Report - cdn-114.bayfiles.com/066fZdOayd/51a9e31c-1674231965/Hackhound%200.0.1.4.rar

Report Overview

Submitted URL
cdn-114.bayfiles.com/066fZdOayd/51a9e31c-1674231965/Hackhound%200.0.1.4.rar
IP
195.96.151.66
ASN
#41634 Svea Hosting AB
Submitted
2023-01-21 19:12:16
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
26

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
pogothere.xyz	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.2 kB	106 kB	172.64.133.29
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	56 kB	34.120.237.76
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
vjs.zencdn.net	4968	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	748 B	143 kB	151.101.130.217
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.0 kB	2.4 kB	93.184.220.29
e1.o.lencr.org	6159	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.0 kB	2.2 kB	95.101.11.115
cdn-114.bayfiles.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	910 B	678 B	195.96.151.66
bayfiles.com	376602	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	8.1 kB	168 kB	45.154.253.152
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	54.188.8.97
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	35.241.9.150
policityseriod.info	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	4.6 kB	4.6 kB	103.224.212.220
www.facebook.com	99	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	440 B	3.2 kB	31.13.72.36
qucireideaux.com.ua	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.6 kB	1.7 kB	172.67.196.87
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.0 kB	2.1 kB	216.58.211.3
accounts.google.com	81	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.6 kB	5.4 kB	142.250.74.45
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.0 kB	5.3 kB	95.101.11.115
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	391 B	34.117.237.239
djv99sxoqpv11.cloudfront.net	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.3 kB	101 kB	54.230.245.208
whenmyfe.xyz	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	4.3 kB	8.9 kB	143.204.55.68

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-01-21	medium	djv99sxoqpv11.cloudfront.net/GejlrY0UZVgUFeg5QD15ySQ5YUHZcUxgMKwoELQo3E1peCyA1VDk7Yw5DD151XFUKDSJHHw4NJkcITQIhGARfRTEKVgBeIxBXBQA2GUMAF2MPWFYOKgBQBw8kXwstVmtKHFlTbQ1QBQcqDUpOUXUUTU5RdUsJRVNgSXtOUXUNUAVVcV8KKUZ3SkFdV2BJe0-5RdQhPTlAESwleTXVTHFlTIh9aAAxgSH9ZU3RKCVpTdF8LWwUsCFwNDD1fCy1SdU8XW0UwRwg	Malware
2023-01-21	medium	djv99sxoqpv11.cloudfront.net/YUk9ucFkxIAAWZiYmCk1uZ3ldR290JR0fNyJyIzcsGz8ARD5qPUgEIzZyXlY1MyEJTX83IQ1NaHQuChJkZmkaADY5cggaNzwsHRMjOTtIBThvIgEKMD4jD1VrFHpAQHxgf0YHMDwrAQcqd31eHi13fV5BaXx/S0Mbd31eBzA8eVpVahBqXEAhZHtLQxt3fV-4CL3d8L0FpZ2FeWXxgfwkVOjkgS0IfYH9fQGljf19Va2IpBwI8NCAWVWsUfl5Fd2JpG01o	Malware
2023-01-21	medium	djv99sxoqpv11.cloudfront.net/vdGZnTlcXCQkoaAAPA3NgR1FUfWJSDBQhOQRbHSwDP1MmAWASEAR2PlISHSpqREALLzkTW0ErORdbVmg2EARaenEBB1ojOA4PCyI2UVQhe3lEQ1V+fwMPCSo4AxVCfGcaEkJ8Z0VWSX5yRyRCfGcDDwl4Y1FVJWtlRB5RenJHJEJ8ZwYQQn0WRVZSYGddQ1-V+MBEFDCFyRiBVfmZEVlZ+ZlFUVyg+BgMBIS9RVCF/Z0FIV2giSVc	Malware
2023-01-21	medium	policityseriod.info/Zm0yV1MdT0EgDBMfXnVpRAVGIyMVVx14MQcUVD4%2FAx4cNDwLQkEgfQweEHtxFQBUdWlXQRAjMgEyWzNxXE8FZGRVXwR1f0QeRzUMDwkAdWlED1BnMANUUTF%2BVlhUNn5SDgZifl9VBGZ%2BUFpUbmcHWgc0YgAOECo	Malware
2023-01-21	medium	policityseriod.info/	Malware
2023-01-21	medium	policityseriod.info/eHR3UVQjVkBiY0tGQXN4WlZbczYaRBQ0bRsSWmFhHhVaZTdMQVpobE5FWmdjHk1DMGNNF0Y3N1pYVWMxQBJFN2FKWU41Mh5ZQ2RhHVkWZWxNWU9kME0WEjMyTRJEaHZUVgQmdlRWBz44ERceJS0LEQU4OxxaHj8yF1Zbc2FWRlUM	Malware
2023-01-21	medium	policityseriod.info/	Malware
2023-01-21	medium	policityseriod.info/	Malware
2023-01-21	medium	policityseriod.info/	Malware
2023-01-21	medium	policityseriod.info/	Malware
2023-01-21	medium	policityseriod.info/	Malware
2023-01-21	medium	policityseriod.info/	Malware
2023-01-21	medium	policityseriod.info/	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (14)

	URL	Size	First Seen	Last Seen
	djv99sxoqpv11.cloudfront.net/YUk9ucFkxIAAWZiYmCk1uZ3ldR290JR0fNyJyIzcsGz8ARD5qPUgEIzZyXlY1MyEJTX83IQ1NaHQuChJkZmkaADY5cggaNzwsHRMjOTtIBThvIgEKMD4jD1VrFHpAQHxgf0YHMDwrAQcqd31eHi13fV5BaXx/S0Mbd31eBzA8eVpVahBqXEAhZHtLQxt3fV-4CL3d8L0FpZ2FeWXxgfwkVOjkgS0IfYH9fQGljf19Va2IpBwI8NCAWVWsUfl5Fd2JpG01o	582 B	2023-03-13	2023-03-13
Pretty URL djv99sxoqpv11.cloudfront.net/YUk9ucFkxIAAWZiYmCk1uZ3ldR290JR0fNyJyIzcsGz8ARD5qPUgEIzZyXlY1MyEJTX83IQ1NaHQuChJkZmkaADY5cggaNzwsHRMjOTtIBThvIgEKMD4jD1VrFHpAQHxgf0YHMDwrAQcqd31eHi13fV5BaXx/S0Mbd31eBzA8eVpVahBqXEAhZHtLQxt3fV-4CL3d8L0FpZ2FeWXxgfwkVOjkgS0IfYH9fQGljf19Va2IpBwI8NCAWVWsUfl5Fd2JpG01o IP 54.230.245.208 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 04:58:47 Last Seen2023-03-13 04:58:47 Times Seen1 Hash 259aee645bd384fd7b088f45621001cd 9163e69733f99dbe9578c3753c6e3f82f90c1834 e469f4526bd09ffcea5fd5e6eb06fec16e08634852a8556a32dc4a1277551c4c Loading...

	unknown	0 B	2023-03-07	2024-04-26
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-26 16:16:24 Times Seen37095438 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	bayfiles.com/066fZdOayd	165 B	2023-03-07	2023-03-17
Pretty URL bayfiles.com/066fZdOayd IP 45.154.253.152 ASN #41634 Svea Hosting AB Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10:08 Last Seen2023-03-17 12:44:32 Times Seen1 Hash 20290cd9cab6f6b71f17f6b5d6825825 5cc890406cf9530efb9c6ccb5e10fa9d57157597 b48f25a27a796f93605430f7d52d381269aa0765c92ff975c9062cc9c5464c06 Loading...

	bayfiles.com/066fZdOayd	1.8 kB	2023-03-07	2023-08-07
Pretty URL bayfiles.com/066fZdOayd IP 45.154.253.152 ASN #41634 Svea Hosting AB Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:33 Last Seen2023-08-07 17:15:14 Times Seen811 Hash 222132c7cee7981cc82b3c57684aefe4 988196a7d039385d2a5dec48b60328949be4544b 29c9404d415384cdb3fa69ac2c92d9319f6527112ad2d82fbd27ae52542ac823 Loading...

	vjs.zencdn.net/7.3.0/video.min.js	476 kB	2023-03-07	2024-04-22
Pretty URL vjs.zencdn.net/7.3.0/video.min.js IP 151.101.130.217 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:33 Last Seen2024-04-22 10:30:32 Times Seen1046 Hash 057f19acd50fc7e3ad917dd600889ee5 479d8baad992ec24bf4c3ac8365014be01565219 963ccc559571c588baa7f6d61513b26277c7847c250773e3270c51f5038216fb Loading...

	djv99sxoqpv11.cloudfront.net/?xsvjd=737333	300 kB	2023-03-13	2023-03-13
Pretty URL djv99sxoqpv11.cloudfront.net/?xsvjd=737333 IP 54.230.245.208 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 04:58:47 Last Seen2023-03-13 04:58:47 Times Seen1 Hash f01e5c8db71d7398cd63c0a941c0c857 6dd2cf9a81a08231faa376798a92a1916270bc44 ba6a03870a52081c5ca3bd039bed949f5eb2ff53e4afa6b02252dc8c156725ed Loading...

	whenmyfe.xyz/MXl2RXVQGxUoSlBEFGMAQxVLYEd3XEQDEVsPT3wGSRYHNQMASFgmGV4MEiMHXhcCaxtUDVN3M3YcHCkHaEkjHyNWLDAgEgQoMnRASConcCxkMSwmIEkeOw4CXjw6FBoCPEc1EHIAN3QjdRJBHAIEPTJ0QAAhMBA+dSo8DT1GTTgPHlIwIhQ8WT43FxNjLTMOI1Y7EwwNcyE0FDQDPiMINHdLOxUidyA5DhJzKDQyTVohATYBZxQCDj13FSInJAAoNBQWQD0jNTpkISMQIWRMJCEgQjMkEztWKi4xOmQhIwsgcC8gJiMJMj0QLwIqHQMRZ0s0DxABVEMXEWARJhEZcDwlMhlULS4TIXk/GhE8WUAXBDRJHiUNTGssRRc+ci8GERF3QToSAmQKNQMCfz0ydBNyAEcWEWRBLhJFZA4kMhIXEwUqG0FEMCwHWBpDLRB+FCQd	3.0 kB	2023-03-13	2023-03-13
Pretty URL whenmyfe.xyz/MXl2RXVQGxUoSlBEFGMAQxVLYEd3XEQDEVsPT3wGSRYHNQMASFgmGV4MEiMHXhcCaxtUDVN3M3YcHCkHaEkjHyNWLDAgEgQoMnRASConcCxkMSwmIEkeOw4CXjw6FBoCPEc1EHIAN3QjdRJBHAIEPTJ0QAAhMBA+dSo8DT1GTTgPHlIwIhQ8WT43FxNjLTMOI1Y7EwwNcyE0FDQDPiMINHdLOxUidyA5DhJzKDQyTVohATYBZxQCDj13FSInJAAoNBQWQD0jNTpkISMQIWRMJCEgQjMkEztWKi4xOmQhIwsgcC8gJiMJMj0QLwIqHQMRZ0s0DxABVEMXEWARJhEZcDwlMhlULS4TIXk/GhE8WUAXBDRJHiUNTGssRRc+ci8GERF3QToSAmQKNQMCfz0ydBNyAEcWEWRBLhJFZA4kMhIXEwUqG0FEMCwHWBpDLRB+FCQd IP 143.204.55.68 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 04:58:47 Last Seen2023-03-13 04:58:47 Times Seen1 Hash f9b405a37514779ed02e0973ab73b1bc 7ffa8045ee6e279152d21b67452581cdeec973bf 08ecc3280d06fe67891958a0949f6bf2d1dafb3094f3d49e56cd09a624a09016 Loading...

	djv99sxoqpv11.cloudfront.net/GejlrY0UZVgUFeg5QD15ySQ5YUHZcUxgMKwoELQo3E1peCyA1VDk7Yw5DD151XFUKDSJHHw4NJkcITQIhGARfRTEKVgBeIxBXBQA2GUMAF2MPWFYOKgBQBw8kXwstVmtKHFlTbQ1QBQcqDUpOUXUUTU5RdUsJRVNgSXtOUXUNUAVVcV8KKUZ3SkFdV2BJe0-5RdQhPTlAESwleTXVTHFlTIh9aAAxgSH9ZU3RKCVpTdF8LWwUsCFwNDD1fCy1SdU8XW0UwRwg	756 B	2023-03-13	2023-03-13
Pretty URL djv99sxoqpv11.cloudfront.net/GejlrY0UZVgUFeg5QD15ySQ5YUHZcUxgMKwoELQo3E1peCyA1VDk7Yw5DD151XFUKDSJHHw4NJkcITQIhGARfRTEKVgBeIxBXBQA2GUMAF2MPWFYOKgBQBw8kXwstVmtKHFlTbQ1QBQcqDUpOUXUUTU5RdUsJRVNgSXtOUXUNUAVVcV8KKUZ3SkFdV2BJe0-5RdQhPTlAESwleTXVTHFlTIh9aAAxgSH9ZU3RKCVpTdF8LWwUsCFwNDD1fCy1SdU8XW0UwRwg IP 54.230.245.208 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 04:58:47 Last Seen2023-03-13 04:58:47 Times Seen1 Hash 0051dd2e0978b4baf8759b422dfe22de 5448e695be5300f542f04b633f4e2205afa5a3c0 e1eaaf134a75ba4a086007d923d5d2b8caa0b36c4b9b8c33d22469f76f13b36d Loading...

	bayfiles.com/sw.js	39 kB	2023-03-07	2023-07-03
Pretty URL bayfiles.com/sw.js IP 45.154.253.152 ASN #41634 Svea Hosting AB Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:33 Last Seen2023-07-03 06:06:11 Times Seen235 Hash 964007d2c849e80c42f0598d126ee512 de282c1ab3319bdd9a72d83474115c778a36dc62 f9890628478a7fe67fd6a3a14e8a1a3dfe7d8df69b6c513d2c58331cabf8725b Loading...

	bayfiles.com/066fZdOayd	160 B	2023-03-13	2023-03-13
Pretty URL bayfiles.com/066fZdOayd IP 45.154.253.152 ASN #41634 Svea Hosting AB Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 04:58:47 Last Seen2023-03-13 04:58:47 Times Seen1 Hash 7e727f3ed5342a6364571bee529518f3 8aa78b7bb136cedff369929c329e7abd9cc3afe1 7942f10227a2a4fa31c75930f478475befc3b5ac7bf4371edfa79612afe66cb0 Loading...

	djv99sxoqpv11.cloudfront.net/vdGZnTlcXCQkoaAAPA3NgR1FUfWJSDBQhOQRbHSwDP1MmAWASEAR2PlISHSpqREALLzkTW0ErORdbVmg2EARaenEBB1ojOA4PCyI2UVQhe3lEQ1V+fwMPCSo4AxVCfGcaEkJ8Z0VWSX5yRyRCfGcDDwl4Y1FVJWtlRB5RenJHJEJ8ZwYQQn0WRVZSYGddQ1-V+MBEFDCFyRiBVfmZEVlZ+ZlFUVyg+BgMBIS9RVCF/Z0FIV2giSVc	193 B	2023-03-13	2023-03-13
Pretty URL djv99sxoqpv11.cloudfront.net/vdGZnTlcXCQkoaAAPA3NgR1FUfWJSDBQhOQRbHSwDP1MmAWASEAR2PlISHSpqREALLzkTW0ErORdbVmg2EARaenEBB1ojOA4PCyI2UVQhe3lEQ1V+fwMPCSo4AxVCfGcaEkJ8Z0VWSX5yRyRCfGcDDwl4Y1FVJWtlRB5RenJHJEJ8ZwYQQn0WRVZSYGddQ1-V+MBEFDCFyRiBVfmZEVlZ+ZlFUVyg+BgMBIS9RVCF/Z0FIV2giSVc IP 54.230.245.208 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 04:58:47 Last Seen2023-03-13 04:58:47 Times Seen1 Hash 41faa042f8b2410c89d3e18311774e39 58a68ea67957773dc4fc7961294831990f1d4f26 317f6c68175350c14e519fa1114701a1726c4c8775e62284d44e2b8c4a0148a4 Loading...

	bayfiles.com/066fZdOayd	566 B	2023-03-13	2023-03-13
Pretty URL bayfiles.com/066fZdOayd IP 45.154.253.152 ASN #41634 Svea Hosting AB Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 04:58:47 Last Seen2023-03-13 04:58:47 Times Seen1 Hash bf1f9494dab0dc03b1de8660d60285c0 4d3f296d4762a61aed09542b8235074e6496ee29 3b0fdade5f9304fd7caddc76fd8268909aeaa264a146bbe9b77b149de4365c4e Loading...

	whenmyfe.xyz/c3hWOWwSGjVUUxJFNB8ZARRrHF41XWR/CBkObwAfCxcnSRpCSXhaABwNMl8eHBYiFwIWDHMLKgUcEWMCJxQ1YS8iEzlYLTIoFwoiFCpnfzkVLxxqKDEpPnY9IRoeahs3KGd0ATIvF2opMipkaQA6Kx5qHAIqE3ggPwI9bTtDPSR2PhcaAFQLQT0Xaw0WFhN7LkIXPHYtRygVQCVBLQBoBBZLOnw9Qi5zCy4VDxtpLyAXYngUJTswfg8SPT1zVClIAG4/K00vaxUhOzB+Dzc8IVVYKkkQbyYkDDprLkYqM1cmOzITc1QpDw9oPR1IAWs6KSsPfggXKWcUOlZKFHQuNj4SeioKKj97OhUVDHw6HyJzCy4pFBBsOgofcwsuMR8beyUgQQRvLzVdZH82Qz4fb14UEQVvD1USJVYCA0UsWzg4TRd2WxUONQEF	3.0 kB	2023-03-13	2023-03-13
Pretty URL whenmyfe.xyz/c3hWOWwSGjVUUxJFNB8ZARRrHF41XWR/CBkObwAfCxcnSRpCSXhaABwNMl8eHBYiFwIWDHMLKgUcEWMCJxQ1YS8iEzlYLTIoFwoiFCpnfzkVLxxqKDEpPnY9IRoeahs3KGd0ATIvF2opMipkaQA6Kx5qHAIqE3ggPwI9bTtDPSR2PhcaAFQLQT0Xaw0WFhN7LkIXPHYtRygVQCVBLQBoBBZLOnw9Qi5zCy4VDxtpLyAXYngUJTswfg8SPT1zVClIAG4/K00vaxUhOzB+Dzc8IVVYKkkQbyYkDDprLkYqM1cmOzITc1QpDw9oPR1IAWs6KSsPfggXKWcUOlZKFHQuNj4SeioKKj97OhUVDHw6HyJzCy4pFBBsOgofcwsuMR8beyUgQQRvLzVdZH82Qz4fb14UEQVvD1USJVYCA0UsWzg4TRd2WxUONQEF IP 143.204.55.68 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 04:58:47 Last Seen2023-03-13 04:58:47 Times Seen1 Hash 4ecefd2d883947986c61b2d25d3017e7 7a7c41740c5975d295405120f3e579983ce74108 3eb1b12a9fff81cf1bfcc55fad33af5337f746bc9e94eae028e5010ec827c5f4 Loading...

	whenmyfe.xyz/MEJNZ0ZRIC4KeVF/L0EzQi5wQnR2Z38hIlo0dF41SC08FzABc2MEKl83KQE0Xyw5SShVNmhVAGkXJl4zUwQmHw9xAxo9L2kvDgx3RRh+CyJicHRXDGJyKyk/ejsEHSVDBTdfB2IGeBYWZSUILjxqOxULHwEPNCIMZBp1VA9hcwMGDmE3Dg8MWxggDCdxBhRSJVclLCk8RzEFNQtaDRkTD3IWJREPVwcGKgIEKAlWEEIEBRcHYQo1ACAAGwUqAkcwDDYlQSZ+ViN4K3xUIGZ3DwYeSGd/IRUADy8DdQEnDx0HCCcbFxBRKg8WHnUDJT0ORA4cHzIDJBtKcnMOfgN+fHILFxwCBCgwHkglKxAtZg0nDCFjcgQBH3h7KzYBXCgrVn9mI38uNnI1BF8IcwMaMRFDFysLc3Ymfy02d3J8CGBaMSIJNg0PChIPQCx5AH5C	3.0 kB	2023-03-13	2023-03-13
Pretty URL whenmyfe.xyz/MEJNZ0ZRIC4KeVF/L0EzQi5wQnR2Z38hIlo0dF41SC08FzABc2MEKl83KQE0Xyw5SShVNmhVAGkXJl4zUwQmHw9xAxo9L2kvDgx3RRh+CyJicHRXDGJyKyk/ejsEHSVDBTdfB2IGeBYWZSUILjxqOxULHwEPNCIMZBp1VA9hcwMGDmE3Dg8MWxggDCdxBhRSJVclLCk8RzEFNQtaDRkTD3IWJREPVwcGKgIEKAlWEEIEBRcHYQo1ACAAGwUqAkcwDDYlQSZ+ViN4K3xUIGZ3DwYeSGd/IRUADy8DdQEnDx0HCCcbFxBRKg8WHnUDJT0ORA4cHzIDJBtKcnMOfgN+fHILFxwCBCgwHkglKxAtZg0nDCFjcgQBH3h7KzYBXCgrVn9mI38uNnI1BF8IcwMaMRFDFysLc3Ymfy02d3J8CGBaMSIJNg0PChIPQCx5AH5C IP 143.204.55.68 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 04:58:47 Last Seen2023-03-13 04:58:47 Times Seen1 Hash 7ffa272a59b84684a341e9a6a50609b2 e5f1ab19300e8a6d4dc1b23e5af7db2c9f864166 7d6528d5878a6c48cf34463d4636735835db9ac35f966517b50161569c9588b3 Loading...

HTTP Transactions (80)

URL IP Response Size

cdn-114.bayfiles.com/066fZdOayd/51a9e31c-1674231965/Hackhound%200.0.1.4.rar

195.96.151.66

301 Moved Permanently

162 B

URL HTTP/1.1
cdn-114.bayfiles.com/066fZdOayd/51a9e31c-1674231965/Hackhound%200.0.1.4.rar
IP
195.96.151.66:0
ASN
#41634 Svea Hosting AB

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
162 B (162 bytes)
Hash
4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

HTTP Headers

GET /066fZdOayd/51a9e31c-1674231965/Hackhound%200.0.1.4.rar HTTP/1.1
Host: cdn-114.bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 21 Jan 2023 19:12:05 GMT
Content-Type: text/html
Content-Length: 162
Connection: close
Location: https://cdn-114.bayfiles.com/066fZdOayd/51a9e31c-1674231965/Hackhound%200.0.1.4.rar

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
20d267853e48ef7d476459ed67da5d97
06d1bd08efd69c0e93486d3c423fa2640f372d29
24323cd45ca2ed01c63f908233d9b2ad5bb6f63394884c45bf6abb0221d0edd6

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "24323CD45CA2ED01C63F908233D9B2AD5BB6F63394884C45BF6ABB0221D0EDD6"
Last-Modified: Fri, 20 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11497
Expires: Sat, 21 Jan 2023 22:23:42 GMT
Date: Sat, 21 Jan 2023 19:12:05 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
4714c95a0c854e38f9be444f9343bf14
07ce5eb635448f2b3bafbe51e4dfeef47cdf4f7b
4d47e08c9afb704096e93a51f6e95c0dc7c7bc31e67ded39998ff37ed56e0965

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4D47E08C9AFB704096E93A51F6E95C0DC7C7BC31E67DED39998FF37ED56E0965"
Last-Modified: Sat, 21 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15646
Expires: Sat, 21 Jan 2023 23:32:51 GMT
Date: Sat, 21 Jan 2023 19:12:05 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Alert, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 21 Jan 2023 18:49:39 GMT
content-type: application/json
age: 1346
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
17094b856fde02b2c8c2d3845ad325cf
26dc3f2ebf81faf5ab96eb75ffcbead6085528b8
6547376c41dcaa352cc4e747291916902bcddc0032b750bd84c5e3b2fe6f7d16

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6547376C41DCAA352CC4E747291916902BCDDC0032B750BD84C5E3B2FE6F7D16"
Last-Modified: Sat, 21 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6985
Expires: Sat, 21 Jan 2023 21:08:30 GMT
Date: Sat, 21 Jan 2023 19:12:05 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: OwrMxJ22rWfYNg45y3DJsOVXjcBpnMdNFIZrS9OuCwFBKIDa0wjBu64IaI526IpN/DP6i/kt9Og=
x-amz-request-id: MFF15DPJ7WY8GKBT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 21 Jan 2023 18:18:06 GMT
age: 3239
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

cdn-114.bayfiles.com/066fZdOayd/51a9e31c-1674231965/Hackhound%200.0.1.4.rar

195.96.151.66

301 Moved Permanently

0 B

URL HTTP/1.1
cdn-114.bayfiles.com/066fZdOayd/51a9e31c-1674231965/Hackhound%200.0.1.4.rar
IP
195.96.151.66:0
ASN
#41634 Svea Hosting AB

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /066fZdOayd/51a9e31c-1674231965/Hackhound%200.0.1.4.rar HTTP/1.1
Host: cdn-114.bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 21 Jan 2023 19:12:05 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Location: https://bayfiles.com/066fZdOayd
X-Cache-Host: filecache-03
X-Cache-Disk: nvme-01
Accept-Ranges: bytes

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 21 Jan 2023 19:12:05 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
6142e7e86a97c260fdcb01d4184bbcb4
73ced503d9802f8eb528b0de05ce4e4da8050847
b3068bdc0dbf15a85d70c11324278817925053178d3c0288d40d5134bb27e060

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B3068BDC0DBF15A85D70C11324278817925053178D3C0288D40D5134BB27E060"
Last-Modified: Fri, 20 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9710
Expires: Sat, 21 Jan 2023 21:53:55 GMT
Date: Sat, 21 Jan 2023 19:12:05 GMT
Connection: keep-alive

bayfiles.com/066fZdOayd

45.154.253.152

200 OK

2.8 kB

URL HTTP/1.1
bayfiles.com/066fZdOayd
IP
45.154.253.152:0
ASN
#41634 Svea Hosting AB

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (610)
Size
2.8 kB (2833 bytes)
Hash
b2c04025a419c14c1ce2d7102e824d39
43e79a24a72004c8648b3b0bfa4f9ebbca8c5bac
174ebbbcbbdd535c7ea01c16d239e5a3315d47007816bdff34312ecf2de040ae

HTTP Headers

GET /066fZdOayd HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 21 Jan 2023 19:12:05 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
x-vdc: Yes
cache-control: public, max-age=60
x-oe: N
Content-Encoding: gzip

bayfiles.com/css/bayfiles.css?1668606177

45.154.253.152

200 OK

25 kB

URL HTTP/1.1
bayfiles.com/css/bayfiles.css?1668606177
IP
45.154.253.152:0
ASN
#41634 Svea Hosting AB

File type
ASCII text, with very long lines (65452)
Size
25 kB (25354 bytes)
Hash
896df88019eabed295bc78a2f053ab92
1bca351d99600fb10583eb28c638dd58482535a0
b1555a31747d1f471ea748a1363cf9c588d66dd15dcf42cf7fa0b2911d0424d0

HTTP Headers

GET /css/bayfiles.css?1668606177 HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/066fZdOayd
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 21 Jan 2023 19:12:05 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
cache-control: public, max-age=3600
x-oe: Y
x-oh: 1503
Content-Encoding: gzip

bayfiles.com/sw.js

45.154.253.152

200 OK

14 kB

URL HTTP/1.1
bayfiles.com/sw.js
IP
45.154.253.152:0
ASN
#41634 Svea Hosting AB

File type
ASCII text, with very long lines (39060), with no line terminators
Size
14 kB (14388 bytes)
Hash
fefdeff3180d9772f08a2cadce9a55b0
5610f0290b7f4c81c57a65703825fc2830aeac96
0009589421c540c0b0ee37fde74f5373962096bc8e9869a953b4cb59547a8f61

HTTP Headers

GET /sw.js HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/066fZdOayd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 21 Jan 2023 19:12:05 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
x-vdch: Yes
cache-control: public, max-age=14400
x-oe: Y
x-oh: 4116
Content-Encoding: gzip

bayfiles.com/js/app.js?1668606177

45.154.253.152

200 OK

58 kB

URL HTTP/1.1
bayfiles.com/js/app.js?1668606177
IP
45.154.253.152:0
ASN
#41634 Svea Hosting AB

File type
ASCII text, with very long lines (63238)
Size
58 kB (57886 bytes)
Hash
ba67ff13fd07739a7037fbc27b2a1955
3e253f69b2f12659c541de122c6bce0ed82ba369
1cb363c41be4b3558b7b97b28bb7620cf532033c8a7a0035020831c104aaf818

HTTP Headers

GET /js/app.js?1668606177 HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/066fZdOayd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 21 Jan 2023 19:12:05 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
cache-control: public, max-age=3600
x-oe: Y
x-oh: 713
Content-Encoding: gzip

vjs.zencdn.net/7.3.0/video-js.min.css

151.101.130.217

200 OK

9.7 kB

URL HTTP/2
vjs.zencdn.net/7.3.0/video-js.min.css
IP
151.101.130.217:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (35998), with no line terminators
Size
9.7 kB (9673 bytes)
Hash
3397ce943db8add2728dccd9a3b8b8bc
a57bbb7546a458fe57d72d06baab950125260cc9
5779043d07e39f23d64752c34c3113055eaaadf57fcd02f366cb028485e626ba

HTTP Headers

GET /7.3.0/video-js.min.css HTTP/1.1
Host: vjs.zencdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
last-modified: Fri, 26 Oct 2018 18:06:27 GMT
etag: "895e6b29db41953ef6197815c6be59d3"
cache-control: public, max-age=31536000
content-type: text/css; charset=utf-8
content-encoding: gzip
date: Sat, 21 Jan 2023 19:12:05 GMT
x-served-by: cache-bma1645-BMA
x-cache: HIT
x-cache-hits: 10337
vary: Accept-Encoding
access-control-allow-origin: *
timing-allow-origin: *
content-length: 9673
X-Firefox-Spdy: h2

bayfiles.com/img/flags/24/in.png

45.154.253.152

200 OK

593 B

URL HTTP/1.1
bayfiles.com/img/flags/24/in.png
IP
45.154.253.152:0
ASN
#41634 Svea Hosting AB

File type
PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Size
593 B (593 bytes)
Hash
ccaf96cfc341dc9a17e24b96bef223ff
8791d6db6628e0fb21b847ab94484f0c615e38ac
728e008d94e2e3bae2679d50a051562f1ccce1fd604196c7880a3d96f3070354

HTTP Headers

GET /img/flags/24/in.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/066fZdOayd
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 21 Jan 2023 19:12:05 GMT
Content-Type: image/png
Content-Length: 593
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 1525
accept-ranges: bytes

vjs.zencdn.net/7.3.0/video.min.js

151.101.130.217

200 OK

132 kB

URL HTTP/2
vjs.zencdn.net/7.3.0/video.min.js
IP
151.101.130.217:0
ASN
#54113 FASTLY

File type
Unicode text, UTF-8 text, with very long lines (65141)
Size
132 kB (132230 bytes)
Hash
e296d874aca2a1550b409394be51efaa
c184c030e9aab3d03de27bc588919e249d5ccdf7
401c15b7916797f936e9d8443945ef22e0f93305655c057a92c8d9b80c327c9f

HTTP Headers

GET /7.3.0/video.min.js HTTP/1.1
Host: vjs.zencdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
last-modified: Fri, 26 Oct 2018 18:06:27 GMT
etag: "057f19acd50fc7e3ad917dd600889ee5"
cache-control: public, max-age=31536000
content-type: application/javascript; charset=utf-8
content-encoding: gzip
date: Sat, 21 Jan 2023 19:12:05 GMT
x-served-by: cache-bma1645-BMA
x-cache: HIT
x-cache-hits: 132600
vary: Accept-Encoding
access-control-allow-origin: *
timing-allow-origin: *
content-length: 132230
X-Firefox-Spdy: h2

bayfiles.com/img/flags/24/kr.png

45.154.253.152

200 OK

988 B

URL HTTP/1.1
bayfiles.com/img/flags/24/kr.png
IP
45.154.253.152:0
ASN
#41634 Svea Hosting AB

File type
PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Size
988 B (988 bytes)
Hash
cb22f00511d088a71e84f8c1c864caed
6599812ed106bda6017487287e12bc836570649f
09a03e08c73db3d8fb50241f004b69d673ec8ea90a6ca7252d66ce821d0b6db1

HTTP Headers

GET /img/flags/24/kr.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/066fZdOayd
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 21 Jan 2023 19:12:05 GMT
Content-Type: image/png
Content-Length: 988
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 1407
accept-ranges: bytes

djv99sxoqpv11.cloudfront.net/?xsvjd=737333

54.230.245.208

200 OK

98 kB

URL HTTP/2
djv99sxoqpv11.cloudfront.net/?xsvjd=737333
IP
54.230.245.208:0
ASN
#16509 AMAZON-02

File type
Unicode text, UTF-8 text, with very long lines (15948)
Size
98 kB (98160 bytes)
Hash
b67ce845779295f5d62282ff70cd0ff6
16e40064bf9f0d2f89fac3a6660b5e732f5c90c6
4fcc687ce2e72d437d5cb8f54f0579af120ca1e914cb3e0a34b752a2c2080861

HTTP Headers

GET /?xsvjd=737333 HTTP/1.1
Host: djv99sxoqpv11.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-length: 98160
date: Sat, 21 Jan 2023 19:12:05 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Miss from cloudfront
via: 1.1 b2b04ca80b95df6bc86478a1bf96b7cc.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: MWDV08CZXpjvi8JfvGrWZzYKDM_-Wxr9ijK-o0YADTCXi38Yv9jeTw==
X-Firefox-Spdy: h2

bayfiles.com/img/flags/24/jp.png

45.154.253.152

200 OK

599 B

URL HTTP/1.1
bayfiles.com/img/flags/24/jp.png
IP
45.154.253.152:0
ASN
#41634 Svea Hosting AB

File type
PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Size
599 B (599 bytes)
Hash
857f6f0e0886a3729b758b7241e42e61
a7be973a93c6ad51cf07a9f21a5dd72cc3e15680
8e7b1cd46120293756d1f21bac4de809d2895c7c26dc7586e3e2a09a0f7c1d64

HTTP Headers

GET /img/flags/24/jp.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/066fZdOayd
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 21 Jan 2023 19:12:05 GMT
Content-Type: image/png
Content-Length: 599
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 1467
accept-ranges: bytes

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Expires, Pragma, Content-Type, Backoff, Last-Modified, Cache-Control, ETag
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 21 Jan 2023 18:48:58 GMT
age: 1388
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

bayfiles.com/img/flags/24/dk.png

45.154.253.152

200 OK

537 B

URL HTTP/1.1
bayfiles.com/img/flags/24/dk.png
IP
45.154.253.152:0
ASN
#41634 Svea Hosting AB

File type
PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Size
537 B (537 bytes)
Hash
b6ebe55a7d176720cd2b1003298187a8
930858408b9af1f79c430bbe15c185db555a7815
07575cf7a8d7d2b8edfbea80f8e8a228ecc56a03a567bc60c0ef4dc6ac0f328a

HTTP Headers

GET /img/flags/24/dk.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/066fZdOayd
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 21 Jan 2023 19:12:06 GMT
Content-Type: image/png
Content-Length: 537
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 1437
accept-ranges: bytes

bayfiles.com/img/file/filetypes/ext/rar.png?1663359761

45.154.253.152

200 OK

631 B

URL HTTP/1.1
bayfiles.com/img/file/filetypes/ext/rar.png?1663359761
IP
45.154.253.152:0
ASN
#41634 Svea Hosting AB

File type
PNG image data, 16 x 16, 8-bit colormap, non-interlaced\012- data
Size
631 B (631 bytes)
Hash
d33954367bc5d15c7f0e01857e7ae8ea
b8b5ba4e52c439feed2b51c7f982be6f4dee3aae
a6f8963dd8d602e135e8b860b7e48badfd78c2b1bef9ec362a39ce2fc484606f

HTTP Headers

GET /img/file/filetypes/ext/rar.png?1663359761 HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/066fZdOayd
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 21 Jan 2023 19:12:06 GMT
Content-Type: image/png
Content-Length: 631
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 109
accept-ranges: bytes

whenmyfe.xyz/MXl2RXVQGxUoSlBEFGMAQxVLYEd3XEQDEVsPT3wGSRYHNQMASFgmGV4MEiMHXhcCaxtUDVN3M3YcHCkHaEkjHyNWLDAgEgQoMnRASConcCxkMSwmIEkeOw4CXjw6FBoCPEc1EHIAN3QjdRJBHAIEPTJ0QAAhMBA+dSo8DT1GTTgPHlIwIhQ8WT43FxNjLTMOI1Y7EwwNcyE0FDQDPiMINHdLOxUidyA5DhJzKDQyTVohATYBZxQCDj13FSInJAAoNBQWQD0jNTpkISMQIWRMJCEgQjMkEztWKi4xOmQhIwsgcC8gJiMJMj0QLwIqHQMRZ0s0DxABVEMXEWARJhEZcDwlMhlULS4TIXk/GhE8WUAXBDRJHiUNTGssRRc+ci8GERF3QToSAmQKNQMCfz0ydBNyAEcWEWRBLhJFZA4kMhIXEwUqG0FEMCwHWBpDLRB+FCQd

143.204.55.68

200 OK

1.2 kB

URL HTTP/2
whenmyfe.xyz/MXl2RXVQGxUoSlBEFGMAQxVLYEd3XEQDEVsPT3wGSRYHNQMASFgmGV4MEiMHXhcCaxtUDVN3M3YcHCkHaEkjHyNWLDAgEgQoMnRASConcCxkMSwmIEkeOw4CXjw6FBoCPEc1EHIAN3QjdRJBHAIEPTJ0QAAhMBA+dSo8DT1GTTgPHlIwIhQ8WT43FxNjLTMOI1Y7EwwNcyE0FDQDPiMINHdLOxUidyA5DhJzKDQyTVohATYBZxQCDj13FSInJAAoNBQWQD0jNTpkISMQIWRMJCEgQjMkEztWKi4xOmQhIwsgcC8gJiMJMj0QLwIqHQMRZ0s0DxABVEMXEWARJhEZcDwlMhlULS4TIXk/GhE8WUAXBDRJHiUNTGssRRc+ci8GERF3QToSAmQKNQMCfz0ydBNyAEcWEWRBLhJFZA4kMhIXEwUqG0FEMCwHWBpDLRB+FCQd
IP
143.204.55.68:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3041), with no line terminators
Size
1.2 kB (1190 bytes)
Hash
f098bbc7597b2ef77be6e1dfb30b9501
6275a03a430eea186d1cde56a7c4d5bd90321e13
12ecab5605c0f93ccb0bad91559de923918f543ba33c43a21e1cf1fd4d1d5b08

HTTP Headers

GET /MXl2RXVQGxUoSlBEFGMAQxVLYEd3XEQDEVsPT3wGSRYHNQMASFgmGV4MEiMHXhcCaxtUDVN3M3YcHCkHaEkjHyNWLDAgEgQoMnRASConcCxkMSwmIEkeOw4CXjw6FBoCPEc1EHIAN3QjdRJBHAIEPTJ0QAAhMBA+dSo8DT1GTTgPHlIwIhQ8WT43FxNjLTMOI1Y7EwwNcyE0FDQDPiMINHdLOxUidyA5DhJzKDQyTVohATYBZxQCDj13FSInJAAoNBQWQD0jNTpkISMQIWRMJCEgQjMkEztWKi4xOmQhIwsgcC8gJiMJMj0QLwIqHQMRZ0s0DxABVEMXEWARJhEZcDwlMhlULS4TIXk/GhE8WUAXBDRJHiUNTGssRRc+ci8GERF3QToSAmQKNQMCfz0ydBNyAEcWEWRBLhJFZA4kMhIXEwUqG0FEMCwHWBpDLRB+FCQd HTTP/1.1
Host: whenmyfe.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/html
content-length: 1190
date: Sat, 21 Jan 2023 19:12:06 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 96c778ce6156d12f24b8b6cdaa0cbf66.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 7QJ9Yp0Ht4ug9aVZIUKICbU7B9v5DD1sUYwKHvgU4w7aynNOA-1fXA==
X-Firefox-Spdy: h2

qucireideaux.com.ua/ZVd6VVBKaBkmbQECCmYKMQE+MwU/NDg+AlwDSwQXNGQSEAYkBlwhOQFqTWZnVmRJcyAMM0dkdhYjGyElFmpLczkLMRVodhNqS3tjUXlJZH5XcQ9oYUMjCjQ3WGZcJSQRO0dkZlJjSWdoVmVPZGZS

172.67.196.87

204 No Content

0 B

URL HTTP/2
qucireideaux.com.ua/ZVd6VVBKaBkmbQECCmYKMQE+MwU/NDg+AlwDSwQXNGQSEAYkBlwhOQFqTWZnVmRJcyAMM0dkdhYjGyElFmpLczkLMRVodhNqS3tjUXlJZH5XcQ9oYUMjCjQ3WGZcJSQRO0dkZlJjSWdoVmVPZGZS
IP
172.67.196.87:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ZVd6VVBKaBkmbQECCmYKMQE+MwU/NDg+AlwDSwQXNGQSEAYkBlwhOQFqTWZnVmRJcyAMM0dkdhYjGyElFmpLczkLMRVodhNqS3tjUXlJZH5XcQ9oYUMjCjQ3WGZcJSQRO0dkZlJjSWdoVmVPZGZS HTTP/1.1
Host: qucireideaux.com.ua
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 204 No Content
date: Sat, 21 Jan 2023 19:12:06 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Fh7nMdizccpmHLff37otMduhfbiVu5CrwdCjk8D%2FK%2BqvLXaHSED0yDBYHGbt4bY6OUURLr8FZHNABKaxNHh8TvvJnRLlKtFQvwV%2FVjh%2BRW4dUpJf%2BxRKMzWcVpVDSMlPJ5Cy4KAz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78d25c067f260b39-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
fc96297d0b59147e8f6052b16f1ca13f
23aeddfa143bb9be19b2ed06f2024a3a8aa120ce
034327c6ada560c662f451f3c95cd8531482d4ab51629e95875fab54c8f3e49a

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5238
Cache-Control: max-age=141720
Content-Type: application/ocsp-response
Date: Sat, 21 Jan 2023 19:12:06 GMT
Etag: "63cbab28-1d7"
Expires: Mon, 23 Jan 2023 10:34:06 GMT
Last-Modified: Sat, 21 Jan 2023 09:06:48 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471

whenmyfe.xyz/MEJNZ0ZRIC4KeVF/L0EzQi5wQnR2Z38hIlo0dF41SC08FzABc2MEKl83KQE0Xyw5SShVNmhVAGkXJl4zUwQmHw9xAxo9L2kvDgx3RRh+CyJicHRXDGJyKyk/ejsEHSVDBTdfB2IGeBYWZSUILjxqOxULHwEPNCIMZBp1VA9hcwMGDmE3Dg8MWxggDCdxBhRSJVclLCk8RzEFNQtaDRkTD3IWJREPVwcGKgIEKAlWEEIEBRcHYQo1ACAAGwUqAkcwDDYlQSZ+ViN4K3xUIGZ3DwYeSGd/IRUADy8DdQEnDx0HCCcbFxBRKg8WHnUDJT0ORA4cHzIDJBtKcnMOfgN+fHILFxwCBCgwHkglKxAtZg0nDCFjcgQBH3h7KzYBXCgrVn9mI38uNnI1BF8IcwMaMRFDFysLc3Ymfy02d3J8CGBaMSIJNg0PChIPQCx5AH5C

143.204.55.68

200 OK

1.2 kB

URL HTTP/2
whenmyfe.xyz/MEJNZ0ZRIC4KeVF/L0EzQi5wQnR2Z38hIlo0dF41SC08FzABc2MEKl83KQE0Xyw5SShVNmhVAGkXJl4zUwQmHw9xAxo9L2kvDgx3RRh+CyJicHRXDGJyKyk/ejsEHSVDBTdfB2IGeBYWZSUILjxqOxULHwEPNCIMZBp1VA9hcwMGDmE3Dg8MWxggDCdxBhRSJVclLCk8RzEFNQtaDRkTD3IWJREPVwcGKgIEKAlWEEIEBRcHYQo1ACAAGwUqAkcwDDYlQSZ+ViN4K3xUIGZ3DwYeSGd/IRUADy8DdQEnDx0HCCcbFxBRKg8WHnUDJT0ORA4cHzIDJBtKcnMOfgN+fHILFxwCBCgwHkglKxAtZg0nDCFjcgQBH3h7KzYBXCgrVn9mI38uNnI1BF8IcwMaMRFDFysLc3Ymfy02d3J8CGBaMSIJNg0PChIPQCx5AH5C
IP
143.204.55.68:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3036), with no line terminators
Size
1.2 kB (1189 bytes)
Hash
0d59064ba6b6b45a75b970c6413c7ffe
65ee151ce577f256de048fd6564d171da71547f9
d16ad3bb7eadd78f67b748a0ed789ce828bc60fef30c477ee2297702380522a1

HTTP Headers

GET /MEJNZ0ZRIC4KeVF/L0EzQi5wQnR2Z38hIlo0dF41SC08FzABc2MEKl83KQE0Xyw5SShVNmhVAGkXJl4zUwQmHw9xAxo9L2kvDgx3RRh+CyJicHRXDGJyKyk/ejsEHSVDBTdfB2IGeBYWZSUILjxqOxULHwEPNCIMZBp1VA9hcwMGDmE3Dg8MWxggDCdxBhRSJVclLCk8RzEFNQtaDRkTD3IWJREPVwcGKgIEKAlWEEIEBRcHYQo1ACAAGwUqAkcwDDYlQSZ+ViN4K3xUIGZ3DwYeSGd/IRUADy8DdQEnDx0HCCcbFxBRKg8WHnUDJT0ORA4cHzIDJBtKcnMOfgN+fHILFxwCBCgwHkglKxAtZg0nDCFjcgQBH3h7KzYBXCgrVn9mI38uNnI1BF8IcwMaMRFDFysLc3Ymfy02d3J8CGBaMSIJNg0PChIPQCx5AH5C HTTP/1.1
Host: whenmyfe.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: text/html
content-length: 1189
date: Sat, 21 Jan 2023 19:12:06 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 96c778ce6156d12f24b8b6cdaa0cbf66.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: oTK5X9ZKUpytUAsUwYUwao5IBbw1_89D8SxUM934CGbqFxIaJ6NdHA==
X-Firefox-Spdy: h2

whenmyfe.xyz/c3hWOWwSGjVUUxJFNB8ZARRrHF41XWR/CBkObwAfCxcnSRpCSXhaABwNMl8eHBYiFwIWDHMLKgUcEWMCJxQ1YS8iEzlYLTIoFwoiFCpnfzkVLxxqKDEpPnY9IRoeahs3KGd0ATIvF2opMipkaQA6Kx5qHAIqE3ggPwI9bTtDPSR2PhcaAFQLQT0Xaw0WFhN7LkIXPHYtRygVQCVBLQBoBBZLOnw9Qi5zCy4VDxtpLyAXYngUJTswfg8SPT1zVClIAG4/K00vaxUhOzB+Dzc8IVVYKkkQbyYkDDprLkYqM1cmOzITc1QpDw9oPR1IAWs6KSsPfggXKWcUOlZKFHQuNj4SeioKKj97OhUVDHw6HyJzCy4pFBBsOgofcwsuMR8beyUgQQRvLzVdZH82Qz4fb14UEQVvD1USJVYCA0UsWzg4TRd2WxUONQEF

143.204.55.68

200 OK

1.2 kB

URL HTTP/2
whenmyfe.xyz/c3hWOWwSGjVUUxJFNB8ZARRrHF41XWR/CBkObwAfCxcnSRpCSXhaABwNMl8eHBYiFwIWDHMLKgUcEWMCJxQ1YS8iEzlYLTIoFwoiFCpnfzkVLxxqKDEpPnY9IRoeahs3KGd0ATIvF2opMipkaQA6Kx5qHAIqE3ggPwI9bTtDPSR2PhcaAFQLQT0Xaw0WFhN7LkIXPHYtRygVQCVBLQBoBBZLOnw9Qi5zCy4VDxtpLyAXYngUJTswfg8SPT1zVClIAG4/K00vaxUhOzB+Dzc8IVVYKkkQbyYkDDprLkYqM1cmOzITc1QpDw9oPR1IAWs6KSsPfggXKWcUOlZKFHQuNj4SeioKKj97OhUVDHw6HyJzCy4pFBBsOgofcwsuMR8beyUgQQRvLzVdZH82Qz4fb14UEQVvD1USJVYCA0UsWzg4TRd2WxUONQEF
IP
143.204.55.68:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3022), with no line terminators
Size
1.2 kB (1176 bytes)
Hash
938e10d30422207c87289c8941f48588
50374e044355088ae4e585233cf33afda6adce9d
a23eafd6d7e4a6483d5e2346e1ee29a0181fbee9878e9e848ef20770ef03fa5c

HTTP Headers

GET /c3hWOWwSGjVUUxJFNB8ZARRrHF41XWR/CBkObwAfCxcnSRpCSXhaABwNMl8eHBYiFwIWDHMLKgUcEWMCJxQ1YS8iEzlYLTIoFwoiFCpnfzkVLxxqKDEpPnY9IRoeahs3KGd0ATIvF2opMipkaQA6Kx5qHAIqE3ggPwI9bTtDPSR2PhcaAFQLQT0Xaw0WFhN7LkIXPHYtRygVQCVBLQBoBBZLOnw9Qi5zCy4VDxtpLyAXYngUJTswfg8SPT1zVClIAG4/K00vaxUhOzB+Dzc8IVVYKkkQbyYkDDprLkYqM1cmOzITc1QpDw9oPR1IAWs6KSsPfggXKWcUOlZKFHQuNj4SeioKKj97OhUVDHw6HyJzCy4pFBBsOgofcwsuMR8beyUgQQRvLzVdZH82Qz4fb14UEQVvD1USJVYCA0UsWzg4TRd2WxUONQEF HTTP/1.1
Host: whenmyfe.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: text/html
content-length: 1176
date: Sat, 21 Jan 2023 19:12:06 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 96c778ce6156d12f24b8b6cdaa0cbf66.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: HNto3GxHTekgy92z9EZx96m6U8pCW7bakzdN04sB5A0OxMO7P59IKQ==
X-Firefox-Spdy: h2

qucireideaux.com.ua/NmtrNlkZVAhFZGJaA2IPY15OBB9vPBtfPQVSH1c0fE5ZdD8EHwBsAVVNH189C1xeAGoBXU1GMFJWWQ9/RR8KQixFVloQMFgNBAt/QFZaGGkYXVsYaBAeVgd/QhsKUWQHTRtCLVpWWgBuAlhZDmoEXloObA

172.67.196.87

204 No Content

0 B

URL HTTP/2
qucireideaux.com.ua/NmtrNlkZVAhFZGJaA2IPY15OBB9vPBtfPQVSH1c0fE5ZdD8EHwBsAVVNH189C1xeAGoBXU1GMFJWWQ9/RR8KQixFVloQMFgNBAt/QFZaGGkYXVsYaBAeVgd/QhsKUWQHTRtCLVpWWgBuAlhZDmoEXloObA
IP
172.67.196.87:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /NmtrNlkZVAhFZGJaA2IPY15OBB9vPBtfPQVSH1c0fE5ZdD8EHwBsAVVNH189C1xeAGoBXU1GMFJWWQ9/RR8KQixFVloQMFgNBAt/QFZaGGkYXVsYaBAeVgd/QhsKUWQHTRtCLVpWWgBuAlhZDmoEXloObA HTTP/1.1
Host: qucireideaux.com.ua
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
date: Sat, 21 Jan 2023 19:12:06 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XIefaCAi5mQZKMEH0hjqfhjBpLD0W1v5LKIaXxF5j8WrFvGOep0J6CW1OYJgJu9WlIblM0iF3Gmc2Bjhp%2BTn8bcjw1aGMhQlpb0iI2TtZA2%2FpOvfO4GtoE23rcveigL09We7L7q%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78d25c06af550b39-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

qucireideaux.com.ua/V2JoOEp4XQtLdwNQIlMfEFNebhwBCj9wPgM6P3ooMVMqaisBBU5MIzNfXwt9ZFFdHjo+BlUJcnERHFk+IhFVCWw+DA5Xd3EUVQlkZ0xaFnhxF1UJbCMSCV93ZkQYTD47X1kOfWNRWgB5ZVdZAXk

172.67.196.87

204 No Content

0 B

URL HTTP/2
qucireideaux.com.ua/V2JoOEp4XQtLdwNQIlMfEFNebhwBCj9wPgM6P3ooMVMqaisBBU5MIzNfXwt9ZFFdHjo+BlUJcnERHFk+IhFVCWw+DA5Xd3EUVQlkZ0xaFnhxF1UJbCMSCV93ZkQYTD47X1kOfWNRWgB5ZVdZAXk
IP
172.67.196.87:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /V2JoOEp4XQtLdwNQIlMfEFNebhwBCj9wPgM6P3ooMVMqaisBBU5MIzNfXwt9ZFFdHjo+BlUJcnERHFk+IhFVCWw+DA5Xd3EUVQlkZ0xaFnhxF1UJbCMSCV93ZkQYTD47X1kOfWNRWgB5ZVdZAXk HTTP/1.1
Host: qucireideaux.com.ua
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
date: Sat, 21 Jan 2023 19:12:06 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bhvlS9UvaxwWXYHfG290yo34WY8Dxl1ilw8U40%2BXob0b4wZ%2Fthbs7mm7QdumKIkT3KWYLl4kgakWPa%2FFs49QUHEbnwASUg0W27Tk%2FvrMZV1VeY5toHc1Vv2zAZdiQsp6DosvQvij"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78d25c06bf5b0b39-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

bayfiles.com/static/logo.png

45.154.253.152

200 OK

39 kB

URL HTTP/1.1
bayfiles.com/static/logo.png
IP
45.154.253.152:0
ASN
#41634 Svea Hosting AB

File type
PNG image data, 292 x 251, 8-bit/color RGBA, non-interlaced\012- data
Size
39 kB (38607 bytes)
Hash
d39dfc9566d5264e198224dc249dd6bb
67ec60e7df6257a32f41e45e6877dc65f036ef0f
0b959f7dd25865a8a0636b6bb81d523c07fb03f76905313b9b8d677ae294b25a

HTTP Headers

GET /static/logo.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/066fZdOayd
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 21 Jan 2023 19:12:06 GMT
Content-Type: image/png
Content-Length: 38607
Connection: keep-alive
last-modified: Wed, 16 Nov 2022 12:55:21 GMT
etag: "6374ddb9-96cf"

bayfiles.com/img/flags/24/se.png

45.154.253.152

200 OK

581 B

URL HTTP/1.1
bayfiles.com/img/flags/24/se.png
IP
45.154.253.152:0
ASN
#41634 Svea Hosting AB

File type
PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Size
581 B (581 bytes)
Hash
c9b1e40987c4411b4a7d13c07a8843aa
cfce93be3ba77e4e30033d25e2e5c6a37da1b27d
8c04b3b52d605637bb4c6a26449c45e5320a3f33f14e8c737ce599433bc19f14

HTTP Headers

GET /img/flags/24/se.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/066fZdOayd
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 21 Jan 2023 19:12:06 GMT
Content-Type: image/png
Content-Length: 581
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 1540
accept-ranges: bytes

push.services.mozilla.com/

54.188.8.97

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.188.8.97:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: I4G2ztk08M6qB1RChVT5dA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: lE//JVa5bHaMjd88K+KJvy4Kig8=

bayfiles.com/img/flags/24/br.png

45.154.253.152

200 OK

1.1 kB

URL HTTP/1.1
bayfiles.com/img/flags/24/br.png
IP
45.154.253.152:0
ASN
#41634 Svea Hosting AB

File type
PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Size
1.1 kB (1115 bytes)
Hash
6a5938d2e7f7d6f4026d6eb1b4b4f2cd
7a038177fe4deec455d61d3e9c90019fa4727d40
0ab6c46e677fa7e49b6344fcde39c06ff6c014d9163571cdb36f8b5fc59c17eb

HTTP Headers

GET /img/flags/24/br.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/066fZdOayd
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 21 Jan 2023 19:12:06 GMT
Content-Type: image/png
Content-Length: 1115
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 1521
accept-ranges: bytes

djv99sxoqpv11.cloudfront.net/GejlrY0UZVgUFeg5QD15ySQ5YUHZcUxgMKwoELQo3E1peCyA1VDk7Yw5DD151XFUKDSJHHw4NJkcITQIhGARfRTEKVgBeIxBXBQA2GUMAF2MPWFYOKgBQBw8kXwstVmtKHFlTbQ1QBQcqDUpOUXUUTU5RdUsJRVNgSXtOUXUNUAVVcV8KKUZ3SkFdV2BJe0-5RdQhPTlAESwleTXVTHFlTIh9aAAxgSH9ZU3RKCVpTdF8LWwUsCFwNDD1fCy1SdU8XW0UwRwg

54.230.245.208

200 OK

537 B

URL HTTP/2
djv99sxoqpv11.cloudfront.net/GejlrY0UZVgUFeg5QD15ySQ5YUHZcUxgMKwoELQo3E1peCyA1VDk7Yw5DD151XFUKDSJHHw4NJkcITQIhGARfRTEKVgBeIxBXBQA2GUMAF2MPWFYOKgBQBw8kXwstVmtKHFlTbQ1QBQcqDUpOUXUUTU5RdUsJRVNgSXtOUXUNUAVVcV8KKUZ3SkFdV2BJe0-5RdQhPTlAESwleTXVTHFlTIh9aAAxgSH9ZU3RKCVpTdF8LWwUsCFwNDD1fCy1SdU8XW0UwRwg
IP
54.230.245.208:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (756), with no line terminators
Size
537 B (537 bytes)
Hash
88992497edb25c54341d3015f2b0ceb7
f64073340d1ab6e58a3b7c3320cb8dfc1dc2cd31
6ec28806dd09621f6237aab03cf297212585da82fa37c7f73544c8ae0919b741

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /GejlrY0UZVgUFeg5QD15ySQ5YUHZcUxgMKwoELQo3E1peCyA1VDk7Yw5DD151XFUKDSJHHw4NJkcITQIhGARfRTEKVgBeIxBXBQA2GUMAF2MPWFYOKgBQBw8kXwstVmtKHFlTbQ1QBQcqDUpOUXUUTU5RdUsJRVNgSXtOUXUNUAVVcV8KKUZ3SkFdV2BJe0-5RdQhPTlAESwleTXVTHFlTIh9aAAxgSH9ZU3RKCVpTdF8LWwUsCFwNDD1fCy1SdU8XW0UwRwg HTTP/1.1
Host: djv99sxoqpv11.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://whenmyfe.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-length: 537
date: Sat, 21 Jan 2023 19:12:06 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 b2b04ca80b95df6bc86478a1bf96b7cc.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 2yf6hovV1LYqvkAIW171mv_LWj4uIm36WVb0t4X_MFfwm6_d0F00sA==
X-Firefox-Spdy: h2

djv99sxoqpv11.cloudfront.net/YUk9ucFkxIAAWZiYmCk1uZ3ldR290JR0fNyJyIzcsGz8ARD5qPUgEIzZyXlY1MyEJTX83IQ1NaHQuChJkZmkaADY5cggaNzwsHRMjOTtIBThvIgEKMD4jD1VrFHpAQHxgf0YHMDwrAQcqd31eHi13fV5BaXx/S0Mbd31eBzA8eVpVahBqXEAhZHtLQxt3fV-4CL3d8L0FpZ2FeWXxgfwkVOjkgS0IfYH9fQGljf19Va2IpBwI8NCAWVWsUfl5Fd2JpG01o

54.230.245.208

200 OK

445 B

URL HTTP/2
djv99sxoqpv11.cloudfront.net/YUk9ucFkxIAAWZiYmCk1uZ3ldR290JR0fNyJyIzcsGz8ARD5qPUgEIzZyXlY1MyEJTX83IQ1NaHQuChJkZmkaADY5cggaNzwsHRMjOTtIBThvIgEKMD4jD1VrFHpAQHxgf0YHMDwrAQcqd31eHi13fV5BaXx/S0Mbd31eBzA8eVpVahBqXEAhZHtLQxt3fV-4CL3d8L0FpZ2FeWXxgfwkVOjkgS0IfYH9fQGljf19Va2IpBwI8NCAWVWsUfl5Fd2JpG01o
IP
54.230.245.208:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (582), with no line terminators
Size
445 B (445 bytes)
Hash
8ddfdddb56b9527996d8431d1da34ef1
6865a3395c48aee92914fcd6d50177dfd54437b4
9d78bf2df7c7ed7a25d8ea05fb6c7b757314b4cd8780db2811b9a505594e2862

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /YUk9ucFkxIAAWZiYmCk1uZ3ldR290JR0fNyJyIzcsGz8ARD5qPUgEIzZyXlY1MyEJTX83IQ1NaHQuChJkZmkaADY5cggaNzwsHRMjOTtIBThvIgEKMD4jD1VrFHpAQHxgf0YHMDwrAQcqd31eHi13fV5BaXx/S0Mbd31eBzA8eVpVahBqXEAhZHtLQxt3fV-4CL3d8L0FpZ2FeWXxgfwkVOjkgS0IfYH9fQGljf19Va2IpBwI8NCAWVWsUfl5Fd2JpG01o HTTP/1.1
Host: djv99sxoqpv11.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://whenmyfe.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-length: 445
date: Sat, 21 Jan 2023 19:12:06 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 b2b04ca80b95df6bc86478a1bf96b7cc.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: QjWHVq6W17yfD0ObuF0tIjPLeC6Q4RfD7gb_l5XRJZo5_raXbOsP5w==
X-Firefox-Spdy: h2

djv99sxoqpv11.cloudfront.net/vdGZnTlcXCQkoaAAPA3NgR1FUfWJSDBQhOQRbHSwDP1MmAWASEAR2PlISHSpqREALLzkTW0ErORdbVmg2EARaenEBB1ojOA4PCyI2UVQhe3lEQ1V+fwMPCSo4AxVCfGcaEkJ8Z0VWSX5yRyRCfGcDDwl4Y1FVJWtlRB5RenJHJEJ8ZwYQQn0WRVZSYGddQ1-V+MBEFDCFyRiBVfmZEVlZ+ZlFUVyg+BgMBIS9RVCF/Z0FIV2giSVc

54.230.245.208

200 OK

186 B

URL HTTP/2
djv99sxoqpv11.cloudfront.net/vdGZnTlcXCQkoaAAPA3NgR1FUfWJSDBQhOQRbHSwDP1MmAWASEAR2PlISHSpqREALLzkTW0ErORdbVmg2EARaenEBB1ojOA4PCyI2UVQhe3lEQ1V+fwMPCSo4AxVCfGcaEkJ8Z0VWSX5yRyRCfGcDDwl4Y1FVJWtlRB5RenJHJEJ8ZwYQQn0WRVZSYGddQ1-V+MBEFDCFyRiBVfmZEVlZ+ZlFUVyg+BgMBIS9RVCF/Z0FIV2giSVc
IP
54.230.245.208:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
186 B (186 bytes)
Hash
224c7e0b13a7df888c7d80e2c4f0867a
622f8d10948c800c041be24bb784956731def21d
1333f5eb0a18d0fe3da95581acae679bf530a587cdd387070e6bea98a1f3c31d

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /vdGZnTlcXCQkoaAAPA3NgR1FUfWJSDBQhOQRbHSwDP1MmAWASEAR2PlISHSpqREALLzkTW0ErORdbVmg2EARaenEBB1ojOA4PCyI2UVQhe3lEQ1V+fwMPCSo4AxVCfGcaEkJ8Z0VWSX5yRyRCfGcDDwl4Y1FVJWtlRB5RenJHJEJ8ZwYQQn0WRVZSYGddQ1-V+MBEFDCFyRiBVfmZEVlZ+ZlFUVyg+BgMBIS9RVCF/Z0FIV2giSVc HTTP/1.1
Host: djv99sxoqpv11.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://whenmyfe.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-length: 186
date: Sat, 21 Jan 2023 19:12:06 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 b2b04ca80b95df6bc86478a1bf96b7cc.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: KTt3Kq0K-c1hgdp-p5fSA1O7RCWoIzUoZZWQMLAZ_g0s1D1Ze0m9fA==
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
dcdddfd345b551b9e9ec6a6589593143
abbbe8b9f885f2aa6aa3dac8f02f53838820093d
eea846007db10cbfc97140f0c825be37377ff2b18ae330be8a85e370d9b3d661

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EEA846007DB10CBFC97140F0C825BE37377FF2B18AE330BE8A85E370D9B3D661"
Last-Modified: Sat, 21 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11312
Expires: Sat, 21 Jan 2023 22:20:38 GMT
Date: Sat, 21 Jan 2023 19:12:06 GMT
Connection: keep-alive

bayfiles.com/img/flags/24/us.png

45.154.253.152

200 OK

656 B

URL HTTP/1.1
bayfiles.com/img/flags/24/us.png
IP
45.154.253.152:0
ASN
#41634 Svea Hosting AB

File type
PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Size
656 B (656 bytes)
Hash
ae506a6c014bfeb8d8cbfdfbe94c14c9
f4e74440c4e79e71959b9b8f799f2e8a7e15b7ee
bc6dd978e70894c8a0148e6806f4fde9566ee59349adb03c02a61a3b2e25b6f1

HTTP Headers

GET /img/flags/24/us.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/066fZdOayd
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 21 Jan 2023 19:12:06 GMT
Content-Type: image/png
Content-Length: 656
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 1592
accept-ranges: bytes

bayfiles.com/img/flags/24/fr.png

45.154.253.152

200 OK

536 B

URL HTTP/1.1
bayfiles.com/img/flags/24/fr.png
IP
45.154.253.152:0
ASN
#41634 Svea Hosting AB

File type
PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Size
536 B (536 bytes)
Hash
e81efecf1a1b1d3a17d00a904c5cc3c9
1203894dbfc8363302dc709d852c05a4dd8bf9dc
54df4beda3ad05d5c621511ff15b2882588ff457e36132035d5f21fb29f2a750

HTTP Headers

GET /img/flags/24/fr.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/066fZdOayd
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 21 Jan 2023 19:12:06 GMT
Content-Type: image/png
Content-Length: 536
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 1500
accept-ranges: bytes

policityseriod.info/Zm0yV1MdT0EgDBMfXnVpRAVGIyMVVx14MQcUVD4%2FAx4cNDwLQkEgfQweEHtxFQBUdWlXQRAjMgEyWzNxXE8FZGRVXwR1f0QeRzUMDwkAdWlED1BnMANUUTF%2BVlhUNn5SDgZifl9VBGZ%2BUFpUbmcHWgc0YgAOECo

103.224.212.220

404 Not Found

196 B

URL HTTP/1.1
policityseriod.info/Zm0yV1MdT0EgDBMfXnVpRAVGIyMVVx14MQcUVD4%2FAx4cNDwLQkEgfQweEHtxFQBUdWlXQRAjMgEyWzNxXE8FZGRVXwR1f0QeRzUMDwkAdWlED1BnMANUUTF%2BVlhUNn5SDgZifl9VBGZ%2BUFpUbmcHWgc0YgAOECo
IP
103.224.212.220:0
ASN
#133618 Trellian Pty. Limited

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
196 B (196 bytes)
Hash
62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /Zm0yV1MdT0EgDBMfXnVpRAVGIyMVVx14MQcUVD4%2FAx4cNDwLQkEgfQweEHtxFQBUdWlXQRAjMgEyWzNxXE8FZGRVXwR1f0QeRzUMDwkAdWlED1BnMANUUTF%2BVlhUNn5SDgZifl9VBGZ%2BUFpUbmcHWgc0YgAOECo HTTP/1.1
Host: policityseriod.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 404 Not Found
date: Sat, 21 Jan 2023 19:12:06 GMT
server: Apache/2.4.38 (Debian)
content-length: 196
content-type: text/html; charset=iso-8859-1
connection: close

bayfiles.com/img/flags/24/ru.png

45.154.253.152

200 OK

403 B

URL HTTP/1.1
bayfiles.com/img/flags/24/ru.png
IP
45.154.253.152:0
ASN
#41634 Svea Hosting AB

File type
PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Size
403 B (403 bytes)
Hash
d8df89b036e6afb48f72d2440831bad0
04abb4b29dae9c6f1ac0f1d8a507aabe26a3be35
2db4b55326c0ef7cd3caf53e835ae1f38629da1d1c2f5a127e0785165b16078c

HTTP Headers

GET /img/flags/24/ru.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/066fZdOayd
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 21 Jan 2023 19:12:06 GMT
Content-Type: image/png
Content-Length: 403
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 1416
accept-ranges: bytes

bayfiles.com/img/flags/24/no.png

45.154.253.152

200 OK

611 B

URL HTTP/1.1
bayfiles.com/img/flags/24/no.png
IP
45.154.253.152:0
ASN
#41634 Svea Hosting AB

File type
PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Size
611 B (611 bytes)
Hash
f14ac70aa6dd4d371671c0e6d7cba4e3
1139e3acd6e073bffb59157cbc10af72ed757218
9a4473862ea2b9bd1c5e1543900416e693b33516cae53fde32e1c3a83d3382e4

HTTP Headers

GET /img/flags/24/no.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/066fZdOayd
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 21 Jan 2023 19:12:07 GMT
Content-Type: image/png
Content-Length: 611
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 1597
accept-ranges: bytes

bayfiles.com/img/flags/24/es.png

45.154.253.152

200 OK

666 B

URL HTTP/1.1
bayfiles.com/img/flags/24/es.png
IP
45.154.253.152:0
ASN
#41634 Svea Hosting AB

File type
PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Size
666 B (666 bytes)
Hash
5fa381a8eb16d9e673d32980e7fd1710
fc29fbbebe97109ef1d16a0d4a65637d6b725ac8
7b6f223153c8eda1b541326f9cd66aeb53a28801c58c4de751fd2f9f6f1d96ff

HTTP Headers

GET /img/flags/24/es.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/066fZdOayd
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 21 Jan 2023 19:12:07 GMT
Content-Type: image/png
Content-Length: 666
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 1965
accept-ranges: bytes

bayfiles.com/img/flags/24/fi.png

45.154.253.152

200 OK

456 B

URL HTTP/1.1
bayfiles.com/img/flags/24/fi.png
IP
45.154.253.152:0
ASN
#41634 Svea Hosting AB

File type
PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Size
456 B (456 bytes)
Hash
0ea9115d18d5210d4f1db520881faa3a
09829c2b7b5e4bae28d62b1dff90220f28c3bdf5
544fee9d1bff8bc83865ab87538924de207ebe4848787496c7308b91b539b6da

HTTP Headers

GET /img/flags/24/fi.png HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/066fZdOayd
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 21 Jan 2023 19:12:07 GMT
Content-Type: image/png
Content-Length: 456
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 1423
accept-ranges: bytes

bayfiles.com/sw.js?eHR3UVQjVkBiY0tGQXN4WlZbczYaRBQ0bRsSWmFhHhVaZTdMQVpobE5FWmdjHk1DMGNNF0Y3N1pYVWMxQBJFN2FKWU41Mh5ZQ2RhHVkWZWxNWU9kME0WEjMyTRJEaHZUVgQmdlRWBz44ERceJS0LEQU4OxxaHj8yF1Zbc2FWRlUM

45.154.253.152

200 OK

14 kB

URL HTTP/1.1
bayfiles.com/sw.js?eHR3UVQjVkBiY0tGQXN4WlZbczYaRBQ0bRsSWmFhHhVaZTdMQVpobE5FWmdjHk1DMGNNF0Y3N1pYVWMxQBJFN2FKWU41Mh5ZQ2RhHVkWZWxNWU9kME0WEjMyTRJEaHZUVgQmdlRWBz44ERceJS0LEQU4OxxaHj8yF1Zbc2FWRlUM
IP
45.154.253.152:0
ASN
#41634 Svea Hosting AB

File type
ASCII text, with very long lines (39060), with no line terminators
Size
14 kB (14388 bytes)
Hash
fefdeff3180d9772f08a2cadce9a55b0
5610f0290b7f4c81c57a65703825fc2830aeac96
0009589421c540c0b0ee37fde74f5373962096bc8e9869a953b4cb59547a8f61

HTTP Headers

GET /sw.js?eHR3UVQjVkBiY0tGQXN4WlZbczYaRBQ0bRsSWmFhHhVaZTdMQVpobE5FWmdjHk1DMGNNF0Y3N1pYVWMxQBJFN2FKWU41Mh5ZQ2RhHVkWZWxNWU9kME0WEjMyTRJEaHZUVgQmdlRWBz44ERceJS0LEQU4OxxaHj8yF1Zbc2FWRlUM HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 21 Jan 2023 19:12:07 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
x-vdch: Yes
cache-control: public, max-age=14400
x-oe: Y
x-oh: 3068
Content-Encoding: gzip

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
983410dffbd2f6609e689d468279cad3
9ed22350a720ebff727059fa19538dd721252f31
0f772ca05a2b10e54f9d9ba798c555e777461c5d5270b5355df7c303af07297d

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4088
Cache-Control: max-age=163949
Content-Type: application/ocsp-response
Date: Sat, 21 Jan 2023 19:12:07 GMT
Etag: "63cc067c-1d7"
Expires: Mon, 23 Jan 2023 16:44:36 GMT
Last-Modified: Sat, 21 Jan 2023 15:36:28 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
0c188c0de01f738785de33959c65ab67
6576d300a988fc1e6d43907e3c822f5926e5a904
cedc7c1461c6252e4e8251301e0f78ef7496aaa9a4a807ff32f6d5123ce9ed5c

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 21 Jan 2023 19:12:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

policityseriod.info/

103.224.212.220

302 Found

35 B

URL HTTP/1.1
policityseriod.info/
IP
103.224.212.220:0
ASN
#133618 Trellian Pty. Limited

File type
GIF image data, version 89a, 1 x 1\012- data
Size
35 B (35 bytes)
Hash
28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

POST / HTTP/1.1
Host: policityseriod.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 388
Origin: https://bayfiles.com
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 302 Found
date: Sat, 21 Jan 2023 19:12:07 GMT
server: Apache/2.4.38 (Debian)
set-cookie: __tad=1674328327.3334887; expires=Tue, 18-Jan-2033 19:12:07 GMT; Max-Age=315360000
location: http://ww25.policityseriod.info/?subid1=20230122-0612-07df-b6bf-faebc209c5ca
content-length: 0
content-type: text/html; charset=UTF-8
connection: close

e1.o.lencr.org/

95.101.11.115

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
a4145f366c8821b63468b429024be32b
4d70d9d3ee9cddab6ece56ed47b1bad0f041e2b5
c3eca71c1f0886fd7049e98722e31e86c12bb7cc8c4c768803673a517216c11c

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "C3ECA71C1F0886FD7049E98722E31E86C12BB7CC8C4C768803673A517216C11C"
Last-Modified: Sat, 21 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8942
Expires: Sat, 21 Jan 2023 21:41:09 GMT
Date: Sat, 21 Jan 2023 19:12:07 GMT
Connection: keep-alive

e1.o.lencr.org/

95.101.11.115

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
a4145f366c8821b63468b429024be32b
4d70d9d3ee9cddab6ece56ed47b1bad0f041e2b5
c3eca71c1f0886fd7049e98722e31e86c12bb7cc8c4c768803673a517216c11c

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "C3ECA71C1F0886FD7049E98722E31E86C12BB7CC8C4C768803673A517216C11C"
Last-Modified: Sat, 21 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8942
Expires: Sat, 21 Jan 2023 21:41:09 GMT
Date: Sat, 21 Jan 2023 19:12:07 GMT
Connection: keep-alive

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
0c188c0de01f738785de33959c65ab67
6576d300a988fc1e6d43907e3c822f5926e5a904
cedc7c1461c6252e4e8251301e0f78ef7496aaa9a4a807ff32f6d5123ce9ed5c

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 21 Jan 2023 19:12:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

whenmyfe.xyz/utx?cb=u71HU8tF43Tc&top=bayfiles.com&tid=756376

143.204.55.68

204 No Content

0 B

URL HTTP/2
whenmyfe.xyz/utx?cb=u71HU8tF43Tc&top=bayfiles.com&tid=756376
IP
143.204.55.68:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /utx?cb=u71HU8tF43Tc&top=bayfiles.com&tid=756376 HTTP/1.1
Host: whenmyfe.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bayfiles.com
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
date: Sat, 21 Jan 2023 19:12:07 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://bayfiles.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sat, 21 Jan 2023 19:13:07 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 96c778ce6156d12f24b8b6cdaa0cbf66.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: lsqQcctUSkcCNgLfF9TA-UG3Y5mmROzP3rcda-Jmf7BT9phK3VMw2w==
X-Firefox-Spdy: h2

whenmyfe.xyz/utx?cb=luZLcWmq1zB0&top=bayfiles.com&tid=737333

143.204.55.68

204 No Content

0 B

URL HTTP/2
whenmyfe.xyz/utx?cb=luZLcWmq1zB0&top=bayfiles.com&tid=737333
IP
143.204.55.68:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /utx?cb=luZLcWmq1zB0&top=bayfiles.com&tid=737333 HTTP/1.1
Host: whenmyfe.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bayfiles.com
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
date: Sat, 21 Jan 2023 19:12:07 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://bayfiles.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sat, 21 Jan 2023 19:13:07 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 96c778ce6156d12f24b8b6cdaa0cbf66.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Yodcn4YE7WQ2X_hptAIcORATRocNX4W01vqlGBH3LlFcBVNmTqz_hg==
X-Firefox-Spdy: h2

whenmyfe.xyz/multi?cs=MzR1VUYDDUxifwMBTGJ2AwdCZX8&abt=0&red=1&sm=76&k=&v=1.0.60.1&sts=0&prn=0&emb=0&tid=756376&rxy=1280_1024&fs=1&ref=https%3A%2F%2Fbayfiles.com%2F066fZdOayd&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&_JKs9=1674328325764&crc=1

143.204.55.68

200 OK

1.5 kB

URL HTTP/2
whenmyfe.xyz/multi?cs=MzR1VUYDDUxifwMBTGJ2AwdCZX8&abt=0&red=1&sm=76&k=&v=1.0.60.1&sts=0&prn=0&emb=0&tid=756376&rxy=1280_1024&fs=1&ref=https%3A%2F%2Fbayfiles.com%2F066fZdOayd&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&_JKs9=1674328325764&crc=1
IP
143.204.55.68:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (3247), with no line terminators
Size
1.5 kB (1515 bytes)
Hash
675bdd3f751a33abbb831868fd105a5e
a1f81adc3a28ea25238754ce0329342de3cfc25a
104e7fb90d81575d6a493cd83c2097dc07673e95700f18feb90bceae66393e33

HTTP Headers

GET /multi?cs=MzR1VUYDDUxifwMBTGJ2AwdCZX8&abt=0&red=1&sm=76&k=&v=1.0.60.1&sts=0&prn=0&emb=0&tid=756376&rxy=1280_1024&fs=1&ref=https%3A%2F%2Fbayfiles.com%2F066fZdOayd&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&_JKs9=1674328325764&crc=1 HTTP/1.1
Host: whenmyfe.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bayfiles.com
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: text/plain
content-length: 1515
date: Sat, 21 Jan 2023 19:12:07 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://bayfiles.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=436eeb4c-a369-456f-ae25-41e7f4373bf7
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 96c778ce6156d12f24b8b6cdaa0cbf66.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: CvA8aAf60pxelyorNOJzZsIhr6vYUyxVeAutjXMgSxh6gJ46sTRMjQ==
X-Firefox-Spdy: h2

accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail

142.250.74.45

302 Found

395 B

URL HTTP/2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP
142.250.74.45:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (380)
Size
395 B (395 bytes)
Hash
1d4fc80c247e0d8214de6bdcc3d88a4a
baa9346d24eb25bf0d3a26f1daa0a3642a195b3d
1af4ce5454bb49e87f57b8480935b46ec0d08c21b23ba3c8e2db54a82652bec4

HTTP Headers

GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 21 Jan 2023 19:12:07 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-704365115%3A1674328327521193&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHfYI5vgqfjAxHCRYZWzFPIMC0aawhVqq8Fkh_nyvLmfIAkLjdSe9DezfqsXqW2msPbG6sHy4w
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-2WHqanN3MXFlFk0KJlGKMA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 395
server: GSE
set-cookie: __Host-GAPS=1:wmeOjcEsiT3j8ySTwd6Jzc3nD36WbA:8Ep-cU_UDXE6Qyqm;Path=/;Expires=Mon, 20-Jan-2025 19:12:07 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

bayfiles.com/img/favicon/favicon-32x32-bayfiles.png?1663359761

45.154.253.152

200 OK

1.4 kB

URL HTTP/1.1
bayfiles.com/img/favicon/favicon-32x32-bayfiles.png?1663359761
IP
45.154.253.152:0
ASN
#41634 Svea Hosting AB

File type
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Size
1.4 kB (1368 bytes)
Hash
9549584e9288a5dd9d163daa26a6f34d
0c7a71967bd4570770aa9b1043a1d82cd8969252
d18e625001a778074faea9e00ae801988818827c121732ba020390e84897578e

HTTP Headers

GET /img/favicon/favicon-32x32-bayfiles.png?1663359761 HTTP/1.1
Host: bayfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/066fZdOayd
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 21 Jan 2023 19:12:07 GMT
Content-Type: image/png
Content-Length: 1368
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 331
accept-ranges: bytes

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
9046bdd3634f2cfb8ace7c326c4af05f
d92d1610bbcc211f0648ec87b5aee6a562f606db
eea88fe2aaabd085058e3cf139e8780e1ddeff62e4fb94d6eeabe512a309d8ac

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 21 Jan 2023 19:12:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube

142.250.74.45

302 Found

396 B

URL HTTP/2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP
142.250.74.45:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (385)
Size
396 B (396 bytes)
Hash
46022bb0c5e154e595d2fb498e2b7004
15709ed3ae7bef3a122d6ade16300b367c943db6
182ace121674924f7628e4847f883745de19b0025600e133970c104624557287

HTTP Headers

GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 21 Jan 2023 19:12:07 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-1760858373%3A1674328327572887&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHdzApR0qP-FuG70uNxyhqF6VR4ItLNsrGy1fFzjSCl_6ujcvMwGma4OCkyed6N3XjUhGoIcAw
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-4nL3EhUbzzEC30fcGYy01A' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 396
server: GSE
set-cookie: __Host-GAPS=1:h1PnCBoWJ2A2QlD0OR9-lnGYQmHvqQ:dZfZp-3OG78mjAe1;Path=/;Expires=Mon, 20-Jan-2025 19:12:07 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
983410dffbd2f6609e689d468279cad3
9ed22350a720ebff727059fa19538dd721252f31
0f772ca05a2b10e54f9d9ba798c555e777461c5d5270b5355df7c303af07297d

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4088
Cache-Control: max-age=163949
Content-Type: application/ocsp-response
Date: Sat, 21 Jan 2023 19:12:07 GMT
Etag: "63cc067c-1d7"
Expires: Mon, 23 Jan 2023 16:44:36 GMT
Last-Modified: Sat, 21 Jan 2023 15:36:28 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471

e1.o.lencr.org/

95.101.11.115

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
a4145f366c8821b63468b429024be32b
4d70d9d3ee9cddab6ece56ed47b1bad0f041e2b5
c3eca71c1f0886fd7049e98722e31e86c12bb7cc8c4c768803673a517216c11c

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "C3ECA71C1F0886FD7049E98722E31E86C12BB7CC8C4C768803673A517216C11C"
Last-Modified: Sat, 21 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8942
Expires: Sat, 21 Jan 2023 21:41:09 GMT
Date: Sat, 21 Jan 2023 19:12:07 GMT
Connection: keep-alive

pogothere.xyz/asd100.bin

172.64.133.29

200 OK

103 kB

URL HTTP/2
pogothere.xyz/asd100.bin
IP
172.64.133.29:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
103 kB (102903 bytes)
Hash
4be1932e83f55bb6b252ac7d76f13675
2f70c80c611e6176e95460cf684004f409bbbd65
782ecddc3171b334fd4f8b71ab43cb5c0e9b4f95dc00bf7a50b768325d9fc2ac

HTTP Headers

GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bayfiles.com/
Origin: https://bayfiles.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 21 Jan 2023 19:12:07 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://bayfiles.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 1141
last-modified: Sat, 21 Jan 2023 18:53:06 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wt34McY%2F3wbny6PSoRdY%2BxxxnvlnBAJUXIb3I%2Be%2FqDYvxmBVE9nWRdjryKusxgItevedU%2FTNINfjoTJDBnpVptUUOcgr03AZ1BO0s4Z2SnLLFfwpk4aJJay53jNJmzCI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78d25c0ef9a87725-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

pogothere.xyz/

172.64.133.29

200 OK

530 B

URL HTTP/2
pogothere.xyz/
IP
172.64.133.29:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with no line terminators
Size
530 B (530 bytes)
Hash
623c795bf527acd309a61f710d4257f4
6b9d6891db837c0763a72a2ccf2327b84fd4e626
9d04d83805d2b9a2c3fde947375872132062f0e4a332bbb4c6d411320ee52297

HTTP Headers

GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bayfiles.com/
Origin: https://bayfiles.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 21 Jan 2023 19:12:07 GMT
content-type: text/plain
set-cookie: csu=594651995677691@1@1674328327; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://bayfiles.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=deAOwuNDP4%2Bmd5xTIhLa7bN764iTdMw%2FpVp%2FDpWnk8BIhzBYrYYGse%2BqPWx0dP7ydu3fWipQXPVp899ZC8q1xvdAXcW9op25CGKmO7jNKGzB4bxBMcqhxYTFAzbWlcP%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78d25c0ef99c7725-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a618971ebc90b5698ddbabc4637e3345
f920b73a7c9b57d77194ba8ba406664d8469b6b6
f7c66c647552a10c53d758e1eedd450226c969b0001a25a616773d57f10e16bf

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F7C66C647552A10C53D758E1EEDD450226C969B0001A25A616773D57F10E16BF"
Last-Modified: Sat, 21 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9626
Expires: Sat, 21 Jan 2023 21:52:34 GMT
Date: Sat, 21 Jan 2023 19:12:08 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcee2448b-66c5-48e7-89de-838393cf3f07.jpeg

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcee2448b-66c5-48e7-89de-838393cf3f07.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (11562 bytes)
Hash
b08ef55971faa2683ab9f2af8a11dcec
a46c748cccb714f05a068c2438181328b4fbd57a
1d073abf25fbea2d85f34076eae47f9e89502846815094f5288b8e80762a8fe4

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcee2448b-66c5-48e7-89de-838393cf3f07.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11562
x-amzn-requestid: c3864d3b-caaa-4c44-a4bd-9339d0eede69
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e-E1UGw4IAMFtyQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c8b4ee-703e32aa596019d42680e599;Sampled=0
x-amzn-remapped-date: Thu, 19 Jan 2023 03:11:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: ZxoIRkRgzS5Hp0D9gzxOiTg3GatK8zSCIokF3NWUghEUmePltkYVRQ==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 a847181d425b7fc57e81eb3c800bfdf2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 21 Jan 2023 03:38:02 GMT
age: 56046
etag: "a46c748cccb714f05a068c2438181328b4fbd57a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2483cdb0-11a4-4485-97f3-022536b4d47c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.5 kB (9483 bytes)
Hash
0a41ea6abc6acb3f9e5b7f80b6488ed0
57fb10e4322a224cd45703728620200cf048d4fe
6ecf38193503c54e8586d227290a9736222092d56a91f0a11d58bebb46a477c4

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2483cdb0-11a4-4485-97f3-022536b4d47c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9483
x-amzn-requestid: ad75f1ce-dabd-489a-a171-930d60d39e6d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e7O1CG5EIAMFjfg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c791b9-14db19d55fc2f01a7ee9bade;Sampled=0
x-amzn-remapped-date: Wed, 18 Jan 2023 06:29:13 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 0o4ZhCtXBcV1Idl8ycX8Z95l8_R6pEQAexo22TVEGPdKqeRw2OZSDA==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 20 Jan 2023 19:36:49 GMT
age: 84919
etag: "57fb10e4322a224cd45703728620200cf048d4fe"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F831c16ae-85e5-4da2-b22e-f840afcd3678.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (10988 bytes)
Hash
5a7ab95a69ddfa5014258076e66a6e19
1a54cca86788536002d6d18c5180ccf265ba1169
09348afd6055b26b5dba6f8f6ef763d52e6e040c039c6f763d64f71b8ca08d51

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F831c16ae-85e5-4da2-b22e-f840afcd3678.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10988
x-amzn-requestid: 67c03c6c-3896-4890-a75b-ecd7c1c1a4e9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e3foHG8tIAMF3XQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c61300-2de17e5b0225f9427c197bc5;Sampled=0
x-amzn-remapped-date: Tue, 17 Jan 2023 03:16:16 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: RlbJymJhU6Ti5RZCSIvPzloackAiBEBGapKI440u4ZIfB5FYBNugLw==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Sat, 21 Jan 2023 03:24:48 GMT
age: 56840
etag: "1a54cca86788536002d6d18c5180ccf265ba1169"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc1d34ea3-007b-405d-b0bb-99fdb4b08159.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.0 kB (5963 bytes)
Hash
447c7832b50421193a9b962e621d8379
eddd33bded6e9c705ed5f0aa2ed036faeefa388f
00946fa4ac2a2c6c23a22e1c5bf2d1d3871975c9730cf522fa7f937bb431e0ba

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc1d34ea3-007b-405d-b0bb-99fdb4b08159.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5963
x-amzn-requestid: ef0681fa-95e9-4c43-94b2-4ebb1ff652b1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e6x_OG3goAMF3wQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c76394-279293ff66d40dd65e0b8481;Sampled=0
x-amzn-remapped-date: Wed, 18 Jan 2023 03:12:20 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 5LBmRNL56mbOmY8ajrSlll2tfCxpMSlKDoym8YzJHUj3fF2Eq61TYw==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 21 Jan 2023 11:44:38 GMT
age: 26850
etag: "eddd33bded6e9c705ed5f0aa2ed036faeefa388f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb1122c75-908d-4e51-8a61-b64f7ab77c76.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.1 kB (7111 bytes)
Hash
f5195ac5d83278bed049661c0d1aaa4a
74b3e81e1dfc9f0a50aa936ba02b357c0df3aa9e
30af8f591b2d4f7c8de7d52ea53bb170ca426ef0550001c7802a7f993a6344df

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb1122c75-908d-4e51-8a61-b64f7ab77c76.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7111
x-amzn-requestid: d9b5e6b0-3995-4c70-be84-0b1b457b7143
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fAmRlHtkIAMFiGg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c9b73d-37d253ee68fe1b7e483097dd;Sampled=0
x-amzn-remapped-date: Thu, 19 Jan 2023 21:33:49 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 86-hgCgiYN-PYLZgXJO79kM9Vm6DIiRixaz-kQZFaY0m5481x8GWlw==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 20 Jan 2023 22:10:04 GMT
age: 75724
etag: "74b3e81e1dfc9f0a50aa936ba02b357c0df3aa9e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd52bd8cc-bd8d-41b6-8ab1-485e512fd00e.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.7 kB (4655 bytes)
Hash
95b85d1a68b345de03ba50469e93748c
0013c61dc65bc849fd182738c2d879e97aa379a6
ecc90632e243a7fe2fc43f66a2a8270332a5a678ddf9907dde636f704ad20cb2

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd52bd8cc-bd8d-41b6-8ab1-485e512fd00e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4655
x-amzn-requestid: 16417762-4656-41b9-a37a-2552e8587af9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fD5VNEhjoAMF4cw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cb08ed-1b2a54434b352e1275403361;Sampled=0
x-amzn-remapped-date: Fri, 20 Jan 2023 21:34:37 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: i7NV4FkVSk8-3hb_6pdn_dvYZb7gKMpWE3I9QRf2rO4uKE7Zihsoog==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 20 Jan 2023 21:40:03 GMT
age: 77525
etag: "0013c61dc65bc849fd182738c2d879e97aa379a6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

policityseriod.info/eHR3UVQjVkBiY0tGQXN4WlZbczYaRBQ0bRsSWmFhHhVaZTdMQVpobE5FWmdjHk1DMGNNF0Y3N1pYVWMxQBJFN2FKWU41Mh5ZQ2RhHVkWZWxNWU9kME0WEjMyTRJEaHZUVgQmdlRWBz44ERceJS0LEQU4OxxaHj8yF1Zbc2FWRlUM

103.224.212.220

302 Found

0 B

URL HTTP/1.1
policityseriod.info/eHR3UVQjVkBiY0tGQXN4WlZbczYaRBQ0bRsSWmFhHhVaZTdMQVpobE5FWmdjHk1DMGNNF0Y3N1pYVWMxQBJFN2FKWU41Mh5ZQ2RhHVkWZWxNWU9kME0WEjMyTRJEaHZUVgQmdlRWBz44ERceJS0LEQU4OxxaHj8yF1Zbc2FWRlUM
IP
103.224.212.220:0
ASN
#133618 Trellian Pty. Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /eHR3UVQjVkBiY0tGQXN4WlZbczYaRBQ0bRsSWmFhHhVaZTdMQVpobE5FWmdjHk1DMGNNF0Y3N1pYVWMxQBJFN2FKWU41Mh5ZQ2RhHVkWZWxNWU9kME0WEjMyTRJEaHZUVgQmdlRWBz44ERceJS0LEQU4OxxaHj8yF1Zbc2FWRlUM HTTP/1.1
Host: policityseriod.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
date: Sat, 21 Jan 2023 19:12:07 GMT
server: Apache/2.4.38 (Debian)
set-cookie: __tad=1674328327.4697664; expires=Tue, 18-Jan-2033 19:12:07 GMT; Max-Age=315360000
location: http://ww25.policityseriod.info/eHR3UVQjVkBiY0tGQXN4WlZbczYaRBQ0bRsSWmFhHhVaZTdMQVpobE5FWmdjHk1DMGNNF0Y3N1pYVWMxQBJFN2FKWU41Mh5ZQ2RhHVkWZWxNWU9kME0WEjMyTRJEaHZUVgQmdlRWBz44ERceJS0LEQU4OxxaHj8yF1Zbc2FWRlUM?subid1=20230122-0612-0751-bfa1-1b6f34b7b48f
content-length: 0
content-type: text/html; charset=UTF-8
connection: close

policityseriod.info/

103.224.212.220

302 Found

834 B

URL HTTP/1.1
policityseriod.info/
IP
103.224.212.220:0
ASN
#133618 Trellian Pty. Limited

File type
gzip compressed data, max compression\012- data
Size
834 B (834 bytes)
Hash
c48bf48275329e2407609463230f4f96
baed41c5e93538d5b794acac64f56c02f24697e8
a6a6485c551d9e7c3a2d91fa1f2eae5abba9b304afea958a5808b965ea3790cf

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

POST / HTTP/1.1
Host: policityseriod.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 746
Origin: https://bayfiles.com
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 302 Found
date: Sat, 21 Jan 2023 19:12:08 GMT
server: Apache/2.4.38 (Debian)
set-cookie: __tad=1674328328.3073365; expires=Tue, 18-Jan-2033 19:12:08 GMT; Max-Age=315360000
location: http://ww25.policityseriod.info/?subid1=20230122-0612-08c0-8b85-c1b34301dba7
content-length: 0
content-type: text/html; charset=UTF-8
connection: close

policityseriod.info/

103.224.212.220

302 Found

0 B

URL HTTP/1.1
policityseriod.info/
IP
103.224.212.220:0
ASN
#133618 Trellian Pty. Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

POST / HTTP/1.1
Host: policityseriod.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bayfiles.com/
Content-Type: text/plain;charset=UTF-8
Origin: https://bayfiles.com
Content-Length: 354
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 302 Found
date: Sat, 21 Jan 2023 19:12:08 GMT
server: Apache/2.4.38 (Debian)
set-cookie: __tad=1674328328.4719443; expires=Tue, 18-Jan-2033 19:12:08 GMT; Max-Age=315360000
location: http://ww25.policityseriod.info/?subid1=20230122-0612-081c-9f58-278cec4af2fe
content-length: 0
content-type: text/html; charset=UTF-8
connection: close

policityseriod.info/

103.224.212.220

302 Found

0 B

URL HTTP/1.1
policityseriod.info/
IP
103.224.212.220:0
ASN
#133618 Trellian Pty. Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

POST / HTTP/1.1
Host: policityseriod.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bayfiles.com/
Content-Type: text/plain;charset=UTF-8
Origin: https://bayfiles.com
Content-Length: 356
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 302 Found
date: Sat, 21 Jan 2023 19:12:08 GMT
server: Apache/2.4.38 (Debian)
set-cookie: __tad=1674328328.8360210; expires=Tue, 18-Jan-2033 19:12:08 GMT; Max-Age=315360000
location: http://ww25.policityseriod.info/?subid1=20230122-0612-0843-a216-ccaa6aee44ed
content-length: 0
content-type: text/html; charset=UTF-8
connection: close

policityseriod.info/

103.224.212.220

302 Found

0 B

URL HTTP/1.1
policityseriod.info/
IP
103.224.212.220:0
ASN
#133618 Trellian Pty. Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

POST / HTTP/1.1
Host: policityseriod.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 396
Origin: https://bayfiles.com
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 302 Found
date: Sat, 21 Jan 2023 19:12:09 GMT
server: Apache/2.4.38 (Debian)
set-cookie: __tad=1674328329.4855508; expires=Tue, 18-Jan-2033 19:12:09 GMT; Max-Age=315360000
location: http://ww25.policityseriod.info/?subid1=20230122-0612-094e-ab88-b757bb618834
content-length: 0
content-type: text/html; charset=UTF-8
connection: close

policityseriod.info/

103.224.212.220

302 Found

0 B

URL HTTP/1.1
policityseriod.info/
IP
103.224.212.220:0
ASN
#133618 Trellian Pty. Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

POST / HTTP/1.1
Host: policityseriod.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 393
Origin: https://bayfiles.com
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 302 Found
date: Sat, 21 Jan 2023 19:12:09 GMT
server: Apache/2.4.38 (Debian)
set-cookie: __tad=1674328329.2895990; expires=Tue, 18-Jan-2033 19:12:09 GMT; Max-Age=315360000
location: http://ww25.policityseriod.info/?subid1=20230122-0612-09eb-a3a4-57c3871d5cba
content-length: 0
content-type: text/html; charset=UTF-8
connection: close

policityseriod.info/

103.224.212.220

302 Found

0 B

URL HTTP/1.1
policityseriod.info/
IP
103.224.212.220:0
ASN
#133618 Trellian Pty. Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

POST / HTTP/1.1
Host: policityseriod.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bayfiles.com/
Content-Type: text/plain;charset=UTF-8
Origin: https://bayfiles.com
Content-Length: 357
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 302 Found
date: Sat, 21 Jan 2023 19:12:09 GMT
server: Apache/2.4.38 (Debian)
set-cookie: __tad=1674328329.3199544; expires=Tue, 18-Jan-2033 19:12:09 GMT; Max-Age=315360000
location: http://ww25.policityseriod.info/?subid1=20230122-0612-091a-80e6-6284a1ea4bae
content-length: 0
content-type: text/html; charset=UTF-8
connection: close

policityseriod.info/

103.224.212.220

302 Found

0 B

URL HTTP/1.1
policityseriod.info/
IP
103.224.212.220:0
ASN
#133618 Trellian Pty. Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

POST / HTTP/1.1
Host: policityseriod.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 744
Origin: https://bayfiles.com
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 302 Found
date: Sat, 21 Jan 2023 19:12:09 GMT
server: Apache/2.4.38 (Debian)
set-cookie: __tad=1674328329.6661530; expires=Tue, 18-Jan-2033 19:12:09 GMT; Max-Age=315360000
location: http://ww25.policityseriod.info/?subid1=20230122-0612-097d-9d88-c595b36f4dd0
content-length: 0
content-type: text/html; charset=UTF-8
connection: close

www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp

31.13.72.36

200 OK

0 B

URL HTTP/2
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP
31.13.72.36:0
ASN
#32934 FACEBOOK

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bayfiles.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}, {"max_age":3600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}],"group":"network-errors"}
nel: {"report_to":"network-errors","max_age":3600,"failure_fraction":0.01}
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: 5x3QUvn/HChB9ZDQVRWqyjNOJpnjwBZXoFFwIlp+cl3TN2AhKpmJ6hk0sGpU5hgiUFU+N+GHmwdsKjk5D6qITQ==
date: Sat, 21 Jan 2023 19:12:07 GMT
priority: u=3,i
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

accounts.google.com/v3/signin/identifier?dsh=S-704365115%3A1674328327521193&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHfYI5vgqfjAxHCRYZWzFPIMC0aawhVqq8Fkh_nyvLmfIAkLjdSe9DezfqsXqW2msPbG6sHy4w

142.250.74.45

403 Forbidden

0 B

URL HTTP/2
accounts.google.com/v3/signin/identifier?dsh=S-704365115%3A1674328327521193&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHfYI5vgqfjAxHCRYZWzFPIMC0aawhVqq8Fkh_nyvLmfIAkLjdSe9DezfqsXqW2msPbG6sHy4w
IP
142.250.74.45:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /v3/signin/identifier?dsh=S-704365115%3A1674328327521193&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHfYI5vgqfjAxHCRYZWzFPIMC0aawhVqq8Fkh_nyvLmfIAkLjdSe9DezfqsXqW2msPbG6sHy4w HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bayfiles.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 21 Jan 2023 19:12:07 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-security-policy: script-src 'nonce-pOoTWG3irUK5PCe29QSFew' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

pogothere.xyz/asd100.bin

172.64.133.29

200 OK

0 B

URL HTTP/2
pogothere.xyz/asd100.bin
IP
172.64.133.29:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bayfiles.com/
Origin: https://bayfiles.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 21 Jan 2023 19:12:07 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://bayfiles.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 1141
last-modified: Sat, 21 Jan 2023 18:53:06 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a9szY49cYd%2BlmxWqtFISTpGWTQBqxSzym24n4yG%2FDrq6JQJtoJUMdU2cBkKK4jHFZXCjMOJPkDtbUYW1KUv0%2Bo8C7gvlp%2ByEaInMZV34OsdiJUkd68nbiKHq6lWdiuM2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78d25c0ef9897725-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (14)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL