cdn-141.bayfiles.com/mdo3ddcbyf/b71526df-1675005086/mbsetup.exe
195.96.151.34301 Moved Permanently 162 B URL HTTP/1.1 cdn-141.bayfiles.com/mdo3ddcbyf/b71526df-1675005086/mbsetup.exe
IP 195.96.151.34:0
ASN #41634 Svea Hosting AB
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /mdo3ddcbyf/b71526df-1675005086/mbsetup.exe HTTP/1.1
Host: cdn-141.bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sun, 29 Jan 2023 21:15:38 GMT
Content-Type: text/html
Content-Length: 162
Connection: close
Location: https://cdn-141.bayfiles.com/mdo3ddcbyf/b71526df-1675005086/mbsetup.exe
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash a2104f935c638b4767ca5ae0d738ef23
85c6af15af749be0ceeae6de17c36925b750f166
5d4789a3696bd7faa9916768cb627bbc89bf70a756d80e53860cbac13c2bc8b1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5D4789A3696BD7FAA9916768CB627BBC89BF70A756D80E53860CBAC13C2BC8B1"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9671
Expires: Sun, 29 Jan 2023 23:56:49 GMT
Date: Sun, 29 Jan 2023 21:15:38 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 3eb88dea4fe00db1182370e72683c3ab
ca520abf1e91bfd2aef40c6a1270a911071e8922
d8083ee567c7b3023111dc30f32c94237df7db30d4d2daaea0a569e8a3069ad7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D8083EE567C7B3023111DC30F32C94237DF7DB30D4D2DAAEA0A569E8A3069AD7"
Last-Modified: Sat, 28 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16790
Expires: Mon, 30 Jan 2023 01:55:28 GMT
Date: Sun, 29 Jan 2023 21:15:38 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 302c7548412192add063ad6c8b99cf3b
e5d178931a27db036ce8daae302594d3ff7050b8
fc2bd9091006189e67e8074093805ee5492ce16e1dbfba32e083abeeae34969d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FC2BD9091006189E67E8074093805EE5492CE16E1DBFBA32E083ABEEAE34969D"
Last-Modified: Sat, 28 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9597
Expires: Sun, 29 Jan 2023 23:55:35 GMT
Date: Sun, 29 Jan 2023 21:15:38 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash dcd75ca6daca51c5e39d431468511793
07f76d3bf23d65c9110d810fa71a994e39e085d3
73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Backoff, Content-Length, Alert, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 29 Jan 2023 20:43:09 GMT
content-type: application/json
age: 1949
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: JzEjr9ZjGObKWJHKQm3wtwpMRbsDBBty7De4zQR1JFZhfNMrZTBdYmKNjOL7/8JTgjCWBHuyJrw=
x-amz-request-id: YTG8ZGPQ9S9W5HY4
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 29 Jan 2023 20:21:31 GMT
age: 3247
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
cdn-141.bayfiles.com/mdo3ddcbyf/b71526df-1675005086/mbsetup.exe
195.96.151.34301 Moved Permanently 0 B URL HTTP/1.1 cdn-141.bayfiles.com/mdo3ddcbyf/b71526df-1675005086/mbsetup.exe
IP 195.96.151.34:0
ASN #41634 Svea Hosting AB
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /mdo3ddcbyf/b71526df-1675005086/mbsetup.exe HTTP/1.1
Host: cdn-141.bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sun, 29 Jan 2023 21:15:38 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Location: https://bayfiles.com/mdo3ddcbyf
X-Cache-Host: filecache-02
X-Cache-Disk: nvme-01
Accept-Ranges: bytes
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 29 Jan 2023 21:15:38 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash ded2223206f7fa24cf345fc52e184f44
6a99a759bd0f90778ad3986a5d2e67ceaf58c99b
1be4233566fd1fd05f4939a3fb25e3ff88e7466836b16f1e095d1b6024a1238e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1BE4233566FD1FD05F4939A3FB25E3FF88E7466836B16F1E095D1B6024A1238E"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=366
Expires: Sun, 29 Jan 2023 21:21:44 GMT
Date: Sun, 29 Jan 2023 21:15:38 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Last-Modified, ETag, Expires, Backoff, Content-Length, Cache-Control, Alert, Retry-After, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 29 Jan 2023 20:49:04 GMT
age: 1594
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 16a7b6a7128312e2f985d30df18c4487
6017bff79ffb525d9c7f9f32b999b74b5dc69602
663fd12209627f08e759c2ed1c76278a5da79dae1e0b46082dd1bb44775f7a16
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "663FD12209627F08E759C2ED1C76278A5DA79DAE1E0B46082DD1BB44775F7A16"
Last-Modified: Fri, 27 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15400
Expires: Mon, 30 Jan 2023 01:32:19 GMT
Date: Sun, 29 Jan 2023 21:15:39 GMT
Connection: keep-alive
bayfiles.com/mdo3ddcbyf
45.154.253.152404 Not Found 2.3 kB IP 45.154.253.152:0
ASN #41634 Svea Hosting AB
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash 0461b6c4a60f19db44e52103717f4310
ef5724b4cb4dca3df0c6dc14c81403874280f75b
c758949e3e324c8bef18e5bcf0e8e42d72564ea942a81c842a5a3a315ad0c6d0
GET /mdo3ddcbyf HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 404 Not Found
Server: nginx
Date: Sun, 29 Jan 2023 21:15:39 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
cache-control: public, max-age=3600
x-oe: Y
x-oh: 2
Content-Encoding: gzip
push.services.mozilla.com/
54.149.190.160101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.149.190.160:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: S09w+a+UjmtjhKOVk59KNA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: PRiQ1cTc31j5mMWraX0pYt7JYCA=
vjs.zencdn.net/7.3.0/video.min.js
151.101.66.217200 OK 132 kB URL HTTP/2 vjs.zencdn.net/7.3.0/video.min.js
IP 151.101.66.217:0
File type Unicode text, UTF-8 text, with very long lines (65141)
Size 132 kB (132230 bytes)
Hash e296d874aca2a1550b409394be51efaa
c184c030e9aab3d03de27bc588919e249d5ccdf7
401c15b7916797f936e9d8443945ef22e0f93305655c057a92c8d9b80c327c9f
GET /7.3.0/video.min.js HTTP/1.1
Host: vjs.zencdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Fri, 26 Oct 2018 18:06:27 GMT
etag: "057f19acd50fc7e3ad917dd600889ee5"
cache-control: public, max-age=31536000
content-type: application/javascript; charset=utf-8
content-encoding: gzip
date: Sun, 29 Jan 2023 21:15:39 GMT
x-served-by: cache-bma1628-BMA
x-cache: HIT
x-cache-hits: 1
vary: Accept-Encoding
access-control-allow-origin: *
timing-allow-origin: *
content-length: 132230
X-Firefox-Spdy: h2
vjs.zencdn.net/7.3.0/video-js.min.css
151.101.66.217200 OK 9.7 kB URL HTTP/2 vjs.zencdn.net/7.3.0/video-js.min.css
IP 151.101.66.217:0
File type ASCII text, with very long lines (35998), with no line terminators
Hash 3397ce943db8add2728dccd9a3b8b8bc
a57bbb7546a458fe57d72d06baab950125260cc9
5779043d07e39f23d64752c34c3113055eaaadf57fcd02f366cb028485e626ba
GET /7.3.0/video-js.min.css HTTP/1.1
Host: vjs.zencdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Fri, 26 Oct 2018 18:06:27 GMT
etag: "895e6b29db41953ef6197815c6be59d3"
cache-control: public, max-age=31536000
content-type: text/css; charset=utf-8
content-encoding: gzip
date: Sun, 29 Jan 2023 21:15:39 GMT
x-served-by: cache-bma1628-BMA
x-cache: HIT
x-cache-hits: 1555
vary: Accept-Encoding
access-control-allow-origin: *
timing-allow-origin: *
content-length: 9673
X-Firefox-Spdy: h2
djv99sxoqpv11.cloudfront.net/?xsvjd=737333
54.230.245.37200 OK 98 kB URL HTTP/2 djv99sxoqpv11.cloudfront.net/?xsvjd=737333
IP 54.230.245.37:0
File type Unicode text, UTF-8 text, with very long lines (15948)
Hash 46ba93ffc4dbbb1b91fead8393e8509e
b6e5b44a4f1ee0ed6b0ff2e04258f4ed91ed7652
9743e7fd2b475087bc0286d8a5b038c67b23d11c3206a17084659283943e40c0
GET /?xsvjd=737333 HTTP/1.1
Host: djv99sxoqpv11.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 98156
date: Sun, 29 Jan 2023 21:15:39 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Miss from cloudfront
via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Od1BX8xhonRf5j7DCDiIfLL9sl595UIffl0DARJHDnZLHJJtw4l3Dw==
X-Firefox-Spdy: h2
bayfiles.com/css/bayfiles.css?1668606177
45.154.253.152200 OK 25 kB URL HTTP/1.1 bayfiles.com/css/bayfiles.css?1668606177
IP 45.154.253.152:0
ASN #41634 Svea Hosting AB
File type ASCII text, with very long lines (65452)
Hash 896df88019eabed295bc78a2f053ab92
1bca351d99600fb10583eb28c638dd58482535a0
b1555a31747d1f471ea748a1363cf9c588d66dd15dcf42cf7fa0b2911d0424d0
GET /css/bayfiles.css?1668606177 HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/mdo3ddcbyf
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 29 Jan 2023 21:15:40 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
cache-control: public, max-age=3600
x-oe: Y
x-oh: 2394
Content-Encoding: gzip
bayfiles.com/js/app.js?1668606177
45.154.253.152200 OK 58 kB URL HTTP/1.1 bayfiles.com/js/app.js?1668606177
IP 45.154.253.152:0
ASN #41634 Svea Hosting AB
File type ASCII text, with very long lines (63238)
Hash ba67ff13fd07739a7037fbc27b2a1955
3e253f69b2f12659c541de122c6bce0ed82ba369
1cb363c41be4b3558b7b97b28bb7620cf532033c8a7a0035020831c104aaf818
GET /js/app.js?1668606177 HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/mdo3ddcbyf
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 29 Jan 2023 21:15:40 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
cache-control: public, max-age=3600
x-oe: Y
x-oh: 845
Content-Encoding: gzip
bayfiles.com/sw.js
45.154.253.152200 OK 14 kB IP 45.154.253.152:0
ASN #41634 Svea Hosting AB
File type ASCII text, with very long lines (39060), with no line terminators
Hash fefdeff3180d9772f08a2cadce9a55b0
5610f0290b7f4c81c57a65703825fc2830aeac96
0009589421c540c0b0ee37fde74f5373962096bc8e9869a953b4cb59547a8f61
GET /sw.js HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/mdo3ddcbyf
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 29 Jan 2023 21:15:40 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
x-vdch: Yes
cache-control: public, max-age=14400
x-oe: Y
x-oh: 5127
Content-Encoding: gzip
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4447
Expires: Sun, 29 Jan 2023 22:29:47 GMT
Date: Sun, 29 Jan 2023 21:15:40 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdf6aeac1-fd74-4724-86b5-f0e86d98c915.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdf6aeac1-fd74-4724-86b5-f0e86d98c915.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 43c4a8e963936a8064dbd2bd3c67b905
8508727c97127c98b886833af28b3470306216c2
070c29fe7c0a227029483d675eac863904ab6b291467acdf62167f4845699c21
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdf6aeac1-fd74-4724-86b5-f0e86d98c915.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8652
x-amzn-requestid: 21c734f0-cd73-4691-812e-7cd3908f8f89
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fRbH4HtPIAMFUGA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d07232-291e20fb41c53db7664d04b2;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 00:05:06 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: j2zDtHz3pZLHJKG3-PaITyUzHOQBEELzuDIt7sbB8X_B10OxG394tg==
via: 1.1 23206a1c229d8877bdd053c4b05f9d12.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 06:49:29 GMT
age: 51971
etag: "8508727c97127c98b886833af28b3470306216c2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg
34.120.237.76200 OK 4.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4205d8106659e00fff1cbe9262918b8c
ab4f6528594a1725934727dc7d834c028a79c609
31f1a28602a194bd0856495d4d81d5c72cd7ff4e5bad6bdd1a31ec3041f4a2cc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4475
x-amzn-requestid: b7b272d6-3089-4f33-89b5-5cb388640e10
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_e6HsaIAMF5Lg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d445f8-1789f7f4264270916da323db;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:45:28 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: hAzO-IMqc1CFpiBAlRl8seIYL9UonyrBMATibovyFq5kEuaweY_VyA==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Sat, 28 Jan 2023 21:56:46 GMT
age: 83934
etag: "ab4f6528594a1725934727dc7d834c028a79c609"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9a423a9-16ee-4e3f-b9b4-34f6a469aba9.jpeg
34.120.237.76200 OK 9.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9a423a9-16ee-4e3f-b9b4-34f6a469aba9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3be81f83687ddb6c93d3ff3c09a9dba2
50a48e737310d3f31840db4301b25927fbcc12c5
e78c909e2381898e7f546183784a05dff47c31734c95358aaada8c2777ad47be
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9a423a9-16ee-4e3f-b9b4-34f6a469aba9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9167
x-amzn-requestid: f644ca78-a07a-43d1-96e4-95bcdecff7fb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fPGLfFtOIAMFp7w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cf83e2-202ca7160544acd24259bd5d;Sampled=0
x-amzn-remapped-date: Tue, 24 Jan 2023 07:08:18 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: xRwqrWS66l4qJfg2HnGphN1dbrIUod9XKW3zTk_-Km9AQRPyV2UqWg==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 20:46:17 GMT
age: 1763
etag: "50a48e737310d3f31840db4301b25927fbcc12c5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8d4cfe7c-2bbe-4efd-b73a-59ea603c332f.jpeg
34.120.237.76200 OK 5.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8d4cfe7c-2bbe-4efd-b73a-59ea603c332f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4c77437e3a7361861aed8bfecbfe6bd6
fefd238c13c0fdfb7d964c90fcc8a8cbbf953034
282d15c443cb6232ae0a30046a0dc24360617355a4651cdba59b11e6f7313d8a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8d4cfe7c-2bbe-4efd-b73a-59ea603c332f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5594
x-amzn-requestid: a13a8181-5783-42c1-9fda-1fcf8db4f0f9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fVpetFv-oAMF_Kg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d222c4-68165b34525ca2a054f0b505;Sampled=0
x-amzn-remapped-date: Thu, 26 Jan 2023 06:50:44 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: rJbdYq3bZDatEVvC83VR5WiWOFwNwVZEB16ez21KdnQJJrgJ-yKPCg==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 14:55:48 GMT
age: 22792
etag: "fefd238c13c0fdfb7d964c90fcc8a8cbbf953034"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fce27f1aa-8d31-4110-a47f-73de0b95926d.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fce27f1aa-8d31-4110-a47f-73de0b95926d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 10a6491e2c1dfde68c7cd7297e70700f
d0f195319825a6d3e5e50ad15b2fcab27cb65896
4d9353d5874e5ea03c25e1562db5f479c222a48db526fdd10ede7c2e6a4dd874
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fce27f1aa-8d31-4110-a47f-73de0b95926d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11470
x-amzn-requestid: 62d61967-9380-4ca9-b11a-531425dbd2ae
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fIf6WFgAIAMF6gw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cce042-6d9fe51029094b7f37c0a648;Sampled=0
x-amzn-remapped-date: Sun, 22 Jan 2023 07:05:38 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: rUIvvkZQ028ey3klplI-x9oZFugon5HsAWT-SN2GQo5hBeBJWqoMAg==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 04:01:15 GMT
age: 62065
etag: "d0f195319825a6d3e5e50ad15b2fcab27cb65896"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F62d5a25c-3219-4061-b58b-b783bc3a37fb.jpeg
34.120.237.76200 OK 7.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F62d5a25c-3219-4061-b58b-b783bc3a37fb.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6af6f32397882f56d14d22348e44a9f1
5a626376807e7507fa3a204c4e4e9e44aa074a37
478f32e98c0a1f0d62fa337795ca88b7927e14b684b681f7629b648bc2d709a5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F62d5a25c-3219-4061-b58b-b783bc3a37fb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7417
x-amzn-requestid: 53032353-8613-49b0-944d-3742236cf50c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fYcMmFeQIAMF3Yw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d340b6-7fe2226327d90db014527c08;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 03:10:46 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: zd8cTO2N1JO-OK3hCDwVO8naClCsg0raJLboRFle-DPSKhR_7k8-Yg==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 981753271eb5b6d11bc29d52f173a5da.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 03:16:35 GMT
age: 64745
etag: "5a626376807e7507fa3a204c4e4e9e44aa074a37"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/SrfVchP6P8U
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/SrfVchP6P8U
IP 142.250.74.131:0
Hash 795f17a4efb2573fc585ba0a9588f99a
028c0c3aa8b4a8074a8f7be528327d35ee299b7e
84ab72e30738f6c2870d2785435469d42888484bc666b6d02569f2ce870c2728
POST /s/gts1p5/SrfVchP6P8U HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 21:15:40 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/s/gts1p5/SrfVchP6P8U
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/SrfVchP6P8U
IP 142.250.74.131:0
Hash 795f17a4efb2573fc585ba0a9588f99a
028c0c3aa8b4a8074a8f7be528327d35ee299b7e
84ab72e30738f6c2870d2785435469d42888484bc666b6d02569f2ce870c2728
POST /s/gts1p5/SrfVchP6P8U HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 21:15:40 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
coonandeg.xyz/ejhJMGcbWipdWBsFKxYSCFR0FVU8HXt2AxBOcAkUAlc4QBFLCWdTCxVNLVYVFVY9HgkfTGwCIQ1ZHX0dIG4iez88CA1qD0tZHwEPD28uYSYsVTlgMC95An4fEXccdiYoaHlAXzR6GFM2K24deCJDcBphIRFvG2YBOHwqfyMSbQh+EBV3CFsqTnwfdSgvYHFUNktPBmomQ10aVwAOf3gJMT57cGA1FnIQfiYgch5XDEt7C2klMwoxeCYCYhFRMjx9HlcUQ3oiYiYrfz1qPy9cCFFWEXsIABMKbAhyHyt/PWo1PFcFUlZKbwhzA0JvPn4rLwp4fSYyFQ9xBktUC2IyOEkCcS4+bQFUPT1QE2gGKw0eZSZOCh1xIUtue1w+O08HZQYsXx5xMS8de3YmP34ecR0jag9XIhBZD1sgMm4fFVU8cAgEJFxSOl8JCgUqBS8sQQZhKg9KfwYi
54.230.111.76200 OK 1.2 kB URL HTTP/2 coonandeg.xyz/ejhJMGcbWipdWBsFKxYSCFR0FVU8HXt2AxBOcAkUAlc4QBFLCWdTCxVNLVYVFVY9HgkfTGwCIQ1ZHX0dIG4iez88CA1qD0tZHwEPD28uYSYsVTlgMC95An4fEXccdiYoaHlAXzR6GFM2K24deCJDcBphIRFvG2YBOHwqfyMSbQh+EBV3CFsqTnwfdSgvYHFUNktPBmomQ10aVwAOf3gJMT57cGA1FnIQfiYgch5XDEt7C2klMwoxeCYCYhFRMjx9HlcUQ3oiYiYrfz1qPy9cCFFWEXsIABMKbAhyHyt/PWo1PFcFUlZKbwhzA0JvPn4rLwp4fSYyFQ9xBktUC2IyOEkCcS4+bQFUPT1QE2gGKw0eZSZOCh1xIUtue1w+O08HZQYsXx5xMS8de3YmP34ecR0jag9XIhBZD1sgMm4fFVU8cAgEJFxSOl8JCgUqBS8sQQZhKg9KfwYi
IP 54.230.111.76:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3043), with no line terminators
Hash 34cb9e112a0afacca2b98167cbbcddf0
fbe4836753a1a70f10ea2b138493a54ad21edc22
f200c5329e9769bc067f1a269be337c710375fcbfeb4c667346db21af1084ffb
GET /ejhJMGcbWipdWBsFKxYSCFR0FVU8HXt2AxBOcAkUAlc4QBFLCWdTCxVNLVYVFVY9HgkfTGwCIQ1ZHX0dIG4iez88CA1qD0tZHwEPD28uYSYsVTlgMC95An4fEXccdiYoaHlAXzR6GFM2K24deCJDcBphIRFvG2YBOHwqfyMSbQh+EBV3CFsqTnwfdSgvYHFUNktPBmomQ10aVwAOf3gJMT57cGA1FnIQfiYgch5XDEt7C2klMwoxeCYCYhFRMjx9HlcUQ3oiYiYrfz1qPy9cCFFWEXsIABMKbAhyHyt/PWo1PFcFUlZKbwhzA0JvPn4rLwp4fSYyFQ9xBktUC2IyOEkCcS4+bQFUPT1QE2gGKw0eZSZOCh1xIUtue1w+O08HZQYsXx5xMS8de3YmP34ecR0jag9XIhBZD1sgMm4fFVU8cAgEJFxSOl8JCgUqBS8sQQZhKg9KfwYi HTTP/1.1
Host: coonandeg.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1193
date: Sun, 29 Jan 2023 21:15:40 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: KUNAPIGCMVr64upWYX0yDfev0Bz8L0JYV4fA0aZgtihLBB-1CLzAGg==
X-Firefox-Spdy: h2
coonandeg.xyz/OFZLb21ZNCgCUllrKUkYSjp2Sl9+c3kpCVIgclYeQDk6HxsJZ2UMAVcjLwkfVzg/QQNdIm5dKw41e1pZXDggPiRqDxo9Cls4AyoZdwQlByFpA3I5J3klESkadiwbBVx0HBhfFWgUEj4vUTl6KgZXJxMIJHwQeCEkbRQePCR6bwc3FWExDF8ZcQAYVw5+ExknDHkhDCkFUCwDBx55HiEAJn8+cw4ifmIPKCgMPA0YGmkeMiY3bWY4XggJDAw3KH5zeS04eRMaJz5XDgo+HW8wDgg0fAARVz59MgE3NQ0yGTsZbzAOCC99FHpbOX4YACI6TB0ZCCt+MydCXH4ZejVVaxcaPztWZn49XVQREioFXg4OKUgKFAMXIFkRCCkJahJyLQtTOgw8OHJzeS0+bhgHPhRfBAktGm4fGi05aywdSl9+BQ4hNWlkLCE+CDFtBR5XODtSK3NkHQwkcjkoJz97PXIL
54.230.111.76200 OK 1.2 kB URL HTTP/2 coonandeg.xyz/OFZLb21ZNCgCUllrKUkYSjp2Sl9+c3kpCVIgclYeQDk6HxsJZ2UMAVcjLwkfVzg/QQNdIm5dKw41e1pZXDggPiRqDxo9Cls4AyoZdwQlByFpA3I5J3klESkadiwbBVx0HBhfFWgUEj4vUTl6KgZXJxMIJHwQeCEkbRQePCR6bwc3FWExDF8ZcQAYVw5+ExknDHkhDCkFUCwDBx55HiEAJn8+cw4ifmIPKCgMPA0YGmkeMiY3bWY4XggJDAw3KH5zeS04eRMaJz5XDgo+HW8wDgg0fAARVz59MgE3NQ0yGTsZbzAOCC99FHpbOX4YACI6TB0ZCCt+MydCXH4ZejVVaxcaPztWZn49XVQREioFXg4OKUgKFAMXIFkRCCkJahJyLQtTOgw8OHJzeS0+bhgHPhRfBAktGm4fGi05aywdSl9+BQ4hNWlkLCE+CDFtBR5XODtSK3NkHQwkcjkoJz97PXIL
IP 54.230.111.76:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3048), with no line terminators
Hash cd3dfccae39d448535553e4a704732c5
db020577218bb0c511f00cc448b4133e5b468515
02b74a0a7a2d9c999a8ed627e855b96330b680dac4716c3fcb27eb5be7d33ea0
GET /OFZLb21ZNCgCUllrKUkYSjp2Sl9+c3kpCVIgclYeQDk6HxsJZ2UMAVcjLwkfVzg/QQNdIm5dKw41e1pZXDggPiRqDxo9Cls4AyoZdwQlByFpA3I5J3klESkadiwbBVx0HBhfFWgUEj4vUTl6KgZXJxMIJHwQeCEkbRQePCR6bwc3FWExDF8ZcQAYVw5+ExknDHkhDCkFUCwDBx55HiEAJn8+cw4ifmIPKCgMPA0YGmkeMiY3bWY4XggJDAw3KH5zeS04eRMaJz5XDgo+HW8wDgg0fAARVz59MgE3NQ0yGTsZbzAOCC99FHpbOX4YACI6TB0ZCCt+MydCXH4ZejVVaxcaPztWZn49XVQREioFXg4OKUgKFAMXIFkRCCkJahJyLQtTOgw8OHJzeS0+bhgHPhRfBAktGm4fGi05aywdSl9+BQ4hNWlkLCE+CDFtBR5XODtSK3NkHQwkcjkoJz97PXIL HTTP/1.1
Host: coonandeg.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1199
date: Sun, 29 Jan 2023 21:15:40 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Q_qGBNYii_JIC-2YW8ZpEavCFEQmRgYoxMtrLjqL7MmOFeH7fCII5g==
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/SrfVchP6P8U
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/SrfVchP6P8U
IP 142.250.74.131:0
Hash 795f17a4efb2573fc585ba0a9588f99a
028c0c3aa8b4a8074a8f7be528327d35ee299b7e
84ab72e30738f6c2870d2785435469d42888484bc666b6d02569f2ce870c2728
POST /s/gts1p5/SrfVchP6P8U HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 21:15:40 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
coonandeg.xyz/SlJ6V0crMBk6eCtvGHEyOD5HcnUMd0gRIyAkQ240Mj0LJzF7Y1Q0KyUnHjE1JTwOeSkvJl9lAR0HPTx1ED4/LQUmNTs1LhsTLzszJwtLYwEcBShlBnoHMAc+CAcoMC8jHAIVKQEWMw0NMhMpHD0YBzg8BnMfKzMVHWEZZgV7BBgODxMbLzAVOQg/bgMIYA1uBSElKgcTPRs/ZhYSCC80ABtgNDAWHxcqBz0bFSsFEXoLFjseDzwoPhAbNi0xdQgfOAQVegsWOwUOKEM6HxgcLBJ0HDA4P3IkCD8gAQAaKD4QHwMrMwAHPThmHSE0FjwhG2A0MAMmfzcRCCBrNxUECDgjESANBBcVIB0QNAIeHgs7BQYHYSovAh4EODMvHQM0Hh4SCxkUdil0ECQoJCJHJyl5NQMGCSkbNA
54.230.111.76200 OK 1.2 kB URL HTTP/2 coonandeg.xyz/SlJ6V0crMBk6eCtvGHEyOD5HcnUMd0gRIyAkQ240Mj0LJzF7Y1Q0KyUnHjE1JTwOeSkvJl9lAR0HPTx1ED4/LQUmNTs1LhsTLzszJwtLYwEcBShlBnoHMAc+CAcoMC8jHAIVKQEWMw0NMhMpHD0YBzg8BnMfKzMVHWEZZgV7BBgODxMbLzAVOQg/bgMIYA1uBSElKgcTPRs/ZhYSCC80ABtgNDAWHxcqBz0bFSsFEXoLFjseDzwoPhAbNi0xdQgfOAQVegsWOwUOKEM6HxgcLBJ0HDA4P3IkCD8gAQAaKD4QHwMrMwAHPThmHSE0FjwhG2A0MAMmfzcRCCBrNxUECDgjESANBBcVIB0QNAIeHgs7BQYHYSovAh4EODMvHQM0Hh4SCxkUdil0ECQoJCJHJyl5NQMGCSkbNA
IP 54.230.111.76:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3015), with no line terminators
Hash ea2a8e24f5531dbfcf77376da45cc65d
1ff9b43ef3bce964bfdf02373dd42c846b4cd0f5
afe0b5f09c815befc8116048d7b12e773ecf239ebd0ad60917e06ab3de414327
GET /SlJ6V0crMBk6eCtvGHEyOD5HcnUMd0gRIyAkQ240Mj0LJzF7Y1Q0KyUnHjE1JTwOeSkvJl9lAR0HPTx1ED4/LQUmNTs1LhsTLzszJwtLYwEcBShlBnoHMAc+CAcoMC8jHAIVKQEWMw0NMhMpHD0YBzg8BnMfKzMVHWEZZgV7BBgODxMbLzAVOQg/bgMIYA1uBSElKgcTPRs/ZhYSCC80ABtgNDAWHxcqBz0bFSsFEXoLFjseDzwoPhAbNi0xdQgfOAQVegsWOwUOKEM6HxgcLBJ0HDA4P3IkCD8gAQAaKD4QHwMrMwAHPThmHSE0FjwhG2A0MAMmfzcRCCBrNxUECDgjESANBBcVIB0QNAIeHgs7BQYHYSovAh4EODMvHQM0Hh4SCxkUdil0ECQoJCJHJyl5NQMGCSkbNA HTTP/1.1
Host: coonandeg.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1169
date: Sun, 29 Jan 2023 21:15:40 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: cAsnP42WEFGQ4W-srPr9Oxi-zoPi0HZFxOs89mMXQ-Fq4a7VRxqJIA==
X-Firefox-Spdy: h2
reerfdfgourgo.xyz/dGlRd25bVjIEUxdbPg8MMA0TLy8YCBAcJCAqByYsJ1gcNTYDCncDBxBUZkRZR1piUR4dDWxGSAcdMAMbB1RgUQcaDz5KSAJUYFldQEdiRkBGTyRKX1IdIRYJSVh3BxoABWxGWENcYUVYTV1oQ1hE
172.67.166.141204 No Content 0 B URL HTTP/2 reerfdfgourgo.xyz/dGlRd25bVjIEUxdbPg8MMA0TLy8YCBAcJCAqByYsJ1gcNTYDCncDBxBUZkRZR1piUR4dDWxGSAcdMAMbB1RgUQcaDz5KSAJUYFldQEdiRkBGTyRKX1IdIRYJSVh3BxoABWxGWENcYUVYTV1oQ1hE
IP 172.67.166.141:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /dGlRd25bVjIEUxdbPg8MMA0TLy8YCBAcJCAqByYsJ1gcNTYDCncDBxBUZkRZR1piUR4dDWxGSAcdMAMbB1RgUQcaDz5KSAJUYFldQEdiRkBGTyRKX1IdIRYJSVh3BxoABWxGWENcYUVYTV1oQ1hE HTTP/1.1
Host: reerfdfgourgo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sun, 29 Jan 2023 21:15:40 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wF3euDEMJ2bG550xG0OHvVOc8huoUgWZk2zUdDZ6MO2sJXW89bRdLSzU0vrb0VIArWgJKnTbCMUSAa2%2BHl%2BebizFr7Q3IxLkBDi%2Bk1oMdR78eJ2COBjHUx%2Bd5AUDc9FKnUyA4Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7914fc0aadeb1c0a-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
reerfdfgourgo.xyz/MDlYcFMfBjsDblILbTQdaH8BJ2B5ewk2YlVaGTYZZ39pQBJbYH4EOlQEb0NkAwptViNZXWVBaxZKLBEnRUplQXVZVz4fbhZPZUF9ABdqXmEWTGVBdURJORduAR8oBCdcBGlGZAUJakZqBABsSGM
172.67.166.141204 No Content 0 B URL HTTP/2 reerfdfgourgo.xyz/MDlYcFMfBjsDblILbTQdaH8BJ2B5ewk2YlVaGTYZZ39pQBJbYH4EOlQEb0NkAwptViNZXWVBaxZKLBEnRUplQXVZVz4fbhZPZUF9ABdqXmEWTGVBdURJORduAR8oBCdcBGlGZAUJakZqBABsSGM
IP 172.67.166.141:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /MDlYcFMfBjsDblILbTQdaH8BJ2B5ewk2YlVaGTYZZ39pQBJbYH4EOlQEb0NkAwptViNZXWVBaxZKLBEnRUplQXVZVz4fbhZPZUF9ABdqXmEWTGVBdURJORduAR8oBCdcBGlGZAUJakZqBABsSGM HTTP/1.1
Host: reerfdfgourgo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sun, 29 Jan 2023 21:15:40 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FFhV1guk7GMn4Kqxa650q%2BaxXkHmCT4kUZnsZHDi3YXABjpOopxr9TbkP7TI2DhdqFUf1AfymCqSd%2FgQwUk2fnMrNAGjfpIFXOtGPDbph3%2F5cDUr1aHqOPJkQQwntF2%2Fs1R%2BzQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7914fc0abe0c1c0a-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
reerfdfgourgo.xyz/dW9RMVZaUDJCazs5PWIFRjYfUxE3SmNzByQlPmsOPykTAzofCRAXIhwLbAZjQ1xmB3AFBjUMZExJIkU3ARoiDGdTBj9XOUhJJwxnW19/B2ZbXndEa0RJJUE3ElJgFyYBGz0MZ0NYZAFkQ1ZlCGJCXA
172.67.166.141204 No Content 0 B URL HTTP/2 reerfdfgourgo.xyz/dW9RMVZaUDJCazs5PWIFRjYfUxE3SmNzByQlPmsOPykTAzofCRAXIhwLbAZjQ1xmB3AFBjUMZExJIkU3ARoiDGdTBj9XOUhJJwxnW19/B2ZbXndEa0RJJUE3ElJgFyYBGz0MZ0NYZAFkQ1ZlCGJCXA
IP 172.67.166.141:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /dW9RMVZaUDJCazs5PWIFRjYfUxE3SmNzByQlPmsOPykTAzofCRAXIhwLbAZjQ1xmB3AFBjUMZExJIkU3ARoiDGdTBj9XOUhJJwxnW19/B2ZbXndEa0RJJUE3ElJgFyYBGz0MZ0NYZAFkQ1ZlCGJCXA HTTP/1.1
Host: reerfdfgourgo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sun, 29 Jan 2023 21:15:40 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Mhk4dTZXlFZqbPcYuptRCsKFS8b4BQN%2FCawTPMpERXr5MUeKHcwgTlbU3JgqnyKXhjkNXG%2Bgun74K49iBI5OBAj3F8dea4wiGCMpArJ9mLjbPXLzV%2FQ8vooT0WJ78mrF2nBH8w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7914fc0ade291c0a-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/SrfVchP6P8U
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/SrfVchP6P8U
IP 142.250.74.131:0
Hash 795f17a4efb2573fc585ba0a9588f99a
028c0c3aa8b4a8074a8f7be528327d35ee299b7e
84ab72e30738f6c2870d2785435469d42888484bc666b6d02569f2ce870c2728
POST /s/gts1p5/SrfVchP6P8U HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 21:15:40 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash d9e25f7284d6b83ca2c3d7a30f349ddc
1a96b66ecfbc849812dfde56fb7333a31d38b1b7
951479b869a303a3a9999106ddea5db252042dcb3bfa43eea24fb6f79b9ebf23
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "951479B869A303A3A9999106DDEA5DB252042DCB3BFA43EEA24FB6F79B9EBF23"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5431
Expires: Sun, 29 Jan 2023 22:46:11 GMT
Date: Sun, 29 Jan 2023 21:15:40 GMT
Connection: keep-alive
djv99sxoqpv11.cloudfront.net/6c054dnkQIRYQRgcnHEtORnhLQU9VJAsZFwNzPj1LJS0xPBYQBio1EkoqXgIDF3NIUBUSIB9LXxYgG0tIVS8cFERHaAwGFhhzHhsAHjoKGh8aOF4DGE4jFwwQHyIZU0s1e1ZGXEF+UAEQHSoXAQpWfEgYDVZ8SEdJXX5dRTtWfEgBEB14TFNKMWtKRgFFel-1FO1Z8SAQPVn05R0lGYEhfXEF+HxMaGCFdRD9BfklGSUJ+SVNLQygRBBwVIQBTSzV/SENXQ2gNS0g
54.230.245.37200 OK 452 B URL HTTP/2 djv99sxoqpv11.cloudfront.net/6c054dnkQIRYQRgcnHEtORnhLQU9VJAsZFwNzPj1LJS0xPBYQBio1EkoqXgIDF3NIUBUSIB9LXxYgG0tIVS8cFERHaAwGFhhzHhsAHjoKGh8aOF4DGE4jFwwQHyIZU0s1e1ZGXEF+UAEQHSoXAQpWfEgYDVZ8SEdJXX5dRTtWfEgBEB14TFNKMWtKRgFFel-1FO1Z8SAQPVn05R0lGYEhfXEF+HxMaGCFdRD9BfklGSUJ+SVNLQygRBBwVIQBTSzV/SENXQ2gNS0g
IP 54.230.245.37:0
File type ASCII text, with very long lines (591), with no line terminators
Hash 08a85e8e154e020069cbbc64d40c1183
100dbc03e531cc50e92561aa2d1492a054630781
95a566c5b042a07dfb14e18af834079804c395ed6a15c2d9d3fa36b4c322887c
Analyzer Verdict Alert fortinet Malware
GET /6c054dnkQIRYQRgcnHEtORnhLQU9VJAsZFwNzPj1LJS0xPBYQBio1EkoqXgIDF3NIUBUSIB9LXxYgG0tIVS8cFERHaAwGFhhzHhsAHjoKGh8aOF4DGE4jFwwQHyIZU0s1e1ZGXEF+UAEQHSoXAQpWfEgYDVZ8SEdJXX5dRTtWfEgBEB14TFNKMWtKRgFFel-1FO1Z8SAQPVn05R0lGYEhfXEF+HxMaGCFdRD9BfklGSUJ+SVNLQygRBBwVIQBTSzV/SENXQ2gNS0g HTTP/1.1
Host: djv99sxoqpv11.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://coonandeg.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 452
date: Sun, 29 Jan 2023 21:15:40 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 7DI8mKBbWrbM5bV5CV6GxeqbCZXSh2ebOv6hiUI75Vl3J3nbDtyqyA==
X-Firefox-Spdy: h2
djv99sxoqpv11.cloudfront.net/waTMzZVkKXF0DZh1aV1huWgQAVmpPWUAKNxkOUFARP0p8NBQcQQVTHE9HSQFkWRVfBDcODhUANwoOAkM4DVEOUX8dQ1wOZA9eSggtG19VDC9PRlJYNAZJWgk1CBYBI2xHAxZXaUFEWgs9BkRAQGtZXUdAa1kCA0tpTABxQGtZRFoLb10WACd8WwNLU21MAH-FAa1lBRUBqKAIDUHdZGhZXaQ5WUA42TAF1V2lYAwNUaVgWAVU/AEFWAzYRFgEjaFkGHVV/HA4C
54.230.245.37200 OK 540 B URL HTTP/2 djv99sxoqpv11.cloudfront.net/waTMzZVkKXF0DZh1aV1huWgQAVmpPWUAKNxkOUFARP0p8NBQcQQVTHE9HSQFkWRVfBDcODhUANwoOAkM4DVEOUX8dQ1wOZA9eSggtG19VDC9PRlJYNAZJWgk1CBYBI2xHAxZXaUFEWgs9BkRAQGtZXUdAa1kCA0tpTABxQGtZRFoLb10WACd8WwNLU21MAH-FAa1lBRUBqKAIDUHdZGhZXaQ5WUA42TAF1V2lYAwNUaVgWAVU/AEFWAzYRFgEjaFkGHVV/HA4C
IP 54.230.245.37:0
File type ASCII text, with very long lines (757), with no line terminators
Hash da1921b58cddb474edec3910a38010da
6151e88e609fedc1bacef458ab9a0b47f01b4201
0e244b0da333895085a6ed017d4f9481eb80e544dbaf29476f9893c707f54286
Analyzer Verdict Alert fortinet Malware
GET /waTMzZVkKXF0DZh1aV1huWgQAVmpPWUAKNxkOUFARP0p8NBQcQQVTHE9HSQFkWRVfBDcODhUANwoOAkM4DVEOUX8dQ1wOZA9eSggtG19VDC9PRlJYNAZJWgk1CBYBI2xHAxZXaUFEWgs9BkRAQGtZXUdAa1kCA0tpTABxQGtZRFoLb10WACd8WwNLU21MAH-FAa1lBRUBqKAIDUHdZGhZXaQ5WUA42TAF1V2lYAwNUaVgWAVU/AEFWAzYRFgEjaFkGHVV/HA4C HTTP/1.1
Host: djv99sxoqpv11.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://coonandeg.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 540
date: Sun, 29 Jan 2023 21:15:40 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Y_prNvzUd71f42eGz5WBkzApi8yoCRveSAE_N1W2syykXCBTM8FzOw==
X-Firefox-Spdy: h2
djv99sxoqpv11.cloudfront.net/WUGk2ZlEzBlgAbiQAUltmY14FVWR2A0UJPyBURghiNxBnKDIZJxASKzRUBkA9MQdRW3c1B1VbYHYIUgRsZE9DB2w9BkwPPTwIE1QXZUcGQ2NgQUEPPzQGQRV0YllYEnRiWQdWf2BMBSR0YllBDz9mXRNVE3VbBh5nZEwFJHRiWUQQdGMoB1ZkflkfQ2NgDl-MFOj9MBCBjYFgGVmBgWBNUYTYARAM3PxETVBdhWQNIYXYcC1c
54.230.245.37200 OK 187 B URL HTTP/2 djv99sxoqpv11.cloudfront.net/WUGk2ZlEzBlgAbiQAUltmY14FVWR2A0UJPyBURghiNxBnKDIZJxASKzRUBkA9MQdRW3c1B1VbYHYIUgRsZE9DB2w9BkwPPTwIE1QXZUcGQ2NgQUEPPzQGQRV0YllYEnRiWQdWf2BMBSR0YllBDz9mXRNVE3VbBh5nZEwFJHRiWUQQdGMoB1ZkflkfQ2NgDl-MFOj9MBCBjYFgGVmBgWBNUYTYARAM3PxETVBdhWQNIYXYcC1c
IP 54.230.245.37:0
File type ASCII text, with no line terminators
Hash 5c7c25fa45034842ae757b0845346455
256a78351ad4ea857542d369f43df4df9ff2444b
ab6c0d47e85424a0551ffd38eb399394dc7232a0d91f01664675bb5c84f11393
Analyzer Verdict Alert fortinet Malware
GET /WUGk2ZlEzBlgAbiQAUltmY14FVWR2A0UJPyBURghiNxBnKDIZJxASKzRUBkA9MQdRW3c1B1VbYHYIUgRsZE9DB2w9BkwPPTwIE1QXZUcGQ2NgQUEPPzQGQRV0YllYEnRiWQdWf2BMBSR0YllBDz9mXRNVE3VbBh5nZEwFJHRiWUQQdGMoB1ZkflkfQ2NgDl-MFOj9MBCBjYFgGVmBgWBNUYTYARAM3PxETVBdhWQNIYXYcC1c HTTP/1.1
Host: djv99sxoqpv11.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://coonandeg.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 187
date: Sun, 29 Jan 2023 21:15:40 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Zh-w33OFVRpMi0DDvkWV2_Stb_rgchGdbYzo8eAMdGInP1Aj_nOp0g==
X-Firefox-Spdy: h2
policityseriod.info/eFBHVHgDcjQjJw0iK3ZCWjgzIAgLamh7GhkpIT0UHSNpNxcVfzQjVhIjZXhaCz0hdkJJfGUgGR8PLjBaQnJwZ09LYnF2VFojMjYnETR1dkJaMiVkGx1pJDJVSGUhNVVMM3NhVUFocWVVTmchbUwZZ3I3SR4zZSk
103.224.212.220302 Found 0 B URL HTTP/1.1 policityseriod.info/eFBHVHgDcjQjJw0iK3ZCWjgzIAgLamh7GhkpIT0UHSNpNxcVfzQjVhIjZXhaCz0hdkJJfGUgGR8PLjBaQnJwZ09LYnF2VFojMjYnETR1dkJaMiVkGx1pJDJVSGUhNVVMM3NhVUFocWVVTmchbUwZZ3I3SR4zZSk
IP 103.224.212.220:0
ASN #133618 Trellian Pty. Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
GET /eFBHVHgDcjQjJw0iK3ZCWjgzIAgLamh7GhkpIT0UHSNpNxcVfzQjVhIjZXhaCz0hdkJJfGUgGR8PLjBaQnJwZ09LYnF2VFojMjYnETR1dkJaMiVkGx1pJDJVSGUhNVVMM3NhVUFocWVVTmchbUwZZ3I3SR4zZSk HTTP/1.1
Host: policityseriod.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
date: Sun, 29 Jan 2023 21:15:40 GMT
server: Apache/2.4.38 (Debian)
set-cookie: __tad=1675026940.1738607; expires=Wed, 26-Jan-2033 21:15:40 GMT; Max-Age=315360000
location: http://ww25.policityseriod.info/eFBHVHgDcjQjJw0iK3ZCWjgzIAgLamh7GhkpIT0UHSNpNxcVfzQjVhIjZXhaCz0hdkJJfGUgGR8PLjBaQnJwZ09LYnF2VFojMjYnETR1dkJaMiVkGx1pJDJVSGUhNVVMM3NhVUFocWVVTmchbUwZZ3I3SR4zZSk?subid1=20230130-0815-4052-aa8d-529b73f146dd
content-length: 0
content-type: text/html; charset=UTF-8
connection: close
bayfiles.com/img/flags/24/no.png
45.154.253.152200 OK 611 B URL HTTP/1.1 bayfiles.com/img/flags/24/no.png
IP 45.154.253.152:0
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash f14ac70aa6dd4d371671c0e6d7cba4e3
1139e3acd6e073bffb59157cbc10af72ed757218
9a4473862ea2b9bd1c5e1543900416e693b33516cae53fde32e1c3a83d3382e4
GET /img/flags/24/no.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/mdo3ddcbyf
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 29 Jan 2023 21:15:41 GMT
Content-Type: image/png
Content-Length: 611
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 2196
accept-ranges: bytes
bayfiles.com/img/flags/24/in.png
45.154.253.152200 OK 593 B URL HTTP/1.1 bayfiles.com/img/flags/24/in.png
IP 45.154.253.152:0
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash ccaf96cfc341dc9a17e24b96bef223ff
8791d6db6628e0fb21b847ab94484f0c615e38ac
728e008d94e2e3bae2679d50a051562f1ccce1fd604196c7880a3d96f3070354
GET /img/flags/24/in.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/mdo3ddcbyf
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 29 Jan 2023 21:15:41 GMT
Content-Type: image/png
Content-Length: 593
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 2222
accept-ranges: bytes
bayfiles.com/img/flags/24/se.png
45.154.253.152200 OK 581 B URL HTTP/1.1 bayfiles.com/img/flags/24/se.png
IP 45.154.253.152:0
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash c9b1e40987c4411b4a7d13c07a8843aa
cfce93be3ba77e4e30033d25e2e5c6a37da1b27d
8c04b3b52d605637bb4c6a26449c45e5320a3f33f14e8c737ce599433bc19f14
GET /img/flags/24/se.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/mdo3ddcbyf
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 29 Jan 2023 21:15:41 GMT
Content-Type: image/png
Content-Length: 581
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 2179
accept-ranges: bytes
bayfiles.com/img/flags/24/pl.png
45.154.253.152200 OK 347 B URL HTTP/1.1 bayfiles.com/img/flags/24/pl.png
IP 45.154.253.152:0
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash baf3aff7caef0be58f29b41f20a0e4db
11c840dfa1f1bd22a04aa1fa53fcac95f381b9a6
0a3a8803b7a137166a04369522ec2b31513dcd4c07e2120107c55d9a7f7b646f
GET /img/flags/24/pl.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/mdo3ddcbyf
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 29 Jan 2023 21:15:41 GMT
Content-Type: image/png
Content-Length: 347
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 1426
accept-ranges: bytes
bayfiles.com/img/flags/24/es.png
45.154.253.152200 OK 666 B URL HTTP/1.1 bayfiles.com/img/flags/24/es.png
IP 45.154.253.152:0
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash 5fa381a8eb16d9e673d32980e7fd1710
fc29fbbebe97109ef1d16a0d4a65637d6b725ac8
7b6f223153c8eda1b541326f9cd66aeb53a28801c58c4de751fd2f9f6f1d96ff
GET /img/flags/24/es.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/mdo3ddcbyf
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 29 Jan 2023 21:15:41 GMT
Content-Type: image/png
Content-Length: 666
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 1355
accept-ranges: bytes
policityseriod.info/
103.224.212.220302 Found 35 B IP 103.224.212.220:0
ASN #133618 Trellian Pty. Limited
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Analyzer Verdict Alert fortinet Malware
POST / HTTP/1.1
Host: policityseriod.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 388
Origin: https://bayfiles.com
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
date: Sun, 29 Jan 2023 21:15:41 GMT
server: Apache/2.4.38 (Debian)
set-cookie: __tad=1675026941.8279516; expires=Wed, 26-Jan-2033 21:15:41 GMT; Max-Age=315360000
location: http://ww25.policityseriod.info/?subid1=20230130-0815-41f2-b0e6-63339fc36fc6
content-length: 0
content-type: text/html; charset=UTF-8
connection: close
bayfiles.com/static/logo.png
45.154.253.152200 OK 39 kB URL HTTP/1.1 bayfiles.com/static/logo.png
IP 45.154.253.152:0
ASN #41634 Svea Hosting AB
File type PNG image data, 292 x 251, 8-bit/color RGBA, non-interlaced\012- data
Hash d39dfc9566d5264e198224dc249dd6bb
67ec60e7df6257a32f41e45e6877dc65f036ef0f
0b959f7dd25865a8a0636b6bb81d523c07fb03f76905313b9b8d677ae294b25a
GET /static/logo.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/mdo3ddcbyf
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 29 Jan 2023 21:15:41 GMT
Content-Type: image/png
Content-Length: 38607
Connection: keep-alive
last-modified: Wed, 16 Nov 2022 12:55:21 GMT
etag: "6374ddb9-96cf"
bayfiles.com/img/flags/24/us.png
45.154.253.152200 OK 656 B URL HTTP/1.1 bayfiles.com/img/flags/24/us.png
IP 45.154.253.152:0
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash ae506a6c014bfeb8d8cbfdfbe94c14c9
f4e74440c4e79e71959b9b8f799f2e8a7e15b7ee
bc6dd978e70894c8a0148e6806f4fde9566ee59349adb03c02a61a3b2e25b6f1
GET /img/flags/24/us.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/mdo3ddcbyf
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 29 Jan 2023 21:15:42 GMT
Content-Type: image/png
Content-Length: 656
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 2211
accept-ranges: bytes
bayfiles.com/img/flags/24/fr.png
45.154.253.152200 OK 536 B URL HTTP/1.1 bayfiles.com/img/flags/24/fr.png
IP 45.154.253.152:0
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash e81efecf1a1b1d3a17d00a904c5cc3c9
1203894dbfc8363302dc709d852c05a4dd8bf9dc
54df4beda3ad05d5c621511ff15b2882588ff457e36132035d5f21fb29f2a750
GET /img/flags/24/fr.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/mdo3ddcbyf
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 29 Jan 2023 21:15:42 GMT
Content-Type: image/png
Content-Length: 536
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 1696
accept-ranges: bytes
bayfiles.com/img/flags/24/kr.png
45.154.253.152200 OK 988 B URL HTTP/1.1 bayfiles.com/img/flags/24/kr.png
IP 45.154.253.152:0
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash cb22f00511d088a71e84f8c1c864caed
6599812ed106bda6017487287e12bc836570649f
09a03e08c73db3d8fb50241f004b69d673ec8ea90a6ca7252d66ce821d0b6db1
GET /img/flags/24/kr.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/mdo3ddcbyf
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 29 Jan 2023 21:15:42 GMT
Content-Type: image/png
Content-Length: 988
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 2197
accept-ranges: bytes
bayfiles.com/img/flags/24/br.png
45.154.253.152200 OK 1.1 kB URL HTTP/1.1 bayfiles.com/img/flags/24/br.png
IP 45.154.253.152:0
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash 6a5938d2e7f7d6f4026d6eb1b4b4f2cd
7a038177fe4deec455d61d3e9c90019fa4727d40
0ab6c46e677fa7e49b6344fcde39c06ff6c014d9163571cdb36f8b5fc59c17eb
GET /img/flags/24/br.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/mdo3ddcbyf
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 29 Jan 2023 21:15:43 GMT
Content-Type: image/png
Content-Length: 1115
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 1676
accept-ranges: bytes
bayfiles.com/img/flags/24/de.png
45.154.253.152200 OK 483 B URL HTTP/1.1 bayfiles.com/img/flags/24/de.png
IP 45.154.253.152:0
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash 9f8cc07c258bcd2de0c7900861e20ffc
fed97219e44693d4f3918fc4037b325732225d81
07cd5a4cad20604f77dced9c7d8a92ca9ae3321718e5a1935296e4d75f921a19
GET /img/flags/24/de.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/mdo3ddcbyf
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 29 Jan 2023 21:15:43 GMT
Content-Type: image/png
Content-Length: 483
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 2188
accept-ranges: bytes
bayfiles.com/img/flags/24/ru.png
45.154.253.152200 OK 403 B URL HTTP/1.1 bayfiles.com/img/flags/24/ru.png
IP 45.154.253.152:0
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash d8df89b036e6afb48f72d2440831bad0
04abb4b29dae9c6f1ac0f1d8a507aabe26a3be35
2db4b55326c0ef7cd3caf53e835ae1f38629da1d1c2f5a127e0785165b16078c
GET /img/flags/24/ru.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/mdo3ddcbyf
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 29 Jan 2023 21:15:43 GMT
Content-Type: image/png
Content-Length: 403
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 2214
accept-ranges: bytes
bayfiles.com/img/flags/24/dk.png
45.154.253.152200 OK 537 B URL HTTP/1.1 bayfiles.com/img/flags/24/dk.png
IP 45.154.253.152:0
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash b6ebe55a7d176720cd2b1003298187a8
930858408b9af1f79c430bbe15c185db555a7815
07575cf7a8d7d2b8edfbea80f8e8a228ecc56a03a567bc60c0ef4dc6ac0f328a
GET /img/flags/24/dk.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/mdo3ddcbyf
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 29 Jan 2023 21:15:43 GMT
Content-Type: image/png
Content-Length: 537
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 1449
accept-ranges: bytes
bayfiles.com/img/flags/24/fi.png
45.154.253.152200 OK 456 B URL HTTP/1.1 bayfiles.com/img/flags/24/fi.png
IP 45.154.253.152:0
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash 0ea9115d18d5210d4f1db520881faa3a
09829c2b7b5e4bae28d62b1dff90220f28c3bdf5
544fee9d1bff8bc83865ab87538924de207ebe4848787496c7308b91b539b6da
GET /img/flags/24/fi.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/mdo3ddcbyf
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 29 Jan 2023 21:15:43 GMT
Content-Type: image/png
Content-Length: 456
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 1386
accept-ranges: bytes
bayfiles.com/img/flags/24/jp.png
45.154.253.152200 OK 599 B URL HTTP/1.1 bayfiles.com/img/flags/24/jp.png
IP 45.154.253.152:0
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash 857f6f0e0886a3729b758b7241e42e61
a7be973a93c6ad51cf07a9f21a5dd72cc3e15680
8e7b1cd46120293756d1f21bac4de809d2895c7c26dc7586e3e2a09a0f7c1d64
GET /img/flags/24/jp.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/mdo3ddcbyf
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 29 Jan 2023 21:15:43 GMT
Content-Type: image/png
Content-Length: 599
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 1655
accept-ranges: bytes
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 14681339fc16ac120967600c85c37d96
589ed56dc45067e35e26a667ad3d9a12d0f61884
c7a020eb97f372e9325a03c89aa4d97d023f8583ea94af56ae1ffc2363ab8547
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3370
Cache-Control: max-age=102586
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 21:15:43 GMT
Etag: "63d5c28f-1d7"
Expires: Tue, 31 Jan 2023 01:45:29 GMT
Last-Modified: Sun, 29 Jan 2023 00:49:19 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 4832b523537a23be2360a60f80b19115
67c7281621269de7f8c1b6c4aecef7eb19f04bfe
8282b65e611998c30f7a9fbace9effbd192d3792dcdd1ade71f1f23032d7a434
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 21:15:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 4832b523537a23be2360a60f80b19115
67c7281621269de7f8c1b6c4aecef7eb19f04bfe
8282b65e611998c30f7a9fbace9effbd192d3792dcdd1ade71f1f23032d7a434
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 21:15:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
95.101.11.115200 OK 346 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 7241647da541f672b155263e9b22eff1
bc41fc4d6497d154ed4d4fe9d079357bbe1028c6
a69c539a138bc99adf7b08838da4b139aa59d58ce81651504993e80996620d97
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "A69C539A138BC99ADF7B08838DA4B139AA59D58CE81651504993E80996620D97"
Last-Modified: Sat, 28 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13937
Expires: Mon, 30 Jan 2023 01:08:00 GMT
Date: Sun, 29 Jan 2023 21:15:43 GMT
Connection: keep-alive
e1.o.lencr.org/
95.101.11.115200 OK 346 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 7241647da541f672b155263e9b22eff1
bc41fc4d6497d154ed4d4fe9d079357bbe1028c6
a69c539a138bc99adf7b08838da4b139aa59d58ce81651504993e80996620d97
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "A69C539A138BC99ADF7B08838DA4B139AA59D58CE81651504993E80996620D97"
Last-Modified: Sat, 28 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13937
Expires: Mon, 30 Jan 2023 01:08:00 GMT
Date: Sun, 29 Jan 2023 21:15:43 GMT
Connection: keep-alive
coonandeg.xyz/utx?cb=h9rQYGkRUx6B&top=bayfiles.com&tid=737333
54.230.111.76204 No Content 0 B URL HTTP/2 coonandeg.xyz/utx?cb=h9rQYGkRUx6B&top=bayfiles.com&tid=737333
IP 54.230.111.76:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=h9rQYGkRUx6B&top=bayfiles.com&tid=737333 HTTP/1.1
Host: coonandeg.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bayfiles.com
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sun, 29 Jan 2023 21:15:43 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://bayfiles.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sun, 29 Jan 2023 21:16:43 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: l3YROeKafJP7LFBGErZRE6k-jOj-CumWwwlJ4pweDBCH06ObT8UBmA==
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
142.250.74.109302 Found 397 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP 142.250.74.109:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (384)
Hash c41da209e55afe2731c0b26672462117
7bd86d5776e3a372a9958c77685345416d3896f2
4298ca3846a47db06f68b06a6a9d1ad1bb20996f459407d6d4f498a624fbfb8e
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 29 Jan 2023 21:15:43 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-402524556%3A1675026943835289&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHcf6CSSDTvvNO4lWNfNJ-q-Uqfx6etugV70lLBaCgf-Gkzeuee8f1Mhv7ZAmk3Cn5BxikBHXw
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-UWD-kw0MptPM5QgQ95LVzQ' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 397
server: GSE
set-cookie: __Host-GAPS=1:SQwWKvsbvfgY_ofFR6QTy5jzpQqKXA:d-xszyhJc3fYVb-H;Path=/;Expires=Tue, 28-Jan-2025 21:15:43 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
coonandeg.xyz/utx?cb=f4pzjYWMBalc&top=bayfiles.com&tid=756376
54.230.111.76204 No Content 0 B URL HTTP/2 coonandeg.xyz/utx?cb=f4pzjYWMBalc&top=bayfiles.com&tid=756376
IP 54.230.111.76:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=f4pzjYWMBalc&top=bayfiles.com&tid=756376 HTTP/1.1
Host: coonandeg.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bayfiles.com
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sun, 29 Jan 2023 21:15:43 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://bayfiles.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sun, 29 Jan 2023 21:16:43 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: -LGG18MZWTL1qLTvv73frSGMOsF7zQP5Fgt74mDQbwtpu-eUgqd4-g==
X-Firefox-Spdy: h2
coonandeg.xyz/multi?cs=eVFjWG5BZFFtWU5gVGFdS2FSbw&abt=0&red=1&sm=76&k=&v=1.0.60.1&sts=0&prn=0&emb=0&tid=756376&rxy=1280_1024&fs=1&ref=https%3A%2F%2Fbayfiles.com%2Fmdo3ddcbyf&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&_ZmI3=1675026950135&crc=1
54.230.111.76200 OK 1.6 kB URL HTTP/2 coonandeg.xyz/multi?cs=eVFjWG5BZFFtWU5gVGFdS2FSbw&abt=0&red=1&sm=76&k=&v=1.0.60.1&sts=0&prn=0&emb=0&tid=756376&rxy=1280_1024&fs=1&ref=https%3A%2F%2Fbayfiles.com%2Fmdo3ddcbyf&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&_ZmI3=1675026950135&crc=1
IP 54.230.111.76:0
File type ASCII text, with very long lines (3255), with no line terminators
Hash 008be3c642ea2a36b00865051191be85
b38c02e21ec745d9cf80de00f50213ab831c9afd
ec031d4c6c46a323d8e251e47e086ee3610fc3e163fb97be50640b21e0afeb5c
GET /multi?cs=eVFjWG5BZFFtWU5gVGFdS2FSbw&abt=0&red=1&sm=76&k=&v=1.0.60.1&sts=0&prn=0&emb=0&tid=756376&rxy=1280_1024&fs=1&ref=https%3A%2F%2Fbayfiles.com%2Fmdo3ddcbyf&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&_ZmI3=1675026950135&crc=1 HTTP/1.1
Host: coonandeg.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bayfiles.com
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/plain
content-length: 1561
date: Sun, 29 Jan 2023 21:15:43 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://bayfiles.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=343b6b8e-6098-4c86-a5a2-2b2d21174d58
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Zj1c6CsGma6UgdVKc4mlpo3L5fzXlMbslEFIblJ31GYbIXbnSZgQ6w==
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
142.250.74.109302 Found 393 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP 142.250.74.109:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (380)
Hash 9386477a1491bc305e4d43a9a2296a61
e2ace0a50eac1daa4fed048b9e7c332c9eeb1f25
5d2039e70fe390c4a9316479a0534e22ad6b6c5ffd1106cd769fee13a3e6f63a
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 29 Jan 2023 21:15:43 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-637050532%3A1675026943870877&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHcq4jU0HYC6xFFkbC4XNbD3y-ksLvw8-ZI1-174iE1Ea0Iw5jwsj2CO1m0jWh8u1mww5MHgsA
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-security-policy: script-src 'nonce-OSYG1UjF73E8JqzTJ4nZqg' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 393
server: GSE
set-cookie: __Host-GAPS=1:fW0G3C93eHOJnd37NMGgwCfDc_yH0A:s6IPUuJsgPqs9Z6e;Path=/;Expires=Tue, 28-Jan-2025 21:15:43 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?dsh=S-402524556%3A1675026943835289&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHcf6CSSDTvvNO4lWNfNJ-q-Uqfx6etugV70lLBaCgf-Gkzeuee8f1Mhv7ZAmk3Cn5BxikBHXw
142.250.74.109403 Forbidden 1.3 kB URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S-402524556%3A1675026943835289&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHcf6CSSDTvvNO4lWNfNJ-q-Uqfx6etugV70lLBaCgf-Gkzeuee8f1Mhv7ZAmk3Cn5BxikBHXw
IP 142.250.74.109:0
Hash e0a1bdd1e99f63601f2cdab1c24cc930
54bc21d2caae68663888943b1bc4cdfc6747fe3a
4acf19b8ecb248c1c4210189bec7e8a8b1f5b93c4eaa5034a521bb07f01359dc
GET /v3/signin/identifier?dsh=S-402524556%3A1675026943835289&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHcf6CSSDTvvNO4lWNfNJ-q-Uqfx6etugV70lLBaCgf-Gkzeuee8f1Mhv7ZAmk3Cn5BxikBHXw HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bayfiles.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 29 Jan 2023 21:15:43 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-VwSgHoN1qI64mcUFcp5xHw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
cross-origin-opener-policy-report-only: same-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
bayfiles.com/sw.js?dlhrR24telx0WUVqXWVCVHpHZQwUaAgiVxU%2BRndbEDlGcw1CbUZ%2BVkBpRnFZEGFfJllDO1ohDVR0SXZXE2tTIV8VdQ1xXRN1XyVbRHVScFtOdVNyCBBuWSJWRmgPdExaehgwTFp6GygCHzsCMxcFPRkuARJ2AikIGXpHZVtYakka
45.154.253.152200 OK 14 kB URL HTTP/1.1 bayfiles.com/sw.js?dlhrR24telx0WUVqXWVCVHpHZQwUaAgiVxU%2BRndbEDlGcw1CbUZ%2BVkBpRnFZEGFfJllDO1ohDVR0SXZXE2tTIV8VdQ1xXRN1XyVbRHVScFtOdVNyCBBuWSJWRmgPdExaehgwTFp6GygCHzsCMxcFPRkuARJ2AikIGXpHZVtYakka
IP 45.154.253.152:0
ASN #41634 Svea Hosting AB
File type ASCII text, with very long lines (39060), with no line terminators
Hash fefdeff3180d9772f08a2cadce9a55b0
5610f0290b7f4c81c57a65703825fc2830aeac96
0009589421c540c0b0ee37fde74f5373962096bc8e9869a953b4cb59547a8f61
GET /sw.js?dlhrR24telx0WUVqXWVCVHpHZQwUaAgiVxU%2BRndbEDlGcw1CbUZ%2BVkBpRnFZEGFfJllDO1ohDVR0SXZXE2tTIV8VdQ1xXRN1XyVbRHVScFtOdVNyCBBuWSJWRmgPdExaehgwTFp6GygCHzsCMxcFPRkuARJ2AikIGXpHZVtYakka HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 29 Jan 2023 21:15:43 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
x-vdch: Yes
cache-control: public, max-age=14400
x-oe: Y
x-oh: 5758
Content-Encoding: gzip
pogothere.xyz/
172.64.198.35200 OK 374 B IP 172.64.198.35:0
File type ASCII text, with no line terminators
Hash efef3ca76f7d339b052365060fee5df7
842c9a49b841d14b007a60cd9a71b3336d448fde
bed115c08f0c27ac9232815206d71a6878a4037191286e9ec3a7bc022b712fce
Analyzer Verdict Alert quad9 Sinkholed
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bayfiles.com/
Origin: https://bayfiles.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 29 Jan 2023 21:15:43 GMT
content-type: text/plain
set-cookie: csu=2004191898386912@1@1675026943; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://bayfiles.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9KOMShmEFgbw9S62zNszX05PFNWO6pBWg9OeojtVYwd7l1jKqIJaw01MC6NvXHmaT4o0PzpFx7BvY%2B8slrK5u1AVL2Ad7IQWxEMVRuWAH9QuiCmPrPA%2BIMRKx0wVVj9o"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7914fc1f0e78731e-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.198.35200 OK 103 kB IP 172.64.198.35:0
Size 103 kB (102871 bytes)
Hash 007967a69aaeb5784569daa3a91d8e91
e683cf5e85c416f8d069c8819cfd9e619ab285a9
f8f0ef1de87ab923c6b730322705d5b860a674d529de62fa1aab7b339eeb5e32
Analyzer Verdict Alert quad9 Sinkholed
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bayfiles.com/
Origin: https://bayfiles.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 29 Jan 2023 21:15:43 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://bayfiles.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 4194
last-modified: Sun, 29 Jan 2023 20:05:49 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hC6nXzVSwu8x4lJLK%2BfR3C088dJmfVeUfaaRwmg3LVJhhAOwMgAGkoW%2FNzPeYEGb6aQicyEOlQpJUdV8roPDaw0rdR2YwQIfkenNxL00EhKOyO0phq2c%2F4ytafa2D8PK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7914fc1f0e7b731e-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
31.13.72.36200 OK 21 kB URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP 31.13.72.36:0
Hash a8e5a8fbf4c75d31c931b0617a0fc6d2
700e49e737749698ce111ddffc5bee4de52fe1e0
7479d4404980a090bb9a9c3c4e758f684ba33799e3b621694c4a5da89c036d0f
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: z9FQqv6eEy7IjqQiTVniqjJdXi77P0a37RmZ+th6eonugtMabU3Y0oc/IlB8yMwkkipoJdC+85ByDwhJTmV5Ag==
date: Sun, 29 Jan 2023 21:15:43 GMT
priority: u=3,i
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
bayfiles.com/img/favicon/favicon-32x32-bayfiles.png?1668603321
45.154.253.152200 OK 1.4 kB URL HTTP/1.1 bayfiles.com/img/favicon/favicon-32x32-bayfiles.png?1668603321
IP 45.154.253.152:0
ASN #41634 Svea Hosting AB
File type PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash 9549584e9288a5dd9d163daa26a6f34d
0c7a71967bd4570770aa9b1043a1d82cd8969252
d18e625001a778074faea9e00ae801988818827c121732ba020390e84897578e
GET /img/favicon/favicon-32x32-bayfiles.png?1668603321 HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/mdo3ddcbyf
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 29 Jan 2023 21:15:44 GMT
Content-Type: image/png
Content-Length: 1368
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 413
accept-ranges: bytes
policityseriod.info/dlhrR24telx0WUVqXWVCVHpHZQwUaAgiVxU%2BRndbEDlGcw1CbUZ%2BVkBpRnFZEGFfJllDO1ohDVR0SXZXE2tTIV8VdQ1xXRN1XyVbRHVScFtOdVNyCBBuWSJWRmgPdExaehgwTFp6GygCHzsCMxcFPRkuARJ2AikIGXpHZVtYakka
103.224.212.220302 Found 0 B URL HTTP/1.1 policityseriod.info/dlhrR24telx0WUVqXWVCVHpHZQwUaAgiVxU%2BRndbEDlGcw1CbUZ%2BVkBpRnFZEGFfJllDO1ohDVR0SXZXE2tTIV8VdQ1xXRN1XyVbRHVScFtOdVNyCBBuWSJWRmgPdExaehgwTFp6GygCHzsCMxcFPRkuARJ2AikIGXpHZVtYakka
IP 103.224.212.220:0
ASN #133618 Trellian Pty. Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
GET /dlhrR24telx0WUVqXWVCVHpHZQwUaAgiVxU%2BRndbEDlGcw1CbUZ%2BVkBpRnFZEGFfJllDO1ohDVR0SXZXE2tTIV8VdQ1xXRN1XyVbRHVScFtOdVNyCBBuWSJWRmgPdExaehgwTFp6GygCHzsCMxcFPRkuARJ2AikIGXpHZVtYakka HTTP/1.1
Host: policityseriod.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
date: Sun, 29 Jan 2023 21:15:44 GMT
server: Apache/2.4.38 (Debian)
set-cookie: __tad=1675026944.1532820; expires=Wed, 26-Jan-2033 21:15:44 GMT; Max-Age=315360000
location: http://ww25.policityseriod.info/dlhrR24telx0WUVqXWVCVHpHZQwUaAgiVxU%2BRndbEDlGcw1CbUZ%2BVkBpRnFZEGFfJllDO1ohDVR0SXZXE2tTIV8VdQ1xXRN1XyVbRHVScFtOdVNyCBBuWSJWRmgPdExaehgwTFp6GygCHzsCMxcFPRkuARJ2AikIGXpHZVtYakka?subid1=20230130-0815-44a5-8531-92dfeba97cc6
content-length: 0
content-type: text/html; charset=UTF-8
connection: close
policityseriod.info/
103.224.212.220302 Found 0 B IP 103.224.212.220:0
ASN #133618 Trellian Pty. Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
POST / HTTP/1.1
Host: policityseriod.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bayfiles.com/
Content-Type: text/plain;charset=UTF-8
Origin: https://bayfiles.com
Content-Length: 356
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
date: Sun, 29 Jan 2023 21:15:45 GMT
server: Apache/2.4.38 (Debian)
set-cookie: __tad=1675026945.7297983; expires=Wed, 26-Jan-2033 21:15:45 GMT; Max-Age=315360000
location: http://ww25.policityseriod.info/?subid1=20230130-0815-4553-81a8-51e0414ff968
content-length: 0
content-type: text/html; charset=UTF-8
connection: close
policityseriod.info/
103.224.212.220302 Found 0 B IP 103.224.212.220:0
ASN #133618 Trellian Pty. Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
POST / HTTP/1.1
Host: policityseriod.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bayfiles.com/
Content-Type: text/plain;charset=UTF-8
Origin: https://bayfiles.com
Content-Length: 350
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
date: Sun, 29 Jan 2023 21:15:45 GMT
server: Apache/2.4.38 (Debian)
set-cookie: __tad=1675026945.6344359; expires=Wed, 26-Jan-2033 21:15:45 GMT; Max-Age=315360000
location: http://ww25.policityseriod.info/?subid1=20230130-0815-45a7-9e58-b51dbd78a227
content-length: 0
content-type: text/html; charset=UTF-8
connection: close
pogothere.xyz/
172.64.198.35200 OK 28 B IP 172.64.198.35:0
File type ASCII text, with no line terminators
Hash a87c09b6ac96eda7fc3ec6f1ef89bfc0
60df5ac80a15f548d443e17eb9f9e89f51f9280c
af80bfc9a26a48b2d628a97168d49db88048ef0048e750a5ce8dec7653698a18
Analyzer Verdict Alert quad9 Sinkholed
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bayfiles.com/
Origin: https://bayfiles.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 21:15:44 GMT
content-type: text/plain
set-cookie: csu=1635431992692249@1@1675026944; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://bayfiles.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l6d3x2mMwzW1VqtIFMft7qdwf%2FE8stiqa1CzPBn0Z4ki4UtCQYl8578%2FzVgpXoxsgxmkA4GLc%2FJ2ZE0%2BIB4LMg%2FOnH58SQNIV%2FaKkslGOHgVYMn0TLaqxBSvkqMoazlq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7914fc1fbf66731e-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
policityseriod.info/
103.224.212.220302 Found 0 B IP 103.224.212.220:0
ASN #133618 Trellian Pty. Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
POST / HTTP/1.1
Host: policityseriod.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 749
Origin: https://bayfiles.com
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
date: Sun, 29 Jan 2023 21:15:45 GMT
server: Apache/2.4.38 (Debian)
set-cookie: __tad=1675026945.5052457; expires=Wed, 26-Jan-2033 21:15:45 GMT; Max-Age=315360000
location: http://ww25.policityseriod.info/?subid1=20230130-0815-4593-a5ed-879e3aeeb6ad
content-length: 0
content-type: text/html; charset=UTF-8
connection: close
policityseriod.info/
103.224.212.220302 Found 0 B IP 103.224.212.220:0
ASN #133618 Trellian Pty. Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
POST / HTTP/1.1
Host: policityseriod.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 394
Origin: https://bayfiles.com
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
date: Sun, 29 Jan 2023 21:15:45 GMT
server: Apache/2.4.38 (Debian)
set-cookie: __tad=1675026945.8999422; expires=Wed, 26-Jan-2033 21:15:45 GMT; Max-Age=315360000
location: http://ww25.policityseriod.info/?subid1=20230130-0815-45dd-a915-3cf8e4a265ac
content-length: 0
content-type: text/html; charset=UTF-8
connection: close
policityseriod.info/
103.224.212.220302 Found 0 B IP 103.224.212.220:0
ASN #133618 Trellian Pty. Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
POST / HTTP/1.1
Host: policityseriod.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bayfiles.com/
Content-Type: text/plain;charset=UTF-8
Origin: https://bayfiles.com
Content-Length: 357
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
date: Sun, 29 Jan 2023 21:15:45 GMT
server: Apache/2.4.38 (Debian)
set-cookie: __tad=1675026945.5808464; expires=Wed, 26-Jan-2033 21:15:45 GMT; Max-Age=315360000
location: http://ww25.policityseriod.info/?subid1=20230130-0815-4589-8a8f-aba10c35e10a
content-length: 0
content-type: text/html; charset=UTF-8
connection: close
policityseriod.info/
103.224.212.220302 Found 0 B IP 103.224.212.220:0
ASN #133618 Trellian Pty. Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
POST / HTTP/1.1
Host: policityseriod.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 387
Origin: https://bayfiles.com
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
date: Sun, 29 Jan 2023 21:15:45 GMT
server: Apache/2.4.38 (Debian)
set-cookie: __tad=1675026945.4954275; expires=Wed, 26-Jan-2033 21:15:45 GMT; Max-Age=315360000
location: http://ww25.policityseriod.info/?subid1=20230130-0815-45ec-9b32-b1eb324879da
content-length: 0
content-type: text/html; charset=UTF-8
connection: close
policityseriod.info/
103.224.212.220302 Found 0 B IP 103.224.212.220:0
ASN #133618 Trellian Pty. Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
POST / HTTP/1.1
Host: policityseriod.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bayfiles.com/
Content-Type: text/plain;charset=UTF-8
Origin: https://bayfiles.com
Content-Length: 359
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
date: Sun, 29 Jan 2023 21:15:46 GMT
server: Apache/2.4.38 (Debian)
set-cookie: __tad=1675026946.3572770; expires=Wed, 26-Jan-2033 21:15:46 GMT; Max-Age=315360000
location: http://ww25.policityseriod.info/?subid1=20230130-0815-46eb-9df7-332f6062c726
content-length: 0
content-type: text/html; charset=UTF-8
connection: close
pogothere.xyz/asd100.bin
172.64.198.35200 OK 0 B IP 172.64.198.35:0
Analyzer Verdict Alert quad9 Sinkholed
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bayfiles.com/
Origin: https://bayfiles.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 29 Jan 2023 21:15:43 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://bayfiles.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 4194
last-modified: Sun, 29 Jan 2023 20:05:49 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RfyLXHzZgJUEdBpOzKUDncaR3acepVKsPTeo1R0JroUtfYWKm0om9%2BQtwVuCbBr6%2FyGI%2FZiZFgm06vxY6znhr9vuyY37Fk5%2B1YfDM8O19BTKJu9njBmvK0fEYnBziWuP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7914fc1f0e76731e-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?dsh=S-637050532%3A1675026943870877&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHcq4jU0HYC6xFFkbC4XNbD3y-ksLvw8-ZI1-174iE1Ea0Iw5jwsj2CO1m0jWh8u1mww5MHgsA
142.250.74.109403 Forbidden 0 B URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S-637050532%3A1675026943870877&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHcq4jU0HYC6xFFkbC4XNbD3y-ksLvw8-ZI1-174iE1Ea0Iw5jwsj2CO1m0jWh8u1mww5MHgsA
IP 142.250.74.109:0
GET /v3/signin/identifier?dsh=S-637050532%3A1675026943870877&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHcq4jU0HYC6xFFkbC4XNbD3y-ksLvw8-ZI1-174iE1Ea0Iw5jwsj2CO1m0jWh8u1mww5MHgsA HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bayfiles.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 29 Jan 2023 21:15:43 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-jbJ82Z9VsjfVcCvTojynoQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi/external"}]}
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2