www.upload.ee/download/15881870/620651be8ad71dc8e3e7/Ricijo_Cheats_V._Halloween.exe
51.91.30.159 441 B URL www.upload.ee/download/15881870/620651be8ad71dc8e3e7/Ricijo_Cheats_V._Halloween.exe
IP 51.91.30.159:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (441), with no line terminators
Hash b79539dcd5e2713be60e4d44e0618382
ac08ff2608309539ddeb902af72f7d73093188b0
35205133dcc069ec14050766680a7101399d19c17954700fa93ccc3d5b388baf
GET /download/15881870/620651be8ad71dc8e3e7/Ricijo_Cheats_V._Halloween.exe HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Server: nginx
Date: Wed, 01 Nov 2023 12:53:47 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 441
Connection: keep-alive
Keep-Alive: timeout=5
Strict-Transport-Security: max-age=31536000
X-XSS-Protection: 1
P3P: CP="CAO PSA OUR"
www.upload.ee/download/15881870/620651be8ad71dc8e3e7/Ricijo_Cheats_V._Halloween.exe
51.91.30.159 441 B URL www.upload.ee/download/15881870/620651be8ad71dc8e3e7/Ricijo_Cheats_V._Halloween.exe
IP 51.91.30.159:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (441), with no line terminators
Hash b79539dcd5e2713be60e4d44e0618382
ac08ff2608309539ddeb902af72f7d73093188b0
35205133dcc069ec14050766680a7101399d19c17954700fa93ccc3d5b388baf
GET /download/15881870/620651be8ad71dc8e3e7/Ricijo_Cheats_V._Halloween.exe HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Server: nginx
Date: Wed, 01 Nov 2023 12:53:47 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 441
Connection: keep-alive
Keep-Alive: timeout=5
Strict-Transport-Security: max-age=31536000
X-XSS-Protection: 1
P3P: CP="CAO PSA OUR"
www.upload.ee/files/15881870/Ricijo_Cheats_V._Halloween.exe.html?msg=sess_error
51.91.30.159200 OK 9.0 kB URL User Request GET HTTP/1.1 www.upload.ee/files/15881870/Ricijo_Cheats_V._Halloween.exe.html?msg=sess_error
IP 51.91.30.159:443
Certificate IssuerDigiCert, Inc.
Subjectwww.upload.ee
Fingerprint50:32:93:34:C8:04:2F:84:49:77:0D:C4:DD:CA:79:C9:CB:3E:C0:F4
ValidityThu, 02 Mar 2023 00:00:00 GMT - Mon, 01 Apr 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4526)
Hash fc39be0c4f59a6c5e178f74d8f36ae82
a55cb50281f500c7eeaeba490969a986a2b2d84b
7569f37f712a30c8f528ac250c5b498080f2de9e31134e8af435d42911e86f27
GET /files/15881870/Ricijo_Cheats_V._Halloween.exe.html?msg=sess_error HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/download/15881870/620651be8ad71dc8e3e7/Ricijo_Cheats_V._Halloween.exe
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 01 Nov 2023 12:53:47 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 9003
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Wed, 01 Nov 2023 14:53:47 +0200
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Strict-Transport-Security: max-age=31536000
X-XSS-Protection: 1
P3P: CP="CAO PSA OUR"
Set-Cookie: lng=eng; expires=Wed, 29-Nov-2023 12:53:47 GMT; path=/; domain=www.upload.ee; secure; httponly; SameSite=None
Content-Encoding: gzip
www.upload.ee/favicon.ico
51.91.30.159200 OK 1.2 kB URL GET HTTP/1.1 www.upload.ee/favicon.ico
IP 51.91.30.159:443
Requested by https://www.upload.ee/files/15881870/Ricijo_Cheats_V._Halloween.exe.html?msg=sess_error
Certificate IssuerDigiCert, Inc.
Subjectwww.upload.ee
Fingerprint50:32:93:34:C8:04:2F:84:49:77:0D:C4:DD:CA:79:C9:CB:3E:C0:F4
ValidityThu, 02 Mar 2023 00:00:00 GMT - Mon, 01 Apr 2024 23:59:59 GMT
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash f299cf2e651c19e48d27900ced493ccb
c2d1086d517d7a26292e0d7b32da7c55b166c23b
115c8eb4840245f7aed0cb2a17fa7e91b86f79bb2f223a25af8cc533e1dedff1
GET /favicon.ico HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/download/15881870/620651be8ad71dc8e3e7/Ricijo_Cheats_V._Halloween.exe
Cookie: lng=eng
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 01 Nov 2023 12:53:47 GMT
Content-Type: image/x-icon
Content-Length: 1150
Last-Modified: Tue, 16 Dec 2008 17:17:25 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "4947e2a5-47e"
Expires: Wed, 08 Nov 2023 12:53:47 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes
www.upload.ee/static/ubr__style.css
51.91.30.159 2.8 kB URL www.upload.ee/static/ubr__style.css
IP 51.91.30.159:0
File type ASCII text, with very long lines (591), with CRLF line terminators
Hash 7b9692d4caecccf38e40d2333f8e00b0
8ecb4f873571250f02a5cc2ceff0a24aed25fc33
c4042306388924b75aa7d584c1e61165264967a52d09544ecba836f0d00eb9b9
GET /static/ubr__style.css HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/files/15881870/Ricijo_Cheats_V._Halloween.exe.html?msg=sess_error
Cookie: lng=eng
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 01 Nov 2023 12:53:47 GMT
Content-Type: text/css
Last-Modified: Tue, 17 Oct 2023 12:17:20 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
ETag: W/"652e7b50-24da"
Expires: Wed, 08 Nov 2023 12:53:47 GMT
Cache-Control: max-age=604800
Vary: Accept-Encoding
Content-Encoding: gzip
www.upload.ee/js/js__file_upload.js
51.91.30.159 7.7 kB URL www.upload.ee/js/js__file_upload.js
IP 51.91.30.159:0
File type Unicode text, UTF-8 text, with very long lines (1853)
Hash 66684709338f7239056ff3302e16bc4a
7dbd501434bdc062cdc8f6744e272a7d39ca5136
5163e50a8fe4549a8ca064e266de9c8e6aebd1d848185e0931959824a4d32c0f
GET /js/js__file_upload.js HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/files/15881870/Ricijo_Cheats_V._Halloween.exe.html?msg=sess_error
Cookie: lng=eng
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 01 Nov 2023 12:53:47 GMT
Content-Type: application/javascript
Last-Modified: Tue, 17 Oct 2023 12:32:21 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
ETag: W/"652e7ed5-651c"
Expires: Wed, 08 Nov 2023 12:53:47 GMT
Cache-Control: max-age=604800
Vary: Accept-Encoding
Content-Encoding: gzip
www.upload.ee/images/dl_.png
51.91.30.159200 OK 1.9 kB URL GET HTTP/1.1 www.upload.ee/images/dl_.png
IP 51.91.30.159:443
Requested by https://www.upload.ee/files/15881870/Ricijo_Cheats_V._Halloween.exe.html?msg=sess_error
Certificate IssuerDigiCert, Inc.
Subjectwww.upload.ee
Fingerprint50:32:93:34:C8:04:2F:84:49:77:0D:C4:DD:CA:79:C9:CB:3E:C0:F4
ValidityThu, 02 Mar 2023 00:00:00 GMT - Mon, 01 Apr 2024 23:59:59 GMT
File type PNG image data, 154 x 32, 8-bit colormap, non-interlaced\012- data
Hash f3e8f284a4e98cdb91b6abfc142d94a4
fa9e618c2f56bea752ddd7e45a372c5539dadda9
2f13919383f54ca21e5b87f5644df8a875b99815c821dcbbabea352d854c6882
GET /images/dl_.png HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/files/15881870/Ricijo_Cheats_V._Halloween.exe.html?msg=sess_error
Cookie: lng=eng
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 01 Nov 2023 12:53:47 GMT
Content-Type: image/png
Content-Length: 1900
Last-Modified: Thu, 01 Dec 2016 09:37:27 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "583fef57-76c"
Expires: Wed, 08 Nov 2023 12:53:47 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes
www.upload.ee/images/arrow.gif
51.91.30.159 59 B URL www.upload.ee/images/arrow.gif
IP 51.91.30.159:0
File type GIF image data, version 89a, 6 x 9\012- data
Hash 6675f814b94f13f91f1383707b250e36
31452650e8fce2095613a2010799bdb7548bdd51
061d01a0b85f948c6ec464870ecec4654c4bd2ff15cacda941bbbf16225ec411
GET /images/arrow.gif HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/files/15881870/Ricijo_Cheats_V._Halloween.exe.html?msg=sess_error
Cookie: lng=eng
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 01 Nov 2023 12:53:47 GMT
Content-Type: image/gif
Content-Length: 59
Last-Modified: Sun, 14 Apr 2013 07:15:01 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "516a5775-3b"
Expires: Wed, 08 Nov 2023 12:53:47 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes
www.googletagmanager.com/gtag/js?id=UA-6703115-1
142.250.74.136 51 kB URL www.googletagmanager.com/gtag/js?id=UA-6703115-1
IP 142.250.74.136:0
File type ASCII text, with very long lines (2213)
Hash b8f3cec90887f6d3cc372c7d20cdd49a
d1a298a732b36bc7af0d964e7ad051d2cd7ac95f
31199e40800876708dec7ef48d3cbc3720a061364f865f6856728d1545c1add6
GET /gtag/js?id=UA-6703115-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 01 Nov 2023 12:53:47 GMT
expires: Wed, 01 Nov 2023 12:53:47 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 51391
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
du0pud0sdlmzf.cloudfront.net/?dupud=997369
143.204.42.89 118 kB URL du0pud0sdlmzf.cloudfront.net/?dupud=997369
IP 143.204.42.89:0
File type Unicode text, UTF-8 text, with very long lines (15948)
Size 118 kB (117716 bytes)
Hash 05abb1475d507fb8fa9778cee7b2ce6e
af271b24835d4b2363fe7c6cf9fa6f4c90b09084
e1b02175f38c9e54d7ebe26b25933276a04aa93a26e8947c506512cd29875c39
GET /?dupud=997369 HTTP/1.1
Host: du0pud0sdlmzf.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-length: 117716
date: Wed, 01 Nov 2023 12:53:48 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Miss from cloudfront
via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: EUbbsi_oaowCzoYHtU2jWhgdBUw5Pu-dtmXU7D7216JnZ0LsnkDQRw==
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=G-LT9YQX0N49&l=dataLayer&cx=c
142.250.74.136 86 kB URL www.googletagmanager.com/gtag/js?id=G-LT9YQX0N49&l=dataLayer&cx=c
IP 142.250.74.136:0
File type ASCII text, with very long lines (3034)
Hash 62d7ca6343cf6f8808bfee9223e0a093
8fe792d63e2f880538135a9450ec04cef6b48eb4
9737a51857444549e863e7b539b1807d4a7b60e75a94530380b02330afbc918e
GET /gtag/js?id=G-LT9YQX0N49&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 01 Nov 2023 12:53:48 GMT
expires: Wed, 01 Nov 2023 12:53:48 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 85774
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
odnaturedfe.org/SjFVQzNlDjYwDildMRtRe10RGWQAUgwGaS1rORlGGGYHK2QncHM3Wi4MbHoEeQdsZUMjVWhyFTlFNDdGOQxkZVokVzp+FTwMZG0Afh9mdx16FyB+AmxFJSJUdwBzM0c+XWhyBXMJbXcAeANscgF4
172.67.214.10204 No Content 0 B URL GET HTTP/2 odnaturedfe.org/SjFVQzNlDjYwDildMRtRe10RGWQAUgwGaS1rORlGGGYHK2QncHM3Wi4MbHoEeQdsZUMjVWhyFTlFNDdGOQxkZVokVzp+FTwMZG0Afh9mdx16FyB+AmxFJSJUdwBzM0c+XWhyBXMJbXcAeANscgF4
IP 172.67.214.10:443
Requested by https://www.upload.ee/files/15881870/Ricijo_Cheats_V._Halloween.exe.html?msg=sess_error
Certificate IssuerGoogle Trust Services LLC
Subjectodnaturedfe.org
Fingerprint75:4F:30:B9:B2:A1:A9:52:19:F4:F6:55:65:A5:A7:83:0F:1F:0B:B4
ValiditySun, 22 Oct 2023 07:29:35 GMT - Sat, 20 Jan 2024 07:29:34 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /SjFVQzNlDjYwDildMRtRe10RGWQAUgwGaS1rORlGGGYHK2QncHM3Wi4MbHoEeQdsZUMjVWhyFTlFNDdGOQxkZVokVzp+FTwMZG0Afh9mdx16FyB+AmxFJSJUdwBzM0c+XWhyBXMJbXcAeANscgF4 HTTP/1.1
Host: odnaturedfe.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
date: Wed, 01 Nov 2023 12:53:48 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MgkqexavNIXexr6JlL1gDdTiclZK8DHD6izJwECaQJLH3e6Ylf5aV4%2F4B8zJckLLQsiqy3Wnq3ClhvOinXpI%2F2rFCTT8X2c3ykTQDuIuHUkmBbqX93xd%2BdhGmKkl8UnA20g%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 81f44860cdc0b511-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
odnaturedfe.org/dWJGdjVaXSUFCCc3LQxvDw4xEHQzOgU+ZwIgEE55EyopMm0SI2ACXBFff08CQVJ+UEUcBntHDVMRMhdBABF7RxMcDCAZCFMUe0cbRUx0WAFTF3tHEwESJxEIREQ2AkEZX3dADE1ackUHR1t3QgE
172.67.214.10 0 B URL odnaturedfe.org/dWJGdjVaXSUFCCc3LQxvDw4xEHQzOgU+ZwIgEE55EyopMm0SI2ACXBFff08CQVJ+UEUcBntHDVMRMhdBABF7RxMcDCAZCFMUe0cbRUx0WAFTF3tHEwESJxEIREQ2AkEZX3dADE1ackUHR1t3QgE
IP 172.67.214.10:0
Certificate IssuerGoogle Trust Services LLC
Subjectodnaturedfe.org
Fingerprint75:4F:30:B9:B2:A1:A9:52:19:F4:F6:55:65:A5:A7:83:0F:1F:0B:B4
ValiditySun, 22 Oct 2023 07:29:35 GMT - Sat, 20 Jan 2024 07:29:34 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /dWJGdjVaXSUFCCc3LQxvDw4xEHQzOgU+ZwIgEE55EyopMm0SI2ACXBFff08CQVJ+UEUcBntHDVMRMhdBABF7RxMcDCAZCFMUe0cbRUx0WAFTF3tHEwESJxEIREQ2AkEZX3dADE1ackUHR1t3QgE HTTP/1.1
Host: odnaturedfe.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
date: Wed, 01 Nov 2023 12:53:48 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CpMZvrw7fsH9vVqw2alPmVUv4pJcIkPvumnQcdMTg0srF%2FAhsFPJB8whCpxL1rqF%2FE9F%2F0MZcbWyp9acfbmhU7dza49RHcwuLNWFFBKIKAAMD5H809Sqz71YyK9cv4%2B7JZY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 81f44860edd9b511-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
odnaturedfe.org/Q2NNNzVsXC5ECCEOCwNXBC0VYmAvOhthQRYyC2FgG1IffmIvJmtDXCdedA4Cd1J5EUUqB3AGEzAXLENAMF58EVwtBSIKEzVefBkGd01+AxtzRTgKBGUXPVZSflJrR0E3D3AGA3pbdQMGcVF0BgNx
172.67.214.10 0 B URL odnaturedfe.org/Q2NNNzVsXC5ECCEOCwNXBC0VYmAvOhthQRYyC2FgG1IffmIvJmtDXCdedA4Cd1J5EUUqB3AGEzAXLENAMF58EVwtBSIKEzVefBkGd01+AxtzRTgKBGUXPVZSflJrR0E3D3AGA3pbdQMGcVF0BgNx
IP 172.67.214.10:0
Certificate IssuerGoogle Trust Services LLC
Subjectodnaturedfe.org
Fingerprint75:4F:30:B9:B2:A1:A9:52:19:F4:F6:55:65:A5:A7:83:0F:1F:0B:B4
ValiditySun, 22 Oct 2023 07:29:35 GMT - Sat, 20 Jan 2024 07:29:34 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /Q2NNNzVsXC5ECCEOCwNXBC0VYmAvOhthQRYyC2FgG1IffmIvJmtDXCdedA4Cd1J5EUUqB3AGEzAXLENAMF58EVwtBSIKEzVefBkGd01+AxtzRTgKBGUXPVZSflJrR0E3D3AGA3pbdQMGcVF0BgNx HTTP/1.1
Host: odnaturedfe.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
date: Wed, 01 Nov 2023 12:53:48 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OuzuYHuVl2abqHc6XSSxyXKDI%2BHfqZCU73V3O%2FZicqtS2YZiyAgOw%2BeFZBhfh7UDYqsF9ohZW0GLRZe%2FTs3ZRwAZaPtWuq%2B7g9w6UkugE%2FEymnEnEKnXPpA%2FwWcJ60lXX%2Bs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 81f44860edddb511-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
elltheprecise.org/UDZoQ20xVAsuUjELCmUYIlpVZl8WE1oFCSUGGDYJYEUMLwAqUEYgAT9DDCUfP1gcbQM1Qk1xKzNSWgUpNAY9Fik5BjomCh1/InMdaGIEGRoBbhARLip3MQgaNFUrOyw7ZCsSBRF1IRQ/KlUmCjggZDIRHjtxORlIYnQ9ECwKdwZ2KglOMQUkBUYQFj8FTC8AWBtyOxYsGXQtFyIBbwABXTMELi0KMXICKAgbZBsCNztjLBIGaUw9LQkYZTw3KjRwIhAsBnxbERpgRy8XLABkIAUlAGNRGyUVcBAWARl0PS0JGHMSFT40XDISDmADGhFdOFs6GzgBdCtuLDN9BAk5EmM+cj88cBIRAwZxOgsrGH8QdzkaXi0yKWBkEA41AnE9BFwYbx8JDjNRTikeP1gYfiU3V1sGDydRCQ
108.157.214.70 1.2 kB URL elltheprecise.org/UDZoQ20xVAsuUjELCmUYIlpVZl8WE1oFCSUGGDYJYEUMLwAqUEYgAT9DDCUfP1gcbQM1Qk1xKzNSWgUpNAY9Fik5BjomCh1/InMdaGIEGRoBbhARLip3MQgaNFUrOyw7ZCsSBRF1IRQ/KlUmCjggZDIRHjtxORlIYnQ9ECwKdwZ2KglOMQUkBUYQFj8FTC8AWBtyOxYsGXQtFyIBbwABXTMELi0KMXICKAgbZBsCNztjLBIGaUw9LQkYZTw3KjRwIhAsBnxbERpgRy8XLABkIAUlAGNRGyUVcBAWARl0PS0JGHMSFT40XDISDmADGhFdOFs6GzgBdCtuLDN9BAk5EmM+cj88cBIRAwZxOgsrGH8QdzkaXi0yKWBkEA41AnE9BFwYbx8JDjNRTikeP1gYfiU3V1sGDydRCQ
IP 108.157.214.70:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3013), with no line terminators
Hash 2894012d011cdde7aa728cc8f5598b61
c6a24b16bfe9fa9963d0e3f7bfdf83b2cd53fa24
374ba4f20562ff88271375270ded782d6ce8bb4deb66d05687270ffd073673dd
GET /UDZoQ20xVAsuUjELCmUYIlpVZl8WE1oFCSUGGDYJYEUMLwAqUEYgAT9DDCUfP1gcbQM1Qk1xKzNSWgUpNAY9Fik5BjomCh1/InMdaGIEGRoBbhARLip3MQgaNFUrOyw7ZCsSBRF1IRQ/KlUmCjggZDIRHjtxORlIYnQ9ECwKdwZ2KglOMQUkBUYQFj8FTC8AWBtyOxYsGXQtFyIBbwABXTMELi0KMXICKAgbZBsCNztjLBIGaUw9LQkYZTw3KjRwIhAsBnxbERpgRy8XLABkIAUlAGNRGyUVcBAWARl0PS0JGHMSFT40XDISDmADGhFdOFs6GzgBdCtuLDN9BAk5EmM+cj88cBIRAwZxOgsrGH8QdzkaXi0yKWBkEA41AnE9BFwYbx8JDjNRTikeP1gYfiU3V1sGDydRCQ HTTP/1.1
Host: elltheprecise.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/html
content-length: 1167
date: Wed, 01 Nov 2023 12:53:48 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 5189ed92462b822bc9c8a27ceed0cb4e.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: atP5vai4dNEngicfc5O5ePIWTcUouss70rdjRSOoIedW_OXxngguxg==
X-Firefox-Spdy: h2
elltheprecise.org/UWNhYVowAQIMZTBeA0cvIw9cRGgXRlMnPiRTERQ+YRAFDTcrBU8CNj4WBQcoPg0VTzQ0F0RTHAQsNw0ICxk3ABQ7WyMiMWEULzc1HCImVDYHBCQHFygqKDZqPQgvDRQFOjMOLRQiK1gKAiUjMA8cWgMnOQU1NQZ/YyUgID03MyVZHxIiCURoFy4gLwITJFBSH2E1Niw3Ji80UW5pLRk3CgInUQkLBCE4Ox4mKjVQG2AzMDgLEhtYCgkANgIAaBczNTAyPgcnM2kZJBUJGWAbOS0ZPSAjFjE5AjcnKxVRUFEMGQACAGgUNTAZIiAmJzgcECsFCQ45Ii0ADnw6Ijc2GFEFJwwrIFMNPQcUNCg7BiEiIy06RlMnFRM1MDkgCBMwBj50UScAHRM0JhY2dFEnKxw+JkcLKT4NEVw9ZQU5IjsmVCUFKg
108.157.214.70200 OK 1.2 kB URL GET HTTP/2 elltheprecise.org/UWNhYVowAQIMZTBeA0cvIw9cRGgXRlMnPiRTERQ+YRAFDTcrBU8CNj4WBQcoPg0VTzQ0F0RTHAQsNw0ICxk3ABQ7WyMiMWEULzc1HCImVDYHBCQHFygqKDZqPQgvDRQFOjMOLRQiK1gKAiUjMA8cWgMnOQU1NQZ/YyUgID03MyVZHxIiCURoFy4gLwITJFBSH2E1Niw3Ji80UW5pLRk3CgInUQkLBCE4Ox4mKjVQG2AzMDgLEhtYCgkANgIAaBczNTAyPgcnM2kZJBUJGWAbOS0ZPSAjFjE5AjcnKxVRUFEMGQACAGgUNTAZIiAmJzgcECsFCQ45Ii0ADnw6Ijc2GFEFJwwrIFMNPQcUNCg7BiEiIy06RlMnFRM1MDkgCBMwBj50UScAHRM0JhY2dFEnKxw+JkcLKT4NEVw9ZQU5IjsmVCUFKg
IP 108.157.214.70:443
Requested by https://www.upload.ee/files/15881870/Ricijo_Cheats_V._Halloween.exe.html?msg=sess_error
Certificate IssuerAmazon
Subjectelltheprecise.org
Fingerprint37:69:07:BE:8E:81:6B:D4:60:C0:01:24:96:3B:5E:78:79:93:BA:C7
ValiditySun, 22 Oct 2023 00:00:00 GMT - Tue, 19 Nov 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3017), with no line terminators
Hash 42223432d6b8c385fe601b30edb8185a
d913e9317a424258486d13e4c1ba276f6cfa444f
afc543d76fe54b70ead0416776ec1610ca7312db0872a6ca220656a7338b0e45
GET /UWNhYVowAQIMZTBeA0cvIw9cRGgXRlMnPiRTERQ+YRAFDTcrBU8CNj4WBQcoPg0VTzQ0F0RTHAQsNw0ICxk3ABQ7WyMiMWEULzc1HCImVDYHBCQHFygqKDZqPQgvDRQFOjMOLRQiK1gKAiUjMA8cWgMnOQU1NQZ/YyUgID03MyVZHxIiCURoFy4gLwITJFBSH2E1Niw3Ji80UW5pLRk3CgInUQkLBCE4Ox4mKjVQG2AzMDgLEhtYCgkANgIAaBczNTAyPgcnM2kZJBUJGWAbOS0ZPSAjFjE5AjcnKxVRUFEMGQACAGgUNTAZIiAmJzgcECsFCQ45Ii0ADnw6Ijc2GFEFJwwrIFMNPQcUNCg7BiEiIy06RlMnFRM1MDkgCBMwBj50UScAHRM0JhY2dFEnKxw+JkcLKT4NEVw9ZQU5IjsmVCUFKg HTTP/1.1
Host: elltheprecise.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/html
content-length: 1173
date: Wed, 01 Nov 2023 12:53:48 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 5189ed92462b822bc9c8a27ceed0cb4e.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: 46E97c5KY8GCB8LY2A3FrtRAxHZPii0g-u7L56w19U_AXzb45yNh8w==
X-Firefox-Spdy: h2
elltheprecise.org/N1dGR3hWNSUqR1ZqJGENRTt7YkpxcnQBHEJnNjIcByQiKxVNMWgkFFgiIiEKWDkyaRZSI2N1Pk81AygCYQByFzJhZzwSKlA9EHUQbwEedzBtARwMMXIWcAY6T2QQFClvFDwzOngufnY/BhIWAwAOJBQ+QHwCHigueAZ+BDRmYjwED34nAioqfhMVcipWETYMKAYdKQYPeiARLRN0ExF/OnJmMgQdXw0oHxNmLgcqKnsPMSAvbWZyBjEGZyEBE1tjBz5JYAAuEj5uAjIhO3UNKB8QA28AKiFBDx4oM1JmcwEaQBEqBClcJxEDCHsPITA6bQF/JB1QegwrIAc7cgYCeh8OLkFhGC4dMlIfECwgBmYtBkt6NRMfCxE9NSgWR2ogNgFQJjQpOW4GJB0ZRA
108.157.214.70 1.2 kB URL elltheprecise.org/N1dGR3hWNSUqR1ZqJGENRTt7YkpxcnQBHEJnNjIcByQiKxVNMWgkFFgiIiEKWDkyaRZSI2N1Pk81AygCYQByFzJhZzwSKlA9EHUQbwEedzBtARwMMXIWcAY6T2QQFClvFDwzOngufnY/BhIWAwAOJBQ+QHwCHigueAZ+BDRmYjwED34nAioqfhMVcipWETYMKAYdKQYPeiARLRN0ExF/OnJmMgQdXw0oHxNmLgcqKnsPMSAvbWZyBjEGZyEBE1tjBz5JYAAuEj5uAjIhO3UNKB8QA28AKiFBDx4oM1JmcwEaQBEqBClcJxEDCHsPITA6bQF/JB1QegwrIAc7cgYCeh8OLkFhGC4dMlIfECwgBmYtBkt6NRMfCxE9NSgWR2ogNgFQJjQpOW4GJB0ZRA
IP 108.157.214.70:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3003), with no line terminators
Hash f203298fe0ea7a27db1e2596169b8eba
cf3782bd418ff315b09efc08e3b186235c782b2d
05a01c21470b1e6f41077b12de86d299b446fbea3fa311b05178695adcbd0afa
GET /N1dGR3hWNSUqR1ZqJGENRTt7YkpxcnQBHEJnNjIcByQiKxVNMWgkFFgiIiEKWDkyaRZSI2N1Pk81AygCYQByFzJhZzwSKlA9EHUQbwEedzBtARwMMXIWcAY6T2QQFClvFDwzOngufnY/BhIWAwAOJBQ+QHwCHigueAZ+BDRmYjwED34nAioqfhMVcipWETYMKAYdKQYPeiARLRN0ExF/OnJmMgQdXw0oHxNmLgcqKnsPMSAvbWZyBjEGZyEBE1tjBz5JYAAuEj5uAjIhO3UNKB8QA28AKiFBDx4oM1JmcwEaQBEqBClcJxEDCHsPITA6bQF/JB1QegwrIAc7cgYCeh8OLkFhGC4dMlIfECwgBmYtBkt6NRMfCxE9NSgWR2ogNgFQJjQpOW4GJB0ZRA HTTP/1.1
Host: elltheprecise.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/html
content-length: 1161
date: Wed, 01 Nov 2023 12:53:48 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 5189ed92462b822bc9c8a27ceed0cb4e.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: FDGblb4X1BjM9zQaBuuIfoYPm_dsgRa1kpliU4eOj2pzqb1XRMrXtw==
X-Firefox-Spdy: h2
www.upload.ee/favicon.ico
51.91.30.159200 OK 1.2 kB URL GET HTTP/1.1 www.upload.ee/favicon.ico
IP 51.91.30.159:443
Requested by https://www.upload.ee/files/15881870/Ricijo_Cheats_V._Halloween.exe.html?msg=sess_error
Certificate IssuerDigiCert, Inc.
Subjectwww.upload.ee
Fingerprint50:32:93:34:C8:04:2F:84:49:77:0D:C4:DD:CA:79:C9:CB:3E:C0:F4
ValidityThu, 02 Mar 2023 00:00:00 GMT - Mon, 01 Apr 2024 23:59:59 GMT
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash f299cf2e651c19e48d27900ced493ccb
c2d1086d517d7a26292e0d7b32da7c55b166c23b
115c8eb4840245f7aed0cb2a17fa7e91b86f79bb2f223a25af8cc533e1dedff1
GET /favicon.ico HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/files/15881870/Ricijo_Cheats_V._Halloween.exe.html?msg=sess_error
Cookie: lng=eng; _ga_LT9YQX0N49=GS1.1.1698843229.1.0.1698843229.0.0.0; _ga=GA1.1.428762605.1698843229
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 01 Nov 2023 12:53:48 GMT
Content-Type: image/x-icon
Content-Length: 1150
Last-Modified: Tue, 16 Dec 2008 17:17:25 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "4947e2a5-47e"
Expires: Wed, 08 Nov 2023 12:53:48 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
142.250.74.109 0 B URL accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP 142.250.74.109:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:d-0w9XVVaHrNYEvJqXnUI3RIKQDXXw:pyq67HI-V-aek6-Y; Expires=Fri, 31-Oct-2025 12:53:48 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 01 Nov 2023 12:53:48 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AVQVeyxqwOPU2-47vmy_2ZieVoK96N355-eiUrvxKWTW9Sgz-JVho3eIUC0shVWNBmfAhiLTbsPEGg
strict-transport-security: max-age=31536000; includeSubDomains
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: unsafe-none
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-security-policy: require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport, script-src 'nonce-9Ki91S8jCFvolLRE7QSEgw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
142.250.74.109 0 B URL accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP 142.250.74.109:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:xo4oIujWdi0tlnlETW2CrnpTz82cag:Bw_kX3_BIhQ_XNyt; Expires=Fri, 31-Oct-2025 12:53:48 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 01 Nov 2023 12:53:48 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AVQVeywDsySKzoWBp03vinSXsvGDi9lRLpf1TdnGsRg1OQWm777QwytCSqXow2yUtx-EuO1eVV3NWw
strict-transport-security: max-age=31536000; includeSubDomains
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: unsafe-none
content-security-policy: require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport, script-src 'nonce-3M_el07dy5ZktvU8vea5SA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist
cross-origin-resource-policy: cross-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
elltheprecise.org/utx?cb=SFcNeaJk1lAV&top=www.upload.ee&tid=997369
108.157.214.70204 No Content 0 B URL GET HTTP/2 elltheprecise.org/utx?cb=SFcNeaJk1lAV&top=www.upload.ee&tid=997369
IP 108.157.214.70:443
Requested by https://www.upload.ee/files/15881870/Ricijo_Cheats_V._Halloween.exe.html?msg=sess_error
Certificate IssuerAmazon
Subjectelltheprecise.org
Fingerprint37:69:07:BE:8E:81:6B:D4:60:C0:01:24:96:3B:5E:78:79:93:BA:C7
ValiditySun, 22 Oct 2023 00:00:00 GMT - Tue, 19 Nov 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=SFcNeaJk1lAV&top=www.upload.ee&tid=997369 HTTP/1.1
Host: elltheprecise.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.upload.ee
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
date: Wed, 01 Nov 2023 12:53:48 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://www.upload.ee
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Wed, 01 Nov 2023 12:54:48 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 5189ed92462b822bc9c8a27ceed0cb4e.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: -oi0gGNNCGYy01Rq6tEjK5czkdMU7xDFnAncl7iTNaU9ZjmuCoM2-Q==
X-Firefox-Spdy: h2
elltheprecise.org/utx?cb=eCWAoj9KitjF&top=www.upload.ee&tid=997414
108.157.214.70204 No Content 0 B URL GET HTTP/2 elltheprecise.org/utx?cb=eCWAoj9KitjF&top=www.upload.ee&tid=997414
IP 108.157.214.70:443
Requested by https://www.upload.ee/files/15881870/Ricijo_Cheats_V._Halloween.exe.html?msg=sess_error
Certificate IssuerAmazon
Subjectelltheprecise.org
Fingerprint37:69:07:BE:8E:81:6B:D4:60:C0:01:24:96:3B:5E:78:79:93:BA:C7
ValiditySun, 22 Oct 2023 00:00:00 GMT - Tue, 19 Nov 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=eCWAoj9KitjF&top=www.upload.ee&tid=997414 HTTP/1.1
Host: elltheprecise.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.upload.ee
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
date: Wed, 01 Nov 2023 12:53:48 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://www.upload.ee
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Wed, 01 Nov 2023 12:54:48 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 5189ed92462b822bc9c8a27ceed0cb4e.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: mXR9uLYpIdFGZfST6rWeKkI9XrtnpRXd6tfOUc_Oo2fd9ymybOpbDA==
X-Firefox-Spdy: h2
du0pud0sdlmzf.cloudfront.net/UOVlRZzVaNj8BCk0wNVoMAG5lVgEfMyIIW0lkNlNTYRowEAJ9PSFBQUM9bFcTVTg/AAgfPD8ECAh/MANXBG13E0VWMmwLU048NxVPSD0hQUBYZDwIT1A1PQYQCx9kSQUca2FPTQhodFR3HGthC1xXLClCBwkhaVFqD210VHcca2EVQxxqEFYFAHdhThALaT-YCVlI2dFVzC2lgVwUIaWBCBwk/OBVQXzYpQgd/aGBWGwl/JFoE
143.204.42.89 558 B URL du0pud0sdlmzf.cloudfront.net/UOVlRZzVaNj8BCk0wNVoMAG5lVgEfMyIIW0lkNlNTYRowEAJ9PSFBQUM9bFcTVTg/AAgfPD8ECAh/MANXBG13E0VWMmwLU048NxVPSD0hQUBYZDwIT1A1PQYQCx9kSQUca2FPTQhodFR3HGthC1xXLClCBwkhaVFqD210VHcca2EVQxxqEFYFAHdhThALaT-YCVlI2dFVzC2lgVwUIaWBCBwk/OBVQXzYpQgd/aGBWGwl/JFoE
IP 143.204.42.89:0
File type ASCII text, with very long lines (787), with no line terminators
Hash e7247acff15e2c88a90219141a5c6fc8
ff7b6ce5c51d8280e1bd9c9ea389a70b25b4d61c
086959eba34ce276238ee894acf0b21a4439f07da737f0def9ea98be3f52c492
GET /UOVlRZzVaNj8BCk0wNVoMAG5lVgEfMyIIW0lkNlNTYRowEAJ9PSFBQUM9bFcTVTg/AAgfPD8ECAh/MANXBG13E0VWMmwLU048NxVPSD0hQUBYZDwIT1A1PQYQCx9kSQUca2FPTQhodFR3HGthC1xXLClCBwkhaVFqD210VHcca2EVQxxqEFYFAHdhThALaT-YCVlI2dFVzC2lgVwUIaWBCBwk/OBVQXzYpQgd/aGBWGwl/JFoE HTTP/1.1
Host: du0pud0sdlmzf.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://elltheprecise.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 558
date: Wed, 01 Nov 2023 12:53:48 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 4rN55__04D4JUGMzsaQQEdjy2fWZO-_iOFq6S8SdXKSI5dkpFyvygA==
X-Firefox-Spdy: h2
accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AVQVeyxqwOPU2-47vmy_2ZieVoK96N355-eiUrvxKWTW9Sgz-JVho3eIUC0shVWNBmfAhiLTbsPEGg
142.250.74.109302 Found 400 B URL GET HTTP/3 accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AVQVeyxqwOPU2-47vmy_2ZieVoK96N355-eiUrvxKWTW9Sgz-JVho3eIUC0shVWNBmfAhiLTbsPEGg
IP 142.250.74.109:443
Requested by https://www.upload.ee/files/15881870/Ricijo_Cheats_V._Halloween.exe.html?msg=sess_error
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint71:34:F9:A1:80:2F:AF:05:CB:45:8A:35:D5:48:03:3F:B3:6F:61:30
ValidityMon, 09 Oct 2023 08:04:03 GMT - Mon, 01 Jan 2024 08:04:02 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (396)
Hash 40c1d30347ae0f3199fb3233fe59f8ac
de433fcac8d3d40bc67f135f30430bea2832972f
931c48aecf666da8a4e75b16464bf3aebdd027b601c26084e16aaa2d65acfc1e
GET /InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AVQVeyxqwOPU2-47vmy_2ZieVoK96N355-eiUrvxKWTW9Sgz-JVho3eIUC0shVWNBmfAhiLTbsPEGg HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:U1EP7h1TLCvCb0mdJ8_pmtdzBnlw1A:u5_PlJzzzPt9cEP1;Path=/;Expires=Fri, 31-Oct-2025 12:53:48 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 01 Nov 2023 12:53:48 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AVQVeywDkuw_jM_fW_YPd06FO7OYg3hUiN_FA0Xn2Tfuj7k_GIUAF6lDUH36nLQ5SpkrifwzyQcmFQ&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1878261238%3A1698843228844315&theme=glif
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-Pc9spdkowbNT97RseEB_zg' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 400
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AVQVeywDsySKzoWBp03vinSXsvGDi9lRLpf1TdnGsRg1OQWm777QwytCSqXow2yUtx-EuO1eVV3NWw
142.250.74.109302 Found 407 B URL GET HTTP/3 accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AVQVeywDsySKzoWBp03vinSXsvGDi9lRLpf1TdnGsRg1OQWm777QwytCSqXow2yUtx-EuO1eVV3NWw
IP 142.250.74.109:443
Requested by https://www.upload.ee/files/15881870/Ricijo_Cheats_V._Halloween.exe.html?msg=sess_error
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint71:34:F9:A1:80:2F:AF:05:CB:45:8A:35:D5:48:03:3F:B3:6F:61:30
ValidityMon, 09 Oct 2023 08:04:03 GMT - Mon, 01 Jan 2024 08:04:02 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (399)
Hash b925653e86ff2d219561992c5ca2e9b6
e7dcbf91793c6bbaf7c3cbf4c2db14f973d4705f
df3ebdf8fef2a5dde5ee74331ced3c2cfe0fd07f81ebcc478875516640b8518e
GET /InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AVQVeywDsySKzoWBp03vinSXsvGDi9lRLpf1TdnGsRg1OQWm777QwytCSqXow2yUtx-EuO1eVV3NWw HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:Ff29PFCnrPAAbayQzwXisNAwcbIvZg:QO_x7CnSxayq215H;Path=/;Expires=Fri, 31-Oct-2025 12:53:48 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 01 Nov 2023 12:53:48 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AVQVeywXRlBPZdd1VzYaHE0a0pXfzlxLBkiKzrigcwtGJDBCl1pOuZFcuPEOZhkEmqxCpLND6cO6EQ&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1510357996%3A1698843228860179&theme=glif
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-0v3O7ACyPcO84NwcY98uXA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 407
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
du0pud0sdlmzf.cloudfront.net/cd2FDd0UUDi0RegMIJ0p8TlZwQXxRCzAYKwdcCxAkRCQhACIWRzcNIUpRZRskGQZ+USAZAn5GYxYFIUpxURUzGC5KDSUAIBETOQYhB0c2FngaDjkeKRsAZkUDQk9zUndHSTtGdFJSAVJ3Rw0qGTAPRHFHPU9XHEFxUlIBUndHEzVSdjZQc05rR0hmRXUQBC-AcKlJTBUV1RlFzRnVGRHFHIx4TJhEqD0RxMXRGUG1HYwJccg
143.204.42.89 598 B URL du0pud0sdlmzf.cloudfront.net/cd2FDd0UUDi0RegMIJ0p8TlZwQXxRCzAYKwdcCxAkRCQhACIWRzcNIUpRZRskGQZ+USAZAn5GYxYFIUpxURUzGC5KDSUAIBETOQYhB0c2FngaDjkeKRsAZkUDQk9zUndHSTtGdFJSAVJ3Rw0qGTAPRHFHPU9XHEFxUlIBUndHEzVSdjZQc05rR0hmRXUQBC-AcKlJTBUV1RlFzRnVGRHFHIx4TJhEqD0RxMXRGUG1HYwJccg
IP 143.204.42.89:0
File type ASCII text, with very long lines (853), with no line terminators
Hash d8f760183bc70700e2a4af7348669385
b608b5437d0386e2b0daa733bf2b855e0527dda9
2fb94963a170078999f87af537e9820546c42baa7ac7223cc95a3201e1a7f9cc
GET /cd2FDd0UUDi0RegMIJ0p8TlZwQXxRCzAYKwdcCxAkRCQhACIWRzcNIUpRZRskGQZ+USAZAn5GYxYFIUpxURUzGC5KDSUAIBETOQYhB0c2FngaDjkeKRsAZkUDQk9zUndHSTtGdFJSAVJ3Rw0qGTAPRHFHPU9XHEFxUlIBUndHEzVSdjZQc05rR0hmRXUQBC-AcKlJTBUV1RlFzRnVGRHFHIx4TJhEqD0RxMXRGUG1HYwJccg HTTP/1.1
Host: du0pud0sdlmzf.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://elltheprecise.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 598
date: Wed, 01 Nov 2023 12:53:48 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 8chJnqW-vrrt6oI5vyDiX2suC_drWip9ZlBXaoGyngIx1NwMWlsjCA==
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
188.114.96.1200 OK 103 kB IP 188.114.96.1:443
Requested by https://www.upload.ee/files/15881870/Ricijo_Cheats_V._Halloween.exe.html?msg=sess_error
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint17:F9:2D:6F:B5:5E:5F:37:A6:FB:BE:61:4F:97:64:33:85:5C:3A:FB
ValidityTue, 28 Feb 2023 00:00:00 GMT - Tue, 27 Feb 2024 23:59:59 GMT
Size 103 kB (102586 bytes)
Hash b8430635561769c2a81b420650830afa
4d1714f9f9536ecf298de390aef6ac887f3a58b9
4c95aa6c38fa29422cf609b5a255c73007f60d4c90839cefb40721810914bf95
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
Origin: https://www.upload.ee
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 01 Nov 2023 12:53:48 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://www.upload.ee
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 6874
last-modified: Wed, 01 Nov 2023 10:59:14 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Tud6MNEDpoOaRViUSUNFUlimrqJiep63k0iDnxfrOq5pwMGrTXHkKACHgn%2Fwav%2FWwG6ZE%2F5m0DYo%2F2ToThFwQfDMXHe%2BGqSaCg4Efhhx%2B7QRmNM%2Bmy1cLhzTX4M5Dfwp"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 81f448632ea21c0a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AVQVeywXRlBPZdd1VzYaHE0a0pXfzlxLBkiKzrigcwtGJDBCl1pOuZFcuPEOZhkEmqxCpLND6cO6EQ&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1510357996%3A1698843228860179&theme=glif
142.250.74.109403 Forbidden 2.5 kB URL GET HTTP/3 accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AVQVeywXRlBPZdd1VzYaHE0a0pXfzlxLBkiKzrigcwtGJDBCl1pOuZFcuPEOZhkEmqxCpLND6cO6EQ&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1510357996%3A1698843228860179&theme=glif
IP 142.250.74.109:443
Requested by https://www.upload.ee/files/15881870/Ricijo_Cheats_V._Halloween.exe.html?msg=sess_error
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint71:34:F9:A1:80:2F:AF:05:CB:45:8A:35:D5:48:03:3F:B3:6F:61:30
ValidityMon, 09 Oct 2023 08:04:03 GMT - Mon, 01 Jan 2024 08:04:02 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (1656)
Hash 717e58dcb25fa4b88275dccfdd260760
0415d7a9a0d1008cb791188f531110af25609004
21fe7318b6a509d80aa92a86d779bc355a06591663820aace3ad432c58b6809f
GET /v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AVQVeywXRlBPZdd1VzYaHE0a0pXfzlxLBkiKzrigcwtGJDBCl1pOuZFcuPEOZhkEmqxCpLND6cO6EQ&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1510357996%3A1698843228860179&theme=glif HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 01 Nov 2023 12:53:48 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
content-security-policy: script-src 'nonce-9SiJajZh1VT_814W_GYN4A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
odnaturedfe.org/popunder.gif
172.67.214.10 177 kB URL odnaturedfe.org/popunder.gif
IP 172.67.214.10:0
Certificate IssuerGoogle Trust Services LLC
Subjectodnaturedfe.org
Fingerprint75:4F:30:B9:B2:A1:A9:52:19:F4:F6:55:65:A5:A7:83:0F:1F:0B:B4
ValiditySun, 22 Oct 2023 07:29:35 GMT - Sat, 20 Jan 2024 07:29:34 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Size 177 kB (177037 bytes)
Hash a484f93e1e1e1735547ff8650cd01f7d
5244badd6d6e8cee6f79b381db050877e62d366b
95ef72f51d062d408d3c2fb6351223f58d9cc78b873dfa5d16ceb78a6c5aba50
Analyzer Verdict Alert Public InfoSec YARA rules malware Identifies a webshell or backdoor in image files.
GET /popunder.gif HTTP/1.1
Host: odnaturedfe.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 01 Nov 2023 12:53:48 GMT
content-type: image/gif
access-control-allow-origin: *
pragma: public
cache-control: public, max-age=604800, immutable
cf-cache-status: HIT
age: 67258
last-modified: Tue, 31 Oct 2023 18:12:50 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zj%2B4trhi8xjUBFXAm31%2Fe0Kq90W1Go4J82MnT0ocIx35kK6mXFEzKz1i8a4WhXXRnqVz3JY16PwZrwLkY6HxUTQjf8xvwOSRFSPjJPZaqsrazujLfY0Nme1ultRWgR%2FWi04%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 81f448646b9a0b65-OSL
alt-svc: h3=":443"; ma=86400
static.bepolite.eu/banners/03256cb1-ae06-4b92-a10a-975692692ccc/index.html?click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4tdAkh-RJKlUJ0YDUmm5mRPFHnjLnmu36CK3ZWUV805WYWQqLXq5DQnkxiCnfwuJTqMIf4Upc1IcV3g1BVwFxM6x4pLZeHhWHXn90MO4csb47sjd6PkFlmFC7AJFe9XFTJkVYC2BapMHshzm-MpgEDzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-0xSierf_8OPJT_pYuKcyZYupWANLN2if7CQuTeU-ijlHrMz8EFGIWf4TSXYRTA4QPa5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttps%253A%252F%252Fomegalaen.ee%252F&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4tdAkh-RJKlUJ0YDUmm5mRPFHnjLnmu36CK3ZWUV805WYWQqLXq5DQnkxiCnfwuJTqMIf4Upc1IcV3g1BVwFxM6x4pLZeHhWHXn90MO4csb47sjd6PkFlmFC7AJFe9XFTJkVYC2BapMHshzm-MpgEDzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-0xSierf_8OPJT_pYuKcyZYupWANLN2if7CQuTeU-ijlHrMz8EFGIWf4TSXYRTA4QPa5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fstatic.bepolite.eu%2Fbanners%2F03256cb1-ae06-4b92-a10a-975692692ccc%2Findex.html&clink=https%3A%2F%2Fomegalaen.ee%2F&banner_id=3b31a63d29e7442db62b1369461c6c9050dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=400&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
212.47.222.22 74 kB URL static.bepolite.eu/banners/03256cb1-ae06-4b92-a10a-975692692ccc/index.html?click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4tdAkh-RJKlUJ0YDUmm5mRPFHnjLnmu36CK3ZWUV805WYWQqLXq5DQnkxiCnfwuJTqMIf4Upc1IcV3g1BVwFxM6x4pLZeHhWHXn90MO4csb47sjd6PkFlmFC7AJFe9XFTJkVYC2BapMHshzm-MpgEDzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-0xSierf_8OPJT_pYuKcyZYupWANLN2if7CQuTeU-ijlHrMz8EFGIWf4TSXYRTA4QPa5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttps%253A%252F%252Fomegalaen.ee%252F&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4tdAkh-RJKlUJ0YDUmm5mRPFHnjLnmu36CK3ZWUV805WYWQqLXq5DQnkxiCnfwuJTqMIf4Upc1IcV3g1BVwFxM6x4pLZeHhWHXn90MO4csb47sjd6PkFlmFC7AJFe9XFTJkVYC2BapMHshzm-MpgEDzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-0xSierf_8OPJT_pYuKcyZYupWANLN2if7CQuTeU-ijlHrMz8EFGIWf4TSXYRTA4QPa5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fstatic.bepolite.eu%2Fbanners%2F03256cb1-ae06-4b92-a10a-975692692ccc%2Findex.html&clink=https%3A%2F%2Fomegalaen.ee%2F&banner_id=3b31a63d29e7442db62b1369461c6c9050dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=400&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
IP 212.47.222.22:0
ASN #3327 CITIC Telecom CPC Netherlands B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (19258)
Hash bf8dfa3a7bda8d31b88de81200b8b02b
0b3678f38433c4b6273a632f509a08368dc5ad64
6a2d03a0e8e0ecd7cf62fef4a959d23c812d7be45404f382f9d045b0d0a0e2fc
GET /banners/03256cb1-ae06-4b92-a10a-975692692ccc/index.html?click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4tdAkh-RJKlUJ0YDUmm5mRPFHnjLnmu36CK3ZWUV805WYWQqLXq5DQnkxiCnfwuJTqMIf4Upc1IcV3g1BVwFxM6x4pLZeHhWHXn90MO4csb47sjd6PkFlmFC7AJFe9XFTJkVYC2BapMHshzm-MpgEDzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-0xSierf_8OPJT_pYuKcyZYupWANLN2if7CQuTeU-ijlHrMz8EFGIWf4TSXYRTA4QPa5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttps%253A%252F%252Fomegalaen.ee%252F&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4tdAkh-RJKlUJ0YDUmm5mRPFHnjLnmu36CK3ZWUV805WYWQqLXq5DQnkxiCnfwuJTqMIf4Upc1IcV3g1BVwFxM6x4pLZeHhWHXn90MO4csb47sjd6PkFlmFC7AJFe9XFTJkVYC2BapMHshzm-MpgEDzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-0xSierf_8OPJT_pYuKcyZYupWANLN2if7CQuTeU-ijlHrMz8EFGIWf4TSXYRTA4QPa5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fstatic.bepolite.eu%2Fbanners%2F03256cb1-ae06-4b92-a10a-975692692ccc%2Findex.html&clink=https%3A%2F%2Fomegalaen.ee%2F&banner_id=3b31a63d29e7442db62b1369461c6c9050dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=400&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner HTTP/1.1
Host: static.bepolite.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: text/html
accept-ranges: bytes
etag: "4072232580"
last-modified: Mon, 30 Oct 2023 11:31:48 GMT
content-length: 74030
date: Wed, 01 Nov 2023 12:53:49 GMT
cache-control: must-revalidate, private
expires: -1
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 730323302
age: 0
X-Firefox-Spdy: h2
static.bepolite.eu/files/close-gray.png
212.47.222.22200 OK 1.5 kB URL GET HTTP/2 static.bepolite.eu/files/close-gray.png
IP 212.47.222.22:443
ASN #3327 CITIC Telecom CPC Netherlands B.V.
Requested by https://www.upload.ee/files/15881870/Ricijo_Cheats_V._Halloween.exe.html?msg=sess_error
Certificate IssuerLet's Encrypt
Subjectstatic.bepolite.eu
FingerprintB7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD
ValidityMon, 04 Sep 2023 21:06:47 GMT - Sun, 03 Dec 2023 21:06:46 GMT
File type PNG image data, 35 x 35, 8-bit/color RGBA, non-interlaced\012- data
Hash 41d9676ab94bece3f7a549b4769ddbe2
521f14490fc57fea51e2e5bf00e2299dce51561b
c2f89787bda82263fceb9ec11d398fa83a5f22abf248956df29bdee2987d2f34
GET /files/close-gray.png HTTP/1.1
Host: static.bepolite.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/png
accept-ranges: bytes
etag: "2525417386"
last-modified: Fri, 08 Apr 2022 18:07:56 GMT
content-length: 1497
date: Wed, 01 Nov 2023 12:53:49 GMT
cache-control: must-revalidate, private
expires: -1
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 730323308
age: 0
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AVQVeywDkuw_jM_fW_YPd06FO7OYg3hUiN_FA0Xn2Tfuj7k_GIUAF6lDUH36nLQ5SpkrifwzyQcmFQ&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1878261238%3A1698843228844315&theme=glif
142.250.74.109 14 kB URL accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AVQVeywDkuw_jM_fW_YPd06FO7OYg3hUiN_FA0Xn2Tfuj7k_GIUAF6lDUH36nLQ5SpkrifwzyQcmFQ&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1878261238%3A1698843228844315&theme=glif
IP 142.250.74.109:0
File type gzip compressed data, max compression\012- data
Hash a66ea4a2c51d41be287a2a504a31b004
8460db4dd74352b1b1082619672966a99c12a6c8
764a455467a71a8279a8ba30367e8abb8313cbb181658100c439c639d8e90a72
GET /v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AVQVeywDkuw_jM_fW_YPd06FO7OYg3hUiN_FA0Xn2Tfuj7k_GIUAF6lDUH36nLQ5SpkrifwzyQcmFQ&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1878261238%3A1698843228844315&theme=glif HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 01 Nov 2023 12:53:48 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-security-policy: script-src 'nonce-JnSqZrici-PbGZcn-cOh5A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
static.bepolite.eu/banners/03256cb1-ae06-4b92-a10a-975692692ccc/Omega_Laen_Vertical_White.svg
212.47.222.22 2.3 kB URL static.bepolite.eu/banners/03256cb1-ae06-4b92-a10a-975692692ccc/Omega_Laen_Vertical_White.svg
IP 212.47.222.22:0
ASN #3327 CITIC Telecom CPC Netherlands B.V.
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 053652d336b24bdd3dd67ab6e6964196
17f4bb55b930f590db157b2c76efe63dc46cf456
c2ffb1ae9a4ad9e762ea71c86ec4c5b7a418fef992fdb1b24e2501ec84a2b489
GET /banners/03256cb1-ae06-4b92-a10a-975692692ccc/Omega_Laen_Vertical_White.svg HTTP/1.1
Host: static.bepolite.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://static.bepolite.eu/banners/03256cb1-ae06-4b92-a10a-975692692ccc/index.html?click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4tdAkh-RJKlUJ0YDUmm5mRPFHnjLnmu36CK3ZWUV805WYWQqLXq5DQnkxiCnfwuJTqMIf4Upc1IcV3g1BVwFxM6x4pLZeHhWHXn90MO4csb47sjd6PkFlmFC7AJFe9XFTJkVYC2BapMHshzm-MpgEDzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-0xSierf_8OPJT_pYuKcyZYupWANLN2if7CQuTeU-ijlHrMz8EFGIWf4TSXYRTA4QPa5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttps%253A%252F%252Fomegalaen.ee%252F&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4tdAkh-RJKlUJ0YDUmm5mRPFHnjLnmu36CK3ZWUV805WYWQqLXq5DQnkxiCnfwuJTqMIf4Upc1IcV3g1BVwFxM6x4pLZeHhWHXn90MO4csb47sjd6PkFlmFC7AJFe9XFTJkVYC2BapMHshzm-MpgEDzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-0xSierf_8OPJT_pYuKcyZYupWANLN2if7CQuTeU-ijlHrMz8EFGIWf4TSXYRTA4QPa5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fstatic.bepolite.eu%2Fbanners%2F03256cb1-ae06-4b92-a10a-975692692ccc%2Findex.html&clink=https%3A%2F%2Fomegalaen.ee%2F&banner_id=3b31a63d29e7442db62b1369461c6c9050dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=400&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/svg+xml
accept-ranges: bytes
etag: "3948890799"
last-modified: Mon, 30 Oct 2023 11:31:48 GMT
content-length: 2288
date: Wed, 01 Nov 2023 12:53:49 GMT
cache-control: must-revalidate, private
expires: -1
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 730323311
age: 0
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
188.114.96.1200 OK 103 kB IP 188.114.96.1:443
Requested by https://www.upload.ee/files/15881870/Ricijo_Cheats_V._Halloween.exe.html?msg=sess_error
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint17:F9:2D:6F:B5:5E:5F:37:A6:FB:BE:61:4F:97:64:33:85:5C:3A:FB
ValidityTue, 28 Feb 2023 00:00:00 GMT - Tue, 27 Feb 2024 23:59:59 GMT
Size 103 kB (103211 bytes)
Hash eb7c9a2df719d621f944eb6d0ca4ee0f
80f8eb258b9bc882a760d24c401eb8cee6d37f0e
1a0591c695dc4a63e50405e8877d14e054297c78cee7c04878e7a333f54a10af
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
Origin: https://www.upload.ee
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 01 Nov 2023 12:53:48 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://www.upload.ee
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 6874
last-modified: Wed, 01 Nov 2023 10:59:14 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=22Z9Oo7sL3j%2F4PxGOkWzbCx3nHH1Tn9sM%2Bx7SJfe5hRlThWm8eB2lBqgqTctkF2BwJaLWwi5V8gpXLyNSYdPsIiKvTdvM89sU8K9iPOEgqriNbccgYbZDeo%2BOI9mRB7M"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 81f448632ea71c0a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF4tdAkh-RJKlUJ0YDUmm5mRPFHnjLnmu36CK3ZWUV805WYWQqLXq5DQnkxiCnfwuJTqMIf4Upc1IcV3g1BVwFxM6x4pLZeHhWHXn90MO4csb47sjd6PkFlmFC7AJFe9XFTJkVYC2BapMHshzm-MpgEDzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1E8ZIEiCzUVRK-19Gkg33uPJIqhbS8TnHNIwVkc44o14Jlu5FnUGUVJccIA7StPuDa5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g
212.47.222.22200 OK 0 B URL GET HTTP/2 serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF4tdAkh-RJKlUJ0YDUmm5mRPFHnjLnmu36CK3ZWUV805WYWQqLXq5DQnkxiCnfwuJTqMIf4Upc1IcV3g1BVwFxM6x4pLZeHhWHXn90MO4csb47sjd6PkFlmFC7AJFe9XFTJkVYC2BapMHshzm-MpgEDzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1E8ZIEiCzUVRK-19Gkg33uPJIqhbS8TnHNIwVkc44o14Jlu5FnUGUVJccIA7StPuDa5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g
IP 212.47.222.22:443
ASN #3327 CITIC Telecom CPC Netherlands B.V.
Requested by https://www.upload.ee/files/15881870/Ricijo_Cheats_V._Halloween.exe.html?msg=sess_error
Certificate IssuerLet's Encrypt
Subjectstatic.bepolite.eu
FingerprintB7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD
ValidityMon, 04 Sep 2023 21:06:47 GMT - Sun, 03 Dec 2023 21:06:46 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /event?key=FYFWuDany3hwv6rfuoAYF4tdAkh-RJKlUJ0YDUmm5mRPFHnjLnmu36CK3ZWUV805WYWQqLXq5DQnkxiCnfwuJTqMIf4Upc1IcV3g1BVwFxM6x4pLZeHhWHXn90MO4csb47sjd6PkFlmFC7AJFe9XFTJkVYC2BapMHshzm-MpgEDzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1E8ZIEiCzUVRK-19Gkg33uPJIqhbS8TnHNIwVkc44o14Jlu5FnUGUVJccIA7StPuDa5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g HTTP/1.1
Host: serving.bepolite.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Cookie: bepolite_id=ef355952eb6dc1c9b9eb32211a1df05c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 0
date: Wed, 01 Nov 2023 12:53:49 GMT
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 731515701
age: 0
accept-ranges: bytes
X-Firefox-Spdy: h2
serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF4tdAkh-RJKlUJ0YDUmm5mRPFHnjLnmu36CK3ZWUV805WYWQqLXq5DQnkxiCnfwuJTqMIf4Upc1IcV3g1BVwFxM6x4pLZeHhWHXn90MO4csb47sjd6PkFlmFC7AJFe9XFTJkVYC2BapMHshzm-MpgEDzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-0xSierf_8OPJT_pYuKcyZYupWANLN2if7CQuTeU-ijlHrMz8EFGIWf4TSXYRTA4QPa5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g
212.47.222.22200 OK 0 B URL GET HTTP/2 serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF4tdAkh-RJKlUJ0YDUmm5mRPFHnjLnmu36CK3ZWUV805WYWQqLXq5DQnkxiCnfwuJTqMIf4Upc1IcV3g1BVwFxM6x4pLZeHhWHXn90MO4csb47sjd6PkFlmFC7AJFe9XFTJkVYC2BapMHshzm-MpgEDzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-0xSierf_8OPJT_pYuKcyZYupWANLN2if7CQuTeU-ijlHrMz8EFGIWf4TSXYRTA4QPa5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g
IP 212.47.222.22:443
ASN #3327 CITIC Telecom CPC Netherlands B.V.
Requested by https://www.upload.ee/files/15881870/Ricijo_Cheats_V._Halloween.exe.html?msg=sess_error
Certificate IssuerLet's Encrypt
Subjectstatic.bepolite.eu
FingerprintB7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD
ValidityMon, 04 Sep 2023 21:06:47 GMT - Sun, 03 Dec 2023 21:06:46 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /event?key=FYFWuDany3hwv6rfuoAYF4tdAkh-RJKlUJ0YDUmm5mRPFHnjLnmu36CK3ZWUV805WYWQqLXq5DQnkxiCnfwuJTqMIf4Upc1IcV3g1BVwFxM6x4pLZeHhWHXn90MO4csb47sjd6PkFlmFC7AJFe9XFTJkVYC2BapMHshzm-MpgEDzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-0xSierf_8OPJT_pYuKcyZYupWANLN2if7CQuTeU-ijlHrMz8EFGIWf4TSXYRTA4QPa5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g HTTP/1.1
Host: serving.bepolite.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Cookie: bepolite_id=ef355952eb6dc1c9b9eb32211a1df05c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 0
date: Wed, 01 Nov 2023 12:53:49 GMT
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 729865834
age: 0
accept-ranges: bytes
X-Firefox-Spdy: h2
pogothere.xyz/
188.114.96.1 109 kB IP 188.114.96.1:0
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint17:F9:2D:6F:B5:5E:5F:37:A6:FB:BE:61:4F:97:64:33:85:5C:3A:FB
ValidityTue, 28 Feb 2023 00:00:00 GMT - Tue, 27 Feb 2024 23:59:59 GMT
File type ASCII text, with no line terminators
Size 109 kB (108731 bytes)
Hash 93a2b933977fe82737c0ec8b0c4dcf2c
0f4c3b5abf4ff7520665aa1405f9d28b05729d27
57f2d24e2028cffc3deaaea500bfb442aa7f97cb58f2213b0ab11fecc9c561b8
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
Origin: https://www.upload.ee
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 01 Nov 2023 12:53:48 GMT
content-type: text/plain
set-cookie: csu=839016267985160@1@1698843228; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://www.upload.ee
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XIK%2FH6ZjaSxzHcKpXE8z%2FQYLApneiQnuZZFjWwsPD0f1fwMkUvbzKzaRIMN2O5R9OaQxDcDvXRaiZs28H%2Fvt1SL%2BXQxK%2FMW0sEeUmRSCPhzzCRedU2eF1yGqBuK0Oiby"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 81f448632ead1c0a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF4tdAkh-RJKlUJ0YDUmm5mRPFHnjLnmu36CK3ZWUV805WYWQqLXq5DQnkxiCnfwuJTqMIf4Upc1IcV3g1BVwFxM6x4pLZeHhWHXn90MO4csb47sjd6PkFlmFC7AJFe9XFTJkVYC2BapMHshzm-MpgEDzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1-evhWID3ORXadlzh-PDTFyohtAUnWvPFvxHzT-ywuaqFN0px0PrukqcX27oIItUza5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g
212.47.222.22 0 B URL serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF4tdAkh-RJKlUJ0YDUmm5mRPFHnjLnmu36CK3ZWUV805WYWQqLXq5DQnkxiCnfwuJTqMIf4Upc1IcV3g1BVwFxM6x4pLZeHhWHXn90MO4csb47sjd6PkFlmFC7AJFe9XFTJkVYC2BapMHshzm-MpgEDzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1-evhWID3ORXadlzh-PDTFyohtAUnWvPFvxHzT-ywuaqFN0px0PrukqcX27oIItUza5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g
IP 212.47.222.22:0
ASN #3327 CITIC Telecom CPC Netherlands B.V.
Certificate IssuerLet's Encrypt
Subjectstatic.bepolite.eu
FingerprintB7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD
ValidityMon, 04 Sep 2023 21:06:47 GMT - Sun, 03 Dec 2023 21:06:46 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /event?key=FYFWuDany3hwv6rfuoAYF4tdAkh-RJKlUJ0YDUmm5mRPFHnjLnmu36CK3ZWUV805WYWQqLXq5DQnkxiCnfwuJTqMIf4Upc1IcV3g1BVwFxM6x4pLZeHhWHXn90MO4csb47sjd6PkFlmFC7AJFe9XFTJkVYC2BapMHshzm-MpgEDzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1-evhWID3ORXadlzh-PDTFyohtAUnWvPFvxHzT-ywuaqFN0px0PrukqcX27oIItUza5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g HTTP/1.1
Host: serving.bepolite.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Cookie: bepolite_id=ef355952eb6dc1c9b9eb32211a1df05c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 0
date: Wed, 01 Nov 2023 12:53:48 GMT
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 731067708
age: 0
accept-ranges: bytes
X-Firefox-Spdy: h2
banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4tdAkh-RJKlUJ0YDUmm5mRPFHnjLnmu36CK3ZWUV805WYWQqLXq5DQnkxiCnfwuJTqMIf4Upc1IcV3g1BVwFxM6x4pLZeHhWHXn90MO4csb47sjd6PkFlmFC7AJFe9XFTJkVYC2BapMHshzm-MpgEDzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1-evhWID3ORXadlzh-PDTFyohtAUnWvPFvxHzT-ywuaqFN0px0PrukqcX27oIItUza5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4tdAkh-RJKlUJ0YDUmm5mRPFHnjLnmu36CK3ZWUV805WYWQqLXq5DQnkxiCnfwuJTqMIf4Upc1IcV3g1BVwFxM6x4pLZeHhWHXn90MO4csb47sjd6PkFlmFC7AJFe9XFTJkVYC2BapMHshzm-MpgEDzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1-evhWID3ORXadlzh-PDTFyohtAUnWvPFvxHzT-ywuaqFN0px0PrukqcX27oIItUza5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=d0e67994dc7f4c0c89c220c278dae86e50dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
18.157.94.205 50 kB URL banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4tdAkh-RJKlUJ0YDUmm5mRPFHnjLnmu36CK3ZWUV805WYWQqLXq5DQnkxiCnfwuJTqMIf4Upc1IcV3g1BVwFxM6x4pLZeHhWHXn90MO4csb47sjd6PkFlmFC7AJFe9XFTJkVYC2BapMHshzm-MpgEDzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1-evhWID3ORXadlzh-PDTFyohtAUnWvPFvxHzT-ywuaqFN0px0PrukqcX27oIItUza5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4tdAkh-RJKlUJ0YDUmm5mRPFHnjLnmu36CK3ZWUV805WYWQqLXq5DQnkxiCnfwuJTqMIf4Upc1IcV3g1BVwFxM6x4pLZeHhWHXn90MO4csb47sjd6PkFlmFC7AJFe9XFTJkVYC2BapMHshzm-MpgEDzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1-evhWID3ORXadlzh-PDTFyohtAUnWvPFvxHzT-ywuaqFN0px0PrukqcX27oIItUza5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=d0e67994dc7f4c0c89c220c278dae86e50dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
IP 18.157.94.205:0
File type gzip compressed data, from Unix\012- data
Hash 242732d8a00e5f3772df8e255b4d317b
9051446b38da990f33a4fb64e33b8f19e6725270
725c3241c7fc77c48a729cd8189e5809098031bf47a9434db2a4f8eedba3ab6b
GET /index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4tdAkh-RJKlUJ0YDUmm5mRPFHnjLnmu36CK3ZWUV805WYWQqLXq5DQnkxiCnfwuJTqMIf4Upc1IcV3g1BVwFxM6x4pLZeHhWHXn90MO4csb47sjd6PkFlmFC7AJFe9XFTJkVYC2BapMHshzm-MpgEDzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1-evhWID3ORXadlzh-PDTFyohtAUnWvPFvxHzT-ywuaqFN0px0PrukqcX27oIItUza5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4tdAkh-RJKlUJ0YDUmm5mRPFHnjLnmu36CK3ZWUV805WYWQqLXq5DQnkxiCnfwuJTqMIf4Upc1IcV3g1BVwFxM6x4pLZeHhWHXn90MO4csb47sjd6PkFlmFC7AJFe9XFTJkVYC2BapMHshzm-MpgEDzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1-evhWID3ORXadlzh-PDTFyohtAUnWvPFvxHzT-ywuaqFN0px0PrukqcX27oIItUza5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=d0e67994dc7f4c0c89c220c278dae86e50dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 01 Nov 2023 12:53:50 GMT
content-type: text/html
server: nginx/1.15.12
last-modified: Tue, 24 Jan 2023 14:19:47 GMT
vary: Accept-Encoding
etag: W/"63cfe903-1781"
content-encoding: gzip
X-Firefox-Spdy: h2
fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
216.58.207.227200 OK 48 kB URL GET HTTP/2 fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 216.58.207.227:443
Requested by https://static.bepolite.eu/banners/03256cb1-ae06-4b92-a10a-975692692ccc/index.html?click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4tdAkh-RJKlUJ0YDUmm5mRPFHnjLnmu36CK3ZWUV805WYWQqLXq5DQnkxiCnfwuJTqMIf4Upc1IcV3g1BVwFxM6x4pLZeHhWHXn90MO4csb47sjd6PkFlmFC7AJFe9XFTJkVYC2BapMHshzm-MpgEDzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-0xSierf_8OPJT_pYuKcyZYupWANLN2if7CQuTeU-ijlHrMz8EFGIWf4TSXYRTA4QPa5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttps%253A%252F%252Fomegalaen.ee%252F&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4tdAkh-RJKlUJ0YDUmm5mRPFHnjLnmu36CK3ZWUV805WYWQqLXq5DQnkxiCnfwuJTqMIf4Upc1IcV3g1BVwFxM6x4pLZeHhWHXn90MO4csb47sjd6PkFlmFC7AJFe9XFTJkVYC2BapMHshzm-MpgEDzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-0xSierf_8OPJT_pYuKcyZYupWANLN2if7CQuTeU-ijlHrMz8EFGIWf4TSXYRTA4QPa5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fstatic.bepolite.eu%2Fbanners%2F03256cb1-ae06-4b92-a10a-975692692ccc%2Findex.html&clink=https%3A%2F%2Fomegalaen.ee%2F&banner_id=3b31a63d29e7442db62b1369461c6c9050dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=400&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintBE:D3:D2:0A:C4:57:FB:0B:D7:17:48:C8:AB:52:49:39:3E:E9:3C:60
ValidityMon, 09 Oct 2023 08:10:32 GMT - Mon, 01 Jan 2024 08:10:31 GMT
File type Web Open Font Format (Version 2), TrueType, length 48432, version 1.0\012- data
Hash e2d74c5e631bc53a7240bbfe4be99c8f
eb513857bb01cc4f7249067fc7e969bef415fc90
9b1b9d7cb74a9923d83f36f0026f421940b861fd6e1a51b8f79af45492ed4ed5
GET /s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://static.bepolite.eu
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48432
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 31 Oct 2023 09:00:39 GMT
expires: Wed, 30 Oct 2024 09:00:39 GMT
cache-control: public, max-age=31536000
age: 100391
last-modified: Thu, 14 Sep 2023 00:40:31 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/inter/v13/UcCO3FwrK3iLTeHuS_fvQtMwCp50KnMw2boKoduKmMEVuFuYAZ9hiA.woff2
216.58.207.227 23 kB URL fonts.gstatic.com/s/inter/v13/UcCO3FwrK3iLTeHuS_fvQtMwCp50KnMw2boKoduKmMEVuFuYAZ9hiA.woff2
IP 216.58.207.227:0
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintBE:D3:D2:0A:C4:57:FB:0B:D7:17:48:C8:AB:52:49:39:3E:E9:3C:60
ValidityMon, 09 Oct 2023 08:10:32 GMT - Mon, 01 Jan 2024 08:10:31 GMT
File type Web Open Font Format (Version 2), TrueType, length 22904, version 1.0\012- data
Hash 2a4c97ec45ef9f6d47fb0e7cd47ae67c
4b7c2b478c629a59e8a0abee34feba0654392c66
7b43cb86a0e63bbb55376b4ea60d8cc9527a1421c367aa09962725e0c5140f5f
GET /s/inter/v13/UcCO3FwrK3iLTeHuS_fvQtMwCp50KnMw2boKoduKmMEVuFuYAZ9hiA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://static.bepolite.eu
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 22904
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 30 Oct 2023 20:38:50 GMT
expires: Tue, 29 Oct 2024 20:38:50 GMT
cache-control: public, max-age=31536000
age: 144900
last-modified: Wed, 13 Sep 2023 23:50:43 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
banner.hookusbookus.com/config/config.js?v=1
18.157.94.205200 OK 75 B URL GET HTTP/2 banner.hookusbookus.com/config/config.js?v=1
IP 18.157.94.205:443
Requested by https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4tdAkh-RJKlUJ0YDUmm5mRPFHnjLnmu36CK3ZWUV805WYWQqLXq5DQnkxiCnfwuJTqMIf4Upc1IcV3g1BVwFxM6x4pLZeHhWHXn90MO4csb47sjd6PkFlmFC7AJFe9XFTJkVYC2BapMHshzm-MpgEDzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1E8ZIEiCzUVRK-19Gkg33uPJIqhbS8TnHNIwVkc44o14Jlu5FnUGUVJccIA7StPuDa5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4tdAkh-RJKlUJ0YDUmm5mRPFHnjLnmu36CK3ZWUV805WYWQqLXq5DQnkxiCnfwuJTqMIf4Upc1IcV3g1BVwFxM6x4pLZeHhWHXn90MO4csb47sjd6PkFlmFC7AJFe9XFTJkVYC2BapMHshzm-MpgEDzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1E8ZIEiCzUVRK-19Gkg33uPJIqhbS8TnHNIwVkc44o14Jlu5FnUGUVJccIA7StPuDa5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=477a2f8194c2474d89778f576cd32c1550dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerAmazon
Subject*.hookusbookus.com
FingerprintCD:CD:3C:03:66:21:F8:A9:21:BC:F8:C8:3C:DC:88:0A:C5:19:F1:7A
ValiditySun, 07 May 2023 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT
Hash ee16e21326dec006274a554647c4d759
8e4389c35e12ea6d1e4d7214c174fda343047865
5ccb649c18765165e7128191ea14ab53d8de87d6ad7eea29328b681d455d7a4f
GET /config/config.js?v=1 HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4tdAkh-RJKlUJ0YDUmm5mRPFHnjLnmu36CK3ZWUV805WYWQqLXq5DQnkxiCnfwuJTqMIf4Upc1IcV3g1BVwFxM6x4pLZeHhWHXn90MO4csb47sjd6PkFlmFC7AJFe9XFTJkVYC2BapMHshzm-MpgEDzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1-evhWID3ORXadlzh-PDTFyohtAUnWvPFvxHzT-ywuaqFN0px0PrukqcX27oIItUza5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4tdAkh-RJKlUJ0YDUmm5mRPFHnjLnmu36CK3ZWUV805WYWQqLXq5DQnkxiCnfwuJTqMIf4Upc1IcV3g1BVwFxM6x4pLZeHhWHXn90MO4csb47sjd6PkFlmFC7AJFe9XFTJkVYC2BapMHshzm-MpgEDzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1-evhWID3ORXadlzh-PDTFyohtAUnWvPFvxHzT-ywuaqFN0px0PrukqcX27oIItUza5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=d0e67994dc7f4c0c89c220c278dae86e50dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Nov 2023 12:53:50 GMT
content-type: application/javascript
content-length: 75
server: nginx/1.15.12
last-modified: Tue, 24 Jan 2023 14:19:47 GMT
etag: "63cfe903-4b"
accept-ranges: bytes
X-Firefox-Spdy: h2
banner.hookusbookus.com/config/config.js?v=1
18.157.94.205200 OK 75 B URL GET HTTP/2 banner.hookusbookus.com/config/config.js?v=1
IP 18.157.94.205:443
Requested by https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4tdAkh-RJKlUJ0YDUmm5mRPFHnjLnmu36CK3ZWUV805WYWQqLXq5DQnkxiCnfwuJTqMIf4Upc1IcV3g1BVwFxM6x4pLZeHhWHXn90MO4csb47sjd6PkFlmFC7AJFe9XFTJkVYC2BapMHshzm-MpgEDzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1E8ZIEiCzUVRK-19Gkg33uPJIqhbS8TnHNIwVkc44o14Jlu5FnUGUVJccIA7StPuDa5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4tdAkh-RJKlUJ0YDUmm5mRPFHnjLnmu36CK3ZWUV805WYWQqLXq5DQnkxiCnfwuJTqMIf4Upc1IcV3g1BVwFxM6x4pLZeHhWHXn90MO4csb47sjd6PkFlmFC7AJFe9XFTJkVYC2BapMHshzm-MpgEDzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1E8ZIEiCzUVRK-19Gkg33uPJIqhbS8TnHNIwVkc44o14Jlu5FnUGUVJccIA7StPuDa5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=477a2f8194c2474d89778f576cd32c1550dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerAmazon
Subject*.hookusbookus.com
FingerprintCD:CD:3C:03:66:21:F8:A9:21:BC:F8:C8:3C:DC:88:0A:C5:19:F1:7A
ValiditySun, 07 May 2023 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT
Hash ee16e21326dec006274a554647c4d759
8e4389c35e12ea6d1e4d7214c174fda343047865
5ccb649c18765165e7128191ea14ab53d8de87d6ad7eea29328b681d455d7a4f
GET /config/config.js?v=1 HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4tdAkh-RJKlUJ0YDUmm5mRPFHnjLnmu36CK3ZWUV805WYWQqLXq5DQnkxiCnfwuJTqMIf4Upc1IcV3g1BVwFxM6x4pLZeHhWHXn90MO4csb47sjd6PkFlmFC7AJFe9XFTJkVYC2BapMHshzm-MpgEDzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1E8ZIEiCzUVRK-19Gkg33uPJIqhbS8TnHNIwVkc44o14Jlu5FnUGUVJccIA7StPuDa5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4tdAkh-RJKlUJ0YDUmm5mRPFHnjLnmu36CK3ZWUV805WYWQqLXq5DQnkxiCnfwuJTqMIf4Upc1IcV3g1BVwFxM6x4pLZeHhWHXn90MO4csb47sjd6PkFlmFC7AJFe9XFTJkVYC2BapMHshzm-MpgEDzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1E8ZIEiCzUVRK-19Gkg33uPJIqhbS8TnHNIwVkc44o14Jlu5FnUGUVJccIA7StPuDa5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=477a2f8194c2474d89778f576cd32c1550dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Nov 2023 12:53:50 GMT
content-type: application/javascript
content-length: 75
server: nginx/1.15.12
last-modified: Tue, 24 Jan 2023 14:19:47 GMT
etag: "63cfe903-4b"
accept-ranges: bytes
X-Firefox-Spdy: h2
banner.hookusbookus.com/assets/image/prices-bg-3.png
18.157.94.205 2.4 kB URL banner.hookusbookus.com/assets/image/prices-bg-3.png
IP 18.157.94.205:0
File type PNG image data, 250 x 118, 8-bit/color RGBA, non-interlaced\012- data
Hash ef56eff9c1246b25c0088c156116ae05
21f5a8245443365c960a196d005277a3c5ef4709
be624625b85909d1b549672c0a13b167751f842e035c3156f1d5e4a1b677ce54
GET /assets/image/prices-bg-3.png HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/assets/css/index_1000x200.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Nov 2023 12:53:50 GMT
content-type: image/png
content-length: 2442
server: nginx/1.15.12
last-modified: Thu, 22 Apr 2021 07:20:15 GMT
etag: "608123af-98a"
accept-ranges: bytes
X-Firefox-Spdy: h2
banner.hookusbookus.com/assets/fonts/greycliff-cf-regular.woff
18.157.94.205 53 kB URL banner.hookusbookus.com/assets/fonts/greycliff-cf-regular.woff
IP 18.157.94.205:0
File type Web Open Font Format, TrueType, length 53104, version 1.500\012- data
Hash 4f5975fe17a8ca74963be0165ff6a443
4bca2ab6c3da2b6ae09602601adeac22e7a90381
5b8f98e0c93afef19bd64c3dea2a16d60dc1574e5a4a79b788ef03b9eb3c22df
GET /assets/fonts/greycliff-cf-regular.woff HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/assets/css/index_1000x200.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Nov 2023 12:53:50 GMT
content-type: font/woff
content-length: 53104
server: nginx/1.15.12
last-modified: Thu, 22 Apr 2021 07:20:15 GMT
etag: "608123af-cf70"
accept-ranges: bytes
X-Firefox-Spdy: h2
banner.hookusbookus.com/assets/fonts/greycliff-cf-regular.woff
18.157.94.205 53 kB URL banner.hookusbookus.com/assets/fonts/greycliff-cf-regular.woff
IP 18.157.94.205:0
File type Web Open Font Format, TrueType, length 53104, version 1.500\012- data
Hash 4f5975fe17a8ca74963be0165ff6a443
4bca2ab6c3da2b6ae09602601adeac22e7a90381
5b8f98e0c93afef19bd64c3dea2a16d60dc1574e5a4a79b788ef03b9eb3c22df
GET /assets/fonts/greycliff-cf-regular.woff HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/assets/css/index_1000x200.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Nov 2023 12:53:50 GMT
content-type: font/woff
content-length: 53104
server: nginx/1.15.12
last-modified: Thu, 22 Apr 2021 07:20:15 GMT
etag: "608123af-cf70"
accept-ranges: bytes
X-Firefox-Spdy: h2
banner.hookusbookus.com/assets/js/jquery.min.js
18.157.94.205200 OK 91 kB URL GET HTTP/2 banner.hookusbookus.com/assets/js/jquery.min.js
IP 18.157.94.205:443
Requested by https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4tdAkh-RJKlUJ0YDUmm5mRPFHnjLnmu36CK3ZWUV805WYWQqLXq5DQnkxiCnfwuJTqMIf4Upc1IcV3g1BVwFxM6x4pLZeHhWHXn90MO4csb47sjd6PkFlmFC7AJFe9XFTJkVYC2BapMHshzm-MpgEDzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1E8ZIEiCzUVRK-19Gkg33uPJIqhbS8TnHNIwVkc44o14Jlu5FnUGUVJccIA7StPuDa5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4tdAkh-RJKlUJ0YDUmm5mRPFHnjLnmu36CK3ZWUV805WYWQqLXq5DQnkxiCnfwuJTqMIf4Upc1IcV3g1BVwFxM6x4pLZeHhWHXn90MO4csb47sjd6PkFlmFC7AJFe9XFTJkVYC2BapMHshzm-MpgEDzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1E8ZIEiCzUVRK-19Gkg33uPJIqhbS8TnHNIwVkc44o14Jlu5FnUGUVJccIA7StPuDa5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=477a2f8194c2474d89778f576cd32c1550dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerAmazon
Subject*.hookusbookus.com
FingerprintCD:CD:3C:03:66:21:F8:A9:21:BC:F8:C8:3C:DC:88:0A:C5:19:F1:7A
ValiditySun, 07 May 2023 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT
File type gzip compressed data, from Unix\012- data
Hash 9b15df5ff2716ff5258e6ff8120f2dfd
7e8273e2a19de069b7e663cc6d84414f99174fd5
07ef59af5615447e2a58d180e0df5476cf6a437782934dd5a5937aa23382dd39
GET /assets/js/jquery.min.js HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4tdAkh-RJKlUJ0YDUmm5mRPFHnjLnmu36CK3ZWUV805WYWQqLXq5DQnkxiCnfwuJTqMIf4Upc1IcV3g1BVwFxM6x4pLZeHhWHXn90MO4csb47sjd6PkFlmFC7AJFe9XFTJkVYC2BapMHshzm-MpgEDzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1-evhWID3ORXadlzh-PDTFyohtAUnWvPFvxHzT-ywuaqFN0px0PrukqcX27oIItUza5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4tdAkh-RJKlUJ0YDUmm5mRPFHnjLnmu36CK3ZWUV805WYWQqLXq5DQnkxiCnfwuJTqMIf4Upc1IcV3g1BVwFxM6x4pLZeHhWHXn90MO4csb47sjd6PkFlmFC7AJFe9XFTJkVYC2BapMHshzm-MpgEDzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1-evhWID3ORXadlzh-PDTFyohtAUnWvPFvxHzT-ywuaqFN0px0PrukqcX27oIItUza5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=d0e67994dc7f4c0c89c220c278dae86e50dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Nov 2023 12:53:50 GMT
content-type: application/javascript
server: nginx/1.15.12
last-modified: Thu, 22 Apr 2021 07:20:15 GMT
vary: Accept-Encoding
etag: W/"608123af-15d84"
content-encoding: gzip
X-Firefox-Spdy: h2
dskwugy0u6y9l.cloudfront.net/hotelliveeb/images/general/1/fyjQNUZO5B6uKXzlqvRy.jpg
143.204.42.89421 Misdirected Request 58 kB URL GET HTTP/2 dskwugy0u6y9l.cloudfront.net/hotelliveeb/images/general/1/fyjQNUZO5B6uKXzlqvRy.jpg
IP 143.204.42.89:443
Requested by https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4tdAkh-RJKlUJ0YDUmm5mRPFHnjLnmu36CK3ZWUV805WYWQqLXq5DQnkxiCnfwuJTqMIf4Upc1IcV3g1BVwFxM6x4pLZeHhWHXn90MO4csb47sjd6PkFlmFC7AJFe9XFTJkVYC2BapMHshzm-MpgEDzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1-evhWID3ORXadlzh-PDTFyohtAUnWvPFvxHzT-ywuaqFN0px0PrukqcX27oIItUza5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4tdAkh-RJKlUJ0YDUmm5mRPFHnjLnmu36CK3ZWUV805WYWQqLXq5DQnkxiCnfwuJTqMIf4Upc1IcV3g1BVwFxM6x4pLZeHhWHXn90MO4csb47sjd6PkFlmFC7AJFe9XFTJkVYC2BapMHshzm-MpgEDzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1-evhWID3ORXadlzh-PDTFyohtAUnWvPFvxHzT-ywuaqFN0px0PrukqcX27oIItUza5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=d0e67994dc7f4c0c89c220c278dae86e50dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerAmazon
Subject*.cloudfront.net
FingerprintBA:0F:CD:B3:EA:19:B2:9D:99:9B:51:2D:16:33:6B:D0:3F:31:A2:AB
ValidityThu, 08 Dec 2022 00:00:00 GMT - Thu, 07 Dec 2023 23:59:59 GMT
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 346x198, components 3\012- data
Hash d69defd642415903fbf00ce6a0f0fe1d
77f5acefff9ee68e4a25483c8bf3817ded5b20f6
ad709d6f137a0c91b0042621f05a71d05a669b8994788cd0a0d1d68c37f448db
GET /hotelliveeb/images/general/1/fyjQNUZO5B6uKXzlqvRy.jpg HTTP/1.1
Host: dskwugy0u6y9l.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 421 Misdirected Request
server: CloudFront
date: Wed, 01 Nov 2023 12:53:50 GMT
content-type: text/html
content-length: 1003
x-cache: Error from cloudfront
via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: WPoYOGIlpkrF52-hP7bOHEJNF4NNij9ZwSnSQ6udgG6A3xAumPmgVw==
X-Firefox-Spdy: h2
serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF4tdAkh-RJKlUJ0YDUmm5mRPFHnjLnmu36CK3ZWUV805WYWQqLXq5DQnkxiCnfwuJTqMIf4Upc1IcV3g1BVwFxM6x4pLZeHhWHXn90MO4csb47sjd6PkFlmFC7AJFe9XFTJkVYC2BapMHshzm-MpgEDzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-0xSierf_8OPJT_pYuKcyZYupWANLN2if7CQuTeU-ijlHrMz8EFGIWf4TSXYRTA4QPa5hY8OvOxWaQQS9P0iYfnPQFkqynusZJvi-LzBjp4mA
212.47.222.22 0 B URL serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF4tdAkh-RJKlUJ0YDUmm5mRPFHnjLnmu36CK3ZWUV805WYWQqLXq5DQnkxiCnfwuJTqMIf4Upc1IcV3g1BVwFxM6x4pLZeHhWHXn90MO4csb47sjd6PkFlmFC7AJFe9XFTJkVYC2BapMHshzm-MpgEDzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-0xSierf_8OPJT_pYuKcyZYupWANLN2if7CQuTeU-ijlHrMz8EFGIWf4TSXYRTA4QPa5hY8OvOxWaQQS9P0iYfnPQFkqynusZJvi-LzBjp4mA
IP 212.47.222.22:0
ASN #3327 CITIC Telecom CPC Netherlands B.V.
Certificate IssuerLet's Encrypt
Subjectstatic.bepolite.eu
FingerprintB7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD
ValidityMon, 04 Sep 2023 21:06:47 GMT - Sun, 03 Dec 2023 21:06:46 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /event?key=FYFWuDany3hwv6rfuoAYF4tdAkh-RJKlUJ0YDUmm5mRPFHnjLnmu36CK3ZWUV805WYWQqLXq5DQnkxiCnfwuJTqMIf4Upc1IcV3g1BVwFxM6x4pLZeHhWHXn90MO4csb47sjd6PkFlmFC7AJFe9XFTJkVYC2BapMHshzm-MpgEDzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-0xSierf_8OPJT_pYuKcyZYupWANLN2if7CQuTeU-ijlHrMz8EFGIWf4TSXYRTA4QPa5hY8OvOxWaQQS9P0iYfnPQFkqynusZJvi-LzBjp4mA HTTP/1.1
Host: serving.bepolite.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Cookie: bepolite_id=ef355952eb6dc1c9b9eb32211a1df05c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 0
date: Wed, 01 Nov 2023 12:53:50 GMT
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 730248643
age: 0
accept-ranges: bytes
X-Firefox-Spdy: h2
dskwugy0u6y9l.cloudfront.net/hotelliveeb/images/general/1/O6MrG4XhrnsFXC9jc7WZ.jpg
143.204.42.103 68 kB URL dskwugy0u6y9l.cloudfront.net/hotelliveeb/images/general/1/O6MrG4XhrnsFXC9jc7WZ.jpg
IP 143.204.42.103:0
Certificate IssuerAmazon
Subject*.cloudfront.net
FingerprintBA:0F:CD:B3:EA:19:B2:9D:99:9B:51:2D:16:33:6B:D0:3F:31:A2:AB
ValidityThu, 08 Dec 2022 00:00:00 GMT - Thu, 07 Dec 2023 23:59:59 GMT
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 346x198, components 3\012- data
Hash ce2922cf4e71d7ae9f58842d35e18dae
c83bcad31770de77e94167c0ac7af86b1864bddf
2e79e8a49dd61267d08a759330cb87287b656771f28b471a1a67ee00f122f524
GET /hotelliveeb/images/general/1/O6MrG4XhrnsFXC9jc7WZ.jpg HTTP/1.1
Host: dskwugy0u6y9l.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/jpeg
content-length: 68290
date: Wed, 01 Nov 2023 04:03:55 GMT
last-modified: Wed, 11 Jan 2023 11:31:03 GMT
etag: "ce2922cf4e71d7ae9f58842d35e18dae"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 80d21802b1b80c40e55ccf83433b8eac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 3zRuEvBl3JrQVjZu_D-bRkK243jzMRSzpB4HBfpaG-6P9xzOSaUfyg==
age: 31802
X-Firefox-Spdy: h2
dskwugy0u6y9l.cloudfront.net/hotelliveeb/images/general/1/JdZmoWeiiQlpfMAuIIeC.jpg
143.204.42.103 61 kB URL dskwugy0u6y9l.cloudfront.net/hotelliveeb/images/general/1/JdZmoWeiiQlpfMAuIIeC.jpg
IP 143.204.42.103:0
Certificate IssuerAmazon
Subject*.cloudfront.net
FingerprintBA:0F:CD:B3:EA:19:B2:9D:99:9B:51:2D:16:33:6B:D0:3F:31:A2:AB
ValidityThu, 08 Dec 2022 00:00:00 GMT - Thu, 07 Dec 2023 23:59:59 GMT
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 346x195, components 3\012- data
Hash dd86bfb4bf775c862d2c4ce6c31b29b5
94119b0ecc2ae1f9fa98a98eb6c416622ef14547
de5103951b90a9ed1ba44af9919079bed54e32ab4c61d849d19c672ef26e0bca
GET /hotelliveeb/images/general/1/JdZmoWeiiQlpfMAuIIeC.jpg HTTP/1.1
Host: dskwugy0u6y9l.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
content-length: 60807
date: Tue, 31 Oct 2023 23:46:12 GMT
last-modified: Mon, 20 Dec 2021 05:01:37 GMT
etag: "dd86bfb4bf775c862d2c4ce6c31b29b5"
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 80d21802b1b80c40e55ccf83433b8eac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: -gLRqyAHnsOhZHCWFxqrPC9hRF_5Hm2sahEDwG_MFMqGpAxGb_K3NQ==
age: 47265
X-Firefox-Spdy: h2
dskwugy0u6y9l.cloudfront.net/hotelliveeb/images/general/1/lU1CCsbClhoCcQVCEPs0.jpg
143.204.42.103 54 kB URL dskwugy0u6y9l.cloudfront.net/hotelliveeb/images/general/1/lU1CCsbClhoCcQVCEPs0.jpg
IP 143.204.42.103:0
Certificate IssuerAmazon
Subject*.cloudfront.net
FingerprintBA:0F:CD:B3:EA:19:B2:9D:99:9B:51:2D:16:33:6B:D0:3F:31:A2:AB
ValidityThu, 08 Dec 2022 00:00:00 GMT - Thu, 07 Dec 2023 23:59:59 GMT
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 346x198, components 3\012- data
Hash b3b22d6e79dafefaa41378e4a839bc95
48743634f4b28f1f25ecae8d265b33251f7acda0
6706b47055fc6abbaf44b8396451996598f462a751e77dff73321b53b38f3e0b
GET /hotelliveeb/images/general/1/lU1CCsbClhoCcQVCEPs0.jpg HTTP/1.1
Host: dskwugy0u6y9l.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
content-length: 54424
date: Wed, 01 Nov 2023 05:29:53 GMT
last-modified: Mon, 30 May 2022 08:30:09 GMT
etag: "b3b22d6e79dafefaa41378e4a839bc95"
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 80d21802b1b80c40e55ccf83433b8eac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Pv5OMdu_BNexyX3_1ANf469gB5Wx0O1qRazdczQbogVd8SEIU86ebw==
age: 26650
X-Firefox-Spdy: h2
dskwugy0u6y9l.cloudfront.net/hotelliveeb/images/general/1/W18S9LN3mNoJ2oi9KleC.jpg
143.204.42.103 67 kB URL dskwugy0u6y9l.cloudfront.net/hotelliveeb/images/general/1/W18S9LN3mNoJ2oi9KleC.jpg
IP 143.204.42.103:0
Certificate IssuerAmazon
Subject*.cloudfront.net
FingerprintBA:0F:CD:B3:EA:19:B2:9D:99:9B:51:2D:16:33:6B:D0:3F:31:A2:AB
ValidityThu, 08 Dec 2022 00:00:00 GMT - Thu, 07 Dec 2023 23:59:59 GMT
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 346x198, components 3\012- data
Hash 121d3ec4975a073987565cebb7277a42
f41d4e66e96400a7d937dcfe12c5110261340c01
bb9d77dec5caa7ba2319904b8c650e8cdf4cff6c573a9b5bfe15133e0ec54461
GET /hotelliveeb/images/general/1/W18S9LN3mNoJ2oi9KleC.jpg HTTP/1.1
Host: dskwugy0u6y9l.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
content-length: 67309
last-modified: Thu, 13 Apr 2023 06:00:11 GMT
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
date: Wed, 01 Nov 2023 12:54:03 GMT
etag: "121d3ec4975a073987565cebb7277a42"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 80d21802b1b80c40e55ccf83433b8eac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Fi9L4aBUI497dFaa3BKvysssKvCqg_-tvsVCNCZjK2sRIzKc1YDeHQ==
X-Firefox-Spdy: h2
banner.hookusbookus.com/assets/image/svg/hb-logo.svg
18.157.94.205200 OK 15 kB URL GET HTTP/2 banner.hookusbookus.com/assets/image/svg/hb-logo.svg
IP 18.157.94.205:443
Requested by https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4tdAkh-RJKlUJ0YDUmm5mRPFHnjLnmu36CK3ZWUV805WYWQqLXq5DQnkxiCnfwuJTqMIf4Upc1IcV3g1BVwFxM6x4pLZeHhWHXn90MO4csb47sjd6PkFlmFC7AJFe9XFTJkVYC2BapMHshzm-MpgEDzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1-evhWID3ORXadlzh-PDTFyohtAUnWvPFvxHzT-ywuaqFN0px0PrukqcX27oIItUza5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4tdAkh-RJKlUJ0YDUmm5mRPFHnjLnmu36CK3ZWUV805WYWQqLXq5DQnkxiCnfwuJTqMIf4Upc1IcV3g1BVwFxM6x4pLZeHhWHXn90MO4csb47sjd6PkFlmFC7AJFe9XFTJkVYC2BapMHshzm-MpgEDzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1-evhWID3ORXadlzh-PDTFyohtAUnWvPFvxHzT-ywuaqFN0px0PrukqcX27oIItUza5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=d0e67994dc7f4c0c89c220c278dae86e50dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerAmazon
Subject*.hookusbookus.com
FingerprintCD:CD:3C:03:66:21:F8:A9:21:BC:F8:C8:3C:DC:88:0A:C5:19:F1:7A
ValiditySun, 07 May 2023 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (15333), with no line terminators
Hash bf6baf947f924bf8d67e947a025def06
9ac9fccb0351b41c1545714153ed5fa2c4bfef3a
64efdaebd020c39ec366f473c831cb51e8cd5d5b1afde13a9695d1f2dae4e60e
GET /assets/image/svg/hb-logo.svg HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/assets/css/index_1000x200.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 01 Nov 2023 12:53:50 GMT
content-type: image/svg+xml
server: nginx/1.15.12
last-modified: Mon, 05 Jul 2021 19:56:59 GMT
vary: Accept-Encoding
etag: W/"60e3640b-3be5"
content-encoding: gzip
X-Firefox-Spdy: h2
dskwugy0u6y9l.cloudfront.net/hotelliveeb/images/general/1/tQmTG1GbXWdXqHUuzy3Z.jpg
143.204.42.89421 Misdirected Request 60 kB URL GET HTTP/2 dskwugy0u6y9l.cloudfront.net/hotelliveeb/images/general/1/tQmTG1GbXWdXqHUuzy3Z.jpg
IP 143.204.42.89:443
Requested by https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4tdAkh-RJKlUJ0YDUmm5mRPFHnjLnmu36CK3ZWUV805WYWQqLXq5DQnkxiCnfwuJTqMIf4Upc1IcV3g1BVwFxM6x4pLZeHhWHXn90MO4csb47sjd6PkFlmFC7AJFe9XFTJkVYC2BapMHshzm-MpgEDzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1E8ZIEiCzUVRK-19Gkg33uPJIqhbS8TnHNIwVkc44o14Jlu5FnUGUVJccIA7StPuDa5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4tdAkh-RJKlUJ0YDUmm5mRPFHnjLnmu36CK3ZWUV805WYWQqLXq5DQnkxiCnfwuJTqMIf4Upc1IcV3g1BVwFxM6x4pLZeHhWHXn90MO4csb47sjd6PkFlmFC7AJFe9XFTJkVYC2BapMHshzm-MpgEDzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1E8ZIEiCzUVRK-19Gkg33uPJIqhbS8TnHNIwVkc44o14Jlu5FnUGUVJccIA7StPuDa5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=477a2f8194c2474d89778f576cd32c1550dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerAmazon
Subject*.cloudfront.net
FingerprintBA:0F:CD:B3:EA:19:B2:9D:99:9B:51:2D:16:33:6B:D0:3F:31:A2:AB
ValidityThu, 08 Dec 2022 00:00:00 GMT - Thu, 07 Dec 2023 23:59:59 GMT
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 346x198, components 3\012- data
Hash a756a4d90f264010333a4a2e6bb4b193
7335e794a68463cc62de4c54710f6ab362b1a52d
d0a829072236587031b97f964e3a8a22c6d130ee9388426af101f850830cd009
GET /hotelliveeb/images/general/1/tQmTG1GbXWdXqHUuzy3Z.jpg HTTP/1.1
Host: dskwugy0u6y9l.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 421 Misdirected Request
server: CloudFront
date: Wed, 01 Nov 2023 12:53:50 GMT
content-type: text/html
content-length: 1003
x-cache: Error from cloudfront
via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Ueg5JAXHuE6TrJB7CKOSaBoPWmVcfwh0NamKeS7ZXCneMPsYw1ak3w==
X-Firefox-Spdy: h2
banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4tdAkh-RJKlUJ0YDUmm5mRPFHnjLnmu36CK3ZWUV805WYWQqLXq5DQnkxiCnfwuJTqMIf4Upc1IcV3g1BVwFxM6x4pLZeHhWHXn90MO4csb47sjd6PkFlmFC7AJFe9XFTJkVYC2BapMHshzm-MpgEDzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1E8ZIEiCzUVRK-19Gkg33uPJIqhbS8TnHNIwVkc44o14Jlu5FnUGUVJccIA7StPuDa5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4tdAkh-RJKlUJ0YDUmm5mRPFHnjLnmu36CK3ZWUV805WYWQqLXq5DQnkxiCnfwuJTqMIf4Upc1IcV3g1BVwFxM6x4pLZeHhWHXn90MO4csb47sjd6PkFlmFC7AJFe9XFTJkVYC2BapMHshzm-MpgEDzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1E8ZIEiCzUVRK-19Gkg33uPJIqhbS8TnHNIwVkc44o14Jlu5FnUGUVJccIA7StPuDa5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=477a2f8194c2474d89778f576cd32c1550dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
18.157.94.205200 OK 6.0 kB URL GET HTTP/2 banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4tdAkh-RJKlUJ0YDUmm5mRPFHnjLnmu36CK3ZWUV805WYWQqLXq5DQnkxiCnfwuJTqMIf4Upc1IcV3g1BVwFxM6x4pLZeHhWHXn90MO4csb47sjd6PkFlmFC7AJFe9XFTJkVYC2BapMHshzm-MpgEDzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1E8ZIEiCzUVRK-19Gkg33uPJIqhbS8TnHNIwVkc44o14Jlu5FnUGUVJccIA7StPuDa5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4tdAkh-RJKlUJ0YDUmm5mRPFHnjLnmu36CK3ZWUV805WYWQqLXq5DQnkxiCnfwuJTqMIf4Upc1IcV3g1BVwFxM6x4pLZeHhWHXn90MO4csb47sjd6PkFlmFC7AJFe9XFTJkVYC2BapMHshzm-MpgEDzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1E8ZIEiCzUVRK-19Gkg33uPJIqhbS8TnHNIwVkc44o14Jlu5FnUGUVJccIA7StPuDa5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=477a2f8194c2474d89778f576cd32c1550dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
IP 18.157.94.205:443
Requested by https://www.upload.ee/files/15881870/Ricijo_Cheats_V._Halloween.exe.html?msg=sess_error
Certificate IssuerAmazon
Subject*.hookusbookus.com
FingerprintCD:CD:3C:03:66:21:F8:A9:21:BC:F8:C8:3C:DC:88:0A:C5:19:F1:7A
ValiditySun, 07 May 2023 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (6210), with no line terminators
Hash b2c258a8d77db021c8f33f8e84dba71b
c453e30dac638f4e1b897309fe32db795d540f80
2d1065201a188a85c1a7d0a3ee130f5a8dc4e60db8fe221fb2081e77222e5a9f
GET /index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4tdAkh-RJKlUJ0YDUmm5mRPFHnjLnmu36CK3ZWUV805WYWQqLXq5DQnkxiCnfwuJTqMIf4Upc1IcV3g1BVwFxM6x4pLZeHhWHXn90MO4csb47sjd6PkFlmFC7AJFe9XFTJkVYC2BapMHshzm-MpgEDzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1E8ZIEiCzUVRK-19Gkg33uPJIqhbS8TnHNIwVkc44o14Jlu5FnUGUVJccIA7StPuDa5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4tdAkh-RJKlUJ0YDUmm5mRPFHnjLnmu36CK3ZWUV805WYWQqLXq5DQnkxiCnfwuJTqMIf4Upc1IcV3g1BVwFxM6x4pLZeHhWHXn90MO4csb47sjd6PkFlmFC7AJFe9XFTJkVYC2BapMHshzm-MpgEDzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1E8ZIEiCzUVRK-19Gkg33uPJIqhbS8TnHNIwVkc44o14Jlu5FnUGUVJccIA7StPuDa5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=477a2f8194c2474d89778f576cd32c1550dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 01 Nov 2023 12:53:50 GMT
content-type: text/html
server: nginx/1.15.12
last-modified: Tue, 24 Jan 2023 14:19:47 GMT
vary: Accept-Encoding
etag: W/"63cfe903-1781"
content-encoding: gzip
X-Firefox-Spdy: h2