwKYlpXbwdmW1Y HTTP/1.1
Host: selsattherean.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Fri, 27 Jan 2023 18:36:15 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nAk%2BHeE8VZE4Lc1ZilgHkKSfYNogGUajmtwMAgEgUTJ9nc9nK0VnnJy5fZhxLEMVBcMzgbKyJQjI7Ao%2B1i2uzky3Q%2B6dV%2Flg0l1msPGO3zp0Mv1xiCdLUsBCzQQjMzTpGLYyAg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 790397c46bcbb503-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
selsattherean.xyz/bFdtT1RDaA48aQg9Cn4NBjMpCyM2NS8abC0VOyAEPiAsCgEbY0s7PQhqWnpiX2BbaSQFM1B9bUokGS4gGSRQfnIFOQsgaUohUH56XHlbf3pdcRhyZUojHS4zUWZLPyAYO1B+YltjVXtgWWBYf2BZ
104.21.47.245204 No Content 0 B URL HTTP/2 selsattherean.xyz/bFdtT1RDaA48aQg9Cn4NBjMpCyM2NS8abC0VOyAEPiAsCgEbY0s7PQhqWnpiX2BbaSQFM1B9bUokGS4gGSRQfnIFOQsgaUohUH56XHlbf3pdcRhyZUojHS4zUWZLPyAYO1B+YltjVXtgWWBYf2BZ
IP 104.21.47.245:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /bFdtT1RDaA48aQg9Cn4NBjMpCyM2NS8abC0VOyAEPiAsCgEbY0s7PQhqWnpiX2BbaSQFM1B9bUokGS4gGSRQfnIFOQsgaUohUH56XHlbf3pdcRhyZUojHS4zUWZLPyAYO1B+YltjVXtgWWBYf2BZ HTTP/1.1
Host: selsattherean.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Fri, 27 Jan 2023 18:36:15 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c7VGxIZGZettgyhmjh5L4RTOxGw9X%2BVOQSzOmGgBT5%2BIP%2BAcy2Q2fAoCSEK3FDnQcWwEhUJQy5QNdpWTPC5V1%2FyKo3K2nzLLXGFbbiM65CJCZTwaBNMFLYKo%2BgfB4109sdV%2Fdg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 790397c46bc9b503-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bayfiles.com/img/flags/24/ru.png
45.154.253.150200 OK 403 B URL HTTP/1.1 bayfiles.com/img/flags/24/ru.png
IP 45.154.253.150:0
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash d8df89b036e6afb48f72d2440831bad0
04abb4b29dae9c6f1ac0f1d8a507aabe26a3be35
2db4b55326c0ef7cd3caf53e835ae1f38629da1d1c2f5a127e0785165b16078c
GET /img/flags/24/ru.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/Je94v6K7ya/Antler_v3.0_HTML_rar
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 27 Jan 2023 18:36:15 GMT
Content-Type: image/png
Content-Length: 403
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 521
accept-ranges: bytes
ocsp.pki.goog/s/gts1p5/jrItU-VjrKU
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/jrItU-VjrKU
IP 142.250.74.131:0
Hash b5a426356e45a7ded61d0d5635b2e810
0fd493c1d6a7fe8764a1ed52333221a1682073ff
547d009d8dad85608fbacf98e2220f071bda2ec4bfe62cbf1d704690dd59c59c
POST /s/gts1p5/jrItU-VjrKU HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 18:36:15 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
bayfiles.com/img/flags/24/se.png
45.154.253.150200 OK 581 B URL HTTP/1.1 bayfiles.com/img/flags/24/se.png
IP 45.154.253.150:0
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash c9b1e40987c4411b4a7d13c07a8843aa
cfce93be3ba77e4e30033d25e2e5c6a37da1b27d
8c04b3b52d605637bb4c6a26449c45e5320a3f33f14e8c737ce599433bc19f14
GET /img/flags/24/se.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/Je94v6K7ya/Antler_v3.0_HTML_rar
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 27 Jan 2023 18:36:15 GMT
Content-Type: image/png
Content-Length: 581
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 562
accept-ranges: bytes
djv99sxoqpv11.cloudfront.net/pQ3BPczIgHyEVDTcZK04FcEd8QAFlGjwcXDNNLgt6G0MACWQZPy0iahU/aQdIJ01/VV4iHihOFCYeLE4DZRErEQ93VjsDXShNOgdHLwItAEs3CmkGU34dIAlbLxwuVgAFRWFDF3FAZwRbLRQgBEFmQn8dRmZCf0ICbUBqQHBmQn8EWy1Ge1YBAVV9Q0p1RG-pAcGZCfwFEZkMOQgJ2Xn9aF3FAKBZRKB9qQXRxQH5DAnJAflYAcxYmAVclHzdWAAVBf0Ycc1Y6TgM
54.230.245.107200 OK 546 B URL HTTP/2 djv99sxoqpv11.cloudfront.net/pQ3BPczIgHyEVDTcZK04FcEd8QAFlGjwcXDNNLgt6G0MACWQZPy0iahU/aQdIJ01/VV4iHihOFCYeLE4DZRErEQ93VjsDXShNOgdHLwItAEs3CmkGU34dIAlbLxwuVgAFRWFDF3FAZwRbLRQgBEFmQn8dRmZCf0ICbUBqQHBmQn8EWy1Ge1YBAVV9Q0p1RG-pAcGZCfwFEZkMOQgJ2Xn9aF3FAKBZRKB9qQXRxQH5DAnJAflYAcxYmAVclHzdWAAVBf0Ycc1Y6TgM
IP 54.230.245.107:0
File type ASCII text, with very long lines (763), with no line terminators
Hash 30ce382d1e7c3dfabf9f9f41693494ad
61d7e7bdd7a5ca896ada630e0a19fe84fccdcbd3
1199df9c290ec7c03e4a6a5b5d1d12f68975ce681f9cfb4dfa992f222b04a08c
Analyzer Verdict Alert fortinet Malware
GET /pQ3BPczIgHyEVDTcZK04FcEd8QAFlGjwcXDNNLgt6G0MACWQZPy0iahU/aQdIJ01/VV4iHihOFCYeLE4DZRErEQ93VjsDXShNOgdHLwItAEs3CmkGU34dIAlbLxwuVgAFRWFDF3FAZwRbLRQgBEFmQn8dRmZCf0ICbUBqQHBmQn8EWy1Ge1YBAVV9Q0p1RG-pAcGZCfwFEZkMOQgJ2Xn9aF3FAKBZRKB9qQXRxQH5DAnJAflYAcxYmAVclHzdWAAVBf0Ycc1Y6TgM HTTP/1.1
Host: djv99sxoqpv11.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://foortowatch.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 546
date: Fri, 27 Jan 2023 18:36:15 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 ee04daa979e7a02cc5ca472521bc18a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: tjQk45J-owyq4hYDTOF-kpDjvREp5OQjwbE10_jMui-4Mp9eXOJteQ==
X-Firefox-Spdy: h2
push.services.mozilla.com/
52.40.68.141101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.40.68.141:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: IAxmZbj3voiN+0IayPJA+Q==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: mkMAOCYNGAIb646sPc8aO/PZ0cY=
bayfiles.com/static/logo.png
45.154.253.150200 OK 39 kB URL HTTP/1.1 bayfiles.com/static/logo.png
IP 45.154.253.150:0
ASN #41634 Svea Hosting AB
File type PNG image data, 292 x 251, 8-bit/color RGBA, non-interlaced\012- data
Hash d39dfc9566d5264e198224dc249dd6bb
67ec60e7df6257a32f41e45e6877dc65f036ef0f
0b959f7dd25865a8a0636b6bb81d523c07fb03f76905313b9b8d677ae294b25a
GET /static/logo.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/Je94v6K7ya/Antler_v3.0_HTML_rar
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 27 Jan 2023 18:36:15 GMT
Content-Type: image/png
Content-Length: 38607
Connection: keep-alive
last-modified: Fri, 16 Sep 2022 20:22:41 GMT
etag: "6324db11-96cf"
djv99sxoqpv11.cloudfront.net/gYXRlWTMCGws/DBUdAWQEUkNWagZHHhY2XRFJE25FNxohFUFYMzASX0cAHz0OUVIJOF0GSUM8XQJJVH9SBRZYbRUUFVg0XBsdCTVSREYjbB1RUVdpGxYdCz1cFgdAawMPAEBrA1BES2kWUjZAawMWHQtvB0RHJ3wBUQxTbRZSNkBrAxMCQGpyUERQdwNIUV-dpVAQXDjYWUzJXaQJRRFRpAkRGVT9aExEDNktERiNoA1RaVX9GXEU
54.230.245.107200 OK 189 B URL HTTP/2 djv99sxoqpv11.cloudfront.net/gYXRlWTMCGws/DBUdAWQEUkNWagZHHhY2XRFJE25FNxohFUFYMzASX0cAHz0OUVIJOF0GSUM8XQJJVH9SBRZYbRUUFVg0XBsdCTVSREYjbB1RUVdpGxYdCz1cFgdAawMPAEBrA1BES2kWUjZAawMWHQtvB0RHJ3wBUQxTbRZSNkBrAxMCQGpyUERQdwNIUV-dpVAQXDjYWUzJXaQJRRFRpAkRGVT9aExEDNktERiNoA1RaVX9GXEU
IP 54.230.245.107:0
File type ASCII text, with no line terminators
Hash ede4405c5d85eaa5d6d7722ca3c35ba4
23a3b37db03a6ad4693e875e77fa9493fbb66cdc
2fd12534a9f289afad1b47533871b7150a59ce8c73ea82641dd89d1de10819c6
Analyzer Verdict Alert fortinet Malware
GET /gYXRlWTMCGws/DBUdAWQEUkNWagZHHhY2XRFJE25FNxohFUFYMzASX0cAHz0OUVIJOF0GSUM8XQJJVH9SBRZYbRUUFVg0XBsdCTVSREYjbB1RUVdpGxYdCz1cFgdAawMPAEBrA1BES2kWUjZAawMWHQtvB0RHJ3wBUQxTbRZSNkBrAxMCQGpyUERQdwNIUV-dpVAQXDjYWUzJXaQJRRFRpAkRGVT9aExEDNktERiNoA1RaVX9GXEU HTTP/1.1
Host: djv99sxoqpv11.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://foortowatch.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 189
date: Fri, 27 Jan 2023 18:36:15 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 ee04daa979e7a02cc5ca472521bc18a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: baNAirKRGrpsoHeG3luTFcNzXmBW-XYhvoqlii8ZB3te9SA8eRg1sA==
X-Firefox-Spdy: h2
djv99sxoqpv11.cloudfront.net/xR1lreFckNgUeaDMwD0Vgcm9YT2FhMxgXOTdkHhwSCjckCzsDCSQpBSN/HwIzemlNFDYpPlZeMik6VklxJj0JRWNhLRsXPHosHw07NTsYASM9fx4Zaio2ERE7KzhOShFyd1tdZXdxHBE5IzYcC3J1aQUMcnVpWkh5d3xYOnJ1aRwROXFtTksVYmtbAGFzfF-g6cnVpGQ5ydBhaSGJpaUJdZXc+Dhs8KHxZPmV3aFtIZndoTkpnITAZHTEoIU5KEXZpXlZnYSxWSQ
54.230.245.107200 OK 450 B URL HTTP/2 djv99sxoqpv11.cloudfront.net/xR1lreFckNgUeaDMwD0Vgcm9YT2FhMxgXOTdkHhwSCjckCzsDCSQpBSN/HwIzemlNFDYpPlZeMik6VklxJj0JRWNhLRsXPHosHw07NTsYASM9fx4Zaio2ERE7KzhOShFyd1tdZXdxHBE5IzYcC3J1aQUMcnVpWkh5d3xYOnJ1aRwROXFtTksVYmtbAGFzfF-g6cnVpGQ5ydBhaSGJpaUJdZXc+Dhs8KHxZPmV3aFtIZndoTkpnITAZHTEoIU5KEXZpXlZnYSxWSQ
IP 54.230.245.107:0
File type ASCII text, with very long lines (586), with no line terminators
Hash e418e2155052c11741f16de1eb9e3ee9
5cfeabe693a760694fdfde5c862db6b0cc33dff5
3019a49a0dbe3d19aac23842393d9ae77e4f5c426ba9732e1880d8d99434eadb
Analyzer Verdict Alert fortinet Malware
GET /xR1lreFckNgUeaDMwD0Vgcm9YT2FhMxgXOTdkHhwSCjckCzsDCSQpBSN/HwIzemlNFDYpPlZeMik6VklxJj0JRWNhLRsXPHosHw07NTsYASM9fx4Zaio2ERE7KzhOShFyd1tdZXdxHBE5IzYcC3J1aQUMcnVpWkh5d3xYOnJ1aRwROXFtTksVYmtbAGFzfF-g6cnVpGQ5ydBhaSGJpaUJdZXc+Dhs8KHxZPmV3aFtIZndoTkpnITAZHTEoIU5KEXZpXlZnYSxWSQ HTTP/1.1
Host: djv99sxoqpv11.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://foortowatch.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 450
date: Fri, 27 Jan 2023 18:36:15 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 ee04daa979e7a02cc5ca472521bc18a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: mAHpMqQkK0-vdV5TWdZCeG2fev6XWoHjI4Nrtm6M0AtDTOt3xKY55g==
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash d387e958f6f978e46d183f001b380dd3
d6c805a675a62b0fe204b66247a6c397b079fc53
d5bc0d82358a7b772782d46dbd324b79d007f885008ec1a21a30226e99e69748
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D5BC0D82358A7B772782D46DBD324B79D007F885008EC1A21A30226E99E69748"
Last-Modified: Thu, 26 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13428
Expires: Fri, 27 Jan 2023 22:20:03 GMT
Date: Fri, 27 Jan 2023 18:36:15 GMT
Connection: keep-alive
bayfiles.com/img/file/filetypes/ext/rar.png?1663356888
45.154.253.150200 OK 631 B URL HTTP/1.1 bayfiles.com/img/file/filetypes/ext/rar.png?1663356888
IP 45.154.253.150:0
ASN #41634 Svea Hosting AB
File type PNG image data, 16 x 16, 8-bit colormap, non-interlaced\012- data
Hash d33954367bc5d15c7f0e01857e7ae8ea
b8b5ba4e52c439feed2b51c7f982be6f4dee3aae
a6f8963dd8d602e135e8b860b7e48badfd78c2b1bef9ec362a39ce2fc484606f
GET /img/file/filetypes/ext/rar.png?1663356888 HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/Je94v6K7ya/Antler_v3.0_HTML_rar
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 27 Jan 2023 18:36:15 GMT
Content-Type: image/png
Content-Length: 631
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 45
accept-ranges: bytes
bayfiles.com/img/flags/24/in.png
45.154.253.150200 OK 593 B URL HTTP/1.1 bayfiles.com/img/flags/24/in.png
IP 45.154.253.150:0
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash ccaf96cfc341dc9a17e24b96bef223ff
8791d6db6628e0fb21b847ab94484f0c615e38ac
728e008d94e2e3bae2679d50a051562f1ccce1fd604196c7880a3d96f3070354
GET /img/flags/24/in.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/Je94v6K7ya/Antler_v3.0_HTML_rar
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 27 Jan 2023 18:36:16 GMT
Content-Type: image/png
Content-Length: 593
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 645
accept-ranges: bytes
bayfiles.com/img/flags/24/fi.png
45.154.253.150200 OK 456 B URL HTTP/1.1 bayfiles.com/img/flags/24/fi.png
IP 45.154.253.150:0
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash 0ea9115d18d5210d4f1db520881faa3a
09829c2b7b5e4bae28d62b1dff90220f28c3bdf5
544fee9d1bff8bc83865ab87538924de207ebe4848787496c7308b91b539b6da
GET /img/flags/24/fi.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/Je94v6K7ya/Antler_v3.0_HTML_rar
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 27 Jan 2023 18:36:16 GMT
Content-Type: image/png
Content-Length: 456
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 773
accept-ranges: bytes
policityseriod.info/R0IzNXY8YEBCKTIwXxdMZSpHQQY0eBwaFCY7VVwaIjEdVhkqbUBCWC0xERlUNC9VF0x2bhFBFyAdWlFUfWAEBkF0cAUXWmUxRlcpLiYBF0xlIFEFFSJ7UFNbd3dVVFtzIQcAW356BQRbcXVVDEImdQZWRyEhEUg
70.32.1.32302 Found 0 B URL HTTP/1.1 policityseriod.info/R0IzNXY8YEBCKTIwXxdMZSpHQQY0eBwaFCY7VVwaIjEdVhkqbUBCWC0xERlUNC9VF0x2bhFBFyAdWlFUfWAEBkF0cAUXWmUxRlcpLiYBF0xlIFEFFSJ7UFNbd3dVVFtzIQcAW356BQRbcXVVDEImdQZWRyEhEUg
IP 70.32.1.32:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
GET /R0IzNXY8YEBCKTIwXxdMZSpHQQY0eBwaFCY7VVwaIjEdVhkqbUBCWC0xERlUNC9VF0x2bhFBFyAdWlFUfWAEBkF0cAUXWmUxRlcpLiYBF0xlIFEFFSJ7UFNbd3dVVFtzIQcAW356BQRbcXVVDEImdQZWRyEhEUg HTTP/1.1
Host: policityseriod.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
date: Fri, 27 Jan 2023 18:36:16 GMT
server: Apache/2.4.38 (Debian)
set-cookie: __tad=1674844576.2583260; expires=Mon, 24-Jan-2033 18:36:16 GMT; Max-Age=315360000
location: http://ww25.policityseriod.info/R0IzNXY8YEBCKTIwXxdMZSpHQQY0eBwaFCY7VVwaIjEdVhkqbUBCWC0xERlUNC9VF0x2bhFBFyAdWlFUfWAEBkF0cAUXWmUxRlcpLiYBF0xlIFEFFSJ7UFNbd3dVVFtzIQcAW356BQRbcXVVDEImdQZWRyEhEUg?subid1=20230128-0536-16c3-8587-8c73dbbca081
content-length: 0
content-type: text/html; charset=UTF-8
connection: close
bayfiles.com/img/flags/24/pl.png
45.154.253.150200 OK 347 B URL HTTP/1.1 bayfiles.com/img/flags/24/pl.png
IP 45.154.253.150:0
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash baf3aff7caef0be58f29b41f20a0e4db
11c840dfa1f1bd22a04aa1fa53fcac95f381b9a6
0a3a8803b7a137166a04369522ec2b31513dcd4c07e2120107c55d9a7f7b646f
GET /img/flags/24/pl.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/Je94v6K7ya/Antler_v3.0_HTML_rar
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 27 Jan 2023 18:36:16 GMT
Content-Type: image/png
Content-Length: 347
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 592
accept-ranges: bytes
bayfiles.com/img/flags/24/jp.png
45.154.253.150200 OK 599 B URL HTTP/1.1 bayfiles.com/img/flags/24/jp.png
IP 45.154.253.150:0
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash 857f6f0e0886a3729b758b7241e42e61
a7be973a93c6ad51cf07a9f21a5dd72cc3e15680
8e7b1cd46120293756d1f21bac4de809d2895c7c26dc7586e3e2a09a0f7c1d64
GET /img/flags/24/jp.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/Je94v6K7ya/Antler_v3.0_HTML_rar
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 27 Jan 2023 18:36:16 GMT
Content-Type: image/png
Content-Length: 599
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 501
accept-ranges: bytes
bayfiles.com/sw.js?djR5TWQtFk5%2BU0UGT29IVBZVbwYUBBooXRVSVH1REFVUeQdCAVR0XEAFVHtTEA1NLFNDV0grB1QYWy9WTwdOKFJOGRgoARMZTX0HFRkbeVEVGUF4AkIMTXxcT1BJdUZaFgo6RloWCSIIH1cQOR0FUQskCxIaECMCGRZVb1FYBlsQ
45.154.253.150200 OK 14 kB URL HTTP/1.1 bayfiles.com/sw.js?djR5TWQtFk5%2BU0UGT29IVBZVbwYUBBooXRVSVH1REFVUeQdCAVR0XEAFVHtTEA1NLFNDV0grB1QYWy9WTwdOKFJOGRgoARMZTX0HFRkbeVEVGUF4AkIMTXxcT1BJdUZaFgo6RloWCSIIH1cQOR0FUQskCxIaECMCGRZVb1FYBlsQ
IP 45.154.253.150:0
ASN #41634 Svea Hosting AB
File type ASCII text, with very long lines (39060), with no line terminators
Hash fefdeff3180d9772f08a2cadce9a55b0
5610f0290b7f4c81c57a65703825fc2830aeac96
0009589421c540c0b0ee37fde74f5373962096bc8e9869a953b4cb59547a8f61
GET /sw.js?djR5TWQtFk5%2BU0UGT29IVBZVbwYUBBooXRVSVH1REFVUeQdCAVR0XEAFVHtTEA1NLFNDV0grB1QYWy9WTwdOKFJOGRgoARMZTX0HFRkbeVEVGUF4AkIMTXxcT1BJdUZaFgo6RloWCSIIH1cQOR0FUQskCxIaECMCGRZVb1FYBlsQ HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 27 Jan 2023 18:36:16 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
x-vdch: Yes
cache-control: public, max-age=14400
x-oe: Y
x-oh: 12789
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 6783c5eb0769f1f5ece9c2831e15a183
730a400cf0111301bd4ac9771888b19011f95165
460f8f94578c80fe856ec5f87138428d2421c9823abc0fc125e61fbe99625dd7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 18:36:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash b10c572a58f34d8fb28433f25bb9c885
8bc11baa4e367bfcf8738f28000a3befc9866cc8
678014c585151112a3bd14158afd8509eeec3d4bad3117d6ccd9ecaa109107bc
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 511
Cache-Control: max-age=138417
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 18:36:16 GMT
Etag: "63d39152-1d7"
Expires: Sun, 29 Jan 2023 09:03:13 GMT
Last-Modified: Fri, 27 Jan 2023 08:54:42 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 6783c5eb0769f1f5ece9c2831e15a183
730a400cf0111301bd4ac9771888b19011f95165
460f8f94578c80fe856ec5f87138428d2421c9823abc0fc125e61fbe99625dd7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 18:36:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
foortowatch.xyz/utx?cb=4wajAcc7yBjN&top=bayfiles.com&tid=737333
54.230.111.128204 No Content 0 B URL HTTP/2 foortowatch.xyz/utx?cb=4wajAcc7yBjN&top=bayfiles.com&tid=737333
IP 54.230.111.128:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=4wajAcc7yBjN&top=bayfiles.com&tid=737333 HTTP/1.1
Host: foortowatch.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bayfiles.com
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Fri, 27 Jan 2023 18:36:16 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://bayfiles.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Fri, 27 Jan 2023 18:37:16 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 d9fb4c3794a085bb4ee2c5798c2cb1b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 9akE9aB5SlgaOZAClr8Fp_1V4hHK8uq0o8d7bi4vVIe7o60OlMVGGg==
X-Firefox-Spdy: h2
foortowatch.xyz/utx?cb=P9I9bak6b3UC&top=bayfiles.com&tid=756376
54.230.111.128204 No Content 0 B URL HTTP/2 foortowatch.xyz/utx?cb=P9I9bak6b3UC&top=bayfiles.com&tid=756376
IP 54.230.111.128:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=P9I9bak6b3UC&top=bayfiles.com&tid=756376 HTTP/1.1
Host: foortowatch.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bayfiles.com
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Fri, 27 Jan 2023 18:36:16 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://bayfiles.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Fri, 27 Jan 2023 18:37:16 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 d9fb4c3794a085bb4ee2c5798c2cb1b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: v_PQae6YJxpyqBotQ62zNcUboC2bQlAcxj5Oh9c1VU-AGx0oSR9BEg==
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
142.250.74.109302 Found 392 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP 142.250.74.109:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (380)
Hash c0a0a822a21fea7bdf375848f09a2201
40e9b3dd7cba48134003a7a56bf7e917c2f8b371
65782217bfefd0517328116896ae95d6bf91f29f5d75d76cfd65ba0030d3179e
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 27 Jan 2023 18:36:16 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S1795517232%3A1674844576589164&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHcLCApCFlqG-nD5JwMTUc_xDUxfy78BDRf90o_VG6ohDK3SvRONEn6U-pUN9CHNZ5B3LG9cog
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-UFHYFSUHz2lh6spSKDtrHg' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 392
server: GSE
set-cookie: __Host-GAPS=1:30AkXVZ5NAmwa98wEXGRifUl2CuzLQ:OynixJQ5fcnM6E-f;Path=/;Expires=Sun, 26-Jan-2025 18:36:16 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.33.119.27200 OK 345 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 85eb52d931d1fdbb5521f8647853e281
06cb63e58d38f74052fae98476b979142a65b8af
5c731df5714847a75e3728a0c92c6cd715861ff4427efc36898799d96761918f
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "5C731DF5714847A75E3728A0C92C6CD715861FF4427EFC36898799D96761918F"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10810
Expires: Fri, 27 Jan 2023 21:36:26 GMT
Date: Fri, 27 Jan 2023 18:36:16 GMT
Connection: keep-alive
bayfiles.com/img/favicon/favicon-32x32-bayfiles.png?1663356888
45.154.253.150200 OK 1.4 kB URL HTTP/1.1 bayfiles.com/img/favicon/favicon-32x32-bayfiles.png?1663356888
IP 45.154.253.150:0
ASN #41634 Svea Hosting AB
File type PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash 9549584e9288a5dd9d163daa26a6f34d
0c7a71967bd4570770aa9b1043a1d82cd8969252
d18e625001a778074faea9e00ae801988818827c121732ba020390e84897578e
GET /img/favicon/favicon-32x32-bayfiles.png?1663356888 HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/Je94v6K7ya/Antler_v3.0_HTML_rar
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 27 Jan 2023 18:36:16 GMT
Content-Type: image/png
Content-Length: 1368
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 171
accept-ranges: bytes
e1.o.lencr.org/
23.33.119.27200 OK 345 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 85eb52d931d1fdbb5521f8647853e281
06cb63e58d38f74052fae98476b979142a65b8af
5c731df5714847a75e3728a0c92c6cd715861ff4427efc36898799d96761918f
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "5C731DF5714847A75E3728A0C92C6CD715861FF4427EFC36898799D96761918F"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10810
Expires: Fri, 27 Jan 2023 21:36:26 GMT
Date: Fri, 27 Jan 2023 18:36:16 GMT
Connection: keep-alive
e1.o.lencr.org/
23.33.119.27200 OK 345 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 85eb52d931d1fdbb5521f8647853e281
06cb63e58d38f74052fae98476b979142a65b8af
5c731df5714847a75e3728a0c92c6cd715861ff4427efc36898799d96761918f
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "5C731DF5714847A75E3728A0C92C6CD715861FF4427EFC36898799D96761918F"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10810
Expires: Fri, 27 Jan 2023 21:36:26 GMT
Date: Fri, 27 Jan 2023 18:36:16 GMT
Connection: keep-alive
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
142.250.74.109302 Found 395 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP 142.250.74.109:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (384)
Hash 922815c21adf2bd19d7275d577dd15ac
41e16e5f6ebf4aa7ac72082146d5e34ad4aca2ab
fb1274d242021e0e9f4a073f597c4946df4627e0b1d815839ea101488dc76e3f
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 27 Jan 2023 18:36:16 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S2080619826%3A1674844576640083&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHc9AiulTQ2DrrbP4ltDkk3vPFbMQGVgrER90LD8anFByfwLqrEJMrQWRs4nQIGXsutsS10ZEw
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-security-policy: script-src 'nonce-sj6tlPPuL5FAhZbmfZRUNQ' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 395
server: GSE
set-cookie: __Host-GAPS=1:N2RtYaIz2WrYUn1_z6rTPRi-oOibFw:r1sc6G5TqK3h-RKX;Path=/;Expires=Sun, 26-Jan-2025 18:36:16 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 61f119c4b6311c87501f54da9ad62e7e
479c65a3be3e77ff0af6f26118389cac97852c74
e00fa0353240654d541e2aee878c14feb77837a1b5a4a12fa326ec2cc5a92e59
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 18:36:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
foortowatch.xyz/multi?cs=Y2NqbHhWVFlVSlpbWlRAUltbXUE&abt=0&red=1&sm=76&k=&v=1.0.60.1&sts=0&prn=0&emb=0&tid=756376&rxy=1280_1024&fs=1&ref=https%3A%2F%2Fbayfiles.com%2FJe94v6K7ya%2FAntler_v3.0_HTML_rar&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&_GvU9=1674844575708&crc=1
54.230.111.128200 OK 1.5 kB URL HTTP/2 foortowatch.xyz/multi?cs=Y2NqbHhWVFlVSlpbWlRAUltbXUE&abt=0&red=1&sm=76&k=&v=1.0.60.1&sts=0&prn=0&emb=0&tid=756376&rxy=1280_1024&fs=1&ref=https%3A%2F%2Fbayfiles.com%2FJe94v6K7ya%2FAntler_v3.0_HTML_rar&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&_GvU9=1674844575708&crc=1
IP 54.230.111.128:0
File type ASCII text, with very long lines (3274), with no line terminators
Hash f43fc25328000acaf619e8ed82c1ad08
16ec0fabab34c6fc36631e7a1990b36836ae690b
9cd7be353b70d070fb925350cbc6fbe5eed1a1cd23c06aaaf4aaa69a567bf4d4
GET /multi?cs=Y2NqbHhWVFlVSlpbWlRAUltbXUE&abt=0&red=1&sm=76&k=&v=1.0.60.1&sts=0&prn=0&emb=0&tid=756376&rxy=1280_1024&fs=1&ref=https%3A%2F%2Fbayfiles.com%2FJe94v6K7ya%2FAntler_v3.0_HTML_rar&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&_GvU9=1674844575708&crc=1 HTTP/1.1
Host: foortowatch.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bayfiles.com
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/plain
content-length: 1537
date: Fri, 27 Jan 2023 18:36:16 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://bayfiles.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=940942ce-dd4a-42d1-8996-ea77f43e02f9
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 d9fb4c3794a085bb4ee2c5798c2cb1b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: zQytU9JNIKTsFKIt0m6vMpCpqGu7kfzoas11a9Jtl-o9G0AJjQgZ4Q==
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash b10c572a58f34d8fb28433f25bb9c885
8bc11baa4e367bfcf8738f28000a3befc9866cc8
678014c585151112a3bd14158afd8509eeec3d4bad3117d6ccd9ecaa109107bc
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 511
Cache-Control: max-age=138417
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 18:36:16 GMT
Etag: "63d39152-1d7"
Expires: Sun, 29 Jan 2023 09:03:13 GMT
Last-Modified: Fri, 27 Jan 2023 08:54:42 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
policityseriod.info/
70.32.1.32302 Found 0 B IP 70.32.1.32:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
POST / HTTP/1.1
Host: policityseriod.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 394
Origin: https://bayfiles.com
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
date: Fri, 27 Jan 2023 18:36:16 GMT
server: Apache/2.4.38 (Debian)
set-cookie: __tad=1674844576.3946876; expires=Mon, 24-Jan-2033 18:36:16 GMT; Max-Age=315360000
location: http://ww25.policityseriod.info/?subid1=20230128-0536-166c-bfe6-a6072c34ef3c
content-length: 0
content-type: text/html; charset=UTF-8
connection: close
e1.o.lencr.org/
23.33.119.27200 OK 345 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 85eb52d931d1fdbb5521f8647853e281
06cb63e58d38f74052fae98476b979142a65b8af
5c731df5714847a75e3728a0c92c6cd715861ff4427efc36898799d96761918f
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "5C731DF5714847A75E3728A0C92C6CD715861FF4427EFC36898799D96761918F"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10810
Expires: Fri, 27 Jan 2023 21:36:26 GMT
Date: Fri, 27 Jan 2023 18:36:16 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 2e21811f62c077f45a93d7c3b543998d
3e890a73bb51d9dd1021d5339271aa40833ba258
c6b77371a50390fd68d44ff05e080f064c16c3095df8856b330ab0c6685cd3d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12597
Expires: Fri, 27 Jan 2023 22:06:13 GMT
Date: Fri, 27 Jan 2023 18:36:16 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 2e21811f62c077f45a93d7c3b543998d
3e890a73bb51d9dd1021d5339271aa40833ba258
c6b77371a50390fd68d44ff05e080f064c16c3095df8856b330ab0c6685cd3d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12597
Expires: Fri, 27 Jan 2023 22:06:13 GMT
Date: Fri, 27 Jan 2023 18:36:16 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 2e21811f62c077f45a93d7c3b543998d
3e890a73bb51d9dd1021d5339271aa40833ba258
c6b77371a50390fd68d44ff05e080f064c16c3095df8856b330ab0c6685cd3d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12597
Expires: Fri, 27 Jan 2023 22:06:13 GMT
Date: Fri, 27 Jan 2023 18:36:16 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 2e21811f62c077f45a93d7c3b543998d
3e890a73bb51d9dd1021d5339271aa40833ba258
c6b77371a50390fd68d44ff05e080f064c16c3095df8856b330ab0c6685cd3d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12597
Expires: Fri, 27 Jan 2023 22:06:13 GMT
Date: Fri, 27 Jan 2023 18:36:16 GMT
Connection: keep-alive
pogothere.xyz/
172.64.106.19200 OK 9.1 kB IP 172.64.106.19:0
File type ASCII text, with no line terminators
Hash 6bf9edc6f2d3a03ea81265f40c102272
9f89840c7db53fc9626587a604a772b22fd7febd
3a5454ea7a020ad49cf87a1e4837d961e17ff82943bcfcc89b788a7c1dccb46e
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bayfiles.com/
Origin: https://bayfiles.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 27 Jan 2023 18:36:16 GMT
content-type: text/plain
set-cookie: csu=239804171333447@1@1674844576; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://bayfiles.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RSZZWFQYl52mdQhw1zPOgBpyh3M7NCBt7jxM3ewxLIApf2TrmbQSFPGpXETZik%2FgynVExfaMDObZFX0IwB0EYb5GzinRNgg9ODHb3Puzs2LfDWmB%2FcNPZ3oDaOx8C%2BNu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 790397cc1de674b9-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0cc9d867-fc35-4a62-9934-4cb307d6146d.jpeg
34.120.237.76200 OK 5.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0cc9d867-fc35-4a62-9934-4cb307d6146d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 869cdfba2637cc932ce387317a3c485e
51d87a5223d87c959bf27b2a825dce0a28f52ada
6dc4247dd3110836195f9962463bd8265be89633e9e589bf19955991751c26fe
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0cc9d867-fc35-4a62-9934-4cb307d6146d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5669
x-amzn-requestid: 17f6235c-d495-4813-9453-407331e0dcad
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fR1ZSH4fIAMFxeQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d09c3b-67ff5c7f416727670e7c3b21;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 03:04:27 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: KGNpzuI2ny_1LH90atWa09SPYG7Ovolbv_KvL8nC6fUk59z-6TFsMQ==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 03:05:08 GMT
age: 55868
etag: "51d87a5223d87c959bf27b2a825dce0a28f52ada"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6418a71b-f89d-45d1-bc77-36d6312f560b.jpeg
34.120.237.76200 OK 5.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6418a71b-f89d-45d1-bc77-36d6312f560b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ba0a42dadf6a976df148f652e9cc1844
4d825b74865effa4a858ddcad1d0969671facc07
7276a38c9ba6b13a06f24ab8b802f210f98c5541df53fbcd8e879a14d2957d95
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6418a71b-f89d-45d1-bc77-36d6312f560b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5943
x-amzn-requestid: 6774f4a4-ed83-49df-868f-4517c2af914b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fUXxNF2UIAMFlYw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d1a007-75b1e8975c3f4b503e0a1c5b;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 21:32:55 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: KY05WKpINERD5g9o2QLYdsNMSuuy_YKn2Tl7Qkn7YaAOaPTDfLteeA==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 21:49:48 GMT
age: 74788
etag: "4d825b74865effa4a858ddcad1d0969671facc07"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F16430244-f45f-4aea-a8a8-2b1f37fa80ef.jpeg
34.120.237.76200 OK 5.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F16430244-f45f-4aea-a8a8-2b1f37fa80ef.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5e7158416f60576804ccff03307319fe
a342f94625e913fa6b8d862a59979f1e3ad80dd1
5c525df7d169cc7e033d920c11f4a0163a781c025a22b70530882b56964a9a52
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F16430244-f45f-4aea-a8a8-2b1f37fa80ef.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5737
x-amzn-requestid: cc977ea9-c418-4a5a-a13b-c86e16bbe6ba
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fRGPFGL5oAMFiSg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d050c6-2d540cac5ca7d4e64cfdb8bc;Sampled=0
x-amzn-remapped-date: Tue, 24 Jan 2023 21:42:30 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: uZnA5gkRlZyqamh_n3992G9PlMJa4gJ-mjSOQEysII73dDKLXmeXsg==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 16:31:38 GMT
age: 7478
etag: "a342f94625e913fa6b8d862a59979f1e3ad80dd1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b7a0759c043594fbe85af422b59b8227
a05cfaad16078f42218dae233da38f6f5dff8487
e898d6ef1b3998fb9322a8fc190069ec5f7b3582bfe8397a2367497d84a27549
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11568
x-amzn-requestid: 2e85f75e-ab9d-4d45-adad-7313950a9647
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fSWbxGwnoAMFejw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d0d117-68f1a9e71a07a0453311fd32;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 06:49:59 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: dbz3wXGNaetf6xvRE98rshyHy-FVfDo8co-4VDL0a4Qe3E4U8A82Og==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 18:36:01 GMT
age: 15
etag: "a05cfaad16078f42218dae233da38f6f5dff8487"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a8a63ec-e0a4-4297-b143-649ad3968ae8.jpeg
34.120.237.76200 OK 9.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a8a63ec-e0a4-4297-b143-649ad3968ae8.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f62e9b7bdca82d18c945851912d8fea8
a7ca44d337c43bc5c6145b26778661c71cc50484
5da02cc405c1cada55813ffe376844375f1d6ad222cbb63405348b1f5132a0b1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a8a63ec-e0a4-4297-b143-649ad3968ae8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9595
x-amzn-requestid: c257bfbe-1bd7-4540-bbfa-e4c49a2624a1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fUXwfGigoAMFvBw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d1a002-226c08656eeefbfa3c2dddb6;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 21:32:50 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: k9njnQmggD7UkVJzZqSzo90HJJjTjGK0QIoPU0HWYKrSstjM6s1rOw==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 21:49:48 GMT
age: 74788
etag: "a7ca44d337c43bc5c6145b26778661c71cc50484"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
policityseriod.info/djR5TWQtFk5%2BU0UGT29IVBZVbwYUBBooXRVSVH1REFVUeQdCAVR0XEAFVHtTEA1NLFNDV0grB1QYWy9WTwdOKFJOGRgoARMZTX0HFRkbeVEVGUF4AkIMTXxcT1BJdUZaFgo6RloWCSIIH1cQOR0FUQskCxIaECMCGRZVb1FYBlsQ
70.32.1.32302 Found 0 B URL HTTP/1.1 policityseriod.info/djR5TWQtFk5%2BU0UGT29IVBZVbwYUBBooXRVSVH1REFVUeQdCAVR0XEAFVHtTEA1NLFNDV0grB1QYWy9WTwdOKFJOGRgoARMZTX0HFRkbeVEVGUF4AkIMTXxcT1BJdUZaFgo6RloWCSIIH1cQOR0FUQskCxIaECMCGRZVb1FYBlsQ
IP 70.32.1.32:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
GET /djR5TWQtFk5%2BU0UGT29IVBZVbwYUBBooXRVSVH1REFVUeQdCAVR0XEAFVHtTEA1NLFNDV0grB1QYWy9WTwdOKFJOGRgoARMZTX0HFRkbeVEVGUF4AkIMTXxcT1BJdUZaFgo6RloWCSIIH1cQOR0FUQskCxIaECMCGRZVb1FYBlsQ HTTP/1.1
Host: policityseriod.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
date: Fri, 27 Jan 2023 18:36:16 GMT
server: Apache/2.4.38 (Debian)
set-cookie: __tad=1674844577.1825163; expires=Mon, 24-Jan-2033 18:36:17 GMT; Max-Age=315360000
location: http://ww25.policityseriod.info/djR5TWQtFk5%2BU0UGT29IVBZVbwYUBBooXRVSVH1REFVUeQdCAVR0XEAFVHtTEA1NLFNDV0grB1QYWy9WTwdOKFJOGRgoARMZTX0HFRkbeVEVGUF4AkIMTXxcT1BJdUZaFgo6RloWCSIIH1cQOR0FUQskCxIaECMCGRZVb1FYBlsQ?subid1=20230128-0536-1722-b34d-f2705756d3d8
content-length: 0
content-type: text/html; charset=UTF-8
connection: close
policityseriod.info/
70.32.1.32302 Found 0 B IP 70.32.1.32:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
POST / HTTP/1.1
Host: policityseriod.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bayfiles.com/
Content-Type: text/plain;charset=UTF-8
Origin: https://bayfiles.com
Content-Length: 352
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
date: Fri, 27 Jan 2023 18:36:17 GMT
server: Apache/2.4.38 (Debian)
set-cookie: __tad=1674844577.1662808; expires=Mon, 24-Jan-2033 18:36:17 GMT; Max-Age=315360000
location: http://ww25.policityseriod.info/?subid1=20230128-0536-172d-bda3-f53d615138f7
content-length: 0
content-type: text/html; charset=UTF-8
connection: close
policityseriod.info/
70.32.1.32302 Found 0 B IP 70.32.1.32:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
POST / HTTP/1.1
Host: policityseriod.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 774
Origin: https://bayfiles.com
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
date: Fri, 27 Jan 2023 18:36:17 GMT
server: Apache/2.4.38 (Debian)
set-cookie: __tad=1674844577.6313203; expires=Mon, 24-Jan-2033 18:36:17 GMT; Max-Age=315360000
location: http://ww25.policityseriod.info/?subid1=20230128-0536-176d-8388-b28035e44411
content-length: 0
content-type: text/html; charset=UTF-8
connection: close
policityseriod.info/
70.32.1.32302 Found 0 B IP 70.32.1.32:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
POST / HTTP/1.1
Host: policityseriod.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bayfiles.com/
Content-Type: text/plain;charset=UTF-8
Origin: https://bayfiles.com
Content-Length: 356
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
date: Fri, 27 Jan 2023 18:36:17 GMT
server: Apache/2.4.38 (Debian)
set-cookie: __tad=1674844577.4061954; expires=Mon, 24-Jan-2033 18:36:17 GMT; Max-Age=315360000
location: http://ww25.policityseriod.info/?subid1=20230128-0536-1773-9fa3-62d2ca14c589
content-length: 0
content-type: text/html; charset=UTF-8
connection: close
policityseriod.info/
70.32.1.32302 Found 0 B IP 70.32.1.32:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
POST / HTTP/1.1
Host: policityseriod.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 394
Origin: https://bayfiles.com
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
date: Fri, 27 Jan 2023 18:36:18 GMT
server: Apache/2.4.38 (Debian)
set-cookie: __tad=1674844578.3453104; expires=Mon, 24-Jan-2033 18:36:18 GMT; Max-Age=315360000
location: http://ww25.policityseriod.info/?subid1=20230128-0536-18ce-8b04-d5f69422f984
content-length: 0
content-type: text/html; charset=UTF-8
connection: close
policityseriod.info/
70.32.1.32302 Found 0 B IP 70.32.1.32:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
POST / HTTP/1.1
Host: policityseriod.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bayfiles.com/
Content-Type: text/plain;charset=UTF-8
Origin: https://bayfiles.com
Content-Length: 363
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
date: Fri, 27 Jan 2023 18:36:18 GMT
server: Apache/2.4.38 (Debian)
set-cookie: __tad=1674844578.2049719; expires=Mon, 24-Jan-2033 18:36:18 GMT; Max-Age=315360000
location: http://ww25.policityseriod.info/?subid1=20230128-0536-18dc-a016-244298f8a9e5
content-length: 0
content-type: text/html; charset=UTF-8
connection: close
policityseriod.info/
70.32.1.32302 Found 0 B IP 70.32.1.32:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
POST / HTTP/1.1
Host: policityseriod.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 387
Origin: https://bayfiles.com
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
date: Fri, 27 Jan 2023 18:36:18 GMT
server: Apache/2.4.38 (Debian)
set-cookie: __tad=1674844578.4809095; expires=Mon, 24-Jan-2033 18:36:18 GMT; Max-Age=315360000
location: http://ww25.policityseriod.info/?subid1=20230128-0536-18fb-8a38-3456133e6f53
content-length: 0
content-type: text/html; charset=UTF-8
connection: close
policityseriod.info/
70.32.1.32302 Found 0 B IP 70.32.1.32:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
POST / HTTP/1.1
Host: policityseriod.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 766
Origin: https://bayfiles.com
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
date: Fri, 27 Jan 2023 18:36:18 GMT
server: Apache/2.4.38 (Debian)
set-cookie: __tad=1674844578.8327202; expires=Mon, 24-Jan-2033 18:36:18 GMT; Max-Age=315360000
location: http://ww25.policityseriod.info/?subid1=20230128-0536-1838-ad6b-53425ff728e9
content-length: 0
content-type: text/html; charset=UTF-8
connection: close
policityseriod.info/
70.32.1.32302 Found 0 B IP 70.32.1.32:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
POST / HTTP/1.1
Host: policityseriod.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bayfiles.com/
Content-Type: text/plain;charset=UTF-8
Origin: https://bayfiles.com
Content-Length: 353
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
date: Fri, 27 Jan 2023 18:36:18 GMT
server: Apache/2.4.38 (Debian)
set-cookie: __tad=1674844578.3219592; expires=Mon, 24-Jan-2033 18:36:18 GMT; Max-Age=315360000
location: http://ww25.policityseriod.info/?subid1=20230128-0536-189d-874a-d24976bdb8c2
content-length: 0
content-type: text/html; charset=UTF-8
connection: close
policityseriod.info/
70.32.1.32302 Found 0 B IP 70.32.1.32:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
POST / HTTP/1.1
Host: policityseriod.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bayfiles.com/
Content-Type: text/plain;charset=UTF-8
Origin: https://bayfiles.com
Content-Length: 742
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
date: Fri, 27 Jan 2023 18:36:18 GMT
server: Apache/2.4.38 (Debian)
set-cookie: __tad=1674844578.1748901; expires=Mon, 24-Jan-2033 18:36:18 GMT; Max-Age=315360000
location: http://ww25.policityseriod.info/?subid1=20230128-0536-187b-86ba-c53bf5e0ccea
content-length: 0
content-type: text/html; charset=UTF-8
connection: close
accounts.google.com/v3/signin/identifier?dsh=S1795517232%3A1674844576589164&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHcLCApCFlqG-nD5JwMTUc_xDUxfy78BDRf90o_VG6ohDK3SvRONEn6U-pUN9CHNZ5B3LG9cog
142.250.74.109403 Forbidden 0 B URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S1795517232%3A1674844576589164&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHcLCApCFlqG-nD5JwMTUc_xDUxfy78BDRf90o_VG6ohDK3SvRONEn6U-pUN9CHNZ5B3LG9cog
IP 142.250.74.109:0
GET /v3/signin/identifier?dsh=S1795517232%3A1674844576589164&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHcLCApCFlqG-nD5JwMTUc_xDUxfy78BDRf90o_VG6ohDK3SvRONEn6U-pUN9CHNZ5B3LG9cog HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bayfiles.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 27 Jan 2023 18:36:16 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-f2SPGrpjtTUaMWdOmn97EQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
cross-origin-opener-policy-report-only: same-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?dsh=S2080619826%3A1674844576640083&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHc9AiulTQ2DrrbP4ltDkk3vPFbMQGVgrER90LD8anFByfwLqrEJMrQWRs4nQIGXsutsS10ZEw
142.250.74.109403 Forbidden 0 B URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S2080619826%3A1674844576640083&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHc9AiulTQ2DrrbP4ltDkk3vPFbMQGVgrER90LD8anFByfwLqrEJMrQWRs4nQIGXsutsS10ZEw
IP 142.250.74.109:0
GET /v3/signin/identifier?dsh=S2080619826%3A1674844576640083&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHc9AiulTQ2DrrbP4ltDkk3vPFbMQGVgrER90LD8anFByfwLqrEJMrQWRs4nQIGXsutsS10ZEw HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bayfiles.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 27 Jan 2023 18:36:16 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-3qRAlTerOAzW_GGP_99WIg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
cross-origin-opener-policy-report-only: same-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.106.19200 OK 0 B IP 172.64.106.19:0
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bayfiles.com/
Origin: https://bayfiles.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 27 Jan 2023 18:36:16 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://bayfiles.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 2858
last-modified: Fri, 27 Jan 2023 17:48:38 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5%2Bqv4Y%2BRw60NGSASBN2kD6DNsO25o8ivDe9p9daTNV9kZvAYe8ANMp5aoFFjLdls1dHSoKwlT2Pi%2FMDrl7Me03mIztWbLKZeqH5VU6AigOl2vhaBhxL4o90WgqtxpVrC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 790397cc1de774b9-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/
172.64.106.19200 OK 0 B IP 172.64.106.19:0
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bayfiles.com/
Origin: https://bayfiles.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 27 Jan 2023 18:36:16 GMT
content-type: text/plain
set-cookie: csu=1717276638074346@1@1674844576; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://bayfiles.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BNv1xZS%2BVzcYFGLnODoNNW1R39tqwxtsf%2BODvz8Qxu1z7O02N8IPNqK8T7q66%2Bc3rxq61GsB9%2F%2F5Cu7UPhTR%2FGxL0vqKRctVcO2k9Vwfl3N3EZ%2FmFCuQXJrFtNF3UV%2F7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 790397cceeea74b9-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.106.19200 OK 0 B IP 172.64.106.19:0
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bayfiles.com/
Origin: https://bayfiles.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 27 Jan 2023 18:36:16 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://bayfiles.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 2858
last-modified: Fri, 27 Jan 2023 17:48:38 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F6FyrMhqh9B%2FJt97xFRUsObIC1eodL8bQIKt%2FzsfUdQ09%2BfNARvmrkRUxwfMJcz659HD65zYtM6l4Yw4SGEgb%2BTmsOvBcefKP1vR%2FRbQRMOzSy47nlboTdGgGnYpR%2FSW"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 790397cc0dd374b9-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
157.240.205.35200 OK 0 B URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP 157.240.205.35:0
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: CZ4zQI0T2bba3BAaGu1McZ+oreGyAtGI+I0MwVjW9esrLuujYLPEKGdaOceNVRdQYSfyBidwGPOci+vPLgyuRg==
date: Fri, 27 Jan 2023 18:36:16 GMT
priority: u=3,i
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2