cdn-143.bayfiles.com/H677Re7eyd/6d298bc9-1680174360/Crusader%20Kings%203%20--%20fitgirl-repacks.site%20--.part1.rar
195.96.151.36301 Moved Permanently 162 B URL HTTP/1.1 cdn-143.bayfiles.com/H677Re7eyd/6d298bc9-1680174360/Crusader%20Kings%203%20--%20fitgirl-repacks.site%20--.part1.rar
IP 195.96.151.36:0
ASN #41634 Svea Hosting AB
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /H677Re7eyd/6d298bc9-1680174360/Crusader%20Kings%203%20--%20fitgirl-repacks.site%20--.part1.rar HTTP/1.1
Host: cdn-143.bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Fri, 31 Mar 2023 08:44:41 GMT
Content-Type: text/html
Content-Length: 162
Connection: close
Location: https://cdn-143.bayfiles.com/H677Re7eyd/6d298bc9-1680174360/Crusader%20Kings%203%20--%20fitgirl-repacks.site%20--.part1.rar
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash cca063332ba9a89eadd62a8dd7f81a9b
d473b2a7a32c964599ff3bac8f98fa578f03d1d1
02fb74c7c695ad99f7f2fd7c02ae2b88e2da1c5db339f883333d9090291931dc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "02FB74C7C695AD99F7F2FD7C02AE2B88E2DA1C5DB339F883333D9090291931DC"
Last-Modified: Wed, 29 Mar 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7755
Expires: Fri, 31 Mar 2023 10:53:56 GMT
Date: Fri, 31 Mar 2023 08:44:41 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 7af19a5145a4ee99bdf18831bad04bfd
7bdd2a4785b999ef54a2644211d2b2b7190fb8e1
3237bf0111ecdec3615c4d2d49a602f48f800335d0194f52b600bdaefbd63ed0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3237BF0111ECDEC3615C4D2D49A602F48F800335D0194F52B600BDAEFBD63ED0"
Last-Modified: Thu, 30 Mar 2023 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6054
Expires: Fri, 31 Mar 2023 10:25:35 GMT
Date: Fri, 31 Mar 2023 08:44:41 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 7f03faaba3392caae6dae54467bfdf6d
57ea1f14e8bfbcca8190c706d708c9fda12442c1
02ac551ba61fcbc6b04f244df065948b181a8a258db5c2e197aae66fdfcea8ee
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Content-Type, Content-Length, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 31 Mar 2023 08:16:10 GMT
content-type: application/json
age: 1711
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 76218c893040d958ae1c4231cdd2133c
6a7b336dee91d4aec26ace0a5883ecdfac52e68f
d35492b04d16ed00e9e195e7c84c99aa6a2b8a93abeb656baae0918986f0a7e4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D35492B04D16ED00E9E195E7C84C99AA6A2B8A93ABEB656BAAE0918986F0A7E4"
Last-Modified: Wed, 29 Mar 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6445
Expires: Fri, 31 Mar 2023 10:32:06 GMT
Date: Fri, 31 Mar 2023 08:44:41 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e7bace7c1e04d44012e37ddffe36e5d5
3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2
6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: mQnQ0dUqvRBubZJXu2JwKNgffEkDT1nXWTOYqEKK+dG7Hlxa/g9Jkx+pox/rEtxah9edbHuuuAA=
x-amz-request-id: 6V0B1MMCF1BEEV01
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 31 Mar 2023 08:03:16 GMT
age: 2485
last-modified: Sat, 11 Mar 2023 16:53:15 GMT
etag: "e7bace7c1e04d44012e37ddffe36e5d5"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 08:44:41 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash a361a262bc36cc3105b83622170f19e8
99fdf559e99f239fdcede64fc17958c496daf169
ecc95c6b8fe6c6eab0880d7355a0c2a34848dc1c3852fde5795effae92abc499
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "ECC95C6B8FE6C6EAB0880D7355A0C2A34848DC1C3852FDE5795EFFAE92ABC499"
Last-Modified: Wed, 29 Mar 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11429
Expires: Fri, 31 Mar 2023 11:55:11 GMT
Date: Fri, 31 Mar 2023 08:44:42 GMT
Connection: keep-alive
bayfiles.com/H677Re7eyd
45.154.253.151200 OK 3.0 kB IP 45.154.253.151:0
ASN #41634 Svea Hosting AB
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (805)
Hash 31dcbde4ee9f825d12540f60fca233d5
4bc18fa791093a2aea1611827ba702f02655ae76
1e4cea1692fee1faf147cd117f7f64edc3d68a31255389d21433a7582298b510
GET /H677Re7eyd HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 31 Mar 2023 08:44:42 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
x-vdc: Yes
cache-control: public, max-age=60
x-oe: Y
x-oh: 4
Content-Encoding: gzip
bayfiles.com/css/bayfiles.css?1679570276
45.154.253.151200 OK 25 kB URL HTTP/1.1 bayfiles.com/css/bayfiles.css?1679570276
IP 45.154.253.151:0
ASN #41634 Svea Hosting AB
File type ASCII text, with very long lines (65452)
Hash 896df88019eabed295bc78a2f053ab92
1bca351d99600fb10583eb28c638dd58482535a0
b1555a31747d1f471ea748a1363cf9c588d66dd15dcf42cf7fa0b2911d0424d0
GET /css/bayfiles.css?1679570276 HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/H677Re7eyd
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 31 Mar 2023 08:44:42 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
cache-control: public, max-age=3600
x-oe: Y
x-oh: 1751
Content-Encoding: gzip
bayfiles.com/sw.js
45.154.253.151200 OK 14 kB IP 45.154.253.151:0
ASN #41634 Svea Hosting AB
File type ASCII text, with very long lines (39060), with no line terminators
Hash fefdeff3180d9772f08a2cadce9a55b0
5610f0290b7f4c81c57a65703825fc2830aeac96
0009589421c540c0b0ee37fde74f5373962096bc8e9869a953b4cb59547a8f61
GET /sw.js HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/H677Re7eyd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 31 Mar 2023 08:44:42 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
x-vdch: Yes
cache-control: public, max-age=14400
x-oe: Y
x-oh: 181
Content-Encoding: gzip
vjs.zencdn.net/7.3.0/video-js.min.css
151.101.194.217200 OK 9.7 kB URL HTTP/2 vjs.zencdn.net/7.3.0/video-js.min.css
IP 151.101.194.217:0
File type ASCII text, with very long lines (35998), with no line terminators
Hash 3397ce943db8add2728dccd9a3b8b8bc
a57bbb7546a458fe57d72d06baab950125260cc9
5779043d07e39f23d64752c34c3113055eaaadf57fcd02f366cb028485e626ba
GET /7.3.0/video-js.min.css HTTP/1.1
Host: vjs.zencdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Fri, 26 Oct 2018 18:06:27 GMT
etag: "895e6b29db41953ef6197815c6be59d3"
cache-control: public, max-age=31536000
content-type: text/css; charset=utf-8
content-encoding: gzip
date: Fri, 31 Mar 2023 08:44:42 GMT
x-served-by: cache-bma1675-BMA
x-cache: HIT
x-cache-hits: 5519
vary: Accept-Encoding
access-control-allow-origin: *
timing-allow-origin: *
content-length: 9673
X-Firefox-Spdy: h2
bayfiles.com/js/app.js?1679570276
45.154.253.151200 OK 58 kB URL HTTP/1.1 bayfiles.com/js/app.js?1679570276
IP 45.154.253.151:0
ASN #41634 Svea Hosting AB
File type ASCII text, with very long lines (63238)
Hash 6593eca3dca95e3f423b750e172123cb
49f313f04500d3493e99a5f1841cdc1c798db703
0db1a88df800a447935f58da885afbec989e73606cb37a7df98d428f04d35fcb
GET /js/app.js?1679570276 HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/H677Re7eyd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 31 Mar 2023 08:44:42 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
cache-control: public, max-age=3600
x-oe: Y
x-oh: 621
Content-Encoding: gzip
vjs.zencdn.net/7.3.0/video.min.js
151.101.194.217200 OK 132 kB URL HTTP/2 vjs.zencdn.net/7.3.0/video.min.js
IP 151.101.194.217:0
File type Unicode text, UTF-8 text, with very long lines (65141)
Size 132 kB (132230 bytes)
Hash e296d874aca2a1550b409394be51efaa
c184c030e9aab3d03de27bc588919e249d5ccdf7
401c15b7916797f936e9d8443945ef22e0f93305655c057a92c8d9b80c327c9f
GET /7.3.0/video.min.js HTTP/1.1
Host: vjs.zencdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Fri, 26 Oct 2018 18:06:27 GMT
etag: "057f19acd50fc7e3ad917dd600889ee5"
cache-control: public, max-age=31536000
content-type: application/javascript; charset=utf-8
content-encoding: gzip
date: Fri, 31 Mar 2023 08:44:42 GMT
x-served-by: cache-bma1675-BMA
x-cache: HIT
x-cache-hits: 25
vary: Accept-Encoding
access-control-allow-origin: *
timing-allow-origin: *
content-length: 132230
X-Firefox-Spdy: h2
bayfiles.com/img/flags/24/es.png
45.154.253.151200 OK 666 B URL HTTP/1.1 bayfiles.com/img/flags/24/es.png
IP 45.154.253.151:0
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash 5fa381a8eb16d9e673d32980e7fd1710
fc29fbbebe97109ef1d16a0d4a65637d6b725ac8
7b6f223153c8eda1b541326f9cd66aeb53a28801c58c4de751fd2f9f6f1d96ff
GET /img/flags/24/es.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/H677Re7eyd
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 31 Mar 2023 08:44:42 GMT
Content-Type: image/png
Content-Length: 666
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 1001
accept-ranges: bytes
bayfiles.com/static/logo.png
45.154.253.151200 OK 39 kB URL HTTP/1.1 bayfiles.com/static/logo.png
IP 45.154.253.151:0
ASN #41634 Svea Hosting AB
File type PNG image data, 292 x 251, 8-bit/color RGBA, non-interlaced\012- data
Hash d39dfc9566d5264e198224dc249dd6bb
67ec60e7df6257a32f41e45e6877dc65f036ef0f
0b959f7dd25865a8a0636b6bb81d523c07fb03f76905313b9b8d677ae294b25a
GET /static/logo.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/H677Re7eyd
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 31 Mar 2023 08:44:42 GMT
Content-Type: image/png
Content-Length: 38607
Connection: keep-alive
last-modified: Fri, 16 Sep 2022 19:34:48 GMT
etag: "6324cfd8-96cf"
bayfiles.com/img/flags/24/jp.png
45.154.253.151200 OK 599 B URL HTTP/1.1 bayfiles.com/img/flags/24/jp.png
IP 45.154.253.151:0
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash 857f6f0e0886a3729b758b7241e42e61
a7be973a93c6ad51cf07a9f21a5dd72cc3e15680
8e7b1cd46120293756d1f21bac4de809d2895c7c26dc7586e3e2a09a0f7c1d64
GET /img/flags/24/jp.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/H677Re7eyd
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 31 Mar 2023 08:44:42 GMT
Content-Type: image/png
Content-Length: 599
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 894
accept-ranges: bytes
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash ab61862f016dea85f8aa55e59369d905
a5e81f13052b9e9184caf05a9740c345a40d1f22
e0d580c313088d524a5338e63e4acf9f3f3cb45a54f2528c5d1c4915d71b255b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E0D580C313088D524A5338E63E4ACF9F3F3CB45A54F2528C5D1C4915D71B255B"
Last-Modified: Thu, 30 Mar 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7453
Expires: Fri, 31 Mar 2023 10:48:55 GMT
Date: Fri, 31 Mar 2023 08:44:42 GMT
Connection: keep-alive
bayfiles.com/img/file/filetypes/ext/rar.png?1668603321
45.154.253.151200 OK 631 B URL HTTP/1.1 bayfiles.com/img/file/filetypes/ext/rar.png?1668603321
IP 45.154.253.151:0
ASN #41634 Svea Hosting AB
File type PNG image data, 16 x 16, 8-bit colormap, non-interlaced\012- data
Hash d33954367bc5d15c7f0e01857e7ae8ea
b8b5ba4e52c439feed2b51c7f982be6f4dee3aae
a6f8963dd8d602e135e8b860b7e48badfd78c2b1bef9ec362a39ce2fc484606f
GET /img/file/filetypes/ext/rar.png?1668603321 HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/H677Re7eyd
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 31 Mar 2023 08:44:42 GMT
Content-Type: image/png
Content-Length: 631
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 151
accept-ranges: bytes
bayfiles.com/img/flags/24/kr.png
45.154.253.151200 OK 988 B URL HTTP/1.1 bayfiles.com/img/flags/24/kr.png
IP 45.154.253.151:0
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash cb22f00511d088a71e84f8c1c864caed
6599812ed106bda6017487287e12bc836570649f
09a03e08c73db3d8fb50241f004b69d673ec8ea90a6ca7252d66ce821d0b6db1
GET /img/flags/24/kr.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/H677Re7eyd
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 31 Mar 2023 08:44:42 GMT
Content-Type: image/png
Content-Length: 988
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 874
accept-ranges: bytes
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: ETag, Last-Modified, Expires, Retry-After, Cache-Control, Alert, Backoff, Pragma, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 31 Mar 2023 08:14:39 GMT
age: 1803
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
bayfiles.com/img/flags/24/fr.png
45.154.253.151200 OK 536 B URL HTTP/1.1 bayfiles.com/img/flags/24/fr.png
IP 45.154.253.151:0
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash e81efecf1a1b1d3a17d00a904c5cc3c9
1203894dbfc8363302dc709d852c05a4dd8bf9dc
54df4beda3ad05d5c621511ff15b2882588ff457e36132035d5f21fb29f2a750
GET /img/flags/24/fr.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/H677Re7eyd
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 31 Mar 2023 08:44:42 GMT
Content-Type: image/png
Content-Length: 536
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 1685
accept-ranges: bytes
bayfiles.com/img/flags/24/fi.png
45.154.253.151200 OK 456 B URL HTTP/1.1 bayfiles.com/img/flags/24/fi.png
IP 45.154.253.151:0
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash 0ea9115d18d5210d4f1db520881faa3a
09829c2b7b5e4bae28d62b1dff90220f28c3bdf5
544fee9d1bff8bc83865ab87538924de207ebe4848787496c7308b91b539b6da
GET /img/flags/24/fi.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/H677Re7eyd
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 31 Mar 2023 08:44:42 GMT
Content-Type: image/png
Content-Length: 456
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 1479
accept-ranges: bytes
bayfiles.com/img/flags/24/br.png
45.154.253.151200 OK 1.1 kB URL HTTP/1.1 bayfiles.com/img/flags/24/br.png
IP 45.154.253.151:0
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash 6a5938d2e7f7d6f4026d6eb1b4b4f2cd
7a038177fe4deec455d61d3e9c90019fa4727d40
0ab6c46e677fa7e49b6344fcde39c06ff6c014d9163571cdb36f8b5fc59c17eb
GET /img/flags/24/br.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/H677Re7eyd
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 31 Mar 2023 08:44:42 GMT
Content-Type: image/png
Content-Length: 1115
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 883
accept-ranges: bytes
djv99sxoqpv11.cloudfront.net/?xsvjd=737333
54.230.245.59200 OK 96 kB URL HTTP/2 djv99sxoqpv11.cloudfront.net/?xsvjd=737333
IP 54.230.245.59:0
File type Unicode text, UTF-8 text, with very long lines (15948)
Hash c6031ac63a3b3742fca243cfd76d3412
afe8b4286687285c22899d9d604257eadae10e83
37570d76dca165dbd18638a42c9e1d308336f251b0293eb51566d2bdd08ffc18
GET /?xsvjd=737333 HTTP/1.1
Host: djv99sxoqpv11.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 96138
date: Fri, 31 Mar 2023 08:44:42 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Miss from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 6cBrTBp93KDieymsrnIFzvQl3SwlFEU_OMMxwviMuoREDwtDcQcdSQ==
X-Firefox-Spdy: h2
bayfiles.com/img/flags/24/de.png
45.154.253.151200 OK 483 B URL HTTP/1.1 bayfiles.com/img/flags/24/de.png
IP 45.154.253.151:0
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash 9f8cc07c258bcd2de0c7900861e20ffc
fed97219e44693d4f3918fc4037b325732225d81
07cd5a4cad20604f77dced9c7d8a92ca9ae3321718e5a1935296e4d75f921a19
GET /img/flags/24/de.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/H677Re7eyd
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 31 Mar 2023 08:44:43 GMT
Content-Type: image/png
Content-Length: 483
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 1227
accept-ranges: bytes
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash bfa53fcdc5ba4a4b22cfc8e01e9d9bd6
4fb17c442a7b1ae802e7db6177a54d26ce63e4d3
2b44eda71f9f693f4747c36023d0974dc0c86f82d3e364cf41cc2a4f1431a46d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2B44EDA71F9F693F4747C36023D0974DC0C86F82D3E364CF41CC2A4F1431A46D"
Last-Modified: Wed, 29 Mar 2023 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8555
Expires: Fri, 31 Mar 2023 11:07:18 GMT
Date: Fri, 31 Mar 2023 08:44:43 GMT
Connection: keep-alive
bayfiles.com/img/flags/24/ru.png
45.154.253.151200 OK 403 B URL HTTP/1.1 bayfiles.com/img/flags/24/ru.png
IP 45.154.253.151:0
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash d8df89b036e6afb48f72d2440831bad0
04abb4b29dae9c6f1ac0f1d8a507aabe26a3be35
2db4b55326c0ef7cd3caf53e835ae1f38629da1d1c2f5a127e0785165b16078c
GET /img/flags/24/ru.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/H677Re7eyd
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 31 Mar 2023 08:44:43 GMT
Content-Type: image/png
Content-Length: 403
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 1394
accept-ranges: bytes
vingartistictaste.com/NzdxVXBWVRI4T1YKE3MFRVtMcEJxEkMTFF1BSGwDT1gAJQYGBl82HFhCFTMCWFkFex5SQ1RnNk1uHQ8kbm8WFz9jBzkHCG4SQxM+Bk8hACdxUCQ+BHJnMhQ/cV87JzZmdkQQMWJfPz4fWHUZPThzdRYsEltxFBEaVA4zPiZyegtlM2VhPyI9UGIQDUJ9BjcEF3lnJmE8dGU0PjtfXCEQJEQEIyJAc1YLYT92UAJjIEB1FQAydVolZRh/bTYbOnNAAmE+QAMhECh5XyQHKWBUQxMiZGE7YSkHZT0cOHlfJARIe3g2AyZvYTQAFFt5OBIddVkjEANQVEN4NmV0GQcKbnQzHyVaeUgAJnF/KxI9cH8gEElnciMeOnBlGwA1X2QrZz5mbycXHXlmFh4yTXZJEiYGZjQSOmVjJC0dU2UjEyVAERsmH1lHTBMRdkUiJycFfSEe
54.230.111.121200 OK 1.2 kB URL HTTP/2 vingartistictaste.com/NzdxVXBWVRI4T1YKE3MFRVtMcEJxEkMTFF1BSGwDT1gAJQYGBl82HFhCFTMCWFkFex5SQ1RnNk1uHQ8kbm8WFz9jBzkHCG4SQxM+Bk8hACdxUCQ+BHJnMhQ/cV87JzZmdkQQMWJfPz4fWHUZPThzdRYsEltxFBEaVA4zPiZyegtlM2VhPyI9UGIQDUJ9BjcEF3lnJmE8dGU0PjtfXCEQJEQEIyJAc1YLYT92UAJjIEB1FQAydVolZRh/bTYbOnNAAmE+QAMhECh5XyQHKWBUQxMiZGE7YSkHZT0cOHlfJARIe3g2AyZvYTQAFFt5OBIddVkjEANQVEN4NmV0GQcKbnQzHyVaeUgAJnF/KxI9cH8gEElnciMeOnBlGwA1X2QrZz5mbycXHXlmFh4yTXZJEiYGZjQSOmVjJC0dU2UjEyVAERsmH1lHTBMRdkUiJycFfSEe
IP 54.230.111.121:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3039), with no line terminators
Hash 1ab2fef2649f51a36694ea1a31d6c55d
36de896d4323cac95b1fc5afc5ddfea0c264de5e
efb6a02c70735168b583fe118f00943dd57b9a5827cad477382493603825f997
GET /NzdxVXBWVRI4T1YKE3MFRVtMcEJxEkMTFF1BSGwDT1gAJQYGBl82HFhCFTMCWFkFex5SQ1RnNk1uHQ8kbm8WFz9jBzkHCG4SQxM+Bk8hACdxUCQ+BHJnMhQ/cV87JzZmdkQQMWJfPz4fWHUZPThzdRYsEltxFBEaVA4zPiZyegtlM2VhPyI9UGIQDUJ9BjcEF3lnJmE8dGU0PjtfXCEQJEQEIyJAc1YLYT92UAJjIEB1FQAydVolZRh/bTYbOnNAAmE+QAMhECh5XyQHKWBUQxMiZGE7YSkHZT0cOHlfJARIe3g2AyZvYTQAFFt5OBIddVkjEANQVEN4NmV0GQcKbnQzHyVaeUgAJnF/KxI9cH8gEElnciMeOnBlGwA1X2QrZz5mbycXHXlmFh4yTXZJEiYGZjQSOmVjJC0dU2UjEyVAERsmH1lHTBMRdkUiJycFfSEe HTTP/1.1
Host: vingartistictaste.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1195
date: Fri, 31 Mar 2023 08:44:43 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ueqJRxlAXQ8_YAGZk9zgcf_DtDjIFYkHbT81rMoBhJ_G3IMtVV8OVA==
X-Firefox-Spdy: h2
vingartistictaste.com/OUxyYkNYLhEPfFhxEEQ2SyBPR3F/aUAkJ1M6S1swQSMDEjUIfVwBL1Y5FgQxViIGTC1cOFdQBUktHgY7axtKKAx7dBg3AQ1pQCAFYSQrOnF/DxEOL3QcIysyeB4CEwJqJzUyAgEgNiR7dRYaERR4GQUIAEAKITUtfCg4IwZ3LR4BJHgdHhMSfgE9JilvARE3KFwGClY2bCszDwJTLyUnKngPOSM3dAUaIHd4KycWBHonNiFwcwgzUzN8FkMwcGF8OwUEej8+IBB4DyskclgDIzQkYRoCDxJuOBQ2cWg2KyRyWAUwBTFuGkcbEl4oOTUEWgYRUzdpFjZPDV4UJA0ve34wAQgLFjABBn8tFA4RChQFUjp8JUYjFwsZQQZyAC4oUgUJFEMWOmh/JygCQBknKzR4HxEJDn0UHhIqYX8kKAsLPDNEKUojHBJ+SSAbNBttBUIDclMfHA
54.230.111.121200 OK 1.2 kB URL HTTP/2 vingartistictaste.com/OUxyYkNYLhEPfFhxEEQ2SyBPR3F/aUAkJ1M6S1swQSMDEjUIfVwBL1Y5FgQxViIGTC1cOFdQBUktHgY7axtKKAx7dBg3AQ1pQCAFYSQrOnF/DxEOL3QcIysyeB4CEwJqJzUyAgEgNiR7dRYaERR4GQUIAEAKITUtfCg4IwZ3LR4BJHgdHhMSfgE9JilvARE3KFwGClY2bCszDwJTLyUnKngPOSM3dAUaIHd4KycWBHonNiFwcwgzUzN8FkMwcGF8OwUEej8+IBB4DyskclgDIzQkYRoCDxJuOBQ2cWg2KyRyWAUwBTFuGkcbEl4oOTUEWgYRUzdpFjZPDV4UJA0ve34wAQgLFjABBn8tFA4RChQFUjp8JUYjFwsZQQZyAC4oUgUJFEMWOmh/JygCQBknKzR4HxEJDn0UHhIqYX8kKAsLPDNEKUojHBJ+SSAbNBttBUIDclMfHA
IP 54.230.111.121:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3043), with no line terminators
Hash cfc16ae5955fd606def508873db63565
a8126e73165de000ff87091c8bff19a469e4219c
926b6cdc5b4d0433c27032574ec8f187d12d5bcbe6aa5460d4c032ed18f5302c
GET /OUxyYkNYLhEPfFhxEEQ2SyBPR3F/aUAkJ1M6S1swQSMDEjUIfVwBL1Y5FgQxViIGTC1cOFdQBUktHgY7axtKKAx7dBg3AQ1pQCAFYSQrOnF/DxEOL3QcIysyeB4CEwJqJzUyAgEgNiR7dRYaERR4GQUIAEAKITUtfCg4IwZ3LR4BJHgdHhMSfgE9JilvARE3KFwGClY2bCszDwJTLyUnKngPOSM3dAUaIHd4KycWBHonNiFwcwgzUzN8FkMwcGF8OwUEej8+IBB4DyskclgDIzQkYRoCDxJuOBQ2cWg2KyRyWAUwBTFuGkcbEl4oOTUEWgYRUzdpFjZPDV4UJA0ve34wAQgLFjABBn8tFA4RChQFUjp8JUYjFwsZQQZyAC4oUgUJFEMWOmh/JygCQBknKzR4HxEJDn0UHhIqYX8kKAsLPDNEKUojHBJ+SSAbNBttBUIDclMfHA HTTP/1.1
Host: vingartistictaste.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1193
date: Fri, 31 Mar 2023 08:44:43 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: OROkrnYWxQMYarpcB4tJQax5GTdNFnewhIPe_JQcVGTwnpLlsko9VA==
X-Firefox-Spdy: h2
alargeredrubygsw.com/aEwyem1Hc1EJUD4nXgIiPR5HHF0LAlYXO10eVUMXMSIDPS5bCRQOBAxxBUlaW38BXB0BKA9LSxs4Uw4YG3EDXAQGKl1HSx5xA1ReXGIBSENaakdHXE44QhsKVX0UChkcIA9LW1B8AE9fWnQAQ11a
188.114.96.1204 No Content 0 B URL HTTP/2 alargeredrubygsw.com/aEwyem1Hc1EJUD4nXgIiPR5HHF0LAlYXO10eVUMXMSIDPS5bCRQOBAxxBUlaW38BXB0BKA9LSxs4Uw4YG3EDXAQGKl1HSx5xA1ReXGIBSENaakdHXE44QhsKVX0UChkcIA9LW1B8AE9fWnQAQ11a
IP 188.114.96.1:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /aEwyem1Hc1EJUD4nXgIiPR5HHF0LAlYXO10eVUMXMSIDPS5bCRQOBAxxBUlaW38BXB0BKA9LSxs4Uw4YG3EDXAQGKl1HSx5xA1ReXGIBSENaakdHXE44QhsKVX0UChkcIA9LW1B8AE9fWnQAQ11a HTTP/1.1
Host: alargeredrubygsw.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Fri, 31 Mar 2023 08:44:43 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ln%2Fhs%2F%2F19ehaTBfK%2Bty9qN2xHUC0DWp3rVnBJjYwjNhM1ry1YGerhYqhMMhAqc%2FiCxhxet7R%2BDJZQX7Q%2FxuoOI51fRBs6sXcAnMbiRgxK5vjRHI1lGV%2BE8WgbkssEwZfQAfdN0EIhw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b074fe19e75fab4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
alargeredrubygsw.com/RGkxZFlrVlIXZCUtXS8AKCNTIDc0C2giNgYKACYyEzgAXAwDLBcQMCBUBlFvd14HQiktDQxWYGIaRQUtMRoMVX8tB1cLZGIfDFV3dEcHVHd3T0RZaGIdQQU+eVgXFC0wBQxVb3xZA1FrdlEDXWt3
188.114.96.1204 No Content 0 B URL HTTP/2 alargeredrubygsw.com/RGkxZFlrVlIXZCUtXS8AKCNTIDc0C2giNgYKACYyEzgAXAwDLBcQMCBUBlFvd14HQiktDQxWYGIaRQUtMRoMVX8tB1cLZGIfDFV3dEcHVHd3T0RZaGIdQQU+eVgXFC0wBQxVb3xZA1FrdlEDXWt3
IP 188.114.96.1:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /RGkxZFlrVlIXZCUtXS8AKCNTIDc0C2giNgYKACYyEzgAXAwDLBcQMCBUBlFvd14HQiktDQxWYGIaRQUtMRoMVX8tB1cLZGIfDFV3dEcHVHd3T0RZaGIdQQU+eVgXFC0wBQxVb3xZA1FrdlEDXWt3 HTTP/1.1
Host: alargeredrubygsw.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Fri, 31 Mar 2023 08:44:43 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VdYNMEK2RQlnYwOQ3AknHZhQxgiwVVEVIsMOEZ7uwcd%2FKw5T8TfbDdhI2%2FCuYpGI4Dl2%2BkAo3th8N3tdBrz6FfVjMGcTee%2F3jn1UUw2YirZ0FAWdHyO7w6F2ajOUoktOSxSR4XM5wg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b074fe1ae7ffab4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
alargeredrubygsw.com/SUVLZktmeigVdhwTJ1MaeiEgPw4xdxpUJz0UAzQEKBIjJCh5EG0SIi14fFV8enZ+QDsgIXZXc282Pwc/PDZ2V20gKy0Jdm8zdldleWt5SHhvMHZXbT01KgF2eGM7Ej8leHpQc3l3flR5cXdyVXI
188.114.96.1204 No Content 0 B URL HTTP/2 alargeredrubygsw.com/SUVLZktmeigVdhwTJ1MaeiEgPw4xdxpUJz0UAzQEKBIjJCh5EG0SIi14fFV8enZ+QDsgIXZXc282Pwc/PDZ2V20gKy0Jdm8zdldleWt5SHhvMHZXbT01KgF2eGM7Ej8leHpQc3l3flR5cXdyVXI
IP 188.114.96.1:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /SUVLZktmeigVdhwTJ1MaeiEgPw4xdxpUJz0UAzQEKBIjJCh5EG0SIi14fFV8enZ+QDsgIXZXc282Pwc/PDZ2V20gKy0Jdm8zdldleWt5SHhvMHZXbT01KgF2eGM7Ej8leHpQc3l3flR5cXdyVXI HTTP/1.1
Host: alargeredrubygsw.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Fri, 31 Mar 2023 08:44:43 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DpeTBCvzwKmAG%2BvRAabft3RXgdRwrtR%2FVOlkA4wwCZ%2BIFRRHgcBluoyLwy%2BMuNHpgvmY0jvo9gCbV0tGbGiR%2FvSSchZlxJ5ARNbMLbOkVKT9p6Z4Ke4G%2BWw%2BKvW9ysnzfP9qU0Kk1w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b074fe1ae7dfab4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
vingartistictaste.com/ZHN0aGsFERcFVAVOFk4eFh9JTVkiVkYuDw4FTVEYHBwFGB1VQloLBwsGEA4ZCx0ARgUBB1FaLSUQM105BTQHPCowSzs+KjU7Oj49ByJFBAIzQkE/KSc6PCo6Jic8AQgDOR5dAyw3AxkvIyoyPDo1Jjo+PQYlEyEcJhQMJjggIjMrLlUVEB8ANDYYJgcwG0A6Ph4EPC05DzAkOQcrIh0AADYfAD4zIzU1ICkPMjo5CAcyRBwBMzIhLThWPS0/ACYyLT1aPT4fHAEzMQMyKiMXFzwAKQAQLhsGMDIABzAlExE4Vj0tLzo+Py0BBwUiMhxOVjUjLSEyKzNFLjQ3HCUtNBhFMiUICxw/PRAyLFotPicfIg4qBDEyLTUUUVopITZBKyAjMS0wB1EWEBBaMyIlTgEXHBoYVis8Pz47VAcjMglTHg
54.230.111.121200 OK 1.2 kB URL HTTP/2 vingartistictaste.com/ZHN0aGsFERcFVAVOFk4eFh9JTVkiVkYuDw4FTVEYHBwFGB1VQloLBwsGEA4ZCx0ARgUBB1FaLSUQM105BTQHPCowSzs+KjU7Oj49ByJFBAIzQkE/KSc6PCo6Jic8AQgDOR5dAyw3AxkvIyoyPDo1Jjo+PQYlEyEcJhQMJjggIjMrLlUVEB8ANDYYJgcwG0A6Ph4EPC05DzAkOQcrIh0AADYfAD4zIzU1ICkPMjo5CAcyRBwBMzIhLThWPS0/ACYyLT1aPT4fHAEzMQMyKiMXFzwAKQAQLhsGMDIABzAlExE4Vj0tLzo+Py0BBwUiMhxOVjUjLSEyKzNFLjQ3HCUtNBhFMiUICxw/PRAyLFotPicfIg4qBDEyLTUUUVopITZBKyAjMS0wB1EWEBBaMyIlTgEXHBoYVis8Pz47VAcjMglTHg
IP 54.230.111.121:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3020), with no line terminators
Hash 0d37cc8b6bc88b133e0070d4d98a08b1
607ed54976b476a1268cadff9ba586687c52dc1c
576593191ab800a8bc6c73afdcb4bbdfb1cee74b5de7f17dcf291177f918f0c2
GET /ZHN0aGsFERcFVAVOFk4eFh9JTVkiVkYuDw4FTVEYHBwFGB1VQloLBwsGEA4ZCx0ARgUBB1FaLSUQM105BTQHPCowSzs+KjU7Oj49ByJFBAIzQkE/KSc6PCo6Jic8AQgDOR5dAyw3AxkvIyoyPDo1Jjo+PQYlEyEcJhQMJjggIjMrLlUVEB8ANDYYJgcwG0A6Ph4EPC05DzAkOQcrIh0AADYfAD4zIzU1ICkPMjo5CAcyRBwBMzIhLThWPS0/ACYyLT1aPT4fHAEzMQMyKiMXFzwAKQAQLhsGMDIABzAlExE4Vj0tLzo+Py0BBwUiMhxOVjUjLSEyKzNFLjQ3HCUtNBhFMiUICxw/PRAyLFotPicfIg4qBDEyLTUUUVopITZBKyAjMS0wB1EWEBBaMyIlTgEXHBoYVis8Pz47VAcjMglTHg HTTP/1.1
Host: vingartistictaste.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1174
date: Fri, 31 Mar 2023 08:44:43 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Xv8m8oDNlr2E_islF3G4W41xccfon7bcDv7-LNG0sUphtVq67d2pPw==
X-Firefox-Spdy: h2
bayfiles.com/img/flags/24/in.png
45.154.253.151200 OK 593 B URL HTTP/1.1 bayfiles.com/img/flags/24/in.png
IP 45.154.253.151:0
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash ccaf96cfc341dc9a17e24b96bef223ff
8791d6db6628e0fb21b847ab94484f0c615e38ac
728e008d94e2e3bae2679d50a051562f1ccce1fd604196c7880a3d96f3070354
GET /img/flags/24/in.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/H677Re7eyd
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 31 Mar 2023 08:44:43 GMT
Content-Type: image/png
Content-Length: 593
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 1663
accept-ranges: bytes
bayfiles.com/img/flags/24/dk.png
45.154.253.151200 OK 537 B URL HTTP/1.1 bayfiles.com/img/flags/24/dk.png
IP 45.154.253.151:0
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash b6ebe55a7d176720cd2b1003298187a8
930858408b9af1f79c430bbe15c185db555a7815
07575cf7a8d7d2b8edfbea80f8e8a228ecc56a03a567bc60c0ef4dc6ac0f328a
GET /img/flags/24/dk.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/H677Re7eyd
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 31 Mar 2023 08:44:43 GMT
Content-Type: image/png
Content-Length: 537
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 971
accept-ranges: bytes
bayfiles.com/img/flags/24/se.png
45.154.253.151200 OK 581 B URL HTTP/1.1 bayfiles.com/img/flags/24/se.png
IP 45.154.253.151:0
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash c9b1e40987c4411b4a7d13c07a8843aa
cfce93be3ba77e4e30033d25e2e5c6a37da1b27d
8c04b3b52d605637bb4c6a26449c45e5320a3f33f14e8c737ce599433bc19f14
GET /img/flags/24/se.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/H677Re7eyd
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 31 Mar 2023 08:44:43 GMT
Content-Type: image/png
Content-Length: 581
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 1302
accept-ranges: bytes
djv99sxoqpv11.cloudfront.net/zYlZTYXgBOT0HRxY/N1xPUWFgUktEPCAOFhJrFQA5EAUhNkooBhhHDBgyblFeDjc9BkVEMz0CRVNwMgUaX2J1FQgNPW4LCREkKhkPETs3Rw0Daz4OAgs6PwBdUBBmT0hHZGNJDws4Nw4PEXNhURYWc2FRSVJ4Y0RLIHNhUQ8LOGVVXVEUdlNIGmBnREsgc2-FRChRzYCBJUmN9UVFHZGMGHQE9PERKJGRjUEhSZ2NQXVBmNQgKBzA8GV1QEGJRTUxmdRRFUw
54.230.245.59200 OK 563 B URL HTTP/2 djv99sxoqpv11.cloudfront.net/zYlZTYXgBOT0HRxY/N1xPUWFgUktEPCAOFhJrFQA5EAUhNkooBhhHDBgyblFeDjc9BkVEMz0CRVNwMgUaX2J1FQgNPW4LCREkKhkPETs3Rw0Daz4OAgs6PwBdUBBmT0hHZGNJDws4Nw4PEXNhURYWc2FRSVJ4Y0RLIHNhUQ8LOGVVXVEUdlNIGmBnREsgc2-FRChRzYCBJUmN9UVFHZGMGHQE9PERKJGRjUEhSZ2NQXVBmNQgKBzA8GV1QEGJRTUxmdRRFUw
IP 54.230.245.59:0
File type ASCII text, with very long lines (787), with no line terminators
Hash ece94f086c22a2e5368885242f253a99
32c70735edc7347dd1b73e544c1d011ef7ee4497
5d00a2a3671dc89d77c2f647795e8ebdda4a281ecbc3ced7a4a269d1fe77845a
GET /zYlZTYXgBOT0HRxY/N1xPUWFgUktEPCAOFhJrFQA5EAUhNkooBhhHDBgyblFeDjc9BkVEMz0CRVNwMgUaX2J1FQgNPW4LCREkKhkPETs3Rw0Daz4OAgs6PwBdUBBmT0hHZGNJDws4Nw4PEXNhURYWc2FRSVJ4Y0RLIHNhUQ8LOGVVXVEUdlNIGmBnREsgc2-FRChRzYCBJUmN9UVFHZGMGHQE9PERKJGRjUEhSZ2NQXVBmNQgKBzA8GV1QEGJRTUxmdRRFUw HTTP/1.1
Host: djv99sxoqpv11.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vingartistictaste.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 563
date: Fri, 31 Mar 2023 08:44:43 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: WKHrK6hWKriD9ehBiQO7xLF4IbaspPQ6f1CQsQ5xPgekX19ymIEOTQ==
X-Firefox-Spdy: h2
djv99sxoqpv11.cloudfront.net/paldxRW8JOB8jUB4+FXhYX2FCcllMPQIqARpqASkGPA8lDF8LZhsWAUwjCyFSWnEdJAENalcgAQlqQGMODjVMcUkeJx4uUgAmAjcWEiACKAtMIhB4AgUtGCkDC3JDA1pEZ1R3X0IgGCsLBSACYF1aOQVgXVpmQWtfT2QzYF1aIBgrWV5yQgdKWGcJc1tPZD-NgXVolB2BcK2ZBcEFaflR3Xw0yEi4AT2U3d19bZ0F0X1tyQ3UJAyUUIwASckMDXlpiX3VJH2pA
54.230.245.59200 OK 446 B URL HTTP/2 djv99sxoqpv11.cloudfront.net/paldxRW8JOB8jUB4+FXhYX2FCcllMPQIqARpqASkGPA8lDF8LZhsWAUwjCyFSWnEdJAENalcgAQlqQGMODjVMcUkeJx4uUgAmAjcWEiACKAtMIhB4AgUtGCkDC3JDA1pEZ1R3X0IgGCsLBSACYF1aOQVgXVpmQWtfT2QzYF1aIBgrWV5yQgdKWGcJc1tPZD-NgXVolB2BcK2ZBcEFaflR3Xw0yEi4AT2U3d19bZ0F0X1tyQ3UJAyUUIwASckMDXlpiX3VJH2pA
IP 54.230.245.59:0
File type ASCII text, with very long lines (601), with no line terminators
Hash c304bd08dc81aaf65472256e071a3f7c
4a336c203b87f5f07099f39d51189d7eabd54765
4f09a28e9081de8e34cd909d2b064c46f1eb83241379a8dc82962488cb72ead6
GET /paldxRW8JOB8jUB4+FXhYX2FCcllMPQIqARpqASkGPA8lDF8LZhsWAUwjCyFSWnEdJAENalcgAQlqQGMODjVMcUkeJx4uUgAmAjcWEiACKAtMIhB4AgUtGCkDC3JDA1pEZ1R3X0IgGCsLBSACYF1aOQVgXVpmQWtfT2QzYF1aIBgrWV5yQgdKWGcJc1tPZD-NgXVolB2BcK2ZBcEFaflR3Xw0yEi4AT2U3d19bZ0F0X1tyQ3UJAyUUIwASckMDXlpiX3VJH2pA HTTP/1.1
Host: djv99sxoqpv11.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vingartistictaste.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 446
date: Fri, 31 Mar 2023 08:44:43 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: nnBHSrEc3PBj9A4ZbptdUVPFdFFsGZY_9pQFpNryLU5a3w0nolig6A==
X-Firefox-Spdy: h2
djv99sxoqpv11.cloudfront.net/AcG5RaGsTAT8OVAQHNVVcQ1liW15WBCIHBQBTHicgJj5hHDwqDGYFTQQUNVVbVgIwBgxNSDQGCE1fdwkPElNlTh4RUzwHERkCPQlOQihkRltVXGFAHBkANQccA0tjWAUES2NYWkBAYU1YMktjWBwZAGdcTkMsdFpbCFhlTVgyS2NYGQZLYilaQFt/WEJVXG-EPDhMFPk1ZNlxhWVtAX2FZTkJeNwEZFQg+EE5CKGBYXl5edx1WQQ
54.230.245.59200 OK 192 B URL HTTP/2 djv99sxoqpv11.cloudfront.net/AcG5RaGsTAT8OVAQHNVVcQ1liW15WBCIHBQBTHicgJj5hHDwqDGYFTQQUNVVbVgIwBgxNSDQGCE1fdwkPElNlTh4RUzwHERkCPQlOQihkRltVXGFAHBkANQccA0tjWAUES2NYWkBAYU1YMktjWBwZAGdcTkMsdFpbCFhlTVgyS2NYGQZLYilaQFt/WEJVXG-EPDhMFPk1ZNlxhWVtAX2FZTkJeNwEZFQg+EE5CKGBYXl5edx1WQQ
IP 54.230.245.59:0
File type ASCII text, with no line terminators
Hash 48cc474d857f373f1a63d09f4337c579
2a497c26960727eef8e3c2044b0207c913211539
28118fc1c59e44198bef69eea4f1981243204a1a72268a8f33b3554b88913485
GET /AcG5RaGsTAT8OVAQHNVVcQ1liW15WBCIHBQBTHicgJj5hHDwqDGYFTQQUNVVbVgIwBgxNSDQGCE1fdwkPElNlTh4RUzwHERkCPQlOQihkRltVXGFAHBkANQccA0tjWAUES2NYWkBAYU1YMktjWBwZAGdcTkMsdFpbCFhlTVgyS2NYGQZLYilaQFt/WEJVXG-EPDhMFPk1ZNlxhWVtAX2FZTkJeNwEZFQg+EE5CKGBYXl5edx1WQQ HTTP/1.1
Host: djv99sxoqpv11.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vingartistictaste.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 192
date: Fri, 31 Mar 2023 08:44:43 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 7XF_g2J1ox2nVuc6skB5j1KWrZevVQHzcG0-W-J5kzFtoXM8qPDBzA==
X-Firefox-Spdy: h2
policityseriod.info/VlJtSXQtcB4%2BKyMgAWtOdDoZPQQlaEJmFjcrCyAYMyFDKhs7fR4%2BWjwhT2VWJT8La05nfk89FTENBC1WbHBaekNlYFtrWHQhGCsrPzZfa050MA95FzNrDi9ZZmcLKFliMVl8WW9qW3hZYGULcEA3ZVgqRTAxTzQ
108.59.12.99302 Found 11 B URL HTTP/2 policityseriod.info/VlJtSXQtcB4%2BKyMgAWtOdDoZPQQlaEJmFjcrCyAYMyFDKhs7fR4%2BWjwhT2VWJT8La05nfk89FTENBC1WbHBaekNlYFtrWHQhGCsrPzZfa050MA95FzNrDi9ZZmcLKFliMVl8WW9qW3hZYGULcEA3ZVgqRTAxTzQ
IP 108.59.12.99:0
ASN #30633 LEASEWEB-USA-WDC
File type ASCII text, with no line terminators
Hash 32682312d17c7cbf18e73594f5570319
60e22121bdd0bc71cdb2bae2a3aa577006b2eae9
e55fb1a1d731153e943b68844af12dcce8bfac917c98ffdea64c80da0607dd47
Analyzer Verdict Alert fortinet Malware
GET /VlJtSXQtcB4%2BKyMgAWtOdDoZPQQlaEJmFjcrCyAYMyFDKhs7fR4%2BWjwhT2VWJT8La05nfk89FTENBC1WbHBaekNlYFtrWHQhGCsrPzZfa050MA95FzNrDi9ZZmcLKFliMVl8WW9qW3hZYGULcEA3ZVgqRTAxTzQ HTTP/1.1
Host: policityseriod.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
cache-control: max-age=0, private, must-revalidate
content-length: 11
date: Fri, 31 Mar 2023 08:44:43 GMT
location: http://ww1.policityseriod.info
server: Cowboy
set-cookie: sid=484cf570-cfa0-11ed-8aa5-5788166f84e3; path=/; domain=.policityseriod.info; expires=Wed, 18 Apr 2091 11:58:50 GMT; max-age=2147483647; secure; HttpOnly
X-Firefox-Spdy: h2
bayfiles.com/img/flags/24/no.png
45.154.253.151200 OK 611 B URL HTTP/1.1 bayfiles.com/img/flags/24/no.png
IP 45.154.253.151:0
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash f14ac70aa6dd4d371671c0e6d7cba4e3
1139e3acd6e073bffb59157cbc10af72ed757218
9a4473862ea2b9bd1c5e1543900416e693b33516cae53fde32e1c3a83d3382e4
GET /img/flags/24/no.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/H677Re7eyd
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 31 Mar 2023 08:44:43 GMT
Content-Type: image/png
Content-Length: 611
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 1334
accept-ranges: bytes
bayfiles.com/img/flags/24/pl.png
45.154.253.151200 OK 347 B URL HTTP/1.1 bayfiles.com/img/flags/24/pl.png
IP 45.154.253.151:0
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash baf3aff7caef0be58f29b41f20a0e4db
11c840dfa1f1bd22a04aa1fa53fcac95f381b9a6
0a3a8803b7a137166a04369522ec2b31513dcd4c07e2120107c55d9a7f7b646f
GET /img/flags/24/pl.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/H677Re7eyd
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 31 Mar 2023 08:44:43 GMT
Content-Type: image/png
Content-Length: 347
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 1632
accept-ranges: bytes
bayfiles.com/sw.js?b2dPN2I0RXgEVVxVeRVOTUVjFQANVyxSWwwBYgdXCQZiAwFbUmIOWllWYgFVCV57VlVaBH5RAU1LbVJTXwV4AVVYSnoHUVpKe1QGCUp2AVNfSncAUVkDeAUDDld%2BD0BDRTxAQENFP1gOBgQmQxscAj1eDQtJJlkEAEVjFVdBVW1q
45.154.253.151200 OK 14 kB URL HTTP/1.1 bayfiles.com/sw.js?b2dPN2I0RXgEVVxVeRVOTUVjFQANVyxSWwwBYgdXCQZiAwFbUmIOWllWYgFVCV57VlVaBH5RAU1LbVJTXwV4AVVYSnoHUVpKe1QGCUp2AVNfSncAUVkDeAUDDld%2BD0BDRTxAQENFP1gOBgQmQxscAj1eDQtJJlkEAEVjFVdBVW1q
IP 45.154.253.151:0
ASN #41634 Svea Hosting AB
File type ASCII text, with very long lines (39060), with no line terminators
Hash fefdeff3180d9772f08a2cadce9a55b0
5610f0290b7f4c81c57a65703825fc2830aeac96
0009589421c540c0b0ee37fde74f5373962096bc8e9869a953b4cb59547a8f61
GET /sw.js?b2dPN2I0RXgEVVxVeRVOTUVjFQANVyxSWwwBYgdXCQZiAwFbUmIOWllWYgFVCV57VlVaBH5RAU1LbVJTXwV4AVVYSnoHUVpKe1QGCUp2AVNfSncAUVkDeAUDDld%2BD0BDRTxAQENFP1gOBgQmQxscAj1eDQtJJlkEAEVjFVdBVW1q HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 31 Mar 2023 08:44:43 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
x-vdch: Yes
cache-control: public, max-age=14400
x-oe: Y
x-oh: 183
Content-Encoding: gzip
ocsp.digicert.com/
192.229.221.95200 OK 471 B IP 192.229.221.95:0
Hash ce7308102e0dd738be581569aab3c18f
1cad180ddadf6b3f9da7cddb50f6b8295128553d
1927bf86d6f33ee13042472aadda4133d65bc9535025c5f8a36dc76dfbaa6012
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3193
Cache-Control: max-age=88041
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 08:44:43 GMT
Etag: "642545eb-1d7"
Expires: Sat, 01 Apr 2023 09:12:04 GMT
Last-Modified: Thu, 30 Mar 2023 08:18:51 GMT
Server: ECAcc (ska/F756)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash c90bd7c311e02a4f9063c08ebf5261eb
4e2b8db47531a9c124ab0c6cf5a0900a199348ca
34744e7e236ec71b63064fc97c38099ef3460770078518828afd3078a835ef22
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 08:44:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash c90bd7c311e02a4f9063c08ebf5261eb
4e2b8db47531a9c124ab0c6cf5a0900a199348ca
34744e7e236ec71b63064fc97c38099ef3460770078518828afd3078a835ef22
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 08:44:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
vingartistictaste.com/utx?cb=aVGI56NBd4GQ&top=bayfiles.com&tid=756376
54.230.111.121204 No Content 0 B URL HTTP/2 vingartistictaste.com/utx?cb=aVGI56NBd4GQ&top=bayfiles.com&tid=756376
IP 54.230.111.121:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=aVGI56NBd4GQ&top=bayfiles.com&tid=756376 HTTP/1.1
Host: vingartistictaste.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bayfiles.com
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Fri, 31 Mar 2023 08:44:43 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://bayfiles.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Fri, 31 Mar 2023 08:45:43 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: xU2iflyO17X3-mUhywNn-1-Z80zILKEMSV_gLZC1j_32rywse0RC_A==
X-Firefox-Spdy: h2
vingartistictaste.com/utx?cb=7pW0FdPbWeAc&top=bayfiles.com&tid=737333
54.230.111.121204 No Content 0 B URL HTTP/2 vingartistictaste.com/utx?cb=7pW0FdPbWeAc&top=bayfiles.com&tid=737333
IP 54.230.111.121:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=7pW0FdPbWeAc&top=bayfiles.com&tid=737333 HTTP/1.1
Host: vingartistictaste.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bayfiles.com
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Fri, 31 Mar 2023 08:44:43 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://bayfiles.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Fri, 31 Mar 2023 08:45:43 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: S6d5-HJIWF_40BAQ1rWSvAwRYuqsydv47Jr0JqyTiY6d0jMpvYE7vg==
X-Firefox-Spdy: h2
vingartistictaste.com/multi?cs=QXdwRHhyQEB9SnNPSXZOcENGdks&abt=0&red=1&sm=76&k=&v=1.0.60.3&sts=0&prn=0&emb=0&tid=756376&rxy=1280_1024&fs=1&ref=https%3A%2F%2Fbayfiles.com%2FH677Re7eyd&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&_V7ga=1680252283528&crc=1
54.230.111.121200 OK 1.5 kB URL HTTP/2 vingartistictaste.com/multi?cs=QXdwRHhyQEB9SnNPSXZOcENGdks&abt=0&red=1&sm=76&k=&v=1.0.60.3&sts=0&prn=0&emb=0&tid=756376&rxy=1280_1024&fs=1&ref=https%3A%2F%2Fbayfiles.com%2FH677Re7eyd&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&_V7ga=1680252283528&crc=1
IP 54.230.111.121:0
File type ASCII text, with very long lines (3258), with no line terminators
Hash 89654102eadc80825949891fb329050f
8e86a9e655e35503a94220d95f814ad2445d25dc
db9202b9c9815cd9070dab98cf2b4b6c109cd8a182dc5c97462c2904e183a6e5
GET /multi?cs=QXdwRHhyQEB9SnNPSXZOcENGdks&abt=0&red=1&sm=76&k=&v=1.0.60.3&sts=0&prn=0&emb=0&tid=756376&rxy=1280_1024&fs=1&ref=https%3A%2F%2Fbayfiles.com%2FH677Re7eyd&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&_V7ga=1680252283528&crc=1 HTTP/1.1
Host: vingartistictaste.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bayfiles.com
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/plain
content-length: 1538
date: Fri, 31 Mar 2023 08:44:43 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://bayfiles.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=df935ea8-e6d5-4597-b9a2-78bd6b77ebb6
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 0Q-08DdD6cStg2pxRquEiBwZ1vZwB2tG1r34cXWMfdXSKWNAsyrWcA==
X-Firefox-Spdy: h2
bayfiles.com/img/favicon/favicon-32x32-bayfiles.png?1668603321
45.154.253.151200 OK 1.4 kB URL HTTP/1.1 bayfiles.com/img/favicon/favicon-32x32-bayfiles.png?1668603321
IP 45.154.253.151:0
ASN #41634 Svea Hosting AB
File type PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash 9549584e9288a5dd9d163daa26a6f34d
0c7a71967bd4570770aa9b1043a1d82cd8969252
d18e625001a778074faea9e00ae801988818827c121732ba020390e84897578e
GET /img/favicon/favicon-32x32-bayfiles.png?1668603321 HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/H677Re7eyd
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 31 Mar 2023 08:44:44 GMT
Content-Type: image/png
Content-Length: 1368
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 296
accept-ranges: bytes
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
216.58.211.13302 Found 396 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP 216.58.211.13:0
File type gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)\012- data
Hash 3a93b21b27e87b46753b06cb4d3e855b
ff4a7b1cf228dd15c7df2cb96bfe9814d2dcee8b
981582d78fcbf3b2586b3386935030d19f3fca19e85c436bf2c3f4b6a460b519
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 31 Mar 2023 08:44:44 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AQMjQ7Tx8QyKPcZeOPl_z_NDB3qFk2loWXx76IimSoksxpR6IYdwHUU1IrLrVbJaJMWhA9KBUxe4
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-RVORZJSyA7Wy_2kV0ybSyw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport, require-trusted-types-for 'script';report-uri /cspreport
report-to: {"group":"AccountsSigninPassiveLoginHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSigninPassiveLoginHttp/external"}]}, {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-resource-policy: cross-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: unsafe-none; report-to="AccountsSigninPassiveLoginHttp"
content-type: application/binary
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
server: GSE
set-cookie: __Host-GAPS=1:8wcNjrnu6KRKQZZfP8poFA6KmxiLSg:69kGObPBrpg3P5Eh; Expires=Sun, 30-Mar-2025 08:44:44 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AQMjQ7Tx8QyKPcZeOPl_z_NDB3qFk2loWXx76IimSoksxpR6IYdwHUU1IrLrVbJaJMWhA9KBUxe4
216.58.211.13302 Found 390 B URL HTTP/2 accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AQMjQ7Tx8QyKPcZeOPl_z_NDB3qFk2loWXx76IimSoksxpR6IYdwHUU1IrLrVbJaJMWhA9KBUxe4
IP 216.58.211.13:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (378)
Hash dd23b991e138ca6fab18e1adad37a152
9ff2c34d1533b1e00e9283dafeb8d1b1a046daa7
2f71ffbb1f8aa819b2106d8add5c51124d7446cc58dfefddf557d15c3f2736eb
GET /InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AQMjQ7Tx8QyKPcZeOPl_z_NDB3qFk2loWXx76IimSoksxpR6IYdwHUU1IrLrVbJaJMWhA9KBUxe4 HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bayfiles.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 31 Mar 2023 08:44:44 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S1041155544%3A1680252284132078&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AQMjQ7S3TsP9fA0Liu1TLtHHd9zqWtO_E2bV1bWCTS1f55CGfU8LBoShkmYTrok1ABEhVn55D90G&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-PSuvDbpBOJ_HgebnjoxOFw' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 390
server: GSE
set-cookie: __Host-GAPS=1:TBRyN7Qu3xvAV-eK9F7Db5C3KYhmbA:1A_AcjBmC4ig54tm;Path=/;Expires=Sun, 30-Mar-2025 08:44:44 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash d9bccde084c491a04e52752f2af1e16d
5a7a761608a0d79d383e104a0455f76bb0d2248e
aed5aade370f65d015700850f0a3a80c5f47066e82d200f5cf1d2d44657388dd
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 08:44:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
policityseriod.info/b2dPN2I0RXgEVVxVeRVOTUVjFQANVyxSWwwBYgdXCQZiAwFbUmIOWllWYgFVCV57VlVaBH5RAU1LbVJTXwV4AVVYSnoHUVpKe1QGCUp2AVNfSncAUVkDeAUDDld%2BD0BDRTxAQENFP1gOBgQmQxscAj1eDQtJJlkEAEVjFVdBVW1q
108.59.12.99200 OK 655 B URL HTTP/2 policityseriod.info/b2dPN2I0RXgEVVxVeRVOTUVjFQANVyxSWwwBYgdXCQZiAwFbUmIOWllWYgFVCV57VlVaBH5RAU1LbVJTXwV4AVVYSnoHUVpKe1QGCUp2AVNfSncAUVkDeAUDDld%2BD0BDRTxAQENFP1gOBgQmQxscAj1eDQtJJlkEAEVjFVdBVW1q
IP 108.59.12.99:0
ASN #30633 LEASEWEB-USA-WDC
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (655), with no line terminators
Hash 8642323bf2ac4f22f2356b2e6bc39ea3
1bbb414735ed5e0b73d4f909391ba1c65e5a46f9
4af7d9918647889f93bc76f4b8e3ff047d9ec3e19723037f3abf3a320d0fef40
Analyzer Verdict Alert fortinet Malware
GET /b2dPN2I0RXgEVVxVeRVOTUVjFQANVyxSWwwBYgdXCQZiAwFbUmIOWllWYgFVCV57VlVaBH5RAU1LbVJTXwV4AVVYSnoHUVpKe1QGCUp2AVNfSncAUVkDeAUDDld%2BD0BDRTxAQENFP1gOBgQmQxscAj1eDQtJJlkEAEVjFVdBVW1q HTTP/1.1
Host: policityseriod.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile
cache-control: max-age=0, private, must-revalidate
content-length: 655
content-type: text/html; charset=utf-8
date: Fri, 31 Mar 2023 08:44:43 GMT
server: Cowboy
set-cookie: sid=48c5c9be-cfa0-11ed-9d0b-5788aa6887cc; path=/; domain=.policityseriod.info; expires=Wed, 18 Apr 2091 11:58:51 GMT; max-age=2147483647; secure; HttpOnly
X-Firefox-Spdy: h2
policityseriod.info/
108.59.12.99302 Found 11 B IP 108.59.12.99:0
ASN #30633 LEASEWEB-USA-WDC
File type ASCII text, with no line terminators
Hash 32682312d17c7cbf18e73594f5570319
60e22121bdd0bc71cdb2bae2a3aa577006b2eae9
e55fb1a1d731153e943b68844af12dcce8bfac917c98ffdea64c80da0607dd47
Analyzer Verdict Alert fortinet Malware
POST / HTTP/1.1
Host: policityseriod.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 386
Origin: https://bayfiles.com
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
cache-control: max-age=0, private, must-revalidate
content-length: 11
date: Fri, 31 Mar 2023 08:44:43 GMT
location: http://survey-smiles.com
server: Cowboy
set-cookie: sid=48c854ea-cfa0-11ed-bb70-57887f2989b6; path=/; domain=.policityseriod.info; expires=Wed, 18 Apr 2091 11:58:51 GMT; max-age=2147483647; secure; HttpOnly
X-Firefox-Spdy: h2
ocsp.digicert.com/
192.229.221.95200 OK 471 B IP 192.229.221.95:0
Hash ce7308102e0dd738be581569aab3c18f
1cad180ddadf6b3f9da7cddb50f6b8295128553d
1927bf86d6f33ee13042472aadda4133d65bc9535025c5f8a36dc76dfbaa6012
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1489
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 08:44:44 GMT
Last-Modified: Fri, 31 Mar 2023 08:19:55 GMT
Server: ECAcc (ska/F6AF)
X-Cache: HIT
Content-Length: 471
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
216.58.211.13302 Found 11 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP 216.58.211.13:0
File type ASCII text, with no line terminators
Hash 32682312d17c7cbf18e73594f5570319
60e22121bdd0bc71cdb2bae2a3aa577006b2eae9
e55fb1a1d731153e943b68844af12dcce8bfac917c98ffdea64c80da0607dd47
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 31 Mar 2023 08:44:44 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AQMjQ7SdzEnJQR8i_XFQ6zQvqqewBAjDU5uZeafWkg1Ln27-Ipl9DNzsDzKKj5GZjB7s2jIQC5i5
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'nonce-D678m_e98CaAZpbR0THEAw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport, require-trusted-types-for 'script';report-uri /cspreport
cross-origin-opener-policy: unsafe-none
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-type: application/binary
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
server: GSE
set-cookie: __Host-GAPS=1:1Rl43OYQu_miWXxg4ha-iB9W_p-acw:3nic4YEjXrm7JcbF; Expires=Sun, 30-Mar-2025 08:44:44 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
policityseriod.info/
108.59.12.99302 Found 11 B IP 108.59.12.99:0
ASN #30633 LEASEWEB-USA-WDC
File type ASCII text, with no line terminators
Hash 32682312d17c7cbf18e73594f5570319
60e22121bdd0bc71cdb2bae2a3aa577006b2eae9
e55fb1a1d731153e943b68844af12dcce8bfac917c98ffdea64c80da0607dd47
Analyzer Verdict Alert fortinet Malware
POST / HTTP/1.1
Host: policityseriod.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 752
Origin: https://bayfiles.com
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
cache-control: max-age=0, private, must-revalidate
content-length: 11
date: Fri, 31 Mar 2023 08:44:43 GMT
location: http://survey-smiles.com
server: Cowboy
set-cookie: sid=48dc321c-cfa0-11ed-8e5f-5788e6350349; path=/; domain=.policityseriod.info; expires=Wed, 18 Apr 2091 11:58:51 GMT; max-age=2147483647; secure; HttpOnly
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?dsh=S2131105377%3A1680252284134125&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AQMjQ7TEiPnXAyWL60aGP2V-kiG4BnQ-52XTuXzqNfkIZc6vC_CvtbEa1YHiLF8I4mgB7MFS76nA&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin
216.58.211.13403 Forbidden 820 B URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S2131105377%3A1680252284134125&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AQMjQ7TEiPnXAyWL60aGP2V-kiG4BnQ-52XTuXzqNfkIZc6vC_CvtbEa1YHiLF8I4mgB7MFS76nA&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin
IP 216.58.211.13:0
Hash b6e9ed8ee3b4f26554bdeb8e90deadb0
875bf0d4fb6bc6c8e8d49af414cb75f39f7dab23
fb3a5c391aa7293c817c73ff4f0ab0ae3eebc354ad3e0bfbcf152c68fc40fbf8
GET /v3/signin/identifier?dsh=S2131105377%3A1680252284134125&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AQMjQ7TEiPnXAyWL60aGP2V-kiG4BnQ-52XTuXzqNfkIZc6vC_CvtbEa1YHiLF8I4mgB7MFS76nA&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bayfiles.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 31 Mar 2023 08:44:44 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: script-src 'nonce-kZt1QF1AX4wCStzyfAy01A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
cross-origin-opener-policy-report-only: same-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 195589ff3c6c50463257f10da16de114
7119aeba010d5c5c224fa544feff6f1761739929
dbb5774621e0eee6f9641f6078a650a78d281019726ade7a52c150f0988cd12b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DBB5774621E0EEE6F9641F6078A650A78D281019726ADE7A52C150F0988CD12B"
Last-Modified: Wed, 29 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16860
Expires: Fri, 31 Mar 2023 13:25:44 GMT
Date: Fri, 31 Mar 2023 08:44:44 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 195589ff3c6c50463257f10da16de114
7119aeba010d5c5c224fa544feff6f1761739929
dbb5774621e0eee6f9641f6078a650a78d281019726ade7a52c150f0988cd12b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DBB5774621E0EEE6F9641F6078A650A78D281019726ADE7A52C150F0988CD12B"
Last-Modified: Wed, 29 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16860
Expires: Fri, 31 Mar 2023 13:25:44 GMT
Date: Fri, 31 Mar 2023 08:44:44 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 195589ff3c6c50463257f10da16de114
7119aeba010d5c5c224fa544feff6f1761739929
dbb5774621e0eee6f9641f6078a650a78d281019726ade7a52c150f0988cd12b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DBB5774621E0EEE6F9641F6078A650A78D281019726ADE7A52C150F0988CD12B"
Last-Modified: Wed, 29 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16860
Expires: Fri, 31 Mar 2023 13:25:44 GMT
Date: Fri, 31 Mar 2023 08:44:44 GMT
Connection: keep-alive
policityseriod.info/
108.59.12.99302 Found 11 B IP 108.59.12.99:0
ASN #30633 LEASEWEB-USA-WDC
File type ASCII text, with no line terminators
Hash 32682312d17c7cbf18e73594f5570319
60e22121bdd0bc71cdb2bae2a3aa577006b2eae9
e55fb1a1d731153e943b68844af12dcce8bfac917c98ffdea64c80da0607dd47
Analyzer Verdict Alert fortinet Malware
POST / HTTP/1.1
Host: policityseriod.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 746
Origin: https://bayfiles.com
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
cache-control: max-age=0, private, must-revalidate
content-length: 11
date: Fri, 31 Mar 2023 08:44:44 GMT
location: http://survey-smiles.com
server: Cowboy
set-cookie: sid=48f267c6-cfa0-11ed-be80-5788c5039496; path=/; domain=.policityseriod.info; expires=Wed, 18 Apr 2091 11:58:51 GMT; max-age=2147483647; secure; HttpOnly
X-Firefox-Spdy: h2
policityseriod.info/
108.59.12.99302 Found 11 B IP 108.59.12.99:0
ASN #30633 LEASEWEB-USA-WDC
File type ASCII text, with no line terminators
Hash 32682312d17c7cbf18e73594f5570319
60e22121bdd0bc71cdb2bae2a3aa577006b2eae9
e55fb1a1d731153e943b68844af12dcce8bfac917c98ffdea64c80da0607dd47
Analyzer Verdict Alert fortinet Malware
POST / HTTP/1.1
Host: policityseriod.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bayfiles.com/
Content-Type: text/plain;charset=UTF-8
Origin: https://bayfiles.com
Content-Length: 351
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
cache-control: max-age=0, private, must-revalidate
content-length: 11
date: Fri, 31 Mar 2023 08:44:44 GMT
location: http://survey-smiles.com
server: Cowboy
set-cookie: sid=48f5a4c2-cfa0-11ed-81c1-578887d50b3c; path=/; domain=.policityseriod.info; expires=Wed, 18 Apr 2091 11:58:51 GMT; max-age=2147483647; secure; HttpOnly
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb5ac5665-fe23-4026-a00b-567f98678f9e.webp
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb5ac5665-fe23-4026-a00b-567f98678f9e.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e55c2ccec92fa37b631f5616ba5e1b77
c3f1113bad672968f22e63693ef4481f7f5616fe
10bfe1a2cf0b6e0a2a548935a1afc061fc61990a121a84580f3969df68b7974c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb5ac5665-fe23-4026-a00b-567f98678f9e.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10706
x-amzn-requestid: 2e382033-306f-40ed-b259-76790e5e3ac9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CnUlmGujoAMFamQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64260156-3856db4579fce52a18219166;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Thu, 30 Mar 2023 21:38:30 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: cYDbU2yRL1y7tFVehv7XBDdywykpvl7kVurr1JvsGPTlYkmsOBwczg==
via: 1.1 8ead054384c1626556ee4410cad35692.cloudfront.net (CloudFront), 1.1 aa623e134417515bd2496cb01d5e5626.cloudfront.net (CloudFront), 1.1 google
date: Thu, 30 Mar 2023 22:04:58 GMT
age: 38386
etag: "c3f1113bad672968f22e63693ef4481f7f5616fe"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
policityseriod.info/
108.59.12.99302 Found 11 B IP 108.59.12.99:0
ASN #30633 LEASEWEB-USA-WDC
File type ASCII text, with no line terminators
Hash 32682312d17c7cbf18e73594f5570319
60e22121bdd0bc71cdb2bae2a3aa577006b2eae9
e55fb1a1d731153e943b68844af12dcce8bfac917c98ffdea64c80da0607dd47
Analyzer Verdict Alert fortinet Malware
POST / HTTP/1.1
Host: policityseriod.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 394
Origin: https://bayfiles.com
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
cache-control: max-age=0, private, must-revalidate
content-length: 11
date: Fri, 31 Mar 2023 08:44:44 GMT
location: http://survey-smiles.com
server: Cowboy
set-cookie: sid=48f57de4-cfa0-11ed-a651-578845fbbb30; path=/; domain=.policityseriod.info; expires=Wed, 18 Apr 2091 11:58:51 GMT; max-age=2147483647; secure; HttpOnly
X-Firefox-Spdy: h2
policityseriod.info/
108.59.12.99302 Found 11 B IP 108.59.12.99:0
ASN #30633 LEASEWEB-USA-WDC
File type ASCII text, with no line terminators
Hash 32682312d17c7cbf18e73594f5570319
60e22121bdd0bc71cdb2bae2a3aa577006b2eae9
e55fb1a1d731153e943b68844af12dcce8bfac917c98ffdea64c80da0607dd47
Analyzer Verdict Alert fortinet Malware
POST / HTTP/1.1
Host: policityseriod.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 389
Origin: https://bayfiles.com
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
cache-control: max-age=0, private, must-revalidate
content-length: 11
date: Fri, 31 Mar 2023 08:44:44 GMT
location: http://survey-smiles.com
server: Cowboy
set-cookie: sid=48f5bdea-cfa0-11ed-bf4b-5788b8ba035a; path=/; domain=.policityseriod.info; expires=Wed, 18 Apr 2091 11:58:51 GMT; max-age=2147483647; secure; HttpOnly
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F067b6c49-6e52-4dcc-af72-f7292299f912.jpeg
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F067b6c49-6e52-4dcc-af72-f7292299f912.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 876e5464aba1639f3b07b07d1d694514
93885a6205be71d16187782b1803f53d5c8538cb
6e2b6b15f462922a9e8260f55cfcd94d488d1a48435458db43270ea3b825d8c4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F067b6c49-6e52-4dcc-af72-f7292299f912.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13775
x-amzn-requestid: 43d1a1f3-b189-4fcd-a298-429123d1921b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CnUloF9woAMFU4w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64260156-13778451622503253ea252eb;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Thu, 30 Mar 2023 21:38:30 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: bXA995GxGti4_AzSi9F19ZNvUwm5_ZSBw0BB0lRIfNHcmX7Ajt6bSg==
via: 1.1 8731d2a1a7d15f67b588bf58f652f9f0.cloudfront.net (CloudFront), 1.1 331202b5b8aab67acbf389883133f256.cloudfront.net (CloudFront), 1.1 google
date: Thu, 30 Mar 2023 21:52:34 GMT
age: 39130
etag: "93885a6205be71d16187782b1803f53d5c8538cb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F36630e1b-1c89-4e55-ac67-f104436fd02c.jpeg
34.120.237.76200 OK 8.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F36630e1b-1c89-4e55-ac67-f104436fd02c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 45a4bac8a91b725def9099fd6f720285
134ace682a567c7e385817c8f8af0d49acfde847
3d60e54132cbbba19ce8ad4bdf79a4b3b6ae74573f45bf4f080a283aa250b53c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F36630e1b-1c89-4e55-ac67-f104436fd02c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8358
x-amzn-requestid: 8069495f-4ea5-4975-8369-fc4db9199774
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CnUllH2fIAMFdlw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64260156-2e5418a132076d0569e30de6;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Thu, 30 Mar 2023 21:38:30 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: z4Jd4oIn19s5lhDNYlrrh6RlxDz7mxCg1KJKUyFfJfqZsymvADn88g==
via: 1.1 8f251d23da31b683c3c9d6fad6ca944c.cloudfront.net (CloudFront), 1.1 6a6653dfb47ccc5082f2a5b9d0d168ce.cloudfront.net (CloudFront), 1.1 google
date: Thu, 30 Mar 2023 22:02:05 GMT
age: 38559
etag: "134ace682a567c7e385817c8f8af0d49acfde847"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fccede828-1c24-4287-bb00-f793263370cf.jpeg
34.120.237.76200 OK 6.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fccede828-1c24-4287-bb00-f793263370cf.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8a2b8f737604b7983cf686c82599dc73
aa63be93c4cd641f09ce0d5144ef60aab21caed1
78835586bfd170fee7e6f70b2b426ed186f5aeae969459c6dcbf527ba9c0deec
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fccede828-1c24-4287-bb00-f793263370cf.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6380
x-amzn-requestid: 0a129a69-0720-47a0-8b0e-b3200de24204
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CnUn6E19IAMF9SQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64260165-564474a42e79d1dc4eb9558f;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Thu, 30 Mar 2023 21:38:45 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: L6tgzFrj9t69Rnfd9bziAPiROAX0tvcj9Kcg8sXkto8qRFeKqiwkpg==
via: 1.1 b5695e36d7fbc522ece27885d73757ae.cloudfront.net (CloudFront), 1.1 7514e5e25722778fd4b1744d4ecc67e0.cloudfront.net (CloudFront), 1.1 google
date: Thu, 30 Mar 2023 22:17:06 GMT
age: 37658
etag: "aa63be93c4cd641f09ce0d5144ef60aab21caed1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0794d5a0-7014-425b-9ea0-5dca44ddb4dd.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0794d5a0-7014-425b-9ea0-5dca44ddb4dd.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ef54a1ed997cc09495edb102ccdf6803
f5637efb37b5eecff77e60e6bcf5f599991f334f
fa76d7a82dc15baf02b207cea874d1332c20a0ebe1eea99929a6f2746608412c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0794d5a0-7014-425b-9ea0-5dca44ddb4dd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8745
x-amzn-requestid: e1d8dab6-4c15-4752-b528-21854c93a11c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CguJ5Hy5oAMFyAg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64235d72-4bd62c8472f7257a155b2a80;Sampled=0
x-amzn-remapped-date: Tue, 28 Mar 2023 21:34:42 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: LAAUFZcFBIpdMUkaDQXGW1sdwLK9c_uhQQHLiJHGF7dEvfJ0KX7MaA==
via: 1.1 8f251d23da31b683c3c9d6fad6ca944c.cloudfront.net (CloudFront), 1.1 331202b5b8aab67acbf389883133f256.cloudfront.net (CloudFront), 1.1 google
date: Fri, 31 Mar 2023 06:44:37 GMT
age: 7207
etag: "f5637efb37b5eecff77e60e6bcf5f599991f334f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2cbd721e-872e-4eec-8eb5-363663d0ab36.jpeg
34.120.237.76200 OK 5.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2cbd721e-872e-4eec-8eb5-363663d0ab36.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8600e41520408df4865627256a0a0736
dffeaf1a8f73ae9f6247b9dc7f05301fefc00aef
9163d80d7b6087b804e6682a50d4f66339d339894cf1c5808f2e5c2e0b3de930
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2cbd721e-872e-4eec-8eb5-363663d0ab36.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5806
x-amzn-requestid: cee5b166-592b-405e-b5f1-e36eb249ec59
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CnUllFFooAMFQ2g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64260156-01840fa47177285667bca060;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Thu, 30 Mar 2023 21:38:30 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: WnrfQr57EWYnXt1xJt9tr5XCuM3gPYULlDdEVpv2Q2kz7MDIPxSPKA==
via: 1.1 88a7ff956a5b49ec3a35abfc0027af12.cloudfront.net (CloudFront), 1.1 aabd01c4a20dae837d162bd972422efc.cloudfront.net (CloudFront), 1.1 google
date: Thu, 30 Mar 2023 21:47:50 GMT
age: 39414
etag: "dffeaf1a8f73ae9f6247b9dc7f05301fefc00aef"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
policityseriod.info/
108.59.12.99302 Found 11 B IP 108.59.12.99:0
ASN #30633 LEASEWEB-USA-WDC
File type ASCII text, with no line terminators
Hash 32682312d17c7cbf18e73594f5570319
60e22121bdd0bc71cdb2bae2a3aa577006b2eae9
e55fb1a1d731153e943b68844af12dcce8bfac917c98ffdea64c80da0607dd47
Analyzer Verdict Alert fortinet Malware
POST / HTTP/1.1
Host: policityseriod.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bayfiles.com/
Content-Type: text/plain;charset=UTF-8
Origin: https://bayfiles.com
Content-Length: 354
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
cache-control: max-age=0, private, must-revalidate
content-length: 11
date: Fri, 31 Mar 2023 08:44:44 GMT
location: http://survey-smiles.com
server: Cowboy
set-cookie: sid=49097768-cfa0-11ed-9aa9-5788646935b6; path=/; domain=.policityseriod.info; expires=Wed, 18 Apr 2091 11:58:51 GMT; max-age=2147483647; secure; HttpOnly
X-Firefox-Spdy: h2
policityseriod.info/
108.59.12.99302 Found 11 B IP 108.59.12.99:0
ASN #30633 LEASEWEB-USA-WDC
File type ASCII text, with no line terminators
Hash 32682312d17c7cbf18e73594f5570319
60e22121bdd0bc71cdb2bae2a3aa577006b2eae9
e55fb1a1d731153e943b68844af12dcce8bfac917c98ffdea64c80da0607dd47
Analyzer Verdict Alert fortinet Malware
POST / HTTP/1.1
Host: policityseriod.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bayfiles.com/
Content-Type: text/plain;charset=UTF-8
Origin: https://bayfiles.com
Content-Length: 359
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
cache-control: max-age=0, private, must-revalidate
content-length: 11
date: Fri, 31 Mar 2023 08:44:44 GMT
location: http://survey-smiles.com
server: Cowboy
set-cookie: sid=490aa39a-cfa0-11ed-ab51-57887849e851; path=/; domain=.policityseriod.info; expires=Wed, 18 Apr 2091 11:58:51 GMT; max-age=2147483647; secure; HttpOnly
X-Firefox-Spdy: h2
push.services.mozilla.com/
34.117.65.55101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.117.65.55:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: oZS7mUocjrN86I9CIg+Fug==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: wkA1ODUjY1jZbuzyZJGYUJtI1U8=
Date: Fri, 31 Mar 2023 08:44:45 GMT
Via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
accounts.google.com/v3/signin/identifier?dsh=S1041155544%3A1680252284132078&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AQMjQ7S3TsP9fA0Liu1TLtHHd9zqWtO_E2bV1bWCTS1f55CGfU8LBoShkmYTrok1ABEhVn55D90G&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin
216.58.211.13403 Forbidden 0 B URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S1041155544%3A1680252284132078&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AQMjQ7S3TsP9fA0Liu1TLtHHd9zqWtO_E2bV1bWCTS1f55CGfU8LBoShkmYTrok1ABEhVn55D90G&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin
IP 216.58.211.13:0
GET /v3/signin/identifier?dsh=S1041155544%3A1680252284132078&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AQMjQ7S3TsP9fA0Liu1TLtHHd9zqWtO_E2bV1bWCTS1f55CGfU8LBoShkmYTrok1ABEhVn55D90G&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bayfiles.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 31 Mar 2023 08:44:44 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-fcyzm8SZstmViNz33DCIeg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy-report-only: same-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.133.29200 OK 0 B IP 172.64.133.29:0
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bayfiles.com/
Origin: https://bayfiles.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 31 Mar 2023 08:44:44 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://bayfiles.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 2513
last-modified: Fri, 31 Mar 2023 08:02:51 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NAmQkwyJiOclTjECv%2FmCSu22l7V5JpJghVyXhATWxdDXCpA7LsqEagJSQUh%2BLr8YEa%2FFcmxeUxjolXL0PBcpkG07sqWyZyJPpdgpe4tuCO47J97CAXrPRcm%2BIGUzTFdu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b074fe77ca9496c-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/
172.64.133.29200 OK 0 B IP 172.64.133.29:0
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bayfiles.com/
Origin: https://bayfiles.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 31 Mar 2023 08:44:44 GMT
content-type: text/plain
set-cookie: csu=1448913357034473@1@1680252284; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://bayfiles.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qfBZGJiVJTHO6NxnBkvxbxb2XtRSF6ARKlivEfQNnuq0jQ69o2%2BxNXbpoABoOEOpMcf1rohHKwx235rODKGKJXAWDv8zuvfLTgy4zOpZ2vBvxTAfs3xuxVrRFvwdoNnO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b074fe77cac496c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.133.29200 OK 0 B IP 172.64.133.29:0
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bayfiles.com/
Origin: https://bayfiles.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 31 Mar 2023 08:44:44 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://bayfiles.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 2513
last-modified: Fri, 31 Mar 2023 08:02:51 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SHPfu9us8zssLRSZNf%2BPZy4SNDqqHceH4eUfaAC9YEcN%2BSRXmEH7JTeVIV7uNkfqVwPrlwV1cirRk2mA9DhwVhbjoBYdFMNPAiEnpBSLrdtmep75WYQ8W0eDNuiGAXbe"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b074fe77ca7496c-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
31.13.72.36200 OK 0 B URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP 31.13.72.36:0
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: vJA43ac/Z5hMBw2X83CDs7gHC1FVzSjm34OYIVlCswKPSEk9En4N9OFtWJB/x0WXeYyXOhHDee86T0owJ1By+A==
date: Fri, 31 Mar 2023 08:44:44 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
cdn-143.bayfiles.com/H677Re7eyd/6d298bc9-1680174360/Crusader%20Kings%203%20--%20fitgirl-repacks.site%20--.part1.rar
195.96.151.36301 Moved Permanently 0 B URL HTTP/2 cdn-143.bayfiles.com/H677Re7eyd/6d298bc9-1680174360/Crusader%20Kings%203%20--%20fitgirl-repacks.site%20--.part1.rar
IP 195.96.151.36:0
ASN #41634 Svea Hosting AB
GET /H677Re7eyd/6d298bc9-1680174360/Crusader%20Kings%203%20--%20fitgirl-repacks.site%20--.part1.rar HTTP/1.1
Host: cdn-143.bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 301 Moved Permanently
server: nginx
date: Fri, 31 Mar 2023 08:44:41 GMT
content-type: text/html
location: https://bayfiles.com/H677Re7eyd
x-cache-host: filecache-01
x-cache-disk: nvme-01
accept-ranges: bytes
X-Firefox-Spdy: h2