cdn-114.bayfiles.com/afebjak6y8/023155f1-1670512664/idm.6.41.06.silent.kuyhaa.zip
195.96.151.66301 Moved Permanently 162 B URL HTTP/1.1 cdn-114.bayfiles.com/afebjak6y8/023155f1-1670512664/idm.6.41.06.silent.kuyhaa.zip
IP 195.96.151.66:0
ASN #41634 Svea Hosting AB
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /afebjak6y8/023155f1-1670512664/idm.6.41.06.silent.kuyhaa.zip HTTP/1.1
Host: cdn-114.bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Fri, 09 Dec 2022 17:43:35 GMT
Content-Type: text/html
Content-Length: 162
Connection: close
Location: https://cdn-114.bayfiles.com/afebjak6y8/023155f1-1670512664/idm.6.41.06.silent.kuyhaa.zip
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f2acd891dc6eb1f09f57a2b086791781
1e2088306501a61edcca1ade62c4d54f23b3b083
51148fed95cc00d60dc3640350f135b1b2763ff0e3cfbffc40f0948317894be9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "51148FED95CC00D60DC3640350F135B1B2763FF0E3CFBFFC40F0948317894BE9"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10163
Expires: Fri, 09 Dec 2022 20:32:58 GMT
Date: Fri, 09 Dec 2022 17:43:35 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash aea93551fa9deb76ae49a3b4019d64fe
e3b8862057ebe839959228e42246d7b1807fc90c
7e210f03b140418085e94ec20c1d27d6ecf7a404cbd323e16476ae5ae95d6dac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7E210F03B140418085E94EC20C1D27D6ECF7A404CBD323E16476AE5AE95D6DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3753
Expires: Fri, 09 Dec 2022 18:46:08 GMT
Date: Fri, 09 Dec 2022 17:43:35 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Backoff, Content-Length, Content-Type, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 09 Dec 2022 17:33:14 GMT
content-type: application/json
age: 621
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4ee537977be9c03702f8ffe0025bf1fe
21637881c4aa34c4add703f8bff4eff573159f45
4819229fd8f502a0c68c80bd7409e104c1b4d1a98ca8a6cd9deba629b1511aea
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4819229FD8F502A0C68C80BD7409E104C1B4D1A98CA8A6CD9DEBA629B1511AEA"
Last-Modified: Thu, 08 Dec 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8685
Expires: Fri, 09 Dec 2022 20:08:20 GMT
Date: Fri, 09 Dec 2022 17:43:35 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: XLvi3vd0S9DtqDAeg/G3l2E/6gWwZNkQ8IGRgvv9tyHMbU63a8uDIHUSFLvI1fvmF+tor2aDWKs=
x-amz-request-id: 2PMQNQVP90SHNR27
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 09 Dec 2022 16:48:24 GMT
age: 3311
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
cdn-114.bayfiles.com/afebjak6y8/023155f1-1670512664/idm.6.41.06.silent.kuyhaa.zip
195.96.151.66301 Moved Permanently 0 B URL HTTP/1.1 cdn-114.bayfiles.com/afebjak6y8/023155f1-1670512664/idm.6.41.06.silent.kuyhaa.zip
IP 195.96.151.66:0
ASN #41634 Svea Hosting AB
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /afebjak6y8/023155f1-1670512664/idm.6.41.06.silent.kuyhaa.zip HTTP/1.1
Host: cdn-114.bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Fri, 09 Dec 2022 17:43:35 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Location: https://bayfiles.com/afebjak6y8
X-Cache-Host: filecache-03
X-Cache-Disk: nvme-01
Accept-Ranges: bytes
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 0832cdb2acf62f984428aee43fb80c19
4f712fc134e62fca415258ca1f27ee1ea3b9da77
e5ecb8e1ec9420093764447248ab62d8976d3353d52b969132b881adea0d0153
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E5ECB8E1EC9420093764447248AB62D8976D3353D52B969132B881ADEA0D0153"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3174
Expires: Fri, 09 Dec 2022 18:36:30 GMT
Date: Fri, 09 Dec 2022 17:43:36 GMT
Connection: keep-alive
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 17:43:36 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
bayfiles.com/afebjak6y8
45.154.253.150404 Not Found 2.3 kB IP 45.154.253.150:0
ASN #41634 Svea Hosting AB
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash 0ff0f85bfb58b01afc90301187584696
31f93a6520de09a318d1a21f174e03d2d6e8369c
69de121864df6491dd25f144bb5d746e3a87f10636571c5d7f9549860aeacf50
GET /afebjak6y8 HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 404 Not Found
Server: nginx
Date: Fri, 09 Dec 2022 17:43:36 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
cache-control: public, max-age=3600
x-oe: Y
x-oh: 22
Content-Encoding: gzip
bayfiles.com/css/bayfiles.css?1668606177
45.154.253.150200 OK 25 kB URL HTTP/1.1 bayfiles.com/css/bayfiles.css?1668606177
IP 45.154.253.150:0
ASN #41634 Svea Hosting AB
File type ASCII text, with very long lines (65452)
Hash 896df88019eabed295bc78a2f053ab92
1bca351d99600fb10583eb28c638dd58482535a0
b1555a31747d1f471ea748a1363cf9c588d66dd15dcf42cf7fa0b2911d0424d0
GET /css/bayfiles.css?1668606177 HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/afebjak6y8
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 09 Dec 2022 17:43:36 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
cache-control: public, max-age=3600
x-oe: Y
x-oh: 1068
Content-Encoding: gzip
bayfiles.com/sw.js
45.154.253.150200 OK 14 kB IP 45.154.253.150:0
ASN #41634 Svea Hosting AB
File type ASCII text, with very long lines (39060), with no line terminators
Hash fefdeff3180d9772f08a2cadce9a55b0
5610f0290b7f4c81c57a65703825fc2830aeac96
0009589421c540c0b0ee37fde74f5373962096bc8e9869a953b4cb59547a8f61
GET /sw.js HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/afebjak6y8
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 09 Dec 2022 17:43:36 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
x-vdch: Yes
cache-control: public, max-age=14400
x-oe: Y
x-oh: 1978
Content-Encoding: gzip
bayfiles.com/js/app.js?1668606177
45.154.253.150200 OK 58 kB URL HTTP/1.1 bayfiles.com/js/app.js?1668606177
IP 45.154.253.150:0
ASN #41634 Svea Hosting AB
File type ASCII text, with very long lines (63238)
Hash ba67ff13fd07739a7037fbc27b2a1955
3e253f69b2f12659c541de122c6bce0ed82ba369
1cb363c41be4b3558b7b97b28bb7620cf532033c8a7a0035020831c104aaf818
GET /js/app.js?1668606177 HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/afebjak6y8
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 09 Dec 2022 17:43:36 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
cache-control: public, max-age=3600
x-oe: Y
x-oh: 471
Content-Encoding: gzip
bayfiles.com/img/flags/24/ru.png
403 B URL bayfiles.com/img/flags/24/ru.png
IP :0
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash d8df89b036e6afb48f72d2440831bad0
04abb4b29dae9c6f1ac0f1d8a507aabe26a3be35
2db4b55326c0ef7cd3caf53e835ae1f38629da1d1c2f5a127e0785165b16078c
GET /img/flags/24/ru.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/afebjak6y8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
bayfiles.com/img/flags/24/pl.png
45.154.253.150200 OK 347 B URL HTTP/1.1 bayfiles.com/img/flags/24/pl.png
IP 45.154.253.150:0
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash baf3aff7caef0be58f29b41f20a0e4db
11c840dfa1f1bd22a04aa1fa53fcac95f381b9a6
0a3a8803b7a137166a04369522ec2b31513dcd4c07e2120107c55d9a7f7b646f
GET /img/flags/24/pl.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/afebjak6y8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 09 Dec 2022 17:43:36 GMT
Content-Type: image/png
Content-Length: 347
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 1648
accept-ranges: bytes
bayfiles.com/img/flags/24/us.png
45.154.253.150200 OK 656 B URL HTTP/1.1 bayfiles.com/img/flags/24/us.png
IP 45.154.253.150:0
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash ae506a6c014bfeb8d8cbfdfbe94c14c9
f4e74440c4e79e71959b9b8f799f2e8a7e15b7ee
bc6dd978e70894c8a0148e6806f4fde9566ee59349adb03c02a61a3b2e25b6f1
GET /img/flags/24/us.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/afebjak6y8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 09 Dec 2022 17:43:36 GMT
Content-Type: image/png
Content-Length: 656
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 173
accept-ranges: bytes
vjs.zencdn.net/7.3.0/video.min.js
151.101.66.217200 OK 132 kB URL HTTP/2 vjs.zencdn.net/7.3.0/video.min.js
IP 151.101.66.217:0
File type Unicode text, UTF-8 text, with very long lines (65141)
Size 132 kB (132230 bytes)
Hash e296d874aca2a1550b409394be51efaa
c184c030e9aab3d03de27bc588919e249d5ccdf7
401c15b7916797f936e9d8443945ef22e0f93305655c057a92c8d9b80c327c9f
GET /7.3.0/video.min.js HTTP/1.1
Host: vjs.zencdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Fri, 26 Oct 2018 18:06:27 GMT
etag: "057f19acd50fc7e3ad917dd600889ee5"
cache-control: public, max-age=31536000
content-type: application/javascript; charset=utf-8
content-encoding: gzip
date: Fri, 09 Dec 2022 17:43:36 GMT
x-served-by: cache-bma1674-BMA
x-cache: HIT
x-cache-hits: 2
vary: Accept-Encoding
access-control-allow-origin: *
timing-allow-origin: *
content-length: 132230
X-Firefox-Spdy: h2
vjs.zencdn.net/7.3.0/video-js.min.css
151.101.66.217200 OK 9.7 kB URL HTTP/2 vjs.zencdn.net/7.3.0/video-js.min.css
IP 151.101.66.217:0
File type ASCII text, with very long lines (35998), with no line terminators
Hash 3397ce943db8add2728dccd9a3b8b8bc
a57bbb7546a458fe57d72d06baab950125260cc9
5779043d07e39f23d64752c34c3113055eaaadf57fcd02f366cb028485e626ba
GET /7.3.0/video-js.min.css HTTP/1.1
Host: vjs.zencdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Fri, 26 Oct 2018 18:06:27 GMT
etag: "895e6b29db41953ef6197815c6be59d3"
cache-control: public, max-age=31536000
content-type: text/css; charset=utf-8
content-encoding: gzip
date: Fri, 09 Dec 2022 17:43:36 GMT
x-served-by: cache-bma1674-BMA
x-cache: HIT
x-cache-hits: 3376
vary: Accept-Encoding
access-control-allow-origin: *
timing-allow-origin: *
content-length: 9673
X-Firefox-Spdy: h2
bayfiles.com/img/flags/24/br.png
45.154.253.150200 OK 1.1 kB URL HTTP/1.1 bayfiles.com/img/flags/24/br.png
IP 45.154.253.150:0
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash 6a5938d2e7f7d6f4026d6eb1b4b4f2cd
7a038177fe4deec455d61d3e9c90019fa4727d40
0ab6c46e677fa7e49b6344fcde39c06ff6c014d9163571cdb36f8b5fc59c17eb
GET /img/flags/24/br.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/afebjak6y8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 09 Dec 2022 17:43:36 GMT
Content-Type: image/png
Content-Length: 1115
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 292
accept-ranges: bytes
bayfiles.com/img/flags/24/es.png
45.154.253.150200 OK 666 B URL HTTP/1.1 bayfiles.com/img/flags/24/es.png
IP 45.154.253.150:0
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash 5fa381a8eb16d9e673d32980e7fd1710
fc29fbbebe97109ef1d16a0d4a65637d6b725ac8
7b6f223153c8eda1b541326f9cd66aeb53a28801c58c4de751fd2f9f6f1d96ff
GET /img/flags/24/es.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/afebjak6y8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 09 Dec 2022 17:43:36 GMT
Content-Type: image/png
Content-Length: 666
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 328
accept-ranges: bytes
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Last-Modified, ETag, Cache-Control, Alert, Content-Length, Pragma, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 09 Dec 2022 17:07:55 GMT
age: 2141
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
bayfiles.com/img/flags/24/se.png
45.154.253.150200 OK 581 B URL HTTP/1.1 bayfiles.com/img/flags/24/se.png
IP 45.154.253.150:0
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash c9b1e40987c4411b4a7d13c07a8843aa
cfce93be3ba77e4e30033d25e2e5c6a37da1b27d
8c04b3b52d605637bb4c6a26449c45e5320a3f33f14e8c737ce599433bc19f14
GET /img/flags/24/se.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/afebjak6y8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 09 Dec 2022 17:43:36 GMT
Content-Type: image/png
Content-Length: 581
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 1855
accept-ranges: bytes
bayfiles.com/img/flags/24/fr.png
45.154.253.150200 OK 536 B URL HTTP/1.1 bayfiles.com/img/flags/24/fr.png
IP 45.154.253.150:0
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash e81efecf1a1b1d3a17d00a904c5cc3c9
1203894dbfc8363302dc709d852c05a4dd8bf9dc
54df4beda3ad05d5c621511ff15b2882588ff457e36132035d5f21fb29f2a750
GET /img/flags/24/fr.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/afebjak6y8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 09 Dec 2022 17:43:36 GMT
Content-Type: image/png
Content-Length: 536
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 151
accept-ranges: bytes
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash e6be4d2155028ffff5d01ab6e7edf6da
07172071b5cf43c4cd7d7930b4ad8518ec1e32e9
4d8a5fa2362fd0910babd6d128d850d4460829468eb23d34ee5ee6eaa42d5a38
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 675
Cache-Control: max-age=142474
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 17:43:36 GMT
Etag: "6392faaf-1d7"
Expires: Sun, 11 Dec 2022 09:18:10 GMT
Last-Modified: Fri, 09 Dec 2022 09:06:55 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 471
djv99sxoqpv11.cloudfront.net/?xsvjd=737333
54.230.245.37200 OK 98 kB URL HTTP/2 djv99sxoqpv11.cloudfront.net/?xsvjd=737333
IP 54.230.245.37:0
File type Unicode text, UTF-8 text, with very long lines (15945)
Hash dd7fd768b7ae35ef373c7e2bde110413
26b6e587c106cc4739563a947fa79b0fc28e7e73
52ce1bdf4c6b17f934ecf0e1af538c7ffc0e9eea7c95c2eab9d8d586b9d08f1d
GET /?xsvjd=737333 HTTP/1.1
Host: djv99sxoqpv11.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 98077
date: Fri, 09 Dec 2022 17:43:36 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Miss from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: C4kckU-nLhefYRXFEIq8xR1YCaJbNqAwDSK4z-jsUgMGo_Xkgge8iQ==
X-Firefox-Spdy: h2
bayfiles.com/img/flags/24/dk.png
45.154.253.150200 OK 537 B URL HTTP/1.1 bayfiles.com/img/flags/24/dk.png
IP 45.154.253.150:0
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash b6ebe55a7d176720cd2b1003298187a8
930858408b9af1f79c430bbe15c185db555a7815
07575cf7a8d7d2b8edfbea80f8e8a228ecc56a03a567bc60c0ef4dc6ac0f328a
GET /img/flags/24/dk.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/afebjak6y8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 09 Dec 2022 17:43:36 GMT
Content-Type: image/png
Content-Length: 537
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 1676
accept-ranges: bytes
ocsp.pki.goog/s/gts1p5/PIudMIVwldY
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/PIudMIVwldY
IP 142.250.74.131:0
Hash c1b3f456e3c84e3a2a9fd33d890e16ed
6a71d809023415957c45984ecd3f91fbcb35af56
dd9c0c8d710ab033bdba40995ffcc3aa294d8b110c134a4e7b81fc5ef5dc2dda
POST /s/gts1p5/PIudMIVwldY HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 17:43:37 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/s/gts1p5/PIudMIVwldY
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/PIudMIVwldY
IP 142.250.74.131:0
Hash c1b3f456e3c84e3a2a9fd33d890e16ed
6a71d809023415957c45984ecd3f91fbcb35af56
dd9c0c8d710ab033bdba40995ffcc3aa294d8b110c134a4e7b81fc5ef5dc2dda
POST /s/gts1p5/PIudMIVwldY HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 17:43:37 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 03ef4555eb6ffe32b05bd5f20cc72d85
82cf94ec847944c0baeec2abf2b4c3f45ee7c1d9
8b38fa089abc71888ff777f2e19eb1dbccb886d65ed3dfb67dd46856e4aeb63a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8B38FA089ABC71888FF777F2E19EB1DBCCB886D65ED3DFB67DD46856E4AEB63A"
Last-Modified: Wed, 07 Dec 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9719
Expires: Fri, 09 Dec 2022 20:25:36 GMT
Date: Fri, 09 Dec 2022 17:43:37 GMT
Connection: keep-alive
bayfiles.com/img/flags/24/in.png
45.154.253.150200 OK 593 B URL HTTP/1.1 bayfiles.com/img/flags/24/in.png
IP 45.154.253.150:0
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash ccaf96cfc341dc9a17e24b96bef223ff
8791d6db6628e0fb21b847ab94484f0c615e38ac
728e008d94e2e3bae2679d50a051562f1ccce1fd604196c7880a3d96f3070354
GET /img/flags/24/in.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/afebjak6y8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 09 Dec 2022 17:43:37 GMT
Content-Type: image/png
Content-Length: 593
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 912
accept-ranges: bytes
push.services.mozilla.com/
54.191.210.155101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.191.210.155:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: It5SmNf5HN1ezVpejs0TNQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: mzMWy+bBapHyk1BkC5cu0wPi4JY=
hecherthepar.com/cWF2VExeXhUncRA1NGctQg0TFXw3BSVldDk1Rx4BJiA0FhlBVVAgJRVcQWd7QlJDcjwYBUtldFcSAjU4BBJLZWoYDxA7cVcXS2ViQU9Een5XFEtlagURFzNxQEcGIDgdXEdie0FXRmN0QFdGZHo
172.67.136.174204 No Content 0 B URL HTTP/2 hecherthepar.com/cWF2VExeXhUncRA1NGctQg0TFXw3BSVldDk1Rx4BJiA0FhlBVVAgJRVcQWd7QlJDcjwYBUtldFcSAjU4BBJLZWoYDxA7cVcXS2ViQU9Een5XFEtlagURFzNxQEcGIDgdXEdie0FXRmN0QFdGZHo
IP 172.67.136.174:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cWF2VExeXhUncRA1NGctQg0TFXw3BSVldDk1Rx4BJiA0FhlBVVAgJRVcQWd7QlJDcjwYBUtldFcSAjU4BBJLZWoYDxA7cVcXS2ViQU9Een5XFEtlagURFzNxQEcGIDgdXEdie0FXRmN0QFdGZHo HTTP/1.1
Host: hecherthepar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Fri, 09 Dec 2022 17:43:37 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LxVHSEnxfCPTq2c5JJow9rInZFpYTXPkgp0cg1z2WuVoea43%2F0BdnrNaeZVcLlPDNAxpiuQquK%2B1%2Biohxk58Dfj4Bk2jF1x69f21LULF2RpQPwNNUQb0kA47jbfzvGbFHFA9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 776f8b489fb90b55-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
hecherthepar.com/R2Q4Q1JoW1swbxEzARYwAwBTGwV2BXoEECU+VBIQHSJUNwUGUB43OyNZD3BldFcLZSIuAAVydDQQWTcnNFkJZTspAld+dDFZCW1hc0oLcnx2Qk1+Y2EQSCI1elUeMyYzCAVyZHBUDnNlf1UNemp3
172.67.136.174204 No Content 0 B URL HTTP/2 hecherthepar.com/R2Q4Q1JoW1swbxEzARYwAwBTGwV2BXoEECU+VBIQHSJUNwUGUB43OyNZD3BldFcLZSIuAAVydDQQWTcnNFkJZTspAld+dDFZCW1hc0oLcnx2Qk1+Y2EQSCI1elUeMyYzCAVyZHBUDnNlf1UNemp3
IP 172.67.136.174:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /R2Q4Q1JoW1swbxEzARYwAwBTGwV2BXoEECU+VBIQHSJUNwUGUB43OyNZD3BldFcLZSIuAAVydDQQWTcnNFkJZTspAld+dDFZCW1hc0oLcnx2Qk1+Y2EQSCI1elUeMyYzCAVyZHBUDnNlf1UNemp3 HTTP/1.1
Host: hecherthepar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Fri, 09 Dec 2022 17:43:37 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lSGNPkdqAA7YxneIHo5z8lwf9BeeKMqUgEdWu%2Fmj4ljDeDqBXGsD3iEygLqvaiBDyBRZmFMTr3gxdIjqkSJaXQMv5TR2hpJ6TA6cpf2in8nr8qvmQ2STS42hEYAX6E8esizw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 776f8b488fac0b55-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
hecherthepar.com/dll3ekpZZhQJdyw1Jk8rMQslIBsOPSE8ABgaIQouIzQiNR0gFFEOIxJkQE98RW5BXDofPUpIc1AqAxs+AypKS2wfNxEVd1AvSktkRndBSmRHfwJHe1AtBxstS2hRCj4CNUpLfEFpQUp9TmhCQ3NA
172.67.136.174204 No Content 0 B URL HTTP/2 hecherthepar.com/dll3ekpZZhQJdyw1Jk8rMQslIBsOPSE8ABgaIQouIzQiNR0gFFEOIxJkQE98RW5BXDofPUpIc1AqAxs+AypKS2wfNxEVd1AvSktkRndBSmRHfwJHe1AtBxstS2hRCj4CNUpLfEFpQUp9TmhCQ3NA
IP 172.67.136.174:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /dll3ekpZZhQJdyw1Jk8rMQslIBsOPSE8ABgaIQouIzQiNR0gFFEOIxJkQE98RW5BXDofPUpIc1AqAxs+AypKS2wfNxEVd1AvSktkRndBSmRHfwJHe1AtBxstS2hRCj4CNUpLfEFpQUp9TmhCQ3NA HTTP/1.1
Host: hecherthepar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Fri, 09 Dec 2022 17:43:37 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MJ2WSkLOzMn0hmtiaHCqP%2F5tuJfjgbnJIEK0JUkPtWG89japNdtRRekKoy%2B%2FM5SSz8q4TBhXqRjAM%2BifNgQ9tu7faDG%2BYGh%2F%2Fvtb2gPTPbkGZEMW7jgc9%2BAXDpo%2B7wezIRR3"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 776f8b48afc50b55-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bayfiles.com/static/logo.png
45.154.253.150200 OK 39 kB URL HTTP/1.1 bayfiles.com/static/logo.png
IP 45.154.253.150:0
ASN #41634 Svea Hosting AB
File type PNG image data, 292 x 251, 8-bit/color RGBA, non-interlaced\012- data
Hash d39dfc9566d5264e198224dc249dd6bb
67ec60e7df6257a32f41e45e6877dc65f036ef0f
0b959f7dd25865a8a0636b6bb81d523c07fb03f76905313b9b8d677ae294b25a
GET /static/logo.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/afebjak6y8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 09 Dec 2022 17:43:37 GMT
Content-Type: image/png
Content-Length: 38607
Connection: keep-alive
last-modified: Wed, 16 Nov 2022 13:30:55 GMT
etag: "6374e60f-96cf"
bayfiles.com/img/flags/24/kr.png
45.154.253.150200 OK 988 B URL HTTP/1.1 bayfiles.com/img/flags/24/kr.png
IP 45.154.253.150:0
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash cb22f00511d088a71e84f8c1c864caed
6599812ed106bda6017487287e12bc836570649f
09a03e08c73db3d8fb50241f004b69d673ec8ea90a6ca7252d66ce821d0b6db1
GET /img/flags/24/kr.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/afebjak6y8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 09 Dec 2022 17:43:37 GMT
Content-Type: image/png
Content-Length: 988
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 390
accept-ranges: bytes
ocsp.pki.goog/s/gts1p5/PIudMIVwldY
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/PIudMIVwldY
IP 142.250.74.131:0
Hash c1b3f456e3c84e3a2a9fd33d890e16ed
6a71d809023415957c45984ecd3f91fbcb35af56
dd9c0c8d710ab033bdba40995ffcc3aa294d8b110c134a4e7b81fc5ef5dc2dda
POST /s/gts1p5/PIudMIVwldY HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 17:43:37 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
policityseriod.info/MlRlbDdJdhYbaEcmCU4NEDwRGEdBbkpDVVMtAwVbVydLD1hfexYbGVgnR0AVQTkDTg0DeEcYVlULDAgVCHZSXwABZlNOGxAnEA5oWzBXTg0QNgdcVFdtBgoaAmEDDRoGN1FZGgtsU10aBGMDVQNTY1APBlQ3RxE
103.224.212.220302 Found 0 B URL HTTP/1.1 policityseriod.info/MlRlbDdJdhYbaEcmCU4NEDwRGEdBbkpDVVMtAwVbVydLD1hfexYbGVgnR0AVQTkDTg0DeEcYVlULDAgVCHZSXwABZlNOGxAnEA5oWzBXTg0QNgdcVFdtBgoaAmEDDRoGN1FZGgtsU10aBGMDVQNTY1APBlQ3RxE
IP 103.224.212.220:0
ASN #133618 Trellian Pty. Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
GET /MlRlbDdJdhYbaEcmCU4NEDwRGEdBbkpDVVMtAwVbVydLD1hfexYbGVgnR0AVQTkDTg0DeEcYVlULDAgVCHZSXwABZlNOGxAnEA5oWzBXTg0QNgdcVFdtBgoaAmEDDRoGN1FZGgtsU10aBGMDVQNTY1APBlQ3RxE HTTP/1.1
Host: policityseriod.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Date: Fri, 09 Dec 2022 17:43:37 GMT
Server: Apache/2.4.38 (Debian)
Set-Cookie: __tad=1670607817.1406265; expires=Mon, 06-Dec-2032 17:43:37 GMT; Max-Age=315360000
Location: http://ww25.policityseriod.info/MlRlbDdJdhYbaEcmCU4NEDwRGEdBbkpDVVMtAwVbVydLD1hfexYbGVgnR0AVQTkDTg0DeEcYVlULDAgVCHZSXwABZlNOGxAnEA5oWzBXTg0QNgdcVFdtBgoaAmEDDRoGN1FZGgtsU10aBGMDVQNTY1APBlQ3RxE?subid1=20221210-0443-375b-b580-558f329440c1
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8
bayfiles.com/img/flags/24/no.png
45.154.253.150200 OK 611 B URL HTTP/1.1 bayfiles.com/img/flags/24/no.png
IP 45.154.253.150:0
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash f14ac70aa6dd4d371671c0e6d7cba4e3
1139e3acd6e073bffb59157cbc10af72ed757218
9a4473862ea2b9bd1c5e1543900416e693b33516cae53fde32e1c3a83d3382e4
GET /img/flags/24/no.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/afebjak6y8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 09 Dec 2022 17:43:37 GMT
Content-Type: image/png
Content-Length: 611
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 136
accept-ranges: bytes
bayfiles.com/img/flags/24/fi.png
45.154.253.150200 OK 456 B URL HTTP/1.1 bayfiles.com/img/flags/24/fi.png
IP 45.154.253.150:0
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash 0ea9115d18d5210d4f1db520881faa3a
09829c2b7b5e4bae28d62b1dff90220f28c3bdf5
544fee9d1bff8bc83865ab87538924de207ebe4848787496c7308b91b539b6da
GET /img/flags/24/fi.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/afebjak6y8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 09 Dec 2022 17:43:37 GMT
Content-Type: image/png
Content-Length: 456
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 410
accept-ranges: bytes
bayfiles.com/img/flags/24/jp.png
45.154.253.150200 OK 599 B URL HTTP/1.1 bayfiles.com/img/flags/24/jp.png
IP 45.154.253.150:0
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash 857f6f0e0886a3729b758b7241e42e61
a7be973a93c6ad51cf07a9f21a5dd72cc3e15680
8e7b1cd46120293756d1f21bac4de809d2895c7c26dc7586e3e2a09a0f7c1d64
GET /img/flags/24/jp.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/afebjak6y8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 09 Dec 2022 17:43:37 GMT
Content-Type: image/png
Content-Length: 599
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 141
accept-ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 6d61d363f0f00585736abb35e1dcd6dc
9369b0eb806bd3264de91a4a3d99a10e71a5440e
7b16f38fc7c16381c9295dc3d7ec41321fe7629e1967882c051eefd049bb3ff2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 17:43:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 6d61d363f0f00585736abb35e1dcd6dc
9369b0eb806bd3264de91a4a3d99a10e71a5440e
7b16f38fc7c16381c9295dc3d7ec41321fe7629e1967882c051eefd049bb3ff2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 17:43:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 0a7f3569daca0714122cf2c2e2145763
a286adaa66480bb99214659c2e78f26723eec5cf
24153f851e57ee0c86efdb33ee350e608e1e1eb67a8e481afca65ffaafdaada9
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "24153F851E57EE0C86EFDB33EE350E608E1E1EB67A8E481AFCA65FFAAFDAADA9"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4657
Expires: Fri, 09 Dec 2022 19:01:14 GMT
Date: Fri, 09 Dec 2022 17:43:37 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 0a7f3569daca0714122cf2c2e2145763
a286adaa66480bb99214659c2e78f26723eec5cf
24153f851e57ee0c86efdb33ee350e608e1e1eb67a8e481afca65ffaafdaada9
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "24153F851E57EE0C86EFDB33EE350E608E1E1EB67A8E481AFCA65FFAAFDAADA9"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4657
Expires: Fri, 09 Dec 2022 19:01:14 GMT
Date: Fri, 09 Dec 2022 17:43:37 GMT
Connection: keep-alive
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
216.58.207.237302 Found 394 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP 216.58.207.237:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (379)
Hash c4c7878120b1137994acd898dff60f17
9d5791143add1e6afac81f08bcdf96ea7bedf5c6
334f4944737fe171627eb71d6fda653931c7042e12cf18526783a7876ce3fdff
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 09 Dec 2022 17:43:37 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S185076214%3A1670607817835308&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh5hVQ5r9U2L9PLxgFypEW33N8O9h974YNnODpzDuS4El6kG-z9e8FxU_633TMAuS-tMZmMccg
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-iFsLrB44GInATJjuBr6gLQ' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 394
server: GSE
set-cookie: __Host-GAPS=1:bZ6VMzHiaNrC80kbf2P1_LDwsN38cg:vHPeW-7XcXoKL_as;Path=/;Expires=Sun, 08-Dec-2024 17:43:37 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash f633515aa0c422842b875ca6098e1710
a8307c324c2bbb792d937c272151a9e43c435b5d
a840f16173cd49fc135618a9127b0ca830241c97ee1774f36ec61f4b9916e590
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5734
Cache-Control: max-age=86684
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 17:43:37 GMT
Etag: "63920d00-1d7"
Expires: Sat, 10 Dec 2022 17:48:21 GMT
Last-Modified: Thu, 08 Dec 2022 16:12:48 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 471
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
216.58.207.237302 Found 399 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP 216.58.207.237:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (384)
Hash fcda1798673b1843733e351771c64a55
a9b1ccb56c152cbd8973faa067024e6c55cf3ff0
8b4eb49a24a8b9151e9792dc9c301e00a6f49557a7618b2af8d1660131f4e873
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 09 Dec 2022 17:43:37 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S1174779259%3A1670607817860841&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh4gQYZJ_xYCJC90-PuRUZk7Kr1Bks-O7CRWvDFVrqxngcUCPuEz3Egt218HzTAWqPVDou-lkg
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-GsfFuB8kW8Sa9bfcXuWqUQ' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 399
server: GSE
set-cookie: __Host-GAPS=1:pBCHdmcving7A9SSCiSXAJhjCVBr1A:3fB5Y_WB92UIfOBe;Path=/;Expires=Sun, 08-Dec-2024 17:43:37 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
bayfiles.com/img/favicon/favicon-32x32-bayfiles.png?1663359761
45.154.253.150200 OK 1.4 kB URL HTTP/1.1 bayfiles.com/img/favicon/favicon-32x32-bayfiles.png?1663359761
IP 45.154.253.150:0
ASN #41634 Svea Hosting AB
File type PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash 9549584e9288a5dd9d163daa26a6f34d
0c7a71967bd4570770aa9b1043a1d82cd8969252
d18e625001a778074faea9e00ae801988818827c121732ba020390e84897578e
GET /img/favicon/favicon-32x32-bayfiles.png?1663359761 HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/afebjak6y8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 09 Dec 2022 17:43:37 GMT
Content-Type: image/png
Content-Length: 1368
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 153
accept-ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 8585fe73b51c643ee300c3df9313bfe1
c184ce0c12fbfc0f17a81ad0e0bdaad5503bceb1
807b590f961c83886bbd27c879dfbf03a3336005cdabbba42d4d63bdcb11bf51
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 17:43:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 0a7f3569daca0714122cf2c2e2145763
a286adaa66480bb99214659c2e78f26723eec5cf
24153f851e57ee0c86efdb33ee350e608e1e1eb67a8e481afca65ffaafdaada9
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "24153F851E57EE0C86EFDB33EE350E608E1E1EB67A8E481AFCA65FFAAFDAADA9"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4657
Expires: Fri, 09 Dec 2022 19:01:14 GMT
Date: Fri, 09 Dec 2022 17:43:37 GMT
Connection: keep-alive
accounts.google.com/v3/signin/identifier?dsh=S185076214%3A1670607817835308&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh5hVQ5r9U2L9PLxgFypEW33N8O9h974YNnODpzDuS4El6kG-z9e8FxU_633TMAuS-tMZmMccg
216.58.207.237403 Forbidden 1.3 kB URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S185076214%3A1670607817835308&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh5hVQ5r9U2L9PLxgFypEW33N8O9h974YNnODpzDuS4El6kG-z9e8FxU_633TMAuS-tMZmMccg
IP 216.58.207.237:0
Hash 20b99e314f204ffe14c2703b1b4b584f
f1041d614e06477c1b853e758416808f24b6f16a
563f33b9d5f59120f8695e5592965bf1588d690e958049b10901237a0c376b66
GET /v3/signin/identifier?dsh=S185076214%3A1670607817835308&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh5hVQ5r9U2L9PLxgFypEW33N8O9h974YNnODpzDuS4El6kG-z9e8FxU_633TMAuS-tMZmMccg HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bayfiles.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 09 Dec 2022 17:43:37 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-AOfiwGmpImahQhc5Ic2vIw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy-report-only: same-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
eventhenherthisi.com/WlJ1U3A7MBY+TztvF3UFKD5IdkIcd0cVFDAkTGoDIj0EIwZrY1swHDUnETUCNTwBfR4/JlBhNjgHHjs8OGEsKzojBz8AIwM6OWI6GAstakQCFyNjOTA1NBQzEGMxEUQtCzcgVWgQLTQhPBMhZjobOxIgFDZrJAMZMT42FgRqHiYGPQlgOyY7PSEgMUMiJjIkKWMbRgo3HCg4PiAbEzYcGRckJgI9IDYmCjEeFgY4Oi1nIQoxb3dHESEPCEY2Hi4aNAcDNx4CEjITBURmKCI1GDEoNjQnYTo3N0UjNh8VRGYoLRdCGR5rMCBhNREwGWI3ETxAdkIcAR4GITgKWD8WGBEnJxUZZz0KHms+LWJJaTcbIDkfKDA5Oh8iMBU4KmUtOCozNy0nFQ9gN2c8CwswHQluOTNiPj0WGyMWC2ENZxIIIjkKB3w4BjweKm8yIjZoAQBiAhcbAA
13.225.131.67200 OK 1.2 kB URL HTTP/2 eventhenherthisi.com/WlJ1U3A7MBY+TztvF3UFKD5IdkIcd0cVFDAkTGoDIj0EIwZrY1swHDUnETUCNTwBfR4/JlBhNjgHHjs8OGEsKzojBz8AIwM6OWI6GAstakQCFyNjOTA1NBQzEGMxEUQtCzcgVWgQLTQhPBMhZjobOxIgFDZrJAMZMT42FgRqHiYGPQlgOyY7PSEgMUMiJjIkKWMbRgo3HCg4PiAbEzYcGRckJgI9IDYmCjEeFgY4Oi1nIQoxb3dHESEPCEY2Hi4aNAcDNx4CEjITBURmKCI1GDEoNjQnYTo3N0UjNh8VRGYoLRdCGR5rMCBhNREwGWI3ETxAdkIcAR4GITgKWD8WGBEnJxUZZz0KHms+LWJJaTcbIDkfKDA5Oh8iMBU4KmUtOCozNy0nFQ9gN2c8CwswHQluOTNiPj0WGyMWC2ENZxIIIjkKB3w4BjweKm8yIjZoAQBiAhcbAA
IP 13.225.131.67:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3039), with no line terminators
Hash 20bcfb09ff3f47c3deea94e78ff3fdb8
ea82304604a193252fc3ddf953b0c1ddd4058e29
7f26bd6284e171431a2efd00229df57a3a55d9988f54f2fa7a2b1860554a7ac6
GET /WlJ1U3A7MBY+TztvF3UFKD5IdkIcd0cVFDAkTGoDIj0EIwZrY1swHDUnETUCNTwBfR4/JlBhNjgHHjs8OGEsKzojBz8AIwM6OWI6GAstakQCFyNjOTA1NBQzEGMxEUQtCzcgVWgQLTQhPBMhZjobOxIgFDZrJAMZMT42FgRqHiYGPQlgOyY7PSEgMUMiJjIkKWMbRgo3HCg4PiAbEzYcGRckJgI9IDYmCjEeFgY4Oi1nIQoxb3dHESEPCEY2Hi4aNAcDNx4CEjITBURmKCI1GDEoNjQnYTo3N0UjNh8VRGYoLRdCGR5rMCBhNREwGWI3ETxAdkIcAR4GITgKWD8WGBEnJxUZZz0KHms+LWJJaTcbIDkfKDA5Oh8iMBU4KmUtOCozNy0nFQ9gN2c8CwswHQluOTNiPj0WGyMWC2ENZxIIIjkKB3w4BjweKm8yIjZoAQBiAhcbAA HTTP/1.1
Host: eventhenherthisi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1192
date: Fri, 09 Dec 2022 17:43:37 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 cd1475e8dfc127af2db8d7d52ea9ef40.cloudfront.net (CloudFront)
x-amz-cf-pop: ICN54-C2
x-amz-cf-id: 1n22lkIQigt3Ik_K4xTOJGaT3Nh6kHjSYuwkQaKQLlTpFwUtzb209w==
X-Firefox-Spdy: h2
eventhenherthisi.com/VUNlUW00IQY8UjR+B3cYJy9YdF8TZlcXCT81XGgeLSwUIRtkcksyATo2ATcfOi0RfwMwN0BjK2IMMQs/AzknMDoBex0VXWQlKwYCHQACFwQPAjA3NRYKUQkGPg8oNj9wcSc1KzoBKwQjZRYPOQYAKFUSJTsFIABcHzA/KTcDFR9pGhERXAU9LxIrEi8UNChgJBACCzIEABI3Mz08cj8HOzo0BjYncHEjEF5sLSMAHhImNhM3A3IsdF8XCiAcDhcEIGQ/FzQgCDoMAiMmN2UZLRgOFwQgNjoDICQLNRwHACkjPxlVNj0ULTc6Dj00IAg+AwQtEDgEGQIQIBIESBdIZwEjAB4SDQ8bOQAvCWE3DRopEwAXLSQQChIaLRguFhUkZScDFQMGPjk6JD9VHRoyGAgWESQ6DDIGQzseOi0VbA4GDSg9PTcwKDUEZiERZSI
13.225.131.67200 OK 1.2 kB URL HTTP/2 eventhenherthisi.com/VUNlUW00IQY8UjR+B3cYJy9YdF8TZlcXCT81XGgeLSwUIRtkcksyATo2ATcfOi0RfwMwN0BjK2IMMQs/AzknMDoBex0VXWQlKwYCHQACFwQPAjA3NRYKUQkGPg8oNj9wcSc1KzoBKwQjZRYPOQYAKFUSJTsFIABcHzA/KTcDFR9pGhERXAU9LxIrEi8UNChgJBACCzIEABI3Mz08cj8HOzo0BjYncHEjEF5sLSMAHhImNhM3A3IsdF8XCiAcDhcEIGQ/FzQgCDoMAiMmN2UZLRgOFwQgNjoDICQLNRwHACkjPxlVNj0ULTc6Dj00IAg+AwQtEDgEGQIQIBIESBdIZwEjAB4SDQ8bOQAvCWE3DRopEwAXLSQQChIaLRguFhUkZScDFQMGPjk6JD9VHRoyGAgWESQ6DDIGQzseOi0VbA4GDSg9PTcwKDUEZiERZSI
IP 13.225.131.67:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3029), with no line terminators
Hash 24652e625951675ea1d0e5eeede24de3
be0c39568fd0216504020b7eeef8372afcdadcbd
526188f4c856e9f6d36c179c327ddefd2e5b31df77bbcb6076db03d6a732b965
GET /VUNlUW00IQY8UjR+B3cYJy9YdF8TZlcXCT81XGgeLSwUIRtkcksyATo2ATcfOi0RfwMwN0BjK2IMMQs/AzknMDoBex0VXWQlKwYCHQACFwQPAjA3NRYKUQkGPg8oNj9wcSc1KzoBKwQjZRYPOQYAKFUSJTsFIABcHzA/KTcDFR9pGhERXAU9LxIrEi8UNChgJBACCzIEABI3Mz08cj8HOzo0BjYncHEjEF5sLSMAHhImNhM3A3IsdF8XCiAcDhcEIGQ/FzQgCDoMAiMmN2UZLRgOFwQgNjoDICQLNRwHACkjPxlVNj0ULTc6Dj00IAg+AwQtEDgEGQIQIBIESBdIZwEjAB4SDQ8bOQAvCWE3DRopEwAXLSQQChIaLRguFhUkZScDFQMGPjk6JD9VHRoyGAgWESQ6DDIGQzseOi0VbA4GDSg9PTcwKDUEZiERZSI HTTP/1.1
Host: eventhenherthisi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1180
date: Fri, 09 Dec 2022 17:43:37 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 cd1475e8dfc127af2db8d7d52ea9ef40.cloudfront.net (CloudFront)
x-amz-cf-pop: ICN54-C2
x-amz-cf-id: 0ziXX7VjxPCxAR2Er_N9Aud4AyCArynzboNdJItjedXqJ9LCtocb5Q==
X-Firefox-Spdy: h2
eventhenherthisi.com/T2lyZG8uCxEJUC5UEEIaPQVPQV0JTEAiCyUfS10cNwYDFBl+WFwHAyAcFgIdIAcGSgEqHVdWKSsMOgAgFgUrBigMKDcFPjgMOQhWJz0nIlYZPjABJxtZPCsuJyIwJgckLxtcLQkBSjU+Ig4lKC03IhQPPnkuIA8fF1ozACgcWBQ+Xns+OQMtPT00IVkKAxkwPCYKNioXFig7NjZqWzAhFwEGNB4LCS4bITYfESMGI38NGTQEBQ4nCiEEO0A9OR8RKzAmHTwePDoZTEAmKwwjFjY3ej0oCDUHCEMhOhc8JEFdDS8mXDgeMQIsNRsZIQIpBhwmDyE9PCA2Cx0xX1A+Bi9DISt+Jx8wOSNMQCY8fCc5NhYkITw2IhYIQyU+HAIWQV0JPB8+JR1aSyw1Cg4gLhcOEzoMCH07QDVKfSsgCloXDDcMPQBYSwpJJRodCh9yIwhWARcmBi0Heg
13.225.131.67200 OK 1.2 kB URL HTTP/2 eventhenherthisi.com/T2lyZG8uCxEJUC5UEEIaPQVPQV0JTEAiCyUfS10cNwYDFBl+WFwHAyAcFgIdIAcGSgEqHVdWKSsMOgAgFgUrBigMKDcFPjgMOQhWJz0nIlYZPjABJxtZPCsuJyIwJgckLxtcLQkBSjU+Ig4lKC03IhQPPnkuIA8fF1ozACgcWBQ+Xns+OQMtPT00IVkKAxkwPCYKNioXFig7NjZqWzAhFwEGNB4LCS4bITYfESMGI38NGTQEBQ4nCiEEO0A9OR8RKzAmHTwePDoZTEAmKwwjFjY3ej0oCDUHCEMhOhc8JEFdDS8mXDgeMQIsNRsZIQIpBhwmDyE9PCA2Cx0xX1A+Bi9DISt+Jx8wOSNMQCY8fCc5NhYkITw2IhYIQyU+HAIWQV0JPB8+JR1aSyw1Cg4gLhcOEzoMCH07QDVKfSsgCloXDDcMPQBYSwpJJRodCh9yIwhWARcmBi0Heg
IP 13.225.131.67:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3036), with no line terminators
Hash 62d44d8afdd4782a891038a81de38454
a4285590121e2850f6770637221e69be0c3a9000
c3c69e64a4c3cc79c02ebc10e2603aa8c987148252fe7cb0c1768c7c986cbdd4
GET /T2lyZG8uCxEJUC5UEEIaPQVPQV0JTEAiCyUfS10cNwYDFBl+WFwHAyAcFgIdIAcGSgEqHVdWKSsMOgAgFgUrBigMKDcFPjgMOQhWJz0nIlYZPjABJxtZPCsuJyIwJgckLxtcLQkBSjU+Ig4lKC03IhQPPnkuIA8fF1ozACgcWBQ+Xns+OQMtPT00IVkKAxkwPCYKNioXFig7NjZqWzAhFwEGNB4LCS4bITYfESMGI38NGTQEBQ4nCiEEO0A9OR8RKzAmHTwePDoZTEAmKwwjFjY3ej0oCDUHCEMhOhc8JEFdDS8mXDgeMQIsNRsZIQIpBhwmDyE9PCA2Cx0xX1A+Bi9DISt+Jx8wOSNMQCY8fCc5NhYkITw2IhYIQyU+HAIWQV0JPB8+JR1aSyw1Cg4gLhcOEzoMCH07QDVKfSsgCloXDDcMPQBYSwpJJRodCh9yIwhWARcmBi0Heg HTTP/1.1
Host: eventhenherthisi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1190
date: Fri, 09 Dec 2022 17:43:37 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 cd1475e8dfc127af2db8d7d52ea9ef40.cloudfront.net (CloudFront)
x-amz-cf-pop: ICN54-C2
x-amz-cf-id: Of34O5z_Twz3oj6SKcbU1Ys-XP8S4wymS7jkRaIaGYRvukXrOxEOsQ==
X-Firefox-Spdy: h2
policityseriod.info/
103.224.212.220302 Found 0 B IP 103.224.212.220:0
ASN #133618 Trellian Pty. Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
POST / HTTP/1.1
Host: policityseriod.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 388
Origin: https://bayfiles.com
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Date: Fri, 09 Dec 2022 17:43:38 GMT
Server: Apache/2.4.38 (Debian)
Set-Cookie: __tad=1670607818.2740174; expires=Mon, 06-Dec-2032 17:43:38 GMT; Max-Age=315360000
Location: http://ww25.policityseriod.info/?subid1=20221210-0443-3878-8044-84a4b7e433e4
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8
eventhenherthisi.com/utx?cb=FPDsgKbMfyOk&top=bayfiles.com&tid=737333
13.225.131.67204 No Content 0 B URL HTTP/2 eventhenherthisi.com/utx?cb=FPDsgKbMfyOk&top=bayfiles.com&tid=737333
IP 13.225.131.67:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=FPDsgKbMfyOk&top=bayfiles.com&tid=737333 HTTP/1.1
Host: eventhenherthisi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bayfiles.com
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Fri, 09 Dec 2022 17:43:37 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://bayfiles.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Fri, 09 Dec 2022 17:44:37 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 cd1475e8dfc127af2db8d7d52ea9ef40.cloudfront.net (CloudFront)
x-amz-cf-pop: ICN54-C2
x-amz-cf-id: iXJBIMhwDCvWhC3sE_N69cMTRyknIG39-y_J3i_vjM5xPPAZADJ0Jw==
X-Firefox-Spdy: h2
eventhenherthisi.com/utx?cb=nDiVcqbjhrJ9&top=bayfiles.com&tid=756376
13.225.131.67204 No Content 0 B URL HTTP/2 eventhenherthisi.com/utx?cb=nDiVcqbjhrJ9&top=bayfiles.com&tid=756376
IP 13.225.131.67:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=nDiVcqbjhrJ9&top=bayfiles.com&tid=756376 HTTP/1.1
Host: eventhenherthisi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bayfiles.com
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Fri, 09 Dec 2022 17:43:37 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://bayfiles.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Fri, 09 Dec 2022 17:44:37 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 cd1475e8dfc127af2db8d7d52ea9ef40.cloudfront.net (CloudFront)
x-amz-cf-pop: ICN54-C2
x-amz-cf-id: uc-l2tRzkI_CPskWV8E9XTz6iu-NBRHdPGD06b9thwHG9SVgcI75rg==
X-Firefox-Spdy: h2
bayfiles.com/sw.js?S0RuQzYQZllwAXh2WGEaaWZCYVQpdA0mDygiQ3MDLSVDd1V%2EcUN6Dn11Q3UBLX1aIgF%2BJ18lVWloTHYHe3cLJVV5aQgiBy5pWnsDe2lXcg4qaVZ3UHwiDXcALXdddxRnZh00FGdmHixaIicHN084IRwqWS9qBy1QJGZCYQNldkwe
45.154.253.150200 OK 14 kB URL HTTP/1.1 bayfiles.com/sw.js?S0RuQzYQZllwAXh2WGEaaWZCYVQpdA0mDygiQ3MDLSVDd1V%2EcUN6Dn11Q3UBLX1aIgF%2BJ18lVWloTHYHe3cLJVV5aQgiBy5pWnsDe2lXcg4qaVZ3UHwiDXcALXdddxRnZh00FGdmHixaIicHN084IRwqWS9qBy1QJGZCYQNldkwe
IP 45.154.253.150:0
ASN #41634 Svea Hosting AB
File type ASCII text, with very long lines (39060), with no line terminators
Hash fefdeff3180d9772f08a2cadce9a55b0
5610f0290b7f4c81c57a65703825fc2830aeac96
0009589421c540c0b0ee37fde74f5373962096bc8e9869a953b4cb59547a8f61
GET /sw.js?S0RuQzYQZllwAXh2WGEaaWZCYVQpdA0mDygiQ3MDLSVDd1V%2EcUN6Dn11Q3UBLX1aIgF%2BJ18lVWloTHYHe3cLJVV5aQgiBy5pWnsDe2lXcg4qaVZ3UHwiDXcALXdddxRnZh00FGdmHixaIicHN084IRwqWS9qBy1QJGZCYQNldkwe HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 09 Dec 2022 17:43:38 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
x-vdch: Yes
cache-control: public, max-age=14400
x-oe: Y
x-oh: 11104
Content-Encoding: gzip
djv99sxoqpv11.cloudfront.net/bUkhLb3YxJyUJSSYhL1JBYX94XEV0IjgAGCJ1DB4wYBs+XgQfAT5JAigsdl9QPiklCEt0LSUMS2NuKgsUb3xtGwY9I3YGFzMmPAACOiMvSQMzdSYADDskJw5TYA5+QUZ3entHATsmLwABIW15XxgmbXlfR2Jme0pFEG15XwE7Jn1bU2EKbl1GKn5/SkUQbX-lfBCRteC5HYn1lX193ensIEzEjJEpEFHp7XkZieXteU2B4LQYENy4kF1NgDnpfQ3x4bRpLYw
54.230.245.37200 OK 555 B URL HTTP/2 djv99sxoqpv11.cloudfront.net/bUkhLb3YxJyUJSSYhL1JBYX94XEV0IjgAGCJ1DB4wYBs+XgQfAT5JAigsdl9QPiklCEt0LSUMS2NuKgsUb3xtGwY9I3YGFzMmPAACOiMvSQMzdSYADDskJw5TYA5+QUZ3entHATsmLwABIW15XxgmbXlfR2Jme0pFEG15XwE7Jn1bU2EKbl1GKn5/SkUQbX-lfBCRteC5HYn1lX193ensIEzEjJEpEFHp7XkZieXteU2B4LQYENy4kF1NgDnpfQ3x4bRpLYw
IP 54.230.245.37:0
File type ASCII text, with very long lines (779), with no line terminators
Hash 25258c0b311b839e09390272cc9d87dc
8bd655b202fdecc9c92d0117e5f7938825dc7695
90406567cf4511a824c68faa08a2a8381e5d4614df6f722fa27b003786020a88
Analyzer Verdict Alert fortinet Malware
GET /bUkhLb3YxJyUJSSYhL1JBYX94XEV0IjgAGCJ1DB4wYBs+XgQfAT5JAigsdl9QPiklCEt0LSUMS2NuKgsUb3xtGwY9I3YGFzMmPAACOiMvSQMzdSYADDskJw5TYA5+QUZ3entHATsmLwABIW15XxgmbXlfR2Jme0pFEG15XwE7Jn1bU2EKbl1GKn5/SkUQbX-lfBCRteC5HYn1lX193ensIEzEjJEpEFHp7XkZieXteU2B4LQYENy4kF1NgDnpfQ3x4bRpLYw HTTP/1.1
Host: djv99sxoqpv11.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eventhenherthisi.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 555
date: Fri, 09 Dec 2022 17:43:38 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: j3zqwTyFFRaKexZPiLFweF2zZLuC4NYE9VSSOwMNaIxxhgbTlxVmtQ==
X-Firefox-Spdy: h2
djv99sxoqpv11.cloudfront.net/7OTZRVzBaWT8xD01fNWoHCgFiZAUfXCI4XkkLMgR+dFoBNUN0UjhkUk0CHnFEQ1JsZxZVVz8wDR9TPzQNCBAwM1IEAnciUQRbPi1ZVVowcgJ/A39nFQsGeSBZV1I+IEMcBGE5RBwEYWYAFwZ0ZHIcBGEgWVcAZXIDexNjZ0gPAnRkchwEYSVGHAUQZgAMGG-F+FQsGNjJTUll0ZXYLBmBnAAgGYHICCVA4JVVfWSlyAn8HYWIeCRAkagE
54.230.245.37200 OK 194 B URL HTTP/2 djv99sxoqpv11.cloudfront.net/7OTZRVzBaWT8xD01fNWoHCgFiZAUfXCI4XkkLMgR+dFoBNUN0UjhkUk0CHnFEQ1JsZxZVVz8wDR9TPzQNCBAwM1IEAnciUQRbPi1ZVVowcgJ/A39nFQsGeSBZV1I+IEMcBGE5RBwEYWYAFwZ0ZHIcBGEgWVcAZXIDexNjZ0gPAnRkchwEYSVGHAUQZgAMGG-F+FQsGNjJTUll0ZXYLBmBnAAgGYHICCVA4JVVfWSlyAn8HYWIeCRAkagE
IP 54.230.245.37:0
File type ASCII text, with no line terminators
Hash 354674337e60a4dfda068ab58cb1a780
e768a82846750eca8c8e03fc0290b945e530246a
c2e12f354ec83d04de18d8dfa10e4e38d1e1670731d0576fc8878a3948b84fad
Analyzer Verdict Alert fortinet Malware
GET /7OTZRVzBaWT8xD01fNWoHCgFiZAUfXCI4XkkLMgR+dFoBNUN0UjhkUk0CHnFEQ1JsZxZVVz8wDR9TPzQNCBAwM1IEAnciUQRbPi1ZVVowcgJ/A39nFQsGeSBZV1I+IEMcBGE5RBwEYWYAFwZ0ZHIcBGEgWVcAZXIDexNjZ0gPAnRkchwEYSVGHAUQZgAMGG-F+FQsGNjJTUll0ZXYLBmBnAAgGYHICCVA4JVVfWSlyAn8HYWIeCRAkagE HTTP/1.1
Host: djv99sxoqpv11.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eventhenherthisi.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 194
date: Fri, 09 Dec 2022 17:43:38 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: B7CcUq8nExMdafDSOgEn00QrwgvhDNeSJiNnBHJ1y-SPn0nynhgiYQ==
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5720
Expires: Fri, 09 Dec 2022 19:18:58 GMT
Date: Fri, 09 Dec 2022 17:43:38 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5720
Expires: Fri, 09 Dec 2022 19:18:58 GMT
Date: Fri, 09 Dec 2022 17:43:38 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5720
Expires: Fri, 09 Dec 2022 19:18:58 GMT
Date: Fri, 09 Dec 2022 17:43:38 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5720
Expires: Fri, 09 Dec 2022 19:18:58 GMT
Date: Fri, 09 Dec 2022 17:43:38 GMT
Connection: keep-alive
pogothere.xyz/asd100.bin
172.64.172.27200 OK 103 kB IP 172.64.172.27:0
Size 103 kB (102903 bytes)
Hash 7b639b5becd22c1dd4c83739b4561963
0776cac659e5a6e5053c0367bd6ef23297445c8b
05a068bbee9672e323dc88e84c01132e0b586e12302e674b1c615dad2c5c484b
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bayfiles.com/
Origin: https://bayfiles.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 09 Dec 2022 17:43:37 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://bayfiles.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 2055
last-modified: Fri, 09 Dec 2022 17:09:22 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JTWbnqLZm3lvnTSZK8FRBRjUzVdf6Odn6NR9ximDI3Emx%2FOd7STlvhwR60YTwNjIyF2OK%2FVeCkY4QLdA8RS8iiVSvMi2Yddv5Umr0lAel5VW81QUKCHrGbnZpbDTNilw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 776f8b4d9e42888f-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
djv99sxoqpv11.cloudfront.net/deHdOYlYbGCAEaQweKl9hTUF9VWBeHT0NOAhKBBhkFi8BFh8QQmgWLBxKfkQ6GRkpX3AdGS1fZ14WKgBrTFE6EjkTSicDNxYAIRY+ExNoFzdFGiEYPxQbL0dkPkJgUnNKR2YVPxYTIRUlXUV+DCJdRX5TZlZHa1EUXUV+FT8WQXpHZTpSfFIuTkNrURRdRX-4QIF1ED1NmTVl+S3NKRykHNRMYa1AQSkd/UmZJR39HZEgRJxAzHhg2R2Q+Rn5XeEhRO19n
54.230.245.37200 OK 453 B URL HTTP/2 djv99sxoqpv11.cloudfront.net/deHdOYlYbGCAEaQweKl9hTUF9VWBeHT0NOAhKBBhkFi8BFh8QQmgWLBxKfkQ6GRkpX3AdGS1fZ14WKgBrTFE6EjkTSicDNxYAIRY+ExNoFzdFGiEYPxQbL0dkPkJgUnNKR2YVPxYTIRUlXUV+DCJdRX5TZlZHa1EUXUV+FT8WQXpHZTpSfFIuTkNrURRdRX-4QIF1ED1NmTVl+S3NKRykHNRMYa1AQSkd/UmZJR39HZEgRJxAzHhg2R2Q+Rn5XeEhRO19n
IP 54.230.245.37:0
File type ASCII text, with very long lines (594), with no line terminators
Hash ad4b9cff36c0d21db4e117f40298e4bb
ef071cba62829e8b54dc40098b6b7718a248b977
028c085172cadf0b4aac9953307b3833d5e384dd9becc1a656f2be59cc8d55d1
Analyzer Verdict Alert fortinet Malware
GET /deHdOYlYbGCAEaQweKl9hTUF9VWBeHT0NOAhKBBhkFi8BFh8QQmgWLBxKfkQ6GRkpX3AdGS1fZ14WKgBrTFE6EjkTSicDNxYAIRY+ExNoFzdFGiEYPxQbL0dkPkJgUnNKR2YVPxYTIRUlXUV+DCJdRX5TZlZHa1EUXUV+FT8WQXpHZTpSfFIuTkNrURRdRX-4QIF1ED1NmTVl+S3NKRykHNRMYa1AQSkd/UmZJR39HZEgRJxAzHhg2R2Q+Rn5XeEhRO19n HTTP/1.1
Host: djv99sxoqpv11.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eventhenherthisi.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 453
date: Fri, 09 Dec 2022 17:43:38 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: KnsJQR-rpZixhoWzG5mEI71YCYvBo_kJdhi5tLiSn1xL5d3S2eA4iQ==
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbe602fad-66c2-48db-acd3-371ca6dcb8f6.jpeg
34.120.237.76200 OK 7.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbe602fad-66c2-48db-acd3-371ca6dcb8f6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8c3214044657f3b876d1f1848bca5684
7558222788f06623ddae6e883413e38e1146281e
e1f9c9c445bba7765f371dbb655cab43c1e12de7cbd015f8034c494118f7f708
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbe602fad-66c2-48db-acd3-371ca6dcb8f6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7897
x-amzn-requestid: 032fd8ae-b7e9-4e12-8546-838191a73688
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cwVM_F51IAMFunw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63900252-345ae6cd107d207f5dbe29a8;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 03:02:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: N-zFZ8yeL7RrOZ5xfqvfBaE3zcXWecvr6Jd-93nKiUZlCXp2n2_Bgw==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 03:41:46 GMT
age: 50512
etag: "7558222788f06623ddae6e883413e38e1146281e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
eventhenherthisi.com/multi?cs=Zjhjdm5RCVZDXlILU0RXUglUR1k&abt=0&red=1&sm=76&k=&v=1.0.60.1&sts=0&prn=0&emb=0&tid=756376&rxy=1280_1024&fs=1&ref=https%3A%2F%2Fbayfiles.com%2Fafebjak6y8&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&_zHsV=1670607816604&crc=1
13.225.131.67200 OK 1.6 kB URL HTTP/2 eventhenherthisi.com/multi?cs=Zjhjdm5RCVZDXlILU0RXUglUR1k&abt=0&red=1&sm=76&k=&v=1.0.60.1&sts=0&prn=0&emb=0&tid=756376&rxy=1280_1024&fs=1&ref=https%3A%2F%2Fbayfiles.com%2Fafebjak6y8&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&_zHsV=1670607816604&crc=1
IP 13.225.131.67:0
File type ASCII text, with very long lines (3271), with no line terminators
Hash d811909c649df519b8cddcd6742736c6
35497a7d94afab1d336f0a914c28a2ece76cf854
8e7e3b7df66e9a82e224bf351b5b3b2214016f9b5f35a74fdfad35d46aff0999
GET /multi?cs=Zjhjdm5RCVZDXlILU0RXUglUR1k&abt=0&red=1&sm=76&k=&v=1.0.60.1&sts=0&prn=0&emb=0&tid=756376&rxy=1280_1024&fs=1&ref=https%3A%2F%2Fbayfiles.com%2Fafebjak6y8&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&_zHsV=1670607816604&crc=1 HTTP/1.1
Host: eventhenherthisi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bayfiles.com
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/plain
content-length: 1584
date: Fri, 09 Dec 2022 17:43:38 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://bayfiles.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=ab976ebd-0331-45ea-aab1-0267d628f255
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 cd1475e8dfc127af2db8d7d52ea9ef40.cloudfront.net (CloudFront)
x-amz-cf-pop: ICN54-C2
x-amz-cf-id: 7PZSz4dOUoM-phrCHq_COweXnasTsOO79FaJn7X-UhJxKjYfzkjOUA==
X-Firefox-Spdy: h2
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
157.240.221.35200 OK 10 kB URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP 157.240.221.35:0
Hash 8aa4a721c6de6b99c34e1eb4887c325e
0dd5899b8a80dcb46e45645d2c35787cb8d0ced9
26f8950f7601b08e2c866af0527e6057bed0744e4baed029e62fda9b36ef72f2
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: x0q4MHWvpRkBM/6hOJ1o02QSUYnJLInJsmnhhIFFkr9WUjABhUVvJ9woom4wWgZaVkRN9v1ZIU9fjaAKoN33ew==
date: Fri, 09 Dec 2022 17:43:37 GMT
priority: u=3,i
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a20bda5-6ca4-42c4-8729-6e975652e66a.jpeg
34.120.237.76200 OK 6.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a20bda5-6ca4-42c4-8729-6e975652e66a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8546542f00ea29ef4df6ab8d3c7c2164
5c8ffe91490006a9890188b53f875568c2b6bd8f
7fb11750ac339ac283da62fd370862c6b95a103a585ca5dd8c90038718d818a1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a20bda5-6ca4-42c4-8729-6e975652e66a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6578
x-amzn-requestid: 6392feb9-e33e-42fa-bc10-b5e31e654c9b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cw4beGG7oAMF8hA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63903aaf-2c890b7b0a16617346a0f7e7;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 07:03:11 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: H067kZXU_djWxbWO34bYMqa0xZ-WF9ntEBhZ-kV_TDoJFXQL_J1hqQ==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 03:34:27 GMT
age: 50951
etag: "5c8ffe91490006a9890188b53f875568c2b6bd8f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4119e239-0c3b-4175-bfe0-f5d42729d743.jpeg
34.120.237.76200 OK 7.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4119e239-0c3b-4175-bfe0-f5d42729d743.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8c94003641bb5a7595e7004f80f95d22
3446450df60d732f9021d5bfd5f5f7c6c870d9ec
4d782dbf94b2163e9bc18028cd0c1a391fdcfcb019f23c4c26ea0b44432039ff
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4119e239-0c3b-4175-bfe0-f5d42729d743.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7801
x-amzn-requestid: cb8d5aab-409f-4b39-b498-b1ba84f34e06
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: czFRNHX4oAMFvoQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63911c07-7c6e3bfa3f81082b48f43fa9;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 23:04:39 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 8QHhEAFHTHd-5UqS1S5qwJj_h4WNfix2CgS4MO4zR_psrzgMP3SZ5g==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 17:48:22 GMT
age: 86116
etag: "3446450df60d732f9021d5bfd5f5f7c6c870d9ec"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf07b4f3-8986-4a9c-8c85-b126338852d2.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf07b4f3-8986-4a9c-8c85-b126338852d2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 730ba1a8edb79ba6f83b46d1ba5aed7b
55a236fedf6f5f7ca2bb88ae13e20846a50fd36d
f8043e76265c59073d111987fd4c08d05a3ac80989af9269cca9ebcc21af4013
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf07b4f3-8986-4a9c-8c85-b126338852d2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12748
x-amzn-requestid: edd028e3-c23e-4985-b12d-d3ebe760df47
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cjuciEptIAMFj9A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638af783-1c151eb66f590c9c0e0c4c82;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 07:15:15 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: -y4-_OwHl5_OFykJYYZSqwIopjKoYy1MhaGTpVXd4Grq2EsUP2c3IA==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 07:44:29 GMT
age: 35949
etag: "55a236fedf6f5f7ca2bb88ae13e20846a50fd36d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5de5d319f43d9c9c641419d96655541f
cde4c7fa0145d3645af17e34c83c63c08f76a076
fdb114eb142f035c7a54195d16af51b5b423642c312f4bccc0f407d8fcc245aa
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7557
x-amzn-requestid: 400d1465-ecbf-4d95-8aa8-4dce5dca0716
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ctluwGo4oAMFhTg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638ee991-6dba29ae7065d5347a1a420d;Sampled=0
x-amzn-remapped-date: Tue, 06 Dec 2022 07:04:49 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Lazl-stakC-31gMuQ2WzH9uFkIb0g7HaaM3xkwSFdFJMWKTaKqrBEQ==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 04:07:07 GMT
age: 48991
etag: "cde4c7fa0145d3645af17e34c83c63c08f76a076"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
policityseriod.info/S0RuQzYQZllwAXh2WGEaaWZCYVQpdA0mDygiQ3MDLSVDd1V%2EcUN6Dn11Q3UBLX1aIgF%2BJ18lVWloTHYHe3cLJVV5aQgiBy5pWnsDe2lXcg4qaVZ3UHwiDXcALXdddxRnZh00FGdmHixaIicHN084IRwqWS9qBy1QJGZCYQNldkwe
103.224.212.220302 Found 0 B URL HTTP/1.1 policityseriod.info/S0RuQzYQZllwAXh2WGEaaWZCYVQpdA0mDygiQ3MDLSVDd1V%2EcUN6Dn11Q3UBLX1aIgF%2BJ18lVWloTHYHe3cLJVV5aQgiBy5pWnsDe2lXcg4qaVZ3UHwiDXcALXdddxRnZh00FGdmHixaIicHN084IRwqWS9qBy1QJGZCYQNldkwe
IP 103.224.212.220:0
ASN #133618 Trellian Pty. Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
GET /S0RuQzYQZllwAXh2WGEaaWZCYVQpdA0mDygiQ3MDLSVDd1V%2EcUN6Dn11Q3UBLX1aIgF%2BJ18lVWloTHYHe3cLJVV5aQgiBy5pWnsDe2lXcg4qaVZ3UHwiDXcALXdddxRnZh00FGdmHixaIicHN084IRwqWS9qBy1QJGZCYQNldkwe HTTP/1.1
Host: policityseriod.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Date: Fri, 09 Dec 2022 17:43:38 GMT
Server: Apache/2.4.38 (Debian)
Set-Cookie: __tad=1670607818.6916621; expires=Mon, 06-Dec-2032 17:43:38 GMT; Max-Age=315360000
Location: http://ww25.policityseriod.info/S0RuQzYQZllwAXh2WGEaaWZCYVQpdA0mDygiQ3MDLSVDd1V%2EcUN6Dn11Q3UBLX1aIgF%2BJ18lVWloTHYHe3cLJVV5aQgiBy5pWnsDe2lXcg4qaVZ3UHwiDXcALXdddxRnZh00FGdmHixaIicHN084IRwqWS9qBy1QJGZCYQNldkwe?subid1=20221210-0443-38a7-9321-65781dfaa6d9
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8
policityseriod.info/
103.224.212.220302 Found 0 B IP 103.224.212.220:0
ASN #133618 Trellian Pty. Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
POST / HTTP/1.1
Host: policityseriod.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 747
Origin: https://bayfiles.com
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Date: Fri, 09 Dec 2022 17:43:39 GMT
Server: Apache/2.4.38 (Debian)
Set-Cookie: __tad=1670607819.8019055; expires=Mon, 06-Dec-2032 17:43:39 GMT; Max-Age=315360000
Location: http://ww25.policityseriod.info/?subid1=20221210-0443-39b2-8cb8-87aeb278d97c
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8
policityseriod.info/
103.224.212.220302 Found 0 B IP 103.224.212.220:0
ASN #133618 Trellian Pty. Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
POST / HTTP/1.1
Host: policityseriod.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bayfiles.com/
Content-Type: text/plain;charset=UTF-8
Origin: https://bayfiles.com
Content-Length: 350
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Date: Fri, 09 Dec 2022 17:43:39 GMT
Server: Apache/2.4.38 (Debian)
Set-Cookie: __tad=1670607819.4363370; expires=Mon, 06-Dec-2032 17:43:39 GMT; Max-Age=315360000
Location: http://ww25.policityseriod.info/?subid1=20221210-0443-3955-bba0-55eb05aed762
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8
policityseriod.info/
103.224.212.220302 Found 0 B IP 103.224.212.220:0
ASN #133618 Trellian Pty. Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
POST / HTTP/1.1
Host: policityseriod.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bayfiles.com/
Content-Type: text/plain;charset=UTF-8
Origin: https://bayfiles.com
Content-Length: 360
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Date: Fri, 09 Dec 2022 17:43:39 GMT
Server: Apache/2.4.38 (Debian)
Set-Cookie: __tad=1670607819.3322086; expires=Mon, 06-Dec-2032 17:43:39 GMT; Max-Age=315360000
Location: http://ww25.policityseriod.info/?subid1=20221210-0443-3981-81d1-d4b9ddb6e369
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8
policityseriod.info/
103.224.212.220302 Found 0 B IP 103.224.212.220:0
ASN #133618 Trellian Pty. Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
POST / HTTP/1.1
Host: policityseriod.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 767
Origin: https://bayfiles.com
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Date: Fri, 09 Dec 2022 17:43:39 GMT
Server: Apache/2.4.38 (Debian)
Set-Cookie: __tad=1670607819.6999021; expires=Mon, 06-Dec-2032 17:43:39 GMT; Max-Age=315360000
Location: http://ww25.policityseriod.info/?subid1=20221210-0443-39b8-afc3-36d7a4775d25
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8
policityseriod.info/
103.224.212.220302 Found 0 B IP 103.224.212.220:0
ASN #133618 Trellian Pty. Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
POST / HTTP/1.1
Host: policityseriod.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 396
Origin: https://bayfiles.com
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Date: Fri, 09 Dec 2022 17:43:39 GMT
Server: Apache/2.4.38 (Debian)
Set-Cookie: __tad=1670607819.7576746; expires=Mon, 06-Dec-2032 17:43:39 GMT; Max-Age=315360000
Location: http://ww25.policityseriod.info/?subid1=20221210-0443-39ff-9749-288c2c093064
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8
policityseriod.info/
103.224.212.220302 Found 0 B IP 103.224.212.220:0
ASN #133618 Trellian Pty. Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
POST / HTTP/1.1
Host: policityseriod.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bayfiles.com/
Content-Type: text/plain;charset=UTF-8
Origin: https://bayfiles.com
Content-Length: 353
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Date: Fri, 09 Dec 2022 17:43:39 GMT
Server: Apache/2.4.38 (Debian)
Set-Cookie: __tad=1670607819.6025821; expires=Mon, 06-Dec-2032 17:43:39 GMT; Max-Age=315360000
Location: http://ww25.policityseriod.info/?subid1=20221210-0443-3926-b206-7d294ffb386c
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8
policityseriod.info/
103.224.212.220302 Found 0 B IP 103.224.212.220:0
ASN #133618 Trellian Pty. Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
POST / HTTP/1.1
Host: policityseriod.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 395
Origin: https://bayfiles.com
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Date: Fri, 09 Dec 2022 17:43:39 GMT
Server: Apache/2.4.38 (Debian)
Set-Cookie: __tad=1670607819.5167517; expires=Mon, 06-Dec-2032 17:43:39 GMT; Max-Age=315360000
Location: http://ww25.policityseriod.info/?subid1=20221210-0443-39f2-9ece-d8dac0cc050d
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8
policityseriod.info/
103.224.212.220302 Found 0 B IP 103.224.212.220:0
ASN #133618 Trellian Pty. Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
POST / HTTP/1.1
Host: policityseriod.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bayfiles.com/
Content-Type: text/plain;charset=UTF-8
Origin: https://bayfiles.com
Content-Length: 351
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Date: Fri, 09 Dec 2022 17:43:40 GMT
Server: Apache/2.4.38 (Debian)
Set-Cookie: __tad=1670607820.2806983; expires=Mon, 06-Dec-2032 17:43:40 GMT; Max-Age=315360000
Location: http://ww25.policityseriod.info/?subid1=20221210-0443-4087-a8b3-406df718f033
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8
pogothere.xyz/asd100.bin
172.64.172.27200 OK 0 B IP 172.64.172.27:0
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bayfiles.com/
Origin: https://bayfiles.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 09 Dec 2022 17:43:37 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://bayfiles.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 2055
last-modified: Fri, 09 Dec 2022 17:09:22 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jDeFieBuu5mrn%2BZipzk7cFNKPCvX%2FKB7%2F8v5l0QWb53APIX5tVgFd7FUd59Ojp7R7d0%2BRgfJMPe9kVm07HXukE77nhKFtVXdNv29%2FiYQP9puZqEUdvciIqackikdj2Dl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 776f8b4dae4c888f-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?dsh=S1174779259%3A1670607817860841&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh4gQYZJ_xYCJC90-PuRUZk7Kr1Bks-O7CRWvDFVrqxngcUCPuEz3Egt218HzTAWqPVDou-lkg
216.58.207.237403 Forbidden 0 B URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S1174779259%3A1670607817860841&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh4gQYZJ_xYCJC90-PuRUZk7Kr1Bks-O7CRWvDFVrqxngcUCPuEz3Egt218HzTAWqPVDou-lkg
IP 216.58.207.237:0
GET /v3/signin/identifier?dsh=S1174779259%3A1670607817860841&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh4gQYZJ_xYCJC90-PuRUZk7Kr1Bks-O7CRWvDFVrqxngcUCPuEz3Egt218HzTAWqPVDou-lkg HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bayfiles.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 09 Dec 2022 17:43:37 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-security-policy: script-src 'nonce-eSx6ZcZGh_U4HQXOQHzXaA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi/external"}]}
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
pogothere.xyz/
172.64.172.27200 OK 0 B IP 172.64.172.27:0
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bayfiles.com/
Origin: https://bayfiles.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Dec 2022 17:43:37 GMT
content-type: text/plain
set-cookie: csu=1352123763562408@1@1670607817; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://bayfiles.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BMXdrfM6V4WdYSDVR2%2BXbhl1kNaoqXyTSp%2FaUK0Cqsux9IBtxM2zemfPHaMHiASOvoOGLdSw0DT6ZmH4Q3eJ82v%2F8Kx2zFddiyd2ZFAP1beQJJJUgCgwSycjIZt7vr6D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 776f8b4dae53888f-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2