cdn-116.bayfiles.com/dbsfz7J8y3/0909d9dd-1672558608/Refugee.rar
195.96.151.68301 Moved Permanently 162 B URL HTTP/1.1 cdn-116.bayfiles.com/dbsfz7J8y3/0909d9dd-1672558608/Refugee.rar
IP 195.96.151.68:0
ASN #41634 Svea Hosting AB
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /dbsfz7J8y3/0909d9dd-1672558608/Refugee.rar HTTP/1.1
Host: cdn-116.bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 11 Jan 2023 02:05:48 GMT
Content-Type: text/html
Content-Length: 162
Connection: close
Location: https://cdn-116.bayfiles.com/dbsfz7J8y3/0909d9dd-1672558608/Refugee.rar
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e6b7a72139d0ef7688330456e9be9a4c
e130a94e7d531768300071764dd1e81fee5bbbcb
d3818afd1493030105341b4cfb91037acbf27085c96068b3ef91c5071277c8e5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D3818AFD1493030105341B4CFB91037ACBF27085C96068B3EF91C5071277C8E5"
Last-Modified: Mon, 09 Jan 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3310
Expires: Wed, 11 Jan 2023 03:00:58 GMT
Date: Wed, 11 Jan 2023 02:05:48 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash eecebe0566883e33558e8e67beaccb29
acdd8fd09e2066ed5ecfbc3f11c4a2d61218ecc7
65e21170242bf41eb529fa422385dbe5af65a61e374e6dd5669e7e5f927948af
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "65E21170242BF41EB529FA422385DBE5AF65A61E374E6DD5669E7E5F927948AF"
Last-Modified: Mon, 09 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6464
Expires: Wed, 11 Jan 2023 03:53:32 GMT
Date: Wed, 11 Jan 2023 02:05:48 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 718fc486cd6a70fcacc1653759703fae
bf60ba7a37d2deef1b7000e91cc88da586bb75ca
398d02e16da466ffe87b64ac34b007615951cca14d43610b4acd58bc2a5fadff
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "398D02E16DA466FFE87B64AC34B007615951CCA14D43610B4ACD58BC2A5FADFF"
Last-Modified: Tue, 10 Jan 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3902
Expires: Wed, 11 Jan 2023 03:10:50 GMT
Date: Wed, 11 Jan 2023 02:05:48 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Content-Type, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 11 Jan 2023 01:41:44 GMT
content-type: application/json
age: 1444
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash b1fcd419a4245617397846e8d17233f6
2a037ce244587640b27ead9a0ec2af4f862d91b2
e059b6d834c06e58494c43fb2ff42acbc27c1a1d8f7f30e2f32ca0e167599e2f
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 6hK6j9Rtci158Mq4XDflLeVQsbK8FaOOC6l3+LJzd1W5Rt4lAe2suwjbo5+UNFJ8McYR4MAS1iK9Tsb+xL9E0Q==
x-amz-request-id: 7AWSC37YTGXRN4F8
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 11 Jan 2023 01:16:51 GMT
age: 2937
last-modified: Tue, 20 Dec 2022 14:47:58 GMT
etag: "b1fcd419a4245617397846e8d17233f6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
cdn-116.bayfiles.com/dbsfz7J8y3/0909d9dd-1672558608/Refugee.rar
195.96.151.68301 Moved Permanently 0 B URL HTTP/1.1 cdn-116.bayfiles.com/dbsfz7J8y3/0909d9dd-1672558608/Refugee.rar
IP 195.96.151.68:0
ASN #41634 Svea Hosting AB
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /dbsfz7J8y3/0909d9dd-1672558608/Refugee.rar HTTP/1.1
Host: cdn-116.bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 11 Jan 2023 02:05:48 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Location: https://bayfiles.com/dbsfz7J8y3
X-Cache-Host: filecache-03
X-Cache-Disk: nvme-01
Accept-Ranges: bytes
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 11 Jan 2023 02:05:48 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 776670d88aa1412a36328bccb5fd63f2
2f1ccbaa5095a9b764e9dd5deacf54b61a8d49f1
782806bb9ed8a2e934ff1099611e06cbfa910743cad5d6ef4b39c73594472c72
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "782806BB9ED8A2E934FF1099611E06CBFA910743CAD5D6EF4B39C73594472C72"
Last-Modified: Mon, 09 Jan 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4185
Expires: Wed, 11 Jan 2023 03:15:33 GMT
Date: Wed, 11 Jan 2023 02:05:48 GMT
Connection: keep-alive
bayfiles.com/dbsfz7J8y3
45.154.253.150200 OK 2.8 kB IP 45.154.253.150:0
ASN #41634 Svea Hosting AB
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (467)
Hash 8b2476bde001985d4f7b8673990166eb
07cb17d9d26e5c0602870eec9c2ac41a7368751c
da0d64f356cc3e7199b52360a35ca85ea58b4213f59279b442abafa8f05a2c64
GET /dbsfz7J8y3 HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 11 Jan 2023 02:05:48 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
x-vdc: Yes
cache-control: public, max-age=60
x-oe: N
Content-Encoding: gzip
bayfiles.com/css/bayfiles.css?1668606177
45.154.253.150200 OK 25 kB URL HTTP/1.1 bayfiles.com/css/bayfiles.css?1668606177
IP 45.154.253.150:0
ASN #41634 Svea Hosting AB
File type ASCII text, with very long lines (65452)
Hash 896df88019eabed295bc78a2f053ab92
1bca351d99600fb10583eb28c638dd58482535a0
b1555a31747d1f471ea748a1363cf9c588d66dd15dcf42cf7fa0b2911d0424d0
GET /css/bayfiles.css?1668606177 HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/dbsfz7J8y3
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 11 Jan 2023 02:05:49 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
cache-control: public, max-age=3600
x-oe: Y
x-oh: 179
Content-Encoding: gzip
vjs.zencdn.net/7.3.0/video-js.min.css
151.101.2.217200 OK 9.7 kB URL HTTP/2 vjs.zencdn.net/7.3.0/video-js.min.css
IP 151.101.2.217:0
File type ASCII text, with very long lines (35998), with no line terminators
Hash 3397ce943db8add2728dccd9a3b8b8bc
a57bbb7546a458fe57d72d06baab950125260cc9
5779043d07e39f23d64752c34c3113055eaaadf57fcd02f366cb028485e626ba
GET /7.3.0/video-js.min.css HTTP/1.1
Host: vjs.zencdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Fri, 26 Oct 2018 18:06:27 GMT
etag: "895e6b29db41953ef6197815c6be59d3"
cache-control: public, max-age=31536000
content-type: text/css; charset=utf-8
content-encoding: gzip
date: Wed, 11 Jan 2023 02:05:49 GMT
x-served-by: cache-bma1657-BMA
x-cache: HIT
x-cache-hits: 4005
vary: Accept-Encoding
access-control-allow-origin: *
timing-allow-origin: *
content-length: 9673
X-Firefox-Spdy: h2
bayfiles.com/js/app.js?1668606177
45.154.253.150200 OK 58 kB URL HTTP/1.1 bayfiles.com/js/app.js?1668606177
IP 45.154.253.150:0
ASN #41634 Svea Hosting AB
File type ASCII text, with very long lines (63238)
Hash ba67ff13fd07739a7037fbc27b2a1955
3e253f69b2f12659c541de122c6bce0ed82ba369
1cb363c41be4b3558b7b97b28bb7620cf532033c8a7a0035020831c104aaf818
GET /js/app.js?1668606177 HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/dbsfz7J8y3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 11 Jan 2023 02:05:49 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
cache-control: public, max-age=3600
x-oe: Y
x-oh: 68
Content-Encoding: gzip
bayfiles.com/sw.js
45.154.253.150200 OK 14 kB IP 45.154.253.150:0
ASN #41634 Svea Hosting AB
File type ASCII text, with very long lines (39060), with no line terminators
Hash fefdeff3180d9772f08a2cadce9a55b0
5610f0290b7f4c81c57a65703825fc2830aeac96
0009589421c540c0b0ee37fde74f5373962096bc8e9869a953b4cb59547a8f61
GET /sw.js HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/dbsfz7J8y3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 11 Jan 2023 02:05:49 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
x-vdch: Yes
cache-control: public, max-age=14400
x-oe: Y
x-oh: 608
Content-Encoding: gzip
bayfiles.com/img/file/filetypes/ext/rar.png?1663356888
45.154.253.150200 OK 631 B URL HTTP/1.1 bayfiles.com/img/file/filetypes/ext/rar.png?1663356888
IP 45.154.253.150:0
ASN #41634 Svea Hosting AB
File type PNG image data, 16 x 16, 8-bit colormap, non-interlaced\012- data
Hash d33954367bc5d15c7f0e01857e7ae8ea
b8b5ba4e52c439feed2b51c7f982be6f4dee3aae
a6f8963dd8d602e135e8b860b7e48badfd78c2b1bef9ec362a39ce2fc484606f
GET /img/file/filetypes/ext/rar.png?1663356888 HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/dbsfz7J8y3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 11 Jan 2023 02:05:49 GMT
Content-Type: image/png
Content-Length: 631
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 104
accept-ranges: bytes
bayfiles.com/img/flags/24/pl.png
45.154.253.150200 OK 347 B URL HTTP/1.1 bayfiles.com/img/flags/24/pl.png
IP 45.154.253.150:0
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash baf3aff7caef0be58f29b41f20a0e4db
11c840dfa1f1bd22a04aa1fa53fcac95f381b9a6
0a3a8803b7a137166a04369522ec2b31513dcd4c07e2120107c55d9a7f7b646f
GET /img/flags/24/pl.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/dbsfz7J8y3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 11 Jan 2023 02:05:49 GMT
Content-Type: image/png
Content-Length: 347
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 94
accept-ranges: bytes
bayfiles.com/img/flags/24/jp.png
45.154.253.150200 OK 599 B URL HTTP/1.1 bayfiles.com/img/flags/24/jp.png
IP 45.154.253.150:0
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash 857f6f0e0886a3729b758b7241e42e61
a7be973a93c6ad51cf07a9f21a5dd72cc3e15680
8e7b1cd46120293756d1f21bac4de809d2895c7c26dc7586e3e2a09a0f7c1d64
GET /img/flags/24/jp.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/dbsfz7J8y3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 11 Jan 2023 02:05:49 GMT
Content-Type: image/png
Content-Length: 599
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 175
accept-ranges: bytes
bayfiles.com/img/flags/24/in.png
45.154.253.150200 OK 593 B URL HTTP/1.1 bayfiles.com/img/flags/24/in.png
IP 45.154.253.150:0
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash ccaf96cfc341dc9a17e24b96bef223ff
8791d6db6628e0fb21b847ab94484f0c615e38ac
728e008d94e2e3bae2679d50a051562f1ccce1fd604196c7880a3d96f3070354
GET /img/flags/24/in.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/dbsfz7J8y3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 11 Jan 2023 02:05:49 GMT
Content-Type: image/png
Content-Length: 593
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 1381
accept-ranges: bytes
bayfiles.com/img/flags/24/fi.png
45.154.253.150200 OK 456 B URL HTTP/1.1 bayfiles.com/img/flags/24/fi.png
IP 45.154.253.150:0
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash 0ea9115d18d5210d4f1db520881faa3a
09829c2b7b5e4bae28d62b1dff90220f28c3bdf5
544fee9d1bff8bc83865ab87538924de207ebe4848787496c7308b91b539b6da
GET /img/flags/24/fi.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/dbsfz7J8y3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 11 Jan 2023 02:05:49 GMT
Content-Type: image/png
Content-Length: 456
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 153
accept-ranges: bytes
bayfiles.com/img/flags/24/ru.png
45.154.253.150200 OK 403 B URL HTTP/1.1 bayfiles.com/img/flags/24/ru.png
IP 45.154.253.150:0
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash d8df89b036e6afb48f72d2440831bad0
04abb4b29dae9c6f1ac0f1d8a507aabe26a3be35
2db4b55326c0ef7cd3caf53e835ae1f38629da1d1c2f5a127e0785165b16078c
GET /img/flags/24/ru.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/dbsfz7J8y3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 11 Jan 2023 02:05:49 GMT
Content-Type: image/png
Content-Length: 403
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 177
accept-ranges: bytes
bayfiles.com/img/flags/24/no.png
45.154.253.150200 OK 611 B URL HTTP/1.1 bayfiles.com/img/flags/24/no.png
IP 45.154.253.150:0
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash f14ac70aa6dd4d371671c0e6d7cba4e3
1139e3acd6e073bffb59157cbc10af72ed757218
9a4473862ea2b9bd1c5e1543900416e693b33516cae53fde32e1c3a83d3382e4
GET /img/flags/24/no.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/dbsfz7J8y3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 11 Jan 2023 02:05:49 GMT
Content-Type: image/png
Content-Length: 611
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 309
accept-ranges: bytes
djv99sxoqpv11.cloudfront.net/?xsvjd=737333
54.230.245.37200 OK 98 kB URL HTTP/2 djv99sxoqpv11.cloudfront.net/?xsvjd=737333
IP 54.230.245.37:0
File type Unicode text, UTF-8 text, with very long lines (15948)
Hash a606fbe6d7c34590f748113ca91162d5
b2f80261f7a234554fded5b1d3f959eba5ba0471
eefe074c3358299cdec3c8acef6e8502a32aed39f10009e723109301b19c0052
GET /?xsvjd=737333 HTTP/1.1
Host: djv99sxoqpv11.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 98219
date: Wed, 11 Jan 2023 02:05:49 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Miss from cloudfront
via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Q7tS1cgy2pfX2kfsQAm68diYnmuT8cnhELl1TPA7hJvqyiS2kutYCw==
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Pragma, Content-Length, Alert, Expires, ETag, Last-Modified, Backoff, Content-Type, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 11 Jan 2023 01:33:45 GMT
age: 1924
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
bayfiles.com/img/flags/24/se.png
45.154.253.150200 OK 581 B URL HTTP/1.1 bayfiles.com/img/flags/24/se.png
IP 45.154.253.150:0
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash c9b1e40987c4411b4a7d13c07a8843aa
cfce93be3ba77e4e30033d25e2e5c6a37da1b27d
8c04b3b52d605637bb4c6a26449c45e5320a3f33f14e8c737ce599433bc19f14
GET /img/flags/24/se.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/dbsfz7J8y3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 11 Jan 2023 02:05:49 GMT
Content-Type: image/png
Content-Length: 581
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 266
accept-ranges: bytes
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash a831a999b5e598b4e9f4e31e8054ca7c
9971a4a806f48777ae6d9525085d16d0c6314c51
cdffa8dd48e75baa98670f82dfac2b3948667ca32dd93f469d2cd49d3a58581c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3699
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 11 Jan 2023 02:05:49 GMT
Last-Modified: Wed, 11 Jan 2023 01:04:12 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 471
bayfiles.com/img/flags/24/de.png
45.154.253.150200 OK 483 B URL HTTP/1.1 bayfiles.com/img/flags/24/de.png
IP 45.154.253.150:0
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash 9f8cc07c258bcd2de0c7900861e20ffc
fed97219e44693d4f3918fc4037b325732225d81
07cd5a4cad20604f77dced9c7d8a92ca9ae3321718e5a1935296e4d75f921a19
GET /img/flags/24/de.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/dbsfz7J8y3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 11 Jan 2023 02:05:49 GMT
Content-Type: image/png
Content-Length: 483
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 226
accept-ranges: bytes
ocsp.pki.goog/s/gts1p5/30tfd9a8gQQ
142.250.74.131200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/30tfd9a8gQQ
IP 142.250.74.131:0
Hash c3c3e2a0fdff60a554e5c1f5d49c8133
b336ed1b7f6f6ed79b1c6b3abbbf9f9f2fba5f69
9cc7a77dd925482fe213098ae4af27d60b961f14ec91ff88d68a198eb15b57b5
POST /s/gts1p5/30tfd9a8gQQ HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 11 Jan 2023 02:05:49 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/s/gts1p5/30tfd9a8gQQ
142.250.74.131200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/30tfd9a8gQQ
IP 142.250.74.131:0
Hash c3c3e2a0fdff60a554e5c1f5d49c8133
b336ed1b7f6f6ed79b1c6b3abbbf9f9f2fba5f69
9cc7a77dd925482fe213098ae4af27d60b961f14ec91ff88d68a198eb15b57b5
POST /s/gts1p5/30tfd9a8gQQ HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 11 Jan 2023 02:05:49 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/s/gts1p5/30tfd9a8gQQ
142.250.74.131200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/30tfd9a8gQQ
IP 142.250.74.131:0
Hash c3c3e2a0fdff60a554e5c1f5d49c8133
b336ed1b7f6f6ed79b1c6b3abbbf9f9f2fba5f69
9cc7a77dd925482fe213098ae4af27d60b961f14ec91ff88d68a198eb15b57b5
POST /s/gts1p5/30tfd9a8gQQ HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 11 Jan 2023 02:05:49 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
bayfiles.com/img/flags/24/dk.png
45.154.253.150200 OK 537 B URL HTTP/1.1 bayfiles.com/img/flags/24/dk.png
IP 45.154.253.150:0
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash b6ebe55a7d176720cd2b1003298187a8
930858408b9af1f79c430bbe15c185db555a7815
07575cf7a8d7d2b8edfbea80f8e8a228ecc56a03a567bc60c0ef4dc6ac0f328a
GET /img/flags/24/dk.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/dbsfz7J8y3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 11 Jan 2023 02:05:49 GMT
Content-Type: image/png
Content-Length: 537
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 176
accept-ranges: bytes
iokenattharmiin.com.ua/RnRPTU8nFiwgcCdJLWs6NBhyaH0AUX0LKywCdnQ8Phs+PTl3RWEuIykBKys9KRo7YyEjAGp/CR8gIikcIx4aOQwCAywOJSk7ASYsBRIZDycVJRUiCxUxGRo1cxUCCSMeEQwXKAsiCXkMPi1+GjV2MSsMehY/Iz0mHjIkOwwSIgcINjU+AhgsAxUOFH0BNSd7HhUtBBomEBUCH3oFOA0cNQdFLCUKDiUfGwcLPx8cDSU9KD41HgMsBBooDAQIBz4sKip+JT0OAHYCIRU/GRE9GhwYMiIWJjwALQkpfBUsKz8ZET0BFQwEJhUhdwEwCgcoFR9+eRp1WSsHK3QAGRQoLjAufB4SJzgbeBUjBRkKDgwXAx1/IwUcJ3UnBwN3EEYBBg0eTRcUfn48KSoKcTcJDCAFNz8rDTEcGBQkfhYpJgooJjgcaSwHICM/exYML3kHRgQpeSowACM8JQ
65.9.44.30200 OK 1.2 kB URL HTTP/2 iokenattharmiin.com.ua/RnRPTU8nFiwgcCdJLWs6NBhyaH0AUX0LKywCdnQ8Phs+PTl3RWEuIykBKys9KRo7YyEjAGp/CR8gIikcIx4aOQwCAywOJSk7ASYsBRIZDycVJRUiCxUxGRo1cxUCCSMeEQwXKAsiCXkMPi1+GjV2MSsMehY/Iz0mHjIkOwwSIgcINjU+AhgsAxUOFH0BNSd7HhUtBBomEBUCH3oFOA0cNQdFLCUKDiUfGwcLPx8cDSU9KD41HgMsBBooDAQIBz4sKip+JT0OAHYCIRU/GRE9GhwYMiIWJjwALQkpfBUsKz8ZET0BFQwEJhUhdwEwCgcoFR9+eRp1WSsHK3QAGRQoLjAufB4SJzgbeBUjBRkKDgwXAx1/IwUcJ3UnBwN3EEYBBg0eTRcUfn48KSoKcTcJDCAFNz8rDTEcGBQkfhYpJgooJjgcaSwHICM/exYML3kHRgQpeSowACM8JQ
IP 65.9.44.30:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3048), with no line terminators
Hash 0242bf7331445c499c29afdeb611cf0f
d17edc854ac7697a5e0503b0f9ec10161506dd82
628aff2f142f6f056b94b7e420691005c04345ed50e4abd92c966cf5e4711e05
GET /RnRPTU8nFiwgcCdJLWs6NBhyaH0AUX0LKywCdnQ8Phs+PTl3RWEuIykBKys9KRo7YyEjAGp/CR8gIikcIx4aOQwCAywOJSk7ASYsBRIZDycVJRUiCxUxGRo1cxUCCSMeEQwXKAsiCXkMPi1+GjV2MSsMehY/Iz0mHjIkOwwSIgcINjU+AhgsAxUOFH0BNSd7HhUtBBomEBUCH3oFOA0cNQdFLCUKDiUfGwcLPx8cDSU9KD41HgMsBBooDAQIBz4sKip+JT0OAHYCIRU/GRE9GhwYMiIWJjwALQkpfBUsKz8ZET0BFQwEJhUhdwEwCgcoFR9+eRp1WSsHK3QAGRQoLjAufB4SJzgbeBUjBRkKDgwXAx1/IwUcJ3UnBwN3EEYBBg0eTRcUfn48KSoKcTcJDCAFNz8rDTEcGBQkfhYpJgooJjgcaSwHICM/exYML3kHRgQpeSowACM8JQ HTTP/1.1
Host: iokenattharmiin.com.ua
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1199
date: Wed, 11 Jan 2023 02:05:49 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 a970743f386cb7ff58c6ef8459b5f9e0.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: 2mHcFtfmiwb5ocrTi7ZXmqW1crCC-k6kwru0_ZM7TULSKewNvRvw3Q==
X-Firefox-Spdy: h2
iokenattharmiin.com.ua/MGI4MWtRAFtcVFFfWhceQg4FFFl2Rwp3D1oUAQgYSA1JQR0BUxZSB18XXFcZXwxMHwVVFh0DLUosfV0gfQ9+aSFZMG1pAHEFdFZSZyALBF5xNGliIkoOXHVbYlJ1Ai57NmsIU2kIXAMgdxp/dlpyUl1ZOn40a1IfdFJcYyFJCWhkKXkNdF0pUyN/CU4CJG0AE2ooUnMJdDRfXglHI1ZwPFRUfgAmdTtsAAl0U3lcO2UkfXMFWwlqWjp3B2BCKGQVakIOaCB9cwVbW29GU3MEbwkpeRp+Bg5bEmBwLEhXW3Q6dwdsWS5iI1t4DkcobXYFXAh+ACZ1LlEcUmIhVEUYVSpqZSl4Cg5wB3EnXXZTcTdueAx/JFt5PEokTnAoUyRdaVNTN2p4U1QVdRcBQw1WQVZJIVNIDQYybnMK
65.9.44.30200 OK 1.2 kB URL HTTP/2 iokenattharmiin.com.ua/MGI4MWtRAFtcVFFfWhceQg4FFFl2Rwp3D1oUAQgYSA1JQR0BUxZSB18XXFcZXwxMHwVVFh0DLUosfV0gfQ9+aSFZMG1pAHEFdFZSZyALBF5xNGliIkoOXHVbYlJ1Ai57NmsIU2kIXAMgdxp/dlpyUl1ZOn40a1IfdFJcYyFJCWhkKXkNdF0pUyN/CU4CJG0AE2ooUnMJdDRfXglHI1ZwPFRUfgAmdTtsAAl0U3lcO2UkfXMFWwlqWjp3B2BCKGQVakIOaCB9cwVbW29GU3MEbwkpeRp+Bg5bEmBwLEhXW3Q6dwdsWS5iI1t4DkcobXYFXAh+ACZ1LlEcUmIhVEUYVSpqZSl4Cg5wB3EnXXZTcTdueAx/JFt5PEokTnAoUyRdaVNTN2p4U1QVdRcBQw1WQVZJIVNIDQYybnMK
IP 65.9.44.30:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3015), with no line terminators
Hash 5d861f67a7cad24261e5f1a47f679f49
6458809ff4d7b0ab1feaa5e547979b115b1872c1
e56cbb1fee36ce6eedb9ec7088ef7ec1c006d73cd1b4db125dd2ad3d36068999
GET /MGI4MWtRAFtcVFFfWhceQg4FFFl2Rwp3D1oUAQgYSA1JQR0BUxZSB18XXFcZXwxMHwVVFh0DLUosfV0gfQ9+aSFZMG1pAHEFdFZSZyALBF5xNGliIkoOXHVbYlJ1Ai57NmsIU2kIXAMgdxp/dlpyUl1ZOn40a1IfdFJcYyFJCWhkKXkNdF0pUyN/CU4CJG0AE2ooUnMJdDRfXglHI1ZwPFRUfgAmdTtsAAl0U3lcO2UkfXMFWwlqWjp3B2BCKGQVakIOaCB9cwVbW29GU3MEbwkpeRp+Bg5bEmBwLEhXW3Q6dwdsWS5iI1t4DkcobXYFXAh+ACZ1LlEcUmIhVEUYVSpqZSl4Cg5wB3EnXXZTcTdueAx/JFt5PEokTnAoUyRdaVNTN2p4U1QVdRcBQw1WQVZJIVNIDQYybnMK HTTP/1.1
Host: iokenattharmiin.com.ua
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1169
date: Wed, 11 Jan 2023 02:05:49 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 a970743f386cb7ff58c6ef8459b5f9e0.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: tHgez1xHU94O6RyDrFWrWzM9_6SSDEKfVom9PS8mNqrfFxr95hb3kw==
X-Firefox-Spdy: h2
iokenattharmiin.com.ua/TzBndU4uUgQYcS4NBVM7PVxaUHwJFVUzKiVGXkw9N18WBTh+AUkWIiBFAxM8IF4TWyAqREJHCDd+IgEcAWctLQQLCTMtGw5ZKSQmGXE/RCcOXDYmBxx6BjELHQIkIhwdVjUBJCl0JSMGOEReIBgFRC0gdghzPwF9GGEpFAIIRzM3fyBfBTQcCmY0TTQMdj4mHjZ2BjYfJF8pIAcOYh4aIRlHVjEsHGIyLX8kWyxEOQBnJAV+DUk2NxQYdTYgDx1aLRk5AmUkJCMdWwQyKzUJJSc5FQc+NBgCciBAJysABDIrNmoEMQ8FFVUzKg5pADAWI1gzIx8OUgpYBHxiEC95BgApPQw4QAA3GCxRAkYpHmUmJD0Bdj4/GX0FDRZ/DnUCGAsJZRAneCtxAyYbJnkNIA8dUipGHwd6JiN5FXITJgslBRQ3D2laFBogPw0/JH0GYFU8HC5kPT19KQ
65.9.44.30200 OK 1.2 kB URL HTTP/2 iokenattharmiin.com.ua/TzBndU4uUgQYcS4NBVM7PVxaUHwJFVUzKiVGXkw9N18WBTh+AUkWIiBFAxM8IF4TWyAqREJHCDd+IgEcAWctLQQLCTMtGw5ZKSQmGXE/RCcOXDYmBxx6BjELHQIkIhwdVjUBJCl0JSMGOEReIBgFRC0gdghzPwF9GGEpFAIIRzM3fyBfBTQcCmY0TTQMdj4mHjZ2BjYfJF8pIAcOYh4aIRlHVjEsHGIyLX8kWyxEOQBnJAV+DUk2NxQYdTYgDx1aLRk5AmUkJCMdWwQyKzUJJSc5FQc+NBgCciBAJysABDIrNmoEMQ8FFVUzKg5pADAWI1gzIx8OUgpYBHxiEC95BgApPQw4QAA3GCxRAkYpHmUmJD0Bdj4/GX0FDRZ/DnUCGAsJZRAneCtxAyYbJnkNIA8dUipGHwd6JiN5FXITJgslBRQ3D2laFBogPw0/JH0GYFU8HC5kPT19KQ
IP 65.9.44.30:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3046), with no line terminators
Hash 1515413058607efa0d47c713136f20a6
5eb6bd1cfbbfd5a8bf091303807237cbd6706e5b
5ae4b9a916579c306e6737225d12822b57cb0094022bbe5e918bd3594cc36b12
GET /TzBndU4uUgQYcS4NBVM7PVxaUHwJFVUzKiVGXkw9N18WBTh+AUkWIiBFAxM8IF4TWyAqREJHCDd+IgEcAWctLQQLCTMtGw5ZKSQmGXE/RCcOXDYmBxx6BjELHQIkIhwdVjUBJCl0JSMGOEReIBgFRC0gdghzPwF9GGEpFAIIRzM3fyBfBTQcCmY0TTQMdj4mHjZ2BjYfJF8pIAcOYh4aIRlHVjEsHGIyLX8kWyxEOQBnJAV+DUk2NxQYdTYgDx1aLRk5AmUkJCMdWwQyKzUJJSc5FQc+NBgCciBAJysABDIrNmoEMQ8FFVUzKg5pADAWI1gzIx8OUgpYBHxiEC95BgApPQw4QAA3GCxRAkYpHmUmJD0Bdj4/GX0FDRZ/DnUCGAsJZRAneCtxAyYbJnkNIA8dUipGHwd6JiN5FXITJgslBRQ3D2laFBogPw0/JH0GYFU8HC5kPT19KQ HTTP/1.1
Host: iokenattharmiin.com.ua
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1195
date: Wed, 11 Jan 2023 02:05:49 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 a970743f386cb7ff58c6ef8459b5f9e0.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: WKxG2kR_UdTmoaZdWDYDDi5dcRut7mApNtZNev8bZSI2hWq-Xk0YoQ==
X-Firefox-Spdy: h2
policityseriod.info/V2xIWnAsTjstLyIeJHhKdQQ8LgAkVmd1EjYVLjMcMh9mOR86QzstXj0fanZSJAEueEpmQGouETAzIT5SbU5%2FaUdkXn54XHUfPTgvPgh6eEp1DipqEzJVKzxdZ1kuO11jD3xvXW5UfmtdYVsuY0Q2W305QTEPaic
199.115.116.43404 Not Found 196 B URL HTTP/1.1 policityseriod.info/V2xIWnAsTjstLyIeJHhKdQQ8LgAkVmd1EjYVLjMcMh9mOR86QzstXj0fanZSJAEueEpmQGouETAzIT5SbU5%2FaUdkXn54XHUfPTgvPgh6eEp1DipqEzJVKzxdZ1kuO11jD3xvXW5UfmtdYVsuY0Q2W305QTEPaic
IP 199.115.116.43:0
ASN #30633 LEASEWEB-USA-WDC
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
Analyzer Verdict Alert fortinet Malware
GET /V2xIWnAsTjstLyIeJHhKdQQ8LgAkVmd1EjYVLjMcMh9mOR86QzstXj0fanZSJAEueEpmQGouETAzIT5SbU5%2FaUdkXn54XHUfPTgvPgh6eEp1DipqEzJVKzxdZ1kuO11jD3xvXW5UfmtdYVsuY0Q2W305QTEPaic HTTP/1.1
Host: policityseriod.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 404 Not Found
date: Wed, 11 Jan 2023 02:05:49 GMT
server: Apache/2.4.38 (Debian)
content-length: 196
content-type: text/html; charset=iso-8859-1
connection: close
eiorwithitofsti.com.ua/MHl6a3EfRhkYTFEtNB0nXj8rKScJHiktFnMuSCEyZTgsDytbOFwfGFRETVhGA0pJTQFZHUdaV0MNGx8EQ0RLTRheHxVWV0ZES0VCBFdJWl8CXw9WQBYNCgoWDUhcGwVEFUdaRwdKTltDB0pPXUYB
188.114.96.1204 No Content 0 B URL HTTP/2 eiorwithitofsti.com.ua/MHl6a3EfRhkYTFEtNB0nXj8rKScJHiktFnMuSCEyZTgsDytbOFwfGFRETVhGA0pJTQFZHUdaV0MNGx8EQ0RLTRheHxVWV0ZES0VCBFdJWl8CXw9WQBYNCgoWDUhcGwVEFUdaRwdKTltDB0pPXUYB
IP 188.114.96.1:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /MHl6a3EfRhkYTFEtNB0nXj8rKScJHiktFnMuSCEyZTgsDytbOFwfGFRETVhGA0pJTQFZHUdaV0MNGx8EQ0RLTRheHxVWV0ZES0VCBFdJWl8CXw9WQBYNCgoWDUhcGwVEFUdaRwdKTltDB0pPXUYB HTTP/1.1
Host: eiorwithitofsti.com.ua
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Wed, 11 Jan 2023 02:05:50 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G0xRoViFOpTOqg8Aiyg9bPtlnYQ9vCMcmtYM5Jio28nDH2Z0o%2FLsWiFashHiEbXkWUt9eJxR0ao%2Bxjw7OR3KjMT%2F21cjdjjSSORt8U%2B5JOKB1sI%2FxmupYXndtefU8UM9BrWDyOue6p34"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 787a16f2da360b06-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
eiorwithitofsti.com.ua/MFIxMTMfbVJCDn0aWWtqAjl0Yl4JAGlWX3EzAEVWcmJBQGQBZhdFWlRvBgQFA2UHF0NZNgwDChYhRVBHRSEMABVZPFdeDhYkDAAdAHwHAR0BdEQMAhYmQVBUDWMXQUdEPgwABQdhBQEBB2EEBwsD
188.114.96.1204 No Content 0 B URL HTTP/2 eiorwithitofsti.com.ua/MFIxMTMfbVJCDn0aWWtqAjl0Yl4JAGlWX3EzAEVWcmJBQGQBZhdFWlRvBgQFA2UHF0NZNgwDChYhRVBHRSEMABVZPFdeDhYkDAAdAHwHAR0BdEQMAhYmQVBUDWMXQUdEPgwABQdhBQEBB2EEBwsD
IP 188.114.96.1:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /MFIxMTMfbVJCDn0aWWtqAjl0Yl4JAGlWX3EzAEVWcmJBQGQBZhdFWlRvBgQFA2UHF0NZNgwDChYhRVBHRSEMABVZPFdeDhYkDAAdAHwHAR0BdEQMAhYmQVBUDWMXQUdEPgwABQdhBQEBB2EEBwsD HTTP/1.1
Host: eiorwithitofsti.com.ua
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Wed, 11 Jan 2023 02:05:50 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2dbp0wqjHZDqJfa%2Bywjt8Xej%2BTUu8R9UFqsBJpf987OMT9mz02KAhavps6ojONxT7XFMoA7EBn%2FaLwj%2FZ9NlGr7HS%2BLwVWH48k0v7guQN%2F0HKZDhYMWNi60AelfThQXV5rLWbMrhWHnV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 787a16f32a480b06-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/30tfd9a8gQQ
142.250.74.131200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/30tfd9a8gQQ
IP 142.250.74.131:0
Hash c3c3e2a0fdff60a554e5c1f5d49c8133
b336ed1b7f6f6ed79b1c6b3abbbf9f9f2fba5f69
9cc7a77dd925482fe213098ae4af27d60b961f14ec91ff88d68a198eb15b57b5
POST /s/gts1p5/30tfd9a8gQQ HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 11 Jan 2023 02:05:50 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
eiorwithitofsti.com.ua/RU4ya0ZqcVEYeyEgaCUlKAR0OQ4XBmcAIhUqdyUVFCVWWxQDCxQfLyFzBVhxdn0HTTYsKg9afmM9RgoyMD0PWmAsIFQEe2M4D1podWAARXRjOw9aYDE+Uwx7dGhCHzIpcwNdcXZ6AllxdnsEUnI
188.114.96.1204 No Content 0 B URL HTTP/2 eiorwithitofsti.com.ua/RU4ya0ZqcVEYeyEgaCUlKAR0OQ4XBmcAIhUqdyUVFCVWWxQDCxQfLyFzBVhxdn0HTTYsKg9afmM9RgoyMD0PWmAsIFQEe2M4D1podWAARXRjOw9aYDE+Uwx7dGhCHzIpcwNdcXZ6AllxdnsEUnI
IP 188.114.96.1:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /RU4ya0ZqcVEYeyEgaCUlKAR0OQ4XBmcAIhUqdyUVFCVWWxQDCxQfLyFzBVhxdn0HTTYsKg9afmM9RgoyMD0PWmAsIFQEe2M4D1podWAARXRjOw9aYDE+Uwx7dGhCHzIpcwNdcXZ6AllxdnsEUnI HTTP/1.1
Host: eiorwithitofsti.com.ua
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Wed, 11 Jan 2023 02:05:50 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zB9vcMP%2BE5%2F2xXX9z81lnn%2FOI%2B6YlvPmFBXnf4dRBzzE2D%2FaRd1Yw7GktJUkeW6ko7pY6Cd6GflH%2FNwPKjixVnhDuwvNItvAmdh6gspazSyQk0OVi6obw89F%2FQPTvNaz00qaVju4ZjKd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 787a16f32a490b06-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
push.services.mozilla.com/
34.211.127.63101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.211.127.63:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: EtDL/SU8zNq++3qgrGQ3Kg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: hMkb/j/Vi3JgGfRPSyAIUTifgbs=
bayfiles.com/static/logo.png
45.154.253.150200 OK 39 kB URL HTTP/1.1 bayfiles.com/static/logo.png
IP 45.154.253.150:0
ASN #41634 Svea Hosting AB
File type PNG image data, 292 x 251, 8-bit/color RGBA, non-interlaced\012- data
Hash d39dfc9566d5264e198224dc249dd6bb
67ec60e7df6257a32f41e45e6877dc65f036ef0f
0b959f7dd25865a8a0636b6bb81d523c07fb03f76905313b9b8d677ae294b25a
GET /static/logo.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/dbsfz7J8y3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 11 Jan 2023 02:05:50 GMT
Content-Type: image/png
Content-Length: 38607
Connection: keep-alive
last-modified: Fri, 16 Sep 2022 20:22:41 GMT
etag: "6324db11-96cf"
bayfiles.com/img/flags/24/us.png
45.154.253.150200 OK 656 B URL HTTP/1.1 bayfiles.com/img/flags/24/us.png
IP 45.154.253.150:0
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash ae506a6c014bfeb8d8cbfdfbe94c14c9
f4e74440c4e79e71959b9b8f799f2e8a7e15b7ee
bc6dd978e70894c8a0148e6806f4fde9566ee59349adb03c02a61a3b2e25b6f1
GET /img/flags/24/us.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/dbsfz7J8y3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 11 Jan 2023 02:05:50 GMT
Content-Type: image/png
Content-Length: 656
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 183
accept-ranges: bytes
djv99sxoqpv11.cloudfront.net/xNEtRNWJXJD9TXUAiNQhVAX1iAlQSISJaDER2CWRRfRtjfDBVHwt9UVJtJU8GCXt3WQNaLGwTB1oobAREVS8zCFYSPyFaCQkoNUIARyooVw1DbSRUX1kkK1wOWCp0ByQBZWEQUARjJlwMUCQmRkcGez9BRwZ7YAVMBG5id0cGeyZcDAJ/dAYgEXlhTVQAbm-J3RwZ7I0NHBwpgBVcae3gQUAQsNFYJW25jc1AEemEFUwR6dAdSUiIjUARbM3QHJAV7ZBtSEj5sBA
54.230.245.37200 OK 468 B URL HTTP/2 djv99sxoqpv11.cloudfront.net/xNEtRNWJXJD9TXUAiNQhVAX1iAlQSISJaDER2CWRRfRtjfDBVHwt9UVJtJU8GCXt3WQNaLGwTB1oobAREVS8zCFYSPyFaCQkoNUIARyooVw1DbSRUX1kkK1wOWCp0ByQBZWEQUARjJlwMUCQmRkcGez9BRwZ7YAVMBG5id0cGeyZcDAJ/dAYgEXlhTVQAbm-J3RwZ7I0NHBwpgBVcae3gQUAQsNFYJW25jc1AEemEFUwR6dAdSUiIjUARbM3QHJAV7ZBtSEj5sBA
IP 54.230.245.37:0
File type ASCII text, with very long lines (606), with no line terminators
Hash d605dcafc65824a318cff9ea9eeadb2c
e84cb343fe5fdd6fd6be58a9c99d180a0be00527
850070c8168ab5c622c7c1678d230e99e87fefb7cfa8b4844ca7fad943cb15b4
Analyzer Verdict Alert fortinet Malware
GET /xNEtRNWJXJD9TXUAiNQhVAX1iAlQSISJaDER2CWRRfRtjfDBVHwt9UVJtJU8GCXt3WQNaLGwTB1oobAREVS8zCFYSPyFaCQkoNUIARyooVw1DbSRUX1kkK1wOWCp0ByQBZWEQUARjJlwMUCQmRkcGez9BRwZ7YAVMBG5id0cGeyZcDAJ/dAYgEXlhTVQAbm-J3RwZ7I0NHBwpgBVcae3gQUAQsNFYJW25jc1AEemEFUwR6dAdSUiIjUARbM3QHJAV7ZBtSEj5sBA HTTP/1.1
Host: djv99sxoqpv11.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://iokenattharmiin.com.ua/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 468
date: Wed, 11 Jan 2023 02:05:50 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 5B3smYyNPx44Iy5mQmuYnIB8NhBn1MKjtYRbQXdjXGXTB8Xw9IUTdQ==
X-Firefox-Spdy: h2
djv99sxoqpv11.cloudfront.net/zNElKMmFXJiRUXkAgLg9WB355AVQSIzldD0R0M3EKTS98Yjd2KGxGG1B0ehQNVSctD0dRJykPUBIoLlBcAG8/U1xZJjBbDVgobwAnAWd6F1MEYT1bD1AmPUFEBnkkRkQGeXsCTwRseXBEBnk9Ww8CfW8BIxF7ekpXAGx5cEQGeThERAcIewJUGnljF1MELi-9RCltseHRTBHh6AlAEeG8AUVIgOFcHWzFvACcFeX8cURI8dwM
54.230.245.37200 OK 196 B URL HTTP/2 djv99sxoqpv11.cloudfront.net/zNElKMmFXJiRUXkAgLg9WB355AVQSIzldD0R0M3EKTS98Yjd2KGxGG1B0ehQNVSctD0dRJykPUBIoLlBcAG8/U1xZJjBbDVgobwAnAWd6F1MEYT1bD1AmPUFEBnkkRkQGeXsCTwRseXBEBnk9Ww8CfW8BIxF7ekpXAGx5cEQGeThERAcIewJUGnljF1MELi-9RCltseHRTBHh6AlAEeG8AUVIgOFcHWzFvACcFeX8cURI8dwM
IP 54.230.245.37:0
File type ASCII text, with no line terminators
Hash be2483a71afe3260e11f2800eeeff472
ba34d183d4fdfa3c098323d7592372402d4b8bf9
f8f75f865fcf09911fc48f2fb4ddd3f1e645e45550ea054792177d26f4736984
Analyzer Verdict Alert fortinet Malware
GET /zNElKMmFXJiRUXkAgLg9WB355AVQSIzldD0R0M3EKTS98Yjd2KGxGG1B0ehQNVSctD0dRJykPUBIoLlBcAG8/U1xZJjBbDVgobwAnAWd6F1MEYT1bD1AmPUFEBnkkRkQGeXsCTwRseXBEBnk9Ww8CfW8BIxF7ekpXAGx5cEQGeThERAcIewJUGnljF1MELi-9RCltseHRTBHh6AlAEeG8AUVIgOFcHWzFvACcFeX8cURI8dwM HTTP/1.1
Host: djv99sxoqpv11.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://iokenattharmiin.com.ua/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 196
date: Wed, 11 Jan 2023 02:05:50 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: zIDAaElIv06-329UUKZMC2CyQUz6QFZuDZREXz4bid7aNgJK0vAluw==
X-Firefox-Spdy: h2
djv99sxoqpv11.cloudfront.net/YTmdSejUtCDwcCjoONkcCfVBhSQZoDSEVWz5aMDlXeCZgMVF4CxY1Wz0EdA5PKlpiXFkvCTVHEysJMUcEaAY2GAh6QSYKWiVaMR5CLBQzA1chEHQPVHMKPQBcIgszXwcIUnxKEHxXeg1cIAM9DUZrVWIUQWtVYksFYFd3SXdrVWINXCBRZl8GDEJgSk14U3-dJd2tVYghDa1QTSwV7SWJTEHxXNR9WJQh3SHN8V2NKBX9XY18HfgE7CFAoCCpfBwhWYk8bfkEnRwQ
54.230.245.37200 OK 572 B URL HTTP/2 djv99sxoqpv11.cloudfront.net/YTmdSejUtCDwcCjoONkcCfVBhSQZoDSEVWz5aMDlXeCZgMVF4CxY1Wz0EdA5PKlpiXFkvCTVHEysJMUcEaAY2GAh6QSYKWiVaMR5CLBQzA1chEHQPVHMKPQBcIgszXwcIUnxKEHxXeg1cIAM9DUZrVWIUQWtVYksFYFd3SXdrVWINXCBRZl8GDEJgSk14U3-dJd2tVYghDa1QTSwV7SWJTEHxXNR9WJQh3SHN8V2NKBX9XY18HfgE7CFAoCCpfBwhWYk8bfkEnRwQ
IP 54.230.245.37:0
File type ASCII text, with very long lines (791), with no line terminators
Hash 6e97ee3aea87e751692d4f37d56222cc
63d28024190c6db9c1979ae70655a58788b39a54
d52d2eac7a7d183ac673204039afc4ce700e98d1dcae6586dca022cfbbd66716
Analyzer Verdict Alert fortinet Malware
GET /YTmdSejUtCDwcCjoONkcCfVBhSQZoDSEVWz5aMDlXeCZgMVF4CxY1Wz0EdA5PKlpiXFkvCTVHEysJMUcEaAY2GAh6QSYKWiVaMR5CLBQzA1chEHQPVHMKPQBcIgszXwcIUnxKEHxXeg1cIAM9DUZrVWIUQWtVYksFYFd3SXdrVWINXCBRZl8GDEJgSk14U3-dJd2tVYghDa1QTSwV7SWJTEHxXNR9WJQh3SHN8V2NKBX9XY18HfgE7CFAoCCpfBwhWYk8bfkEnRwQ HTTP/1.1
Host: djv99sxoqpv11.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://iokenattharmiin.com.ua/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 572
date: Wed, 11 Jan 2023 02:05:50 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: tJQBd-uhSdVI7BaBKlR6vzWfBjK-dZHLBmkLXQRHMeKxSDT5XorPvw==
X-Firefox-Spdy: h2
bayfiles.com/img/flags/24/fr.png
45.154.253.150200 OK 536 B URL HTTP/1.1 bayfiles.com/img/flags/24/fr.png
IP 45.154.253.150:0
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash e81efecf1a1b1d3a17d00a904c5cc3c9
1203894dbfc8363302dc709d852c05a4dd8bf9dc
54df4beda3ad05d5c621511ff15b2882588ff457e36132035d5f21fb29f2a750
GET /img/flags/24/fr.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/dbsfz7J8y3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 11 Jan 2023 02:05:50 GMT
Content-Type: image/png
Content-Length: 536
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 186
accept-ranges: bytes
policityseriod.info/
199.115.116.43302 Found 0 B IP 199.115.116.43:0
ASN #30633 LEASEWEB-USA-WDC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
POST / HTTP/1.1
Host: policityseriod.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 388
Origin: https://bayfiles.com
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
date: Wed, 11 Jan 2023 02:05:50 GMT
server: Apache/2.4.38 (Debian)
set-cookie: __tad=1673402750.8544084; expires=Sat, 08-Jan-2033 02:05:50 GMT; Max-Age=315360000
location: http://ww25.policityseriod.info/?subid1=20230111-1305-507d-9d0d-14003db2246c
content-length: 0
content-type: text/html; charset=UTF-8
connection: close
bayfiles.com/img/flags/24/kr.png
45.154.253.150200 OK 988 B URL HTTP/1.1 bayfiles.com/img/flags/24/kr.png
IP 45.154.253.150:0
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash cb22f00511d088a71e84f8c1c864caed
6599812ed106bda6017487287e12bc836570649f
09a03e08c73db3d8fb50241f004b69d673ec8ea90a6ca7252d66ce821d0b6db1
GET /img/flags/24/kr.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/dbsfz7J8y3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 11 Jan 2023 02:05:50 GMT
Content-Type: image/png
Content-Length: 988
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 228
accept-ranges: bytes
bayfiles.com/img/flags/24/br.png
45.154.253.150200 OK 1.1 kB URL HTTP/1.1 bayfiles.com/img/flags/24/br.png
IP 45.154.253.150:0
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash 6a5938d2e7f7d6f4026d6eb1b4b4f2cd
7a038177fe4deec455d61d3e9c90019fa4727d40
0ab6c46e677fa7e49b6344fcde39c06ff6c014d9163571cdb36f8b5fc59c17eb
GET /img/flags/24/br.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/dbsfz7J8y3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 11 Jan 2023 02:05:50 GMT
Content-Type: image/png
Content-Length: 1115
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 219
accept-ranges: bytes
bayfiles.com/img/flags/24/es.png
45.154.253.150200 OK 666 B URL HTTP/1.1 bayfiles.com/img/flags/24/es.png
IP 45.154.253.150:0
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash 5fa381a8eb16d9e673d32980e7fd1710
fc29fbbebe97109ef1d16a0d4a65637d6b725ac8
7b6f223153c8eda1b541326f9cd66aeb53a28801c58c4de751fd2f9f6f1d96ff
GET /img/flags/24/es.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/dbsfz7J8y3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 11 Jan 2023 02:05:50 GMT
Content-Type: image/png
Content-Length: 666
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 192
accept-ranges: bytes
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 5f5f3214d73a0066cf4784dac4d8573b
47832303343c4a19070eac14f0587518430a65e2
448453048adc356672036cfeb00a74126e089dc389a1c0eac52373ae99e39951
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3947
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 11 Jan 2023 02:05:50 GMT
Last-Modified: Wed, 11 Jan 2023 01:00:03 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash a058a0ebf27508c78cf8db30346cef67
e1b71cede44395663aadec2d1e5487ad2104f728
bb32e700dbe07a2bb8c1fefd7d4a405be3b1d14f63759cb30126b080ce909799
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 11 Jan 2023 02:05:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash a058a0ebf27508c78cf8db30346cef67
e1b71cede44395663aadec2d1e5487ad2104f728
bb32e700dbe07a2bb8c1fefd7d4a405be3b1d14f63759cb30126b080ce909799
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 11 Jan 2023 02:05:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
23.36.76.226200 OK 344 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 90c13369bf59598b66df662265c619cc
90ab3e129c9374d26b0f8dee1edeef3485ec793b
ac2be9989bd746e69ad0e10cb0a80db1a83f96e7ae269d655e9c3be3a0152728
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "AC2BE9989BD746E69AD0E10CB0A80DB1A83F96E7AE269D655E9C3BE3A0152728"
Last-Modified: Tue, 10 Jan 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9841
Expires: Wed, 11 Jan 2023 04:49:51 GMT
Date: Wed, 11 Jan 2023 02:05:50 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 344 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 90c13369bf59598b66df662265c619cc
90ab3e129c9374d26b0f8dee1edeef3485ec793b
ac2be9989bd746e69ad0e10cb0a80db1a83f96e7ae269d655e9c3be3a0152728
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "AC2BE9989BD746E69AD0E10CB0A80DB1A83F96E7AE269D655E9C3BE3A0152728"
Last-Modified: Tue, 10 Jan 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9841
Expires: Wed, 11 Jan 2023 04:49:51 GMT
Date: Wed, 11 Jan 2023 02:05:50 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 344 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 90c13369bf59598b66df662265c619cc
90ab3e129c9374d26b0f8dee1edeef3485ec793b
ac2be9989bd746e69ad0e10cb0a80db1a83f96e7ae269d655e9c3be3a0152728
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "AC2BE9989BD746E69AD0E10CB0A80DB1A83F96E7AE269D655E9C3BE3A0152728"
Last-Modified: Tue, 10 Jan 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9841
Expires: Wed, 11 Jan 2023 04:49:51 GMT
Date: Wed, 11 Jan 2023 02:05:50 GMT
Connection: keep-alive
iokenattharmiin.com.ua/utx?cb=nDH0R7UWYKs9&top=bayfiles.com&tid=756376
65.9.44.30204 No Content 0 B URL HTTP/2 iokenattharmiin.com.ua/utx?cb=nDH0R7UWYKs9&top=bayfiles.com&tid=756376
IP 65.9.44.30:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=nDH0R7UWYKs9&top=bayfiles.com&tid=756376 HTTP/1.1
Host: iokenattharmiin.com.ua
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bayfiles.com
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Wed, 11 Jan 2023 02:05:50 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://bayfiles.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Wed, 11 Jan 2023 02:06:50 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 a970743f386cb7ff58c6ef8459b5f9e0.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: L7smQIGBi_rXYlxo5EPetHDfInGW7Yv1jE_3dIp01qZO4r7sDx8H3g==
X-Firefox-Spdy: h2
bayfiles.com/sw.js?c0owQm0oaAdxWkB4BmBBUWgcYA8RelMnVBAsHXJYFSsddg5Hfx17VUV7HXRaFXMEI1pGKQEkDlFmEiBZECsCJl9EZ1F0DBdnBHEJFWcIJ1RHZwh3VBZzA3cJS3IGI09faEM1T19oQC0BGilZNhQAL0IrAhdkWSwLHGgcYFhdeBIf
45.154.253.150200 OK 14 kB URL HTTP/1.1 bayfiles.com/sw.js?c0owQm0oaAdxWkB4BmBBUWgcYA8RelMnVBAsHXJYFSsddg5Hfx17VUV7HXRaFXMEI1pGKQEkDlFmEiBZECsCJl9EZ1F0DBdnBHEJFWcIJ1RHZwh3VBZzA3cJS3IGI09faEM1T19oQC0BGilZNhQAL0IrAhdkWSwLHGgcYFhdeBIf
IP 45.154.253.150:0
ASN #41634 Svea Hosting AB
File type ASCII text, with very long lines (39060), with no line terminators
Hash fefdeff3180d9772f08a2cadce9a55b0
5610f0290b7f4c81c57a65703825fc2830aeac96
0009589421c540c0b0ee37fde74f5373962096bc8e9869a953b4cb59547a8f61
GET /sw.js?c0owQm0oaAdxWkB4BmBBUWgcYA8RelMnVBAsHXJYFSsddg5Hfx17VUV7HXRaFXMEI1pGKQEkDlFmEiBZECsCJl9EZ1F0DBdnBHEJFWcIJ1RHZwh3VBZzA3cJS3IGI09faEM1T19oQC0BGilZNhQAL0IrAhdkWSwLHGgcYFhdeBIf HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 11 Jan 2023 02:05:50 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
x-vdch: Yes
cache-control: public, max-age=14400
x-oe: Y
x-oh: 612
Content-Encoding: gzip
iokenattharmiin.com.ua/utx?cb=rLth2kUZJxfh&top=bayfiles.com&tid=737333
65.9.44.30204 No Content 0 B URL HTTP/2 iokenattharmiin.com.ua/utx?cb=rLth2kUZJxfh&top=bayfiles.com&tid=737333
IP 65.9.44.30:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=rLth2kUZJxfh&top=bayfiles.com&tid=737333 HTTP/1.1
Host: iokenattharmiin.com.ua
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bayfiles.com
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Wed, 11 Jan 2023 02:05:50 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://bayfiles.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Wed, 11 Jan 2023 02:06:50 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 a970743f386cb7ff58c6ef8459b5f9e0.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: Gat9CuQvVWakxMAB1KXGSgRdrutKPZIG2v8Ys5886Uzeb7tMT3oFXA==
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
142.250.74.109302 Found 393 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP 142.250.74.109:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (380)
Hash 430fc4b662580cba96180560519dddff
c2dd5e8451e11419d3f7fe33c478299371fdf8b2
be7618eec87fe29765a2319a8258854860de74199703d38e8c3794d21b659d65
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 11 Jan 2023 02:05:50 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S1695339543%3A1673402750891129&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh6UhHu8hJVZ4E3DFG6DCij7_NDqdLUqtlxTqAx5b4zxxC3zlz_MZo9HdgZruWb9fivnI0nXtQ
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-tMMTwK8R6ZtYlaVNmQ4d9A' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 393
server: GSE
set-cookie: __Host-GAPS=1:1HsJEAvcEISZBAOCscs9radh9M-YLw:ns-VEo5xZLfIoByB;Path=/;Expires=Fri, 10-Jan-2025 02:05:50 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
142.250.74.109302 Found 396 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP 142.250.74.109:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (384)
Hash 89562d644356376e20539ff0436ec926
fa81bfcc01658d3f70594aaec7e146471af5741d
5d5970549ab82d54b306f8672d701a4b4c568418aa809888b5d7580ee10f8d24
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 11 Jan 2023 02:05:50 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S1007187190%3A1673402750913476&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh65BYj0Sei1bM5EM7jthIMXzfzFp0FcTe3fISBylx6ARHodqYUbxm__SHsyNJK2xSk_4waTxA
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-w6yWBSiCIEjfQWYAqacT1A' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 396
server: GSE
set-cookie: __Host-GAPS=1:Ureqj36plmsUMojGSIt4Kml8AV4sUg:zOOzfPtPYZMJWzIb;Path=/;Expires=Fri, 10-Jan-2025 02:05:50 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 5f5f3214d73a0066cf4784dac4d8573b
47832303343c4a19070eac14f0587518430a65e2
448453048adc356672036cfeb00a74126e089dc389a1c0eac52373ae99e39951
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3947
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 11 Jan 2023 02:05:50 GMT
Last-Modified: Wed, 11 Jan 2023 01:00:03 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 471
e1.o.lencr.org/
23.36.76.226200 OK 344 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 90c13369bf59598b66df662265c619cc
90ab3e129c9374d26b0f8dee1edeef3485ec793b
ac2be9989bd746e69ad0e10cb0a80db1a83f96e7ae269d655e9c3be3a0152728
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "AC2BE9989BD746E69AD0E10CB0A80DB1A83F96E7AE269D655E9C3BE3A0152728"
Last-Modified: Tue, 10 Jan 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9841
Expires: Wed, 11 Jan 2023 04:49:51 GMT
Date: Wed, 11 Jan 2023 02:05:50 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 352d7a7af93083f26d1bca04e478eed2
5d59416822e016ad4af1987871414d35d794b29c
423a619c9619448bcdf4bc3934c442f20db716e7bef4f64e0fba85bf33c87f72
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 11 Jan 2023 02:05:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
iokenattharmiin.com.ua/multi?cs=YldYdHVWZW5GQltvakxCVWVrTEI&abt=0&red=1&sm=76&k=&v=1.0.60.1&sts=0&prn=0&emb=0&tid=756376&rxy=1280_1024&fs=1&ref=https%3A%2F%2Fbayfiles.com%2Fdbsfz7J8y3&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&_xQJx=1673402736321&crc=1
65.9.44.30200 OK 1.6 kB URL HTTP/2 iokenattharmiin.com.ua/multi?cs=YldYdHVWZW5GQltvakxCVWVrTEI&abt=0&red=1&sm=76&k=&v=1.0.60.1&sts=0&prn=0&emb=0&tid=756376&rxy=1280_1024&fs=1&ref=https%3A%2F%2Fbayfiles.com%2Fdbsfz7J8y3&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&_xQJx=1673402736321&crc=1
IP 65.9.44.30:0
File type ASCII text, with very long lines (3318), with no line terminators
Hash 9c2ed908e914b7cd638a026c859238e4
a602db12d83873502932737b2b95f2af1cd3bf34
15bd99efcbf2c39365185db34019d759b8b23c6adde627d3964ffa55784064d7
GET /multi?cs=YldYdHVWZW5GQltvakxCVWVrTEI&abt=0&red=1&sm=76&k=&v=1.0.60.1&sts=0&prn=0&emb=0&tid=756376&rxy=1280_1024&fs=1&ref=https%3A%2F%2Fbayfiles.com%2Fdbsfz7J8y3&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&_xQJx=1673402736321&crc=1 HTTP/1.1
Host: iokenattharmiin.com.ua
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bayfiles.com
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/plain
content-length: 1613
date: Wed, 11 Jan 2023 02:05:50 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://bayfiles.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=23f89ff4-5db4-4706-aba8-47757a8ee6dd
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 a970743f386cb7ff58c6ef8459b5f9e0.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: fW-injZ-hhbI-OtFh6uz99JgaKlIFX8d1shdeX9-4L7PIsFgMVOnnA==
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 385fbe651dc747111b979f40f9583702
a69fa58ffc6e2b15222f17ad6345b2bec9d75106
c82b794c471d79568f5eee05529ceddbefc383ac0d035578da7bc3866062e5cc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C82B794C471D79568F5EEE05529CEDDBEFC383AC0D035578DA7BC3866062E5CC"
Last-Modified: Tue, 10 Jan 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10339
Expires: Wed, 11 Jan 2023 04:58:10 GMT
Date: Wed, 11 Jan 2023 02:05:51 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 385fbe651dc747111b979f40f9583702
a69fa58ffc6e2b15222f17ad6345b2bec9d75106
c82b794c471d79568f5eee05529ceddbefc383ac0d035578da7bc3866062e5cc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C82B794C471D79568F5EEE05529CEDDBEFC383AC0D035578DA7BC3866062E5CC"
Last-Modified: Tue, 10 Jan 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10339
Expires: Wed, 11 Jan 2023 04:58:10 GMT
Date: Wed, 11 Jan 2023 02:05:51 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 385fbe651dc747111b979f40f9583702
a69fa58ffc6e2b15222f17ad6345b2bec9d75106
c82b794c471d79568f5eee05529ceddbefc383ac0d035578da7bc3866062e5cc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C82B794C471D79568F5EEE05529CEDDBEFC383AC0D035578DA7BC3866062E5CC"
Last-Modified: Tue, 10 Jan 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10339
Expires: Wed, 11 Jan 2023 04:58:10 GMT
Date: Wed, 11 Jan 2023 02:05:51 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb6836f9-47c0-4072-8841-9838455af78e.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb6836f9-47c0-4072-8841-9838455af78e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 739d7b6363767151f0dfda26339c03cb
5f1c3e27d48f83326202e300331825537cc84189
8d460467f4c61ecd4b44d910afa13688e9bd2f36762f79ad3cdd025eede65f8a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb6836f9-47c0-4072-8841-9838455af78e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12862
x-amzn-requestid: a947df07-a29c-4e5e-98ec-724b6a1a439d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ecM0gFZ2IAMF-yQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63bb281c-00ccdc2017f0288f2037c971;Sampled=0
x-amzn-remapped-date: Sun, 08 Jan 2023 20:31:24 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: e4o8U4sRwSYjR5JCvxCnupuhVJk7N0KYSd2jBKjsDhzGovgfRtiKxg==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Tue, 10 Jan 2023 13:21:28 GMT
age: 45863
etag: "5f1c3e27d48f83326202e300331825537cc84189"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.199.35200 OK 110 kB IP 172.64.199.35:0
Size 110 kB (109812 bytes)
Hash 65f764540da73e11f032b01af19add7b
30da8cc3fb50ee6fd1b7aab44ec347baa6f2a321
c2f29e35b433046dd7631561f6a85a2a84d20a739435bad7f676977b1b2d9e0e
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bayfiles.com/
Origin: https://bayfiles.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 11 Jan 2023 02:05:50 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://bayfiles.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 6315
last-modified: Wed, 11 Jan 2023 00:20:35 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W6mqwFVFefMqF95qqnu5ijfP%2BfPr5C4yhYSVCePL4gGfGr09KwrRPk6Aphr%2Ft2N8j4qis2avdqLlsHrD3JcXQPGmpF6dVS5jgFehRawOsfW1cav891XK2IhAXhk1v83z"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 787a16f90cadbc9d-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb8726105-cc11-4ded-a83e-841fadde759e.jpeg
34.120.237.76200 OK 9.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb8726105-cc11-4ded-a83e-841fadde759e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 17494b6e52ac7108f3ff324860bab717
9d71a025633cfaa02dcf9455603fd806f94be0b1
8214ab7d2f6ffaefa6539aced6c93782354ab15f92933b987d3aab8f3afd3bd6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb8726105-cc11-4ded-a83e-841fadde759e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9860
x-amzn-requestid: d6287efc-acd0-44b1-a7f9-42e1b8d3b78a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ecfAoFnvoAMFnpA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63bb4537-1c74dde5429011e07f63c78e;Sampled=0
x-amzn-remapped-date: Sun, 08 Jan 2023 22:35:35 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: TZihK6hSHxfsOoVJ5fW-1u938ymcZg-EeglTU_CD2H6lTVTWiT1Yhg==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 10 Jan 2023 21:46:17 GMT
age: 15574
etag: "9d71a025633cfaa02dcf9455603fd806f94be0b1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F15770463-febf-46fb-8a4d-1a4f297b5a7b.jpeg
34.120.237.76200 OK 4.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F15770463-febf-46fb-8a4d-1a4f297b5a7b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1d11194f94b91e55e976fc5d704afa55
eb6c7b73b80d2d41e6e4801a0b671e2a5c1cdf5b
66b01e33e1bc18d18e187632738f8ff49ef58a2d054367173c0570b7caa76260
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F15770463-febf-46fb-8a4d-1a4f297b5a7b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4116
x-amzn-requestid: 64c7b71c-74a5-4304-bab5-305de0e4c9d1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eON3PHCaoAMF_Zg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b5902e-72ada40c0419baa7763c2441;Sampled=0
x-amzn-remapped-date: Wed, 04 Jan 2023 14:41:50 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: xK0zI6cR7oOQo6KPbyiHf9yOctB1VroNIEW0sF5Ji-OADq4ppGWpgQ==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Tue, 10 Jan 2023 04:07:37 GMT
age: 79094
etag: "eb6c7b73b80d2d41e6e4801a0b671e2a5c1cdf5b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1180e9be-6c31-4bd3-86f4-ac36cdd4e746.jpeg
34.120.237.76200 OK 9.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1180e9be-6c31-4bd3-86f4-ac36cdd4e746.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 74eafe3bfabac6843100686971153898
e9df2e14485c412107d742d4baab53aa36cd8ca4
46fcfba703552a587888b3c6e6a1deb01930e347192d05d95a5a5f46e9d0fea1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1180e9be-6c31-4bd3-86f4-ac36cdd4e746.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9301
x-amzn-requestid: 7f43eb13-8bca-4b2b-a6a4-325c6161608e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ei73_GVVIAMFn5Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63bdd9cc-3f5d8e784f0d806b6416138f;Sampled=0
x-amzn-remapped-date: Tue, 10 Jan 2023 21:34:04 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Hm1d-3H7jqfp6ylCahEmI84jBVpJyIpJTw2rlDx0N1TaagFryNmpXg==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Tue, 10 Jan 2023 21:43:48 GMT
etag: "e9df2e14485c412107d742d4baab53aa36cd8ca4"
content-type: image/jpeg
age: 15723
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd94a5360-2ddf-4088-a880-212e75db1287.jpeg
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd94a5360-2ddf-4088-a880-212e75db1287.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash aad80e2c0386d7c7d88ac85b00d2e50f
291629800087b85000b89165892b05fd7babd8b3
bac555de181f5181e01bccf20691916725baae448130a1de3c8da908f60a727f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd94a5360-2ddf-4088-a880-212e75db1287.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7602
x-amzn-requestid: 10f2172b-1c93-4525-bdc7-23cb66d878dd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eS1mOHeuoAMFfpQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b7695a-385d20e03946bf41036d6378;Sampled=0
x-amzn-remapped-date: Fri, 06 Jan 2023 00:20:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Eoz-ra19uQNrO5CyWYbe_ASmTkgYmSxE3RoSmWSEmQ-KpvpyQlIYbw==
via: 1.1 2241406ac19fffc8f35d6ddef8e22f56.cloudfront.net (CloudFront), 1.1 ee8246c5442dace7525c74f6a799bb46.cloudfront.net (CloudFront), 1.1 google
date: Tue, 10 Jan 2023 21:56:36 GMT
age: 14955
etag: "291629800087b85000b89165892b05fd7babd8b3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
bayfiles.com/img/favicon/favicon-32x32-bayfiles.png?1663356888
45.154.253.150200 OK 1.4 kB URL HTTP/1.1 bayfiles.com/img/favicon/favicon-32x32-bayfiles.png?1663356888
IP 45.154.253.150:0
ASN #41634 Svea Hosting AB
File type PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash 9549584e9288a5dd9d163daa26a6f34d
0c7a71967bd4570770aa9b1043a1d82cd8969252
d18e625001a778074faea9e00ae801988818827c121732ba020390e84897578e
GET /img/favicon/favicon-32x32-bayfiles.png?1663356888 HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/dbsfz7J8y3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 11 Jan 2023 02:05:51 GMT
Content-Type: image/png
Content-Length: 1368
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 334
accept-ranges: bytes
policityseriod.info/c0owQm0oaAdxWkB4BmBBUWgcYA8RelMnVBAsHXJYFSsddg5Hfx17VUV7HXRaFXMEI1pGKQEkDlFmEiBZECsCJl9EZ1F0DBdnBHEJFWcIJ1RHZwh3VBZzA3cJS3IGI09faEM1T19oQC0BGilZNhQAL0IrAhdkWSwLHGgcYFhdeBIf
199.115.116.43302 Found 0 B URL HTTP/1.1 policityseriod.info/c0owQm0oaAdxWkB4BmBBUWgcYA8RelMnVBAsHXJYFSsddg5Hfx17VUV7HXRaFXMEI1pGKQEkDlFmEiBZECsCJl9EZ1F0DBdnBHEJFWcIJ1RHZwh3VBZzA3cJS3IGI09faEM1T19oQC0BGilZNhQAL0IrAhdkWSwLHGgcYFhdeBIf
IP 199.115.116.43:0
ASN #30633 LEASEWEB-USA-WDC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
GET /c0owQm0oaAdxWkB4BmBBUWgcYA8RelMnVBAsHXJYFSsddg5Hfx17VUV7HXRaFXMEI1pGKQEkDlFmEiBZECsCJl9EZ1F0DBdnBHEJFWcIJ1RHZwh3VBZzA3cJS3IGI09faEM1T19oQC0BGilZNhQAL0IrAhdkWSwLHGgcYFhdeBIf HTTP/1.1
Host: policityseriod.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
date: Wed, 11 Jan 2023 02:05:51 GMT
server: Apache/2.4.38 (Debian)
set-cookie: __tad=1673402751.8420045; expires=Sat, 08-Jan-2033 02:05:51 GMT; Max-Age=315360000
location: http://ww25.policityseriod.info/c0owQm0oaAdxWkB4BmBBUWgcYA8RelMnVBAsHXJYFSsddg5Hfx17VUV7HXRaFXMEI1pGKQEkDlFmEiBZECsCJl9EZ1F0DBdnBHEJFWcIJ1RHZwh3VBZzA3cJS3IGI09faEM1T19oQC0BGilZNhQAL0IrAhdkWSwLHGgcYFhdeBIf?subid1=20230111-1305-516c-803a-9f4d5a02c7ad
content-length: 0
content-type: text/html; charset=UTF-8
connection: close
policityseriod.info/
199.115.116.43302 Found 0 B IP 199.115.116.43:0
ASN #30633 LEASEWEB-USA-WDC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
POST / HTTP/1.1
Host: policityseriod.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 760
Origin: https://bayfiles.com
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
date: Wed, 11 Jan 2023 02:05:51 GMT
server: Apache/2.4.38 (Debian)
set-cookie: __tad=1673402751.6049857; expires=Sat, 08-Jan-2033 02:05:51 GMT; Max-Age=315360000
location: http://ww25.policityseriod.info/?subid1=20230111-1305-518a-80d4-e64da162aac6
content-length: 0
content-type: text/html; charset=UTF-8
connection: close
policityseriod.info/
199.115.116.43302 Found 28 B IP 199.115.116.43:0
ASN #30633 LEASEWEB-USA-WDC
Hash 79a1acb2c68b57fabc9eb23cb10189e3
4c795d28f5766ed9cbec7cd13dadd3bf496259e7
734d1293cbf6165ce5713939b82dd89beff818c4527e0103e479e7c2733d07b8
Analyzer Verdict Alert fortinet Malware
POST / HTTP/1.1
Host: policityseriod.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bayfiles.com/
Content-Type: text/plain;charset=UTF-8
Origin: https://bayfiles.com
Content-Length: 360
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
date: Wed, 11 Jan 2023 02:05:51 GMT
server: Apache/2.4.38 (Debian)
set-cookie: __tad=1673402751.3314565; expires=Sat, 08-Jan-2033 02:05:51 GMT; Max-Age=315360000
location: http://ww25.policityseriod.info/?subid1=20230111-1305-51cd-8b8b-ff262ed440a1
content-length: 0
content-type: text/html; charset=UTF-8
connection: close
policityseriod.info/
199.115.116.43302 Found 0 B IP 199.115.116.43:0
ASN #30633 LEASEWEB-USA-WDC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
POST / HTTP/1.1
Host: policityseriod.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bayfiles.com/
Content-Type: text/plain;charset=UTF-8
Origin: https://bayfiles.com
Content-Length: 356
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
date: Wed, 11 Jan 2023 02:05:51 GMT
server: Apache/2.4.38 (Debian)
set-cookie: __tad=1673402751.1627056; expires=Sat, 08-Jan-2033 02:05:51 GMT; Max-Age=315360000
location: http://ww25.policityseriod.info/?subid1=20230111-1305-51dd-83f2-990ce907a6b3
content-length: 0
content-type: text/html; charset=UTF-8
connection: close
policityseriod.info/
199.115.116.43302 Found 0 B IP 199.115.116.43:0
ASN #30633 LEASEWEB-USA-WDC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
POST / HTTP/1.1
Host: policityseriod.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 740
Origin: https://bayfiles.com
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
date: Wed, 11 Jan 2023 02:05:52 GMT
server: Apache/2.4.38 (Debian)
set-cookie: __tad=1673402752.7221112; expires=Sat, 08-Jan-2033 02:05:52 GMT; Max-Age=315360000
location: http://ww25.policityseriod.info/?subid1=20230111-1305-5227-b967-e58c482427d9
content-length: 0
content-type: text/html; charset=UTF-8
connection: close
policityseriod.info/
199.115.116.43302 Found 0 B IP 199.115.116.43:0
ASN #30633 LEASEWEB-USA-WDC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
POST / HTTP/1.1
Host: policityseriod.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 390
Origin: https://bayfiles.com
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
date: Wed, 11 Jan 2023 02:05:52 GMT
server: Apache/2.4.38 (Debian)
set-cookie: __tad=1673402752.5981903; expires=Sat, 08-Jan-2033 02:05:52 GMT; Max-Age=315360000
location: http://ww25.policityseriod.info/?subid1=20230111-1305-523e-9c68-76f427e2c05a
content-length: 0
content-type: text/html; charset=UTF-8
connection: close
policityseriod.info/
199.115.116.43302 Found 0 B IP 199.115.116.43:0
ASN #30633 LEASEWEB-USA-WDC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
POST / HTTP/1.1
Host: policityseriod.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 397
Origin: https://bayfiles.com
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
date: Wed, 11 Jan 2023 02:05:52 GMT
server: Apache/2.4.38 (Debian)
set-cookie: __tad=1673402752.2259770; expires=Sat, 08-Jan-2033 02:05:52 GMT; Max-Age=315360000
location: http://ww25.policityseriod.info/?subid1=20230111-1305-52f5-883f-f6cf3f081c3d
content-length: 0
content-type: text/html; charset=UTF-8
connection: close
policityseriod.info/
199.115.116.43302 Found 0 B IP 199.115.116.43:0
ASN #30633 LEASEWEB-USA-WDC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
POST / HTTP/1.1
Host: policityseriod.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bayfiles.com/
Content-Type: text/plain;charset=UTF-8
Origin: https://bayfiles.com
Content-Length: 355
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
date: Wed, 11 Jan 2023 02:05:52 GMT
server: Apache/2.4.38 (Debian)
set-cookie: __tad=1673402752.6072852; expires=Sat, 08-Jan-2033 02:05:52 GMT; Max-Age=315360000
location: http://ww25.policityseriod.info/?subid1=20230111-1305-5253-8c6d-6d1adf9ea0e3
content-length: 0
content-type: text/html; charset=UTF-8
connection: close
accounts.google.com/v3/signin/identifier?dsh=S1007187190%3A1673402750913476&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh65BYj0Sei1bM5EM7jthIMXzfzFp0FcTe3fISBylx6ARHodqYUbxm__SHsyNJK2xSk_4waTxA
142.250.74.109403 Forbidden 0 B URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S1007187190%3A1673402750913476&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh65BYj0Sei1bM5EM7jthIMXzfzFp0FcTe3fISBylx6ARHodqYUbxm__SHsyNJK2xSk_4waTxA
IP 142.250.74.109:0
GET /v3/signin/identifier?dsh=S1007187190%3A1673402750913476&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh65BYj0Sei1bM5EM7jthIMXzfzFp0FcTe3fISBylx6ARHodqYUbxm__SHsyNJK2xSk_4waTxA HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bayfiles.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 11 Jan 2023 02:05:51 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: script-src 'nonce-Nj8gcl4SnrYC95k-btnOYQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
cross-origin-opener-policy-report-only: same-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
vjs.zencdn.net/7.3.0/video.min.js
151.101.2.217200 OK 0 B URL HTTP/2 vjs.zencdn.net/7.3.0/video.min.js
IP 151.101.2.217:0
GET /7.3.0/video.min.js HTTP/1.1
Host: vjs.zencdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 26 Oct 2018 18:06:27 GMT
etag: "057f19acd50fc7e3ad917dd600889ee5"
cache-control: public, max-age=31536000
content-type: application/javascript; charset=utf-8
content-encoding: gzip
date: Wed, 11 Jan 2023 02:05:49 GMT
x-served-by: cache-bma1657-BMA
x-cache: HIT
x-cache-hits: 3
vary: Accept-Encoding
access-control-allow-origin: *
timing-allow-origin: *
content-length: 132230
X-Firefox-Spdy: h2
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
31.13.72.36200 OK 0 B URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP 31.13.72.36:0
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: ugVTDfMI0mofxUX06xTmTW9Hrz4iooInLwd81PM2qIkn9HX7+zT+1+nux9n22KB12J5LhkxFjWRm6nZuI+I8KA==
date: Wed, 11 Jan 2023 02:05:50 GMT
priority: u=3,i
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.199.35200 OK 0 B IP 172.64.199.35:0
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bayfiles.com/
Origin: https://bayfiles.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 11 Jan 2023 02:05:50 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://bayfiles.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 6315
last-modified: Wed, 11 Jan 2023 00:20:35 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cflGKhdYoJBUIpNYWuwrIwiAyU7ylATPQ4mMRIn%2BU3dYtnhD6zQqMDzPPtpA8A6lPqudFq74TreJRgxXm96nKVTmZh9TFK2KsZd%2F5EhghVB3lQtjgwooEz7%2FQW3xG8ti"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 787a16f90cacbc9d-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?dsh=S1695339543%3A1673402750891129&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh6UhHu8hJVZ4E3DFG6DCij7_NDqdLUqtlxTqAx5b4zxxC3zlz_MZo9HdgZruWb9fivnI0nXtQ
142.250.74.109403 Forbidden 0 B URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S1695339543%3A1673402750891129&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh6UhHu8hJVZ4E3DFG6DCij7_NDqdLUqtlxTqAx5b4zxxC3zlz_MZo9HdgZruWb9fivnI0nXtQ
IP 142.250.74.109:0
GET /v3/signin/identifier?dsh=S1695339543%3A1673402750891129&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AeAAQh6UhHu8hJVZ4E3DFG6DCij7_NDqdLUqtlxTqAx5b4zxxC3zlz_MZo9HdgZruWb9fivnI0nXtQ HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bayfiles.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 11 Jan 2023 02:05:50 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: script-src 'nonce-PV3aHom8cMJkiDTwhZ_Dqw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi/external"}]}
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
pogothere.xyz/
172.64.199.35200 OK 0 B IP 172.64.199.35:0
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bayfiles.com/
Origin: https://bayfiles.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 11 Jan 2023 02:05:50 GMT
content-type: text/plain
set-cookie: csu=1457257940612757@1@1673402750; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://bayfiles.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UP1d%2BOxvcItE6csLl5nHHgUJlTZi6xlTiHpr%2F1m2%2F%2FPfZwaJeNK0mTlJjRBmA0cquVDIepnrZzy%2Bx8DaPP7DBsW%2BvDEBNRi8cN4lPsc8IjbmBQahPLMntalXV1lqmWYs"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 787a16f90cafbc9d-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2