www.upload.ee/download/15073385/1f2806f3b5d61cadc485/Desktop.zip
51.91.30.159302 Found 0 B URL HTTP/1.1 www.upload.ee/download/15073385/1f2806f3b5d61cadc485/Desktop.zip
IP 51.91.30.159:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /download/15073385/1f2806f3b5d61cadc485/Desktop.zip HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Server: nginx
Date: Fri, 31 Mar 2023 18:48:16 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Keep-Alive: timeout=5
Strict-Transport-Security: max-age=31536000
X-XSS-Protection: 1
Location: https://www.upload.ee/download/15073385/1f2806f3b5d61cadc485/Desktop.zip
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash cca063332ba9a89eadd62a8dd7f81a9b
d473b2a7a32c964599ff3bac8f98fa578f03d1d1
02fb74c7c695ad99f7f2fd7c02ae2b88e2da1c5db339f883333d9090291931dc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "02FB74C7C695AD99F7F2FD7C02AE2B88E2DA1C5DB339F883333D9090291931DC"
Last-Modified: Wed, 29 Mar 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10392
Expires: Fri, 31 Mar 2023 21:41:28 GMT
Date: Fri, 31 Mar 2023 18:48:16 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7af19a5145a4ee99bdf18831bad04bfd
7bdd2a4785b999ef54a2644211d2b2b7190fb8e1
3237bf0111ecdec3615c4d2d49a602f48f800335d0194f52b600bdaefbd63ed0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3237BF0111ECDEC3615C4D2D49A602F48F800335D0194F52B600BDAEFBD63ED0"
Last-Modified: Thu, 30 Mar 2023 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15327
Expires: Fri, 31 Mar 2023 23:03:43 GMT
Date: Fri, 31 Mar 2023 18:48:16 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash ed282214b024a7895d90e229e92bb1cc
1f447aa59287ce2b45860a1a909d005a41305f77
a35ae9f89cbc77ed5fe849acdc2701592799c335f2674776d69c25bca0a00c2e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Type, Alert, Retry-After, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 31 Mar 2023 18:16:12 GMT
content-type: application/json
age: 1925
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 374c9e295a804e605c402f48ae7e2446
967394b36ecdff2dd32842f878887f061024c6b3
7652dfcb9e2d620ce1d033be8ecc53166d2881154c15decd60899415e5ac2706
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7652DFCB9E2D620CE1D033BE8ECC53166D2881154C15DECD60899415E5AC2706"
Last-Modified: Thu, 30 Mar 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9042
Expires: Fri, 31 Mar 2023 21:18:59 GMT
Date: Fri, 31 Mar 2023 18:48:17 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e7bace7c1e04d44012e37ddffe36e5d5
3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2
6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: hM8Lj4S8klvG46l/m2zx5o5IKIyckeKS3yMduhXw+mW7Or7JxHxoxx6SEQzkM1H9ObDRcjhPz6w=
x-amz-request-id: 38ZKZNZ9SKK0JR77
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 31 Mar 2023 18:12:17 GMT
age: 2160
last-modified: Sat, 11 Mar 2023 16:53:15 GMT
etag: "e7bace7c1e04d44012e37ddffe36e5d5"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
192.229.221.95200 OK 727 B IP 192.229.221.95:0
Hash bd394af40958e07236e086c81b8da594
3b3b0133903a349d6eff757f6687ae836d337d91
c4d58887dfad085929b80e68e2a69aad6340da3af347cb2a22554a25640c87aa
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5064
Cache-Control: max-age=136881
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 18:48:17 GMT
Etag: "64268ada-2d7"
Expires: Sun, 02 Apr 2023 08:49:38 GMT
Last-Modified: Fri, 31 Mar 2023 07:25:14 GMT
Server: ECAcc (ska/F776)
X-Cache: HIT
Content-Length: 727
www.upload.ee/download/15073385/1f2806f3b5d61cadc485/Desktop.zip
51.91.30.159404 Not Found 403 B URL HTTP/1.1 www.upload.ee/download/15073385/1f2806f3b5d61cadc485/Desktop.zip
IP 51.91.30.159:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (403), with no line terminators
Hash 53c76631704adc7a80e68542740cbef8
1a9d7e0b9efbbf04b0d37a33b8ba6409c95f556e
ddcf6f31d913b37e82f126aee3ed0ed070516f779f05d18d203d93847aa02cfa
GET /download/15073385/1f2806f3b5d61cadc485/Desktop.zip HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 404 Not Found
Server: nginx
Date: Fri, 31 Mar 2023 18:48:17 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 403
Connection: keep-alive
Keep-Alive: timeout=5
Strict-Transport-Security: max-age=31536000
X-XSS-Protection: 1
P3P: CP="CAO PSA OUR"
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 18:48:17 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
www.upload.ee/files/15073385/Desktop.zip.html?msg=sess_error
51.91.30.159200 OK 8.9 kB URL HTTP/1.1 www.upload.ee/files/15073385/Desktop.zip.html?msg=sess_error
IP 51.91.30.159:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4526)
Hash 4fe96b208baf2fde50b84aeb456ed7ed
6e31aaef517fd9aa4b02dc3e2a505649e2427d60
569abe2b8fb78f0086ae666afbcfb5191e95303ce7f3475dcddb32d6d1e64d8c
GET /files/15073385/Desktop.zip.html?msg=sess_error HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload.ee/download/15073385/1f2806f3b5d61cadc485/Desktop.zip
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 31 Mar 2023 18:48:17 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 8922
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Fri, 31 Mar 2023 21:48:17 +0300
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Strict-Transport-Security: max-age=31536000
X-XSS-Protection: 1
P3P: CP="CAO PSA OUR"
Set-Cookie: lng=eng; expires=Fri, 28-Apr-2023 18:48:17 GMT; path=/; domain=www.upload.ee; secure; httponly; SameSite=None
Content-Encoding: gzip
www.upload.ee/static/ubr__style.css
51.91.30.159200 OK 2.9 kB URL HTTP/1.1 www.upload.ee/static/ubr__style.css
IP 51.91.30.159:0
File type ASCII text, with very long lines (591), with CRLF line terminators
Hash 7b736ade714db0c4ee6dbd432b2b1367
98b85ea1586315cba25380eca3c9785820a23042
e3d11bbf89fb8f84070b6616e4f422eef0182dbf937f0398d0d2c779509b07a1
GET /static/ubr__style.css HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload.ee/files/15073385/Desktop.zip.html?msg=sess_error
Cookie: lng=eng
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 31 Mar 2023 18:48:17 GMT
Content-Type: text/css
Last-Modified: Fri, 04 Oct 2013 10:02:27 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
ETag: W/"524e9233-25a0"
Expires: Fri, 07 Apr 2023 18:48:17 GMT
Cache-Control: max-age=604800
Vary: Accept-Encoding
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash fc0bc67cb73720019a64ebe2e6cc00a8
1caa960bc9bf478f88d9401ac9784d42641f513e
a8053d663c8bfb024620c710e40c226c0fc1c82620c511ffed5379ad4191acd9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 18:48:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.upload.ee/js/js__file_upload.js
51.91.30.159200 OK 27 kB URL HTTP/1.1 www.upload.ee/js/js__file_upload.js
IP 51.91.30.159:0
File type Unicode text, UTF-8 text, with very long lines (1853)
Hash 617f6d5a2744bc8c02e3d2c67544bd68
f57c068257c8bc85644d3be1e845c36506cd4625
62a3bb4d9d2b5a55b6d821a75d7b155fac47def3c241e4f1215d17e022f02658
GET /js/js__file_upload.js HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload.ee/files/15073385/Desktop.zip.html?msg=sess_error
Cookie: lng=eng
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 31 Mar 2023 18:48:17 GMT
Content-Type: application/javascript
Content-Length: 27351
Last-Modified: Thu, 07 May 2020 19:13:28 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "5eb45dd8-6ad7"
Expires: Fri, 07 Apr 2023 18:48:17 GMT
Cache-Control: max-age=604800
Vary: Accept-Encoding
Accept-Ranges: bytes
www.upload.ee/images/arrow.gif
51.91.30.159200 OK 59 B URL HTTP/1.1 www.upload.ee/images/arrow.gif
IP 51.91.30.159:0
File type GIF image data, version 89a, 6 x 9\012- data
Hash 6675f814b94f13f91f1383707b250e36
31452650e8fce2095613a2010799bdb7548bdd51
061d01a0b85f948c6ec464870ecec4654c4bd2ff15cacda941bbbf16225ec411
GET /images/arrow.gif HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload.ee/files/15073385/Desktop.zip.html?msg=sess_error
Cookie: lng=eng
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 31 Mar 2023 18:48:17 GMT
Content-Type: image/gif
Content-Length: 59
Last-Modified: Sun, 14 Apr 2013 07:15:01 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "516a5775-3b"
Expires: Fri, 07 Apr 2023 18:48:17 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes
www.upload.ee/images/dl_.png
51.91.30.159200 OK 1.9 kB URL HTTP/1.1 www.upload.ee/images/dl_.png
IP 51.91.30.159:0
File type PNG image data, 154 x 32, 8-bit colormap, non-interlaced\012- data
Hash f3e8f284a4e98cdb91b6abfc142d94a4
fa9e618c2f56bea752ddd7e45a372c5539dadda9
2f13919383f54ca21e5b87f5644df8a875b99815c821dcbbabea352d854c6882
GET /images/dl_.png HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload.ee/files/15073385/Desktop.zip.html?msg=sess_error
Cookie: lng=eng
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 31 Mar 2023 18:48:17 GMT
Content-Type: image/png
Content-Length: 1900
Last-Modified: Thu, 01 Dec 2016 09:37:27 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "583fef57-76c"
Expires: Fri, 07 Apr 2023 18:48:17 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes
www.googletagmanager.com/gtag/js?id=UA-6703115-1
142.250.74.72200 OK 46 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-6703115-1
IP 142.250.74.72:0
File type ASCII text, with very long lines (2206)
Hash ffa76e906a5fe36ef30e0f5268f8e609
92fdfbf496426f6a33e7c4aaebe6d8e675f1c751
5b0fc8d25d28b5d46ab75cbd391aee106ef7a8e9a0eb52ad8fe726add075bda4
GET /gtag/js?id=UA-6703115-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 31 Mar 2023 18:48:17 GMT
expires: Fri, 31 Mar 2023 18:48:17 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 46093
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash fc0bc67cb73720019a64ebe2e6cc00a8
1caa960bc9bf478f88d9401ac9784d42641f513e
a8053d663c8bfb024620c710e40c226c0fc1c82620c511ffed5379ad4191acd9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 18:48:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
s7.addthis.com/js/250/addthis_widget.js?pub=uploadee
23.38.200.123200 OK 116 kB URL HTTP/2 s7.addthis.com/js/250/addthis_widget.js?pub=uploadee
IP 23.38.200.123:0
File type ASCII text, with very long lines (54602)
Size 116 kB (116423 bytes)
Hash d5b9b7a3accd3b7b7de639c072ae3ee2
9583b5c046d78af5c6379d844219f828aa2222d0
648dad6716bb917c7d981e7772fca499d9583717fd83ffef47b0534cb9132b60
GET /js/250/addthis_widget.js?pub=uploadee HTTP/1.1
Host: s7.addthis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.15.8
content-type: application/javascript
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
etag: W/"5f971164-5834c"
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
content-length: 116423
date: Fri, 31 Mar 2023 18:48:17 GMT
vary: Accept-Encoding
x-distribution: 99
x-host: s7.addthis.com
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: ETag, Last-Modified, Expires, Retry-After, Cache-Control, Alert, Backoff, Pragma, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 31 Mar 2023 18:17:26 GMT
age: 1851
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
s7.addthis.com/static/btn/lg-share-en.gif
23.38.200.123200 OK 596 B URL HTTP/2 s7.addthis.com/static/btn/lg-share-en.gif
IP 23.38.200.123:0
File type GIF image data, version 89a, 125 x 16\012- data
Hash 212668d558dfda57c80995d818ad9d39
f5c7e2ed67eeba644dc220e8ba32956bcf413eb9
8d261abb1cdf02888b9a1f12cf9694e7ec7e93d7da3e8f20e2907af422327489
GET /static/btn/lg-share-en.gif HTTP/1.1
Host: s7.addthis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.15.8
content-type: image/gif
content-length: 596
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
etag: "5f971164-254"
timing-allow-origin: *
cache-control: public, max-age=86313600
accept-ranges: bytes
strict-transport-security: max-age=15724800; includeSubDomains
date: Fri, 31 Mar 2023 18:48:17 GMT
x-host: s7.addthis.com
X-Firefox-Spdy: h2
s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
23.38.200.123200 OK 26 kB URL HTTP/2 s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
IP 23.38.200.123:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (63757)
Hash 707317ccaabe08d32d1bd781754e6871
bb82dcd3e044c960e0861c2ce878f5504e628f78
d0a164ece41c61aec26517fb645646f5ba91f72ea5448eff1ee6c393b7c53051
GET /static/sh.f48a1a04fe8dbf021b4cda1d.html HTTP/1.1
Host: s7.addthis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload.ee/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.15.8
content-type: text/html
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
etag: W/"5f971164-11adc"
timing-allow-origin: *
cache-control: public, max-age=86313600
p3p: CP="NON ADM OUR DEV IND COM STA"
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
content-length: 26421
date: Fri, 31 Mar 2023 18:48:17 GMT
vary: Accept-Encoding
x-host: s7.addthis.com
X-Firefox-Spdy: h2
z.moatads.com/addthismoatframe568911941483/moatframe.js
23.38.201.146200 OK 948 B URL HTTP/2 z.moatads.com/addthismoatframe568911941483/moatframe.js
IP 23.38.201.146:0
File type ASCII text, with very long lines (523)
Hash f14b4e1f799b14f798a195f43cf58376
b6fd3b3d407fb4c0a00fb8a31862235e2a6e0a86
92ed3e9fda5fa4d738ff4d9023846b56633617363dda6a750cacb4fba53241ac
GET /addthismoatframe568911941483/moatframe.js HTTP/1.1
Host: z.moatads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: e0HboiVQpjIDEK8WTxqU5+8G8wOtu9bNCFY72alTHLP0/Yb+qoiTOxu6fad89ebRofzHxENxOOg=
x-amz-request-id: 61EC92F13BB22DD4
last-modified: Fri, 08 Nov 2019 20:13:52 GMT
etag: "f14b4e1f799b14f798a195f43cf58376"
content-encoding: gzip
accept-ranges: bytes
content-type: application/x-javascript
content-length: 948
server: AmazonS3
vary: Accept-Encoding
cache-control: max-age=39164
date: Fri, 31 Mar 2023 18:48:17 GMT
X-Firefox-Spdy: h2
www.upload.ee/favicon.ico
51.91.30.159200 OK 1.2 kB URL HTTP/1.1 www.upload.ee/favicon.ico
IP 51.91.30.159:0
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash f299cf2e651c19e48d27900ced493ccb
c2d1086d517d7a26292e0d7b32da7c55b166c23b
115c8eb4840245f7aed0cb2a17fa7e91b86f79bb2f223a25af8cc533e1dedff1
GET /favicon.ico HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload.ee/files/15073385/Desktop.zip.html?msg=sess_error
Cookie: lng=eng; __atuvc=1%7C13; __atuvs=64272af072da61d0000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 31 Mar 2023 18:48:17 GMT
Content-Type: image/x-icon
Content-Length: 1150
Last-Modified: Tue, 16 Dec 2008 17:17:25 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "4947e2a5-47e"
Expires: Fri, 07 Apr 2023 18:48:17 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 4eec701fec69b73ab6ff1af2c178806f
5de0d4c444297364831a311b4c13954aa31976b0
fda1ec0d2c39aafdb994d336b4d8b5d819fcd064a64b43649598609dac04f512
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 18:48:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
v1.addthisedge.com/live/boost/uploadee/_ate.track.config_resp
23.38.200.123200 OK 47 B URL HTTP/2 v1.addthisedge.com/live/boost/uploadee/_ate.track.config_resp
IP 23.38.200.123:0
File type ASCII text, with no line terminators
Hash 24c668b115f75423506f2ea21d1b49c2
14f956ddb2d9e8b072cd5f605c3f39526490b391
b542daef470a9730029174f975ce3ce236b3e58bf9183b11956acce994b13a16
GET /live/boost/uploadee/_ate.track.config_resp HTTP/1.1
Host: v1.addthisedge.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript;charset=utf-8
content-disposition: attachment; filename=1.txt
content-encoding: gzip
content-length: 47
cache-control: public, max-age=33, s-maxage=86400
date: Fri, 31 Mar 2023 18:48:17 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
216.58.211.2200 OK 48 kB URL HTTP/2 pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
IP 216.58.211.2:0
File type ASCII text, with very long lines (3599)
Hash 9182954b36576d687826219bb431dad5
4fca6296e5e0e85041bc7378dafec3eadfb1b97d
3e3ec006ada1b23f44045c13cd6a8eac8d3f4592cda59a35cc29e079e3e89ae4
GET /pagead/js/adsbygoogle.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Fri, 31 Mar 2023 18:48:17 GMT
expires: Fri, 31 Mar 2023 18:48:17 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 6858307887403135235
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 48340
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 782ca4845ea5e0ec981e33231b1e61cb
032116b75e124c57877524e9e4f523b6d7c65820
94d007862fc7a4cd67f582ff22f2339619177435559c1dd5075a08c7240f3520
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "94D007862FC7A4CD67F582FF22F2339619177435559C1DD5075A08C7240F3520"
Last-Modified: Wed, 29 Mar 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2203
Expires: Fri, 31 Mar 2023 19:25:01 GMT
Date: Fri, 31 Mar 2023 18:48:18 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash e8df31f5ac474adbf58cfa599304bcae
c3001e355800deb24f04a565cc1ccb1131c1eadc
da2ed2c8207f9290413bf7d38a0957f48cc524c6afe7b481b77a84930c7a9e38
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 18:48:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
m.addthis.com/live/red_lojson/300lo.json?si=64272af0f92091d4&bkl=0&bl=1&pdt=179&sid=64272af0f92091d4&pub=uploadee&rev=v8.28.8-wp&ln=en&pc=men&cb=0&ab=-&dp=www.upload.ee&fp=files%2F15073385%2FDesktop.zip.html%3Fmsg%3Dsess_error&fr=download%2F15073385%2F1f2806f3b5d61cadc485%2FDesktop.zip&of=0&pd=0&irt=0&vcl=0&md=0&ct=1&tct=0&abt=0&cdn=0&pi=1&rb=2&gen=100&chr=UTF-8&mk=upload%2Cfiles%2Cdownload%2Cfailid%2Chosting%2Cgaleriid%2Cgalleries%2Cvideo%2Cpilt%2Cimage%2Ctasuta%20upload%2Cupload%20clipboard%2Ceestimaine%20upload%2Cpiltide%20upload&colc=1680288497020&jsl=0&uvs=64272af072da61d0000&skipb=1&callback=addthis.cbs.jsonp__62814695314585270
23.38.200.123200 OK 89 B URL HTTP/2 m.addthis.com/live/red_lojson/300lo.json?si=64272af0f92091d4&bkl=0&bl=1&pdt=179&sid=64272af0f92091d4&pub=uploadee&rev=v8.28.8-wp&ln=en&pc=men&cb=0&ab=-&dp=www.upload.ee&fp=files%2F15073385%2FDesktop.zip.html%3Fmsg%3Dsess_error&fr=download%2F15073385%2F1f2806f3b5d61cadc485%2FDesktop.zip&of=0&pd=0&irt=0&vcl=0&md=0&ct=1&tct=0&abt=0&cdn=0&pi=1&rb=2&gen=100&chr=UTF-8&mk=upload%2Cfiles%2Cdownload%2Cfailid%2Chosting%2Cgaleriid%2Cgalleries%2Cvideo%2Cpilt%2Cimage%2Ctasuta%20upload%2Cupload%20clipboard%2Ceestimaine%20upload%2Cpiltide%20upload&colc=1680288497020&jsl=0&uvs=64272af072da61d0000&skipb=1&callback=addthis.cbs.jsonp__62814695314585270
IP 23.38.200.123:0
File type ASCII text, with no line terminators
Hash b267ade70a3fb7d0dedfe0df84e67d26
e171a2050f68ca5e1826fd94caa980eec8f14a4e
4a007ba5ecc711ed4ae3a60ade4adc1a41642c7a29bd49a3070d549e099ba272
GET /live/red_lojson/300lo.json?si=64272af0f92091d4&bkl=0&bl=1&pdt=179&sid=64272af0f92091d4&pub=uploadee&rev=v8.28.8-wp&ln=en&pc=men&cb=0&ab=-&dp=www.upload.ee&fp=files%2F15073385%2FDesktop.zip.html%3Fmsg%3Dsess_error&fr=download%2F15073385%2F1f2806f3b5d61cadc485%2FDesktop.zip&of=0&pd=0&irt=0&vcl=0&md=0&ct=1&tct=0&abt=0&cdn=0&pi=1&rb=2&gen=100&chr=UTF-8&mk=upload%2Cfiles%2Cdownload%2Cfailid%2Chosting%2Cgaleriid%2Cgalleries%2Cvideo%2Cpilt%2Cimage%2Ctasuta%20upload%2Cupload%20clipboard%2Ceestimaine%20upload%2Cpiltide%20upload&colc=1680288497020&jsl=0&uvs=64272af072da61d0000&skipb=1&callback=addthis.cbs.jsonp__62814695314585270 HTTP/1.1
Host: m.addthis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript;charset=utf-8
content-length: 89
cache-control: max-age=0, no-cache, no-store, no-transform
pragma: no-cache
content-disposition: attachment; filename=1.txt
date: Fri, 31 Mar 2023 18:48:18 GMT
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/html/r20230329/r20190131/zrt_lookup.html
142.250.74.130200 OK 4.5 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/html/r20230329/r20190131/zrt_lookup.html
IP 142.250.74.130:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3205)
Hash bad17ab9662318e8927e5009c83c2ad1
53ded630f95abe04b7b77d43076bf71b9ea71c02
68da39270ebfa6d17f4b765cbe004797a736611585ff0c53213d91f78f13c260
GET /pagead/html/r20230329/r20190131/zrt_lookup.html HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload.ee/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 4549
x-xss-protection: 0
date: Fri, 31 Mar 2023 02:50:55 GMT
expires: Fri, 14 Apr 2023 02:50:55 GMT
cache-control: public, max-age=1209600
age: 57443
etag: 2378337311435320485
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
142.250.74.110200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.110:0
File type ASCII text, with very long lines (1490)
Hash ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20085
date: Fri, 31 Mar 2023 18:05:12 GMT
expires: Fri, 31 Mar 2023 20:05:12 GMT
cache-control: public, max-age=7200
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 2586
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 7ea999a491ab4009f8658e78af2bfb94
f0cbd3d48c9081acfdeb53adf55135dba5bbe08b
d159c0baaa0869f3e69e16ea482178e6184d68cb6f5ae8a6156955488fd415fe
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 18:48:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
push.services.mozilla.com/
54.149.174.90101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.149.174.90:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: ttSDlkG6MLHU1b7xFKlOVQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: DWt3BiB7x1UcMPpk0f0mFv92Mho=
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash b3f59ff1fec36cad0249e88f19b0913f
da1527919e61fa348117cc8ebfb7b1eec2e55905
8165a8117a9763ed875eadbadeae41533204e63fb8d3379d1b36aaefd71175f8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 18:48:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
partner.googleadservices.com/gampad/cookie.js?domain=www.upload.ee&callback=_gfp_s_&client=ca-pub-5364884771898146
142.250.74.98200 OK 250 B URL HTTP/2 partner.googleadservices.com/gampad/cookie.js?domain=www.upload.ee&callback=_gfp_s_&client=ca-pub-5364884771898146
IP 142.250.74.98:0
File type ASCII text, with very long lines (385), with no line terminators
Hash 8c2e3e99f20fa06ef957198b6eb3ae87
04c815a56e3d25ea50ba8af716513a9dc5fe2bb0
ee8c505866b681d00141653de28b879882f7269d61c70b4b09fa2938097fff86
GET /gampad/cookie.js?domain=www.upload.ee&callback=_gfp_s_&client=ca-pub-5364884771898146 HTTP/1.1
Host: partner.googleadservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Fri, 31 Mar 2023 18:48:18 GMT
server: cafe
cache-control: private
content-length: 250
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash a013b8698c4ff7b527a98379d21f8d51
4cffc2d5925e6daea086b70fecc3e12fd2a75b8d
28f02fdf4c2167dbfc6bd7530f24586626b50b5440f4d1747d31be0d800946f7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 18:48:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.com/adsid/integrator.js?domain=www.upload.ee
142.250.74.98200 OK 100 B URL HTTP/2 adservice.google.com/adsid/integrator.js?domain=www.upload.ee
IP 142.250.74.98:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=www.upload.ee HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Fri, 31 Mar 2023 18:48:18 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 3c805a5c8d88d63e317a631e82533b14
c9c70d6d8c42c5690e57e1d3b0b6331a8b1ec1a7
4957e91e8473ee4aaf83db07185ba4a0eab8f9b5687d566e65cb5f4028071183
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 18:48:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash b3f59ff1fec36cad0249e88f19b0913f
da1527919e61fa348117cc8ebfb7b1eec2e55905
8165a8117a9763ed875eadbadeae41533204e63fb8d3379d1b36aaefd71175f8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 18:48:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.no/adsid/integrator.js?domain=www.upload.ee
142.250.74.34200 OK 100 B URL HTTP/2 adservice.google.no/adsid/integrator.js?domain=www.upload.ee
IP 142.250.74.34:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=www.upload.ee HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Fri, 31 Mar 2023 18:48:18 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash a013b8698c4ff7b527a98379d21f8d51
4cffc2d5925e6daea086b70fecc3e12fd2a75b8d
28f02fdf4c2167dbfc6bd7530f24586626b50b5440f4d1747d31be0d800946f7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 18:48:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 4950e24a0440a020b30c6874c98f75bd
3b15a0974242f132b9b2c664a19a3c3e37472cab
36fca91cbb3cce32e2754454af341bb4dec9bf5f202858cca1ce1397baf8a411
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 18:48:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-6703115-1&cid=328471681.1680288497&jid=807295405&gjid=30077783&_gid=1537296769.1680288497&_u=YADAAUAAAAAAACAAI~&z=2111842297
64.233.161.154200 OK 1 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-6703115-1&cid=328471681.1680288497&jid=807295405&gjid=30077783&_gid=1537296769.1680288497&_u=YADAAUAAAAAAACAAI~&z=2111842297
IP 64.233.161.154:0
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-6703115-1&cid=328471681.1680288497&jid=807295405&gjid=30077783&_gid=1537296769.1680288497&_u=YADAAUAAAAAAACAAI~&z=2111842297 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://www.upload.ee
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://www.upload.ee
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Fri, 31 Mar 2023 18:48:18 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
region1.google-analytics.com/g/collect?v=2&tid=G-LT9YQX0N49>m=45je33t0&_p=734022675&cid=328471681.1680288497&ul=en-us&sr=1280x1024&_s=1&sid=1680288497&sct=1&seg=0&dl=https%3A%2F%2Fwww.upload.ee%2Ffiles%2F15073385%2FDesktop.zip.html%3Fmsg%3Dsess_error&dr=https%3A%2F%2Fwww.upload.ee%2Fdownload%2F15073385%2F1f2806f3b5d61cadc485%2FDesktop.zip&dt=UPLOAD.EE%20-%20Desktop.zip%20-%20Download&en=page_view&_fv=1&_nsi=1&_ss=1
216.239.34.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-LT9YQX0N49>m=45je33t0&_p=734022675&cid=328471681.1680288497&ul=en-us&sr=1280x1024&_s=1&sid=1680288497&sct=1&seg=0&dl=https%3A%2F%2Fwww.upload.ee%2Ffiles%2F15073385%2FDesktop.zip.html%3Fmsg%3Dsess_error&dr=https%3A%2F%2Fwww.upload.ee%2Fdownload%2F15073385%2F1f2806f3b5d61cadc485%2FDesktop.zip&dt=UPLOAD.EE%20-%20Desktop.zip%20-%20Download&en=page_view&_fv=1&_nsi=1&_ss=1
IP 216.239.34.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-LT9YQX0N49>m=45je33t0&_p=734022675&cid=328471681.1680288497&ul=en-us&sr=1280x1024&_s=1&sid=1680288497&sct=1&seg=0&dl=https%3A%2F%2Fwww.upload.ee%2Ffiles%2F15073385%2FDesktop.zip.html%3Fmsg%3Dsess_error&dr=https%3A%2F%2Fwww.upload.ee%2Fdownload%2F15073385%2F1f2806f3b5d61cadc485%2FDesktop.zip&dt=UPLOAD.EE%20-%20Desktop.zip%20-%20Download&en=page_view&_fv=1&_nsi=1&_ss=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.upload.ee
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://www.upload.ee
date: Fri, 31 Mar 2023 18:48:18 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 19117005fc900e700ab942e4b13d0afe
2d48d3937bdc5baafcd2c82159cb3ce7c543ad19
6679b053adb36dbe2f2542b6a273eac279f6c83c11b5a0ae68098397069c9770
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6679B053ADB36DBE2F2542B6A273EAC279F6C83C11B5A0AE68098397069C9770"
Last-Modified: Thu, 30 Mar 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6719
Expires: Fri, 31 Mar 2023 20:40:17 GMT
Date: Fri, 31 Mar 2023 18:48:18 GMT
Connection: keep-alive
serving.bepolite.eu/script?space=50dd7b0f-4105-441f-8f60-18cc3fcb090c&type=direct&page_id=4664062&screen_width=1280&screen_height=939&os=Linux%20x86_64&refurl=https%3A%2F%2Fwww.upload.ee%2Fdownload%2F15073385%2F1f2806f3b5d61cadc485%2FDesktop.zip&pageurl=https%3A%2F%2Fwww.upload.ee%2Ffiles%2F15073385%2FDesktop.zip.html%3Fmsg%3Dsess_error&rnd=1680288497000
212.47.222.21200 OK 2.0 kB URL HTTP/2 serving.bepolite.eu/script?space=50dd7b0f-4105-441f-8f60-18cc3fcb090c&type=direct&page_id=4664062&screen_width=1280&screen_height=939&os=Linux%20x86_64&refurl=https%3A%2F%2Fwww.upload.ee%2Fdownload%2F15073385%2F1f2806f3b5d61cadc485%2FDesktop.zip&pageurl=https%3A%2F%2Fwww.upload.ee%2Ffiles%2F15073385%2FDesktop.zip.html%3Fmsg%3Dsess_error&rnd=1680288497000
IP 212.47.222.21:0
ASN #3327 CITIC Telecom CPC Netherlands B.V.
File type ASCII text, with very long lines (529)
Hash 8553c79f99dc9105a404e77721f1a0d2
149514aff7209822321df09953365a365b18243a
b143c84f9eb6494487004e0d3803b01bc172ae7b1791c7ccad3abb3232f457dc
GET /script?space=50dd7b0f-4105-441f-8f60-18cc3fcb090c&type=direct&page_id=4664062&screen_width=1280&screen_height=939&os=Linux%20x86_64&refurl=https%3A%2F%2Fwww.upload.ee%2Fdownload%2F15073385%2F1f2806f3b5d61cadc485%2FDesktop.zip&pageurl=https%3A%2F%2Fwww.upload.ee%2Ffiles%2F15073385%2FDesktop.zip.html%3Fmsg%3Dsess_error&rnd=1680288497000 HTTP/1.1
Host: serving.bepolite.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: private, must-revalidate, max-age=0
vary: accept-encoding
content-encoding: gzip
content-type: text/plain;charset=ISO-8859-1
date: Fri, 31 Mar 2023 18:46:32 GMT
set-cookie: bepolite_id=9c1790615a1f098de8666966690e69a4; Max-Age=7776000; Expires=Thu, 29-Jun-2023 18:46:32 GMT; SameSite=None; Secure
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 740657381
age: 0
via: 1.1 varnish (Varnish/6.2)
accept-ranges: bytes
content-length: 1962
server: lighttpd/1.4.64
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash c3c06bba432c9bc866fba0d88090e308
29dee4c56fb0eb12dabc038c45e96a614199c4e2
f321376ec7cf2941a7da65d6f9847d452e1dc5e44f2679a32ad26a2d6b77133a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 18:48:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
static.bepolite.eu/scripts/saresponsive.js
212.47.222.21200 OK 175 kB URL HTTP/2 static.bepolite.eu/scripts/saresponsive.js
IP 212.47.222.21:0
ASN #3327 CITIC Telecom CPC Netherlands B.V.
File type ASCII text, with very long lines (32077), with CRLF line terminators
Size 175 kB (174581 bytes)
Hash 5460c08214d99449b925ba6cba9044d4
61da313f0047e4ce6c97ad8b484f976ad51003ea
4ed2ec56f430465894d4a1f95c76f298d052084bffb775b3cb7685ad66c94c24
GET /scripts/saresponsive.js HTTP/1.1
Host: static.bepolite.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
accept-ranges: bytes
etag: "1269848699"
last-modified: Mon, 30 Jan 2023 22:16:03 GMT
content-length: 174581
date: Fri, 31 Mar 2023 18:46:32 GMT
server: lighttpd/1.4.55
cache-control: must-revalidate, private
expires: -1
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 710367388
age: 0
via: 1.1 varnish (Varnish/6.2)
X-Firefox-Spdy: h2
ocsp.r2m02.amazontrust.com/
54.230.80.227200 OK 471 B URL HTTP/1.1 ocsp.r2m02.amazontrust.com/
IP 54.230.80.227:0
Hash d640c6c0b93df457ead249d45f6ff35e
785048655901e84a3f1c2b26715db21849237bb4
bd83c584b399a86717aa8907f320b271a202c29aa066f685b5d378c71fde349f
POST / HTTP/1.1
Host: ocsp.r2m02.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=171589
Date: Fri, 31 Mar 2023 18:48:19 GMT
Etag: "64270d90-1d7"
Expires: Sun, 02 Apr 2023 18:28:08 GMT
Last-Modified: Fri, 31 Mar 2023 16:42:56 GMT
Server: ECAcc (dcb/7EFC)
X-Cache: Miss from cloudfront
Via: 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: sdCD3YpcZQKFiGN_3Ur_2gS3hU87IiQ9N_U80PscR_fkK5CNUktz2g==
Age: 6312
ocsp.digicert.com/
192.229.221.95200 OK 471 B IP 192.229.221.95:0
Hash 99b7b0f3b9863d2afef8f33f06535fd9
1ed3d74325212df10d7d321e785ae7076a74b37e
49515a0c8f3200d17e549bb667dc3cf8da82c479f6f9e89a2bc01f82fb1a5c88
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5896
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 18:48:19 GMT
Last-Modified: Fri, 31 Mar 2023 17:10:03 GMT
Server: ECAcc (ska/F756)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
192.229.221.95200 OK 471 B IP 192.229.221.95:0
Hash 99b7b0f3b9863d2afef8f33f06535fd9
1ed3d74325212df10d7d321e785ae7076a74b37e
49515a0c8f3200d17e549bb667dc3cf8da82c479f6f9e89a2bc01f82fb1a5c88
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4088
Cache-Control: max-age=90516
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 18:48:19 GMT
Etag: "6425d98f-1d7"
Expires: Sat, 01 Apr 2023 19:56:55 GMT
Last-Modified: Thu, 30 Mar 2023 18:48:47 GMT
Server: ECAcc (ska/F6AF)
X-Cache: HIT
Content-Length: 471
track.adform.net/adfscript/?bn=62173502;encodedclick=https://serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF3t2bs39IvmKcr8XCUTaq-27WviZIhHWujXnhsqexMFWsZikuIeVDKdyvgQgT22KzUbwswni0E7XZKsVyUaCd8Cbo7cZ6wOrpS5N85r_ypwm3jAh1MDYSFRuVyliGR1zLhcYteV6Vn1R43YCxi0CeC3zp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-0oyfkteWH25yyfzRpSHRvR0gffDh0sadcypdgCniKiH36kZIVEW1_2so0M4ZCfaena5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q&clink=
37.157.6.241200 OK 905 B URL HTTP/2 track.adform.net/adfscript/?bn=62173502;encodedclick=https://serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF3t2bs39IvmKcr8XCUTaq-27WviZIhHWujXnhsqexMFWsZikuIeVDKdyvgQgT22KzUbwswni0E7XZKsVyUaCd8Cbo7cZ6wOrpS5N85r_ypwm3jAh1MDYSFRuVyliGR1zLhcYteV6Vn1R43YCxi0CeC3zp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-0oyfkteWH25yyfzRpSHRvR0gffDh0sadcypdgCniKiH36kZIVEW1_2so0M4ZCfaena5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q&clink=
IP 37.157.6.241:0
File type ASCII text, with very long lines (561), with CRLF line terminators
Hash 8ad05b1768a422aa3b4b61ef5f7a2c71
10792a1b9b5465b92754e58b96029300f32c404d
c5b4c9c125836b2b2dc57b41c0db05328227a6aded7210fc517ff68784eb4b91
GET /adfscript/?bn=62173502;encodedclick=https://serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF3t2bs39IvmKcr8XCUTaq-27WviZIhHWujXnhsqexMFWsZikuIeVDKdyvgQgT22KzUbwswni0E7XZKsVyUaCd8Cbo7cZ6wOrpS5N85r_ypwm3jAh1MDYSFRuVyliGR1zLhcYteV6Vn1R43YCxi0CeC3zp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-0oyfkteWH25yyfzRpSHRvR0gffDh0sadcypdgCniKiH36kZIVEW1_2so0M4ZCfaena5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q&clink= HTTP/1.1
Host: track.adform.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 18:48:19 GMT
content-type: text/javascript; charset=utf-8
content-length: 905
cache-control: no-cache, no-store, must-revalidate, no-transform
pragma: no-cache
content-encoding: gzip
expires: -1
vary: Accept-Encoding
access-control-allow-origin: *
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
set-cookie: C=1; domain=adform.net; expires=Sun, 30-Apr-2023 18:48:19 GMT; path=/
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
track.adform.net/adfscript/?bn=62303601;encodedclick=https://serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF3t2bs39IvmKcr8XCUTaq-27WviZIhHWujXnhsqexMFWsZikuIeVDKdyvgQgT22KzUbwswni0E7XZKsVyUaCd8Cbo7cZ6wOrpS5N85r_ypwm3jAh1MDYSFRuVyliGR1zLhcYteV6Vn1R43YCxi0CeC3zp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3FrDS8eKpw_FwZUgDxMcuLuinL2ANZvojTn9QkiOXNHnNqG_Xog_y5rQFzwn9EoU3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q&clink=
37.157.6.241200 OK 911 B URL HTTP/2 track.adform.net/adfscript/?bn=62303601;encodedclick=https://serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF3t2bs39IvmKcr8XCUTaq-27WviZIhHWujXnhsqexMFWsZikuIeVDKdyvgQgT22KzUbwswni0E7XZKsVyUaCd8Cbo7cZ6wOrpS5N85r_ypwm3jAh1MDYSFRuVyliGR1zLhcYteV6Vn1R43YCxi0CeC3zp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3FrDS8eKpw_FwZUgDxMcuLuinL2ANZvojTn9QkiOXNHnNqG_Xog_y5rQFzwn9EoU3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q&clink=
IP 37.157.6.241:0
File type ASCII text, with very long lines (561), with CRLF line terminators
Hash 64416671f8182d933f342a999494aa27
33c375be40ef3cecf3196cf2bcd71255e49da1b8
610ca5e10d223c607683b033ffff723a6e7658bb73c64994145b9bd774783c44
GET /adfscript/?bn=62303601;encodedclick=https://serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF3t2bs39IvmKcr8XCUTaq-27WviZIhHWujXnhsqexMFWsZikuIeVDKdyvgQgT22KzUbwswni0E7XZKsVyUaCd8Cbo7cZ6wOrpS5N85r_ypwm3jAh1MDYSFRuVyliGR1zLhcYteV6Vn1R43YCxi0CeC3zp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3FrDS8eKpw_FwZUgDxMcuLuinL2ANZvojTn9QkiOXNHnNqG_Xog_y5rQFzwn9EoU3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q&clink= HTTP/1.1
Host: track.adform.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 18:48:19 GMT
content-type: text/javascript; charset=utf-8
content-length: 911
cache-control: no-cache, no-store, must-revalidate, no-transform
pragma: no-cache
content-encoding: gzip
expires: -1
vary: Accept-Encoding
access-control-allow-origin: *
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
set-cookie: C=1; domain=adform.net; expires=Sun, 30-Apr-2023 18:48:19 GMT; path=/
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
banner.hookusbookus.com/config/config.js?v=1
18.196.163.104200 OK 75 B URL HTTP/2 banner.hookusbookus.com/config/config.js?v=1
IP 18.196.163.104:0
Hash ee16e21326dec006274a554647c4d759
8e4389c35e12ea6d1e4d7214c174fda343047865
5ccb649c18765165e7128191ea14ab53d8de87d6ad7eea29328b681d455d7a4f
GET /config/config.js?v=1 HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF3t2bs39IvmKcr8XCUTaq-27WviZIhHWujXnhsqexMFWsZikuIeVDKdyvgQgT22KzUbwswni0E7XZKsVyUaCd8Cbo7cZ6wOrpS5N85r_ypwm3jAh1MDYSFRuVyliGR1zLhcYteV6Vn1R43YCxi0CeC3zp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-0yWHtpVkHVFlQET7TPvwGdUCqaUrLvSlabHd6Rn1_xvCgKRsK9yKf7ApdJKQrLOova5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF3t2bs39IvmKcr8XCUTaq-27WviZIhHWujXnhsqexMFWsZikuIeVDKdyvgQgT22KzUbwswni0E7XZKsVyUaCd8Cbo7cZ6wOrpS5N85r_ypwm3jAh1MDYSFRuVyliGR1zLhcYteV6Vn1R43YCxi0CeC3zp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-0yWHtpVkHVFlQET7TPvwGdUCqaUrLvSlabHd6Rn1_xvCgKRsK9yKf7ApdJKQrLOova5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=19ca0706bf674a54a7c24ee15e7929c550dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 31 Mar 2023 18:48:19 GMT
content-type: application/javascript
content-length: 75
server: nginx/1.15.12
last-modified: Tue, 24 Jan 2023 14:19:47 GMT
etag: "63cfe903-4b"
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 14539c5e0ca6ce826e62bdadad738bbd
92ce1bbc7f338d3e48e35d637513ab0aba610a98
58e8d186f5d0531c2597d267b0a92bb46909e8fa162b2b5f7fa6e50b2e0af357
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "58E8D186F5D0531C2597D267B0A92BB46909E8FA162B2B5F7FA6E50B2E0AF357"
Last-Modified: Fri, 31 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9011
Expires: Fri, 31 Mar 2023 21:18:30 GMT
Date: Fri, 31 Mar 2023 18:48:19 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 14539c5e0ca6ce826e62bdadad738bbd
92ce1bbc7f338d3e48e35d637513ab0aba610a98
58e8d186f5d0531c2597d267b0a92bb46909e8fa162b2b5f7fa6e50b2e0af357
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "58E8D186F5D0531C2597D267B0A92BB46909E8FA162B2B5F7FA6E50B2E0AF357"
Last-Modified: Fri, 31 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9011
Expires: Fri, 31 Mar 2023 21:18:30 GMT
Date: Fri, 31 Mar 2023 18:48:19 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 14539c5e0ca6ce826e62bdadad738bbd
92ce1bbc7f338d3e48e35d637513ab0aba610a98
58e8d186f5d0531c2597d267b0a92bb46909e8fa162b2b5f7fa6e50b2e0af357
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "58E8D186F5D0531C2597D267B0A92BB46909E8FA162B2B5F7FA6E50B2E0AF357"
Last-Modified: Fri, 31 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9011
Expires: Fri, 31 Mar 2023 21:18:30 GMT
Date: Fri, 31 Mar 2023 18:48:19 GMT
Connection: keep-alive
banner.hookusbookus.com/assets/css/index_1000x200.css
18.196.163.104200 OK 12 kB URL HTTP/2 banner.hookusbookus.com/assets/css/index_1000x200.css
IP 18.196.163.104:0
Hash 6a0b7c5980a733e45b2b5624a407456e
ae4bb5060160832367d1bc436be291513190cb12
ebecf40f49671298024ae21918321c210858a4a148708dab1d17766deec91a0c
GET /assets/css/index_1000x200.css HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF3t2bs39IvmKcr8XCUTaq-27WviZIhHWujXnhsqexMFWsZikuIeVDKdyvgQgT22KzUbwswni0E7XZKsVyUaCd8Cbo7cZ6wOrpS5N85r_ypwm3jAh1MDYSFRuVyliGR1zLhcYteV6Vn1R43YCxi0CeC3zp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-0yWHtpVkHVFlQET7TPvwGdUCqaUrLvSlabHd6Rn1_xvCgKRsK9yKf7ApdJKQrLOova5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF3t2bs39IvmKcr8XCUTaq-27WviZIhHWujXnhsqexMFWsZikuIeVDKdyvgQgT22KzUbwswni0E7XZKsVyUaCd8Cbo7cZ6wOrpS5N85r_ypwm3jAh1MDYSFRuVyliGR1zLhcYteV6Vn1R43YCxi0CeC3zp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-0yWHtpVkHVFlQET7TPvwGdUCqaUrLvSlabHd6Rn1_xvCgKRsK9yKf7ApdJKQrLOova5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=19ca0706bf674a54a7c24ee15e7929c550dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 31 Mar 2023 18:48:19 GMT
content-type: text/css
server: nginx/1.15.12
last-modified: Fri, 17 Dec 2021 08:13:58 GMT
vary: Accept-Encoding
etag: W/"61bc46c6-1301"
content-encoding: gzip
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8b95f765-7590-4263-b0a3-4db9c87a60df.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8b95f765-7590-4263-b0a3-4db9c87a60df.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 424b55535e5fd622b2fc96aac1246324
cf7cf08aa8969a86bf03695af2129686fd62fe86
c4bb26a7b2c431282b53b4df9999b9cc8e61369a79c606688a76499b31a65127
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8b95f765-7590-4263-b0a3-4db9c87a60df.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 10271
x-amzn-requestid: db0d1fe4-060a-4e61-90f3-ec9befee1295
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CkBoXGh5oAMFfzw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6424afce-2e9251552b4acdcb19e02dfc;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Wed, 29 Mar 2023 21:38:22 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: 1cXec9_e-KpzyTwiHaNAaf0y5i12tw7BkZTXnduS5ek7yAAZ0LXTWw==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 d0387b833e3ca8cb748a1296b4b4bf2a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 30 Mar 2023 21:44:51 GMT
age: 75808
etag: "cf7cf08aa8969a86bf03695af2129686fd62fe86"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4de055bc-1569-4c9a-9ff5-b5ce7d869905.jpeg
34.120.237.76200 OK 4.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4de055bc-1569-4c9a-9ff5-b5ce7d869905.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 41f0baa1423dbd529f6c47bd51fe708f
f09b44f30b63f5e29dd247f592147ffc6b308e72
313b769259453565919ab14410faea927a23ad75636abc57851dfe67d43ea156
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4de055bc-1569-4c9a-9ff5-b5ce7d869905.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4370
x-amzn-requestid: 5791c184-d5eb-4666-bc94-f838cd0183af
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CnUllHrcIAMFSWA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64260156-15fb3d2f67359d6837df5d0d;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Thu, 30 Mar 2023 21:38:30 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: opMjAWEDBvz7pKcnuQrmD_7njQ0X28fR3Ngnoe7WI96zNNNt9oQL5A==
via: 1.1 99db15345b0e5e7ad9c267ae999b8cf4.cloudfront.net (CloudFront), 1.1 599f04a365a179d553682d476509c388.cloudfront.net (CloudFront), 1.1 google
date: Fri, 31 Mar 2023 09:17:34 GMT
age: 34245
etag: "f09b44f30b63f5e29dd247f592147ffc6b308e72"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fba3e3682-3d0e-4ac1-8330-9ea9ebe92041.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fba3e3682-3d0e-4ac1-8330-9ea9ebe92041.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0530376e431b6563796e4abb0db0bc4e
6921f4bd83a806e1ea8247854ad4c045fa7ee298
d6371c81d5494d5e50fd5cc1cfe1ce28213dfa70ea5a94df82c9f4b3e6430a53
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fba3e3682-3d0e-4ac1-8330-9ea9ebe92041.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10490
x-amzn-requestid: 0525e5c4-485e-47eb-ab95-1136e4d5c29a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CnUnTEztoAMFzMQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64260161-54b47454475ff6ee4d880534;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Thu, 30 Mar 2023 21:38:41 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: AdbJgoCBGJGvjP53lBj3_GWyuRF8O_fgNTPPEjUmFmyRxMQl2pgTzw==
via: 1.1 8f251d23da31b683c3c9d6fad6ca944c.cloudfront.net (CloudFront), 1.1 0bb842bd5868b86440983b936bb0adee.cloudfront.net (CloudFront), 1.1 google
date: Thu, 30 Mar 2023 21:54:29 GMT
age: 75230
etag: "6921f4bd83a806e1ea8247854ad4c045fa7ee298"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2cbd721e-872e-4eec-8eb5-363663d0ab36.jpeg
34.120.237.76200 OK 5.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2cbd721e-872e-4eec-8eb5-363663d0ab36.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8600e41520408df4865627256a0a0736
dffeaf1a8f73ae9f6247b9dc7f05301fefc00aef
9163d80d7b6087b804e6682a50d4f66339d339894cf1c5808f2e5c2e0b3de930
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2cbd721e-872e-4eec-8eb5-363663d0ab36.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5806
x-amzn-requestid: cee5b166-592b-405e-b5f1-e36eb249ec59
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CnUllFFooAMFQ2g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64260156-01840fa47177285667bca060;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Thu, 30 Mar 2023 21:38:30 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: Jktkwc3JLU31AY5B5pC5JTjPGARjflqoJRZiD6IpF5-10IO6UNlH_Q==
via: 1.1 88a7ff956a5b49ec3a35abfc0027af12.cloudfront.net (CloudFront), 1.1 adc2002956acc4d61bfbf3b973fdf246.cloudfront.net (CloudFront), 1.1 google
date: Thu, 30 Mar 2023 21:46:33 GMT
age: 75706
etag: "dffeaf1a8f73ae9f6247b9dc7f05301fefc00aef"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fccede828-1c24-4287-bb00-f793263370cf.jpeg
34.120.237.76200 OK 6.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fccede828-1c24-4287-bb00-f793263370cf.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8a2b8f737604b7983cf686c82599dc73
aa63be93c4cd641f09ce0d5144ef60aab21caed1
78835586bfd170fee7e6f70b2b426ed186f5aeae969459c6dcbf527ba9c0deec
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fccede828-1c24-4287-bb00-f793263370cf.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6380
x-amzn-requestid: 0a129a69-0720-47a0-8b0e-b3200de24204
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CnUn6E19IAMF9SQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64260165-564474a42e79d1dc4eb9558f;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Thu, 30 Mar 2023 21:38:45 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: 3paQf8BhyRcZoZNox8660Zyzz0WaiQxJuHmDbj4wpo-rgbDdkxrYgQ==
via: 1.1 b5695e36d7fbc522ece27885d73757ae.cloudfront.net (CloudFront), 1.1 b48dedcc55e63f14261aa92cf2d61522.cloudfront.net (CloudFront), 1.1 google
date: Thu, 30 Mar 2023 21:47:23 GMT
age: 75656
etag: "aa63be93c4cd641f09ce0d5144ef60aab21caed1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
banner.hookusbookus.com/assets/image/prices-bg-3.png
18.196.163.104200 OK 2.4 kB URL HTTP/2 banner.hookusbookus.com/assets/image/prices-bg-3.png
IP 18.196.163.104:0
File type PNG image data, 250 x 118, 8-bit/color RGBA, non-interlaced\012- data
Hash ef56eff9c1246b25c0088c156116ae05
21f5a8245443365c960a196d005277a3c5ef4709
be624625b85909d1b549672c0a13b167751f842e035c3156f1d5e4a1b677ce54
GET /assets/image/prices-bg-3.png HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://banner.hookusbookus.com/assets/css/index_1000x200.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 31 Mar 2023 18:48:19 GMT
content-type: image/png
content-length: 2442
server: nginx/1.15.12
last-modified: Thu, 22 Apr 2021 07:20:15 GMT
etag: "608123af-98a"
accept-ranges: bytes
X-Firefox-Spdy: h2
track.adform.net/adfserve/?CC=1&bn=62173502;encodedclick=https://serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF3t2bs39IvmKcr8XCUTaq-27WviZIhHWujXnhsqexMFWsZikuIeVDKdyvgQgT22KzUbwswni0E7XZKsVyUaCd8Cbo7cZ6wOrpS5N85r_ypwm3jAh1MDYSFRuVyliGR1zLhcYteV6Vn1R43YCxi0CeC3zp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-0oyfkteWH25yyfzRpSHRvR0gffDh0sadcypdgCniKiH36kZIVEW1_2so0M4ZCfaena5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q&clink=;js=1;adfxid=1x;9693;set=en-US|en-US|1280X1024|0|1000|200|24|8|3|7|0|0;cmpgdpr=;cmpgdprconsent=;fd=0|2&CREFURL=https%3A%2F%2Fwww.upload.ee%2Ffiles%2F15073385%2FDesktop.zip.html%3Fmsg%3Dsess_error
37.157.6.241200 OK 2.4 kB URL HTTP/2 track.adform.net/adfserve/?CC=1&bn=62173502;encodedclick=https://serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF3t2bs39IvmKcr8XCUTaq-27WviZIhHWujXnhsqexMFWsZikuIeVDKdyvgQgT22KzUbwswni0E7XZKsVyUaCd8Cbo7cZ6wOrpS5N85r_ypwm3jAh1MDYSFRuVyliGR1zLhcYteV6Vn1R43YCxi0CeC3zp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-0oyfkteWH25yyfzRpSHRvR0gffDh0sadcypdgCniKiH36kZIVEW1_2so0M4ZCfaena5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q&clink=;js=1;adfxid=1x;9693;set=en-US|en-US|1280X1024|0|1000|200|24|8|3|7|0|0;cmpgdpr=;cmpgdprconsent=;fd=0|2&CREFURL=https%3A%2F%2Fwww.upload.ee%2Ffiles%2F15073385%2FDesktop.zip.html%3Fmsg%3Dsess_error
IP 37.157.6.241:0
File type ASCII text, with very long lines (3047), with CRLF line terminators
Hash 5102dee7a6386305930cf98dccd60951
7fdbd3ab5c58f8c53676ba168cbe0beea040271e
4d88ab55f22dd0a66b424776d397cf17ca77f697c6ec10072c6a8e805c735bed
GET /adfserve/?CC=1&bn=62173502;encodedclick=https://serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF3t2bs39IvmKcr8XCUTaq-27WviZIhHWujXnhsqexMFWsZikuIeVDKdyvgQgT22KzUbwswni0E7XZKsVyUaCd8Cbo7cZ6wOrpS5N85r_ypwm3jAh1MDYSFRuVyliGR1zLhcYteV6Vn1R43YCxi0CeC3zp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-0oyfkteWH25yyfzRpSHRvR0gffDh0sadcypdgCniKiH36kZIVEW1_2so0M4ZCfaena5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q&clink=;js=1;adfxid=1x;9693;set=en-US|en-US|1280X1024|0|1000|200|24|8|3|7|0|0;cmpgdpr=;cmpgdprconsent=;fd=0|2&CREFURL=https%3A%2F%2Fwww.upload.ee%2Ffiles%2F15073385%2FDesktop.zip.html%3Fmsg%3Dsess_error HTTP/1.1
Host: track.adform.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 18:48:19 GMT
content-type: text/javascript; charset=utf-8
content-length: 2410
cache-control: no-cache, no-store, must-revalidate, no-transform
pragma: no-cache
content-encoding: gzip
expires: -1
vary: Accept-Encoding
access-control-allow-origin: *
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
track.adform.net/adfserve/?CC=1&bn=62303601;encodedclick=https://serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF3t2bs39IvmKcr8XCUTaq-27WviZIhHWujXnhsqexMFWsZikuIeVDKdyvgQgT22KzUbwswni0E7XZKsVyUaCd8Cbo7cZ6wOrpS5N85r_ypwm3jAh1MDYSFRuVyliGR1zLhcYteV6Vn1R43YCxi0CeC3zp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3FrDS8eKpw_FwZUgDxMcuLuinL2ANZvojTn9QkiOXNHnNqG_Xog_y5rQFzwn9EoU3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q&clink=;js=1;adfxid=2x;10620;set=en-US|en-US|1280X1024|0|1000|200|24|8|3|7|0|0;cmpgdpr=;cmpgdprconsent=;fd=0|2&CREFURL=https%3A%2F%2Fwww.upload.ee%2Ffiles%2F15073385%2FDesktop.zip.html%3Fmsg%3Dsess_error
37.157.6.241200 OK 2.4 kB URL HTTP/2 track.adform.net/adfserve/?CC=1&bn=62303601;encodedclick=https://serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF3t2bs39IvmKcr8XCUTaq-27WviZIhHWujXnhsqexMFWsZikuIeVDKdyvgQgT22KzUbwswni0E7XZKsVyUaCd8Cbo7cZ6wOrpS5N85r_ypwm3jAh1MDYSFRuVyliGR1zLhcYteV6Vn1R43YCxi0CeC3zp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3FrDS8eKpw_FwZUgDxMcuLuinL2ANZvojTn9QkiOXNHnNqG_Xog_y5rQFzwn9EoU3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q&clink=;js=1;adfxid=2x;10620;set=en-US|en-US|1280X1024|0|1000|200|24|8|3|7|0|0;cmpgdpr=;cmpgdprconsent=;fd=0|2&CREFURL=https%3A%2F%2Fwww.upload.ee%2Ffiles%2F15073385%2FDesktop.zip.html%3Fmsg%3Dsess_error
IP 37.157.6.241:0
File type ASCII text, with very long lines (3047), with CRLF line terminators
Hash f38532d5d5d437f01973e0ce21dd04ff
fafae25cec6ce9c98de51ef9387148e6504a7328
ab4e1ba2fea095d0ca699ae855fe02f9df482c674cec998a6a506355e9e3d7e7
GET /adfserve/?CC=1&bn=62303601;encodedclick=https://serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF3t2bs39IvmKcr8XCUTaq-27WviZIhHWujXnhsqexMFWsZikuIeVDKdyvgQgT22KzUbwswni0E7XZKsVyUaCd8Cbo7cZ6wOrpS5N85r_ypwm3jAh1MDYSFRuVyliGR1zLhcYteV6Vn1R43YCxi0CeC3zp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3FrDS8eKpw_FwZUgDxMcuLuinL2ANZvojTn9QkiOXNHnNqG_Xog_y5rQFzwn9EoU3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q&clink=;js=1;adfxid=2x;10620;set=en-US|en-US|1280X1024|0|1000|200|24|8|3|7|0|0;cmpgdpr=;cmpgdprconsent=;fd=0|2&CREFURL=https%3A%2F%2Fwww.upload.ee%2Ffiles%2F15073385%2FDesktop.zip.html%3Fmsg%3Dsess_error HTTP/1.1
Host: track.adform.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 18:48:19 GMT
content-type: text/javascript; charset=utf-8
content-length: 2425
cache-control: no-cache, no-store, must-revalidate, no-transform
pragma: no-cache
content-encoding: gzip
expires: -1
vary: Accept-Encoding
access-control-allow-origin: *
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
banner.hookusbookus.com/assets/fonts/greycliff-cf-regular.woff
18.196.163.104200 OK 53 kB URL HTTP/2 banner.hookusbookus.com/assets/fonts/greycliff-cf-regular.woff
IP 18.196.163.104:0
File type Web Open Font Format, TrueType, length 53104, version 1.500\012- data
Hash 4f5975fe17a8ca74963be0165ff6a443
4bca2ab6c3da2b6ae09602601adeac22e7a90381
5b8f98e0c93afef19bd64c3dea2a16d60dc1574e5a4a79b788ef03b9eb3c22df
GET /assets/fonts/greycliff-cf-regular.woff HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://banner.hookusbookus.com/assets/css/index_1000x200.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 31 Mar 2023 18:48:19 GMT
content-type: font/woff
content-length: 53104
server: nginx/1.15.12
last-modified: Thu, 22 Apr 2021 07:20:15 GMT
etag: "608123af-cf70"
accept-ranges: bytes
X-Firefox-Spdy: h2
s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.226/e/.gBBwCDA/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/ImageTag:types/Standard
37.157.2.248200 OK 94 kB URL HTTP/2 s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.226/e/.gBBwCDA/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/ImageTag:types/Standard
IP 37.157.2.248:0
Hash 7ec0060eea1fb509d7ef8eee2446157c
f87afc55d28b390e899d4b3513b9800fa536ae1b
b527600ce1034da4c814cc44403e1be2c09c3a9919795c6c2d2ed2d532c54df1
GET /stoat/626/s1.adform.net/load/v/0.0.226/e/.gBBwCDA/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/ImageTag:types/Standard HTTP/1.1
Host: s1.adform.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 18:48:19 GMT
content-type: text/javascript
vary: Accept-Encoding
access-control-allow-origin: *
last-modified: Wed, 21 Dec 2022 11:59:41 GMT
cache-control: public, max-age=100000
expires: Fri, 03 Feb 2023 15:58:42 GMT
x-cache-status: STALE
content-encoding: gzip
X-Firefox-Spdy: h2
s1.adform.net/Banners/57634741/57634741.jpg?bv=2
37.157.2.248200 OK 116 kB URL HTTP/2 s1.adform.net/Banners/57634741/57634741.jpg?bv=2
IP 37.157.2.248:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 1000x200, components 3\012- data
Size 116 kB (115597 bytes)
Hash 7d4a5156ccb10794d153ab801fcfbe89
73356559280b1064e427b59c4b6d21665248dcc3
76100c70b591abf19e757a62275d73f893d010ae4c76f4f8dd34c2e9f8a36b2a
GET /Banners/57634741/57634741.jpg?bv=2 HTTP/1.1
Host: s1.adform.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 18:48:19 GMT
content-type: image/jpeg
content-length: 115597
last-modified: Tue, 07 Mar 2023 10:07:08 GMT
x-rgw-object-type: Normal
etag: "7d4a5156ccb10794d153ab801fcfbe89"
x-amz-request-id: tx00000df885609e17372aa-006424e0e4-32957db0-default
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
cache-control: public, max-age=604800
x-cache-status: STALE
accept-ranges: bytes
X-Firefox-Spdy: h2
tpc.googlesyndication.com/sodar/sodar2.js
142.250.74.161200 OK 6.4 kB URL HTTP/2 tpc.googlesyndication.com/sodar/sodar2.js
IP 142.250.74.161:0
File type ASCII text, with very long lines (1321)
Hash ac906814ed812c4ecdbb624a3bd2f6c3
8e4547eaffaa66a1ee61b36028dbcd7091d0e7de
8ab8cef6156022c4547455defd8252b48b6bcb8b734072849345bb99758705fe
GET /sodar/sodar2.js HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 6386
date: Fri, 31 Mar 2023 18:48:19 GMT
expires: Fri, 31 Mar 2023 18:48:19 GMT
cache-control: private, max-age=3000
etag: "1637097310169751"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
tpc.googlesyndication.com/sodar/sodar2/225/runner.html
142.250.74.161200 OK 5.0 kB URL HTTP/2 tpc.googlesyndication.com/sodar/sodar2/225/runner.html
IP 142.250.74.161:0
File type HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2020)
Hash f530c16b248be97e10df228df6a41c24
ca3c3a38bbeef6906682b3e0b2a7be40c08b0925
f45287dcfd79a2411e79f98c834c6f7eff8a281a9b4fdba0124be9d204987786
GET /sodar/sodar2/225/runner.html HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload.ee/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 31 Mar 2023 11:44:47 GMT
expires: Sat, 30 Mar 2024 11:44:47 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
vary: Accept-Encoding
age: 25413
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
banner-server.hookusbookus.com/package-feed?language=et_ee&utmSource=allmedia
18.196.163.104200 OK 24 kB URL HTTP/2 banner-server.hookusbookus.com/package-feed?language=et_ee&utmSource=allmedia
IP 18.196.163.104:0
Hash 3c04f51583f31b9d6eac371184948c45
096ecbac9851c54e16cb90d66ebfbf0aa9e7d714
7cc8d0dc0ef56525148a81f82e28bbcfd717e64e00d5ff08a605605e62273592
GET /package-feed?language=et_ee&utmSource=allmedia HTTP/1.1
Host: banner-server.hookusbookus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://banner.hookusbookus.com
Connection: keep-alive
Referer: https://banner.hookusbookus.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Fri, 31 Mar 2023 18:48:19 GMT
content-type: application/json
access-control-allow-origin: https://banner.hookusbookus.com
access-control-allow-methods: POST, PUT, GET, PATCH, OPTIONS, DELETE
access-control-max-age: 3600
access-control-allow-headers: origin, authorization, accept, content-type, x-requested-with, Pragma, Cache-Control, If-Modified-Since, X-Auth-Token, X-Client-Certificate
access-control-allow-credentials: true
access-control-expose-headers: X-Auth-Token, Content-Disposition, Content-Length
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
x-frame-options: DENY
X-Firefox-Spdy: h2
www.google.com/recaptcha/api2/aframe
142.250.74.132200 OK 513 B URL HTTP/2 www.google.com/recaptcha/api2/aframe
IP 142.250.74.132:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (783), with no line terminators
Hash c8bafa0b7d39780f18ebd6a9314e690d
8968bda6e1e071d099b0c08e46a3363265176fde
fa9ca634b1e054715c1ca99f5742e80de56799478baed47259ab855fe21b8928
GET /recaptcha/api2/aframe HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload.ee/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Fri, 31 Mar 2023 18:48:20 GMT
date: Fri, 31 Mar 2023 18:48:20 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'nonce-qcEuMo1e3G4s8HH2MD1PmA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
static.bepolite.eu/files/close-gray.png
212.47.222.21200 OK 1.5 kB URL HTTP/2 static.bepolite.eu/files/close-gray.png
IP 212.47.222.21:0
ASN #3327 CITIC Telecom CPC Netherlands B.V.
File type PNG image data, 35 x 35, 8-bit/color RGBA, non-interlaced\012- data
Hash 41d9676ab94bece3f7a549b4769ddbe2
521f14490fc57fea51e2e5bf00e2299dce51561b
c2f89787bda82263fceb9ec11d398fa83a5f22abf248956df29bdee2987d2f34
GET /files/close-gray.png HTTP/1.1
Host: static.bepolite.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/png
accept-ranges: bytes
etag: "801691811"
last-modified: Fri, 08 Apr 2022 18:07:56 GMT
content-length: 1497
date: Fri, 31 Mar 2023 18:46:34 GMT
server: lighttpd/1.4.55
cache-control: must-revalidate, private
expires: -1
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 740306846
age: 0
via: 1.1 varnish (Varnish/6.2)
X-Firefox-Spdy: h2
serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF3t2bs39IvmKcr8XCUTaq-27WviZIhHWujXnhsqexMFWsZikuIeVDKdyvgQgT22KzUbwswni0E7XZKsVyUaCd8Cbo7cZ6wOrpS5N85r_ypwm3jAh1MDYSFRuVyliGR1zLhcYteV6Vn1R43YCxi0CeC3zp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-0oyfkteWH25yyfzRpSHRvR0gffDh0sadcypdgCniKiH36kZIVEW1_2so0M4ZCfaena5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g
212.47.222.21200 OK 0 B URL HTTP/2 serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF3t2bs39IvmKcr8XCUTaq-27WviZIhHWujXnhsqexMFWsZikuIeVDKdyvgQgT22KzUbwswni0E7XZKsVyUaCd8Cbo7cZ6wOrpS5N85r_ypwm3jAh1MDYSFRuVyliGR1zLhcYteV6Vn1R43YCxi0CeC3zp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-0oyfkteWH25yyfzRpSHRvR0gffDh0sadcypdgCniKiH36kZIVEW1_2so0M4ZCfaena5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g
IP 212.47.222.21:0
ASN #3327 CITIC Telecom CPC Netherlands B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET /event?key=FYFWuDany3hwv6rfuoAYF3t2bs39IvmKcr8XCUTaq-27WviZIhHWujXnhsqexMFWsZikuIeVDKdyvgQgT22KzUbwswni0E7XZKsVyUaCd8Cbo7cZ6wOrpS5N85r_ypwm3jAh1MDYSFRuVyliGR1zLhcYteV6Vn1R43YCxi0CeC3zp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-0oyfkteWH25yyfzRpSHRvR0gffDh0sadcypdgCniKiH36kZIVEW1_2so0M4ZCfaena5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g HTTP/1.1
Host: serving.bepolite.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload.ee/
Cookie: bepolite_id=9c1790615a1f098de8666966690e69a4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 0
date: Fri, 31 Mar 2023 18:46:33 GMT
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 721670402
age: 0
via: 1.1 varnish (Varnish/6.2)
accept-ranges: bytes
server: lighttpd/1.4.64
X-Firefox-Spdy: h2
serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF3t2bs39IvmKcr8XCUTaq-27WviZIhHWujXnhsqexMFWsZikuIeVDKdyvgQgT22KzUbwswni0E7XZKsVyUaCd8Cbo7cZ6wOrpS5N85r_ypwm3jAh1MDYSFRuVyliGR1zLhcYteV6Vn1R43YCxi0CeC3zp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-0yWHtpVkHVFlQET7TPvwGdUCqaUrLvSlabHd6Rn1_xvCgKRsK9yKf7ApdJKQrLOova5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g
212.47.222.21200 OK 0 B URL HTTP/2 serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF3t2bs39IvmKcr8XCUTaq-27WviZIhHWujXnhsqexMFWsZikuIeVDKdyvgQgT22KzUbwswni0E7XZKsVyUaCd8Cbo7cZ6wOrpS5N85r_ypwm3jAh1MDYSFRuVyliGR1zLhcYteV6Vn1R43YCxi0CeC3zp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-0yWHtpVkHVFlQET7TPvwGdUCqaUrLvSlabHd6Rn1_xvCgKRsK9yKf7ApdJKQrLOova5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g
IP 212.47.222.21:0
ASN #3327 CITIC Telecom CPC Netherlands B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET /event?key=FYFWuDany3hwv6rfuoAYF3t2bs39IvmKcr8XCUTaq-27WviZIhHWujXnhsqexMFWsZikuIeVDKdyvgQgT22KzUbwswni0E7XZKsVyUaCd8Cbo7cZ6wOrpS5N85r_ypwm3jAh1MDYSFRuVyliGR1zLhcYteV6Vn1R43YCxi0CeC3zp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-0yWHtpVkHVFlQET7TPvwGdUCqaUrLvSlabHd6Rn1_xvCgKRsK9yKf7ApdJKQrLOova5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g HTTP/1.1
Host: serving.bepolite.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload.ee/
Cookie: bepolite_id=9c1790615a1f098de8666966690e69a4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 0
date: Fri, 31 Mar 2023 18:44:30 GMT
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 739551349
age: 0
via: 1.1 varnish (Varnish/6.2)
accept-ranges: bytes
server: lighttpd/1.4.64
X-Firefox-Spdy: h2
serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF3t2bs39IvmKcr8XCUTaq-27WviZIhHWujXnhsqexMFWsZikuIeVDKdyvgQgT22KzUbwswni0E7XZKsVyUaCd8Cbo7cZ6wOrpS5N85r_ypwm3jAh1MDYSFRuVyliGR1zLhcYteV6Vn1R43YCxi0CeC3zp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3FrDS8eKpw_FwZUgDxMcuLuinL2ANZvojTn9QkiOXNHnNqG_Xog_y5rQFzwn9EoU3a5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g
212.47.222.21200 OK 0 B URL HTTP/2 serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF3t2bs39IvmKcr8XCUTaq-27WviZIhHWujXnhsqexMFWsZikuIeVDKdyvgQgT22KzUbwswni0E7XZKsVyUaCd8Cbo7cZ6wOrpS5N85r_ypwm3jAh1MDYSFRuVyliGR1zLhcYteV6Vn1R43YCxi0CeC3zp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3FrDS8eKpw_FwZUgDxMcuLuinL2ANZvojTn9QkiOXNHnNqG_Xog_y5rQFzwn9EoU3a5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g
IP 212.47.222.21:0
ASN #3327 CITIC Telecom CPC Netherlands B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET /event?key=FYFWuDany3hwv6rfuoAYF3t2bs39IvmKcr8XCUTaq-27WviZIhHWujXnhsqexMFWsZikuIeVDKdyvgQgT22KzUbwswni0E7XZKsVyUaCd8Cbo7cZ6wOrpS5N85r_ypwm3jAh1MDYSFRuVyliGR1zLhcYteV6Vn1R43YCxi0CeC3zp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3FrDS8eKpw_FwZUgDxMcuLuinL2ANZvojTn9QkiOXNHnNqG_Xog_y5rQFzwn9EoU3a5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g HTTP/1.1
Host: serving.bepolite.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload.ee/
Cookie: bepolite_id=9c1790615a1f098de8666966690e69a4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 0
date: Fri, 31 Mar 2023 18:46:34 GMT
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 721670405
age: 0
via: 1.1 varnish (Varnish/6.2)
accept-ranges: bytes
server: lighttpd/1.4.64
X-Firefox-Spdy: h2
dskwugy0u6y9l.cloudfront.net/hotelliveeb/images/general/1/MVOJOBruEqRENsdi5Shj.jpg
13.35.39.128200 OK 68 kB URL HTTP/2 dskwugy0u6y9l.cloudfront.net/hotelliveeb/images/general/1/MVOJOBruEqRENsdi5Shj.jpg
IP 13.35.39.128:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 346x198, components 3\012- data
Hash 256c6c839b193676e4fbf5f481f38ef8
a7c0279ab21ca8a5509804eb9287b951e9dc449d
4ab33f1ef820af3411b0fa3bf00f6261b89e3e3ed7249f6f976537bc3d83cc47
GET /hotelliveeb/images/general/1/MVOJOBruEqRENsdi5Shj.jpg HTTP/1.1
Host: dskwugy0u6y9l.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://banner.hookusbookus.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/jpeg
content-length: 68376
date: Fri, 31 Mar 2023 08:04:41 GMT
last-modified: Sun, 05 Feb 2023 15:00:12 GMT
etag: "256c6c839b193676e4fbf5f481f38ef8"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 b1e98d6f23bf8312e5a34847053352cc.cloudfront.net (CloudFront)
x-amz-cf-pop: TPE51-C1
x-amz-cf-id: rXt0ApdIklQJzqff5hJMaL_7JXm0g2NXf97mi8mso6p0zhgXimsliw==
age: 38620
X-Firefox-Spdy: h2
track.adform.net/serving/unload/?version=15&unload=-5932061713061764574@@62303601,8332354548066547221,100|1030|0|0|0|0|0|0|0||176|0|||||1|0|0|H0BEJSJEZJyjXuUM8tfH4hazj2RYsgytiwNRt6eOXPbpn8V23HOqtQJ1gDRGwv2I0|||10|0|0
37.157.6.241200 OK 70 B URL HTTP/2 track.adform.net/serving/unload/?version=15&unload=-5932061713061764574@@62303601,8332354548066547221,100|1030|0|0|0|0|0|0|0||176|0|||||1|0|0|H0BEJSJEZJyjXuUM8tfH4hazj2RYsgytiwNRt6eOXPbpn8V23HOqtQJ1gDRGwv2I0|||10|0|0
IP 37.157.6.241:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash a1ca693368cfe6ab208f1f1bb8c2ef58
31a655d748475a8a3e5246f591ea2a81f6bfa938
89bc4f148f94ba4eda1e4aaa2fd899d5495c9a297cf848cf7670f78a3251eba7
POST /serving/unload/?version=15&unload=-5932061713061764574@@62303601,8332354548066547221,100|1030|0|0|0|0|0|0|0||176|0|||||1|0|0|H0BEJSJEZJyjXuUM8tfH4hazj2RYsgytiwNRt6eOXPbpn8V23HOqtQJ1gDRGwv2I0|||10|0|0 HTTP/1.1
Host: track.adform.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 0
Origin: https://www.upload.ee
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 18:48:21 GMT
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate, no-transform
pragma: no-cache
expires: -1
access-control-allow-origin: https://www.upload.ee
access-control-allow-credentials: true
access-control-allow-methods: GET, POST
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
access-control-max-age: 86400
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
track.adform.net/serving/unload/?version=15&unload=-5932061713061764574@@62173502,2866383772480838208,89|4899|0|0|0|0|0|0|0||743|0|||||1|0|0|wUsaIkk9Fc2jXuUM8tfH4hazj2RYsgytiwNRt6eOXPZnfapnCT_CcwJ1gDRGwv2I0|||00|0|0@@62303601,8332354548066547221,100|4899|0|0|0|0|0|0|0||835|0|||||1|0|0|H0BEJSJEZJyjXuUM8tfH4hazj2RYsgytiwNRt6eOXPbpn8V23HOqtQJ1gDRGwv2I0|||00|0|0
37.157.6.241200 OK 0 B URL HTTP/2 track.adform.net/serving/unload/?version=15&unload=-5932061713061764574@@62173502,2866383772480838208,89|4899|0|0|0|0|0|0|0||743|0|||||1|0|0|wUsaIkk9Fc2jXuUM8tfH4hazj2RYsgytiwNRt6eOXPZnfapnCT_CcwJ1gDRGwv2I0|||00|0|0@@62303601,8332354548066547221,100|4899|0|0|0|0|0|0|0||835|0|||||1|0|0|H0BEJSJEZJyjXuUM8tfH4hazj2RYsgytiwNRt6eOXPbpn8V23HOqtQJ1gDRGwv2I0|||00|0|0
IP 37.157.6.241:0
POST /serving/unload/?version=15&unload=-5932061713061764574@@62173502,2866383772480838208,89|4899|0|0|0|0|0|0|0||743|0|||||1|0|0|wUsaIkk9Fc2jXuUM8tfH4hazj2RYsgytiwNRt6eOXPZnfapnCT_CcwJ1gDRGwv2I0|||00|0|0@@62303601,8332354548066547221,100|4899|0|0|0|0|0|0|0||835|0|||||1|0|0|H0BEJSJEZJyjXuUM8tfH4hazj2RYsgytiwNRt6eOXPbpn8V23HOqtQJ1gDRGwv2I0|||00|0|0 HTTP/1.1
Host: track.adform.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 0
Origin: https://www.upload.ee
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 18:48:25 GMT
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate, no-transform
pragma: no-cache
expires: -1
access-control-allow-origin: https://www.upload.ee
access-control-allow-credentials: true
access-control-allow-methods: GET, POST
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
access-control-max-age: 86400
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF3t2bs39IvmKcr8XCUTaq-27WviZIhHWujXnhsqexMFWsZikuIeVDKdyvgQgT22KzUbwswni0E7XZKsVyUaCd8Cbo7cZ6wOrpS5N85r_ypwm3jAh1MDYSFRuVyliGR1zLhcYteV6Vn1R43YCxi0CeC3zp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-0yWHtpVkHVFlQET7TPvwGdUCqaUrLvSlabHd6Rn1_xvCgKRsK9yKf7ApdJKQrLOova5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF3t2bs39IvmKcr8XCUTaq-27WviZIhHWujXnhsqexMFWsZikuIeVDKdyvgQgT22KzUbwswni0E7XZKsVyUaCd8Cbo7cZ6wOrpS5N85r_ypwm3jAh1MDYSFRuVyliGR1zLhcYteV6Vn1R43YCxi0CeC3zp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-0yWHtpVkHVFlQET7TPvwGdUCqaUrLvSlabHd6Rn1_xvCgKRsK9yKf7ApdJKQrLOova5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=19ca0706bf674a54a7c24ee15e7929c550dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
18.196.163.104200 OK 0 B URL HTTP/2 banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF3t2bs39IvmKcr8XCUTaq-27WviZIhHWujXnhsqexMFWsZikuIeVDKdyvgQgT22KzUbwswni0E7XZKsVyUaCd8Cbo7cZ6wOrpS5N85r_ypwm3jAh1MDYSFRuVyliGR1zLhcYteV6Vn1R43YCxi0CeC3zp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-0yWHtpVkHVFlQET7TPvwGdUCqaUrLvSlabHd6Rn1_xvCgKRsK9yKf7ApdJKQrLOova5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF3t2bs39IvmKcr8XCUTaq-27WviZIhHWujXnhsqexMFWsZikuIeVDKdyvgQgT22KzUbwswni0E7XZKsVyUaCd8Cbo7cZ6wOrpS5N85r_ypwm3jAh1MDYSFRuVyliGR1zLhcYteV6Vn1R43YCxi0CeC3zp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-0yWHtpVkHVFlQET7TPvwGdUCqaUrLvSlabHd6Rn1_xvCgKRsK9yKf7ApdJKQrLOova5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=19ca0706bf674a54a7c24ee15e7929c550dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
IP 18.196.163.104:0
GET /index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF3t2bs39IvmKcr8XCUTaq-27WviZIhHWujXnhsqexMFWsZikuIeVDKdyvgQgT22KzUbwswni0E7XZKsVyUaCd8Cbo7cZ6wOrpS5N85r_ypwm3jAh1MDYSFRuVyliGR1zLhcYteV6Vn1R43YCxi0CeC3zp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-0yWHtpVkHVFlQET7TPvwGdUCqaUrLvSlabHd6Rn1_xvCgKRsK9yKf7ApdJKQrLOova5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF3t2bs39IvmKcr8XCUTaq-27WviZIhHWujXnhsqexMFWsZikuIeVDKdyvgQgT22KzUbwswni0E7XZKsVyUaCd8Cbo7cZ6wOrpS5N85r_ypwm3jAh1MDYSFRuVyliGR1zLhcYteV6Vn1R43YCxi0CeC3zp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-0yWHtpVkHVFlQET7TPvwGdUCqaUrLvSlabHd6Rn1_xvCgKRsK9yKf7ApdJKQrLOova5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=19ca0706bf674a54a7c24ee15e7929c550dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload.ee/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 31 Mar 2023 18:48:19 GMT
content-type: text/html
server: nginx/1.15.12
last-modified: Tue, 24 Jan 2023 14:19:47 GMT
vary: Accept-Encoding
etag: W/"63cfe903-1781"
content-encoding: gzip
X-Firefox-Spdy: h2
banner.hookusbookus.com/assets/js/jquery.min.js
18.196.163.104200 OK 0 B URL HTTP/2 banner.hookusbookus.com/assets/js/jquery.min.js
IP 18.196.163.104:0
GET /assets/js/jquery.min.js HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF3t2bs39IvmKcr8XCUTaq-27WviZIhHWujXnhsqexMFWsZikuIeVDKdyvgQgT22KzUbwswni0E7XZKsVyUaCd8Cbo7cZ6wOrpS5N85r_ypwm3jAh1MDYSFRuVyliGR1zLhcYteV6Vn1R43YCxi0CeC3zp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-0yWHtpVkHVFlQET7TPvwGdUCqaUrLvSlabHd6Rn1_xvCgKRsK9yKf7ApdJKQrLOova5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF3t2bs39IvmKcr8XCUTaq-27WviZIhHWujXnhsqexMFWsZikuIeVDKdyvgQgT22KzUbwswni0E7XZKsVyUaCd8Cbo7cZ6wOrpS5N85r_ypwm3jAh1MDYSFRuVyliGR1zLhcYteV6Vn1R43YCxi0CeC3zp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-0yWHtpVkHVFlQET7TPvwGdUCqaUrLvSlabHd6Rn1_xvCgKRsK9yKf7ApdJKQrLOova5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=19ca0706bf674a54a7c24ee15e7929c550dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 31 Mar 2023 18:48:19 GMT
content-type: application/javascript
server: nginx/1.15.12
last-modified: Thu, 22 Apr 2021 07:20:15 GMT
vary: Accept-Encoding
etag: W/"608123af-15d84"
content-encoding: gzip
X-Firefox-Spdy: h2
banner.hookusbookus.com/assets/image/svg/hb-logo.svg
18.196.163.104200 OK 0 B URL HTTP/2 banner.hookusbookus.com/assets/image/svg/hb-logo.svg
IP 18.196.163.104:0
GET /assets/image/svg/hb-logo.svg HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://banner.hookusbookus.com/assets/css/index_1000x200.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 31 Mar 2023 18:48:19 GMT
content-type: image/svg+xml
server: nginx/1.15.12
last-modified: Mon, 05 Jul 2021 19:56:59 GMT
vary: Accept-Encoding
etag: W/"60e3640b-3be5"
content-encoding: gzip
X-Firefox-Spdy: h2
s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
37.157.2.248200 OK 0 B URL HTTP/2 s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
IP 37.157.2.248:0
GET /stoat/626/s1.adform.net/bootstrap.js HTTP/1.1
Host: s1.adform.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 18:48:19 GMT
content-type: text/javascript
vary: Accept-Encoding
access-control-allow-origin: *
last-modified: Wed, 21 Dec 2022 11:59:41 GMT
cache-control: public, max-age=100000
expires: Fri, 03 Feb 2023 15:46:58 GMT
x-cache-status: STALE
content-encoding: gzip
X-Firefox-Spdy: h2
track.adform.net/csimpr/?bn=62173502&csi=tTlonhCbO_ZJOeMoWZVdJjiAdDir6y_OWfw6-dd_nNfbNUjYKkRX5toj5KtB9xV1Q6qXzclYbIvVNzj8os8uTbyOpNDfIsLF0
37.157.6.241200 OK 0 B URL HTTP/2 track.adform.net/csimpr/?bn=62173502&csi=tTlonhCbO_ZJOeMoWZVdJjiAdDir6y_OWfw6-dd_nNfbNUjYKkRX5toj5KtB9xV1Q6qXzclYbIvVNzj8os8uTbyOpNDfIsLF0
IP 37.157.6.241:0
POST /csimpr/?bn=62173502&csi=tTlonhCbO_ZJOeMoWZVdJjiAdDir6y_OWfw6-dd_nNfbNUjYKkRX5toj5KtB9xV1Q6qXzclYbIvVNzj8os8uTbyOpNDfIsLF0 HTTP/1.1
Host: track.adform.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 0
Origin: https://www.upload.ee
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 18:48:20 GMT
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate, no-transform
pragma: no-cache
expires: -1
access-control-allow-origin: https://www.upload.ee
access-control-allow-credentials: true
access-control-allow-methods: GET, POST
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
access-control-max-age: 86400
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2