www.upload.ee/download/14996398/b0c56b3e51781cac61f7/kaspersky_tweaker_2.23.3.6.exe
51.91.30.159302 Found 0 B URL HTTP/1.1 www.upload.ee/download/14996398/b0c56b3e51781cac61f7/kaspersky_tweaker_2.23.3.6.exe
IP 51.91.30.159:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /download/14996398/b0c56b3e51781cac61f7/kaspersky_tweaker_2.23.3.6.exe HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Server: nginx
Date: Fri, 31 Mar 2023 09:56:33 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Keep-Alive: timeout=5
Strict-Transport-Security: max-age=31536000
X-XSS-Protection: 1
Location: https://www.upload.ee/download/14996398/b0c56b3e51781cac61f7/kaspersky_tweaker_2.23.3.6.exe
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 7af19a5145a4ee99bdf18831bad04bfd
7bdd2a4785b999ef54a2644211d2b2b7190fb8e1
3237bf0111ecdec3615c4d2d49a602f48f800335d0194f52b600bdaefbd63ed0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3237BF0111ECDEC3615C4D2D49A602F48F800335D0194F52B600BDAEFBD63ED0"
Last-Modified: Thu, 30 Mar 2023 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8331
Expires: Fri, 31 Mar 2023 12:15:24 GMT
Date: Fri, 31 Mar 2023 09:56:33 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash cca063332ba9a89eadd62a8dd7f81a9b
d473b2a7a32c964599ff3bac8f98fa578f03d1d1
02fb74c7c695ad99f7f2fd7c02ae2b88e2da1c5db339f883333d9090291931dc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "02FB74C7C695AD99F7F2FD7C02AE2B88E2DA1C5DB339F883333D9090291931DC"
Last-Modified: Wed, 29 Mar 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3443
Expires: Fri, 31 Mar 2023 10:53:56 GMT
Date: Fri, 31 Mar 2023 09:56:33 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash bc86ef2a0cee04915bc360f5821adc8f
3658f9028cce204d38f7f48fcfaa2a8e4f54383a
aeecd718d03811322457de4f20828bdba86b277e7e0e328cae9c0a8075638454
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Backoff, Content-Length, Retry-After, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 31 Mar 2023 09:28:23 GMT
content-type: application/json
age: 1690
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 374c9e295a804e605c402f48ae7e2446
967394b36ecdff2dd32842f878887f061024c6b3
7652dfcb9e2d620ce1d033be8ecc53166d2881154c15decd60899415e5ac2706
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7652DFCB9E2D620CE1D033BE8ECC53166D2881154C15DECD60899415E5AC2706"
Last-Modified: Thu, 30 Mar 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21554
Expires: Fri, 31 Mar 2023 15:55:47 GMT
Date: Fri, 31 Mar 2023 09:56:33 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e7bace7c1e04d44012e37ddffe36e5d5
3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2
6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: lsBpCzHlvoRHmRsqbX57jJhaDz4EovCoJt/TeJTTC+UWEm6dgQJ2ffUGpI9/yFFe6bZfVBzLqHU=
x-amz-request-id: 20KBP4WNEE9S6439
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 31 Mar 2023 09:03:17 GMT
age: 3196
last-modified: Sat, 11 Mar 2023 16:53:15 GMT
etag: "e7bace7c1e04d44012e37ddffe36e5d5"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
192.229.221.95200 OK 727 B IP 192.229.221.95:0
Hash bd394af40958e07236e086c81b8da594
3b3b0133903a349d6eff757f6687ae836d337d91
c4d58887dfad085929b80e68e2a69aad6340da3af347cb2a22554a25640c87aa
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4007
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 09:56:33 GMT
Last-Modified: Fri, 31 Mar 2023 08:49:47 GMT
Server: ECAcc (ska/F6D2)
X-Cache: HIT
Content-Length: 727
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 09:56:33 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
www.upload.ee/download/14996398/b0c56b3e51781cac61f7/kaspersky_tweaker_2.23.3.6.exe
51.91.30.159404 Not Found 411 B URL HTTP/1.1 www.upload.ee/download/14996398/b0c56b3e51781cac61f7/kaspersky_tweaker_2.23.3.6.exe
IP 51.91.30.159:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (411), with no line terminators
Hash 51a24850e61b10dff19cc3b562b65587
513fa15420a6851e3fa8ad155aadd654097c9e63
3e21a9374e6949c952b514c005c41ee2851ab0afd4203bed7c2dfd126943b97d
GET /download/14996398/b0c56b3e51781cac61f7/kaspersky_tweaker_2.23.3.6.exe HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 404 Not Found
Server: nginx
Date: Fri, 31 Mar 2023 09:56:33 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 411
Connection: keep-alive
Keep-Alive: timeout=5
Strict-Transport-Security: max-age=31536000
X-XSS-Protection: 1
P3P: CP="CAO PSA OUR"
www.upload.ee/files/14996398/Kaspersky_Tweaker_2.23.3.6.exe.html
51.91.30.159200 OK 8.9 kB URL HTTP/1.1 www.upload.ee/files/14996398/Kaspersky_Tweaker_2.23.3.6.exe.html
IP 51.91.30.159:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4526)
Hash c53a0e74cc00230d3c964407f01b266a
94128d2be4b2eca3f47ef07a574978fb07c40dfa
61145c16b7e2e9046a6a04bfe402c64a3b0283370497b94cf945060e9adb7b08
GET /files/14996398/Kaspersky_Tweaker_2.23.3.6.exe.html HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload.ee/download/14996398/b0c56b3e51781cac61f7/kaspersky_tweaker_2.23.3.6.exe
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 31 Mar 2023 09:56:33 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 8903
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Fri, 31 Mar 2023 12:56:33 +0300
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Strict-Transport-Security: max-age=31536000
X-XSS-Protection: 1
P3P: CP="CAO PSA OUR"
Set-Cookie: lng=eng; expires=Fri, 28-Apr-2023 09:56:33 GMT; path=/; domain=www.upload.ee; secure; httponly; SameSite=None
Content-Encoding: gzip
www.upload.ee/static/ubr__style.css
51.91.30.159200 OK 2.9 kB URL HTTP/1.1 www.upload.ee/static/ubr__style.css
IP 51.91.30.159:0
File type ASCII text, with very long lines (591), with CRLF line terminators
Hash 7b736ade714db0c4ee6dbd432b2b1367
98b85ea1586315cba25380eca3c9785820a23042
e3d11bbf89fb8f84070b6616e4f422eef0182dbf937f0398d0d2c779509b07a1
GET /static/ubr__style.css HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload.ee/files/14996398/Kaspersky_Tweaker_2.23.3.6.exe.html
Cookie: lng=eng
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 31 Mar 2023 09:56:33 GMT
Content-Type: text/css
Last-Modified: Fri, 04 Oct 2013 10:02:27 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
ETag: W/"524e9233-25a0"
Expires: Fri, 07 Apr 2023 09:56:33 GMT
Cache-Control: max-age=604800
Vary: Accept-Encoding
Content-Encoding: gzip
www.upload.ee/js/js__file_upload.js
51.91.30.159200 OK 27 kB URL HTTP/1.1 www.upload.ee/js/js__file_upload.js
IP 51.91.30.159:0
File type Unicode text, UTF-8 text, with very long lines (1853)
Hash 617f6d5a2744bc8c02e3d2c67544bd68
f57c068257c8bc85644d3be1e845c36506cd4625
62a3bb4d9d2b5a55b6d821a75d7b155fac47def3c241e4f1215d17e022f02658
GET /js/js__file_upload.js HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload.ee/files/14996398/Kaspersky_Tweaker_2.23.3.6.exe.html
Cookie: lng=eng
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 31 Mar 2023 09:56:33 GMT
Content-Type: application/javascript
Content-Length: 27351
Last-Modified: Thu, 07 May 2020 19:13:28 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "5eb45dd8-6ad7"
Expires: Fri, 07 Apr 2023 09:56:33 GMT
Cache-Control: max-age=604800
Vary: Accept-Encoding
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 66d3c8a2dc7656b819dfe99dd74ef41b
9ac102973657c13264a7a17ad2e3ffc6f4d1f570
23346d5aae2c9440f6a6d9c1d366003dfaefd1cc83212ce033bfdc30e5054cc6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 09:56:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.upload.ee/images/arrow.gif
51.91.30.159200 OK 59 B URL HTTP/1.1 www.upload.ee/images/arrow.gif
IP 51.91.30.159:0
File type GIF image data, version 89a, 6 x 9\012- data
Hash 6675f814b94f13f91f1383707b250e36
31452650e8fce2095613a2010799bdb7548bdd51
061d01a0b85f948c6ec464870ecec4654c4bd2ff15cacda941bbbf16225ec411
GET /images/arrow.gif HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload.ee/files/14996398/Kaspersky_Tweaker_2.23.3.6.exe.html
Cookie: lng=eng
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 31 Mar 2023 09:56:33 GMT
Content-Type: image/gif
Content-Length: 59
Last-Modified: Sun, 14 Apr 2013 07:15:01 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "516a5775-3b"
Expires: Fri, 07 Apr 2023 09:56:33 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes
www.upload.ee/images/dl_.png
51.91.30.159200 OK 1.9 kB URL HTTP/1.1 www.upload.ee/images/dl_.png
IP 51.91.30.159:0
File type PNG image data, 154 x 32, 8-bit colormap, non-interlaced\012- data
Hash f3e8f284a4e98cdb91b6abfc142d94a4
fa9e618c2f56bea752ddd7e45a372c5539dadda9
2f13919383f54ca21e5b87f5644df8a875b99815c821dcbbabea352d854c6882
GET /images/dl_.png HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload.ee/files/14996398/Kaspersky_Tweaker_2.23.3.6.exe.html
Cookie: lng=eng
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 31 Mar 2023 09:56:33 GMT
Content-Type: image/png
Content-Length: 1900
Last-Modified: Thu, 01 Dec 2016 09:37:27 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "583fef57-76c"
Expires: Fri, 07 Apr 2023 09:56:33 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes
s7.addthis.com/js/250/addthis_widget.js?pub=uploadee
23.38.200.123200 OK 116 kB URL HTTP/2 s7.addthis.com/js/250/addthis_widget.js?pub=uploadee
IP 23.38.200.123:0
File type ASCII text, with very long lines (54602)
Size 116 kB (116332 bytes)
Hash c8d737e60bdacba7881311502080326f
dd80ca62ff99c01e84b9821ed22256c65870f3e5
0a2920847187f38e6f526a7e7eb20ec40fb7f37f56338de0c5e0e757f73ca8cc
GET /js/250/addthis_widget.js?pub=uploadee HTTP/1.1
Host: s7.addthis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.15.8
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
etag: "5f971164-5834c"
cache-control: public, max-age=600
strict-transport-security: max-age=15724800; includeSubDomains
content-type: application/javascript
content-encoding: gzip
content-length: 116332
x-check-cacheable: YES
date: Fri, 31 Mar 2023 09:56:33 GMT
vary: Accept-Encoding
x-distribution: 99
x-host: s7.addthis.com
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=UA-6703115-1
142.250.74.168200 OK 46 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-6703115-1
IP 142.250.74.168:0
File type ASCII text, with very long lines (2206)
Hash bcb7fe26b5638529998ca0ae3daf8bb9
3d2f716aba7438ce035a695d698dda8b97378d08
3db3ffda58e5ec770aae4aaf67a17dd7c877e5fb61b2fbf2c2b1b156cade131d
GET /gtag/js?id=UA-6703115-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 31 Mar 2023 09:56:33 GMT
expires: Fri, 31 Mar 2023 09:56:33 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 46092
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 66d3c8a2dc7656b819dfe99dd74ef41b
9ac102973657c13264a7a17ad2e3ffc6f4d1f570
23346d5aae2c9440f6a6d9c1d366003dfaefd1cc83212ce033bfdc30e5054cc6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 09:56:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
23.38.200.123200 OK 26 kB URL HTTP/2 s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
IP 23.38.200.123:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (63757)
Hash 707317ccaabe08d32d1bd781754e6871
bb82dcd3e044c960e0861c2ce878f5504e628f78
d0a164ece41c61aec26517fb645646f5ba91f72ea5448eff1ee6c393b7c53051
GET /static/sh.f48a1a04fe8dbf021b4cda1d.html HTTP/1.1
Host: s7.addthis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload.ee/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.15.8
content-type: text/html
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
etag: W/"5f971164-11adc"
timing-allow-origin: *
cache-control: public, max-age=86313600
p3p: CP="NON ADM OUR DEV IND COM STA"
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
content-length: 26421
date: Fri, 31 Mar 2023 09:56:33 GMT
vary: Accept-Encoding
x-host: s7.addthis.com
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: ETag, Last-Modified, Expires, Retry-After, Cache-Control, Alert, Backoff, Pragma, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 31 Mar 2023 09:14:39 GMT
age: 2514
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
z.moatads.com/addthismoatframe568911941483/moatframe.js
23.38.201.146200 OK 948 B URL HTTP/2 z.moatads.com/addthismoatframe568911941483/moatframe.js
IP 23.38.201.146:0
File type ASCII text, with very long lines (523)
Hash f14b4e1f799b14f798a195f43cf58376
b6fd3b3d407fb4c0a00fb8a31862235e2a6e0a86
92ed3e9fda5fa4d738ff4d9023846b56633617363dda6a750cacb4fba53241ac
GET /addthismoatframe568911941483/moatframe.js HTTP/1.1
Host: z.moatads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: e0HboiVQpjIDEK8WTxqU5+8G8wOtu9bNCFY72alTHLP0/Yb+qoiTOxu6fad89ebRofzHxENxOOg=
x-amz-request-id: 61EC92F13BB22DD4
last-modified: Fri, 08 Nov 2019 20:13:52 GMT
etag: "f14b4e1f799b14f798a195f43cf58376"
content-encoding: gzip
accept-ranges: bytes
content-type: application/x-javascript
content-length: 948
server: AmazonS3
vary: Accept-Encoding
cache-control: max-age=21741
date: Fri, 31 Mar 2023 09:56:34 GMT
X-Firefox-Spdy: h2
s7.addthis.com/static/btn/lg-share-en.gif
23.38.200.123200 OK 596 B URL HTTP/2 s7.addthis.com/static/btn/lg-share-en.gif
IP 23.38.200.123:0
File type GIF image data, version 89a, 125 x 16\012- data
Hash 212668d558dfda57c80995d818ad9d39
f5c7e2ed67eeba644dc220e8ba32956bcf413eb9
8d261abb1cdf02888b9a1f12cf9694e7ec7e93d7da3e8f20e2907af422327489
GET /static/btn/lg-share-en.gif HTTP/1.1
Host: s7.addthis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.15.8
content-type: image/gif
content-length: 596
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
etag: "5f971164-254"
timing-allow-origin: *
cache-control: public, max-age=86313600
accept-ranges: bytes
strict-transport-security: max-age=15724800; includeSubDomains
date: Fri, 31 Mar 2023 09:56:34 GMT
x-host: s7.addthis.com
X-Firefox-Spdy: h2
www.upload.ee/favicon.ico
51.91.30.159200 OK 1.2 kB URL HTTP/1.1 www.upload.ee/favicon.ico
IP 51.91.30.159:0
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash f299cf2e651c19e48d27900ced493ccb
c2d1086d517d7a26292e0d7b32da7c55b166c23b
115c8eb4840245f7aed0cb2a17fa7e91b86f79bb2f223a25af8cc533e1dedff1
GET /favicon.ico HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload.ee/files/14996398/Kaspersky_Tweaker_2.23.3.6.exe.html
Cookie: lng=eng; __atuvc=1%7C13; __atuvs=6426ae5128f8b89a000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 31 Mar 2023 09:56:34 GMT
Content-Type: image/x-icon
Content-Length: 1150
Last-Modified: Tue, 16 Dec 2008 17:17:25 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "4947e2a5-47e"
Expires: Fri, 07 Apr 2023 09:56:34 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash e8df31f5ac474adbf58cfa599304bcae
c3001e355800deb24f04a565cc1ccb1131c1eadc
da2ed2c8207f9290413bf7d38a0957f48cc524c6afe7b481b77a84930c7a9e38
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 09:56:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/analytics.js
216.58.207.206200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 216.58.207.206:0
File type ASCII text, with very long lines (1490)
Hash ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20085
date: Fri, 31 Mar 2023 08:05:11 GMT
expires: Fri, 31 Mar 2023 10:05:11 GMT
cache-control: public, max-age=7200
age: 6683
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
142.250.74.162200 OK 48 kB URL HTTP/2 pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
IP 142.250.74.162:0
File type ASCII text, with very long lines (3599)
Hash 7654f964d7923b87fe62b683c46797b6
bdc3446ea61ccdb6ac57336e7b24ad682f29813d
12a97e6ca6f3cd486b8b56c9df22e0ed2db5b2a99ef2610de7a956d03419e9a0
GET /pagead/js/adsbygoogle.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Fri, 31 Mar 2023 09:56:34 GMT
expires: Fri, 31 Mar 2023 09:56:34 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 9839989517902952448
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 48340
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash e8df31f5ac474adbf58cfa599304bcae
c3001e355800deb24f04a565cc1ccb1131c1eadc
da2ed2c8207f9290413bf7d38a0957f48cc524c6afe7b481b77a84930c7a9e38
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 09:56:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 782ca4845ea5e0ec981e33231b1e61cb
032116b75e124c57877524e9e4f523b6d7c65820
94d007862fc7a4cd67f582ff22f2339619177435559c1dd5075a08c7240f3520
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "94D007862FC7A4CD67F582FF22F2339619177435559C1DD5075A08C7240F3520"
Last-Modified: Wed, 29 Mar 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4207
Expires: Fri, 31 Mar 2023 11:06:41 GMT
Date: Fri, 31 Mar 2023 09:56:34 GMT
Connection: keep-alive
v1.addthisedge.com/live/boost/uploadee/_ate.track.config_resp
23.38.200.123200 OK 47 B URL HTTP/2 v1.addthisedge.com/live/boost/uploadee/_ate.track.config_resp
IP 23.38.200.123:0
File type ASCII text, with no line terminators
Hash 24c668b115f75423506f2ea21d1b49c2
14f956ddb2d9e8b072cd5f605c3f39526490b391
b542daef470a9730029174f975ce3ce236b3e58bf9183b11956acce994b13a16
GET /live/boost/uploadee/_ate.track.config_resp HTTP/1.1
Host: v1.addthisedge.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript;charset=utf-8
content-disposition: attachment; filename=1.txt
content-encoding: gzip
content-length: 47
cache-control: public, max-age=60, s-maxage=86400
date: Fri, 31 Mar 2023 09:56:34 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2
m.addthis.com/live/red_lojson/300lo.json?si=6426ae513e2655fc&bkl=0&bl=1&pdt=144&sid=6426ae513e2655fc&pub=uploadee&rev=v8.28.8-wp&ln=en&pc=men&cb=0&ab=-&dp=www.upload.ee&fp=files%2F14996398%2FKaspersky_Tweaker_2.23.3.6.exe.html&fr=download%2F14996398%2Fb0c56b3e51781cac61f7%2Fkaspersky_tweaker_2.23.3.6.exe&of=0&pd=0&irt=0&vcl=0&md=0&ct=1&tct=0&abt=0&cdn=0&pi=1&rb=2&gen=100&chr=UTF-8&mk=upload%2Cfiles%2Cdownload%2Cfailid%2Chosting%2Cgaleriid%2Cgalleries%2Cvideo%2Cpilt%2Cimage%2Ctasuta%20upload%2Cupload%20clipboard%2Ceestimaine%20upload%2Cpiltide%20upload&colc=1680256593662&jsl=0&uvs=6426ae5128f8b89a000&skipb=1&callback=addthis.cbs.jsonp__14892828804186310
23.38.200.123200 OK 89 B URL HTTP/2 m.addthis.com/live/red_lojson/300lo.json?si=6426ae513e2655fc&bkl=0&bl=1&pdt=144&sid=6426ae513e2655fc&pub=uploadee&rev=v8.28.8-wp&ln=en&pc=men&cb=0&ab=-&dp=www.upload.ee&fp=files%2F14996398%2FKaspersky_Tweaker_2.23.3.6.exe.html&fr=download%2F14996398%2Fb0c56b3e51781cac61f7%2Fkaspersky_tweaker_2.23.3.6.exe&of=0&pd=0&irt=0&vcl=0&md=0&ct=1&tct=0&abt=0&cdn=0&pi=1&rb=2&gen=100&chr=UTF-8&mk=upload%2Cfiles%2Cdownload%2Cfailid%2Chosting%2Cgaleriid%2Cgalleries%2Cvideo%2Cpilt%2Cimage%2Ctasuta%20upload%2Cupload%20clipboard%2Ceestimaine%20upload%2Cpiltide%20upload&colc=1680256593662&jsl=0&uvs=6426ae5128f8b89a000&skipb=1&callback=addthis.cbs.jsonp__14892828804186310
IP 23.38.200.123:0
File type ASCII text, with no line terminators
Hash 82d910c8f50f6756795463b69da3c8bc
d113322edbd2344a11c519f4d436fb3e96d23dd7
18bfca3d3379e3e4bc2cea0300526304ab7dc380403780aa1d64d746f24aa934
GET /live/red_lojson/300lo.json?si=6426ae513e2655fc&bkl=0&bl=1&pdt=144&sid=6426ae513e2655fc&pub=uploadee&rev=v8.28.8-wp&ln=en&pc=men&cb=0&ab=-&dp=www.upload.ee&fp=files%2F14996398%2FKaspersky_Tweaker_2.23.3.6.exe.html&fr=download%2F14996398%2Fb0c56b3e51781cac61f7%2Fkaspersky_tweaker_2.23.3.6.exe&of=0&pd=0&irt=0&vcl=0&md=0&ct=1&tct=0&abt=0&cdn=0&pi=1&rb=2&gen=100&chr=UTF-8&mk=upload%2Cfiles%2Cdownload%2Cfailid%2Chosting%2Cgaleriid%2Cgalleries%2Cvideo%2Cpilt%2Cimage%2Ctasuta%20upload%2Cupload%20clipboard%2Ceestimaine%20upload%2Cpiltide%20upload&colc=1680256593662&jsl=0&uvs=6426ae5128f8b89a000&skipb=1&callback=addthis.cbs.jsonp__14892828804186310 HTTP/1.1
Host: m.addthis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript;charset=utf-8
content-length: 89
cache-control: max-age=0, no-cache, no-store, no-transform
pragma: no-cache
content-disposition: attachment; filename=1.txt
date: Fri, 31 Mar 2023 09:56:34 GMT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 7ea999a491ab4009f8658e78af2bfb94
f0cbd3d48c9081acfdeb53adf55135dba5bbe08b
d159c0baaa0869f3e69e16ea482178e6184d68cb6f5ae8a6156955488fd415fe
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 09:56:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-6703115-1&cid=280856218.1680256594&jid=1649148679&gjid=1249414610&_gid=113978934.1680256594&_u=YADAAUAAAAAAACAAI~&z=1926055318
64.233.161.156200 OK 1 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-6703115-1&cid=280856218.1680256594&jid=1649148679&gjid=1249414610&_gid=113978934.1680256594&_u=YADAAUAAAAAAACAAI~&z=1926055318
IP 64.233.161.156:0
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-6703115-1&cid=280856218.1680256594&jid=1649148679&gjid=1249414610&_gid=113978934.1680256594&_u=YADAAUAAAAAAACAAI~&z=1926055318 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://www.upload.ee
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://www.upload.ee
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Fri, 31 Mar 2023 09:56:34 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
push.services.mozilla.com/
35.163.74.93101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.163.74.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: y1EUZix6A19w6Hz2KTokkA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: COOVFYT3MZcAl+snxXumrgxsCco=
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 2f67dc9a5c95eca1b4911ccdfa024557
1c5fae325ebbec9280401bd05f68964e2d631afb
efe6c92a3a27c6e0566b3889c0e2b56f284afaf91d106660cfe63bee6420d99a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 09:56:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash c7445f8f9dbe44a0457ed584305727c4
0582edfdc9fe490bfeb72250c218af3cff3f6cab
8fa39260f96786df1a76e9896a1a9614fd3ab4aadb1a2f98b909c55caeb9eae1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 09:56:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
partner.googleadservices.com/gampad/cookie.js?domain=www.upload.ee&callback=_gfp_s_&client=ca-pub-5364884771898146
216.58.207.226200 OK 249 B URL HTTP/2 partner.googleadservices.com/gampad/cookie.js?domain=www.upload.ee&callback=_gfp_s_&client=ca-pub-5364884771898146
IP 216.58.207.226:0
File type ASCII text, with very long lines (385), with no line terminators
Hash 890cc750572b61591de304bcd6133279
97cfdeb9c20deaa82bedfc2b946801d91f15f8e1
d3bc9a2ae0b691111fbff596424c9b8552c8b350c0ef3a52508e1d831d2a8592
GET /gampad/cookie.js?domain=www.upload.ee&callback=_gfp_s_&client=ca-pub-5364884771898146 HTTP/1.1
Host: partner.googleadservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Fri, 31 Mar 2023 09:56:34 GMT
server: cafe
cache-control: private
content-length: 249
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 7ea999a491ab4009f8658e78af2bfb94
f0cbd3d48c9081acfdeb53adf55135dba5bbe08b
d159c0baaa0869f3e69e16ea482178e6184d68cb6f5ae8a6156955488fd415fe
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 09:56:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash d9bccde084c491a04e52752f2af1e16d
5a7a761608a0d79d383e104a0455f76bb0d2248e
aed5aade370f65d015700850f0a3a80c5f47066e82d200f5cf1d2d44657388dd
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 09:56:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.no/adsid/integrator.js?domain=www.upload.ee
142.250.74.34200 OK 100 B URL HTTP/2 adservice.google.no/adsid/integrator.js?domain=www.upload.ee
IP 142.250.74.34:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=www.upload.ee HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Fri, 31 Mar 2023 09:56:34 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
adservice.google.com/adsid/integrator.js?domain=www.upload.ee
142.250.74.66200 OK 100 B URL HTTP/2 adservice.google.com/adsid/integrator.js?domain=www.upload.ee
IP 142.250.74.66:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=www.upload.ee HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Fri, 31 Mar 2023 09:56:34 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 2f67dc9a5c95eca1b4911ccdfa024557
1c5fae325ebbec9280401bd05f68964e2d631afb
efe6c92a3a27c6e0566b3889c0e2b56f284afaf91d106660cfe63bee6420d99a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 09:56:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash c7445f8f9dbe44a0457ed584305727c4
0582edfdc9fe490bfeb72250c218af3cff3f6cab
8fa39260f96786df1a76e9896a1a9614fd3ab4aadb1a2f98b909c55caeb9eae1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 09:56:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash d9bccde084c491a04e52752f2af1e16d
5a7a761608a0d79d383e104a0455f76bb0d2248e
aed5aade370f65d015700850f0a3a80c5f47066e82d200f5cf1d2d44657388dd
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 09:56:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
region1.google-analytics.com/g/collect?v=2&tid=G-LT9YQX0N49>m=45je33t0&_p=1623802225&cid=280856218.1680256594&ul=en-us&sr=1280x1024&_s=1&sid=1680256593&sct=1&seg=0&dl=https%3A%2F%2Fwww.upload.ee%2Ffiles%2F14996398%2FKaspersky_Tweaker_2.23.3.6.exe.html&dr=https%3A%2F%2Fwww.upload.ee%2Fdownload%2F14996398%2Fb0c56b3e51781cac61f7%2Fkaspersky_tweaker_2.23.3.6.exe&dt=UPLOAD.EE%20-%20Kaspersky_Tweaker_2.23.3.6.exe%20-%20Download&en=page_view&_fv=1&_nsi=1&_ss=1
216.239.32.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-LT9YQX0N49>m=45je33t0&_p=1623802225&cid=280856218.1680256594&ul=en-us&sr=1280x1024&_s=1&sid=1680256593&sct=1&seg=0&dl=https%3A%2F%2Fwww.upload.ee%2Ffiles%2F14996398%2FKaspersky_Tweaker_2.23.3.6.exe.html&dr=https%3A%2F%2Fwww.upload.ee%2Fdownload%2F14996398%2Fb0c56b3e51781cac61f7%2Fkaspersky_tweaker_2.23.3.6.exe&dt=UPLOAD.EE%20-%20Kaspersky_Tweaker_2.23.3.6.exe%20-%20Download&en=page_view&_fv=1&_nsi=1&_ss=1
IP 216.239.32.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-LT9YQX0N49>m=45je33t0&_p=1623802225&cid=280856218.1680256594&ul=en-us&sr=1280x1024&_s=1&sid=1680256593&sct=1&seg=0&dl=https%3A%2F%2Fwww.upload.ee%2Ffiles%2F14996398%2FKaspersky_Tweaker_2.23.3.6.exe.html&dr=https%3A%2F%2Fwww.upload.ee%2Fdownload%2F14996398%2Fb0c56b3e51781cac61f7%2Fkaspersky_tweaker_2.23.3.6.exe&dt=UPLOAD.EE%20-%20Kaspersky_Tweaker_2.23.3.6.exe%20-%20Download&en=page_view&_fv=1&_nsi=1&_ss=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.upload.ee
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://www.upload.ee
date: Fri, 31 Mar 2023 09:56:34 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 19117005fc900e700ab942e4b13d0afe
2d48d3937bdc5baafcd2c82159cb3ce7c543ad19
6679b053adb36dbe2f2542b6a273eac279f6c83c11b5a0ae68098397069c9770
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6679B053ADB36DBE2F2542B6A273EAC279F6C83C11B5A0AE68098397069C9770"
Last-Modified: Thu, 30 Mar 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7657
Expires: Fri, 31 Mar 2023 12:04:11 GMT
Date: Fri, 31 Mar 2023 09:56:34 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash a54559cbe6b913272745930d0d88346a
dd59af51740af567109eec67847fcd515b191e0b
b76846074b40dba161bcbbc5c69434bec196efef09befb675ea5010566712091
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 09:56:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
serving.bepolite.eu/script?space=50dd7b0f-4105-441f-8f60-18cc3fcb090c&type=direct&page_id=3970025&screen_width=1280&screen_height=939&os=Linux%20x86_64&refurl=https%3A%2F%2Fwww.upload.ee%2Fdownload%2F14996398%2Fb0c56b3e51781cac61f7%2Fkaspersky_tweaker_2.23.3.6.exe&pageurl=https%3A%2F%2Fwww.upload.ee%2Ffiles%2F14996398%2FKaspersky_Tweaker_2.23.3.6.exe.html&rnd=1680256593621
212.47.222.21200 OK 2.2 kB URL HTTP/2 serving.bepolite.eu/script?space=50dd7b0f-4105-441f-8f60-18cc3fcb090c&type=direct&page_id=3970025&screen_width=1280&screen_height=939&os=Linux%20x86_64&refurl=https%3A%2F%2Fwww.upload.ee%2Fdownload%2F14996398%2Fb0c56b3e51781cac61f7%2Fkaspersky_tweaker_2.23.3.6.exe&pageurl=https%3A%2F%2Fwww.upload.ee%2Ffiles%2F14996398%2FKaspersky_Tweaker_2.23.3.6.exe.html&rnd=1680256593621
IP 212.47.222.21:0
ASN #3327 CITIC Telecom CPC Netherlands B.V.
File type ASCII text, with very long lines (529)
Hash dace60355f00ab40d2e353b889f2f640
061bdc09504bdf988f4d759fdc84b3d6a8648d39
391e474a7ba23f5896a2094f8344af2669c6cacf25a934053cda90f37fb80b03
GET /script?space=50dd7b0f-4105-441f-8f60-18cc3fcb090c&type=direct&page_id=3970025&screen_width=1280&screen_height=939&os=Linux%20x86_64&refurl=https%3A%2F%2Fwww.upload.ee%2Fdownload%2F14996398%2Fb0c56b3e51781cac61f7%2Fkaspersky_tweaker_2.23.3.6.exe&pageurl=https%3A%2F%2Fwww.upload.ee%2Ffiles%2F14996398%2FKaspersky_Tweaker_2.23.3.6.exe.html&rnd=1680256593621 HTTP/1.1
Host: serving.bepolite.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: private, must-revalidate, max-age=0
vary: accept-encoding
content-encoding: gzip
content-type: text/plain;charset=ISO-8859-1
date: Fri, 31 Mar 2023 09:54:48 GMT
set-cookie: bepolite_id=750e65a4d7587221a3d3c461814baeb6; Max-Age=7776000; Expires=Thu, 29-Jun-2023 09:54:49 GMT; SameSite=None; Secure
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 733960105
age: 0
via: 1.1 varnish (Varnish/6.2)
accept-ranges: bytes
content-length: 2153
server: lighttpd/1.4.64
X-Firefox-Spdy: h2
static.bepolite.eu/scripts/saresponsive.js
212.47.222.21200 OK 175 kB URL HTTP/2 static.bepolite.eu/scripts/saresponsive.js
IP 212.47.222.21:0
ASN #3327 CITIC Telecom CPC Netherlands B.V.
File type ASCII text, with very long lines (32077), with CRLF line terminators
Size 175 kB (174581 bytes)
Hash 5460c08214d99449b925ba6cba9044d4
61da313f0047e4ce6c97ad8b484f976ad51003ea
4ed2ec56f430465894d4a1f95c76f298d052084bffb775b3cb7685ad66c94c24
GET /scripts/saresponsive.js HTTP/1.1
Host: static.bepolite.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
accept-ranges: bytes
etag: "1274436603"
last-modified: Mon, 30 Jan 2023 22:16:03 GMT
content-length: 174581
date: Fri, 31 Mar 2023 09:54:48 GMT
server: lighttpd/1.4.55
cache-control: must-revalidate, private
expires: -1
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 735969689
age: 0
via: 1.1 varnish (Varnish/6.2)
X-Firefox-Spdy: h2
tpc.googlesyndication.com/sodar/sodar2.js
142.250.74.161200 OK 6.4 kB URL HTTP/2 tpc.googlesyndication.com/sodar/sodar2.js
IP 142.250.74.161:0
File type ASCII text, with very long lines (1321)
Hash ac906814ed812c4ecdbb624a3bd2f6c3
8e4547eaffaa66a1ee61b36028dbcd7091d0e7de
8ab8cef6156022c4547455defd8252b48b6bcb8b734072849345bb99758705fe
GET /sodar/sodar2.js HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 6386
date: Fri, 31 Mar 2023 09:56:35 GMT
expires: Fri, 31 Mar 2023 09:56:35 GMT
cache-control: private, max-age=3000
etag: "1637097310169751"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
tpc.googlesyndication.com/sodar/sodar2/225/runner.html
142.250.74.161200 OK 5.0 kB URL HTTP/2 tpc.googlesyndication.com/sodar/sodar2/225/runner.html
IP 142.250.74.161:0
File type HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2020)
Hash f530c16b248be97e10df228df6a41c24
ca3c3a38bbeef6906682b3e0b2a7be40c08b0925
f45287dcfd79a2411e79f98c834c6f7eff8a281a9b4fdba0124be9d204987786
GET /sodar/sodar2/225/runner.html HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload.ee/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 31 Mar 2023 08:38:19 GMT
expires: Sat, 30 Mar 2024 08:38:19 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
vary: Accept-Encoding
age: 4696
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash ee15ff6931559991c58a51cbecf4c8c5
073267ce58de3587f3e1b80914852f6acd56921f
2c90a44d2191b0276c9e0d0571c263a48f2b74cb287f683517c08449bd815ea5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 09:56:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
static.bepolite.eu/banners/bb3f0deb-a812-485f-b887-712f93dc786d/index.html?click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFyXK11fdPs3IeNfP6bzxtMQnHbv1x4o6qXW5N_td1kAcMUqF2vvQayIaz2v_SDiETohbMuxYNPMmDZk5JbFYOyJlkiyp4K9tQ5cpI-D7ah_stWWh1c9ELYUDh5DwWJWznfTHONRQaw88SQQDpRW6Jvfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-2Z1YbScZVmYCPIgRJUF43iNC5u29WWJtk7WtlflZOPf0U3opzE7RiamtfPNt2MkDPa5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttps%253A%252F%252Fcasino.chanz.com%252F%253Fztag%253DDISP_SEO_TV3_01_2023&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFyXK11fdPs3IeNfP6bzxtMQnHbv1x4o6qXW5N_td1kAcMUqF2vvQayIaz2v_SDiETohbMuxYNPMmDZk5JbFYOyJlkiyp4K9tQ5cpI-D7ah_stWWh1c9ELYUDh5DwWJWznfTHONRQaw88SQQDpRW6Jvfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-2Z1YbScZVmYCPIgRJUF43iNC5u29WWJtk7WtlflZOPf0U3opzE7RiamtfPNt2MkDPa5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fstatic.bepolite.eu%2Fbanners%2Fbb3f0deb-a812-485f-b887-712f93dc786d%2Findex.html&clink=https%3A%2F%2Fcasino.chanz.com%2F%3Fztag%3DDISP_SEO_TV3_01_2023&banner_id=f151b478f5d845d190ad2489f2f1d1a050dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=400&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
212.47.222.21200 OK 10 kB URL HTTP/2 static.bepolite.eu/banners/bb3f0deb-a812-485f-b887-712f93dc786d/index.html?click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFyXK11fdPs3IeNfP6bzxtMQnHbv1x4o6qXW5N_td1kAcMUqF2vvQayIaz2v_SDiETohbMuxYNPMmDZk5JbFYOyJlkiyp4K9tQ5cpI-D7ah_stWWh1c9ELYUDh5DwWJWznfTHONRQaw88SQQDpRW6Jvfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-2Z1YbScZVmYCPIgRJUF43iNC5u29WWJtk7WtlflZOPf0U3opzE7RiamtfPNt2MkDPa5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttps%253A%252F%252Fcasino.chanz.com%252F%253Fztag%253DDISP_SEO_TV3_01_2023&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFyXK11fdPs3IeNfP6bzxtMQnHbv1x4o6qXW5N_td1kAcMUqF2vvQayIaz2v_SDiETohbMuxYNPMmDZk5JbFYOyJlkiyp4K9tQ5cpI-D7ah_stWWh1c9ELYUDh5DwWJWznfTHONRQaw88SQQDpRW6Jvfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-2Z1YbScZVmYCPIgRJUF43iNC5u29WWJtk7WtlflZOPf0U3opzE7RiamtfPNt2MkDPa5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fstatic.bepolite.eu%2Fbanners%2Fbb3f0deb-a812-485f-b887-712f93dc786d%2Findex.html&clink=https%3A%2F%2Fcasino.chanz.com%2F%3Fztag%3DDISP_SEO_TV3_01_2023&banner_id=f151b478f5d845d190ad2489f2f1d1a050dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=400&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
IP 212.47.222.21:0
ASN #3327 CITIC Telecom CPC Netherlands B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4248)
Hash 74fa09091a88b27b209ccc04592b4f5a
1b1d1df1e7524cd5107427d79e81d7d6e1e1dd72
f93f5f3528f1015d56638cba62d5f0af2aee180c9b0adbd6794857b878a9c521
GET /banners/bb3f0deb-a812-485f-b887-712f93dc786d/index.html?click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFyXK11fdPs3IeNfP6bzxtMQnHbv1x4o6qXW5N_td1kAcMUqF2vvQayIaz2v_SDiETohbMuxYNPMmDZk5JbFYOyJlkiyp4K9tQ5cpI-D7ah_stWWh1c9ELYUDh5DwWJWznfTHONRQaw88SQQDpRW6Jvfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-2Z1YbScZVmYCPIgRJUF43iNC5u29WWJtk7WtlflZOPf0U3opzE7RiamtfPNt2MkDPa5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttps%253A%252F%252Fcasino.chanz.com%252F%253Fztag%253DDISP_SEO_TV3_01_2023&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFyXK11fdPs3IeNfP6bzxtMQnHbv1x4o6qXW5N_td1kAcMUqF2vvQayIaz2v_SDiETohbMuxYNPMmDZk5JbFYOyJlkiyp4K9tQ5cpI-D7ah_stWWh1c9ELYUDh5DwWJWznfTHONRQaw88SQQDpRW6Jvfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-2Z1YbScZVmYCPIgRJUF43iNC5u29WWJtk7WtlflZOPf0U3opzE7RiamtfPNt2MkDPa5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fstatic.bepolite.eu%2Fbanners%2Fbb3f0deb-a812-485f-b887-712f93dc786d%2Findex.html&clink=https%3A%2F%2Fcasino.chanz.com%2F%3Fztag%3DDISP_SEO_TV3_01_2023&banner_id=f151b478f5d845d190ad2489f2f1d1a050dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=400&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner HTTP/1.1
Host: static.bepolite.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload.ee/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
accept-ranges: bytes
etag: "572523589"
last-modified: Wed, 01 Mar 2023 09:14:48 GMT
content-length: 10227
date: Fri, 31 Mar 2023 09:54:49 GMT
server: lighttpd/1.4.55
cache-control: must-revalidate, private
expires: -1
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 734294393
age: 0
via: 1.1 varnish (Varnish/6.2)
X-Firefox-Spdy: h2
www.google.com/recaptcha/api2/aframe
142.250.74.164200 OK 514 B URL HTTP/2 www.google.com/recaptcha/api2/aframe
IP 142.250.74.164:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (783), with no line terminators
Hash 04048d396ec4bbd0164d7fc9784e292f
3fb135477ee32907f5c1fe92c7a980493b3a06b2
037f533220f05303d58d421f2db7bb29abf16ac0c21a73617aa93f6f561bdae9
GET /recaptcha/api2/aframe HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload.ee/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Fri, 31 Mar 2023 09:56:35 GMT
date: Fri, 31 Mar 2023 09:56:35 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'nonce-LObHpk3q1UwaK2V4aADivQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 514
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
static.bepolite.eu/banners/bb3f0deb-a812-485f-b887-712f93dc786d/631b80ca6c073fcdcc3b37247a841417.js
212.47.222.21200 OK 80 kB URL HTTP/2 static.bepolite.eu/banners/bb3f0deb-a812-485f-b887-712f93dc786d/631b80ca6c073fcdcc3b37247a841417.js
IP 212.47.222.21:0
ASN #3327 CITIC Telecom CPC Netherlands B.V.
File type ASCII text, with very long lines (54438)
Hash d0a533147bd0eaae0b7dcfcbdd8c744b
a79e420045e4e5e463bbd109eb6537005cd6bbfb
8acbb108a29c2ae5f684191925eef185c2c7dcc1f30aeebb4d35ca0ecba43a51
GET /banners/bb3f0deb-a812-485f-b887-712f93dc786d/631b80ca6c073fcdcc3b37247a841417.js HTTP/1.1
Host: static.bepolite.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://static.bepolite.eu/banners/bb3f0deb-a812-485f-b887-712f93dc786d/index.html?click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFyXK11fdPs3IeNfP6bzxtMQnHbv1x4o6qXW5N_td1kAcMUqF2vvQayIaz2v_SDiETohbMuxYNPMmDZk5JbFYOyJlkiyp4K9tQ5cpI-D7ah_stWWh1c9ELYUDh5DwWJWznfTHONRQaw88SQQDpRW6Jvfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-2Z1YbScZVmYCPIgRJUF43iNC5u29WWJtk7WtlflZOPf0U3opzE7RiamtfPNt2MkDPa5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttps%253A%252F%252Fcasino.chanz.com%252F%253Fztag%253DDISP_SEO_TV3_01_2023&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFyXK11fdPs3IeNfP6bzxtMQnHbv1x4o6qXW5N_td1kAcMUqF2vvQayIaz2v_SDiETohbMuxYNPMmDZk5JbFYOyJlkiyp4K9tQ5cpI-D7ah_stWWh1c9ELYUDh5DwWJWznfTHONRQaw88SQQDpRW6Jvfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-2Z1YbScZVmYCPIgRJUF43iNC5u29WWJtk7WtlflZOPf0U3opzE7RiamtfPNt2MkDPa5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fstatic.bepolite.eu%2Fbanners%2Fbb3f0deb-a812-485f-b887-712f93dc786d%2Findex.html&clink=https%3A%2F%2Fcasino.chanz.com%2F%3Fztag%3DDISP_SEO_TV3_01_2023&banner_id=f151b478f5d845d190ad2489f2f1d1a050dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=400&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
accept-ranges: bytes
etag: "614955062"
last-modified: Wed, 01 Mar 2023 09:14:48 GMT
content-length: 79856
date: Fri, 31 Mar 2023 09:54:49 GMT
server: lighttpd/1.4.55
cache-control: must-revalidate, private
expires: -1
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 735969698
age: 0
via: 1.1 varnish (Varnish/6.2)
X-Firefox-Spdy: h2
static.bepolite.eu/banners/bb3f0deb-a812-485f-b887-712f93dc786d/8c0cd95fb99740e4d804fd6f19cd4c7c.jpg
212.47.222.21200 OK 31 kB URL HTTP/2 static.bepolite.eu/banners/bb3f0deb-a812-485f-b887-712f93dc786d/8c0cd95fb99740e4d804fd6f19cd4c7c.jpg
IP 212.47.222.21:0
ASN #3327 CITIC Telecom CPC Netherlands B.V.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1000x400, components 3\012- data
Hash 8c0cd95fb99740e4d804fd6f19cd4c7c
bbbf0e51ceefddce57b6c9fc72ad68998976e399
e3db1310ab1f023aeb5d2e61fa0a5a5b2313169e4169fa3f081bc758a66ef15a
GET /banners/bb3f0deb-a812-485f-b887-712f93dc786d/8c0cd95fb99740e4d804fd6f19cd4c7c.jpg HTTP/1.1
Host: static.bepolite.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://static.bepolite.eu/banners/bb3f0deb-a812-485f-b887-712f93dc786d/index.html?click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFyXK11fdPs3IeNfP6bzxtMQnHbv1x4o6qXW5N_td1kAcMUqF2vvQayIaz2v_SDiETohbMuxYNPMmDZk5JbFYOyJlkiyp4K9tQ5cpI-D7ah_stWWh1c9ELYUDh5DwWJWznfTHONRQaw88SQQDpRW6Jvfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-2Z1YbScZVmYCPIgRJUF43iNC5u29WWJtk7WtlflZOPf0U3opzE7RiamtfPNt2MkDPa5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttps%253A%252F%252Fcasino.chanz.com%252F%253Fztag%253DDISP_SEO_TV3_01_2023&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFyXK11fdPs3IeNfP6bzxtMQnHbv1x4o6qXW5N_td1kAcMUqF2vvQayIaz2v_SDiETohbMuxYNPMmDZk5JbFYOyJlkiyp4K9tQ5cpI-D7ah_stWWh1c9ELYUDh5DwWJWznfTHONRQaw88SQQDpRW6Jvfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-2Z1YbScZVmYCPIgRJUF43iNC5u29WWJtk7WtlflZOPf0U3opzE7RiamtfPNt2MkDPa5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fstatic.bepolite.eu%2Fbanners%2Fbb3f0deb-a812-485f-b887-712f93dc786d%2Findex.html&clink=https%3A%2F%2Fcasino.chanz.com%2F%3Fztag%3DDISP_SEO_TV3_01_2023&banner_id=f151b478f5d845d190ad2489f2f1d1a050dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=400&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
accept-ranges: bytes
etag: "3231808938"
last-modified: Wed, 01 Mar 2023 09:14:48 GMT
content-length: 30825
date: Fri, 31 Mar 2023 09:54:49 GMT
server: lighttpd/1.4.55
cache-control: must-revalidate, private
expires: -1
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 735291815
age: 0
via: 1.1 varnish (Varnish/6.2)
X-Firefox-Spdy: h2
static.bepolite.eu/banners/bb3f0deb-a812-485f-b887-712f93dc786d/4ba0998343b8ff154fefc6391698ac98.jpg
212.47.222.21200 OK 40 kB URL HTTP/2 static.bepolite.eu/banners/bb3f0deb-a812-485f-b887-712f93dc786d/4ba0998343b8ff154fefc6391698ac98.jpg
IP 212.47.222.21:0
ASN #3327 CITIC Telecom CPC Netherlands B.V.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1000x400, components 3\012- data
Hash 4ba0998343b8ff154fefc6391698ac98
998778e3df0aa7b3254e65083265411f08a2b7f5
71577b1276d34013406bc323c7d2e93812c9f8b792c7043a8b111ccfca659436
GET /banners/bb3f0deb-a812-485f-b887-712f93dc786d/4ba0998343b8ff154fefc6391698ac98.jpg HTTP/1.1
Host: static.bepolite.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://static.bepolite.eu/banners/bb3f0deb-a812-485f-b887-712f93dc786d/index.html?click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFyXK11fdPs3IeNfP6bzxtMQnHbv1x4o6qXW5N_td1kAcMUqF2vvQayIaz2v_SDiETohbMuxYNPMmDZk5JbFYOyJlkiyp4K9tQ5cpI-D7ah_stWWh1c9ELYUDh5DwWJWznfTHONRQaw88SQQDpRW6Jvfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-2Z1YbScZVmYCPIgRJUF43iNC5u29WWJtk7WtlflZOPf0U3opzE7RiamtfPNt2MkDPa5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttps%253A%252F%252Fcasino.chanz.com%252F%253Fztag%253DDISP_SEO_TV3_01_2023&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFyXK11fdPs3IeNfP6bzxtMQnHbv1x4o6qXW5N_td1kAcMUqF2vvQayIaz2v_SDiETohbMuxYNPMmDZk5JbFYOyJlkiyp4K9tQ5cpI-D7ah_stWWh1c9ELYUDh5DwWJWznfTHONRQaw88SQQDpRW6Jvfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-2Z1YbScZVmYCPIgRJUF43iNC5u29WWJtk7WtlflZOPf0U3opzE7RiamtfPNt2MkDPa5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fstatic.bepolite.eu%2Fbanners%2Fbb3f0deb-a812-485f-b887-712f93dc786d%2Findex.html&clink=https%3A%2F%2Fcasino.chanz.com%2F%3Fztag%3DDISP_SEO_TV3_01_2023&banner_id=f151b478f5d845d190ad2489f2f1d1a050dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=400&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
accept-ranges: bytes
etag: "46406867"
last-modified: Wed, 01 Mar 2023 09:14:48 GMT
content-length: 40430
date: Fri, 31 Mar 2023 09:52:46 GMT
server: lighttpd/1.4.55
cache-control: must-revalidate, private
expires: -1
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 734120389
age: 0
via: 1.1 varnish (Varnish/6.2)
X-Firefox-Spdy: h2
ocsp.r2m02.amazontrust.com/
54.230.80.227200 OK 471 B URL HTTP/1.1 ocsp.r2m02.amazontrust.com/
IP 54.230.80.227:0
Hash 398a5af8ba10c375f5ee800baabe0549
5166f029c0165295cdf061f9c9ebd37a72fd3cb0
c5542caa7241cd507e9d2318249641e65a5b464bfaec45decacc8fcbd17ae20d
POST / HTTP/1.1
Host: ocsp.r2m02.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=113628
Date: Fri, 31 Mar 2023 09:56:35 GMT
Etag: "6425bc10-1d7"
Expires: Sat, 01 Apr 2023 17:30:23 GMT
Last-Modified: Thu, 30 Mar 2023 16:42:56 GMT
Server: ECAcc (bsa/EA9D)
X-Cache: Miss from cloudfront
Via: 1.1 04c4f064943f75498361739eb063cb7a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 5mTl8Pf9VmoxirMbB94aKg2vW-Y9rzt0sZzZ7uMQ9d4h2lAYBqBcIg==
Age: 2847
ocsp.digicert.com/
192.229.221.95200 OK 471 B IP 192.229.221.95:0
Hash 99b7b0f3b9863d2afef8f33f06535fd9
1ed3d74325212df10d7d321e785ae7076a74b37e
49515a0c8f3200d17e549bb667dc3cf8da82c479f6f9e89a2bc01f82fb1a5c88
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5184
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 09:56:35 GMT
Last-Modified: Fri, 31 Mar 2023 08:30:11 GMT
Server: ECAcc (ska/F776)
X-Cache: HIT
Content-Length: 471
track.adform.net/adfscript/?bn=62175825;encodedclick=https://serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYFyXK11fdPs3IeNfP6bzxtMQnHbv1x4o6qXW5N_td1kAcMUqF2vvQayIaz2v_SDiETohbMuxYNPMmDZk5JbFYOyJlkiyp4K9tQ5cpI-D7ah_stWWh1c9ELYUDh5DwWJWznfTHONRQaw88SQQDpRW6Jvfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-36mWZSMa0nRrykKktbKjnlk-kX9sly7y8jokQkPM5KCwdybsP0aZ9GgG702g-xPK3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q&clink=
37.157.5.141200 OK 913 B URL HTTP/2 track.adform.net/adfscript/?bn=62175825;encodedclick=https://serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYFyXK11fdPs3IeNfP6bzxtMQnHbv1x4o6qXW5N_td1kAcMUqF2vvQayIaz2v_SDiETohbMuxYNPMmDZk5JbFYOyJlkiyp4K9tQ5cpI-D7ah_stWWh1c9ELYUDh5DwWJWznfTHONRQaw88SQQDpRW6Jvfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-36mWZSMa0nRrykKktbKjnlk-kX9sly7y8jokQkPM5KCwdybsP0aZ9GgG702g-xPK3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q&clink=
IP 37.157.5.141:0
File type ASCII text, with very long lines (561), with CRLF line terminators
Hash ceb87383b45b18256431263f1a75509d
14ea3f2e106b845d1957dcbea6ef64d5b1aac220
2e2539ceac4689ae1c96cb6277491bf641267c48c9c4bc03791e42664c0e8ed9
GET /adfscript/?bn=62175825;encodedclick=https://serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYFyXK11fdPs3IeNfP6bzxtMQnHbv1x4o6qXW5N_td1kAcMUqF2vvQayIaz2v_SDiETohbMuxYNPMmDZk5JbFYOyJlkiyp4K9tQ5cpI-D7ah_stWWh1c9ELYUDh5DwWJWznfTHONRQaw88SQQDpRW6Jvfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-36mWZSMa0nRrykKktbKjnlk-kX9sly7y8jokQkPM5KCwdybsP0aZ9GgG702g-xPK3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q&clink= HTTP/1.1
Host: track.adform.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 09:56:35 GMT
content-type: text/javascript; charset=utf-8
content-length: 913
cache-control: no-cache, no-store, must-revalidate, no-transform
pragma: no-cache
content-encoding: gzip
expires: -1
vary: Accept-Encoding
access-control-allow-origin: *
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
set-cookie: C=1; domain=adform.net; expires=Sun, 30-Apr-2023 09:56:35 GMT; path=/
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
banner.hookusbookus.com/config/config.js?v=1
18.196.163.104200 OK 75 B URL HTTP/2 banner.hookusbookus.com/config/config.js?v=1
IP 18.196.163.104:0
Hash ee16e21326dec006274a554647c4d759
8e4389c35e12ea6d1e4d7214c174fda343047865
5ccb649c18765165e7128191ea14ab53d8de87d6ad7eea29328b681d455d7a4f
GET /config/config.js?v=1 HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFyXK11fdPs3IeNfP6bzxtMQnHbv1x4o6qXW5N_td1kAcMUqF2vvQayIaz2v_SDiETohbMuxYNPMmDZk5JbFYOyJlkiyp4K9tQ5cpI-D7ah_stWWh1c9ELYUDh5DwWJWznfTHONRQaw88SQQDpRW6Jvfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-0yWHtpVkHVFlQET7TPvwGdUCqaUrLvSlabHd6Rn1_xvCgKRsK9yKf7ApdJKQrLOova5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFyXK11fdPs3IeNfP6bzxtMQnHbv1x4o6qXW5N_td1kAcMUqF2vvQayIaz2v_SDiETohbMuxYNPMmDZk5JbFYOyJlkiyp4K9tQ5cpI-D7ah_stWWh1c9ELYUDh5DwWJWznfTHONRQaw88SQQDpRW6Jvfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-0yWHtpVkHVFlQET7TPvwGdUCqaUrLvSlabHd6Rn1_xvCgKRsK9yKf7ApdJKQrLOova5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=19ca0706bf674a54a7c24ee15e7929c550dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 31 Mar 2023 09:56:35 GMT
content-type: application/javascript
content-length: 75
server: nginx/1.15.12
last-modified: Tue, 24 Jan 2023 14:19:47 GMT
etag: "63cfe903-4b"
accept-ranges: bytes
X-Firefox-Spdy: h2
banner.hookusbookus.com/assets/js/jquery.min.js
18.196.163.104200 OK 33 kB URL HTTP/2 banner.hookusbookus.com/assets/js/jquery.min.js
IP 18.196.163.104:0
Hash abe640987bbfd58523808a38878be2e9
fcfb18a174e5abacfdab46d451efdf669f9348f8
996004e341e3d1650fb8db52d7a2aec406072b79bd323f3624fdfc68dc13205f
GET /assets/js/jquery.min.js HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFyXK11fdPs3IeNfP6bzxtMQnHbv1x4o6qXW5N_td1kAcMUqF2vvQayIaz2v_SDiETohbMuxYNPMmDZk5JbFYOyJlkiyp4K9tQ5cpI-D7ah_stWWh1c9ELYUDh5DwWJWznfTHONRQaw88SQQDpRW6Jvfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-0yWHtpVkHVFlQET7TPvwGdUCqaUrLvSlabHd6Rn1_xvCgKRsK9yKf7ApdJKQrLOova5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFyXK11fdPs3IeNfP6bzxtMQnHbv1x4o6qXW5N_td1kAcMUqF2vvQayIaz2v_SDiETohbMuxYNPMmDZk5JbFYOyJlkiyp4K9tQ5cpI-D7ah_stWWh1c9ELYUDh5DwWJWznfTHONRQaw88SQQDpRW6Jvfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-0yWHtpVkHVFlQET7TPvwGdUCqaUrLvSlabHd6Rn1_xvCgKRsK9yKf7ApdJKQrLOova5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=19ca0706bf674a54a7c24ee15e7929c550dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 31 Mar 2023 09:56:35 GMT
content-type: application/javascript
server: nginx/1.15.12
last-modified: Thu, 22 Apr 2021 07:20:15 GMT
vary: Accept-Encoding
etag: W/"608123af-15d84"
content-encoding: gzip
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 195589ff3c6c50463257f10da16de114
7119aeba010d5c5c224fa544feff6f1761739929
dbb5774621e0eee6f9641f6078a650a78d281019726ade7a52c150f0988cd12b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DBB5774621E0EEE6F9641F6078A650A78D281019726ADE7A52C150F0988CD12B"
Last-Modified: Wed, 29 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12549
Expires: Fri, 31 Mar 2023 13:25:44 GMT
Date: Fri, 31 Mar 2023 09:56:35 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 195589ff3c6c50463257f10da16de114
7119aeba010d5c5c224fa544feff6f1761739929
dbb5774621e0eee6f9641f6078a650a78d281019726ade7a52c150f0988cd12b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DBB5774621E0EEE6F9641F6078A650A78D281019726ADE7A52C150F0988CD12B"
Last-Modified: Wed, 29 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12549
Expires: Fri, 31 Mar 2023 13:25:44 GMT
Date: Fri, 31 Mar 2023 09:56:35 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0794d5a0-7014-425b-9ea0-5dca44ddb4dd.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0794d5a0-7014-425b-9ea0-5dca44ddb4dd.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ef54a1ed997cc09495edb102ccdf6803
f5637efb37b5eecff77e60e6bcf5f599991f334f
fa76d7a82dc15baf02b207cea874d1332c20a0ebe1eea99929a6f2746608412c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0794d5a0-7014-425b-9ea0-5dca44ddb4dd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8745
x-amzn-requestid: e1d8dab6-4c15-4752-b528-21854c93a11c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CguJ5Hy5oAMFyAg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64235d72-4bd62c8472f7257a155b2a80;Sampled=0
x-amzn-remapped-date: Tue, 28 Mar 2023 21:34:42 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: LAAUFZcFBIpdMUkaDQXGW1sdwLK9c_uhQQHLiJHGF7dEvfJ0KX7MaA==
via: 1.1 8f251d23da31b683c3c9d6fad6ca944c.cloudfront.net (CloudFront), 1.1 331202b5b8aab67acbf389883133f256.cloudfront.net (CloudFront), 1.1 google
date: Fri, 31 Mar 2023 06:44:37 GMT
age: 11518
etag: "f5637efb37b5eecff77e60e6bcf5f599991f334f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fccede828-1c24-4287-bb00-f793263370cf.jpeg
34.120.237.76200 OK 6.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fccede828-1c24-4287-bb00-f793263370cf.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8a2b8f737604b7983cf686c82599dc73
aa63be93c4cd641f09ce0d5144ef60aab21caed1
78835586bfd170fee7e6f70b2b426ed186f5aeae969459c6dcbf527ba9c0deec
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fccede828-1c24-4287-bb00-f793263370cf.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6380
x-amzn-requestid: 0a129a69-0720-47a0-8b0e-b3200de24204
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CnUn6E19IAMF9SQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64260165-564474a42e79d1dc4eb9558f;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Thu, 30 Mar 2023 21:38:45 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: L6tgzFrj9t69Rnfd9bziAPiROAX0tvcj9Kcg8sXkto8qRFeKqiwkpg==
via: 1.1 b5695e36d7fbc522ece27885d73757ae.cloudfront.net (CloudFront), 1.1 7514e5e25722778fd4b1744d4ecc67e0.cloudfront.net (CloudFront), 1.1 google
date: Thu, 30 Mar 2023 22:17:06 GMT
age: 41969
etag: "aa63be93c4cd641f09ce0d5144ef60aab21caed1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe2d531a5-067e-452b-8349-d9f2a461ba4a.jpeg
34.120.237.76200 OK 9.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe2d531a5-067e-452b-8349-d9f2a461ba4a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1688ae550e5e9181de2448a9cade8a26
a46eb0cd75f46778dc802b648f7c391ce801c700
e717e6e64c928571506bc6d19e3d9ce19bea3292f01618a6d9ddbbaffe65ffd1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe2d531a5-067e-452b-8349-d9f2a461ba4a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9055
x-amzn-requestid: 1fad6d1e-3380-4574-9796-ca6bde35b507
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CnUneEK8IAMF1EQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64260162-690f6e9933616e9b74b70435;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Thu, 30 Mar 2023 21:38:42 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: 5qljjE3ByqQaRJhcpkBZFcYVH4lCoP2idQM0iPBAT7znLfoZmO0lUg==
via: 1.1 ee6ea1e4552345de209d26f9ffb35d4a.cloudfront.net (CloudFront), 1.1 b23fb37cd7fff033ab21e3284f558a28.cloudfront.net (CloudFront), 1.1 google
date: Thu, 30 Mar 2023 21:46:29 GMT
age: 43806
etag: "a46eb0cd75f46778dc802b648f7c391ce801c700"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29b45e61-5c2e-4b1b-929e-70c72bde0787.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29b45e61-5c2e-4b1b-929e-70c72bde0787.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 211d737362f7cbcd8c77cee7d29fa2f5
668d1d80c88082928c6ca01fbf1ccbfcd079f64f
05672d4ab964a706c41d73b51592ca2425983e77544f08198dd2d3a7dcc5b3a1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29b45e61-5c2e-4b1b-929e-70c72bde0787.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11114
x-amzn-requestid: e9e6a6b5-e6e8-4ca4-9302-a1fc023a38af
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CkypoH5goAMF6Hw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6424fe3d-63c6c8465407f5dc26e9aced;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Thu, 30 Mar 2023 03:13:01 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: HsI--rdD7nPKwY0W7f_eIm1y-oz6BbWkLea2jX-JmxY6_I8ncpD-cg==
via: 1.1 8ead054384c1626556ee4410cad35692.cloudfront.net (CloudFront), 1.1 4c48e9fb20d53d40e9fe273dbdae1098.cloudfront.net (CloudFront), 1.1 google
date: Thu, 30 Mar 2023 14:31:29 GMT
age: 69906
etag: "668d1d80c88082928c6ca01fbf1ccbfcd079f64f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff94a70cc-7556-4fae-8603-14d3b253f74c.jpeg
34.120.237.76200 OK 9.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff94a70cc-7556-4fae-8603-14d3b253f74c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash da174e6ccc9451c5071ba10eeb97f6f6
c38827a9ac1218768839877263e1f2984fbdc454
76da406c8ae8cd6ca8471928f3aec3876aed2c21bc10edc0fbdaef5c100c1030
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff94a70cc-7556-4fae-8603-14d3b253f74c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9859
x-amzn-requestid: c00efe5b-7fdb-445a-a924-75ddd461b72b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: COQPtHizoAMF7-Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641bfa64-3eb90ae703b78e8a06130540;Sampled=0
x-amzn-remapped-date: Thu, 23 Mar 2023 07:06:12 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: nZfXy-IsoHliuLodEocEZlH-IvmIV9G-noSmSEU1wmuMPfBx3rLJ9w==
via: 1.1 02f1a759e4ec9fab6fc17c080dd851dc.cloudfront.net (CloudFront), 1.1 331202b5b8aab67acbf389883133f256.cloudfront.net (CloudFront), 1.1 google
date: Thu, 30 Mar 2023 11:37:45 GMT
age: 80330
etag: "c38827a9ac1218768839877263e1f2984fbdc454"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9aa12abd-bde1-4533-85ef-2cc555105c71.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9aa12abd-bde1-4533-85ef-2cc555105c71.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a3b5eaa5d578299f8a506df71865d4d5
99fc13dea248dd6316e4abe545c80ad9df9bc1cd
30baa165074984ba7de6fc42cd1959d63c3f17c8f5b7cfabd68511136ff9e4ac
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9aa12abd-bde1-4533-85ef-2cc555105c71.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10323
x-amzn-requestid: 5851fc9d-f75e-4237-87de-45b881d1d553
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CnUnJEb4IAMFh8A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64260160-2003d3df2d802faa74ca5096;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Thu, 30 Mar 2023 21:38:40 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: 28pB4vd4QIm-Q7aEpaoOVhSU5Tw7HiZfViMfqJ_Jk4Z2KtoDOcaOrg==
via: 1.1 0a166b53605851fe961f5a2952e5a748.cloudfront.net (CloudFront), 1.1 efcf7b9d0f917f9ebf314db03e52d9b6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 30 Mar 2023 22:03:50 GMT
age: 42765
etag: "99fc13dea248dd6316e4abe545c80ad9df9bc1cd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
37.157.2.247200 OK 19 kB URL HTTP/2 s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
IP 37.157.2.247:0
File type ASCII text, with very long lines (3108), with CRLF, LF line terminators
Hash cc5e52c922da7343062b1860597102c1
110e8fb437aac54cd77f8549674ab5db539590d5
0605a2ea562d127e0a676b7c30439956cd1bebc646e9f729777128528eb72b90
GET /stoat/626/s1.adform.net/bootstrap.js HTTP/1.1
Host: s1.adform.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 09:56:35 GMT
content-type: text/javascript
vary: Accept-Encoding
access-control-allow-origin: *
last-modified: Wed, 21 Dec 2022 11:59:41 GMT
cache-control: public, max-age=100000
expires: Fri, 03 Feb 2023 15:46:58 GMT
x-cache-status: UPDATING
content-encoding: gzip
X-Firefox-Spdy: h2
banner.hookusbookus.com/assets/fonts/greycliff-cf-regular.woff
18.196.163.104200 OK 53 kB URL HTTP/2 banner.hookusbookus.com/assets/fonts/greycliff-cf-regular.woff
IP 18.196.163.104:0
File type Web Open Font Format, TrueType, length 53104, version 1.500\012- data
Hash 4f5975fe17a8ca74963be0165ff6a443
4bca2ab6c3da2b6ae09602601adeac22e7a90381
5b8f98e0c93afef19bd64c3dea2a16d60dc1574e5a4a79b788ef03b9eb3c22df
GET /assets/fonts/greycliff-cf-regular.woff HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://banner.hookusbookus.com/assets/css/index_1000x200.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 31 Mar 2023 09:56:35 GMT
content-type: font/woff
content-length: 53104
server: nginx/1.15.12
last-modified: Thu, 22 Apr 2021 07:20:15 GMT
etag: "608123af-cf70"
accept-ranges: bytes
X-Firefox-Spdy: h2
dskwugy0u6y9l.cloudfront.net/hotelliveeb/images/general/1/siAdbm36aJT4SbFwxrl2.jpg
54.230.245.217200 OK 46 kB URL HTTP/2 dskwugy0u6y9l.cloudfront.net/hotelliveeb/images/general/1/siAdbm36aJT4SbFwxrl2.jpg
IP 54.230.245.217:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 346x198, components 3\012- data
Hash 91451d1ec57ce1bc7c4c8ca7bddec42f
45745a127deca1d09ce6b76ad6fc61098a40d488
acbf223b98dddada08e0b403986fc5f7bfd8c360d6c63cd50cafc3fc5540979d
GET /hotelliveeb/images/general/1/siAdbm36aJT4SbFwxrl2.jpg HTTP/1.1
Host: dskwugy0u6y9l.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://banner.hookusbookus.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/jpeg
content-length: 46158
date: Thu, 30 Mar 2023 18:41:25 GMT
last-modified: Wed, 12 Jan 2022 12:30:51 GMT
etag: "91451d1ec57ce1bc7c4c8ca7bddec42f"
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: C8R6JzS5e7uIJg9IbgTB24Pg_r0CZNEFE4xpaRW8ig3H4VciAmNkyg==
age: 54911
X-Firefox-Spdy: h2
s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.226/e/.gBBwCDA/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
37.157.2.247200 OK 78 kB URL HTTP/2 s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.226/e/.gBBwCDA/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
IP 37.157.2.247:0
Hash fd3cdd21b9b57c3caa744a82825f1b45
3b9d20b61e8f5515ed382bd449cd40011ea3622d
a245b5a9aa216aa7a825a6def3684cfa4794b1eda1da8c0d80b59d3becf69b92
GET /stoat/626/s1.adform.net/load/v/0.0.226/e/.gBBwCDA/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard HTTP/1.1
Host: s1.adform.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 09:56:35 GMT
content-type: text/javascript
vary: Accept-Encoding
access-control-allow-origin: *
last-modified: Wed, 21 Dec 2022 11:59:41 GMT
cache-control: public, max-age=100000
expires: Fri, 03 Feb 2023 15:58:32 GMT
x-cache-status: STALE
content-encoding: gzip
X-Firefox-Spdy: h2
s1.adform.net/Banners/Elements/Files/2085866/12442573/bvpath_259/media/9290857b8b28cb7896f849e9637fb97e.jpg
37.157.2.247200 OK 28 kB URL HTTP/2 s1.adform.net/Banners/Elements/Files/2085866/12442573/bvpath_259/media/9290857b8b28cb7896f849e9637fb97e.jpg
IP 37.157.2.247:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1044x608, components 3\012- data
Hash 9290857b8b28cb7896f849e9637fb97e
ae06dc82318f0ea7fae2ceb94dd40575c7c51098
0100f531512085da331d105914b0ba1bb6b4194c4b50a2c17aa94e37d05d797a
GET /Banners/Elements/Files/2085866/12442573/bvpath_259/media/9290857b8b28cb7896f849e9637fb97e.jpg HTTP/1.1
Host: s1.adform.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 09:56:35 GMT
content-type: image/jpeg
content-length: 28369
last-modified: Wed, 01 Mar 2023 11:13:48 GMT
x-rgw-object-type: Normal
etag: "9290857b8b28cb7896f849e9637fb97e"
x-amz-request-id: tx0000029a848da27ed4b0a-006418d9d6-32957dc9-default
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
cache-control: public, max-age=604800
x-cache-status: STALE
accept-ranges: bytes
X-Firefox-Spdy: h2
static.bepolite.eu/files/close-gray.png
212.47.222.21200 OK 1.5 kB URL HTTP/2 static.bepolite.eu/files/close-gray.png
IP 212.47.222.21:0
ASN #3327 CITIC Telecom CPC Netherlands B.V.
File type PNG image data, 35 x 35, 8-bit/color RGBA, non-interlaced\012- data
Hash 41d9676ab94bece3f7a549b4769ddbe2
521f14490fc57fea51e2e5bf00e2299dce51561b
c2f89787bda82263fceb9ec11d398fa83a5f22abf248956df29bdee2987d2f34
GET /files/close-gray.png HTTP/1.1
Host: static.bepolite.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/png
accept-ranges: bytes
etag: "2525417386"
last-modified: Fri, 08 Apr 2022 18:07:56 GMT
content-length: 1497
date: Fri, 31 Mar 2023 09:54:50 GMT
server: lighttpd/1.4.55
cache-control: must-revalidate, private
expires: -1
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 734294423
age: 0
via: 1.1 varnish (Varnish/6.2)
X-Firefox-Spdy: h2
s1.adform.net/Banners/Elements/Files/2085866/12442573/bvpath_259/media/0e10837ecf13c859f57c254a5c06eaf0.png
37.157.2.247200 OK 79 kB URL HTTP/2 s1.adform.net/Banners/Elements/Files/2085866/12442573/bvpath_259/media/0e10837ecf13c859f57c254a5c06eaf0.png
IP 37.157.2.247:0
File type PNG image data, 358 x 882, 8-bit colormap, non-interlaced\012- data
Hash 0e10837ecf13c859f57c254a5c06eaf0
4930d97fa980ca7a05138b3b95cf1d1e967e8991
cc7483e4710b5ccf3556846fea7a11ae07febafdf97fe4096d411e7de7b51c08
GET /Banners/Elements/Files/2085866/12442573/bvpath_259/media/0e10837ecf13c859f57c254a5c06eaf0.png HTTP/1.1
Host: s1.adform.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 09:56:35 GMT
content-type: image/png
content-length: 78983
last-modified: Wed, 01 Mar 2023 11:13:48 GMT
x-rgw-object-type: Normal
etag: "0e10837ecf13c859f57c254a5c06eaf0"
x-amz-request-id: tx0000071597ddd0f483564-006418d9d6-3295cdcc-default
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
cache-control: public, max-age=604800
x-cache-status: STALE
accept-ranges: bytes
X-Firefox-Spdy: h2
s1.adform.net/Banners/Elements/Files/2085866/12442573/bvpath_259/media/f95692c26914d5d3607f74c90a9bc564.png
37.157.2.247200 OK 4.2 kB URL HTTP/2 s1.adform.net/Banners/Elements/Files/2085866/12442573/bvpath_259/media/f95692c26914d5d3607f74c90a9bc564.png
IP 37.157.2.247:0
File type PNG image data, 76 x 78, 8-bit colormap, non-interlaced\012- data
Hash f95692c26914d5d3607f74c90a9bc564
c30d2ab95654602f9dc9c4a4ad98fa69a5c928be
210964977f045b3dee7153b83454ad5606638c86cd59321dc267390404a44e92
GET /Banners/Elements/Files/2085866/12442573/bvpath_259/media/f95692c26914d5d3607f74c90a9bc564.png HTTP/1.1
Host: s1.adform.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 09:56:35 GMT
content-type: image/png
content-length: 4224
last-modified: Wed, 01 Mar 2023 11:13:48 GMT
x-rgw-object-type: Normal
etag: "f95692c26914d5d3607f74c90a9bc564"
x-amz-request-id: tx00000d12fdac5f4cbf64b-006418d9d4-32957db0-default
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
cache-control: public, max-age=604800
x-cache-status: STALE
accept-ranges: bytes
X-Firefox-Spdy: h2
s1.adform.net/Banners/Elements/Files/2085866/12442573/bvpath_259/media/b6ba3e358ba35d36fcaf607ab8755c4a.png
37.157.2.247200 OK 11 kB URL HTTP/2 s1.adform.net/Banners/Elements/Files/2085866/12442573/bvpath_259/media/b6ba3e358ba35d36fcaf607ab8755c4a.png
IP 37.157.2.247:0
File type PNG image data, 158 x 164, 8-bit colormap, non-interlaced\012- data
Hash b6ba3e358ba35d36fcaf607ab8755c4a
d413ff7b03a093b8ea24ec5baf2c68d3ff476039
40ac732c1c011eeb766afab40a24bda0aaa3288d1761a5e5c5df09e6d5e7d952
GET /Banners/Elements/Files/2085866/12442573/bvpath_259/media/b6ba3e358ba35d36fcaf607ab8755c4a.png HTTP/1.1
Host: s1.adform.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 09:56:35 GMT
content-type: image/png
content-length: 11134
last-modified: Wed, 01 Mar 2023 11:13:48 GMT
x-rgw-object-type: Normal
etag: "b6ba3e358ba35d36fcaf607ab8755c4a"
x-amz-request-id: tx00000a785908245910499-006418d9d6-3295a5be-default
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
cache-control: public, max-age=604800
x-cache-status: STALE
accept-ranges: bytes
X-Firefox-Spdy: h2
s1.adform.net/Banners/Elements/Files/2085866/12442573/bvpath_259/media/80f1bd9e483395513177e4a676e8f60e.svg
37.157.2.247200 OK 2.8 kB URL HTTP/2 s1.adform.net/Banners/Elements/Files/2085866/12442573/bvpath_259/media/80f1bd9e483395513177e4a676e8f60e.svg
IP 37.157.2.247:0
Hash 39ac45599fd11e5f97ac148a84920b41
169ca13c54e930785aa7736d1c22a086587730d9
8f8d958131995479dfa5e66734c555a6da8302e3ad1fed573e2d88e10d8ebc51
GET /Banners/Elements/Files/2085866/12442573/bvpath_259/media/80f1bd9e483395513177e4a676e8f60e.svg HTTP/1.1
Host: s1.adform.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 09:56:35 GMT
content-type: image/svg+xml
vary: Accept-Encoding
last-modified: Wed, 01 Mar 2023 11:13:48 GMT
x-rgw-object-type: Normal
etag: W/"80f1bd9e483395513177e4a676e8f60e"
x-amz-request-id: tx00000e092822ce2fa1ed9-006418d9d6-3295a5be-default
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
cache-control: public, max-age=604800
x-cache-status: STALE
content-encoding: gzip
X-Firefox-Spdy: h2
serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYFyXK11fdPs3IeNfP6bzxtMQnHbv1x4o6qXW5N_td1kAcMUqF2vvQayIaz2v_SDiETohbMuxYNPMmDZk5JbFYOyJlkiyp4K9tQ5cpI-D7ah_stWWh1c9ELYUDh5DwWJWznfTHONRQaw88SQQDpRW6Jvfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-2Z1YbScZVmYCPIgRJUF43iNC5u29WWJtk7WtlflZOPf0U3opzE7RiamtfPNt2MkDPa5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g
212.47.222.21200 OK 0 B URL HTTP/2 serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYFyXK11fdPs3IeNfP6bzxtMQnHbv1x4o6qXW5N_td1kAcMUqF2vvQayIaz2v_SDiETohbMuxYNPMmDZk5JbFYOyJlkiyp4K9tQ5cpI-D7ah_stWWh1c9ELYUDh5DwWJWznfTHONRQaw88SQQDpRW6Jvfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-2Z1YbScZVmYCPIgRJUF43iNC5u29WWJtk7WtlflZOPf0U3opzE7RiamtfPNt2MkDPa5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g
IP 212.47.222.21:0
ASN #3327 CITIC Telecom CPC Netherlands B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET /event?key=FYFWuDany3hwv6rfuoAYFyXK11fdPs3IeNfP6bzxtMQnHbv1x4o6qXW5N_td1kAcMUqF2vvQayIaz2v_SDiETohbMuxYNPMmDZk5JbFYOyJlkiyp4K9tQ5cpI-D7ah_stWWh1c9ELYUDh5DwWJWznfTHONRQaw88SQQDpRW6Jvfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-2Z1YbScZVmYCPIgRJUF43iNC5u29WWJtk7WtlflZOPf0U3opzE7RiamtfPNt2MkDPa5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g HTTP/1.1
Host: serving.bepolite.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload.ee/
Cookie: bepolite_id=750e65a4d7587221a3d3c461814baeb6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 0
date: Fri, 31 Mar 2023 09:52:24 GMT
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 734423442
age: 0
via: 1.1 varnish (Varnish/6.2)
accept-ranges: bytes
server: lighttpd/1.4.64
X-Firefox-Spdy: h2
serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYFyXK11fdPs3IeNfP6bzxtMQnHbv1x4o6qXW5N_td1kAcMUqF2vvQayIaz2v_SDiETohbMuxYNPMmDZk5JbFYOyJlkiyp4K9tQ5cpI-D7ah_stWWh1c9ELYUDh5DwWJWznfTHONRQaw88SQQDpRW6Jvfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-36mWZSMa0nRrykKktbKjnlk-kX9sly7y8jokQkPM5KCwdybsP0aZ9GgG702g-xPK3a5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g
212.47.222.21200 OK 0 B URL HTTP/2 serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYFyXK11fdPs3IeNfP6bzxtMQnHbv1x4o6qXW5N_td1kAcMUqF2vvQayIaz2v_SDiETohbMuxYNPMmDZk5JbFYOyJlkiyp4K9tQ5cpI-D7ah_stWWh1c9ELYUDh5DwWJWznfTHONRQaw88SQQDpRW6Jvfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-36mWZSMa0nRrykKktbKjnlk-kX9sly7y8jokQkPM5KCwdybsP0aZ9GgG702g-xPK3a5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g
IP 212.47.222.21:0
ASN #3327 CITIC Telecom CPC Netherlands B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET /event?key=FYFWuDany3hwv6rfuoAYFyXK11fdPs3IeNfP6bzxtMQnHbv1x4o6qXW5N_td1kAcMUqF2vvQayIaz2v_SDiETohbMuxYNPMmDZk5JbFYOyJlkiyp4K9tQ5cpI-D7ah_stWWh1c9ELYUDh5DwWJWznfTHONRQaw88SQQDpRW6Jvfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-36mWZSMa0nRrykKktbKjnlk-kX9sly7y8jokQkPM5KCwdybsP0aZ9GgG702g-xPK3a5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g HTTP/1.1
Host: serving.bepolite.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload.ee/
Cookie: bepolite_id=750e65a4d7587221a3d3c461814baeb6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 0
date: Fri, 31 Mar 2023 09:54:49 GMT
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 734294426
age: 0
via: 1.1 varnish (Varnish/6.2)
accept-ranges: bytes
server: lighttpd/1.4.64
X-Firefox-Spdy: h2
serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYFyXK11fdPs3IeNfP6bzxtMQnHbv1x4o6qXW5N_td1kAcMUqF2vvQayIaz2v_SDiETohbMuxYNPMmDZk5JbFYOyJlkiyp4K9tQ5cpI-D7ah_stWWh1c9ELYUDh5DwWJWznfTHONRQaw88SQQDpRW6Jvfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-0yWHtpVkHVFlQET7TPvwGdUCqaUrLvSlabHd6Rn1_xvCgKRsK9yKf7ApdJKQrLOova5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g
212.47.222.21200 OK 0 B URL HTTP/2 serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYFyXK11fdPs3IeNfP6bzxtMQnHbv1x4o6qXW5N_td1kAcMUqF2vvQayIaz2v_SDiETohbMuxYNPMmDZk5JbFYOyJlkiyp4K9tQ5cpI-D7ah_stWWh1c9ELYUDh5DwWJWznfTHONRQaw88SQQDpRW6Jvfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-0yWHtpVkHVFlQET7TPvwGdUCqaUrLvSlabHd6Rn1_xvCgKRsK9yKf7ApdJKQrLOova5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g
IP 212.47.222.21:0
ASN #3327 CITIC Telecom CPC Netherlands B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET /event?key=FYFWuDany3hwv6rfuoAYFyXK11fdPs3IeNfP6bzxtMQnHbv1x4o6qXW5N_td1kAcMUqF2vvQayIaz2v_SDiETohbMuxYNPMmDZk5JbFYOyJlkiyp4K9tQ5cpI-D7ah_stWWh1c9ELYUDh5DwWJWznfTHONRQaw88SQQDpRW6Jvfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-0yWHtpVkHVFlQET7TPvwGdUCqaUrLvSlabHd6Rn1_xvCgKRsK9yKf7ApdJKQrLOova5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g HTTP/1.1
Host: serving.bepolite.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload.ee/
Cookie: bepolite_id=750e65a4d7587221a3d3c461814baeb6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 0
date: Fri, 31 Mar 2023 09:52:46 GMT
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 734120422
age: 0
via: 1.1 varnish (Varnish/6.2)
accept-ranges: bytes
server: lighttpd/1.4.64
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash bf29feb5d124115ffaf0b00e89ab0309
693d2ad3694d3171af6545ef4758855127b2e669
40c67d04ae6c3d13fd0a77cf0c804660a5498d0c24425162f8e21c86d9e85eb1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 09:56:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash bf29feb5d124115ffaf0b00e89ab0309
693d2ad3694d3171af6545ef4758855127b2e669
40c67d04ae6c3d13fd0a77cf0c804660a5498d0c24425162f8e21c86d9e85eb1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 09:56:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash bf29feb5d124115ffaf0b00e89ab0309
693d2ad3694d3171af6545ef4758855127b2e669
40c67d04ae6c3d13fd0a77cf0c804660a5498d0c24425162f8e21c86d9e85eb1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 09:56:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
s1.adform.net/banners/scripts/rmb/Adform.DHTML.js?bv=626
37.157.2.247200 OK 59 kB URL HTTP/2 s1.adform.net/banners/scripts/rmb/Adform.DHTML.js?bv=626
IP 37.157.2.247:0
Hash 76f517b4ac9e6d716910039f44ea4f5d
de55c09d789dfa3247d6de90a4a46e7a25991139
67160336858b9326ea98de31076c1895c519da1df41733fd8527eb4439a7e601
GET /banners/scripts/rmb/Adform.DHTML.js?bv=626 HTTP/1.1
Host: s1.adform.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 09:56:35 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 08 Jun 2022 12:02:22 GMT
x-rgw-object-type: Normal
etag: W/"4731aef0a5114a59b4311776d270e848"
x-amz-request-id: tx0000015bdd5c9ed468257-0063765d71-32940f80-default
access-control-allow-origin: *
cache-control: public, max-age=604800
x-cache-status: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash bf29feb5d124115ffaf0b00e89ab0309
693d2ad3694d3171af6545ef4758855127b2e669
40c67d04ae6c3d13fd0a77cf0c804660a5498d0c24425162f8e21c86d9e85eb1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 09:56:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
track.adform.net/csimpr/?bn=62175825&csi=MftHUnRo24WxiIS28SS2b_KLmKbcI83TubReDW0X8JfbNUjYKkRX5toj5KtB9xV1KbQDOU7A4V95mneOh8kEfbyOpNDfIsLF0
37.157.5.141200 OK 35 B URL HTTP/2 track.adform.net/csimpr/?bn=62175825&csi=MftHUnRo24WxiIS28SS2b_KLmKbcI83TubReDW0X8JfbNUjYKkRX5toj5KtB9xV1KbQDOU7A4V95mneOh8kEfbyOpNDfIsLF0
IP 37.157.5.141:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
POST /csimpr/?bn=62175825&csi=MftHUnRo24WxiIS28SS2b_KLmKbcI83TubReDW0X8JfbNUjYKkRX5toj5KtB9xV1KbQDOU7A4V95mneOh8kEfbyOpNDfIsLF0 HTTP/1.1
Host: track.adform.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 0
Origin: https://www.upload.ee
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 09:56:36 GMT
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate, no-transform
pragma: no-cache
expires: -1
access-control-allow-origin: https://www.upload.ee
access-control-allow-credentials: true
access-control-allow-methods: GET, POST
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
access-control-max-age: 86400
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
track.adform.net/serving/unload/?version=15&unload=-5932061713061764574@@62175825,3918139576296254629,89|1010|0|0|0|0|0|0|0||153|0|||||1|0|0|3n2bZqioS0mjXuUM8tfH4hazj2RYsgytiwNRt6eOXPZyJzZdjrEq8gJ1gDRGwv2I0|||10|0|0
37.157.5.141200 OK 27 kB URL HTTP/2 track.adform.net/serving/unload/?version=15&unload=-5932061713061764574@@62175825,3918139576296254629,89|1010|0|0|0|0|0|0|0||153|0|||||1|0|0|3n2bZqioS0mjXuUM8tfH4hazj2RYsgytiwNRt6eOXPZyJzZdjrEq8gJ1gDRGwv2I0|||10|0|0
IP 37.157.5.141:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 734e5e3c7cd1048500be03446016cfa1
861e152e9bf6d0d07805184f4f149efa8875e17a
d6e97d9d12ff0f76542ba0d3e43fcb68d4e8d3658244ad2e05c1a92babddf7f5
POST /serving/unload/?version=15&unload=-5932061713061764574@@62175825,3918139576296254629,89|1010|0|0|0|0|0|0|0||153|0|||||1|0|0|3n2bZqioS0mjXuUM8tfH4hazj2RYsgytiwNRt6eOXPZyJzZdjrEq8gJ1gDRGwv2I0|||10|0|0 HTTP/1.1
Host: track.adform.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 0
Origin: https://www.upload.ee
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 09:56:37 GMT
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate, no-transform
pragma: no-cache
expires: -1
access-control-allow-origin: https://www.upload.ee
access-control-allow-credentials: true
access-control-allow-methods: GET, POST
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
access-control-max-age: 86400
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
dskwugy0u6y9l.cloudfront.net/hotelliveeb/images/general/1/nPEAWYJLUSat8p4TwADQ.jpg
54.230.245.217200 OK 63 kB URL HTTP/2 dskwugy0u6y9l.cloudfront.net/hotelliveeb/images/general/1/nPEAWYJLUSat8p4TwADQ.jpg
IP 54.230.245.217:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 346x198, components 3\012- data
Hash 9d39df13669f4b0a37f1ec935fcf07c1
bee556a5a2eb792bc07095365d7ce55e0f20c488
c4ae0112f49b2e7eec621163661ab594d1deab9e18f27dfe9c37f212d5292ebd
GET /hotelliveeb/images/general/1/nPEAWYJLUSat8p4TwADQ.jpg HTTP/1.1
Host: dskwugy0u6y9l.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://banner.hookusbookus.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
content-length: 62663
date: Thu, 30 Mar 2023 20:34:26 GMT
last-modified: Mon, 20 Dec 2021 05:01:37 GMT
etag: "9d39df13669f4b0a37f1ec935fcf07c1"
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: I6DXVfOw6swLGtted0HYb9fO82h1Sh8m6V-AgcJ5CkhvrCY6EUU_nQ==
age: 48136
X-Firefox-Spdy: h2
track.adform.net/serving/unload/?version=15&unload=-5932061713061764574@@62175825,3918139576296254629,89|4564|0|0|0|0|0|0|0||692|0|||||1|0|0|3n2bZqioS0mjXuUM8tfH4hazj2RYsgytiwNRt6eOXPZyJzZdjrEq8gJ1gDRGwv2I0|||00|0|0
37.157.5.141200 OK 0 B URL HTTP/2 track.adform.net/serving/unload/?version=15&unload=-5932061713061764574@@62175825,3918139576296254629,89|4564|0|0|0|0|0|0|0||692|0|||||1|0|0|3n2bZqioS0mjXuUM8tfH4hazj2RYsgytiwNRt6eOXPZyJzZdjrEq8gJ1gDRGwv2I0|||00|0|0
IP 37.157.5.141:0
POST /serving/unload/?version=15&unload=-5932061713061764574@@62175825,3918139576296254629,89|4564|0|0|0|0|0|0|0||692|0|||||1|0|0|3n2bZqioS0mjXuUM8tfH4hazj2RYsgytiwNRt6eOXPZyJzZdjrEq8gJ1gDRGwv2I0|||00|0|0 HTTP/1.1
Host: track.adform.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 0
Origin: https://www.upload.ee
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 09:56:41 GMT
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate, no-transform
pragma: no-cache
expires: -1
access-control-allow-origin: https://www.upload.ee
access-control-allow-credentials: true
access-control-allow-methods: GET, POST
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
access-control-max-age: 86400
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
banner.hookusbookus.com/assets/css/index_1000x200.css
18.196.163.104200 OK 0 B URL HTTP/2 banner.hookusbookus.com/assets/css/index_1000x200.css
IP 18.196.163.104:0
GET /assets/css/index_1000x200.css HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFyXK11fdPs3IeNfP6bzxtMQnHbv1x4o6qXW5N_td1kAcMUqF2vvQayIaz2v_SDiETohbMuxYNPMmDZk5JbFYOyJlkiyp4K9tQ5cpI-D7ah_stWWh1c9ELYUDh5DwWJWznfTHONRQaw88SQQDpRW6Jvfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-0yWHtpVkHVFlQET7TPvwGdUCqaUrLvSlabHd6Rn1_xvCgKRsK9yKf7ApdJKQrLOova5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFyXK11fdPs3IeNfP6bzxtMQnHbv1x4o6qXW5N_td1kAcMUqF2vvQayIaz2v_SDiETohbMuxYNPMmDZk5JbFYOyJlkiyp4K9tQ5cpI-D7ah_stWWh1c9ELYUDh5DwWJWznfTHONRQaw88SQQDpRW6Jvfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-0yWHtpVkHVFlQET7TPvwGdUCqaUrLvSlabHd6Rn1_xvCgKRsK9yKf7ApdJKQrLOova5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=19ca0706bf674a54a7c24ee15e7929c550dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 31 Mar 2023 09:56:35 GMT
content-type: text/css
server: nginx/1.15.12
last-modified: Fri, 17 Dec 2021 08:13:58 GMT
vary: Accept-Encoding
etag: W/"61bc46c6-1301"
content-encoding: gzip
X-Firefox-Spdy: h2
banner.hookusbookus.com/assets/image/svg/hb-logo.svg
18.196.163.104200 OK 0 B URL HTTP/2 banner.hookusbookus.com/assets/image/svg/hb-logo.svg
IP 18.196.163.104:0
GET /assets/image/svg/hb-logo.svg HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://banner.hookusbookus.com/assets/css/index_1000x200.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 31 Mar 2023 09:56:35 GMT
content-type: image/svg+xml
server: nginx/1.15.12
last-modified: Mon, 05 Jul 2021 19:56:59 GMT
vary: Accept-Encoding
etag: W/"60e3640b-3be5"
content-encoding: gzip
X-Firefox-Spdy: h2
banner-server.hookusbookus.com/package-feed?language=et_ee&utmSource=allmedia
18.196.163.104200 OK 0 B URL HTTP/2 banner-server.hookusbookus.com/package-feed?language=et_ee&utmSource=allmedia
IP 18.196.163.104:0
GET /package-feed?language=et_ee&utmSource=allmedia HTTP/1.1
Host: banner-server.hookusbookus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://banner.hookusbookus.com
Connection: keep-alive
Referer: https://banner.hookusbookus.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Fri, 31 Mar 2023 09:56:35 GMT
content-type: application/json
access-control-allow-origin: https://banner.hookusbookus.com
access-control-allow-methods: POST, PUT, GET, PATCH, OPTIONS, DELETE
access-control-max-age: 3600
access-control-allow-headers: origin, authorization, accept, content-type, x-requested-with, Pragma, Cache-Control, If-Modified-Since, X-Auth-Token, X-Client-Certificate
access-control-allow-credentials: true
access-control-expose-headers: X-Auth-Token, Content-Disposition, Content-Length
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
x-frame-options: DENY
X-Firefox-Spdy: h2
banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFyXK11fdPs3IeNfP6bzxtMQnHbv1x4o6qXW5N_td1kAcMUqF2vvQayIaz2v_SDiETohbMuxYNPMmDZk5JbFYOyJlkiyp4K9tQ5cpI-D7ah_stWWh1c9ELYUDh5DwWJWznfTHONRQaw88SQQDpRW6Jvfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-0yWHtpVkHVFlQET7TPvwGdUCqaUrLvSlabHd6Rn1_xvCgKRsK9yKf7ApdJKQrLOova5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFyXK11fdPs3IeNfP6bzxtMQnHbv1x4o6qXW5N_td1kAcMUqF2vvQayIaz2v_SDiETohbMuxYNPMmDZk5JbFYOyJlkiyp4K9tQ5cpI-D7ah_stWWh1c9ELYUDh5DwWJWznfTHONRQaw88SQQDpRW6Jvfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-0yWHtpVkHVFlQET7TPvwGdUCqaUrLvSlabHd6Rn1_xvCgKRsK9yKf7ApdJKQrLOova5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=19ca0706bf674a54a7c24ee15e7929c550dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
18.196.163.104200 OK 0 B URL HTTP/2 banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFyXK11fdPs3IeNfP6bzxtMQnHbv1x4o6qXW5N_td1kAcMUqF2vvQayIaz2v_SDiETohbMuxYNPMmDZk5JbFYOyJlkiyp4K9tQ5cpI-D7ah_stWWh1c9ELYUDh5DwWJWznfTHONRQaw88SQQDpRW6Jvfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-0yWHtpVkHVFlQET7TPvwGdUCqaUrLvSlabHd6Rn1_xvCgKRsK9yKf7ApdJKQrLOova5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFyXK11fdPs3IeNfP6bzxtMQnHbv1x4o6qXW5N_td1kAcMUqF2vvQayIaz2v_SDiETohbMuxYNPMmDZk5JbFYOyJlkiyp4K9tQ5cpI-D7ah_stWWh1c9ELYUDh5DwWJWznfTHONRQaw88SQQDpRW6Jvfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-0yWHtpVkHVFlQET7TPvwGdUCqaUrLvSlabHd6Rn1_xvCgKRsK9yKf7ApdJKQrLOova5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=19ca0706bf674a54a7c24ee15e7929c550dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
IP 18.196.163.104:0
GET /index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFyXK11fdPs3IeNfP6bzxtMQnHbv1x4o6qXW5N_td1kAcMUqF2vvQayIaz2v_SDiETohbMuxYNPMmDZk5JbFYOyJlkiyp4K9tQ5cpI-D7ah_stWWh1c9ELYUDh5DwWJWznfTHONRQaw88SQQDpRW6Jvfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-0yWHtpVkHVFlQET7TPvwGdUCqaUrLvSlabHd6Rn1_xvCgKRsK9yKf7ApdJKQrLOova5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFyXK11fdPs3IeNfP6bzxtMQnHbv1x4o6qXW5N_td1kAcMUqF2vvQayIaz2v_SDiETohbMuxYNPMmDZk5JbFYOyJlkiyp4K9tQ5cpI-D7ah_stWWh1c9ELYUDh5DwWJWznfTHONRQaw88SQQDpRW6Jvfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-0yWHtpVkHVFlQET7TPvwGdUCqaUrLvSlabHd6Rn1_xvCgKRsK9yKf7ApdJKQrLOova5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=19ca0706bf674a54a7c24ee15e7929c550dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload.ee/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 31 Mar 2023 09:56:35 GMT
content-type: text/html
server: nginx/1.15.12
last-modified: Tue, 24 Jan 2023 14:19:47 GMT
vary: Accept-Encoding
etag: W/"63cfe903-1781"
content-encoding: gzip
X-Firefox-Spdy: h2