www.upload.ee/download/15671913/b8d570247eec1d95da60/MadDuck.exe
51.91.30.159 403 B URL www.upload.ee/download/15671913/b8d570247eec1d95da60/MadDuck.exe
IP 51.91.30.159:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (403), with no line terminators
Hash 28b8f18d977984cdbf383cdb5e085f33
aeb57f64f0bed3fa07f7ae72b2857085af55a88d
7577b723a14248ae599cadc877f917678a2929cd9acd512b434b71e0fe35c7d9
GET /download/15671913/b8d570247eec1d95da60/MadDuck.exe HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Server: nginx
Date: Sat, 23 Sep 2023 19:47:36 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 403
Connection: keep-alive
Keep-Alive: timeout=5
Strict-Transport-Security: max-age=31536000
X-XSS-Protection: 1
P3P: CP="CAO PSA OUR"
www.upload.ee/download/15671913/b8d570247eec1d95da60/MadDuck.exe
51.91.30.159 403 B URL www.upload.ee/download/15671913/b8d570247eec1d95da60/MadDuck.exe
IP 51.91.30.159:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (403), with no line terminators
Hash 28b8f18d977984cdbf383cdb5e085f33
aeb57f64f0bed3fa07f7ae72b2857085af55a88d
7577b723a14248ae599cadc877f917678a2929cd9acd512b434b71e0fe35c7d9
GET /download/15671913/b8d570247eec1d95da60/MadDuck.exe HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Server: nginx
Date: Sat, 23 Sep 2023 19:47:36 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 403
Connection: keep-alive
Keep-Alive: timeout=5
Strict-Transport-Security: max-age=31536000
X-XSS-Protection: 1
P3P: CP="CAO PSA OUR"
www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error
51.91.30.159200 OK 9.0 kB URL User Request GET HTTP/1.1 www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error
IP 51.91.30.159:443
Certificate IssuerDigiCert, Inc.
Subjectwww.upload.ee
Fingerprint50:32:93:34:C8:04:2F:84:49:77:0D:C4:DD:CA:79:C9:CB:3E:C0:F4
ValidityThu, 02 Mar 2023 00:00:00 GMT - Mon, 01 Apr 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4526)
Hash c83c5fb247a099f68ba0ae7352d21dcc
ba9d8b82757782e1d4b867bb9881d5605c44a302
d431f54fbdd3a817c767688673a11edb5883260b17feb159492cef5bdd42871d
GET /files/15671913/MadDuck.exe.html?msg=sess_error HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/download/15671913/b8d570247eec1d95da60/MadDuck.exe
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 23 Sep 2023 19:47:36 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 8989
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Sat, 23 Sep 2023 22:47:36 +0300
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Strict-Transport-Security: max-age=31536000
X-XSS-Protection: 1
P3P: CP="CAO PSA OUR"
Set-Cookie: lng=eng; expires=Sat, 21-Oct-2023 19:47:36 GMT; path=/; domain=www.upload.ee; secure; httponly; SameSite=None
Content-Encoding: gzip
du0pud0sdlmzf.cloudfront.net/?dupud=997369
143.204.42.211200 OK 118 kB URL GET HTTP/2 du0pud0sdlmzf.cloudfront.net/?dupud=997369
IP 143.204.42.211:443
Requested by https://www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error
Certificate IssuerAmazon
Subject*.cloudfront.net
FingerprintBA:0F:CD:B3:EA:19:B2:9D:99:9B:51:2D:16:33:6B:D0:3F:31:A2:AB
ValidityThu, 08 Dec 2022 00:00:00 GMT - Thu, 07 Dec 2023 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (15948)
Size 118 kB (117777 bytes)
Hash 505db1d2f15fe18c51deda7a6b7867d5
977baab7e01f394ca07bdaa7fbb306479a038605
7b35aa275ead173cbc331424b719d85201cc20fedd42d7da430161f115ca3cd3
GET /?dupud=997369 HTTP/1.1
Host: du0pud0sdlmzf.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-length: 117777
date: Sat, 23 Sep 2023 19:45:20 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Hit from cloudfront
via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 71Ezkj9orp8JBC-ySUXgQgWw5Fn3zrqR0Y-hl9h_qaPLRnJJ1ls7Tg==
age: 137
X-Firefox-Spdy: h2
www.upload.ee/static/ubr__style.css
51.91.30.159200 OK 2.9 kB URL GET HTTP/1.1 www.upload.ee/static/ubr__style.css
IP 51.91.30.159:443
Requested by https://www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error
Certificate IssuerDigiCert, Inc.
Subjectwww.upload.ee
Fingerprint50:32:93:34:C8:04:2F:84:49:77:0D:C4:DD:CA:79:C9:CB:3E:C0:F4
ValidityThu, 02 Mar 2023 00:00:00 GMT - Mon, 01 Apr 2024 23:59:59 GMT
File type ASCII text, with very long lines (591), with CRLF line terminators
Hash 3ba04e290212b44bcca8f10a60a4e879
a9b021c9019bdbb28250836039b2372a1b4d0f0f
f618b1c7be10c3203620d44c6f323be5b61ac10e67588d96cb69988b3173c7d2
GET /static/ubr__style.css HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error
Cookie: lng=eng
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 23 Sep 2023 19:47:37 GMT
Content-Type: text/css
Last-Modified: Fri, 04 Oct 2013 10:02:27 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
ETag: W/"524e9233-25a0"
Expires: Sat, 30 Sep 2023 19:47:37 GMT
Cache-Control: max-age=604800
Vary: Accept-Encoding
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.131 471 B IP 142.250.74.131:0
Hash 94111c3420bb2c6a13c84437834119c2
a60b1aaa235c754b4f840e14e5c32f3bd1920d3b
9f0636387ba07be147b51285a1e30b77ad2e4e77126f1c1082775fd981b32d78
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 23 Sep 2023 19:47:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.upload.ee/js/js__file_upload.js
51.91.30.159200 OK 27 kB URL GET HTTP/1.1 www.upload.ee/js/js__file_upload.js
IP 51.91.30.159:443
Requested by https://www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error
Certificate IssuerDigiCert, Inc.
Subjectwww.upload.ee
Fingerprint50:32:93:34:C8:04:2F:84:49:77:0D:C4:DD:CA:79:C9:CB:3E:C0:F4
ValidityThu, 02 Mar 2023 00:00:00 GMT - Mon, 01 Apr 2024 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (1853)
Hash 617f6d5a2744bc8c02e3d2c67544bd68
f57c068257c8bc85644d3be1e845c36506cd4625
62a3bb4d9d2b5a55b6d821a75d7b155fac47def3c241e4f1215d17e022f02658
GET /js/js__file_upload.js HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error
Cookie: lng=eng
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 23 Sep 2023 19:47:37 GMT
Content-Type: application/javascript
Content-Length: 27351
Last-Modified: Thu, 07 May 2020 19:13:28 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "5eb45dd8-6ad7"
Expires: Sat, 30 Sep 2023 19:47:37 GMT
Cache-Control: max-age=604800
Vary: Accept-Encoding
Accept-Ranges: bytes
www.upload.ee/images/arrow.gif
51.91.30.159200 OK 59 B URL GET HTTP/1.1 www.upload.ee/images/arrow.gif
IP 51.91.30.159:443
Requested by https://www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error
Certificate IssuerDigiCert, Inc.
Subjectwww.upload.ee
Fingerprint50:32:93:34:C8:04:2F:84:49:77:0D:C4:DD:CA:79:C9:CB:3E:C0:F4
ValidityThu, 02 Mar 2023 00:00:00 GMT - Mon, 01 Apr 2024 23:59:59 GMT
File type GIF image data, version 89a, 6 x 9\012- data
Hash 6675f814b94f13f91f1383707b250e36
31452650e8fce2095613a2010799bdb7548bdd51
061d01a0b85f948c6ec464870ecec4654c4bd2ff15cacda941bbbf16225ec411
GET /images/arrow.gif HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error
Cookie: lng=eng
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 23 Sep 2023 19:47:37 GMT
Content-Type: image/gif
Content-Length: 59
Last-Modified: Sun, 14 Apr 2013 07:15:01 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "516a5775-3b"
Expires: Sat, 30 Sep 2023 19:47:37 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes
www.upload.ee/images/dl_.png
51.91.30.159200 OK 1.9 kB URL GET HTTP/1.1 www.upload.ee/images/dl_.png
IP 51.91.30.159:443
Requested by https://www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error
Certificate IssuerDigiCert, Inc.
Subjectwww.upload.ee
Fingerprint50:32:93:34:C8:04:2F:84:49:77:0D:C4:DD:CA:79:C9:CB:3E:C0:F4
ValidityThu, 02 Mar 2023 00:00:00 GMT - Mon, 01 Apr 2024 23:59:59 GMT
File type PNG image data, 154 x 32, 8-bit colormap, non-interlaced\012- data
Hash f3e8f284a4e98cdb91b6abfc142d94a4
fa9e618c2f56bea752ddd7e45a372c5539dadda9
2f13919383f54ca21e5b87f5644df8a875b99815c821dcbbabea352d854c6882
GET /images/dl_.png HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error
Cookie: lng=eng
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 23 Sep 2023 19:47:37 GMT
Content-Type: image/png
Content-Length: 1900
Last-Modified: Thu, 01 Dec 2016 09:37:27 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "583fef57-76c"
Expires: Sat, 30 Sep 2023 19:47:37 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes
www.googletagmanager.com/gtag/js?id=UA-6703115-1
142.250.74.40200 OK 52 kB URL GET HTTP/2 www.googletagmanager.com/gtag/js?id=UA-6703115-1
IP 142.250.74.40:443
Requested by https://www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint00:ED:16:68:8D:DB:14:8B:43:01:81:CA:83:9A:AE:5B:24:AB:11:18
ValidityMon, 04 Sep 2023 08:17:06 GMT - Mon, 27 Nov 2023 08:17:05 GMT
File type ASCII text, with very long lines (2213)
Hash 1114cce2a24f7ab86c4b4d6f082a442b
df95ee2e5438cb214d6c4f37f343ce8de4260703
bf96b36c85a8406094519b3cd5831bf546343ec4ac3e33072b031b34b42f7090
GET /gtag/js?id=UA-6703115-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 23 Sep 2023 19:47:37 GMT
expires: Sat, 23 Sep 2023 19:47:37 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 51717
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131 471 B IP 142.250.74.131:0
Hash 94111c3420bb2c6a13c84437834119c2
a60b1aaa235c754b4f840e14e5c32f3bd1920d3b
9f0636387ba07be147b51285a1e30b77ad2e4e77126f1c1082775fd981b32d78
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 23 Sep 2023 19:47:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
gourgoldpieceso.com/UW03WWJ+UlQqXzU5fi47PTtyGzMTPm4cOxcscRsRBTxiETQWJBEtCzVQDmBVYlsOfxI4CQpoRCIZVi0XIlAGfws/C1hkRCdQBndRZUMEbUxhS0JkU3cZRzgFbFwRKRYlAQpoVGhYA2BaZVgAbVtl
188.114.96.1204 No Content 0 B URL GET HTTP/2 gourgoldpieceso.com/UW03WWJ+UlQqXzU5fi47PTtyGzMTPm4cOxcscRsRBTxiETQWJBEtCzVQDmBVYlsOfxI4CQpoRCIZVi0XIlAGfws/C1hkRCdQBndRZUMEbUxhS0JkU3cZRzgFbFwRKRYlAQpoVGhYA2BaZVgAbVtl
IP 188.114.96.1:443
Requested by https://www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error
Certificate IssuerGoogle Trust Services LLC
Subjectgourgoldpieceso.com
Fingerprint2F:6C:A4:39:D1:55:B5:C3:E1:69:AB:2B:9A:94:A6:6C:EA:FB:0A:F9
ValidityWed, 13 Sep 2023 06:21:57 GMT - Tue, 12 Dec 2023 06:21:56 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /UW03WWJ+UlQqXzU5fi47PTtyGzMTPm4cOxcscRsRBTxiETQWJBEtCzVQDmBVYlsOfxI4CQpoRCIZVi0XIlAGfws/C1hkRCdQBndRZUMEbUxhS0JkU3cZRzgFbFwRKRYlAQpoVGhYA2BaZVgAbVtl HTTP/1.1
Host: gourgoldpieceso.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
date: Sat, 23 Sep 2023 19:47:37 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z0EQNGmWPWAUIIxbTnczWq0WuYsX1jrsszVhN%2B3HSJpOhG6YedyiFKEyEjsM0tjUqEmfb0THA7vdMa0oV90B%2BMbrRkEpfoECLt%2FNvZy51hY2f3S1E8OJvhLPe7iVrrxuUQtvRDwr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80b54cee6b5ab50f-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
gourgoldpieceso.com/MEl6MWofdhlCV2oBIFwLdTkrYCxyKB9dW3YcS0UQZgwwZzJoAFxFA1R0QwhdBHlCFxpZLUcAUhY6DlAeRTpHAExZJxxeVxY/RwBEAGdIH14WPEcATEQ5G1ZXAW8KRR5cdEsHUwV9QwleBX5PCF8
188.114.96.1204 No Content 0 B URL GET HTTP/2 gourgoldpieceso.com/MEl6MWofdhlCV2oBIFwLdTkrYCxyKB9dW3YcS0UQZgwwZzJoAFxFA1R0QwhdBHlCFxpZLUcAUhY6DlAeRTpHAExZJxxeVxY/RwBEAGdIH14WPEcATEQ5G1ZXAW8KRR5cdEsHUwV9QwleBX5PCF8
IP 188.114.96.1:443
Requested by https://www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error
Certificate IssuerGoogle Trust Services LLC
Subjectgourgoldpieceso.com
Fingerprint2F:6C:A4:39:D1:55:B5:C3:E1:69:AB:2B:9A:94:A6:6C:EA:FB:0A:F9
ValidityWed, 13 Sep 2023 06:21:57 GMT - Tue, 12 Dec 2023 06:21:56 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /MEl6MWofdhlCV2oBIFwLdTkrYCxyKB9dW3YcS0UQZgwwZzJoAFxFA1R0QwhdBHlCFxpZLUcAUhY6DlAeRTpHAExZJxxeVxY/RwBEAGdIH14WPEcATEQ5G1ZXAW8KRR5cdEsHUwV9QwleBX5PCF8 HTTP/1.1
Host: gourgoldpieceso.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
date: Sat, 23 Sep 2023 19:47:37 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hC6xz0FSzHqVqvcPXUbHLv3xM5kKSVH3qUHEsq5hU7cCgVnzHRy1EB%2B29LfrWsM1EwY5EYfL9bTPOChEPsVxIEschOxK6Ct0nyslsP6%2BManbz7B7NDE%2BQX9CytMfHfWrs2JrPzGm"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80b54cee9b85b50f-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
idohethisisathllea.com/bWVEOHMMBydVTAxYJh4GHwl5HUErQHZ+FxhVNE0XXRYgVB4XA2pbHwIQIF4BAgswFh0IEWEKNTg/E3IrOg4Jfzc5DnxeMSgpCQoXWz0CbhgPLTR8MC40dXQhOwMUUTI9IBUIRiQPEVIhLigjckIFNidsKgQmM24CCyYddDI6FTZiIjwiCm8XXjQ8YR0jNixhMhQwd3QbJCEKbEtbJnRpGiJWcHE3PlU+dAQGISdVFCswAUAdC1YCbiAEXDZbGC83AmBKFTMVDFZfJwp8Kgk3dm4CIlR1bTAqHXdpNSgzIgs1OyAHflZfIyd7ITk/dnYHOzAwQRIlKAd6CUA0PHQ2LzQBbxsXMwJyHQxWCm0hXzM1ciIaNAlSBB4tEVwfJS0ObSZeCTViIS8DHl9VBxYrVgNQDD50BwILPE41
54.230.111.91200 OK 1.2 kB URL GET HTTP/2 idohethisisathllea.com/bWVEOHMMBydVTAxYJh4GHwl5HUErQHZ+FxhVNE0XXRYgVB4XA2pbHwIQIF4BAgswFh0IEWEKNTg/E3IrOg4Jfzc5DnxeMSgpCQoXWz0CbhgPLTR8MC40dXQhOwMUUTI9IBUIRiQPEVIhLigjckIFNidsKgQmM24CCyYddDI6FTZiIjwiCm8XXjQ8YR0jNixhMhQwd3QbJCEKbEtbJnRpGiJWcHE3PlU+dAQGISdVFCswAUAdC1YCbiAEXDZbGC83AmBKFTMVDFZfJwp8Kgk3dm4CIlR1bTAqHXdpNSgzIgs1OyAHflZfIyd7ITk/dnYHOzAwQRIlKAd6CUA0PHQ2LzQBbxsXMwJyHQxWCm0hXzM1ciIaNAlSBB4tEVwfJS0ObSZeCTViIS8DHl9VBxYrVgNQDD50BwILPE41
IP 54.230.111.91:443
Requested by https://www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error
Certificate IssuerAmazon
Subjectidohethisisathllea.com
Fingerprint85:DD:DD:23:88:CB:8B:EE:0A:E8:28:AD:8D:6A:15:CA:6B:85:DA:DF
ValidityWed, 13 Sep 2023 00:00:00 GMT - Fri, 11 Oct 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3013), with no line terminators
Hash 50500bc0063e93a820faf9d1e5968f50
ac82557dce86d0e665c01d4630397bdd9f64a84e
0e2d8f089c63d656e487bf14b7d6ddefd57c22af8e63eba07e5eff8c8a125c04
GET /bWVEOHMMBydVTAxYJh4GHwl5HUErQHZ+FxhVNE0XXRYgVB4XA2pbHwIQIF4BAgswFh0IEWEKNTg/E3IrOg4Jfzc5DnxeMSgpCQoXWz0CbhgPLTR8MC40dXQhOwMUUTI9IBUIRiQPEVIhLigjckIFNidsKgQmM24CCyYddDI6FTZiIjwiCm8XXjQ8YR0jNixhMhQwd3QbJCEKbEtbJnRpGiJWcHE3PlU+dAQGISdVFCswAUAdC1YCbiAEXDZbGC83AmBKFTMVDFZfJwp8Kgk3dm4CIlR1bTAqHXdpNSgzIgs1OyAHflZfIyd7ITk/dnYHOzAwQRIlKAd6CUA0PHQ2LzQBbxsXMwJyHQxWCm0hXzM1ciIaNAlSBB4tEVwfJS0ObSZeCTViIS8DHl9VBxYrVgNQDD50BwILPE41 HTTP/1.1
Host: idohethisisathllea.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/html
content-length: 1170
date: Sat, 23 Sep 2023 19:47:37 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 8ac66e1d6983a0f44cf391b1ec3b1cce.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Qcn-iCZPfSMOu-y-EvVBDyBzxWKtwYEnDx5IkKDaMFdypfrWcAhqLA==
X-Firefox-Spdy: h2
idohethisisathllea.com/WnlmMnk7GwVfRjtEBBQMKBVbF0scXFR0HS9JFkcdagoCXhQgH0hRFTUMAlQLNRcSHBc/DUMAP2IvMGhJCRMjADYIFhV2EB9cVHQ8EhovUD4cOANVFSApJ1EVAgAwQDcwQFB6KG4XLGo0CDclUUwcACNBPBIaJFEDNS8sdCM1GiR3Eg8UDlwsMw0wfEsuOAR3KGoYHlkVCQMRBD4ZCjNoARg7PHM/LSMjYBAJLjRcLAIVHFE+CDwsXh5tMBFKDxtLM0ctEgETa0sQKwNqNy0jI2NNCEokXjcCCiRQMTI8P0orNCMOfw8PE1IHLAIRVWhLAD8DVT8xIw0fLyw4VGcOEi0OZzQgEitQDhctPAIvbTFUZA4bIQVzXzAKCVwJZzsTeTECKglwPTgqFQ
54.230.111.91200 OK 1.2 kB URL GET HTTP/2 idohethisisathllea.com/WnlmMnk7GwVfRjtEBBQMKBVbF0scXFR0HS9JFkcdagoCXhQgH0hRFTUMAlQLNRcSHBc/DUMAP2IvMGhJCRMjADYIFhV2EB9cVHQ8EhovUD4cOANVFSApJ1EVAgAwQDcwQFB6KG4XLGo0CDclUUwcACNBPBIaJFEDNS8sdCM1GiR3Eg8UDlwsMw0wfEsuOAR3KGoYHlkVCQMRBD4ZCjNoARg7PHM/LSMjYBAJLjRcLAIVHFE+CDwsXh5tMBFKDxtLM0ctEgETa0sQKwNqNy0jI2NNCEokXjcCCiRQMTI8P0orNCMOfw8PE1IHLAIRVWhLAD8DVT8xIw0fLyw4VGcOEi0OZzQgEitQDhctPAIvbTFUZA4bIQVzXzAKCVwJZzsTeTECKglwPTgqFQ
IP 54.230.111.91:443
Requested by https://www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error
Certificate IssuerAmazon
Subjectidohethisisathllea.com
Fingerprint85:DD:DD:23:88:CB:8B:EE:0A:E8:28:AD:8D:6A:15:CA:6B:85:DA:DF
ValidityWed, 13 Sep 2023 00:00:00 GMT - Fri, 11 Oct 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2998), with no line terminators
Hash 423c8d6735cf91a8a82a5dc9653b0d64
1c12622e0e591e28a509fdac6b37ac9f63e329c8
f55aa868250ec9f5a3ac9a5557c72429b050540c082387d4dfe2e2fae8a7f0db
GET /WnlmMnk7GwVfRjtEBBQMKBVbF0scXFR0HS9JFkcdagoCXhQgH0hRFTUMAlQLNRcSHBc/DUMAP2IvMGhJCRMjADYIFhV2EB9cVHQ8EhovUD4cOANVFSApJ1EVAgAwQDcwQFB6KG4XLGo0CDclUUwcACNBPBIaJFEDNS8sdCM1GiR3Eg8UDlwsMw0wfEsuOAR3KGoYHlkVCQMRBD4ZCjNoARg7PHM/LSMjYBAJLjRcLAIVHFE+CDwsXh5tMBFKDxtLM0ctEgETa0sQKwNqNy0jI2NNCEokXjcCCiRQMTI8P0orNCMOfw8PE1IHLAIRVWhLAD8DVT8xIw0fLyw4VGcOEi0OZzQgEitQDhctPAIvbTFUZA4bIQVzXzAKCVwJZzsTeTECKglwPTgqFQ HTTP/1.1
Host: idohethisisathllea.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1156
date: Sat, 23 Sep 2023 19:47:37 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 8ac66e1d6983a0f44cf391b1ec3b1cce.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: RHud0jUqrBOcZjIG0ahrrgx-OE8fWyKuE9Xr-tCy82pSE_RQPQMtRQ==
X-Firefox-Spdy: h2
idohethisisathllea.com/UHViN0YxFwFaeTFIABEzIhlfEnQWUFBxIiVFEkIiYAYGWysqE0xUKj8ABlE0PxsWGSg1AUcFAGYUU3UrAUYjfhYnEg5jPmhAI1lzGiAPUxUzHjB5CTggEX8uJAEgYwc6LSNmMBRFM1ABOzRRdCFpATRaEzM2CAMENhk7eBY3I0cFBAEgUk8HOTMsb3UJJi9PfhEXM1Q+GCQ7WQQpMDRyLGU0LF8AByUzXHMXJAEPBGIvIXsRBjwBBhAKLCcDcQEjEgYQATM0YBERPilfcjU+J3k+ATcsWBMSDSVvdQYjI2EQCiwgZncGIwVlEGM7KGUREiU4XAwyOxUaCzcyFWV3BjQ0dBFiMzVUdhYXO2IIKCQjB3MWNjtgBBMdJlQSChQ7YSIkJCcHKgdGKxEsIxoMR3szBjEAEhk5VnwM
54.230.111.91200 OK 1.2 kB URL GET HTTP/2 idohethisisathllea.com/UHViN0YxFwFaeTFIABEzIhlfEnQWUFBxIiVFEkIiYAYGWysqE0xUKj8ABlE0PxsWGSg1AUcFAGYUU3UrAUYjfhYnEg5jPmhAI1lzGiAPUxUzHjB5CTggEX8uJAEgYwc6LSNmMBRFM1ABOzRRdCFpATRaEzM2CAMENhk7eBY3I0cFBAEgUk8HOTMsb3UJJi9PfhEXM1Q+GCQ7WQQpMDRyLGU0LF8AByUzXHMXJAEPBGIvIXsRBjwBBhAKLCcDcQEjEgYQATM0YBERPilfcjU+J3k+ATcsWBMSDSVvdQYjI2EQCiwgZncGIwVlEGM7KGUREiU4XAwyOxUaCzcyFWV3BjQ0dBFiMzVUdhYXO2IIKCQjB3MWNjtgBBMdJlQSChQ7YSIkJCcHKgdGKxEsIxoMR3szBjEAEhk5VnwM
IP 54.230.111.91:443
Requested by https://www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error
Certificate IssuerAmazon
Subjectidohethisisathllea.com
Fingerprint85:DD:DD:23:88:CB:8B:EE:0A:E8:28:AD:8D:6A:15:CA:6B:85:DA:DF
ValidityWed, 13 Sep 2023 00:00:00 GMT - Fri, 11 Oct 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3015), with no line terminators
Hash aa15a4fd1bf3993398aaabb6a5d177fe
2e41389f6f277dc1b837402fc96fe4833a51871b
a6f79bda7e04df08e8b0b12c00d108545f9b7cac6e431aa951502d69068999ff
GET /UHViN0YxFwFaeTFIABEzIhlfEnQWUFBxIiVFEkIiYAYGWysqE0xUKj8ABlE0PxsWGSg1AUcFAGYUU3UrAUYjfhYnEg5jPmhAI1lzGiAPUxUzHjB5CTggEX8uJAEgYwc6LSNmMBRFM1ABOzRRdCFpATRaEzM2CAMENhk7eBY3I0cFBAEgUk8HOTMsb3UJJi9PfhEXM1Q+GCQ7WQQpMDRyLGU0LF8AByUzXHMXJAEPBGIvIXsRBjwBBhAKLCcDcQEjEgYQATM0YBERPilfcjU+J3k+ATcsWBMSDSVvdQYjI2EQCiwgZncGIwVlEGM7KGUREiU4XAwyOxUaCzcyFWV3BjQ0dBFiMzVUdhYXO2IIKCQjB3MWNjtgBBMdJlQSChQ7YSIkJCcHKgdGKxEsIxoMR3szBjEAEhk5VnwM HTTP/1.1
Host: idohethisisathllea.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1169
date: Sat, 23 Sep 2023 19:47:37 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 8ac66e1d6983a0f44cf391b1ec3b1cce.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 3Vhq28qXrRt2IUigYXojM52Dl4KX2RHg3RnegXtqAZmqMPQUr2YMkA==
X-Firefox-Spdy: h2
gourgoldpieceso.com/UXpuSXB+RQ06TR8sPA8nPAkmEzgHCzkuFCIeOSEqEC0WMRFgHUg9GTVHV3BHZUtabwA4HlN4ViIODz0FIkdfbxk/HAF0VidHX2dDZVRdfV5hXBt0QXcOHigXbEtIOQQlFlN4RmhPWnBIZU9Zf0Jo
188.114.96.1204 No Content 0 B URL GET HTTP/2 gourgoldpieceso.com/UXpuSXB+RQ06TR8sPA8nPAkmEzgHCzkuFCIeOSEqEC0WMRFgHUg9GTVHV3BHZUtabwA4HlN4ViIODz0FIkdfbxk/HAF0VidHX2dDZVRdfV5hXBt0QXcOHigXbEtIOQQlFlN4RmhPWnBIZU9Zf0Jo
IP 188.114.96.1:443
Requested by https://www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error
Certificate IssuerGoogle Trust Services LLC
Subjectgourgoldpieceso.com
Fingerprint2F:6C:A4:39:D1:55:B5:C3:E1:69:AB:2B:9A:94:A6:6C:EA:FB:0A:F9
ValidityWed, 13 Sep 2023 06:21:57 GMT - Tue, 12 Dec 2023 06:21:56 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /UXpuSXB+RQ06TR8sPA8nPAkmEzgHCzkuFCIeOSEqEC0WMRFgHUg9GTVHV3BHZUtabwA4HlN4ViIODz0FIkdfbxk/HAF0VidHX2dDZVRdfV5hXBt0QXcOHigXbEtIOQQlFlN4RmhPWnBIZU9Zf0Jo HTTP/1.1
Host: gourgoldpieceso.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
date: Sat, 23 Sep 2023 19:47:37 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VyuPwLd1KWspSephcmB2FKv4oaoSz0QvvJn7OWtXEC052Vh8H%2BG1zuZn4EQipAA8kiomtWRJrFjGmHKgAlNZzDR1%2BUTEQfihA3M9GxhNaH2GuokrtllfeX4L1y%2F65C%2BBOIK%2BvHS3"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80b54ceecbbbb50f-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=G-LT9YQX0N49&l=dataLayer&cx=c
142.250.74.40200 OK 86 kB URL GET HTTP/3 www.googletagmanager.com/gtag/js?id=G-LT9YQX0N49&l=dataLayer&cx=c
IP 142.250.74.40:443
Requested by https://www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint00:ED:16:68:8D:DB:14:8B:43:01:81:CA:83:9A:AE:5B:24:AB:11:18
ValidityMon, 04 Sep 2023 08:17:06 GMT - Mon, 27 Nov 2023 08:17:05 GMT
File type ASCII text, with very long lines (3034)
Hash 06417a8644b55269eab07f9b225e4c27
4ba09c7d4d1206c222c64c6c18a2b2cf0a5a0b23
f437ed8f97202f98e9282e8377042e291f3fc0e7fbcd1906b7df6a751fcea58e
GET /gtag/js?id=G-LT9YQX0N49&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 23 Sep 2023 19:47:37 GMT
expires: Sat, 23 Sep 2023 19:47:37 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 85870
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
www.upload.ee/favicon.ico
51.91.30.159200 OK 1.2 kB URL GET HTTP/1.1 www.upload.ee/favicon.ico
IP 51.91.30.159:443
Requested by https://www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error
Certificate IssuerDigiCert, Inc.
Subjectwww.upload.ee
Fingerprint50:32:93:34:C8:04:2F:84:49:77:0D:C4:DD:CA:79:C9:CB:3E:C0:F4
ValidityThu, 02 Mar 2023 00:00:00 GMT - Mon, 01 Apr 2024 23:59:59 GMT
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash f299cf2e651c19e48d27900ced493ccb
c2d1086d517d7a26292e0d7b32da7c55b166c23b
115c8eb4840245f7aed0cb2a17fa7e91b86f79bb2f223a25af8cc533e1dedff1
GET /favicon.ico HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error
Cookie: lng=eng
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 23 Sep 2023 19:47:37 GMT
Content-Type: image/x-icon
Content-Length: 1150
Last-Modified: Tue, 16 Dec 2008 17:17:25 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "4947e2a5-47e"
Expires: Sat, 30 Sep 2023 19:47:37 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.131 471 B IP 142.250.74.131:0
Hash a1df14e0c62a34d1aeeb45ab94638130
d3bdfb2c75f9fdc495b9662ae128e4992accc8d6
e95646a781b21b7bebac7070f1b6e5d511fb2fa24d0b24e382ecc97736e3d92a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 23 Sep 2023 19:47:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131 471 B IP 142.250.74.131:0
Hash a1df14e0c62a34d1aeeb45ab94638130
d3bdfb2c75f9fdc495b9662ae128e4992accc8d6
e95646a781b21b7bebac7070f1b6e5d511fb2fa24d0b24e382ecc97736e3d92a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 23 Sep 2023 19:47:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
idohethisisathllea.com/utx?cb=TU6XiFuBkxTs&top=www.upload.ee&tid=997369
54.230.111.91204 No Content 0 B URL GET HTTP/2 idohethisisathllea.com/utx?cb=TU6XiFuBkxTs&top=www.upload.ee&tid=997369
IP 54.230.111.91:443
Requested by https://www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error
Certificate IssuerAmazon
Subjectidohethisisathllea.com
Fingerprint85:DD:DD:23:88:CB:8B:EE:0A:E8:28:AD:8D:6A:15:CA:6B:85:DA:DF
ValidityWed, 13 Sep 2023 00:00:00 GMT - Fri, 11 Oct 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=TU6XiFuBkxTs&top=www.upload.ee&tid=997369 HTTP/1.1
Host: idohethisisathllea.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.upload.ee
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
date: Sat, 23 Sep 2023 19:47:37 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://www.upload.ee
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sat, 23 Sep 2023 19:48:37 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 8ac66e1d6983a0f44cf391b1ec3b1cce.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 7jgsBZWl5SjvpAlwqIiEES_MCL81Ex4nFPN1_9yfYoi0VDYNnB4-Hw==
X-Firefox-Spdy: h2
idohethisisathllea.com/utx?cb=zmH2OcTbG8XK&top=www.upload.ee&tid=997414
54.230.111.91204 No Content 0 B URL GET HTTP/2 idohethisisathllea.com/utx?cb=zmH2OcTbG8XK&top=www.upload.ee&tid=997414
IP 54.230.111.91:443
Requested by https://www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error
Certificate IssuerAmazon
Subjectidohethisisathllea.com
Fingerprint85:DD:DD:23:88:CB:8B:EE:0A:E8:28:AD:8D:6A:15:CA:6B:85:DA:DF
ValidityWed, 13 Sep 2023 00:00:00 GMT - Fri, 11 Oct 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=zmH2OcTbG8XK&top=www.upload.ee&tid=997414 HTTP/1.1
Host: idohethisisathllea.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.upload.ee
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
date: Sat, 23 Sep 2023 19:47:37 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://www.upload.ee
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sat, 23 Sep 2023 19:48:37 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 8ac66e1d6983a0f44cf391b1ec3b1cce.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 9EvH-zWACLMvl2hFUW3opfHUj6a7XG5KBNlRRo3P_i5ObN84ypKe_A==
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
142.250.74.109302 Found 0 B URL GET HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP 142.250.74.109:443
Requested by https://www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error
Certificate IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
Fingerprint2F:C1:71:0A:05:D9:0F:38:EF:D1:16:F7:50:AF:41:48:6B:F9:BA:B5
ValidityMon, 04 Sep 2023 08:23:30 GMT - Mon, 27 Nov 2023 08:23:29 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:DmwLWdMULrNODhTcXQIbAAMc15psCw:YPL-eSyTx3sGzqTL; Expires=Mon, 22-Sep-2025 19:47:37 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 23 Sep 2023 19:47:37 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AYZoVhfhpYrh52g8N8Zs_yOyn6d4uh99LIZre-G3sP5m4wA27UMPEi49Ze-iuMogc2UCK-jeLYHqnw
strict-transport-security: max-age=31536000; includeSubDomains
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-security-policy: script-src 'nonce-w9I8D9-ilbyCnPlw6nFg-w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: unsafe-none
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
142.250.74.109302 Found 0 B URL GET HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP 142.250.74.109:443
Requested by https://www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error
Certificate IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
Fingerprint2F:C1:71:0A:05:D9:0F:38:EF:D1:16:F7:50:AF:41:48:6B:F9:BA:B5
ValidityMon, 04 Sep 2023 08:23:30 GMT - Mon, 27 Nov 2023 08:23:29 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:pojKBAIFMgFj6wFYogy8Qjwao59Cdg:YCDFTMb_XzSz-_iz; Expires=Mon, 22-Sep-2025 19:47:37 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 23 Sep 2023 19:47:37 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AYZoVher_bAnhpZxr3L3lllYUneiDBRzCvQkzXp2k1qf2mpEDKtWV02twGZ-l1etWoqV_qEytyP_GA
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: unsafe-none
content-security-policy: require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport, script-src 'nonce-1EpEZbmuFCZFSJXjftSm0g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131 472 B IP 142.250.74.131:0
Hash 8e0560c46747530b07f20c3704aecf0c
30e8a5e5b62c28ed29ef6408f9044f2d8a911db5
e5b8c6bd88bfb832b0b14cf3e17048b546cbf82d7de8d539f8fdad12794b3cb8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 23 Sep 2023 19:47:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
du0pud0sdlmzf.cloudfront.net/UZWJXWkMGDTk8fBELM2d6XFVkbHpDCCQ1LRVfPiAPEQ05IjUjRCMgJ1hScTYiCwVqfCYLAWprZQQGNWd3QxYnNShYAyU3LhIDNT86C0QiO34IDS0zLwkDcmgFUExnf3FVSi9rckBRFX9xVQ4+NDYdR2VqO11UCGx3QFEVf3FVECF/cCRTZ2NtVUtyaHMCBz-QxLEBQEWhzVFJna3NUR2VqJQwQMjwsHUdlHHJUU3lqZRBfZg
143.204.42.211 617 B URL du0pud0sdlmzf.cloudfront.net/UZWJXWkMGDTk8fBELM2d6XFVkbHpDCCQ1LRVfPiAPEQ05IjUjRCMgJ1hScTYiCwVqfCYLAWprZQQGNWd3QxYnNShYAyU3LhIDNT86C0QiO34IDS0zLwkDcmgFUExnf3FVSi9rckBRFX9xVQ4+NDYdR2VqO11UCGx3QFEVf3FVECF/cCRTZ2NtVUtyaHMCBz-QxLEBQEWhzVFJna3NUR2VqJQwQMjwsHUdlHHJUU3lqZRBfZg
IP 143.204.42.211:0
Certificate IssuerAmazon
Subject*.cloudfront.net
FingerprintBA:0F:CD:B3:EA:19:B2:9D:99:9B:51:2D:16:33:6B:D0:3F:31:A2:AB
ValidityThu, 08 Dec 2022 00:00:00 GMT - Thu, 07 Dec 2023 23:59:59 GMT
File type ASCII text, with very long lines (873), with no line terminators
Hash 7a6bfd5449561fef83c9600357e8be37
b015c6ba4fff9033a60f7f91153f4b71ea5c0bad
d9113e822a136df0d759fb92fef105069dc99fc9d5ae048081ff2b8cf83b5043
GET /UZWJXWkMGDTk8fBELM2d6XFVkbHpDCCQ1LRVfPiAPEQ05IjUjRCMgJ1hScTYiCwVqfCYLAWprZQQGNWd3QxYnNShYAyU3LhIDNT86C0QiO34IDS0zLwkDcmgFUExnf3FVSi9rckBRFX9xVQ4+NDYdR2VqO11UCGx3QFEVf3FVECF/cCRTZ2NtVUtyaHMCBz-QxLEBQEWhzVFJna3NUR2VqJQwQMjwsHUdlHHJUU3lqZRBfZg HTTP/1.1
Host: du0pud0sdlmzf.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://idohethisisathllea.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 617
date: Sat, 23 Sep 2023 19:47:38 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Rpid0SRWko29jT1lSMtkbUylG4Jid-fCica9IA_JMPLbGE9vfIsg6w==
X-Firefox-Spdy: h2
du0pud0sdlmzf.cloudfront.net/6a1BmQ3AIPwglTx85An5JUmdSckRNOhUsHhttBTAjXAQvD0QgGkA3Cg9tVmUcCj4BflYOPgV+QU0xAiFNX3YSMx8AbQcxHQYnByEVEj5ANhFWPQk5GQc8B2ZCLWVIc1VZYE47QVp1VQFVWWAKKh4eKENxQBNoUBxGX3VVAVVZYBQ1VVgRV3NJRWBPZkJbNw-MgGwR1VAVCW2FWc0FbYUNxQA05FCYWBChDcTZaYVdtQE0lW3I
143.204.42.211 581 B URL du0pud0sdlmzf.cloudfront.net/6a1BmQ3AIPwglTx85An5JUmdSckRNOhUsHhttBTAjXAQvD0QgGkA3Cg9tVmUcCj4BflYOPgV+QU0xAiFNX3YSMx8AbQcxHQYnByEVEj5ANhFWPQk5GQc8B2ZCLWVIc1VZYE47QVp1VQFVWWAKKh4eKENxQBNoUBxGX3VVAVVZYBQ1VVgRV3NJRWBPZkJbNw-MgGwR1VAVCW2FWc0FbYUNxQA05FCYWBChDcTZaYVdtQE0lW3I
IP 143.204.42.211:0
Certificate IssuerAmazon
Subject*.cloudfront.net
FingerprintBA:0F:CD:B3:EA:19:B2:9D:99:9B:51:2D:16:33:6B:D0:3F:31:A2:AB
ValidityThu, 08 Dec 2022 00:00:00 GMT - Thu, 07 Dec 2023 23:59:59 GMT
File type ASCII text, with very long lines (806), with no line terminators
Hash f441b30ab32005483b06a45b43bde0d3
a13ee7d931febe257baa449b3b9c0305da639a07
8d99292a933c1196951710a69f2b1d07e8b29132a30f4ec6ca215a7ede8026bb
GET /6a1BmQ3AIPwglTx85An5JUmdSckRNOhUsHhttBTAjXAQvD0QgGkA3Cg9tVmUcCj4BflYOPgV+QU0xAiFNX3YSMx8AbQcxHQYnByEVEj5ANhFWPQk5GQc8B2ZCLWVIc1VZYE47QVp1VQFVWWAKKh4eKENxQBNoUBxGX3VVAVVZYBQ1VVgRV3NJRWBPZkJbNw-MgGwR1VAVCW2FWc0FbYUNxQA05FCYWBChDcTZaYVdtQE0lW3I HTTP/1.1
Host: du0pud0sdlmzf.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://idohethisisathllea.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 581
date: Sat, 23 Sep 2023 19:47:38 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: FFYjdRf95LVhCSIT8O8I9_ZEuzKizryaLAC0tR4uYfXfgFsd_8YI3A==
X-Firefox-Spdy: h2
du0pud0sdlmzf.cloudfront.net/8VVZ0SjE2ORosDiE/EHcIbGFAeglzPAclXyVrNj96HQ4nJXMRNCc5FyEsEHcBczoVJFZocBEkUmhnUitVN2tAbEQ0axklSzw6GCsUZxBBZAFwZERiSWRnUXlzcGREJlg7IwxvA2UuTHxuY2JReXNwZEQ4R3BlNXsBbHhEYxRnZhMvUj45UXh3Z2ZFegFkZk-VvA2UwHThUMzkMbwMTZ0V7H2VwAXcA
143.204.42.211 197 B URL du0pud0sdlmzf.cloudfront.net/8VVZ0SjE2ORosDiE/EHcIbGFAeglzPAclXyVrNj96HQ4nJXMRNCc5FyEsEHcBczoVJFZocBEkUmhnUitVN2tAbEQ0axklSzw6GCsUZxBBZAFwZERiSWRnUXlzcGREJlg7IwxvA2UuTHxuY2JReXNwZEQ4R3BlNXsBbHhEYxRnZhMvUj45UXh3Z2ZFegFkZk-VvA2UwHThUMzkMbwMTZ0V7H2VwAXcA
IP 143.204.42.211:0
Certificate IssuerAmazon
Subject*.cloudfront.net
FingerprintBA:0F:CD:B3:EA:19:B2:9D:99:9B:51:2D:16:33:6B:D0:3F:31:A2:AB
ValidityThu, 08 Dec 2022 00:00:00 GMT - Thu, 07 Dec 2023 23:59:59 GMT
File type ASCII text, with no line terminators
Hash e9f98a6efee1cbaea0bc7d3c750a69c9
0e6b9fff114f6583c9e7ed38bcde8fd2d47b2bf4
84c3e9093cad3d3f85572426a55606c2e214a08798202652f9e7b3a70df0197d
GET /8VVZ0SjE2ORosDiE/EHcIbGFAeglzPAclXyVrNj96HQ4nJXMRNCc5FyEsEHcBczoVJFZocBEkUmhnUitVN2tAbEQ0axklSzw6GCsUZxBBZAFwZERiSWRnUXlzcGREJlg7IwxvA2UuTHxuY2JReXNwZEQ4R3BlNXsBbHhEYxRnZhMvUj45UXh3Z2ZFegFkZk-VvA2UwHThUMzkMbwMTZ0V7H2VwAXcA HTTP/1.1
Host: du0pud0sdlmzf.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://idohethisisathllea.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 197
date: Sat, 23 Sep 2023 19:47:38 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: cOdGscg5gtDOdT2-zuVQLBRuCelp3L3CrUJp46B2N1WSPbdCbIqmhA==
X-Firefox-Spdy: h2
accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AYZoVhfhpYrh52g8N8Zs_yOyn6d4uh99LIZre-G3sP5m4wA27UMPEi49Ze-iuMogc2UCK-jeLYHqnw
142.250.74.109302 Found 398 B URL GET HTTP/2 accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AYZoVhfhpYrh52g8N8Zs_yOyn6d4uh99LIZre-G3sP5m4wA27UMPEi49Ze-iuMogc2UCK-jeLYHqnw
IP 142.250.74.109:443
Requested by https://www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error
Certificate IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
Fingerprint2F:C1:71:0A:05:D9:0F:38:EF:D1:16:F7:50:AF:41:48:6B:F9:BA:B5
ValidityMon, 04 Sep 2023 08:23:30 GMT - Mon, 27 Nov 2023 08:23:29 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (393)
Hash 82b27c61f99cbd5b8ec37203cc9fb630
7153bec9e05e7131765979cd5a6bc3657f87357a
86a3284b97ff3ea1e2cc6bbb343471bf42ad7d9ecf9072505d3857eb09464c2a
GET /InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AYZoVhfhpYrh52g8N8Zs_yOyn6d4uh99LIZre-G3sP5m4wA27UMPEi49Ze-iuMogc2UCK-jeLYHqnw HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:06MYDk_kvVF_FPRELih8OtI-cwrZtg:IjeAFNj4PG46fLdo;Path=/;Expires=Mon, 22-Sep-2025 19:47:38 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 23 Sep 2023 19:47:38 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AYZoVhemV0JmpLGHdvmrr2VoXiiRLO1WuMf1r-LrU1B-8cjtVUgpXNHNDwVvPAUGrN5KwHhzJrUQ&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S2114743945%3A1695498458050990&theme=glif
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-WKVUq3TRSwqhJGh1KkNmaw' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 398
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AYZoVher_bAnhpZxr3L3lllYUneiDBRzCvQkzXp2k1qf2mpEDKtWV02twGZ-l1etWoqV_qEytyP_GA
142.250.74.109302 Found 407 B URL GET HTTP/2 accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AYZoVher_bAnhpZxr3L3lllYUneiDBRzCvQkzXp2k1qf2mpEDKtWV02twGZ-l1etWoqV_qEytyP_GA
IP 142.250.74.109:443
Requested by https://www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error
Certificate IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
Fingerprint2F:C1:71:0A:05:D9:0F:38:EF:D1:16:F7:50:AF:41:48:6B:F9:BA:B5
ValidityMon, 04 Sep 2023 08:23:30 GMT - Mon, 27 Nov 2023 08:23:29 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (398)
Hash 781b07f2a11e0e4720c7e09014c688a2
8c3190e3998f63e072a2ba3fb173c3fc0806b2c1
0e1c2290112f2cf4c0062ce938b8dd2484c8ae9e369755970f9dffba913916e7
GET /InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AYZoVher_bAnhpZxr3L3lllYUneiDBRzCvQkzXp2k1qf2mpEDKtWV02twGZ-l1etWoqV_qEytyP_GA HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:q1dizW5Ci6FPI8MleVHeFdwYD3mT4A:gZQ0NxIvthofADzw;Path=/;Expires=Mon, 22-Sep-2025 19:47:38 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 23 Sep 2023 19:47:38 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AYZoVhdfjNjuu2iAIXBzr9FthCt5M6NSfUCI5IQq839DI5VRUwj0Ap5VVWl3cMiYiSnjK_oQoygh&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1929026816%3A1695498458204218&theme=glif
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-security-policy: script-src 'nonce-4IAmQwAMzXRy69oMcJehmQ' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 407
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
serving.bepolite.eu/script?space=50dd7b0f-4105-441f-8f60-18cc3fcb090c&type=direct&page_id=6274834&screen_width=1280&screen_height=1024&os=Linux%20x86_64&refurl=https%3A%2F%2Fwww.upload.ee%2Fdownload%2F15671913%2Fb8d570247eec1d95da60%2FMadDuck.exe&pageurl=https%3A%2F%2Fwww.upload.ee%2Ffiles%2F15671913%2FMadDuck.exe.html%3Fmsg%3Dsess_error&rnd=1695498457479
212.47.222.20 1.7 kB URL GET serving.bepolite.eu/script?space=50dd7b0f-4105-441f-8f60-18cc3fcb090c&type=direct&page_id=6274834&screen_width=1280&screen_height=1024&os=Linux%20x86_64&refurl=https%3A%2F%2Fwww.upload.ee%2Fdownload%2F15671913%2Fb8d570247eec1d95da60%2FMadDuck.exe&pageurl=https%3A%2F%2Fwww.upload.ee%2Ffiles%2F15671913%2FMadDuck.exe.html%3Fmsg%3Dsess_error&rnd=1695498457479
IP 212.47.222.20:0
ASN #3327 CITIC Telecom CPC Netherlands B.V.
Requested by https://www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error
Certificate IssuerLet's Encrypt
Subjectstatic.bepolite.eu
FingerprintB7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD
ValidityMon, 04 Sep 2023 21:06:47 GMT - Sun, 03 Dec 2023 21:06:46 GMT
File type ASCII text, with very long lines (528)
Hash 4976a2d25b7b4ab86be2d145fae7582c
6f44622ee355387d5bc22dc10e2367c9f7328f0b
93468777f4b5e173716ee36c8b0b16f7c04b0930c4559d18e45f64ea396f89d3
GET /script?space=50dd7b0f-4105-441f-8f60-18cc3fcb090c&type=direct&page_id=6274834&screen_width=1280&screen_height=1024&os=Linux%20x86_64&refurl=https%3A%2F%2Fwww.upload.ee%2Fdownload%2F15671913%2Fb8d570247eec1d95da60%2FMadDuck.exe&pageurl=https%3A%2F%2Fwww.upload.ee%2Ffiles%2F15671913%2FMadDuck.exe.html%3Fmsg%3Dsess_error&rnd=1695498457479 HTTP/1.1
Host: serving.bepolite.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
cache-control: private, must-revalidate, max-age=0
vary: accept-encoding
content-encoding: gzip
content-type: text/plain;charset=ISO-8859-1
date: Sat, 23 Sep 2023 19:47:23 GMT
set-cookie: bepolite_id=6d7a370753010be9248465ad1424dbed; Max-Age=7776000; Expires=Fri, 22-Dec-2023 19:47:23 GMT; SameSite=None; Secure
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 524682451
age: 0
accept-ranges: bytes
content-length: 1720
X-Firefox-Spdy: h2
static.bepolite.eu/scripts/saresponsive.js
212.47.222.20200 OK 177 kB URL GET HTTP/2 static.bepolite.eu/scripts/saresponsive.js
IP 212.47.222.20:443
ASN #3327 CITIC Telecom CPC Netherlands B.V.
Requested by https://www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error
Certificate IssuerLet's Encrypt
Subjectstatic.bepolite.eu
FingerprintB7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD
ValidityMon, 04 Sep 2023 21:06:47 GMT - Sun, 03 Dec 2023 21:06:46 GMT
File type ASCII text, with very long lines (32077), with CRLF line terminators
Size 177 kB (176967 bytes)
Hash 636b4ad7f97aa55c2242b396fe3e9f44
b4d6aae9e6f3de7fb4478f9ee5e12a8141bb02ba
54f7e44d9e8b65978b3753e157c4a3c9c338645fcc31429f6c49aca5e4bd1c62
GET /scripts/saresponsive.js HTTP/1.1
Host: static.bepolite.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
accept-ranges: bytes
etag: "3552162744"
last-modified: Sun, 17 Sep 2023 21:45:34 GMT
content-length: 176967
date: Sat, 23 Sep 2023 19:47:24 GMT
cache-control: must-revalidate, private
expires: -1
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 522679719
age: 0
X-Firefox-Spdy: h2
static.bepolite.eu/banners/90ac743b-5183-4800-8e6d-04f4da7f04db/index.html?click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttps%253A%252F%252Fomegalaen.ee%252F&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fstatic.bepolite.eu%2Fbanners%2F90ac743b-5183-4800-8e6d-04f4da7f04db%2Findex.html&clink=https%3A%2F%2Fomegalaen.ee%2F&banner_id=01f29e526a8840cb8c6ba9cd7a9e949950dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=400&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
212.47.222.20200 OK 74 kB URL GET HTTP/2 static.bepolite.eu/banners/90ac743b-5183-4800-8e6d-04f4da7f04db/index.html?click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttps%253A%252F%252Fomegalaen.ee%252F&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fstatic.bepolite.eu%2Fbanners%2F90ac743b-5183-4800-8e6d-04f4da7f04db%2Findex.html&clink=https%3A%2F%2Fomegalaen.ee%2F&banner_id=01f29e526a8840cb8c6ba9cd7a9e949950dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=400&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
IP 212.47.222.20:443
ASN #3327 CITIC Telecom CPC Netherlands B.V.
Requested by https://www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error
Certificate IssuerLet's Encrypt
Subjectstatic.bepolite.eu
FingerprintB7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD
ValidityMon, 04 Sep 2023 21:06:47 GMT - Sun, 03 Dec 2023 21:06:46 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (19258)
Hash bf8dfa3a7bda8d31b88de81200b8b02b
0b3678f38433c4b6273a632f509a08368dc5ad64
6a2d03a0e8e0ecd7cf62fef4a959d23c812d7be45404f382f9d045b0d0a0e2fc
GET /banners/90ac743b-5183-4800-8e6d-04f4da7f04db/index.html?click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttps%253A%252F%252Fomegalaen.ee%252F&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fstatic.bepolite.eu%2Fbanners%2F90ac743b-5183-4800-8e6d-04f4da7f04db%2Findex.html&clink=https%3A%2F%2Fomegalaen.ee%2F&banner_id=01f29e526a8840cb8c6ba9cd7a9e949950dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=400&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner HTTP/1.1
Host: static.bepolite.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: text/html
accept-ranges: bytes
etag: "1848338666"
last-modified: Tue, 05 Sep 2023 09:39:01 GMT
content-length: 74030
date: Sat, 23 Sep 2023 19:47:24 GMT
cache-control: must-revalidate, private
expires: -1
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 523289466
age: 0
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131 471 B IP 142.250.74.131:0
Hash 8fe5097b12ddbaa7731f5c6d445db349
b1d9718a7e3ead4ad6c08b3c888129ddf9ba52af
3133a3d91f11eeb170b6a3149b7cceb04228b72a222187bcc374f1fbbdbf4bd3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 23 Sep 2023 19:47:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.googleapis.com/css?family=Open+Sans:700,regular|Inter:700
216.58.207.202200 OK 1.3 kB URL GET HTTP/2 fonts.googleapis.com/css?family=Open+Sans:700,regular|Inter:700
IP 216.58.207.202:443
Requested by https://static.bepolite.eu/banners/90ac743b-5183-4800-8e6d-04f4da7f04db/index.html?click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttps%253A%252F%252Fomegalaen.ee%252F&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fstatic.bepolite.eu%2Fbanners%2F90ac743b-5183-4800-8e6d-04f4da7f04db%2Findex.html&clink=https%3A%2F%2Fomegalaen.ee%2F&banner_id=01f29e526a8840cb8c6ba9cd7a9e949950dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=400&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintBE:40:3A:A6:DE:CC:A7:8B:75:43:68:F2:F9:56:63:71:49:61:06:49
ValidityMon, 04 Sep 2023 08:23:18 GMT - Mon, 27 Nov 2023 08:23:17 GMT
File type gzip compressed data, max compression\012- data
Hash b5463010a5876ad6dcb7ada88514569b
12d6c1a0f8fcc4ad10f98ade464fec0c9aa11706
0d0390415e7fd6b891ce7baec34971bca09e71161627307b8e8ca4cad97f89d0
GET /css?family=Open+Sans:700,regular|Inter:700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://static.bepolite.eu/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 23 Sep 2023 19:47:39 GMT
date: Sat, 23 Sep 2023 19:47:39 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
static.bepolite.eu/banners/90ac743b-5183-4800-8e6d-04f4da7f04db/char.svg
212.47.222.20200 OK 12 kB URL GET HTTP/2 static.bepolite.eu/banners/90ac743b-5183-4800-8e6d-04f4da7f04db/char.svg
IP 212.47.222.20:443
ASN #3327 CITIC Telecom CPC Netherlands B.V.
Requested by https://static.bepolite.eu/banners/90ac743b-5183-4800-8e6d-04f4da7f04db/index.html?click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttps%253A%252F%252Fomegalaen.ee%252F&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fstatic.bepolite.eu%2Fbanners%2F90ac743b-5183-4800-8e6d-04f4da7f04db%2Findex.html&clink=https%3A%2F%2Fomegalaen.ee%2F&banner_id=01f29e526a8840cb8c6ba9cd7a9e949950dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=400&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerLet's Encrypt
Subjectstatic.bepolite.eu
FingerprintB7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD
ValidityMon, 04 Sep 2023 21:06:47 GMT - Sun, 03 Dec 2023 21:06:46 GMT
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (11856), with no line terminators
Hash dc6c3ed3f12f3b937849ead538b8dcea
f6663c701a70ce85f5ebb9550694f76540626aa9
bb89e5bfb7a54cc14c000fe4c79e97675bbcf726026838b229777fb235bc7acf
GET /banners/90ac743b-5183-4800-8e6d-04f4da7f04db/char.svg HTTP/1.1
Host: static.bepolite.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://static.bepolite.eu/banners/90ac743b-5183-4800-8e6d-04f4da7f04db/index.html?click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttps%253A%252F%252Fomegalaen.ee%252F&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fstatic.bepolite.eu%2Fbanners%2F90ac743b-5183-4800-8e6d-04f4da7f04db%2Findex.html&clink=https%3A%2F%2Fomegalaen.ee%2F&banner_id=01f29e526a8840cb8c6ba9cd7a9e949950dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=400&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/svg+xml
accept-ranges: bytes
etag: "3892406339"
last-modified: Tue, 05 Sep 2023 09:39:01 GMT
content-length: 11856
date: Sat, 23 Sep 2023 19:47:24 GMT
cache-control: must-revalidate, private
expires: -1
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 523264843
age: 0
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131 471 B IP 142.250.74.131:0
Hash 23ee71f34a80feec27e23d99ecada83e
62f4c8dcc03187e2bdcdfa76dc732d4eebde5cc1
429bd03ec19810ed389955d166c98e62d9850e52160fbec3dd27da2cc30200fe
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 23 Sep 2023 19:47:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
static.bepolite.eu/banners/90ac743b-5183-4800-8e6d-04f4da7f04db/Omega_Laen_Vertical_White.svg
212.47.222.20200 OK 2.3 kB URL GET HTTP/2 static.bepolite.eu/banners/90ac743b-5183-4800-8e6d-04f4da7f04db/Omega_Laen_Vertical_White.svg
IP 212.47.222.20:443
ASN #3327 CITIC Telecom CPC Netherlands B.V.
Requested by https://static.bepolite.eu/banners/90ac743b-5183-4800-8e6d-04f4da7f04db/index.html?click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttps%253A%252F%252Fomegalaen.ee%252F&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fstatic.bepolite.eu%2Fbanners%2F90ac743b-5183-4800-8e6d-04f4da7f04db%2Findex.html&clink=https%3A%2F%2Fomegalaen.ee%2F&banner_id=01f29e526a8840cb8c6ba9cd7a9e949950dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=400&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerLet's Encrypt
Subjectstatic.bepolite.eu
FingerprintB7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD
ValidityMon, 04 Sep 2023 21:06:47 GMT - Sun, 03 Dec 2023 21:06:46 GMT
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 053652d336b24bdd3dd67ab6e6964196
17f4bb55b930f590db157b2c76efe63dc46cf456
c2ffb1ae9a4ad9e762ea71c86ec4c5b7a418fef992fdb1b24e2501ec84a2b489
GET /banners/90ac743b-5183-4800-8e6d-04f4da7f04db/Omega_Laen_Vertical_White.svg HTTP/1.1
Host: static.bepolite.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://static.bepolite.eu/banners/90ac743b-5183-4800-8e6d-04f4da7f04db/index.html?click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttps%253A%252F%252Fomegalaen.ee%252F&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fstatic.bepolite.eu%2Fbanners%2F90ac743b-5183-4800-8e6d-04f4da7f04db%2Findex.html&clink=https%3A%2F%2Fomegalaen.ee%2F&banner_id=01f29e526a8840cb8c6ba9cd7a9e949950dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=400&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/svg+xml
accept-ranges: bytes
etag: "1956378409"
last-modified: Tue, 05 Sep 2023 09:39:01 GMT
content-length: 2288
date: Sat, 23 Sep 2023 19:39:37 GMT
cache-control: must-revalidate, private
expires: -1
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 522938898
age: 0
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.132.29200 OK 103 kB IP 172.64.132.29:443
Requested by https://www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint17:F9:2D:6F:B5:5E:5F:37:A6:FB:BE:61:4F:97:64:33:85:5C:3A:FB
ValidityTue, 28 Feb 2023 00:00:00 GMT - Tue, 27 Feb 2024 23:59:59 GMT
Size 103 kB (103211 bytes)
Hash eb7c9a2df719d621f944eb6d0ca4ee0f
80f8eb258b9bc882a760d24c401eb8cee6d37f0e
1a0591c695dc4a63e50405e8877d14e054297c78cee7c04878e7a333f54a10af
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
Origin: https://www.upload.ee
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 23 Sep 2023 19:47:38 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://www.upload.ee
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 5236
last-modified: Sat, 23 Sep 2023 18:20:22 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PC0lZRh3MvQvf7kOPwPWgbCssj0fVXR7N4dPnPZLcEZoo9fy3O8T2wp9nUp15N%2Ff7AMs6sIflkcNoUowBAsl51foH6i3XdHwvGqJB1de%2FPkwomERpSbqIj0m%2Fush%2Fsgt"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 80b54cf23f667792-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
216.58.207.227200 OK 48 kB URL GET HTTP/2 fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 216.58.207.227:443
Requested by https://static.bepolite.eu/banners/90ac743b-5183-4800-8e6d-04f4da7f04db/index.html?click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttps%253A%252F%252Fomegalaen.ee%252F&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fstatic.bepolite.eu%2Fbanners%2F90ac743b-5183-4800-8e6d-04f4da7f04db%2Findex.html&clink=https%3A%2F%2Fomegalaen.ee%2F&banner_id=01f29e526a8840cb8c6ba9cd7a9e949950dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=400&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint3D:35:56:30:C0:0F:0C:7F:20:BA:7D:A8:48:DB:24:1B:15:F5:48:27
ValidityMon, 04 Sep 2023 08:23:09 GMT - Mon, 27 Nov 2023 08:23:08 GMT
File type Web Open Font Format (Version 2), TrueType, length 48432, version 1.0\012- data
Hash e2d74c5e631bc53a7240bbfe4be99c8f
eb513857bb01cc4f7249067fc7e969bef415fc90
9b1b9d7cb74a9923d83f36f0026f421940b861fd6e1a51b8f79af45492ed4ed5
GET /s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://static.bepolite.eu
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48432
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 19 Sep 2023 09:00:39 GMT
expires: Wed, 18 Sep 2024 09:00:39 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 14 Sep 2023 00:40:31 GMT
content-type: font/woff2
age: 384420
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/inter/v13/UcCO3FwrK3iLTeHuS_fvQtMwCp50KnMw2boKoduKmMEVuFuYAZ9hiA.woff2
216.58.207.227200 OK 23 kB URL GET HTTP/2 fonts.gstatic.com/s/inter/v13/UcCO3FwrK3iLTeHuS_fvQtMwCp50KnMw2boKoduKmMEVuFuYAZ9hiA.woff2
IP 216.58.207.227:443
Requested by https://static.bepolite.eu/banners/90ac743b-5183-4800-8e6d-04f4da7f04db/index.html?click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttps%253A%252F%252Fomegalaen.ee%252F&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fstatic.bepolite.eu%2Fbanners%2F90ac743b-5183-4800-8e6d-04f4da7f04db%2Findex.html&clink=https%3A%2F%2Fomegalaen.ee%2F&banner_id=01f29e526a8840cb8c6ba9cd7a9e949950dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=400&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint3D:35:56:30:C0:0F:0C:7F:20:BA:7D:A8:48:DB:24:1B:15:F5:48:27
ValidityMon, 04 Sep 2023 08:23:09 GMT - Mon, 27 Nov 2023 08:23:08 GMT
File type Web Open Font Format (Version 2), TrueType, length 22904, version 1.0\012- data
Hash 2a4c97ec45ef9f6d47fb0e7cd47ae67c
4b7c2b478c629a59e8a0abee34feba0654392c66
7b43cb86a0e63bbb55376b4ea60d8cc9527a1421c367aa09962725e0c5140f5f
GET /s/inter/v13/UcCO3FwrK3iLTeHuS_fvQtMwCp50KnMw2boKoduKmMEVuFuYAZ9hiA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://static.bepolite.eu
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 22904
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 19 Sep 2023 14:09:00 GMT
expires: Wed, 18 Sep 2024 14:09:00 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 13 Sep 2023 23:50:43 GMT
content-type: font/woff2
age: 365919
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
static.bepolite.eu/banners/90ac743b-5183-4800-8e6d-04f4da7f04db/bg_1000x400.jpg
212.47.222.20200 OK 109 kB URL GET HTTP/2 static.bepolite.eu/banners/90ac743b-5183-4800-8e6d-04f4da7f04db/bg_1000x400.jpg
IP 212.47.222.20:443
ASN #3327 CITIC Telecom CPC Netherlands B.V.
Requested by https://static.bepolite.eu/banners/90ac743b-5183-4800-8e6d-04f4da7f04db/index.html?click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttps%253A%252F%252Fomegalaen.ee%252F&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fstatic.bepolite.eu%2Fbanners%2F90ac743b-5183-4800-8e6d-04f4da7f04db%2Findex.html&clink=https%3A%2F%2Fomegalaen.ee%2F&banner_id=01f29e526a8840cb8c6ba9cd7a9e949950dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=400&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerLet's Encrypt
Subjectstatic.bepolite.eu
FingerprintB7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD
ValidityMon, 04 Sep 2023 21:06:47 GMT - Sun, 03 Dec 2023 21:06:46 GMT
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1000x400, components 3\012- data
Size 109 kB (108702 bytes)
Hash f035c8d2acee30514370298cec419134
20c2db7309634a6ab09d4eed83b16fef64ef5697
e617333cb73e167526505fe1c592ced7c933bc6aa7db36102cd9fa503093f096
GET /banners/90ac743b-5183-4800-8e6d-04f4da7f04db/bg_1000x400.jpg HTTP/1.1
Host: static.bepolite.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://static.bepolite.eu/banners/90ac743b-5183-4800-8e6d-04f4da7f04db/index.html?click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttps%253A%252F%252Fomegalaen.ee%252F&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fstatic.bepolite.eu%2Fbanners%2F90ac743b-5183-4800-8e6d-04f4da7f04db%2Findex.html&clink=https%3A%2F%2Fomegalaen.ee%2F&banner_id=01f29e526a8840cb8c6ba9cd7a9e949950dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=400&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
accept-ranges: bytes
etag: "1343496848"
last-modified: Tue, 05 Sep 2023 09:39:01 GMT
content-length: 108702
date: Sat, 23 Sep 2023 19:47:24 GMT
cache-control: must-revalidate, private
expires: -1
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 524458677
age: 0
X-Firefox-Spdy: h2
fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
216.58.207.227200 OK 48 kB URL GET HTTP/2 fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 216.58.207.227:443
Requested by https://static.bepolite.eu/banners/90ac743b-5183-4800-8e6d-04f4da7f04db/index.html?click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttps%253A%252F%252Fomegalaen.ee%252F&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fstatic.bepolite.eu%2Fbanners%2F90ac743b-5183-4800-8e6d-04f4da7f04db%2Findex.html&clink=https%3A%2F%2Fomegalaen.ee%2F&banner_id=01f29e526a8840cb8c6ba9cd7a9e949950dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=400&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint3D:35:56:30:C0:0F:0C:7F:20:BA:7D:A8:48:DB:24:1B:15:F5:48:27
ValidityMon, 04 Sep 2023 08:23:09 GMT - Mon, 27 Nov 2023 08:23:08 GMT
File type Web Open Font Format (Version 2), TrueType, length 48432, version 1.0\012- data
Hash e2d74c5e631bc53a7240bbfe4be99c8f
eb513857bb01cc4f7249067fc7e969bef415fc90
9b1b9d7cb74a9923d83f36f0026f421940b861fd6e1a51b8f79af45492ed4ed5
GET /s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://static.bepolite.eu
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48432
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 19 Sep 2023 09:00:39 GMT
expires: Wed, 18 Sep 2024 09:00:39 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 14 Sep 2023 00:40:31 GMT
content-type: font/woff2
age: 384420
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131 471 B IP 142.250.74.131:0
Hash 2a9cb3694beef11368f7284821163a4d
32d723fad91ccd0c154e5d7e489266cfe596aa61
08cd4f8a916cab4a520c51bd519209ebe87f4898f10d1f1c968bce537c4d3916
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 23 Sep 2023 19:47:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
static.bepolite.eu/files/close-gray.png
212.47.222.20200 OK 1.5 kB URL GET HTTP/2 static.bepolite.eu/files/close-gray.png
IP 212.47.222.20:443
ASN #3327 CITIC Telecom CPC Netherlands B.V.
Requested by https://www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error
Certificate IssuerLet's Encrypt
Subjectstatic.bepolite.eu
FingerprintB7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD
ValidityMon, 04 Sep 2023 21:06:47 GMT - Sun, 03 Dec 2023 21:06:46 GMT
File type PNG image data, 35 x 35, 8-bit/color RGBA, non-interlaced\012- data
Hash 41d9676ab94bece3f7a549b4769ddbe2
521f14490fc57fea51e2e5bf00e2299dce51561b
c2f89787bda82263fceb9ec11d398fa83a5f22abf248956df29bdee2987d2f34
GET /files/close-gray.png HTTP/1.1
Host: static.bepolite.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/png
accept-ranges: bytes
etag: "801691811"
last-modified: Fri, 08 Apr 2022 18:07:56 GMT
content-length: 1497
date: Sat, 23 Sep 2023 19:47:25 GMT
cache-control: must-revalidate, private
expires: -1
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 521216068
age: 0
X-Firefox-Spdy: h2
serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3JlPJ1VfLis6pbW1aO9OkxxUm1HDKtuVtvHK3LBSF3v1oIeY-_03kO4NJakXTWeUra5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g
212.47.222.20200 OK 0 B URL GET HTTP/2 serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3JlPJ1VfLis6pbW1aO9OkxxUm1HDKtuVtvHK3LBSF3v1oIeY-_03kO4NJakXTWeUra5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g
IP 212.47.222.20:443
ASN #3327 CITIC Telecom CPC Netherlands B.V.
Requested by https://www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error
Certificate IssuerLet's Encrypt
Subjectstatic.bepolite.eu
FingerprintB7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD
ValidityMon, 04 Sep 2023 21:06:47 GMT - Sun, 03 Dec 2023 21:06:46 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /event?key=FYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3JlPJ1VfLis6pbW1aO9OkxxUm1HDKtuVtvHK3LBSF3v1oIeY-_03kO4NJakXTWeUra5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g HTTP/1.1
Host: serving.bepolite.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Cookie: bepolite_id=6d7a370753010be9248465ad1424dbed
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 0
date: Sat, 23 Sep 2023 19:47:24 GMT
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 524458701
age: 0
accept-ranges: bytes
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.132.29200 OK 102 kB IP 172.64.132.29:443
Requested by https://www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint17:F9:2D:6F:B5:5E:5F:37:A6:FB:BE:61:4F:97:64:33:85:5C:3A:FB
ValidityTue, 28 Feb 2023 00:00:00 GMT - Tue, 27 Feb 2024 23:59:59 GMT
Size 102 kB (102400 bytes)
Hash 4c6426ac7ef186464ecbb0d81cbfcb1e
5a6918eebd9d635e8f632e3ef34e3792b1b5ec13
f627ca4c2c322f15db26152df306bd4f983f0146409b81a4341b9b340c365a16
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
Origin: https://www.upload.ee
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 23 Sep 2023 19:47:38 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://www.upload.ee
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 5236
last-modified: Sat, 23 Sep 2023 18:20:22 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=owkOJSYrzGICNkap2ULU6hvDZZCx0DFtRU72aRdXcsH4cHvyVsLt87ixoA4zl3i7jChSD8EC86jyNvjseGaqlmkJDya3JmpKODWPVYq543P10jWLXuIuI8nqwKVcKT7O"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 80b54cf21f357792-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3JlPJ1VfLis6pbW1aO9OkxxUm1HDKtuVtvHK3LBSF3v1oIeY-_03kO4NJakXTWeUra5hY8OvOxWaQQS9P0iYfnPQFkqynusZJvi-LzBjp4mA
212.47.222.20200 OK 0 B URL GET HTTP/2 serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3JlPJ1VfLis6pbW1aO9OkxxUm1HDKtuVtvHK3LBSF3v1oIeY-_03kO4NJakXTWeUra5hY8OvOxWaQQS9P0iYfnPQFkqynusZJvi-LzBjp4mA
IP 212.47.222.20:443
ASN #3327 CITIC Telecom CPC Netherlands B.V.
Requested by https://www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error
Certificate IssuerLet's Encrypt
Subjectstatic.bepolite.eu
FingerprintB7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD
ValidityMon, 04 Sep 2023 21:06:47 GMT - Sun, 03 Dec 2023 21:06:46 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /event?key=FYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3JlPJ1VfLis6pbW1aO9OkxxUm1HDKtuVtvHK3LBSF3v1oIeY-_03kO4NJakXTWeUra5hY8OvOxWaQQS9P0iYfnPQFkqynusZJvi-LzBjp4mA HTTP/1.1
Host: serving.bepolite.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Cookie: bepolite_id=6d7a370753010be9248465ad1424dbed
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 0
date: Sat, 23 Sep 2023 19:47:26 GMT
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 523578068
age: 0
accept-ranges: bytes
X-Firefox-Spdy: h2
serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnPQFkqynusZJvi-LzBjp4mA
212.47.222.20200 OK 0 B URL GET HTTP/2 serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnPQFkqynusZJvi-LzBjp4mA
IP 212.47.222.20:443
ASN #3327 CITIC Telecom CPC Netherlands B.V.
Requested by https://www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error
Certificate IssuerLet's Encrypt
Subjectstatic.bepolite.eu
FingerprintB7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD
ValidityMon, 04 Sep 2023 21:06:47 GMT - Sun, 03 Dec 2023 21:06:46 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /event?key=FYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnPQFkqynusZJvi-LzBjp4mA HTTP/1.1
Host: serving.bepolite.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Cookie: bepolite_id=6d7a370753010be9248465ad1424dbed
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 0
date: Sat, 23 Sep 2023 19:47:26 GMT
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 523786715
age: 0
accept-ranges: bytes
X-Firefox-Spdy: h2
serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g
212.47.222.20200 OK 0 B URL GET HTTP/2 serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g
IP 212.47.222.20:443
ASN #3327 CITIC Telecom CPC Netherlands B.V.
Requested by https://www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error
Certificate IssuerLet's Encrypt
Subjectstatic.bepolite.eu
FingerprintB7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD
ValidityMon, 04 Sep 2023 21:06:47 GMT - Sun, 03 Dec 2023 21:06:46 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /event?key=FYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g HTTP/1.1
Host: serving.bepolite.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Cookie: bepolite_id=6d7a370753010be9248465ad1424dbed
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-length: 0
date: Sat, 23 Sep 2023 19:47:24 GMT
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 524361011
age: 0
accept-ranges: bytes
X-Firefox-Spdy: h2
static.bepolite.eu/banners/90ac743b-5183-4800-8e6d-04f4da7f04db/arrows.svg
212.47.222.20200 OK 811 B URL GET HTTP/2 static.bepolite.eu/banners/90ac743b-5183-4800-8e6d-04f4da7f04db/arrows.svg
IP 212.47.222.20:443
ASN #3327 CITIC Telecom CPC Netherlands B.V.
Requested by https://static.bepolite.eu/banners/90ac743b-5183-4800-8e6d-04f4da7f04db/index.html?click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttps%253A%252F%252Fomegalaen.ee%252F&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fstatic.bepolite.eu%2Fbanners%2F90ac743b-5183-4800-8e6d-04f4da7f04db%2Findex.html&clink=https%3A%2F%2Fomegalaen.ee%2F&banner_id=01f29e526a8840cb8c6ba9cd7a9e949950dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=400&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerLet's Encrypt
Subjectstatic.bepolite.eu
FingerprintB7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD
ValidityMon, 04 Sep 2023 21:06:47 GMT - Sun, 03 Dec 2023 21:06:46 GMT
File type SVG Scalable Vector Graphics image\012- XML document text\012- HTML document, ASCII text, with very long lines (843), with no line terminators
Hash 7bd33541948f2c22822e66a34c541c4b
f4872ffb542f4c30dc15fcd54c8c21de184b40f5
d5a23a1b5287eda22529d7665e13a46a26322908ba69ed7d9edadd28c3fa96f0
GET /banners/90ac743b-5183-4800-8e6d-04f4da7f04db/arrows.svg HTTP/1.1
Host: static.bepolite.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://static.bepolite.eu/banners/90ac743b-5183-4800-8e6d-04f4da7f04db/index.html?click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttps%253A%252F%252Fomegalaen.ee%252F&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fstatic.bepolite.eu%2Fbanners%2F90ac743b-5183-4800-8e6d-04f4da7f04db%2Findex.html&clink=https%3A%2F%2Fomegalaen.ee%2F&banner_id=01f29e526a8840cb8c6ba9cd7a9e949950dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=400&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/svg+xml
accept-ranges: bytes
etag: "4252441424"
last-modified: Tue, 05 Sep 2023 09:39:01 GMT
content-length: 811
date: Sat, 23 Sep 2023 19:47:04 GMT
cache-control: must-revalidate, private
expires: -1
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 523092204
age: 0
X-Firefox-Spdy: h2
gourgoldpieceso.com/popunder.gif
188.114.96.1200 OK 35 B URL GET HTTP/3 gourgoldpieceso.com/popunder.gif
IP 188.114.96.1:443
Requested by https://www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error
Certificate IssuerGoogle Trust Services LLC
Subjectgourgoldpieceso.com
Fingerprint2F:6C:A4:39:D1:55:B5:C3:E1:69:AB:2B:9A:94:A6:6C:EA:FB:0A:F9
ValidityWed, 13 Sep 2023 06:21:57 GMT - Tue, 12 Dec 2023 06:21:56 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
GET /popunder.gif HTTP/1.1
Host: gourgoldpieceso.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 23 Sep 2023 19:47:37 GMT
content-type: image/gif
access-control-allow-origin: *
pragma: public
cache-control: public, max-age=604800, immutable
cf-cache-status: HIT
age: 12162
last-modified: Sat, 23 Sep 2023 16:24:55 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Fla6xi1M2GD27pLo3CGEfvJ%2BsxUcIWeL0KodK1RGJVp0BIJxRO00BrIh2thxcXxpsxBIs0JGdggQ3A1u%2BsJeps7hwAsK0wDSyz61R9DIciuAWzNcglja0KY1k4d9MTCwAmKlDXFn"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 80b54cf1cf11b512-OSL
alt-svc: h3=":443"; ma=86400
pogothere.xyz/
172.64.132.29200 OK 27 B IP 172.64.132.29:443
Requested by https://www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint17:F9:2D:6F:B5:5E:5F:37:A6:FB:BE:61:4F:97:64:33:85:5C:3A:FB
ValidityTue, 28 Feb 2023 00:00:00 GMT - Tue, 27 Feb 2024 23:59:59 GMT
File type ASCII text, with no line terminators
Hash c6d64e8a337d6e148cf37b0c58c10e28
1ffcdd8ce5cfc540bdb6b47d8135947161f6dc69
9aa4bd64de0272a5287a6166fd42172769a11fb64b9f6e879310f00e1a820ea0
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
Origin: https://www.upload.ee
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 23 Sep 2023 19:47:38 GMT
content-type: text/plain
set-cookie: csu=1009692590656639@1@1695498458; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://www.upload.ee
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KgbNkHRcw0kGWZPd4u3%2BTChBMN4sq4zje2JP442Xt69TVkp72Ctz%2B5qiDlPlr9iDKVrJRrRS8I0xQx4%2B1LFI7OKv8IV6eU8Pl%2B%2B3voQQAEFmILwiCDAjEH1T2zxQdFgY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80b54cf22f497792-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/
172.64.132.29200 OK 26 B IP 172.64.132.29:443
Requested by https://www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint17:F9:2D:6F:B5:5E:5F:37:A6:FB:BE:61:4F:97:64:33:85:5C:3A:FB
ValidityTue, 28 Feb 2023 00:00:00 GMT - Tue, 27 Feb 2024 23:59:59 GMT
File type ASCII text, with no line terminators
Hash eada80cd984ead5a31d689922af75965
af6fde03ffa568b477c297c4c32aa59b521bbb04
33cd3f9cbca59e126157198e0d957105c44fd1f69b1fe59817bc741fa8f0af27
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
Origin: https://www.upload.ee
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 23 Sep 2023 19:47:38 GMT
content-type: text/plain
set-cookie: csu=958161715269030@1@1695498458; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://www.upload.ee
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CviQ30WTn%2F7EYVNabWJA0pTEvPDHiYdcKr7%2F4MEXrTFfyDIUuJCbSBI16TRq1oZafaaYA%2BJQvrbM9sUGvLly11Xoa6qC%2BsCFQZCu5hu5oItHb4TT92j4fs7J3%2B9lIj9P"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80b54cf21f307792-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AYZoVhdfjNjuu2iAIXBzr9FthCt5M6NSfUCI5IQq839DI5VRUwj0Ap5VVWl3cMiYiSnjK_oQoygh&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1929026816%3A1695498458204218&theme=glif
142.250.74.109403 Forbidden 0 B URL GET HTTP/3 accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AYZoVhdfjNjuu2iAIXBzr9FthCt5M6NSfUCI5IQq839DI5VRUwj0Ap5VVWl3cMiYiSnjK_oQoygh&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1929026816%3A1695498458204218&theme=glif
IP 142.250.74.109:443
Requested by https://www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
FingerprintBB:B9:27:FB:7D:F3:A7:1A:57:CC:23:F8:42:E9:10:BE:59:7E:1F:D4
ValidityMon, 04 Sep 2023 08:17:06 GMT - Mon, 27 Nov 2023 08:17:05 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AYZoVhdfjNjuu2iAIXBzr9FthCt5M6NSfUCI5IQq839DI5VRUwj0Ap5VVWl3cMiYiSnjK_oQoygh&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1929026816%3A1695498458204218&theme=glif HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 23 Sep 2023 19:47:38 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
content-security-policy: script-src 'nonce-7ULxO-WgF10AAHnotxfNaQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
s.ocdn.ee/scripts/ads.js
172.67.72.48200 OK 502 B IP 172.67.72.48:443
Requested by https://static.bepolite.eu/banners/90ac743b-5183-4800-8e6d-04f4da7f04db/index.html?click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttps%253A%252F%252Fomegalaen.ee%252F&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fstatic.bepolite.eu%2Fbanners%2F90ac743b-5183-4800-8e6d-04f4da7f04db%2Findex.html&clink=https%3A%2F%2Fomegalaen.ee%2F&banner_id=01f29e526a8840cb8c6ba9cd7a9e949950dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=400&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint3B:7A:83:10:43:05:3D:7B:69:D4:84:4A:8D:D5:0C:82:00:95:97:E4
ValidityTue, 28 Feb 2023 00:00:00 GMT - Tue, 27 Feb 2024 23:59:59 GMT
File type ASCII text, with very long lines (512), with no line terminators
Hash 378127e361bb204d03673d57c5692fef
e9d8b368054d1aaffb9410263d1d9e4e12751628
fbc90cbd893b4c2d98ec547728e504077636da3f92a4304fb108322242f4cef7
GET /scripts/ads.js HTTP/1.1
Host: s.ocdn.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://static.bepolite.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 23 Sep 2023 19:47:39 GMT
content-type: application/javascript
cache-control: public, max-age=15552000
cf-bgj: minify
cf-polished: origSize=569
etag: W/"b2b3cc89ce80d41:0"
last-modified: Tue, 20 Nov 2018 12:42:46 GMT
x-cacheable: YES
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 9782687
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LrTMDGGOOZC4GQ2N%2BvYrhXwX6bbvbmrz5YZYgVFNWgUHDn3gwdje4cnlKTUouhKnOAjTn5%2FVvlb%2FPTOikKL04gllV7fLutLiKWuCkPwJSVwUYD52RVUTo9dq4A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 80b54cfaea0cb51b-OSL
content-encoding: br
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AYZoVhemV0JmpLGHdvmrr2VoXiiRLO1WuMf1r-LrU1B-8cjtVUgpXNHNDwVvPAUGrN5KwHhzJrUQ&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S2114743945%3A1695498458050990&theme=glif
142.250.74.109403 Forbidden 0 B URL GET HTTP/3 accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AYZoVhemV0JmpLGHdvmrr2VoXiiRLO1WuMf1r-LrU1B-8cjtVUgpXNHNDwVvPAUGrN5KwHhzJrUQ&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S2114743945%3A1695498458050990&theme=glif
IP 142.250.74.109:443
Requested by https://www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
FingerprintBB:B9:27:FB:7D:F3:A7:1A:57:CC:23:F8:42:E9:10:BE:59:7E:1F:D4
ValidityMon, 04 Sep 2023 08:17:06 GMT - Mon, 27 Nov 2023 08:17:05 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AYZoVhemV0JmpLGHdvmrr2VoXiiRLO1WuMf1r-LrU1B-8cjtVUgpXNHNDwVvPAUGrN5KwHhzJrUQ&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S2114743945%3A1695498458050990&theme=glif HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 23 Sep 2023 19:47:38 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-VpQwUC4hlh5uD6hDb0BQGQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000