cdn-111.bayfiles.com/12xey6i2y0/90f5bdfd-1675101000/linkvertise%20installer.exe
301 Moved Permanently 162 B URL HTTP/1.1 cdn-111.bayfiles.com/12xey6i2y0/90f5bdfd-1675101000/linkvertise%20installer.exe
IP
ASN #41634 Svea Hosting AB
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /12xey6i2y0/90f5bdfd-1675101000/linkvertise%20installer.exe HTTP/1.1
Host: cdn-111.bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 30 Jan 2023 19:30:32 GMT
Content-Type: text/html
Content-Length: 162
Connection: close
Location: https://cdn-111.bayfiles.com/12xey6i2y0/90f5bdfd-1675101000/linkvertise%20installer.exe
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 0c35c3ec659d3a26ea97e68d787bb043
d97e3672244efec5b7814f2d8a734cd1a9387854
4c946a026114ff05316d92277750facf3d5f5d162839149da0b7fb1a4cff6b5e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4C946A026114FF05316D92277750FACF3D5F5D162839149DA0B7FB1A4CFF6B5E"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15307
Expires: Mon, 30 Jan 2023 23:45:39 GMT
Date: Mon, 30 Jan 2023 19:30:32 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash d2e72d45afe3d391c204b5391599607c
149d68b9d00a720b6f380fa2324779dca9dbe26d
f6f1c295c68dfebadacb1fc812b44e01c7ede0e203615ef3e2cced2ce2251e7e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F6F1C295C68DFEBADACB1FC812B44E01C7EDE0E203615EF3E2CCED2CE2251E7E"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2859
Expires: Mon, 30 Jan 2023 20:18:11 GMT
Date: Mon, 30 Jan 2023 19:30:32 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash dcd75ca6daca51c5e39d431468511793
07f76d3bf23d65c9110d810fa71a994e39e085d3
73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Retry-After, Content-Type, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 30 Jan 2023 18:43:12 GMT
content-type: application/json
age: 2840
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 302c7548412192add063ad6c8b99cf3b
e5d178931a27db036ce8daae302594d3ff7050b8
fc2bd9091006189e67e8074093805ee5492ce16e1dbfba32e083abeeae34969d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FC2BD9091006189E67E8074093805EE5492CE16E1DBFBA32E083ABEEAE34969D"
Last-Modified: Sat, 28 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16606
Expires: Tue, 31 Jan 2023 00:07:18 GMT
Date: Mon, 30 Jan 2023 19:30:32 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: eeUz2RjP/ZT4qJKakzrbVFNODJDmIuOIjXCYWJnzedHw7e9qE4724xQyvDBf4X/cyRhMd5IJgqg=
x-amz-request-id: ASYWGYV222N51A91
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 30 Jan 2023 18:50:51 GMT
age: 2381
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
cdn-111.bayfiles.com/12xey6i2y0/90f5bdfd-1675101000/linkvertise%20installer.exe
301 Moved Permanently 0 B URL HTTP/1.1 cdn-111.bayfiles.com/12xey6i2y0/90f5bdfd-1675101000/linkvertise%20installer.exe
IP
ASN #41634 Svea Hosting AB
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /12xey6i2y0/90f5bdfd-1675101000/linkvertise%20installer.exe HTTP/1.1
Host: cdn-111.bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 30 Jan 2023 19:30:32 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Location: https://bayfiles.com/12xey6i2y0
X-Cache-Host: filecache-02
X-Cache-Disk: nvme-01
Accept-Ranges: bytes
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 19:30:32 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 6a0d83baae09f593bd991764d24d007d
8c6e503d7330d2f2b06c1743be1e2818848147c4
15dfa1b279b2f12269e9a81dc4e58bc59a0b306f1d1ecaa8dfd092089102da0a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "15DFA1B279B2F12269E9A81DC4E58BC59A0B306F1D1ECAA8DFD092089102DA0A"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8420
Expires: Mon, 30 Jan 2023 21:50:52 GMT
Date: Mon, 30 Jan 2023 19:30:32 GMT
Connection: keep-alive
bayfiles.com/12xey6i2y0
404 Not Found 2.3 kB IP
ASN #41634 Svea Hosting AB
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash 3d5c72a35c6b320be8e0a6ae91492baf
5cfbdfe864350500beb88ec17a0e8de3ce06de1a
01cee439de3974dc4dc9a27c0d7a2853c4cd7e246418dd42f02461d3d29d14e2
GET /12xey6i2y0 HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 404 Not Found
Server: nginx
Date: Mon, 30 Jan 2023 19:30:32 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
cache-control: public, max-age=3600
x-oe: Y
x-oh: 4
Content-Encoding: gzip
bayfiles.com/css/bayfiles.css?1668606177
200 OK 25 kB URL HTTP/1.1 bayfiles.com/css/bayfiles.css?1668606177
IP
ASN #41634 Svea Hosting AB
File type ASCII text, with very long lines (65452)
Hash 896df88019eabed295bc78a2f053ab92
1bca351d99600fb10583eb28c638dd58482535a0
b1555a31747d1f471ea748a1363cf9c588d66dd15dcf42cf7fa0b2911d0424d0
GET /css/bayfiles.css?1668606177 HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/12xey6i2y0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 30 Jan 2023 19:30:33 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
cache-control: public, max-age=3600
x-oe: Y
x-oh: 201
Content-Encoding: gzip
bayfiles.com/sw.js
200 OK 14 kB IP
ASN #41634 Svea Hosting AB
File type ASCII text, with very long lines (39060), with no line terminators
Hash fefdeff3180d9772f08a2cadce9a55b0
5610f0290b7f4c81c57a65703825fc2830aeac96
0009589421c540c0b0ee37fde74f5373962096bc8e9869a953b4cb59547a8f61
GET /sw.js HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/12xey6i2y0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 30 Jan 2023 19:30:33 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
x-vdch: Yes
cache-control: public, max-age=14400
x-oe: Y
x-oh: 524
Content-Encoding: gzip
bayfiles.com/js/app.js?1668606177
200 OK 58 kB URL HTTP/1.1 bayfiles.com/js/app.js?1668606177
IP
ASN #41634 Svea Hosting AB
File type ASCII text, with very long lines (63238)
Hash ba67ff13fd07739a7037fbc27b2a1955
3e253f69b2f12659c541de122c6bce0ed82ba369
1cb363c41be4b3558b7b97b28bb7620cf532033c8a7a0035020831c104aaf818
GET /js/app.js?1668606177 HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/12xey6i2y0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 30 Jan 2023 19:30:33 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
cache-control: public, max-age=3600
x-oe: Y
x-oh: 96
Content-Encoding: gzip
bayfiles.com/img/flags/24/jp.png
200 OK 599 B URL HTTP/1.1 bayfiles.com/img/flags/24/jp.png
IP
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash 857f6f0e0886a3729b758b7241e42e61
a7be973a93c6ad51cf07a9f21a5dd72cc3e15680
8e7b1cd46120293756d1f21bac4de809d2895c7c26dc7586e3e2a09a0f7c1d64
GET /img/flags/24/jp.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/12xey6i2y0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 30 Jan 2023 19:30:33 GMT
Content-Type: image/png
Content-Length: 599
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 207
accept-ranges: bytes
bayfiles.com/img/flags/24/dk.png
200 OK 537 B URL HTTP/1.1 bayfiles.com/img/flags/24/dk.png
IP
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash b6ebe55a7d176720cd2b1003298187a8
930858408b9af1f79c430bbe15c185db555a7815
07575cf7a8d7d2b8edfbea80f8e8a228ecc56a03a567bc60c0ef4dc6ac0f328a
GET /img/flags/24/dk.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/12xey6i2y0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 30 Jan 2023 19:30:33 GMT
Content-Type: image/png
Content-Length: 537
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 168
accept-ranges: bytes
bayfiles.com/img/flags/24/fr.png
200 OK 536 B URL HTTP/1.1 bayfiles.com/img/flags/24/fr.png
IP
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash e81efecf1a1b1d3a17d00a904c5cc3c9
1203894dbfc8363302dc709d852c05a4dd8bf9dc
54df4beda3ad05d5c621511ff15b2882588ff457e36132035d5f21fb29f2a750
GET /img/flags/24/fr.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/12xey6i2y0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 30 Jan 2023 19:30:33 GMT
Content-Type: image/png
Content-Length: 536
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 176
accept-ranges: bytes
bayfiles.com/img/flags/24/in.png
200 OK 593 B URL HTTP/1.1 bayfiles.com/img/flags/24/in.png
IP
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash ccaf96cfc341dc9a17e24b96bef223ff
8791d6db6628e0fb21b847ab94484f0c615e38ac
728e008d94e2e3bae2679d50a051562f1ccce1fd604196c7880a3d96f3070354
GET /img/flags/24/in.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/12xey6i2y0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 30 Jan 2023 19:30:33 GMT
Content-Type: image/png
Content-Length: 593
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 188
accept-ranges: bytes
vjs.zencdn.net/7.3.0/video.min.js
200 OK 132 kB URL HTTP/2 vjs.zencdn.net/7.3.0/video.min.js
IP
File type Unicode text, UTF-8 text, with very long lines (65141)
Size 132 kB (132230 bytes)
Hash e296d874aca2a1550b409394be51efaa
c184c030e9aab3d03de27bc588919e249d5ccdf7
401c15b7916797f936e9d8443945ef22e0f93305655c057a92c8d9b80c327c9f
GET /7.3.0/video.min.js HTTP/1.1
Host: vjs.zencdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Fri, 26 Oct 2018 18:06:27 GMT
etag: "057f19acd50fc7e3ad917dd600889ee5"
cache-control: public, max-age=31536000
content-type: application/javascript; charset=utf-8
content-encoding: gzip
date: Mon, 30 Jan 2023 19:30:33 GMT
x-served-by: cache-bma1643-BMA
x-cache: HIT
x-cache-hits: 1
vary: Accept-Encoding
access-control-allow-origin: *
timing-allow-origin: *
content-length: 132230
X-Firefox-Spdy: h2
vjs.zencdn.net/7.3.0/video-js.min.css
200 OK 9.7 kB URL HTTP/2 vjs.zencdn.net/7.3.0/video-js.min.css
IP
File type ASCII text, with very long lines (35998), with no line terminators
Hash 3397ce943db8add2728dccd9a3b8b8bc
a57bbb7546a458fe57d72d06baab950125260cc9
5779043d07e39f23d64752c34c3113055eaaadf57fcd02f366cb028485e626ba
GET /7.3.0/video-js.min.css HTTP/1.1
Host: vjs.zencdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Fri, 26 Oct 2018 18:06:27 GMT
etag: "895e6b29db41953ef6197815c6be59d3"
cache-control: public, max-age=31536000
content-type: text/css; charset=utf-8
content-encoding: gzip
date: Mon, 30 Jan 2023 19:30:33 GMT
x-served-by: cache-bma1643-BMA
x-cache: HIT
x-cache-hits: 11421
vary: Accept-Encoding
access-control-allow-origin: *
timing-allow-origin: *
content-length: 9673
X-Firefox-Spdy: h2
bayfiles.com/img/flags/24/ru.png
200 OK 403 B URL HTTP/1.1 bayfiles.com/img/flags/24/ru.png
IP
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash d8df89b036e6afb48f72d2440831bad0
04abb4b29dae9c6f1ac0f1d8a507aabe26a3be35
2db4b55326c0ef7cd3caf53e835ae1f38629da1d1c2f5a127e0785165b16078c
GET /img/flags/24/ru.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/12xey6i2y0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 30 Jan 2023 19:30:33 GMT
Content-Type: image/png
Content-Length: 403
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 105
accept-ranges: bytes
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Last-Modified, Pragma, ETag, Retry-After, Content-Type, Content-Length, Expires, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 30 Jan 2023 18:41:41 GMT
age: 2932
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
bayfiles.com/img/flags/24/us.png
200 OK 656 B URL HTTP/1.1 bayfiles.com/img/flags/24/us.png
IP
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash ae506a6c014bfeb8d8cbfdfbe94c14c9
f4e74440c4e79e71959b9b8f799f2e8a7e15b7ee
bc6dd978e70894c8a0148e6806f4fde9566ee59349adb03c02a61a3b2e25b6f1
GET /img/flags/24/us.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/12xey6i2y0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 30 Jan 2023 19:30:33 GMT
Content-Type: image/png
Content-Length: 656
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 213
accept-ranges: bytes
bayfiles.com/img/flags/24/no.png
200 OK 611 B URL HTTP/1.1 bayfiles.com/img/flags/24/no.png
IP
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash f14ac70aa6dd4d371671c0e6d7cba4e3
1139e3acd6e073bffb59157cbc10af72ed757218
9a4473862ea2b9bd1c5e1543900416e693b33516cae53fde32e1c3a83d3382e4
GET /img/flags/24/no.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/12xey6i2y0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 30 Jan 2023 19:30:33 GMT
Content-Type: image/png
Content-Length: 611
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 130
accept-ranges: bytes
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 22b9916fc1fafc9bdc9bb37f9eac8a9a
86f640e134a741a0f906a8e3a0f5c6659dd0e394
a29ee843c8a39551a1507cc6ad949ad509e33aaae8b72c58ac4884bad8b0b38e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A29EE843C8A39551A1507CC6AD949AD509E33AAAE8B72C58AC4884BAD8B0B38E"
Last-Modified: Sun, 29 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13062
Expires: Mon, 30 Jan 2023 23:08:15 GMT
Date: Mon, 30 Jan 2023 19:30:33 GMT
Connection: keep-alive
bayfiles.com/img/flags/24/es.png
200 OK 666 B URL HTTP/1.1 bayfiles.com/img/flags/24/es.png
IP
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash 5fa381a8eb16d9e673d32980e7fd1710
fc29fbbebe97109ef1d16a0d4a65637d6b725ac8
7b6f223153c8eda1b541326f9cd66aeb53a28801c58c4de751fd2f9f6f1d96ff
GET /img/flags/24/es.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/12xey6i2y0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 30 Jan 2023 19:30:33 GMT
Content-Type: image/png
Content-Length: 666
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 116
accept-ranges: bytes
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 77dcd90602796edb9fe34583ed778cbc
2a0b269d6a38b9c85ea6313f33dcdf5eef7eb6f3
ba67093ed826210748737bb8117531bae939b070c90d8639e3801bbc34d49318
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BA67093ED826210748737BB8117531BAE939B070C90D8639E3801BBC34D49318"
Last-Modified: Sat, 28 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7444
Expires: Mon, 30 Jan 2023 21:34:37 GMT
Date: Mon, 30 Jan 2023 19:30:33 GMT
Connection: keep-alive
djv99sxoqpv11.cloudfront.net/?xsvjd=737333
200 OK 98 kB URL HTTP/2 djv99sxoqpv11.cloudfront.net/?xsvjd=737333
IP
File type Unicode text, UTF-8 text, with very long lines (15948)
Hash f25da22b89a5bce995816c704d1be6cc
8db8a77d4800bf0a6cae8adb4a4895c6bcbb8343
e584720145fdf429150477b3697dbe69d9a286af7fdd9971b24a90ab326f04dd
GET /?xsvjd=737333 HTTP/1.1
Host: djv99sxoqpv11.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 98178
date: Mon, 30 Jan 2023 19:30:33 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Miss from cloudfront
via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: MgMIC36GgKXzter0NV5r9QUi8A3SrJpz-c4ttSTwzx2sh8atVu2oIA==
X-Firefox-Spdy: h2
bayfiles.com/img/flags/24/kr.png
200 OK 988 B URL HTTP/1.1 bayfiles.com/img/flags/24/kr.png
IP
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash cb22f00511d088a71e84f8c1c864caed
6599812ed106bda6017487287e12bc836570649f
09a03e08c73db3d8fb50241f004b69d673ec8ea90a6ca7252d66ce821d0b6db1
GET /img/flags/24/kr.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/12xey6i2y0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 30 Jan 2023 19:30:33 GMT
Content-Type: image/png
Content-Length: 988
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 133
accept-ranges: bytes
bayfiles.com/img/flags/24/se.png
200 OK 581 B URL HTTP/1.1 bayfiles.com/img/flags/24/se.png
IP
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash c9b1e40987c4411b4a7d13c07a8843aa
cfce93be3ba77e4e30033d25e2e5c6a37da1b27d
8c04b3b52d605637bb4c6a26449c45e5320a3f33f14e8c737ce599433bc19f14
GET /img/flags/24/se.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/12xey6i2y0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 30 Jan 2023 19:30:33 GMT
Content-Type: image/png
Content-Length: 581
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 150
accept-ranges: bytes
ocsp.pki.goog/s/gts1p5/SrfVchP6P8U
200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/SrfVchP6P8U
IP
Hash 9a1267024117c75aadd44511879326a3
c02ec0a8d4bc694f1a23348d6371f7f5d5b5dd43
32d1b2c867a0b07ea7ba6db3c781489b90139aab44251472f63086d7419944df
POST /s/gts1p5/SrfVchP6P8U HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 19:30:33 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/s/gts1p5/SrfVchP6P8U
200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/SrfVchP6P8U
IP
Hash 9a1267024117c75aadd44511879326a3
c02ec0a8d4bc694f1a23348d6371f7f5d5b5dd43
32d1b2c867a0b07ea7ba6db3c781489b90139aab44251472f63086d7419944df
POST /s/gts1p5/SrfVchP6P8U HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 19:30:33 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: RdsMf0o02LPVsZouse+lQw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: /r/x68kYk46jDZtyDrMJAvsOFLo=
ocsp.pki.goog/s/gts1p5/SrfVchP6P8U
200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/SrfVchP6P8U
IP
Hash 9a1267024117c75aadd44511879326a3
c02ec0a8d4bc694f1a23348d6371f7f5d5b5dd43
32d1b2c867a0b07ea7ba6db3c781489b90139aab44251472f63086d7419944df
POST /s/gts1p5/SrfVchP6P8U HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 19:30:34 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
policityseriod.info/RjR2MjU9FgVFajNGGhAPZFwCRkU1DlkdVydNEFtZI0dYUVorGwVFGyxHVB4XNVkQEA93GFRGVCFrH1YXfBZBAQJ1BkAQGWRHA1BqL1BEEA9kVhQCViMNFVQYdgEQUxhyV0IHGH8MQAMYcAMQCwEnA0NRBCBXVE8
302 Found 0 B URL HTTP/1.1 policityseriod.info/RjR2MjU9FgVFajNGGhAPZFwCRkU1DlkdVydNEFtZI0dYUVorGwVFGyxHVB4XNVkQEA93GFRGVCFrH1YXfBZBAQJ1BkAQGWRHA1BqL1BEEA9kVhQCViMNFVQYdgEQUxhyV0IHGH8MQAMYcAMQCwEnA0NRBCBXVE8
IP
ASN #133618 Trellian Pty. Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
GET /RjR2MjU9FgVFajNGGhAPZFwCRkU1DlkdVydNEFtZI0dYUVorGwVFGyxHVB4XNVkQEA93GFRGVCFrH1YXfBZBAQJ1BkAQGWRHA1BqL1BEEA9kVhQCViMNFVQYdgEQUxhyV0IHGH8MQAMYcAMQCwEnA0NRBCBXVE8 HTTP/1.1
Host: policityseriod.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
date: Mon, 30 Jan 2023 19:30:33 GMT
server: Apache/2.4.38 (Debian)
set-cookie: __tad=1675107033.3065662; expires=Thu, 27-Jan-2033 19:30:33 GMT; Max-Age=315360000
location: http://ww25.policityseriod.info/RjR2MjU9FgVFajNGGhAPZFwCRkU1DlkdVydNEFtZI0dYUVorGwVFGyxHVB4XNVkQEA93GFRGVCFrH1YXfBZBAQJ1BkAQGWRHA1BqL1BEEA9kVhQCViMNFVQYdgEQUxhyV0IHGH8MQAMYcAMQCwEnA0NRBCBXVE8?subid1=20230131-0630-332e-baa3-d748d3cf0688
content-length: 0
content-type: text/html; charset=UTF-8
connection: close
osiextantly.com/NmpXT0JXCDQifVdXNWk3RAZqanBwT2UJJlwcbnYxTgUmPzQHW3ksLlkfMykwWQQjYSxTHnJ9BHw/LQ02VBAWOBpBJx0LO1IwFBkLfjMWKyduKxl+FV5eFhcreyQZfioEJw8gdGABBgkaZBknGDVFPRAdFGMIMA0Od1sSdhQHKB0ZFgc+Agl2YSc7HhJjDQV+EHRaFhhwAz4fN3NiITwGB3UGPHcEXg0YCxYDDBE4GFU6ZgkLbjINIgpaWxwOL3szECgYUyRmdyN+KAEnA3cnNQkVcysPCXpTMy8ZJ3o4AScDdAUQFy9jLwQJOk8OMAUmcB0NIQRgR2M7BGEvFgc6XTwOBwRVMiAZe3cvBQQDWyQPDANOCAcNFFAhBgUodzxmKQNhJxUcBAYrGRkpUCk7FnplLz8rJlsjFhgHcyszGhRnMjBpKEUFOT9/bF0RLQhhUyMZL0AsPBc
200 OK 1.2 kB URL HTTP/2 osiextantly.com/NmpXT0JXCDQifVdXNWk3RAZqanBwT2UJJlwcbnYxTgUmPzQHW3ksLlkfMykwWQQjYSxTHnJ9BHw/LQ02VBAWOBpBJx0LO1IwFBkLfjMWKyduKxl+FV5eFhcreyQZfioEJw8gdGABBgkaZBknGDVFPRAdFGMIMA0Od1sSdhQHKB0ZFgc+Agl2YSc7HhJjDQV+EHRaFhhwAz4fN3NiITwGB3UGPHcEXg0YCxYDDBE4GFU6ZgkLbjINIgpaWxwOL3szECgYUyRmdyN+KAEnA3cnNQkVcysPCXpTMy8ZJ3o4AScDdAUQFy9jLwQJOk8OMAUmcB0NIQRgR2M7BGEvFgc6XTwOBwRVMiAZe3cvBQQDWyQPDANOCAcNFFAhBgUodzxmKQNhJxUcBAYrGRkpUCk7FnplLz8rJlsjFhgHcyszGhRnMjBpKEUFOT9/bF0RLQhhUyMZL0AsPBc
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3046), with no line terminators
Hash 4516ee49819b2fbc1a1312685981a650
1de32f52ab8907fe08872f860e80cee73b3ec862
e78ae06c04d1fe6fed423412ae93d5482941074eb0448a9fbf88edb6a0ca3a6f
GET /NmpXT0JXCDQifVdXNWk3RAZqanBwT2UJJlwcbnYxTgUmPzQHW3ksLlkfMykwWQQjYSxTHnJ9BHw/LQ02VBAWOBpBJx0LO1IwFBkLfjMWKyduKxl+FV5eFhcreyQZfioEJw8gdGABBgkaZBknGDVFPRAdFGMIMA0Od1sSdhQHKB0ZFgc+Agl2YSc7HhJjDQV+EHRaFhhwAz4fN3NiITwGB3UGPHcEXg0YCxYDDBE4GFU6ZgkLbjINIgpaWxwOL3szECgYUyRmdyN+KAEnA3cnNQkVcysPCXpTMy8ZJ3o4AScDdAUQFy9jLwQJOk8OMAUmcB0NIQRgR2M7BGEvFgc6XTwOBwRVMiAZe3cvBQQDWyQPDANOCAcNFFAhBgUodzxmKQNhJxUcBAYrGRkpUCk7FnplLz8rJlsjFhgHcyszGhRnMjBpKEUFOT9/bF0RLQhhUyMZL0AsPBc HTTP/1.1
Host: osiextantly.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1195
date: Mon, 30 Jan 2023 19:30:34 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 bc362383b5c95fa821ce42f151e2a4aa.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: 4VtsOmWQrRJBq7-raD6elZIH1a5iha0gH0RIlr10W6BrOrAL3mGw8A==
X-Firefox-Spdy: h2
osiextantly.com/RFZ2anolNBUHRSVrFEwPNjpLT0gCc0QsHi4gT1MJPDkHGgx1Z1gJFisjEgwIKzgCRBQhIlNYPHYDRQYbJWYBHTwuBzgJAycHJgYgcw8zXwoTHhpbPz09MyMTChM7EEp1FB4rKwA4Rg0qABtCDC4WMDoCPys0HQZCBi9GUzIpMjghLnQ3LFsKNRseWk4SOB5bPgAiISMuMxI7HRkjGxoSFQgOGlMpHG8sDDI3GTsdLysGN14KEDhDADw9YzkMFwofFwEsfDIdBSMQOEMAPi4bMA8XIDUXORY0DyMBExwOHlgpLD45DBcJGjovT2FkMC8RLCcuBzAuAz5HQx4wMjsZCwc3AB4vJRU9Ijw/JT0KJTAxIBklEAUbNSMlU1g8AAU7GCIDMQIMLQobEiwONRwdOAhiPAUFFDRrHzwDET88D0s3Ex85SyM
200 OK 1.2 kB URL HTTP/2 osiextantly.com/RFZ2anolNBUHRSVrFEwPNjpLT0gCc0QsHi4gT1MJPDkHGgx1Z1gJFisjEgwIKzgCRBQhIlNYPHYDRQYbJWYBHTwuBzgJAycHJgYgcw8zXwoTHhpbPz09MyMTChM7EEp1FB4rKwA4Rg0qABtCDC4WMDoCPys0HQZCBi9GUzIpMjghLnQ3LFsKNRseWk4SOB5bPgAiISMuMxI7HRkjGxoSFQgOGlMpHG8sDDI3GTsdLysGN14KEDhDADw9YzkMFwofFwEsfDIdBSMQOEMAPi4bMA8XIDUXORY0DyMBExwOHlgpLD45DBcJGjovT2FkMC8RLCcuBzAuAz5HQx4wMjsZCwc3AB4vJRU9Ijw/JT0KJTAxIBklEAUbNSMlU1g8AAU7GCIDMQIMLQobEiwONRwdOAhiPAUFFDRrHzwDET88D0s3Ex85SyM
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3024), with no line terminators
Hash dc3d30a1312a4e223a49b539f773dc89
c4d3877d9c1215dad89baaf3620a0d0ef2ac073b
f256093ba35225e016fc55e1cc81984442669c8941c652ea8eb681a5a1468a1e
GET /RFZ2anolNBUHRSVrFEwPNjpLT0gCc0QsHi4gT1MJPDkHGgx1Z1gJFisjEgwIKzgCRBQhIlNYPHYDRQYbJWYBHTwuBzgJAycHJgYgcw8zXwoTHhpbPz09MyMTChM7EEp1FB4rKwA4Rg0qABtCDC4WMDoCPys0HQZCBi9GUzIpMjghLnQ3LFsKNRseWk4SOB5bPgAiISMuMxI7HRkjGxoSFQgOGlMpHG8sDDI3GTsdLysGN14KEDhDADw9YzkMFwofFwEsfDIdBSMQOEMAPi4bMA8XIDUXORY0DyMBExwOHlgpLD45DBcJGjovT2FkMC8RLCcuBzAuAz5HQx4wMjsZCwc3AB4vJRU9Ijw/JT0KJTAxIBklEAUbNSMlU1g8AAU7GCIDMQIMLQobEiwONRwdOAhiPAUFFDRrHzwDET88D0s3Ex85SyM HTTP/1.1
Host: osiextantly.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1176
date: Mon, 30 Jan 2023 19:30:34 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 bc362383b5c95fa821ce42f151e2a4aa.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: d5yrcFjO_Ij2uR-PngFQ89-gpyz4zMAXNBlA7sYHRvmJu2k2FGdDnA==
X-Firefox-Spdy: h2
osiextantly.com/SE9oU08pLQs+cClyCnU6OiNVdn0OaloVKyI5UWo8MCAZIzl5fkYwIyc6DDU9JyEcfSEtO01hCSQCMD8dBQs+AAkidj8QJB0eJgJ/Cw0taiYKOCULCjEFDgR/Dgo4PgkQHgI7Ixl/Ij4CJistB34eCjEBFRIaKjB9DB0mBgkyBiYRDSsWJgUGAQ0+ayMZCRgyHQwFKwF+AQ4hYiMZGCoJfBoZOR4JDHojCwl4GSURGgArWCtqegkpEQ4MHDA/BxAJUDcfIysvFQo8JzA4Ch0cWhYNCh1RGSsJAVsVCjwnOmI3LhtaBhkKISYwFj8NJhF/eX8pYCwdHFp+CQseEAEEDQ4tFQ0OKwAUHQkLOwcVHhkEPBgsDiIpDngjDxIOHQ47BA4eDR8WKQcKIgIZMBYYFR4sfDsUCg4IHxUpAg5YFmkiPAc9P3UgOTE8CXsbJBgD
200 OK 1.2 kB URL HTTP/2 osiextantly.com/SE9oU08pLQs+cClyCnU6OiNVdn0OaloVKyI5UWo8MCAZIzl5fkYwIyc6DDU9JyEcfSEtO01hCSQCMD8dBQs+AAkidj8QJB0eJgJ/Cw0taiYKOCULCjEFDgR/Dgo4PgkQHgI7Ixl/Ij4CJistB34eCjEBFRIaKjB9DB0mBgkyBiYRDSsWJgUGAQ0+ayMZCRgyHQwFKwF+AQ4hYiMZGCoJfBoZOR4JDHojCwl4GSURGgArWCtqegkpEQ4MHDA/BxAJUDcfIysvFQo8JzA4Ch0cWhYNCh1RGSsJAVsVCjwnOmI3LhtaBhkKISYwFj8NJhF/eX8pYCwdHFp+CQseEAEEDQ4tFQ0OKwAUHQkLOwcVHhkEPBgsDiIpDngjDxIOHQ47BA4eDR8WKQcKIgIZMBYYFR4sfDsUCg4IHxUpAg5YFmkiPAc9P3UgOTE8CXsbJBgD
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3036), with no line terminators
Hash 0a30ab4a87eff0d7391293aafb648a21
f814256483d196e8a4b0703777375bae364ef7f0
07487602b4deaa174ed504778363bec7dd797ac1931af0d7b17d2213abcc39a2
GET /SE9oU08pLQs+cClyCnU6OiNVdn0OaloVKyI5UWo8MCAZIzl5fkYwIyc6DDU9JyEcfSEtO01hCSQCMD8dBQs+AAkidj8QJB0eJgJ/Cw0taiYKOCULCjEFDgR/Dgo4PgkQHgI7Ixl/Ij4CJistB34eCjEBFRIaKjB9DB0mBgkyBiYRDSsWJgUGAQ0+ayMZCRgyHQwFKwF+AQ4hYiMZGCoJfBoZOR4JDHojCwl4GSURGgArWCtqegkpEQ4MHDA/BxAJUDcfIysvFQo8JzA4Ch0cWhYNCh1RGSsJAVsVCjwnOmI3LhtaBhkKISYwFj8NJhF/eX8pYCwdHFp+CQseEAEEDQ4tFQ0OKwAUHQkLOwcVHhkEPBgsDiIpDngjDxIOHQ47BA4eDR8WKQcKIgIZMBYYFR4sfDsUCg4IHxUpAg5YFmkiPAc9P3UgOTE8CXsbJBgD HTTP/1.1
Host: osiextantly.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1187
date: Mon, 30 Jan 2023 19:30:34 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 bc362383b5c95fa821ce42f151e2a4aa.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: iCLkp57X7L6g57U6bA6G4OoJwR5lwG2QNV97xz6_CGHUYdvaOrHVHg==
X-Firefox-Spdy: h2
bayfiles.com/static/logo.png
200 OK 39 kB URL HTTP/1.1 bayfiles.com/static/logo.png
IP
ASN #41634 Svea Hosting AB
File type PNG image data, 292 x 251, 8-bit/color RGBA, non-interlaced\012- data
Hash d39dfc9566d5264e198224dc249dd6bb
67ec60e7df6257a32f41e45e6877dc65f036ef0f
0b959f7dd25865a8a0636b6bb81d523c07fb03f76905313b9b8d677ae294b25a
GET /static/logo.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/12xey6i2y0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 30 Jan 2023 19:30:34 GMT
Content-Type: image/png
Content-Length: 38607
Connection: keep-alive
last-modified: Fri, 16 Sep 2022 19:34:48 GMT
etag: "6324cfd8-96cf"
reerfdfgourgo.xyz/NFhIQ0YbZyswe2AAEhUXBw58EQFmahlwMnUBEDcFUB0aLiVfaG43L1Blf3ZwB29+ZTZdPHVxfxIrPCIyQSt1cmBdNi4sexIudXJoBHZ+c2gFfj1+dxIsOCIhCWluMzJANHVycANteXNxBGx/cHcM
204 No Content 0 B URL HTTP/2 reerfdfgourgo.xyz/NFhIQ0YbZyswe2AAEhUXBw58EQFmahlwMnUBEDcFUB0aLiVfaG43L1Blf3ZwB29+ZTZdPHVxfxIrPCIyQSt1cmBdNi4sexIudXJoBHZ+c2gFfj1+dxIsOCIhCWluMzJANHVycANteXNxBGx/cHcM
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /NFhIQ0YbZyswe2AAEhUXBw58EQFmahlwMnUBEDcFUB0aLiVfaG43L1Blf3ZwB29+ZTZdPHVxfxIrPCIyQSt1cmBdNi4sexIudXJoBHZ+c2gFfj1+dxIsOCIhCWluMzJANHVycANteXNxBGx/cHcM HTTP/1.1
Host: reerfdfgourgo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Mon, 30 Jan 2023 19:30:34 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ifru5mphf14fnPlQD21rBthe5ubuSK3U8DbvA0ifTqdtRnuld8ZqXxRumn%2BcxbOPwfArcGDUHd0O5EcNFf0lVtrSRO2xYmtLptpXJoN1eXtUHdpZtrAhHTwYWIoBPRJFxtltdg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 791c9f729b57b4fd-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
reerfdfgourgo.xyz/QWNteW9uXA4KUhgNOzo1czU1KycDOzhILQ8HKz8MFgg7AzkHNksNBiVeWkpYclBeXx8oB1BISTIXDA0aMl5cXwYvBQJESTdeXFdcdU1eSEFzRRhEXmcXHRgIfFJLCRs1D1BIWXZWXElYcVdaSl90
204 No Content 0 B URL HTTP/2 reerfdfgourgo.xyz/QWNteW9uXA4KUhgNOzo1czU1KycDOzhILQ8HKz8MFgg7AzkHNksNBiVeWkpYclBeXx8oB1BISTIXDA0aMl5cXwYvBQJESTdeXFdcdU1eSEFzRRhEXmcXHRgIfFJLCRs1D1BIWXZWXElYcVdaSl90
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /QWNteW9uXA4KUhgNOzo1czU1KycDOzhILQ8HKz8MFgg7AzkHNksNBiVeWkpYclBeXx8oB1BISTIXDA0aMl5cXwYvBQJESTdeXFdcdU1eSEFzRRhEXmcXHRgIfFJLCRs1D1BIWXZWXElYcVdaSl90 HTTP/1.1
Host: reerfdfgourgo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Mon, 30 Jan 2023 19:30:34 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GnDRfB5hpG%2FXOmJp07el%2F7yJ6wTiyMsH26bubgqgySF%2Bvz53s9S1s1MYbw1J%2FaWO4umeHBjSsyyh%2FJ4kohFaw6h31qgUvFOsB1tXgHrIaUWuX051L73JI4xdDJAM7W9mBN8ZPQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 791c9f729b53b4fd-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
reerfdfgourgo.xyz/R1FsYlFobg8RbAk8KiwAd2UoN2IzZwozFxM3NAZlBgciVTIfNkoWOCNsW1FmdGJZRCEuNVFTaWEiGAMlMiJRU3cuPwoNbGEnUVN/d39eTGNhJFFTdzMhDQVsdnccFiUrbF1UZnJgXFVhc2ZfUGY
204 No Content 0 B URL HTTP/2 reerfdfgourgo.xyz/R1FsYlFobg8RbAk8KiwAd2UoN2IzZwozFxM3NAZlBgciVTIfNkoWOCNsW1FmdGJZRCEuNVFTaWEiGAMlMiJRU3cuPwoNbGEnUVN/d39eTGNhJFFTdzMhDQVsdnccFiUrbF1UZnJgXFVhc2ZfUGY
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /R1FsYlFobg8RbAk8KiwAd2UoN2IzZwozFxM3NAZlBgciVTIfNkoWOCNsW1FmdGJZRCEuNVFTaWEiGAMlMiJRU3cuPwoNbGEnUVN/d39eTGNhJFFTdzMhDQVsdnccFiUrbF1UZnJgXFVhc2ZfUGY HTTP/1.1
Host: reerfdfgourgo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Mon, 30 Jan 2023 19:30:34 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pgL4CjbVCI03VKcgzJvVlvx162Cwo55LMECaoT2snGEOdUm%2B4hPs2us5eoqFzSOD6sOULKM0SSt6A4r9TVpSlmTbwvj9HjsvWJxRB8gT1aaMS2NSseKmq6i3T6iG1igpFGI6dg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 791c9f72fbd2b4fd-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/SrfVchP6P8U
200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/SrfVchP6P8U
IP
Hash 9a1267024117c75aadd44511879326a3
c02ec0a8d4bc694f1a23348d6371f7f5d5b5dd43
32d1b2c867a0b07ea7ba6db3c781489b90139aab44251472f63086d7419944df
POST /s/gts1p5/SrfVchP6P8U HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 19:30:34 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
bayfiles.com/img/flags/24/br.png
200 OK 1.1 kB URL HTTP/1.1 bayfiles.com/img/flags/24/br.png
IP
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash 6a5938d2e7f7d6f4026d6eb1b4b4f2cd
7a038177fe4deec455d61d3e9c90019fa4727d40
0ab6c46e677fa7e49b6344fcde39c06ff6c014d9163571cdb36f8b5fc59c17eb
GET /img/flags/24/br.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/12xey6i2y0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 30 Jan 2023 19:30:34 GMT
Content-Type: image/png
Content-Length: 1115
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 174
accept-ranges: bytes
bayfiles.com/img/flags/24/de.png
200 OK 483 B URL HTTP/1.1 bayfiles.com/img/flags/24/de.png
IP
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash 9f8cc07c258bcd2de0c7900861e20ffc
fed97219e44693d4f3918fc4037b325732225d81
07cd5a4cad20604f77dced9c7d8a92ca9ae3321718e5a1935296e4d75f921a19
GET /img/flags/24/de.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/12xey6i2y0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 30 Jan 2023 19:30:34 GMT
Content-Type: image/png
Content-Length: 483
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 142
accept-ranges: bytes
djv99sxoqpv11.cloudfront.net/JUzBtbzAwXwMJDydZCVIHYAdeXAN1Wh4AXiMNN1h2MXo6VkQFXRspWwsWGRVUbgBLA1E9V1BJVT1TUF4WMlQPUgR1RB0AW25THx1TKkIEClk8FhgODT5fFwZcP1FIXXZmHl1KAmMYGgZeN18aHBVhAAMbFWEAXF8eYxVeLRVhABoGXmUESFxydgJdFwZnFV-4tFWEAHxkVYHFcXwV9AERKAmNXCAxbPBVfKQJjAV1fAWMBSF0ANVkfClY8SEhddmIAWEEAdUVQXg
200 OK 546 B URL HTTP/2 djv99sxoqpv11.cloudfront.net/JUzBtbzAwXwMJDydZCVIHYAdeXAN1Wh4AXiMNN1h2MXo6VkQFXRspWwsWGRVUbgBLA1E9V1BJVT1TUF4WMlQPUgR1RB0AW25THx1TKkIEClk8FhgODT5fFwZcP1FIXXZmHl1KAmMYGgZeN18aHBVhAAMbFWEAXF8eYxVeLRVhABoGXmUESFxydgJdFwZnFV-4tFWEAHxkVYHFcXwV9AERKAmNXCAxbPBVfKQJjAV1fAWMBSF0ANVkfClY8SEhddmIAWEEAdUVQXg
IP
File type ASCII text, with very long lines (762), with no line terminators
Hash d7a3b427ded4e6f06dd6e5208e89df9d
dd923da7607dbbacea599830cd1fea55b70468f4
275060af25d79e2c467c285718248a0dc62cd22074977a5b500ecee95716fe96
Analyzer Verdict Alert fortinet Malware
GET /JUzBtbzAwXwMJDydZCVIHYAdeXAN1Wh4AXiMNN1h2MXo6VkQFXRspWwsWGRVUbgBLA1E9V1BJVT1TUF4WMlQPUgR1RB0AW25THx1TKkIEClk8FhgODT5fFwZcP1FIXXZmHl1KAmMYGgZeN18aHBVhAAMbFWEAXF8eYxVeLRVhABoGXmUESFxydgJdFwZnFV-4tFWEAHxkVYHFcXwV9AERKAmNXCAxbPBVfKQJjAV1fAWMBSF0ANVkfClY8SEhddmIAWEEAdUVQXg HTTP/1.1
Host: djv99sxoqpv11.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://osiextantly.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 546
date: Mon, 30 Jan 2023 19:30:34 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: sdiU4GF4L8KaYi0W4GfXWKe1CeX3t61WthPpasosSTtEPp_AK8AkEQ==
X-Firefox-Spdy: h2
djv99sxoqpv11.cloudfront.net/2U3laa0wwFjQNcycQPlZ7YE5pWHl1EykEIiNEMz01BhAQDn0gPDM4fTRfLhEobkl8By09HmdNKT0aZ1pqMh04Vnh1DDtWITwDMwcgMlxoLXl9SX9ZfHsOMwUoPA4pTn5jFy5OfmNIakV8dkoYTn5jDjMFemdcaSlpYUkiXXh2ShhOfmMLLE5/EkhqXmJjUH-9ZfDQcOQAjdkscWXxiSWpafGJcaFsqOgs/DSMrXGgtfWNMdFtqJkRr
200 OK 185 B URL HTTP/2 djv99sxoqpv11.cloudfront.net/2U3laa0wwFjQNcycQPlZ7YE5pWHl1EykEIiNEMz01BhAQDn0gPDM4fTRfLhEobkl8By09HmdNKT0aZ1pqMh04Vnh1DDtWITwDMwcgMlxoLXl9SX9ZfHsOMwUoPA4pTn5jFy5OfmNIakV8dkoYTn5jDjMFemdcaSlpYUkiXXh2ShhOfmMLLE5/EkhqXmJjUH-9ZfDQcOQAjdkscWXxiSWpafGJcaFsqOgs/DSMrXGgtfWNMdFtqJkRr
IP
File type ASCII text, with no line terminators
Hash 83098f4230f31a72686269a8f52e8a37
66b47c4d3abca7bd146b10a23dec88543c9cb1a8
d435db68f0938a875258dd73446f80c0f1dc3935f6dfb91456b0589b17a73c40
Analyzer Verdict Alert fortinet Malware
GET /2U3laa0wwFjQNcycQPlZ7YE5pWHl1EykEIiNEMz01BhAQDn0gPDM4fTRfLhEobkl8By09HmdNKT0aZ1pqMh04Vnh1DDtWITwDMwcgMlxoLXl9SX9ZfHsOMwUoPA4pTn5jFy5OfmNIakV8dkoYTn5jDjMFemdcaSlpYUkiXXh2ShhOfmMLLE5/EkhqXmJjUH-9ZfDQcOQAjdkscWXxiSWpafGJcaFsqOgs/DSMrXGgtfWNMdFtqJkRr HTTP/1.1
Host: djv99sxoqpv11.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://osiextantly.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 185
date: Mon, 30 Jan 2023 19:30:34 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Gs93rh7CB6GcdhRiKJtYiBbeejSZpIw1w4iRFyzdzli1p8yoJ3m4Ng==
X-Firefox-Spdy: h2
djv99sxoqpv11.cloudfront.net/lMXlRMDVSFj9WCkUQNQ0CBE9iBwMXEyJfW0FEPmFXQjhlQ0JmMndET1VEYRZZUBc2DRNUFzINBBcYNVIIBV8lQFpaRDJCR1IAI1lQWBZ3RVQMFD5KXF0VMBUHd0x/ABADSXlHXF8dPkdGFEthXkEUS2EBBR9JdAN3FEthR1xfT2UVBnNcYwBNB010A3cUS2-FCQxRKEAEFBFdhGRADSTZVVloWdAJzA0lgAAUASWAVBwEfOEJQVxYpFQd3SGEFGwFfJA0E
200 OK 456 B URL HTTP/2 djv99sxoqpv11.cloudfront.net/lMXlRMDVSFj9WCkUQNQ0CBE9iBwMXEyJfW0FEPmFXQjhlQ0JmMndET1VEYRZZUBc2DRNUFzINBBcYNVIIBV8lQFpaRDJCR1IAI1lQWBZ3RVQMFD5KXF0VMBUHd0x/ABADSXlHXF8dPkdGFEthXkEUS2EBBR9JdAN3FEthR1xfT2UVBnNcYwBNB010A3cUS2-FCQxRKEAEFBFdhGRADSTZVVloWdAJzA0lgAAUASWAVBwEfOEJQVxYpFQd3SGEFGwFfJA0E
IP
File type ASCII text, with very long lines (590), with no line terminators
Hash 92be915a678763d76021b5567914ea78
1ad6034a51034a20180130784c79e9517fa34c09
23880551adcd3d9ae321ea19330e96ef8ce68fb03d892e699f3192a7eb7903c8
Analyzer Verdict Alert fortinet Malware
GET /lMXlRMDVSFj9WCkUQNQ0CBE9iBwMXEyJfW0FEPmFXQjhlQ0JmMndET1VEYRZZUBc2DRNUFzINBBcYNVIIBV8lQFpaRDJCR1IAI1lQWBZ3RVQMFD5KXF0VMBUHd0x/ABADSXlHXF8dPkdGFEthXkEUS2EBBR9JdAN3FEthR1xfT2UVBnNcYwBNB010A3cUS2-FCQxRKEAEFBFdhGRADSTZVVloWdAJzA0lgAAUASWAVBwEfOEJQVxYpFQd3SGEFGwFfJA0E HTTP/1.1
Host: djv99sxoqpv11.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://osiextantly.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 456
date: Mon, 30 Jan 2023 19:30:34 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Tq5zxfBTG_rN7a0pElxmpnbYb4yG3-ySaS_vGwV9afc2EihBSNVFsw==
X-Firefox-Spdy: h2
bayfiles.com/img/flags/24/fi.png
200 OK 456 B URL HTTP/1.1 bayfiles.com/img/flags/24/fi.png
IP
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash 0ea9115d18d5210d4f1db520881faa3a
09829c2b7b5e4bae28d62b1dff90220f28c3bdf5
544fee9d1bff8bc83865ab87538924de207ebe4848787496c7308b91b539b6da
GET /img/flags/24/fi.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/12xey6i2y0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 30 Jan 2023 19:30:34 GMT
Content-Type: image/png
Content-Length: 456
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 100
accept-ranges: bytes
bayfiles.com/img/flags/24/pl.png
200 OK 347 B URL HTTP/1.1 bayfiles.com/img/flags/24/pl.png
IP
ASN #41634 Svea Hosting AB
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash baf3aff7caef0be58f29b41f20a0e4db
11c840dfa1f1bd22a04aa1fa53fcac95f381b9a6
0a3a8803b7a137166a04369522ec2b31513dcd4c07e2120107c55d9a7f7b646f
GET /img/flags/24/pl.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/12xey6i2y0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 30 Jan 2023 19:30:34 GMT
Content-Type: image/png
Content-Length: 347
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 155
accept-ranges: bytes
policityseriod.info/
302 Found 0 B IP
ASN #133618 Trellian Pty. Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
POST / HTTP/1.1
Host: policityseriod.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 390
Origin: https://bayfiles.com
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
date: Mon, 30 Jan 2023 19:30:34 GMT
server: Apache/2.4.38 (Debian)
set-cookie: __tad=1675107034.5350983; expires=Thu, 27-Jan-2033 19:30:34 GMT; Max-Age=315360000
location: http://ww25.policityseriod.info/?subid1=20230131-0630-344a-9149-a4704c48578e
content-length: 0
content-type: text/html; charset=UTF-8
connection: close
bayfiles.com/sw.js?cExTTHgrbmR%2ET0N%2BZW5UUm5%2EbhoSfDApQRMqfnxNFi1%2BeBtEeX51QEZ9fnpPFnVnLU9FL2IqG1JgcXVOR35iek4TYWF1TxNhZ3UeFWExdE8SYWt6SER%2Ban1ARXw1elpcbiA7WlxuIyMUGS86OAEDKSElFxRiOiIeH25%2Ebk1efnER
200 OK 14 kB URL HTTP/1.1 bayfiles.com/sw.js?cExTTHgrbmR%2ET0N%2BZW5UUm5%2EbhoSfDApQRMqfnxNFi1%2BeBtEeX51QEZ9fnpPFnVnLU9FL2IqG1JgcXVOR35iek4TYWF1TxNhZ3UeFWExdE8SYWt6SER%2Ban1ARXw1elpcbiA7WlxuIyMUGS86OAEDKSElFxRiOiIeH25%2Ebk1efnER
IP
ASN #41634 Svea Hosting AB
File type ASCII text, with very long lines (39060), with no line terminators
Hash fefdeff3180d9772f08a2cadce9a55b0
5610f0290b7f4c81c57a65703825fc2830aeac96
0009589421c540c0b0ee37fde74f5373962096bc8e9869a953b4cb59547a8f61
GET /sw.js?cExTTHgrbmR%2ET0N%2BZW5UUm5%2EbhoSfDApQRMqfnxNFi1%2BeBtEeX51QEZ9fnpPFnVnLU9FL2IqG1JgcXVOR35iek4TYWF1TxNhZ3UeFWExdE8SYWt6SER%2Ban1ARXw1elpcbiA7WlxuIyMUGS86OAEDKSElFxRiOiIeH25%2Ebk1efnER HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 30 Jan 2023 19:30:34 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
x-vdch: Yes
cache-control: public, max-age=14400
x-oe: Y
x-oh: 525
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 4b973033f8a4e7f1d38e80b8f83d3a60
e0beacd8458505d57e374160d17316c7b6b3d139
637a7ffaba5de6ded612572262431895594d018fb88da5a274998c27ada9418f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 19:30:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
200 OK 471 B IP
Hash 4fa4e3a6c0ea0d843f6f77af6a290fca
965944af181e8d47677e5b428e8a3233c942cf99
801765bb2eb7f84e39a58691c4798b32ccd9e6ed22e924754d26277f4f2e0b11
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6493
Cache-Control: max-age=131446
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 19:30:34 GMT
Etag: "63d75ff3-1d7"
Expires: Wed, 01 Feb 2023 08:01:20 GMT
Last-Modified: Mon, 30 Jan 2023 06:13:07 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 4832b523537a23be2360a60f80b19115
67c7281621269de7f8c1b6c4aecef7eb19f04bfe
8282b65e611998c30f7a9fbace9effbd192d3792dcdd1ade71f1f23032d7a434
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 19:30:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
200 OK 344 B IP
ASN #20940 Akamai International B.V.
Hash 0c204b4de35dfbe565729b7b164c9f7a
e9d625588b52395686f6f36a1b600786450256b2
71451582dea531c1c761b00933d7da6503dd4144a6fbbb93fd696653f127060e
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "71451582DEA531C1C761B00933D7DA6503DD4144A6FBBB93FD696653F127060E"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12553
Expires: Mon, 30 Jan 2023 22:59:47 GMT
Date: Mon, 30 Jan 2023 19:30:34 GMT
Connection: keep-alive
e1.o.lencr.org/
200 OK 344 B IP
ASN #20940 Akamai International B.V.
Hash 0c204b4de35dfbe565729b7b164c9f7a
e9d625588b52395686f6f36a1b600786450256b2
71451582dea531c1c761b00933d7da6503dd4144a6fbbb93fd696653f127060e
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "71451582DEA531C1C761B00933D7DA6503DD4144A6FBBB93FD696653F127060E"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12553
Expires: Mon, 30 Jan 2023 22:59:47 GMT
Date: Mon, 30 Jan 2023 19:30:34 GMT
Connection: keep-alive
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
302 Found 393 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (379)
Hash 8b8ae969b2806a2ec262e62c45328d87
0fb441985d12616f2dd36bf16870410c1bd48938
8125fdb034e1286ba4c326f2d4ddedc0bba2f4b7492b7b29f07b9a90b467a492
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 30 Jan 2023 19:30:34 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S520851555%3A1675107034774832&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHfxLdY29Q44BeHAJ_ws_tIe8-0sPJBqlbWiFRgvAbbWhL1KzrBTCmwLUQhQlDrffRtM4bpHmQ
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-BpazrraEXdcQdOqA54Xn8g' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 393
server: GSE
set-cookie: __Host-GAPS=1:TqCrW6pmcSHfTG_4_CxfWWgNkQLOkQ:IiKh9D8pD10aZylA;Path=/;Expires=Wed, 29-Jan-2025 19:30:34 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
osiextantly.com/utx?cb=lub6YgufvNgp&top=bayfiles.com&tid=737333
204 No Content 0 B URL HTTP/2 osiextantly.com/utx?cb=lub6YgufvNgp&top=bayfiles.com&tid=737333
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=lub6YgufvNgp&top=bayfiles.com&tid=737333 HTTP/1.1
Host: osiextantly.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bayfiles.com
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Mon, 30 Jan 2023 19:30:34 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://bayfiles.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Mon, 30 Jan 2023 19:31:34 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 bc362383b5c95fa821ce42f151e2a4aa.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: 19nCcCvQ5GPwBZtbEjDPpteUVbHSq3PF_ErwMF91zow-H_xFSZMpVg==
X-Firefox-Spdy: h2
osiextantly.com/utx?cb=nJxHg0R5TB2M&top=bayfiles.com&tid=756376
204 No Content 0 B URL HTTP/2 osiextantly.com/utx?cb=nJxHg0R5TB2M&top=bayfiles.com&tid=756376
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=nJxHg0R5TB2M&top=bayfiles.com&tid=756376 HTTP/1.1
Host: osiextantly.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bayfiles.com
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Mon, 30 Jan 2023 19:30:34 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://bayfiles.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Mon, 30 Jan 2023 19:31:34 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 bc362383b5c95fa821ce42f151e2a4aa.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: Fedyp8R1vYiAu71xaC-ouq9NW3tJNU00rDVh32TqPDnuwhJpRuH_WQ==
X-Firefox-Spdy: h2
osiextantly.com/multi?cs=eDlSZ3dNC2NSQU4PZl9AQQthVk8&abt=0&red=1&sm=76&k=&v=1.0.60.1&sts=0&prn=0&emb=0&tid=756376&rxy=1280_1024&fs=1&ref=https%3A%2F%2Fbayfiles.com%2F12xey6i2y0&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&_wLdn=1675107047885&crc=1
200 OK 1.5 kB URL HTTP/2 osiextantly.com/multi?cs=eDlSZ3dNC2NSQU4PZl9AQQthVk8&abt=0&red=1&sm=76&k=&v=1.0.60.1&sts=0&prn=0&emb=0&tid=756376&rxy=1280_1024&fs=1&ref=https%3A%2F%2Fbayfiles.com%2F12xey6i2y0&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&_wLdn=1675107047885&crc=1
IP
File type ASCII text, with very long lines (3235), with no line terminators
Hash 3634200e901d461823f714ac282e66ab
0d37a3fa0977f309d3e4fe87e4fc5ff621153ccd
9cc1b81e6dce8c70a2824b70e89db8e7cda9d6eaec25fa06c8f64e550e8f1bd1
GET /multi?cs=eDlSZ3dNC2NSQU4PZl9AQQthVk8&abt=0&red=1&sm=76&k=&v=1.0.60.1&sts=0&prn=0&emb=0&tid=756376&rxy=1280_1024&fs=1&ref=https%3A%2F%2Fbayfiles.com%2F12xey6i2y0&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&_wLdn=1675107047885&crc=1 HTTP/1.1
Host: osiextantly.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bayfiles.com
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/plain
content-length: 1545
date: Mon, 30 Jan 2023 19:30:34 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://bayfiles.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=d4c426f4-a440-46ab-83f2-16c51b1be991
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 bc362383b5c95fa821ce42f151e2a4aa.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: VSU2eqcz2aWU0aw-Em_Z6CgP5dYFSb5RMxjTMZjTWc4eoeX3YZ-KSA==
X-Firefox-Spdy: h2
bayfiles.com/img/favicon/favicon-32x32-bayfiles.png?1663356888
200 OK 1.4 kB URL HTTP/1.1 bayfiles.com/img/favicon/favicon-32x32-bayfiles.png?1663356888
IP
ASN #41634 Svea Hosting AB
File type PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash 9549584e9288a5dd9d163daa26a6f34d
0c7a71967bd4570770aa9b1043a1d82cd8969252
d18e625001a778074faea9e00ae801988818827c121732ba020390e84897578e
GET /img/favicon/favicon-32x32-bayfiles.png?1663356888 HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/12xey6i2y0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 30 Jan 2023 19:30:34 GMT
Content-Type: image/png
Content-Length: 1368
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 835
accept-ranges: bytes
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
302 Found 396 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (385)
Hash 03ea956a1bc17bb8f99bc59c43bc18d3
f263e37f846323da9c8426cca75cb3ffefa1b614
b5abb55e6b975b8b60a102fdfbea562bb893c4a39d3c8772661f7e09e03b659d
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 30 Jan 2023 19:30:34 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-1023397279%3A1675107034828499&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHeUVBSrcj0AOd35IYnIhuGQ8GPrYIoBxreGoOsBFKnyW1Pad1tG4Anc-YjoItTb8cbcgpd4bg
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-security-policy: script-src 'nonce-a6okzP-mKnIg7uPoZtsPRA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 396
server: GSE
set-cookie: __Host-GAPS=1:dWZvgIQG65MrEqK48hz8k0eZgnXr0A:S_pa3h1kUa2M0Db0;Path=/;Expires=Wed, 29-Jan-2025 19:30:34 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 1141ae65ad448fb3438690d5042af728
aa8b236bb1099c9440bfe3e98530939623250c03
e55eeaf5cd454042706c3e2d7d2b0211e91087b430cb5bae6b9e030392f57b4b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 19:30:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
200 OK 344 B IP
ASN #20940 Akamai International B.V.
Hash 0c204b4de35dfbe565729b7b164c9f7a
e9d625588b52395686f6f36a1b600786450256b2
71451582dea531c1c761b00933d7da6503dd4144a6fbbb93fd696653f127060e
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "71451582DEA531C1C761B00933D7DA6503DD4144A6FBBB93FD696653F127060E"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12553
Expires: Mon, 30 Jan 2023 22:59:47 GMT
Date: Mon, 30 Jan 2023 19:30:34 GMT
Connection: keep-alive
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
200 OK 2.0 kB URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP
Hash fb3d94b583f5ef495caa17b218cf2752
3495d39087719b3ffb22607261a619ab75288a67
9b3a7df907ff629ea6fbc8d4c63b6b65665f1543dc9b25a41ca7b492cfee3158
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: rz3RUJAgA1bK9Ar1PTs2/KIUZT1EvG0erLexZZIf4ESWqQXxPS7X5ESSdfsgTLW03yclYNFRZiECOXhwRXps0g==
date: Mon, 30 Jan 2023 19:30:34 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash dfb84426fed94988d5c90372baff059c
f1c4740830034ff8a5759d59ae3f657ea524d083
d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3202
Expires: Mon, 30 Jan 2023 20:23:57 GMT
Date: Mon, 30 Jan 2023 19:30:35 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash dfb84426fed94988d5c90372baff059c
f1c4740830034ff8a5759d59ae3f657ea524d083
d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3202
Expires: Mon, 30 Jan 2023 20:23:57 GMT
Date: Mon, 30 Jan 2023 19:30:35 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash dfb84426fed94988d5c90372baff059c
f1c4740830034ff8a5759d59ae3f657ea524d083
d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3202
Expires: Mon, 30 Jan 2023 20:23:57 GMT
Date: Mon, 30 Jan 2023 19:30:35 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash dfb84426fed94988d5c90372baff059c
f1c4740830034ff8a5759d59ae3f657ea524d083
d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3202
Expires: Mon, 30 Jan 2023 20:23:57 GMT
Date: Mon, 30 Jan 2023 19:30:35 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash dfb84426fed94988d5c90372baff059c
f1c4740830034ff8a5759d59ae3f657ea524d083
d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3202
Expires: Mon, 30 Jan 2023 20:23:57 GMT
Date: Mon, 30 Jan 2023 19:30:35 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3bb7921c-8aaf-40cd-bf87-43903c3f1a74.jpeg
200 OK 7.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3bb7921c-8aaf-40cd-bf87-43903c3f1a74.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3e04b9eaf7449828136ad59e4c9d69f1
b820be4ed885dcf288eb6460c57e1fa7b1c7c476
df75cf7183d401a19655aab025d08ad2c498573c88b32e9b258d951d2993b936
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3bb7921c-8aaf-40cd-bf87-43903c3f1a74.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7679
x-amzn-requestid: 0c7983d5-6040-44e9-b394-21c3784702a2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fhkEtEfHoAMFaNA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d6e6ea-54c55dbd09ca642048af8916;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 21:36:42 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: VHh2SQ21xoDoBnGvM2kRiposhXuCE-DdWW1bM35kEykjbHYmhsldVA==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 21:51:22 GMT
age: 77953
etag: "b820be4ed885dcf288eb6460c57e1fa7b1c7c476"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52796f60-dafe-46ba-9c7a-a08ce5e16c34.jpeg
200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52796f60-dafe-46ba-9c7a-a08ce5e16c34.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash fe31ee140c2fd62e616c8a1edc9e78bb
7aa5fbdc8156514770ae620e81f1afef1c77890f
799af4bf9fa07ed27ebdc9d1a3344ee8a2b6529f076c263495b93290c47a1cc4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52796f60-dafe-46ba-9c7a-a08ce5e16c34.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8464
x-amzn-requestid: bf2cf356-ebb1-469b-ba35-a79bb009cad6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fhj3qGeboAMFzNw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d6e697-7c96841f52b6a96d1b0eaf34;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 21:35:19 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: y6bDvcD7a3-A4DLC3cSdZT-yewV1kkFqcGr7AMuqvUeGA4A0pgF4wQ==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 21:59:27 GMT
age: 77468
etag: "7aa5fbdc8156514770ae620e81f1afef1c77890f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb781854-72d1-4a71-a095-0416f886f570.jpeg
200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb781854-72d1-4a71-a095-0416f886f570.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 131eb343c5abd61939457d69bd371348
ffb2035cf64fc83f01db5c6f26ffa264b6aac95b
8486eb9dc6325018f8721bc6f37408f260b6e652b145280f2d778d860d3ec2d5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb781854-72d1-4a71-a095-0416f886f570.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7538
x-amzn-requestid: 8bec493a-9c81-4cfd-b6e9-66f4f3d55cb7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fOOJQEZSoAMFb1w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cf2a3b-5f0c9f3e4cac1ba26c802050;Sampled=0
x-amzn-remapped-date: Tue, 24 Jan 2023 00:45:47 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: PHd9IMeVMHy0TgXRqXyBCg6CZkOtT1WAOyq8zu8ERfIzoaB-7pLc2A==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Mon, 30 Jan 2023 15:48:30 GMT
age: 13325
etag: "ffb2035cf64fc83f01db5c6f26ffa264b6aac95b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df754eb-70f9-4576-ac48-68a6ae719511.jpeg
200 OK 9.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df754eb-70f9-4576-ac48-68a6ae719511.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 51aa950d5eed7b90cab6632107092edc
e4388ced02e5576867e77547496dec1ac2338ef7
588830e5f725e8e56270565e40f817f2658b0ee7c0425d138e5f65a17ff40483
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df754eb-70f9-4576-ac48-68a6ae719511.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9457
x-amzn-requestid: 7c48e5ca-2128-43da-ba83-fd91568af1ef
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fhkBOGHVoAMFQtw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d6e6d4-1b850ffd543f51f92dec3894;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 21:36:20 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 3EXFa0gb46AbdZ9ZznGiPTemGZ7zWh9WLs5Yr1zmfyh_jyKA6o7xoA==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 22:19:57 GMT
age: 76238
etag: "e4388ced02e5576867e77547496dec1ac2338ef7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg
200 OK 4.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4205d8106659e00fff1cbe9262918b8c
ab4f6528594a1725934727dc7d834c028a79c609
31f1a28602a194bd0856495d4d81d5c72cd7ff4e5bad6bdd1a31ec3041f4a2cc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4475
x-amzn-requestid: b7b272d6-3089-4f33-89b5-5cb388640e10
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_e6HsaIAMF5Lg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d445f8-1789f7f4264270916da323db;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:45:28 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: hAzO-IMqc1CFpiBAlRl8seIYL9UonyrBMATibovyFq5kEuaweY_VyA==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Mon, 30 Jan 2023 05:47:49 GMT
age: 49366
etag: "ab4f6528594a1725934727dc7d834c028a79c609"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F72e6599c-6a41-4dd2-a346-b15fa84cb20a.jpeg
200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F72e6599c-6a41-4dd2-a346-b15fa84cb20a.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 65c02d8a1b0d6a210cb2a649c5c67469
027dbc7a104c922904f067ed15d696c363c11774
89d5443a1d313c632d09a583ef602aa4645a16986076387329f434262d15b0a1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F72e6599c-6a41-4dd2-a346-b15fa84cb20a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10997
x-amzn-requestid: a6fac0ab-1acf-4808-8785-3b4ec5e32edf
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fhj30FX7IAMFa5w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d6e698-005109ec2e76529e793678d6;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 21:35:20 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: skGKI_MWvDwpAbGibUcr8wTlimgoPU9ZYhEHltd3uhdJZ_GoNznVAA==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 22:08:57 GMT
etag: "027dbc7a104c922904f067ed15d696c363c11774"
content-type: image/jpeg
age: 76898
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
policityseriod.info/cExTTHgrbmR%2ET0N%2BZW5UUm5%2EbhoSfDApQRMqfnxNFi1%2BeBtEeX51QEZ9fnpPFnVnLU9FL2IqG1JgcXVOR35iek4TYWF1TxNhZ3UeFWExdE8SYWt6SER%2Ban1ARXw1elpcbiA7WlxuIyMUGS86OAEDKSElFxRiOiIeH25%2Ebk1efnER
302 Found 0 B URL HTTP/1.1 policityseriod.info/cExTTHgrbmR%2ET0N%2BZW5UUm5%2EbhoSfDApQRMqfnxNFi1%2BeBtEeX51QEZ9fnpPFnVnLU9FL2IqG1JgcXVOR35iek4TYWF1TxNhZ3UeFWExdE8SYWt6SER%2Ban1ARXw1elpcbiA7WlxuIyMUGS86OAEDKSElFxRiOiIeH25%2Ebk1efnER
IP
ASN #133618 Trellian Pty. Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
GET /cExTTHgrbmR%2ET0N%2BZW5UUm5%2EbhoSfDApQRMqfnxNFi1%2BeBtEeX51QEZ9fnpPFnVnLU9FL2IqG1JgcXVOR35iek4TYWF1TxNhZ3UeFWExdE8SYWt6SER%2Ban1ARXw1elpcbiA7WlxuIyMUGS86OAEDKSElFxRiOiIeH25%2Ebk1efnER HTTP/1.1
Host: policityseriod.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
date: Mon, 30 Jan 2023 19:30:35 GMT
server: Apache/2.4.38 (Debian)
set-cookie: __tad=1675107035.7421357; expires=Thu, 27-Jan-2033 19:30:35 GMT; Max-Age=315360000
location: http://ww25.policityseriod.info/cExTTHgrbmR%2ET0N%2BZW5UUm5%2EbhoSfDApQRMqfnxNFi1%2BeBtEeX51QEZ9fnpPFnVnLU9FL2IqG1JgcXVOR35iek4TYWF1TxNhZ3UeFWExdE8SYWt6SER%2Ban1ARXw1elpcbiA7WlxuIyMUGS86OAEDKSElFxRiOiIeH25%2Ebk1efnER?subid1=20230131-0630-35b0-b2df-fa746ce9c91c
content-length: 0
content-type: text/html; charset=UTF-8
connection: close
policityseriod.info/
302 Found 0 B IP
ASN #133618 Trellian Pty. Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
POST / HTTP/1.1
Host: policityseriod.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 756
Origin: https://bayfiles.com
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
date: Mon, 30 Jan 2023 19:30:35 GMT
server: Apache/2.4.38 (Debian)
set-cookie: __tad=1675107035.1873277; expires=Thu, 27-Jan-2033 19:30:35 GMT; Max-Age=315360000
location: http://ww25.policityseriod.info/?subid1=20230131-0630-354c-a6c0-cbebbbf6c832
content-length: 0
content-type: text/html; charset=UTF-8
connection: close
policityseriod.info/
302 Found 0 B IP
ASN #133618 Trellian Pty. Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
POST / HTTP/1.1
Host: policityseriod.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bayfiles.com/
Content-Type: text/plain;charset=UTF-8
Origin: https://bayfiles.com
Content-Length: 352
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
date: Mon, 30 Jan 2023 19:30:35 GMT
server: Apache/2.4.38 (Debian)
set-cookie: __tad=1675107035.2105722; expires=Thu, 27-Jan-2033 19:30:35 GMT; Max-Age=315360000
location: http://ww25.policityseriod.info/?subid1=20230131-0630-3596-bfa0-a309f82cfb46
content-length: 0
content-type: text/html; charset=UTF-8
connection: close
policityseriod.info/
302 Found 0 B IP
ASN #133618 Trellian Pty. Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
POST / HTTP/1.1
Host: policityseriod.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bayfiles.com/
Content-Type: text/plain;charset=UTF-8
Origin: https://bayfiles.com
Content-Length: 360
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
date: Mon, 30 Jan 2023 19:30:35 GMT
server: Apache/2.4.38 (Debian)
set-cookie: __tad=1675107035.6284707; expires=Thu, 27-Jan-2033 19:30:35 GMT; Max-Age=315360000
location: http://ww25.policityseriod.info/?subid1=20230131-0630-3585-9858-a31a6f540388
content-length: 0
content-type: text/html; charset=UTF-8
connection: close
policityseriod.info/
302 Found 0 B IP
ASN #133618 Trellian Pty. Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
POST / HTTP/1.1
Host: policityseriod.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bayfiles.com/
Content-Type: text/plain;charset=UTF-8
Origin: https://bayfiles.com
Content-Length: 351
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
date: Mon, 30 Jan 2023 19:30:36 GMT
server: Apache/2.4.38 (Debian)
set-cookie: __tad=1675107036.7687795; expires=Thu, 27-Jan-2033 19:30:36 GMT; Max-Age=315360000
location: http://ww25.policityseriod.info/?subid1=20230131-0630-3690-a22d-99f33813b4e2
content-length: 0
content-type: text/html; charset=UTF-8
connection: close
policityseriod.info/
302 Found 0 B IP
ASN #133618 Trellian Pty. Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
POST / HTTP/1.1
Host: policityseriod.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 400
Origin: https://bayfiles.com
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
date: Mon, 30 Jan 2023 19:30:36 GMT
server: Apache/2.4.38 (Debian)
set-cookie: __tad=1675107036.3907797; expires=Thu, 27-Jan-2033 19:30:36 GMT; Max-Age=315360000
location: http://ww25.policityseriod.info/?subid1=20230131-0630-3677-bc19-d9fc3d3b4784
content-length: 0
content-type: text/html; charset=UTF-8
connection: close
policityseriod.info/
302 Found 0 B IP
ASN #133618 Trellian Pty. Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
POST / HTTP/1.1
Host: policityseriod.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 756
Origin: https://bayfiles.com
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
date: Mon, 30 Jan 2023 19:30:36 GMT
server: Apache/2.4.38 (Debian)
set-cookie: __tad=1675107036.6400851; expires=Thu, 27-Jan-2033 19:30:36 GMT; Max-Age=315360000
location: http://ww25.policityseriod.info/?subid1=20230131-0630-365f-bbb2-3c590fd32a3c
content-length: 0
content-type: text/html; charset=UTF-8
connection: close
policityseriod.info/
302 Found 0 B IP
ASN #133618 Trellian Pty. Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
POST / HTTP/1.1
Host: policityseriod.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 393
Origin: https://bayfiles.com
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
date: Mon, 30 Jan 2023 19:30:36 GMT
server: Apache/2.4.38 (Debian)
set-cookie: __tad=1675107036.4670739; expires=Thu, 27-Jan-2033 19:30:36 GMT; Max-Age=315360000
location: http://ww25.policityseriod.info/?subid1=20230131-0630-36ae-b9c4-81cff95bac2f
content-length: 0
content-type: text/html; charset=UTF-8
connection: close
policityseriod.info/
429 Too Many Requests 117 B IP
ASN #133618 Trellian Pty. Limited
File type HTML document, ASCII text
Hash 2dccf9a2e169c68dd4f3bd5ea163e45e
4ddcf984285a5c544ed1132f5f6efd7a5d01b470
ae138caf8767f7be2fe6f47f1663b0e2e28d903264707aa9b6f73bb7b223902c
Analyzer Verdict Alert fortinet Malware
POST / HTTP/1.1
Host: policityseriod.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bayfiles.com/
Content-Type: text/plain;charset=UTF-8
Origin: https://bayfiles.com
Content-Length: 356
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 429 Too Many Requests
content-length: 117
cache-control: no-cache
content-type: text/html
connection: close
policityseriod.info/
429 Too Many Requests 117 B IP
ASN #133618 Trellian Pty. Limited
File type HTML document, ASCII text
Hash 2dccf9a2e169c68dd4f3bd5ea163e45e
4ddcf984285a5c544ed1132f5f6efd7a5d01b470
ae138caf8767f7be2fe6f47f1663b0e2e28d903264707aa9b6f73bb7b223902c
Analyzer Verdict Alert fortinet Malware
POST / HTTP/1.1
Host: policityseriod.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bayfiles.com/
Content-Type: text/plain;charset=UTF-8
Origin: https://bayfiles.com
Content-Length: 355
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 429 Too Many Requests
content-length: 117
cache-control: no-cache
content-type: text/html
connection: close
policityseriod.info/
429 Too Many Requests 117 B IP
ASN #133618 Trellian Pty. Limited
File type HTML document, ASCII text
Hash 2dccf9a2e169c68dd4f3bd5ea163e45e
4ddcf984285a5c544ed1132f5f6efd7a5d01b470
ae138caf8767f7be2fe6f47f1663b0e2e28d903264707aa9b6f73bb7b223902c
Analyzer Verdict Alert fortinet Malware
POST / HTTP/1.1
Host: policityseriod.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bayfiles.com/
Content-Type: text/plain;charset=UTF-8
Origin: https://bayfiles.com
Content-Length: 740
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 429 Too Many Requests
content-length: 117
cache-control: no-cache
content-type: text/html
connection: close
pogothere.xyz/asd100.bin
200 OK 0 B IP
Analyzer Verdict Alert quad9 Sinkholed
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bayfiles.com/
Origin: https://bayfiles.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 30 Jan 2023 19:30:34 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://bayfiles.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 3471
last-modified: Mon, 30 Jan 2023 18:32:43 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o4zi%2BdU%2BeqXKNihtm7mjPsy9i0oEZu%2BJ2Xp%2FrPH6EqitsVewz3qdjX%2B0NyJ5CISXqPEcubLsm%2FNRXcJ1JAgDGLzm2HkQ28tCJiHZ5VK%2Fd6H9t6PJnEUjC1OaheXCgMz5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 791c9f7769bd7789-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
200 OK 0 B IP
Analyzer Verdict Alert quad9 Sinkholed
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bayfiles.com/
Origin: https://bayfiles.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 30 Jan 2023 19:30:34 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://bayfiles.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 3471
last-modified: Mon, 30 Jan 2023 18:32:43 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ChZkmtyuVWhhWZ%2Fzo6V%2FYSSI%2Br9WtDY6Mw2Uul%2BvZXOVkgCtDy0KLGGaW%2BXaJaIUw7Tk9TrN6PwcPnHqcP%2ByqzREdF5T0A%2FkkALkctHyr%2BH2VfYDvDKklDc6n0GCQ%2BKM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 791c9f7779db7789-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?dsh=S520851555%3A1675107034774832&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHfxLdY29Q44BeHAJ_ws_tIe8-0sPJBqlbWiFRgvAbbWhL1KzrBTCmwLUQhQlDrffRtM4bpHmQ
403 Forbidden 0 B URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S520851555%3A1675107034774832&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHfxLdY29Q44BeHAJ_ws_tIe8-0sPJBqlbWiFRgvAbbWhL1KzrBTCmwLUQhQlDrffRtM4bpHmQ
IP
GET /v3/signin/identifier?dsh=S520851555%3A1675107034774832&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHfxLdY29Q44BeHAJ_ws_tIe8-0sPJBqlbWiFRgvAbbWhL1KzrBTCmwLUQhQlDrffRtM4bpHmQ HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bayfiles.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 30 Jan 2023 19:30:34 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-nS_ccY6VShXQccnPez74vQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi/external"}]}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
pogothere.xyz/
200 OK 0 B IP
Analyzer Verdict Alert quad9 Sinkholed
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bayfiles.com/
Origin: https://bayfiles.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 30 Jan 2023 19:30:34 GMT
content-type: text/plain
set-cookie: csu=1470992636191975@1@1675107034; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://bayfiles.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kxNgr4i3pOa8r1H4Vq9OuvANN91bNVBY%2BKkJ5ddeXLIfFxOEBAd7WFjPIs7Vaq542pYk7tEADxlwwXvMD2D4l%2F9fz7Dxckk5gY5U13GTAsCRW%2B5Pl87%2FS6eQYqxkrk1n"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 791c9f7779e07789-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?dsh=S-1023397279%3A1675107034828499&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHeUVBSrcj0AOd35IYnIhuGQ8GPrYIoBxreGoOsBFKnyW1Pad1tG4Anc-YjoItTb8cbcgpd4bg
403 Forbidden 0 B URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S-1023397279%3A1675107034828499&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHeUVBSrcj0AOd35IYnIhuGQ8GPrYIoBxreGoOsBFKnyW1Pad1tG4Anc-YjoItTb8cbcgpd4bg
IP
GET /v3/signin/identifier?dsh=S-1023397279%3A1675107034828499&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHeUVBSrcj0AOd35IYnIhuGQ8GPrYIoBxreGoOsBFKnyW1Pad1tG4Anc-YjoItTb8cbcgpd4bg HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bayfiles.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 30 Jan 2023 19:30:34 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi/external"}]}
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: script-src 'nonce-_ufjWts_CbKGMKAo01e30Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
195.96.151.60
142.250.74.109
188.114.97.1
23.36.76.226
157.240.205.35
45.154.253.152
103.224.212.220