www.upload.ee/download/15707493/9aba123b3d0b1d92249d/svhosts.exe
51.91.30.159 403 B URL www.upload.ee/download/15707493/9aba123b3d0b1d92249d/svhosts.exe
IP 51.91.30.159:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (403), with no line terminators
Hash 7716d0cc6f59acf5ea5a7053eb3e3981
1f3c86df25f71ebce58dc32d1b15db277f1111b3
2b74ff87a83ec7adf3766c526adb1ca38f00c27ee1cb0642d179642a777b372a
GET /download/15707493/9aba123b3d0b1d92249d/svhosts.exe HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Server: nginx
Date: Thu, 21 Sep 2023 00:15:11 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 403
Connection: keep-alive
Keep-Alive: timeout=5
Strict-Transport-Security: max-age=31536000
X-XSS-Protection: 1
P3P: CP="CAO PSA OUR"
www.upload.ee/download/15707493/9aba123b3d0b1d92249d/svhosts.exe
51.91.30.159 403 B URL www.upload.ee/download/15707493/9aba123b3d0b1d92249d/svhosts.exe
IP 51.91.30.159:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (403), with no line terminators
Hash 7716d0cc6f59acf5ea5a7053eb3e3981
1f3c86df25f71ebce58dc32d1b15db277f1111b3
2b74ff87a83ec7adf3766c526adb1ca38f00c27ee1cb0642d179642a777b372a
GET /download/15707493/9aba123b3d0b1d92249d/svhosts.exe HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Server: nginx
Date: Thu, 21 Sep 2023 00:15:12 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 403
Connection: keep-alive
Keep-Alive: timeout=5
Strict-Transport-Security: max-age=31536000
X-XSS-Protection: 1
P3P: CP="CAO PSA OUR"
www.upload.ee/files/15707493/svhosts.exe.html?msg=sess_error
51.91.30.159200 OK 9.0 kB URL User Request GET HTTP/1.1 www.upload.ee/files/15707493/svhosts.exe.html?msg=sess_error
IP 51.91.30.159:443
Certificate IssuerDigiCert, Inc.
Subjectwww.upload.ee
Fingerprint50:32:93:34:C8:04:2F:84:49:77:0D:C4:DD:CA:79:C9:CB:3E:C0:F4
ValidityThu, 02 Mar 2023 00:00:00 GMT - Mon, 01 Apr 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4526)
Hash 5a520b7e6e03f5f340a61a6ee86a9186
4fd50ba3626b9bb2fb01531e37dcc8ddb7a4f2ee
35fae91ac12f65946a39817687eba1a1f5751be19286f93f8e8f9281292de70f
GET /files/15707493/svhosts.exe.html?msg=sess_error HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/download/15707493/9aba123b3d0b1d92249d/svhosts.exe
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 21 Sep 2023 00:15:12 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 8984
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Thu, 21 Sep 2023 03:15:12 +0300
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Strict-Transport-Security: max-age=31536000
X-XSS-Protection: 1
P3P: CP="CAO PSA OUR"
Set-Cookie: lng=eng; expires=Thu, 19-Oct-2023 00:15:12 GMT; path=/; domain=www.upload.ee; secure; httponly; SameSite=None
Content-Encoding: gzip
du0pud0sdlmzf.cloudfront.net/?dupud=997369
143.204.42.89200 OK 118 kB URL GET HTTP/2 du0pud0sdlmzf.cloudfront.net/?dupud=997369
IP 143.204.42.89:443
Requested by https://www.upload.ee/files/15707493/svhosts.exe.html?msg=sess_error
Certificate IssuerAmazon
Subject*.cloudfront.net
FingerprintBA:0F:CD:B3:EA:19:B2:9D:99:9B:51:2D:16:33:6B:D0:3F:31:A2:AB
ValidityThu, 08 Dec 2022 00:00:00 GMT - Thu, 07 Dec 2023 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (15948)
Size 118 kB (117725 bytes)
Hash 5bb40dbcb26b37ac0d4a444354ce9036
4f3dec3a333e89c916f89a5d9c6696a68d0af6f3
3b29f54acc89aa17b28ce643325c33f4d3a78553ca8fcfe41f13894ba987d7c5
GET /?dupud=997369 HTTP/1.1
Host: du0pud0sdlmzf.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-length: 117725
date: Thu, 21 Sep 2023 00:01:56 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Hit from cloudfront
via: 1.1 410f51195842d9b592b15d6588c36654.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 1BxcJgH0H6cpRhBLqsKMutyxbM1VvqSOXJQZdAnMn4ZUtdswWrY3hg==
age: 796
X-Firefox-Spdy: h2
www.upload.ee/static/ubr__style.css
51.91.30.159200 OK 2.9 kB URL GET HTTP/1.1 www.upload.ee/static/ubr__style.css
IP 51.91.30.159:443
Requested by https://www.upload.ee/files/15707493/svhosts.exe.html?msg=sess_error
Certificate IssuerDigiCert, Inc.
Subjectwww.upload.ee
Fingerprint50:32:93:34:C8:04:2F:84:49:77:0D:C4:DD:CA:79:C9:CB:3E:C0:F4
ValidityThu, 02 Mar 2023 00:00:00 GMT - Mon, 01 Apr 2024 23:59:59 GMT
File type ASCII text, with very long lines (591), with CRLF line terminators
Hash 3ba04e290212b44bcca8f10a60a4e879
a9b021c9019bdbb28250836039b2372a1b4d0f0f
f618b1c7be10c3203620d44c6f323be5b61ac10e67588d96cb69988b3173c7d2
GET /static/ubr__style.css HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/files/15707493/svhosts.exe.html?msg=sess_error
Cookie: lng=eng
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 21 Sep 2023 00:15:12 GMT
Content-Type: text/css
Last-Modified: Fri, 04 Oct 2013 10:02:27 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
ETag: W/"524e9233-25a0"
Expires: Thu, 28 Sep 2023 00:15:12 GMT
Cache-Control: max-age=604800
Vary: Accept-Encoding
Content-Encoding: gzip
www.upload.ee/js/js__file_upload.js
51.91.30.159200 OK 27 kB URL GET HTTP/1.1 www.upload.ee/js/js__file_upload.js
IP 51.91.30.159:443
Requested by https://www.upload.ee/files/15707493/svhosts.exe.html?msg=sess_error
Certificate IssuerDigiCert, Inc.
Subjectwww.upload.ee
Fingerprint50:32:93:34:C8:04:2F:84:49:77:0D:C4:DD:CA:79:C9:CB:3E:C0:F4
ValidityThu, 02 Mar 2023 00:00:00 GMT - Mon, 01 Apr 2024 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (1853)
Hash 617f6d5a2744bc8c02e3d2c67544bd68
f57c068257c8bc85644d3be1e845c36506cd4625
62a3bb4d9d2b5a55b6d821a75d7b155fac47def3c241e4f1215d17e022f02658
GET /js/js__file_upload.js HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/files/15707493/svhosts.exe.html?msg=sess_error
Cookie: lng=eng
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 21 Sep 2023 00:15:12 GMT
Content-Type: application/javascript
Content-Length: 27351
Last-Modified: Thu, 07 May 2020 19:13:28 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "5eb45dd8-6ad7"
Expires: Thu, 28 Sep 2023 00:15:12 GMT
Cache-Control: max-age=604800
Vary: Accept-Encoding
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.67 472 B IP 142.250.74.67:0
Hash c26db5b7e67796d07f5743c47aac1d8d
15ae6c46df2af330a26d64166a9df72d038b16cb
f0f73451176c560f54ad1174073e4dbaa6697a11c6a5fdf3ccfe67ab4b93011d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 21 Sep 2023 00:15:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.upload.ee/images/dl_.png
51.91.30.159200 OK 1.9 kB URL GET HTTP/1.1 www.upload.ee/images/dl_.png
IP 51.91.30.159:443
Requested by https://www.upload.ee/files/15707493/svhosts.exe.html?msg=sess_error
Certificate IssuerDigiCert, Inc.
Subjectwww.upload.ee
Fingerprint50:32:93:34:C8:04:2F:84:49:77:0D:C4:DD:CA:79:C9:CB:3E:C0:F4
ValidityThu, 02 Mar 2023 00:00:00 GMT - Mon, 01 Apr 2024 23:59:59 GMT
File type PNG image data, 154 x 32, 8-bit colormap, non-interlaced\012- data
Hash f3e8f284a4e98cdb91b6abfc142d94a4
fa9e618c2f56bea752ddd7e45a372c5539dadda9
2f13919383f54ca21e5b87f5644df8a875b99815c821dcbbabea352d854c6882
GET /images/dl_.png HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/files/15707493/svhosts.exe.html?msg=sess_error
Cookie: lng=eng
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 21 Sep 2023 00:15:12 GMT
Content-Type: image/png
Content-Length: 1900
Last-Modified: Thu, 01 Dec 2016 09:37:27 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "583fef57-76c"
Expires: Thu, 28 Sep 2023 00:15:12 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes
www.upload.ee/images/arrow.gif
51.91.30.159200 OK 59 B URL GET HTTP/1.1 www.upload.ee/images/arrow.gif
IP 51.91.30.159:443
Requested by https://www.upload.ee/files/15707493/svhosts.exe.html?msg=sess_error
Certificate IssuerDigiCert, Inc.
Subjectwww.upload.ee
Fingerprint50:32:93:34:C8:04:2F:84:49:77:0D:C4:DD:CA:79:C9:CB:3E:C0:F4
ValidityThu, 02 Mar 2023 00:00:00 GMT - Mon, 01 Apr 2024 23:59:59 GMT
File type GIF image data, version 89a, 6 x 9\012- data
Hash 6675f814b94f13f91f1383707b250e36
31452650e8fce2095613a2010799bdb7548bdd51
061d01a0b85f948c6ec464870ecec4654c4bd2ff15cacda941bbbf16225ec411
GET /images/arrow.gif HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/files/15707493/svhosts.exe.html?msg=sess_error
Cookie: lng=eng
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 21 Sep 2023 00:15:12 GMT
Content-Type: image/gif
Content-Length: 59
Last-Modified: Sun, 14 Apr 2013 07:15:01 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "516a5775-3b"
Expires: Thu, 28 Sep 2023 00:15:12 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes
www.googletagmanager.com/gtag/js?id=UA-6703115-1
142.250.74.136200 OK 52 kB URL GET HTTP/2 www.googletagmanager.com/gtag/js?id=UA-6703115-1
IP 142.250.74.136:443
Requested by https://www.upload.ee/files/15707493/svhosts.exe.html?msg=sess_error
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintE6:F7:82:C1:10:AC:08:76:A1:97:70:B7:56:B7:EF:92:30:BA:1E:12
ValidityMon, 14 Aug 2023 08:16:28 GMT - Mon, 06 Nov 2023 08:16:27 GMT
File type ASCII text, with very long lines (2213)
Hash b1efed051d2f3f8a49416743ac530811
4edc090ad8e4ba582338323768f2fcaffc8e190d
d519742b62b87c21f84b9985fdb646c5af443e0d1198ea27349b74b9dfdfa75f
GET /gtag/js?id=UA-6703115-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 21 Sep 2023 00:15:12 GMT
expires: Thu, 21 Sep 2023 00:15:12 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 51545
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.67 472 B IP 142.250.74.67:0
Hash c26db5b7e67796d07f5743c47aac1d8d
15ae6c46df2af330a26d64166a9df72d038b16cb
f0f73451176c560f54ad1174073e4dbaa6697a11c6a5fdf3ccfe67ab4b93011d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 21 Sep 2023 00:15:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
oldpiecesontheth.com/aHo4c2VHRVsAWDwXYis/WA4BJTIqHF07UDsjCUpQDBYNFDAgQh4HDAxHAUpSW0wBVRUBHgVCQxsOWQcQG0cJVQwGHFdOQx5HCV1WXFQLR0tYXE1OVE4OSBICVUseAxEcFgVCU1FPCkZQW0sLQ1Fc
188.114.97.1204 No Content 0 B URL GET HTTP/2 oldpiecesontheth.com/aHo4c2VHRVsAWDwXYis/WA4BJTIqHF07UDsjCUpQDBYNFDAgQh4HDAxHAUpSW0wBVRUBHgVCQxsOWQcQG0cJVQwGHFdOQx5HCV1WXFQLR0tYXE1OVE4OSBICVUseAxEcFgVCU1FPCkZQW0sLQ1Fc
IP 188.114.97.1:443
Requested by https://www.upload.ee/files/15707493/svhosts.exe.html?msg=sess_error
Certificate IssuerGoogle Trust Services LLC
Subjectoldpiecesontheth.com
Fingerprint4F:41:E6:37:24:5A:21:1C:F2:BC:AA:9E:1C:59:ED:CF:BD:CC:29:68
ValidityWed, 13 Sep 2023 06:26:19 GMT - Tue, 12 Dec 2023 06:26:18 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /aHo4c2VHRVsAWDwXYis/WA4BJTIqHF07UDsjCUpQDBYNFDAgQh4HDAxHAUpSW0wBVRUBHgVCQxsOWQcQG0cJVQwGHFdOQx5HCV1WXFQLR0tYXE1OVE4OSBICVUseAxEcFgVCU1FPCkZQW0sLQ1Fc HTTP/1.1
Host: oldpiecesontheth.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
date: Thu, 21 Sep 2023 00:15:12 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QB7026sY9knwgTB5UpdFAMaAHXV6lEdgUDKr4VZGga6o4ViyrlXYoLe0EYWLfZM02%2FLlrQToC0dae0gG9xSR%2BMAlXpJTAQdBc%2FPOpl%2FhBDIU0EOR2OCPTIGvRDd%2BrXllnkphbuJgrw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 809e1cc96ffb56a4-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
oldpiecesontheth.com/T1FMOTRgbi9KCR0JHgpQIht0aGF2FhlXZgwAGW9lKwQ0fmUjFGpNXStsdQADe2F0H0QmNXEIDGkiOFhAOiJxCBImPypWCWkncQgaf39+FwBpJHEIEjshLV4Jfnc8TUAjbH0PDXpjeQwHfmJ8AQQ
188.114.97.1204 No Content 0 B URL GET HTTP/2 oldpiecesontheth.com/T1FMOTRgbi9KCR0JHgpQIht0aGF2FhlXZgwAGW9lKwQ0fmUjFGpNXStsdQADe2F0H0QmNXEIDGkiOFhAOiJxCBImPypWCWkncQgaf39+FwBpJHEIEjshLV4Jfnc8TUAjbH0PDXpjeQwHfmJ8AQQ
IP 188.114.97.1:443
Requested by https://www.upload.ee/files/15707493/svhosts.exe.html?msg=sess_error
Certificate IssuerGoogle Trust Services LLC
Subjectoldpiecesontheth.com
Fingerprint4F:41:E6:37:24:5A:21:1C:F2:BC:AA:9E:1C:59:ED:CF:BD:CC:29:68
ValidityWed, 13 Sep 2023 06:26:19 GMT - Tue, 12 Dec 2023 06:26:18 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /T1FMOTRgbi9KCR0JHgpQIht0aGF2FhlXZgwAGW9lKwQ0fmUjFGpNXStsdQADe2F0H0QmNXEIDGkiOFhAOiJxCBImPypWCWkncQgaf39+FwBpJHEIEjshLV4Jfnc8TUAjbH0PDXpjeQwHfmJ8AQQ HTTP/1.1
Host: oldpiecesontheth.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
date: Thu, 21 Sep 2023 00:15:13 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gByrR149Be%2BbIvkp6%2FGBX3xCG5jOk9G6Z9N58FdtN99vACcfpbwNURpeRDSOipYurqZG5jA4p6BHJvpMa8%2BU5Lcp81fKufEUHsffZJff13vefXoy6f8TcTdEsiKZsI2ExMv9ugFGAQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 809e1cc9880f56a4-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=G-LT9YQX0N49&l=dataLayer&cx=c
142.250.74.136200 OK 86 kB URL GET HTTP/3 www.googletagmanager.com/gtag/js?id=G-LT9YQX0N49&l=dataLayer&cx=c
IP 142.250.74.136:443
Requested by https://www.upload.ee/files/15707493/svhosts.exe.html?msg=sess_error
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintE6:F7:82:C1:10:AC:08:76:A1:97:70:B7:56:B7:EF:92:30:BA:1E:12
ValidityMon, 14 Aug 2023 08:16:28 GMT - Mon, 06 Nov 2023 08:16:27 GMT
File type ASCII text, with very long lines (3034)
Hash 8ad8749dfb25d00690d2c9b375c71e42
96dca5f8378e3c123b198eb4eb98177644f2bdb5
a8a00f064a4c687028c3a3a7392d354920229a21ebc686533d533f543fb53c6b
GET /gtag/js?id=G-LT9YQX0N49&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 21 Sep 2023 00:15:12 GMT
expires: Thu, 21 Sep 2023 00:15:12 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 85606
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
nanrumandbac.com/RDRqRDAlVgkpDyUJCGJFNlhXYQICEVgCVDEEGjFUdEcOKF0+UkQnXCtBDiJCK1oeal4hQE92diZlWg5HEV47I3wWAFoHSidGLAMIClEEEnQedVsoewV5UxNaChFYAnYWck92dgJOKz12AXFYBnEFWzwQQxN3IhZxC2cwCmksfRwNSHAFKRNlKnwAAXonWTsWfihuT3ZyIFgzKWIHQxoQZH1gIBBxBmRbdEUOZSh0YRd+T3Z2DGBbC3stAAkJSAJMKAFmfHYtHkcVfBoJUyp6PB1oHlkJAXFhBigcY3QHKQxTA1cQNHkecx51VChiAiBdHkM7B3IHbgQBSB1DOHJSARkoc3UcchMCSiBsIQcBEm0iDkgnXywtcgx+ExVoJ3MJPWEefSwBXAhlAndyI2IQFWcJVQl2YQJWHREWLkcFKkB5USkPZDZ2LDFFAkQQJUgQTA
65.9.55.88200 OK 1.2 kB URL GET HTTP/2 nanrumandbac.com/RDRqRDAlVgkpDyUJCGJFNlhXYQICEVgCVDEEGjFUdEcOKF0+UkQnXCtBDiJCK1oeal4hQE92diZlWg5HEV47I3wWAFoHSidGLAMIClEEEnQedVsoewV5UxNaChFYAnYWck92dgJOKz12AXFYBnEFWzwQQxN3IhZxC2cwCmksfRwNSHAFKRNlKnwAAXonWTsWfihuT3ZyIFgzKWIHQxoQZH1gIBBxBmRbdEUOZSh0YRd+T3Z2DGBbC3stAAkJSAJMKAFmfHYtHkcVfBoJUyp6PB1oHlkJAXFhBigcY3QHKQxTA1cQNHkecx51VChiAiBdHkM7B3IHbgQBSB1DOHJSARkoc3UcchMCSiBsIQcBEm0iDkgnXywtcgx+ExVoJ3MJPWEefSwBXAhlAndyI2IQFWcJVQl2YQJWHREWLkcFKkB5USkPZDZ2LDFFAkQQJUgQTA
IP 65.9.55.88:443
Requested by https://www.upload.ee/files/15707493/svhosts.exe.html?msg=sess_error
Certificate IssuerAmazon
Subjectnanrumandbac.com
FingerprintB9:07:AE:0C:C3:B4:7D:64:13:E1:A6:C7:EB:25:99:0F:9E:6D:43:A2
ValidityWed, 13 Sep 2023 00:00:00 GMT - Fri, 11 Oct 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3029), with no line terminators
Hash b85029029d5d6835121ce2eaee99403c
a098e137e4c0f42138224ac75e9935bc3c06ddca
cc851df1f88e75256dfcfaceaa2eb45fe935929be272642d1d972cd384767438
GET /RDRqRDAlVgkpDyUJCGJFNlhXYQICEVgCVDEEGjFUdEcOKF0+UkQnXCtBDiJCK1oeal4hQE92diZlWg5HEV47I3wWAFoHSidGLAMIClEEEnQedVsoewV5UxNaChFYAnYWck92dgJOKz12AXFYBnEFWzwQQxN3IhZxC2cwCmksfRwNSHAFKRNlKnwAAXonWTsWfihuT3ZyIFgzKWIHQxoQZH1gIBBxBmRbdEUOZSh0YRd+T3Z2DGBbC3stAAkJSAJMKAFmfHYtHkcVfBoJUyp6PB1oHlkJAXFhBigcY3QHKQxTA1cQNHkecx51VChiAiBdHkM7B3IHbgQBSB1DOHJSARkoc3UcchMCSiBsIQcBEm0iDkgnXywtcgx+ExVoJ3MJPWEefSwBXAhlAndyI2IQFWcJVQl2YQJWHREWLkcFKkB5USkPZDZ2LDFFAkQQJUgQTA HTTP/1.1
Host: nanrumandbac.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/html
content-length: 1184
date: Thu, 21 Sep 2023 00:15:12 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 f13ebb34b9ca74b5ffe9e85709c21a7c.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: TYwTkuUcDNjKMApxTxMTRL4lvVg5svkCEKKf205aBMLKLnrYNgVHDg==
X-Firefox-Spdy: h2
nanrumandbac.com/eFlnM3cZOwReSBlkBRUCCjVaFkU+fFV1Ew1pF0YTSCoDXxoCP0lQGxcsA1UFFzcTHRkdLUIBMQAUV1caGg0LYjw5PitxHBssJl82ORoJcSQgCCJlOyoMJGVHNm8pciEQDDZLIzBoX3c6DxAEa0YiMSJbExwdCVc2OQ8PVz4+LStrMUgyMAIAHgwOfjItGFdlOh89NmUxD2AjRDEuDAp5IjMuEFcTSBcBcCULfFV1IUkuBHI2Lh0/RBseFQBULikLPQIhEAwlcSUQCDBhADkbMn0ROwwiSyZJbFNyGRw/NkQcGQALYRMgNT5YMykQBHImPgw/YhA8PVYeExwaJWlGLj4TYiYrECZyHD0OA2A1GxomeQcuMhN+MxYAQVkEFzcXDiUQAQV4Qgo/V0cTCT8C
65.9.55.88200 OK 1.2 kB URL GET HTTP/2 nanrumandbac.com/eFlnM3cZOwReSBlkBRUCCjVaFkU+fFV1Ew1pF0YTSCoDXxoCP0lQGxcsA1UFFzcTHRkdLUIBMQAUV1caGg0LYjw5PitxHBssJl82ORoJcSQgCCJlOyoMJGVHNm8pciEQDDZLIzBoX3c6DxAEa0YiMSJbExwdCVc2OQ8PVz4+LStrMUgyMAIAHgwOfjItGFdlOh89NmUxD2AjRDEuDAp5IjMuEFcTSBcBcCULfFV1IUkuBHI2Lh0/RBseFQBULikLPQIhEAwlcSUQCDBhADkbMn0ROwwiSyZJbFNyGRw/NkQcGQALYRMgNT5YMykQBHImPgw/YhA8PVYeExwaJWlGLj4TYiYrECZyHD0OA2A1GxomeQcuMhN+MxYAQVkEFzcXDiUQAQV4Qgo/V0cTCT8C
IP 65.9.55.88:443
Requested by https://www.upload.ee/files/15707493/svhosts.exe.html?msg=sess_error
Certificate IssuerAmazon
Subjectnanrumandbac.com
FingerprintB9:07:AE:0C:C3:B4:7D:64:13:E1:A6:C7:EB:25:99:0F:9E:6D:43:A2
ValidityWed, 13 Sep 2023 00:00:00 GMT - Fri, 11 Oct 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3003), with no line terminators
Hash b8de0f730f2e3b4917b31b2174750118
3ececf9add87da7ed65c3998be4a03bc9e6d155a
bda82c754e24db5b2bd2b2db966ebec24a283297b7a66b3810d159baf8447ad9
GET /eFlnM3cZOwReSBlkBRUCCjVaFkU+fFV1Ew1pF0YTSCoDXxoCP0lQGxcsA1UFFzcTHRkdLUIBMQAUV1caGg0LYjw5PitxHBssJl82ORoJcSQgCCJlOyoMJGVHNm8pciEQDDZLIzBoX3c6DxAEa0YiMSJbExwdCVc2OQ8PVz4+LStrMUgyMAIAHgwOfjItGFdlOh89NmUxD2AjRDEuDAp5IjMuEFcTSBcBcCULfFV1IUkuBHI2Lh0/RBseFQBULikLPQIhEAwlcSUQCDBhADkbMn0ROwwiSyZJbFNyGRw/NkQcGQALYRMgNT5YMykQBHImPgw/YhA8PVYeExwaJWlGLj4TYiYrECZyHD0OA2A1GxomeQcuMhN+MxYAQVkEFzcXDiUQAQV4Qgo/V0cTCT8C HTTP/1.1
Host: nanrumandbac.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1155
date: Thu, 21 Sep 2023 00:15:12 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 f13ebb34b9ca74b5ffe9e85709c21a7c.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: QjCrW-E6EsUIKtklNeGUoyijf4SgDtKl83YkPmCcW1lTlvTFJQnEug==
X-Firefox-Spdy: h2
oldpiecesontheth.com/dVRSMFlaazFDZBZmY30DMhIVZgEZDAQAKRExY3oKJ2UqFWszDBRbfwE9Ng1gTGNmAW1TJDtUZERyIUQ4ASEhDWhTPTxWNkhyJA1oW2dmHmpBemIWLEhldEQpFDNvAX8FICZcZERiawVrQGFhAWpEZGM
188.114.97.1204 No Content 0 B URL GET HTTP/2 oldpiecesontheth.com/dVRSMFlaazFDZBZmY30DMhIVZgEZDAQAKRExY3oKJ2UqFWszDBRbfwE9Ng1gTGNmAW1TJDtUZERyIUQ4ASEhDWhTPTxWNkhyJA1oW2dmHmpBemIWLEhldEQpFDNvAX8FICZcZERiawVrQGFhAWpEZGM
IP 188.114.97.1:443
Requested by https://www.upload.ee/files/15707493/svhosts.exe.html?msg=sess_error
Certificate IssuerGoogle Trust Services LLC
Subjectoldpiecesontheth.com
Fingerprint4F:41:E6:37:24:5A:21:1C:F2:BC:AA:9E:1C:59:ED:CF:BD:CC:29:68
ValidityWed, 13 Sep 2023 06:26:19 GMT - Tue, 12 Dec 2023 06:26:18 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /dVRSMFlaazFDZBZmY30DMhIVZgEZDAQAKRExY3oKJ2UqFWszDBRbfwE9Ng1gTGNmAW1TJDtUZERyIUQ4ASEhDWhTPTxWNkhyJA1oW2dmHmpBemIWLEhldEQpFDNvAX8FICZcZERiawVrQGFhAWpEZGM HTTP/1.1
Host: oldpiecesontheth.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
date: Thu, 21 Sep 2023 00:15:13 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nevwhR01eFcZbsQfBTzJmeiR7UKr9HRzWeeT79Cd2VrSYnHjNQiZaGoa2bBokOC4Wepr7omk04Lak0tND8WSQ6P4eMKi47aQ5uq5f5VvmQk2fZktsvhuzs7hTWZSYmACJz6Cmp6K4w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 809e1cc9c82b56a4-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
nanrumandbac.com/c2lHT0USCyQiehJUJWkwAQV6anc1THUJIQZZNzohQxojIygJD2ksKRwcIyk3HAczYSsWHWJ9A0o/ET8rFwUCfQsiAhYtLDYTBn8xHAsAfhEhWxE1CDE4HR88JQcGNQQSLAUCCzseLyEOMDhzKzw2DgZ/MRsKPRYCNC0dICMyIB4CKBsbFh0mQid1KxEmKhIjCyIRCx8BOlEBHiZLOQMsBDEHJCgKQgYlHyxLEwQ3KgQKACgtIlp+IyNCPwAqFkIbESMLGi90dhMhA3d3CzEgCCsCFxgPf3AdKio3ESZbDhcjQj8ABjw9THUJEzcNIBUSPSMVIS0ECAFiJiEnAxY9MC8JJQBBAR8ddzUFJn4hOw0AKzQyO38lCDceDgsrIQcPCR87MA87NCI4CTwfMk8tPCodGXorAzgsDiUsKls1DAs
65.9.55.88200 OK 1.2 kB URL GET HTTP/2 nanrumandbac.com/c2lHT0USCyQiehJUJWkwAQV6anc1THUJIQZZNzohQxojIygJD2ksKRwcIyk3HAczYSsWHWJ9A0o/ET8rFwUCfQsiAhYtLDYTBn8xHAsAfhEhWxE1CDE4HR88JQcGNQQSLAUCCzseLyEOMDhzKzw2DgZ/MRsKPRYCNC0dICMyIB4CKBsbFh0mQid1KxEmKhIjCyIRCx8BOlEBHiZLOQMsBDEHJCgKQgYlHyxLEwQ3KgQKACgtIlp+IyNCPwAqFkIbESMLGi90dhMhA3d3CzEgCCsCFxgPf3AdKio3ESZbDhcjQj8ABjw9THUJEzcNIBUSPSMVIS0ECAFiJiEnAxY9MC8JJQBBAR8ddzUFJn4hOw0AKzQyO38lCDceDgsrIQcPCR87MA87NCI4CTwfMk8tPCodGXorAzgsDiUsKls1DAs
IP 65.9.55.88:443
Requested by https://www.upload.ee/files/15707493/svhosts.exe.html?msg=sess_error
Certificate IssuerAmazon
Subjectnanrumandbac.com
FingerprintB9:07:AE:0C:C3:B4:7D:64:13:E1:A6:C7:EB:25:99:0F:9E:6D:43:A2
ValidityWed, 13 Sep 2023 00:00:00 GMT - Fri, 11 Oct 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3020), with no line terminators
Hash ffcc509b415044608e53cf502bf1d0b9
b30ed8ad642df5e36e281605857e2a3890ce0466
5f1a70d797cad1625f7a209cb66f4006f11a6533292736be8834d1ba1a3dcb1a
GET /c2lHT0USCyQiehJUJWkwAQV6anc1THUJIQZZNzohQxojIygJD2ksKRwcIyk3HAczYSsWHWJ9A0o/ET8rFwUCfQsiAhYtLDYTBn8xHAsAfhEhWxE1CDE4HR88JQcGNQQSLAUCCzseLyEOMDhzKzw2DgZ/MRsKPRYCNC0dICMyIB4CKBsbFh0mQid1KxEmKhIjCyIRCx8BOlEBHiZLOQMsBDEHJCgKQgYlHyxLEwQ3KgQKACgtIlp+IyNCPwAqFkIbESMLGi90dhMhA3d3CzEgCCsCFxgPf3AdKio3ESZbDhcjQj8ABjw9THUJEzcNIBUSPSMVIS0ECAFiJiEnAxY9MC8JJQBBAR8ddzUFJn4hOw0AKzQyO38lCDceDgsrIQcPCR87MA87NCI4CTwfMk8tPCodGXorAzgsDiUsKls1DAs HTTP/1.1
Host: nanrumandbac.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1174
date: Thu, 21 Sep 2023 00:15:12 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 f13ebb34b9ca74b5ffe9e85709c21a7c.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: H_xv7I-dGpTK-knNwWfYL5fEDQshn1JtwWJHdhyWYWX-uHUF7aXliw==
X-Firefox-Spdy: h2
www.upload.ee/favicon.ico
51.91.30.159200 OK 1.2 kB URL GET HTTP/1.1 www.upload.ee/favicon.ico
IP 51.91.30.159:443
Requested by https://www.upload.ee/files/15707493/svhosts.exe.html?msg=sess_error
Certificate IssuerDigiCert, Inc.
Subjectwww.upload.ee
Fingerprint50:32:93:34:C8:04:2F:84:49:77:0D:C4:DD:CA:79:C9:CB:3E:C0:F4
ValidityThu, 02 Mar 2023 00:00:00 GMT - Mon, 01 Apr 2024 23:59:59 GMT
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash f299cf2e651c19e48d27900ced493ccb
c2d1086d517d7a26292e0d7b32da7c55b166c23b
115c8eb4840245f7aed0cb2a17fa7e91b86f79bb2f223a25af8cc533e1dedff1
GET /favicon.ico HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/files/15707493/svhosts.exe.html?msg=sess_error
Cookie: lng=eng; _ga_LT9YQX0N49=GS1.1.1695255313.1.0.1695255313.0.0.0; _ga=GA1.1.990986906.1695255313
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 21 Sep 2023 00:15:13 GMT
Content-Type: image/x-icon
Content-Length: 1150
Last-Modified: Tue, 16 Dec 2008 17:17:25 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "4947e2a5-47e"
Expires: Thu, 28 Sep 2023 00:15:13 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.67 472 B IP 142.250.74.67:0
Hash 487f1d046e864ae0325b8961694955a4
5022a5b43b580729bc1fd4acc89af4e521926028
21d1f63f35fb16e01693d444e21456b1634e14443bf2300cf0fa35b479adbfdc
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 21 Sep 2023 00:15:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.67 472 B IP 142.250.74.67:0
Hash 487f1d046e864ae0325b8961694955a4
5022a5b43b580729bc1fd4acc89af4e521926028
21d1f63f35fb16e01693d444e21456b1634e14443bf2300cf0fa35b479adbfdc
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 21 Sep 2023 00:15:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
142.250.74.109302 Found 0 B URL GET HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP 142.250.74.109:443
Requested by https://www.upload.ee/files/15707493/svhosts.exe.html?msg=sess_error
Certificate IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
Fingerprint75:5C:17:06:78:FB:DD:37:D1:56:96:14:FC:26:4B:66:26:5F:D9:9D
ValidityMon, 14 Aug 2023 08:23:05 GMT - Mon, 06 Nov 2023 08:23:04 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:QkNCjBw6WlR6xd1dHIvFQNComVx65w:JPvRWl1azkRy4qa8; Expires=Sat, 20-Sep-2025 00:15:13 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 21 Sep 2023 00:15:13 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AYZoVhfHrKJNgg65BWn99Q86-vN3jwZB168UulYBCQMV664lj3q5xPIFJokWZK01vtCxRmin6GOwpQ
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport, script-src 'nonce-GlkNbuLLbaJSWMeLCOCNJw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
nanrumandbac.com/utx?cb=pvBbfH2Wjsac&top=www.upload.ee&tid=997369
65.9.55.88204 No Content 0 B URL GET HTTP/2 nanrumandbac.com/utx?cb=pvBbfH2Wjsac&top=www.upload.ee&tid=997369
IP 65.9.55.88:443
Requested by https://www.upload.ee/files/15707493/svhosts.exe.html?msg=sess_error
Certificate IssuerAmazon
Subjectnanrumandbac.com
FingerprintB9:07:AE:0C:C3:B4:7D:64:13:E1:A6:C7:EB:25:99:0F:9E:6D:43:A2
ValidityWed, 13 Sep 2023 00:00:00 GMT - Fri, 11 Oct 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=pvBbfH2Wjsac&top=www.upload.ee&tid=997369 HTTP/1.1
Host: nanrumandbac.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.upload.ee
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
date: Thu, 21 Sep 2023 00:15:13 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://www.upload.ee
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Thu, 21 Sep 2023 00:16:13 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 f13ebb34b9ca74b5ffe9e85709c21a7c.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: pT6JOv0dT5WgxjFMg9gdxvV9LWbZCaMZ8uFDBFJCyJm0I3ddPzOMXg==
X-Firefox-Spdy: h2
nanrumandbac.com/utx?cb=fNwtoxmWcWSO&top=www.upload.ee&tid=997414
65.9.55.88204 No Content 0 B URL GET HTTP/2 nanrumandbac.com/utx?cb=fNwtoxmWcWSO&top=www.upload.ee&tid=997414
IP 65.9.55.88:443
Requested by https://www.upload.ee/files/15707493/svhosts.exe.html?msg=sess_error
Certificate IssuerAmazon
Subjectnanrumandbac.com
FingerprintB9:07:AE:0C:C3:B4:7D:64:13:E1:A6:C7:EB:25:99:0F:9E:6D:43:A2
ValidityWed, 13 Sep 2023 00:00:00 GMT - Fri, 11 Oct 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=fNwtoxmWcWSO&top=www.upload.ee&tid=997414 HTTP/1.1
Host: nanrumandbac.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.upload.ee
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
date: Thu, 21 Sep 2023 00:15:13 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://www.upload.ee
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Thu, 21 Sep 2023 00:16:13 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 f13ebb34b9ca74b5ffe9e85709c21a7c.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: waG-qbCxbb8amRmXlZvcVQfzxCUqMNtu6R0bOtZ8sVaEWmMlRSKX2g==
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
142.250.74.109302 Found 0 B URL GET HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP 142.250.74.109:443
Requested by https://www.upload.ee/files/15707493/svhosts.exe.html?msg=sess_error
Certificate IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
Fingerprint75:5C:17:06:78:FB:DD:37:D1:56:96:14:FC:26:4B:66:26:5F:D9:9D
ValidityMon, 14 Aug 2023 08:23:05 GMT - Mon, 06 Nov 2023 08:23:04 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:S4gpwRMOQelhCDBIAS3CYR-qgXUL0g:xnBjCOL-lnHndeO_; Expires=Sat, 20-Sep-2025 00:15:13 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 21 Sep 2023 00:15:13 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AYZoVhcNGTnd51g73mHWfkTXHwzbPS95XbZYcKQ_O5N6oV-MTZ87gKub6q0ykps63nA2JfqW_SQeKg
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport, script-src 'nonce-AMZLieSmzbgM2dsRnx19Zw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist
cross-origin-resource-policy: cross-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: unsafe-none
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.67 471 B IP 142.250.74.67:0
Hash 5da314537eb4a5181bfb3d594de065ad
fda976c69522ba08bd38005d39f4c2f562b71f03
9a27d59a008ae4eb9062998c5472c59c2946b02f3adaf4cd2141a0153219809c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 21 Sep 2023 00:15:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AYZoVhfHrKJNgg65BWn99Q86-vN3jwZB168UulYBCQMV664lj3q5xPIFJokWZK01vtCxRmin6GOwpQ
142.250.74.109302 Found 403 B URL GET HTTP/2 accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AYZoVhfHrKJNgg65BWn99Q86-vN3jwZB168UulYBCQMV664lj3q5xPIFJokWZK01vtCxRmin6GOwpQ
IP 142.250.74.109:443
Requested by https://www.upload.ee/files/15707493/svhosts.exe.html?msg=sess_error
Certificate IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
Fingerprint75:5C:17:06:78:FB:DD:37:D1:56:96:14:FC:26:4B:66:26:5F:D9:9D
ValidityMon, 14 Aug 2023 08:23:05 GMT - Mon, 06 Nov 2023 08:23:04 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (394)
Hash dc1fcd1bb11d72c3872814fb59b481af
67d4d6ada6df0cca8e06a30557d6f17fee7fc098
17fd6c2aa691815f3d1cdae3a0780c4089b5bffb201f77e76f2a8f9a8d1d32b7
GET /InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AYZoVhfHrKJNgg65BWn99Q86-vN3jwZB168UulYBCQMV664lj3q5xPIFJokWZK01vtCxRmin6GOwpQ HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:hsDwmuTe2ELsVUFtcnADcVAra1y-kQ:xLbIrXuvSGlBPChk;Path=/;Expires=Sat, 20-Sep-2025 00:15:13 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 21 Sep 2023 00:15:13 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AYZoVhdJk8dGcPD-l1fcZ12_c_Q891dt5k-sp5WTW_Eo3FV9UGwGg9832FEFTfwlxuUqgkyIH_-cYQ&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S453008692%3A1695255313417983&theme=glif
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-YfQxBW_U_cQRGk6vujwQAQ' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 403
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AYZoVhcNGTnd51g73mHWfkTXHwzbPS95XbZYcKQ_O5N6oV-MTZ87gKub6q0ykps63nA2JfqW_SQeKg
142.250.74.109302 Found 408 B URL GET HTTP/2 accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AYZoVhcNGTnd51g73mHWfkTXHwzbPS95XbZYcKQ_O5N6oV-MTZ87gKub6q0ykps63nA2JfqW_SQeKg
IP 142.250.74.109:443
Requested by https://www.upload.ee/files/15707493/svhosts.exe.html?msg=sess_error
Certificate IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
Fingerprint75:5C:17:06:78:FB:DD:37:D1:56:96:14:FC:26:4B:66:26:5F:D9:9D
ValidityMon, 14 Aug 2023 08:23:05 GMT - Mon, 06 Nov 2023 08:23:04 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (400)
Hash a83ae5b02e1a6eb805c7eceb38810c9a
fc57e0a8689ded7ecada179336860ebb0b011dca
a047f849d60a04ad9bd4fb1dc996788c863db5686f7b6012272bc96a0a16127e
GET /InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AYZoVhcNGTnd51g73mHWfkTXHwzbPS95XbZYcKQ_O5N6oV-MTZ87gKub6q0ykps63nA2JfqW_SQeKg HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:UiTWCkg2u6U8epv-cuBPEeoOm9w3pg:VEYbu8qwoQH7mmBz;Path=/;Expires=Sat, 20-Sep-2025 00:15:13 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 21 Sep 2023 00:15:13 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AYZoVheJL2__NyFk4_aYdXyaAfVNlzs6pHbOiLuAHTVt4Y9JC1h5RLT8mxo6ZC4RU1JoWaGeJ6mC-A&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1710592879%3A1695255313483535&theme=glif
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-7fFO-YyM1HJxuSCb66cLNg' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 408
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
du0pud0sdlmzf.cloudfront.net/9VVpndlE2NQkQbiEzA0tobG1TR2VzMBQZPyVnAzAaEBMNHwhnKCQ4dyEgA0thczYGGDZofAIYMmhrQRc1N2dTUCUlNQxLPDI8FQc8PDcABncgO1obPi8zCxowcGghQ39lf1VGeS1rVlNiF39VRj08NBIOdGdqH05nCmxTU2IXf1VGIyN/VDdgZWNJRnhwaF-cRNDYxCFNjE2hXR2Fla1dHdGdqAR8jMDwIDnRnHFZHYHtqQQNsZA
143.204.42.89 568 B URL du0pud0sdlmzf.cloudfront.net/9VVpndlE2NQkQbiEzA0tobG1TR2VzMBQZPyVnAzAaEBMNHwhnKCQ4dyEgA0thczYGGDZofAIYMmhrQRc1N2dTUCUlNQxLPDI8FQc8PDcABncgO1obPi8zCxowcGghQ39lf1VGeS1rVlNiF39VRj08NBIOdGdqH05nCmxTU2IXf1VGIyN/VDdgZWNJRnhwaF-cRNDYxCFNjE2hXR2Fla1dHdGdqAR8jMDwIDnRnHFZHYHtqQQNsZA
IP 143.204.42.89:0
Certificate IssuerAmazon
Subject*.cloudfront.net
FingerprintBA:0F:CD:B3:EA:19:B2:9D:99:9B:51:2D:16:33:6B:D0:3F:31:A2:AB
ValidityThu, 08 Dec 2022 00:00:00 GMT - Thu, 07 Dec 2023 23:59:59 GMT
File type ASCII text, with very long lines (792), with no line terminators
Hash d5e14ec05b7929fc59a40af8b074bf57
b87e5d0462d547d69f6f288b8d31a76c9f13655b
99c48d1754560e8c6cce3b14ba8b4ce29e1a644b482a23de0529ac5fcac36f73
GET /9VVpndlE2NQkQbiEzA0tobG1TR2VzMBQZPyVnAzAaEBMNHwhnKCQ4dyEgA0thczYGGDZofAIYMmhrQRc1N2dTUCUlNQxLPDI8FQc8PDcABncgO1obPi8zCxowcGghQ39lf1VGeS1rVlNiF39VRj08NBIOdGdqH05nCmxTU2IXf1VGIyN/VDdgZWNJRnhwaF-cRNDYxCFNjE2hXR2Fla1dHdGdqAR8jMDwIDnRnHFZHYHtqQQNsZA HTTP/1.1
Host: du0pud0sdlmzf.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nanrumandbac.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 568
date: Thu, 21 Sep 2023 00:15:13 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 410f51195842d9b592b15d6588c36654.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: SbS6B1EKRgZ0iWPFeGIERd_SyTdV-qlX293PHMDSZvPMWO1Yq0Comg==
X-Firefox-Spdy: h2
du0pud0sdlmzf.cloudfront.net/xM0dmbTlQKAgLBkcuAlAACnBSXQEVLRUCV0N6NAVhUQxTH18DMwIcX1ZhEhddDndAAVhdIFtLXF0kW1wfUiMEUA0VMgdQVFw9DwFVUmJUKwwdd0NfCRs/V1wcAAVDXwlfLggYQRZ1VhUBBRhQWRwABUNfCUExQ154AndfQwkaYlRdXlYkDQIcAQFUXQgDd1-ddCBZ1VgtQQSIAAkEWdSBcCAJpVktMDnY
143.204.42.89 195 B URL du0pud0sdlmzf.cloudfront.net/xM0dmbTlQKAgLBkcuAlAACnBSXQEVLRUCV0N6NAVhUQxTH18DMwIcX1ZhEhddDndAAVhdIFtLXF0kW1wfUiMEUA0VMgdQVFw9DwFVUmJUKwwdd0NfCRs/V1wcAAVDXwlfLggYQRZ1VhUBBRhQWRwABUNfCUExQ154AndfQwkaYlRdXlYkDQIcAQFUXQgDd1-ddCBZ1VgtQQSIAAkEWdSBcCAJpVktMDnY
IP 143.204.42.89:0
Certificate IssuerAmazon
Subject*.cloudfront.net
FingerprintBA:0F:CD:B3:EA:19:B2:9D:99:9B:51:2D:16:33:6B:D0:3F:31:A2:AB
ValidityThu, 08 Dec 2022 00:00:00 GMT - Thu, 07 Dec 2023 23:59:59 GMT
File type ASCII text, with no line terminators
Hash a676009e84e97b6f6496ebd8c6d6b81c
adec430a70aac3054a9c3f1823d3d2c2b4d0efb6
84efbdbf162e388ba8b84a95f6343b3ff17ece2c6cda8260ea6b9ec31726d067
GET /xM0dmbTlQKAgLBkcuAlAACnBSXQEVLRUCV0N6NAVhUQxTH18DMwIcX1ZhEhddDndAAVhdIFtLXF0kW1wfUiMEUA0VMgdQVFw9DwFVUmJUKwwdd0NfCRs/V1wcAAVDXwlfLggYQRZ1VhUBBRhQWRwABUNfCUExQ154AndfQwkaYlRdXlYkDQIcAQFUXQgDd1-ddCBZ1VgtQQSIAAkEWdSBcCAJpVktMDnY HTTP/1.1
Host: du0pud0sdlmzf.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nanrumandbac.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 195
date: Thu, 21 Sep 2023 00:15:13 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 410f51195842d9b592b15d6588c36654.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: oMZoppL-ujvYLVeM37uUxcePtMp_8dbXbqHa3P2g4ZiQ2CzLXKhQKw==
X-Firefox-Spdy: h2
du0pud0sdlmzf.cloudfront.net/bQ0JwUjQgLR40CzcrFG8NenVDZA1lKAM9WjN/FRF/FzAyFEE2BAAoVTsWCHRAOSZNYhIvIx41CWUnHjEJcmQRNlZ+dlYmRCwpTT9TJTABP10uJQB0QSJ/HT1OKi4cMxFxBEV8BGZwQHpMcnNVYXZmcEA+XS03CHcGczpIZGt1dlVhdmZwQCBCZnExYwR6bE-B7EXFyFzdXKC1VYHJxckFiBHJyQXcGcyQZIFElLQh3BgVzQWMac2QFbwU
143.204.42.89 604 B URL du0pud0sdlmzf.cloudfront.net/bQ0JwUjQgLR40CzcrFG8NenVDZA1lKAM9WjN/FRF/FzAyFEE2BAAoVTsWCHRAOSZNYhIvIx41CWUnHjEJcmQRNlZ+dlYmRCwpTT9TJTABP10uJQB0QSJ/HT1OKi4cMxFxBEV8BGZwQHpMcnNVYXZmcEA+XS03CHcGczpIZGt1dlVhdmZwQCBCZnExYwR6bE-B7EXFyFzdXKC1VYHJxckFiBHJyQXcGcyQZIFElLQh3BgVzQWMac2QFbwU
IP 143.204.42.89:0
Certificate IssuerAmazon
Subject*.cloudfront.net
FingerprintBA:0F:CD:B3:EA:19:B2:9D:99:9B:51:2D:16:33:6B:D0:3F:31:A2:AB
ValidityThu, 08 Dec 2022 00:00:00 GMT - Thu, 07 Dec 2023 23:59:59 GMT
File type ASCII text, with very long lines (864), with no line terminators
Hash 7256a8e5e739df7d681ed543f174a80b
384fa55069956371886554555902092e2f2513f0
85543d2762bce608c4443c16ca69907a46a63b12bb1bcf2ba76fcd58d6debcc5
GET /bQ0JwUjQgLR40CzcrFG8NenVDZA1lKAM9WjN/FRF/FzAyFEE2BAAoVTsWCHRAOSZNYhIvIx41CWUnHjEJcmQRNlZ+dlYmRCwpTT9TJTABP10uJQB0QSJ/HT1OKi4cMxFxBEV8BGZwQHpMcnNVYXZmcEA+XS03CHcGczpIZGt1dlVhdmZwQCBCZnExYwR6bE-B7EXFyFzdXKC1VYHJxckFiBHJyQXcGcyQZIFElLQh3BgVzQWMac2QFbwU HTTP/1.1
Host: du0pud0sdlmzf.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nanrumandbac.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 604
date: Thu, 21 Sep 2023 00:15:13 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 410f51195842d9b592b15d6588c36654.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: V1cweLAsz_IctkGpUk2h2675TUaGRYSM1twxlGwSHadtijdhRNitaw==
X-Firefox-Spdy: h2
oldpiecesontheth.com/eXVCYzNWSiEQDiwtCFdhIScpMFhIRxMOWzohcS17IyAML1UsAmQXWh1Ie1oETUR2RUMQEX9SFQoBIxdGCkhxUwNIUysNVRZIclMDSFM0XgJXRnZNAE1bckVGRER3UAJPQXRXC01Ad1YBSkRkF0MYEn9SFQkBNg8OSEN7VgFMQHFSAEBBdw
188.114.97.1204 No Content 0 B URL POST HTTP/3 oldpiecesontheth.com/eXVCYzNWSiEQDiwtCFdhIScpMFhIRxMOWzohcS17IyAML1UsAmQXWh1Ie1oETUR2RUMQEX9SFQoBIxdGCkhxUwNIUysNVRZIclMDSFM0XgJXRnZNAE1bckVGRER3UAJPQXRXC01Ad1YBSkRkF0MYEn9SFQkBNg8OSEN7VgFMQHFSAEBBdw
IP 188.114.97.1:443
Requested by https://www.upload.ee/files/15707493/svhosts.exe.html?msg=sess_error
Certificate IssuerGoogle Trust Services LLC
Subjectoldpiecesontheth.com
Fingerprint4F:41:E6:37:24:5A:21:1C:F2:BC:AA:9E:1C:59:ED:CF:BD:CC:29:68
ValidityWed, 13 Sep 2023 06:26:19 GMT - Tue, 12 Dec 2023 06:26:18 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /eXVCYzNWSiEQDiwtCFdhIScpMFhIRxMOWzohcS17IyAML1UsAmQXWh1Ie1oETUR2RUMQEX9SFQoBIxdGCkhxUwNIUysNVRZIclMDSFM0XgJXRnZNAE1bckVGRER3UAJPQXRXC01Ad1YBSkRkF0MYEn9SFQkBNg8OSEN7VgFMQHFSAEBBdw HTTP/1.1
Host: oldpiecesontheth.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.upload.ee
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/3 204 No Content
date: Thu, 21 Sep 2023 00:15:13 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EEhY4L8EAsKucN2HKpABQwPthdPCCXqcom7tuHGwiWJVdm7G3jICPVc7j1L2fVx9fwEcRdT7lU%2BZ6sf7NcMhhR56AQj3jiDyV4GFl%2FFJrv33%2B9WZhjFnjofN5aWCWUL1LRp7LcAGdg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 809e1ccf2adfb4f1-OSL
alt-svc: h3=":443"; ma=86400
accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AYZoVhdJk8dGcPD-l1fcZ12_c_Q891dt5k-sp5WTW_Eo3FV9UGwGg9832FEFTfwlxuUqgkyIH_-cYQ&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S453008692%3A1695255313417983&theme=glif
142.250.74.109403 Forbidden 2.1 kB URL GET HTTP/3 accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AYZoVhdJk8dGcPD-l1fcZ12_c_Q891dt5k-sp5WTW_Eo3FV9UGwGg9832FEFTfwlxuUqgkyIH_-cYQ&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S453008692%3A1695255313417983&theme=glif
IP 142.250.74.109:443
Requested by https://www.upload.ee/files/15707493/svhosts.exe.html?msg=sess_error
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint5A:48:5B:27:A7:FB:0B:D6:63:83:8E:8E:80:DB:29:B7:2C:72:A8:8E
ValidityMon, 14 Aug 2023 08:16:28 GMT - Mon, 06 Nov 2023 08:16:27 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (1656)
Hash 234ef2ddc043c8228afd969394fd7823
e6cab419579075d1a46dacf78410b80f5e8f5d4d
4f822ceaccb309d383a8b5ac8376c6e4158f8318118affc9716f4e188d8abe76
GET /v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AYZoVhdJk8dGcPD-l1fcZ12_c_Q891dt5k-sp5WTW_Eo3FV9UGwGg9832FEFTfwlxuUqgkyIH_-cYQ&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S453008692%3A1695255313417983&theme=glif HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 21 Sep 2023 00:15:13 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-kHgLNrvvRf8B4rTB7lUqOw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
static.bepolite.eu/scripts/saresponsive.js
212.47.222.20200 OK 177 kB URL GET HTTP/2 static.bepolite.eu/scripts/saresponsive.js
IP 212.47.222.20:443
ASN #3327 CITIC Telecom CPC Netherlands B.V.
Requested by https://www.upload.ee/files/15707493/svhosts.exe.html?msg=sess_error
Certificate IssuerLet's Encrypt
Subjectstatic.bepolite.eu
FingerprintB7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD
ValidityMon, 04 Sep 2023 21:06:47 GMT - Sun, 03 Dec 2023 21:06:46 GMT
File type ASCII text, with very long lines (32077), with CRLF line terminators
Size 177 kB (176967 bytes)
Hash 636b4ad7f97aa55c2242b396fe3e9f44
b4d6aae9e6f3de7fb4478f9ee5e12a8141bb02ba
54f7e44d9e8b65978b3753e157c4a3c9c338645fcc31429f6c49aca5e4bd1c62
GET /scripts/saresponsive.js HTTP/1.1
Host: static.bepolite.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
accept-ranges: bytes
etag: "2445274911"
last-modified: Sun, 17 Sep 2023 21:45:34 GMT
content-length: 176967
date: Thu, 21 Sep 2023 00:07:15 GMT
cache-control: must-revalidate, private
expires: -1
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 483344107
age: 0
X-Firefox-Spdy: h2
static.bepolite.eu/banners/560d3041-f893-4274-89fb-dbe9e865617a/Kodukiri160x600px.jpg
212.47.222.20200 OK 79 kB URL GET HTTP/2 static.bepolite.eu/banners/560d3041-f893-4274-89fb-dbe9e865617a/Kodukiri160x600px.jpg
IP 212.47.222.20:443
ASN #3327 CITIC Telecom CPC Netherlands B.V.
Requested by https://www.upload.ee/files/15707493/svhosts.exe.html?msg=sess_error
Certificate IssuerLet's Encrypt
Subjectstatic.bepolite.eu
FingerprintB7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD
ValidityMon, 04 Sep 2023 21:06:47 GMT - Sun, 03 Dec 2023 21:06:46 GMT
File type JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 160x600, components 3\012- data
Hash 41f3b0ab679a9200a356605f1f5c09ef
3bac887c4490b185b3148e407beaabeaa9993f1a
8f83e7e0779184d49a8989469518dc7d982c59b4595e9f635723cfccd2f13f89
GET /banners/560d3041-f893-4274-89fb-dbe9e865617a/Kodukiri160x600px.jpg HTTP/1.1
Host: static.bepolite.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
accept-ranges: bytes
etag: "54806633"
last-modified: Fri, 01 Sep 2023 10:29:52 GMT
content-length: 79006
date: Thu, 21 Sep 2023 00:15:01 GMT
cache-control: must-revalidate, private
expires: -1
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 483344110
age: 0
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.132.28200 OK 104 kB IP 172.64.132.28:443
Requested by https://www.upload.ee/files/15707493/svhosts.exe.html?msg=sess_error
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint17:F9:2D:6F:B5:5E:5F:37:A6:FB:BE:61:4F:97:64:33:85:5C:3A:FB
ValidityTue, 28 Feb 2023 00:00:00 GMT - Tue, 27 Feb 2024 23:59:59 GMT
Size 104 kB (103897 bytes)
Hash 982034c341d787a8bc0201891b2deaaf
55e3cf6858c81a2678337a5874b7a55c221291a7
356ff235d7f84ba15251df347c90d7f81af137c0ac9158ddd141ff16e288ebbd
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
Origin: https://www.upload.ee
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 21 Sep 2023 00:15:13 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://www.upload.ee
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 4174
last-modified: Wed, 20 Sep 2023 23:05:39 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eYYUrlYa8ixR11GlAFWeqMfLzI7LvaTvZjqW%2Feugn5m%2FR%2FAtJnsb2HJ%2F5PUqu80ehkOuo3a3wvjMsQYKZuY8aeioov441Wx%2Baa0w3PiLVAEdo0nvDeTpeibuDQhJ7ZFp"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 809e1ccccc560716-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF7iEPN-NL4BuJGntMhNCnZt8M7TLCtVyaApxBMMKgj5Ve6GbMyL2D1n2dt_NGtHY5BQTIbW9O0KYh8Ua7Lyy5-cBlnUOkjKgxGDIg1ovnUBToM5VURZ61Z8GBPtNyB2e6WxCNNlLqfggm_AxT3Ytaz7zp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3pVKm2BIXrFw9g6XIXIB_f-M_JeF5qpzRLucBKymNaySyZUJk9zhdVqqQSICK54Ara5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g
212.47.222.20200 OK 0 B URL GET HTTP/2 serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF7iEPN-NL4BuJGntMhNCnZt8M7TLCtVyaApxBMMKgj5Ve6GbMyL2D1n2dt_NGtHY5BQTIbW9O0KYh8Ua7Lyy5-cBlnUOkjKgxGDIg1ovnUBToM5VURZ61Z8GBPtNyB2e6WxCNNlLqfggm_AxT3Ytaz7zp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3pVKm2BIXrFw9g6XIXIB_f-M_JeF5qpzRLucBKymNaySyZUJk9zhdVqqQSICK54Ara5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g
IP 212.47.222.20:443
ASN #3327 CITIC Telecom CPC Netherlands B.V.
Requested by https://www.upload.ee/files/15707493/svhosts.exe.html?msg=sess_error
Certificate IssuerLet's Encrypt
Subjectstatic.bepolite.eu
FingerprintB7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD
ValidityMon, 04 Sep 2023 21:06:47 GMT - Sun, 03 Dec 2023 21:06:46 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /event?key=FYFWuDany3hwv6rfuoAYF7iEPN-NL4BuJGntMhNCnZt8M7TLCtVyaApxBMMKgj5Ve6GbMyL2D1n2dt_NGtHY5BQTIbW9O0KYh8Ua7Lyy5-cBlnUOkjKgxGDIg1ovnUBToM5VURZ61Z8GBPtNyB2e6WxCNNlLqfggm_AxT3Ytaz7zp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3pVKm2BIXrFw9g6XIXIB_f-M_JeF5qpzRLucBKymNaySyZUJk9zhdVqqQSICK54Ara5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g HTTP/1.1
Host: serving.bepolite.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Cookie: bepolite_id=b3bc9c5e1cf74bb0bf7399e3e337d470
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 0
date: Thu, 21 Sep 2023 00:15:00 GMT
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 482854703
age: 0
accept-ranges: bytes
X-Firefox-Spdy: h2
pogothere.xyz/
172.64.132.28200 OK 26 B IP 172.64.132.28:443
Requested by https://www.upload.ee/files/15707493/svhosts.exe.html?msg=sess_error
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint17:F9:2D:6F:B5:5E:5F:37:A6:FB:BE:61:4F:97:64:33:85:5C:3A:FB
ValidityTue, 28 Feb 2023 00:00:00 GMT - Tue, 27 Feb 2024 23:59:59 GMT
File type ASCII text, with no line terminators
Hash c2d11fbd76ccb8b94edd74b0b3cc4b6f
e521bdc4bd2e4f603683439ce208128c52307cca
d86d6863e2f57d1b260c7789b49bbfc201845324622f3f9eba2d6171cb1c983c
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
Origin: https://www.upload.ee
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 21 Sep 2023 00:15:13 GMT
content-type: text/plain
set-cookie: csu=183598491449067@1@1695255313; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://www.upload.ee
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yNOyt0jqhGVdaeZt%2BHiaYxIuOszvNKAuMeao7Uxs%2BiybjEj0z5aeKC8A8rGTepBNWhS%2Bg%2BbBNfSMhq%2FDeNpAD3%2Fm4ABWNLr1sQw5d0ifulGQCEOdp9n47VdeGNLp15be"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 809e1ccccc590716-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
oldpiecesontheth.com/popunder.gif
188.114.97.1200 OK 35 B URL GET HTTP/3 oldpiecesontheth.com/popunder.gif
IP 188.114.97.1:443
Requested by https://www.upload.ee/files/15707493/svhosts.exe.html?msg=sess_error
Certificate IssuerGoogle Trust Services LLC
Subjectoldpiecesontheth.com
Fingerprint4F:41:E6:37:24:5A:21:1C:F2:BC:AA:9E:1C:59:ED:CF:BD:CC:29:68
ValidityWed, 13 Sep 2023 06:26:19 GMT - Tue, 12 Dec 2023 06:26:18 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
GET /popunder.gif HTTP/1.1
Host: oldpiecesontheth.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 21 Sep 2023 00:15:13 GMT
content-type: image/gif
access-control-allow-origin: *
pragma: public
cache-control: public, max-age=604800, immutable
cf-cache-status: HIT
age: 6732
last-modified: Wed, 20 Sep 2023 22:23:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4sk9qoQ%2FXCnn7l0tpa8F4OS9FygE7UKVOG7ZyNbAsDqiSSlaAGhso9INtfFnydI1jiTPwtZNIiso4ezOUICVBKO6xJb0xzTR1ya6z0KWRWlFnIgqe3O5GUXiuDYyetUyiG%2B3z4T5qQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 809e1ccd9a7cb4f1-OSL
alt-svc: h3=":443"; ma=86400
serving.bepolite.eu/script?space=50dd7b0f-4105-441f-8f60-18cc3fcb090c&type=direct&page_id=2269005&screen_width=1280&screen_height=1024&os=Linux%20x86_64&refurl=https%3A%2F%2Fwww.upload.ee%2Fdownload%2F15707493%2F9aba123b3d0b1d92249d%2Fsvhosts.exe&pageurl=https%3A%2F%2Fwww.upload.ee%2Ffiles%2F15707493%2Fsvhosts.exe.html%3Fmsg%3Dsess_error&rnd=1695255313008
0.0.0.0 0 B URL GET serving.bepolite.eu/script?space=50dd7b0f-4105-441f-8f60-18cc3fcb090c&type=direct&page_id=2269005&screen_width=1280&screen_height=1024&os=Linux%20x86_64&refurl=https%3A%2F%2Fwww.upload.ee%2Fdownload%2F15707493%2F9aba123b3d0b1d92249d%2Fsvhosts.exe&pageurl=https%3A%2F%2Fwww.upload.ee%2Ffiles%2F15707493%2Fsvhosts.exe.html%3Fmsg%3Dsess_error&rnd=1695255313008
IP 0.0.0.0:0
Requested by https://www.upload.ee/files/15707493/svhosts.exe.html?msg=sess_error
Certificate IssuerLet's Encrypt
Subjectstatic.bepolite.eu
FingerprintB7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD
ValidityMon, 04 Sep 2023 21:06:47 GMT - Sun, 03 Dec 2023 21:06:46 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /script?space=50dd7b0f-4105-441f-8f60-18cc3fcb090c&type=direct&page_id=2269005&screen_width=1280&screen_height=1024&os=Linux%20x86_64&refurl=https%3A%2F%2Fwww.upload.ee%2Fdownload%2F15707493%2F9aba123b3d0b1d92249d%2Fsvhosts.exe&pageurl=https%3A%2F%2Fwww.upload.ee%2Ffiles%2F15707493%2Fsvhosts.exe.html%3Fmsg%3Dsess_error&rnd=1695255313008 HTTP/1.1
Host: serving.bepolite.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
cache-control: private, must-revalidate, max-age=0
vary: accept-encoding
content-encoding: gzip
content-type: text/plain;charset=ISO-8859-1
date: Thu, 21 Sep 2023 00:15:00 GMT
set-cookie: bepolite_id=b3bc9c5e1cf74bb0bf7399e3e337d470; Max-Age=7776000; Expires=Wed, 20-Dec-2023 00:15:00 GMT; SameSite=None; Secure
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 423454807
age: 0
accept-ranges: bytes
content-length: 1250
X-Firefox-Spdy: h2
pogothere.xyz/
172.64.132.28200 OK 27 B IP 172.64.132.28:443
Requested by https://www.upload.ee/files/15707493/svhosts.exe.html?msg=sess_error
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint17:F9:2D:6F:B5:5E:5F:37:A6:FB:BE:61:4F:97:64:33:85:5C:3A:FB
ValidityTue, 28 Feb 2023 00:00:00 GMT - Tue, 27 Feb 2024 23:59:59 GMT
File type ASCII text, with no line terminators
Hash 84cc470f5555b927ec3dd1055700c053
c0949f0f91366d761c9ca5994d57a52223ecbcfd
ee86e81c1a25bc9805872f8a6cf96a7974cd48bb6a90002cdcecb1c5523b921f
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
Origin: https://www.upload.ee
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 21 Sep 2023 00:15:13 GMT
content-type: text/plain
set-cookie: csu=1531646484555231@1@1695255313; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://www.upload.ee
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0uQQbbBH9W%2BbvtwkHy7Cm1SdDfixyNTFs33o6GR0HBrqvuhY1xY8wuqFOnAF9QpkCdlowqngy2UNai0rCdU0cSZ%2BCrgb9CNk%2FSOs6jAM%2B2a8JtwRMS0JLbn8mnwhDc4d"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 809e1ccccc5d0716-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AYZoVheJL2__NyFk4_aYdXyaAfVNlzs6pHbOiLuAHTVt4Y9JC1h5RLT8mxo6ZC4RU1JoWaGeJ6mC-A&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1710592879%3A1695255313483535&theme=glif
142.250.74.109403 Forbidden 0 B URL GET HTTP/3 accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AYZoVheJL2__NyFk4_aYdXyaAfVNlzs6pHbOiLuAHTVt4Y9JC1h5RLT8mxo6ZC4RU1JoWaGeJ6mC-A&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1710592879%3A1695255313483535&theme=glif
IP 142.250.74.109:443
Requested by https://www.upload.ee/files/15707493/svhosts.exe.html?msg=sess_error
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint5A:48:5B:27:A7:FB:0B:D6:63:83:8E:8E:80:DB:29:B7:2C:72:A8:8E
ValidityMon, 14 Aug 2023 08:16:28 GMT - Mon, 06 Nov 2023 08:16:27 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AYZoVheJL2__NyFk4_aYdXyaAfVNlzs6pHbOiLuAHTVt4Y9JC1h5RLT8mxo6ZC4RU1JoWaGeJ6mC-A&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1710592879%3A1695255313483535&theme=glif HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 21 Sep 2023 00:15:13 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-security-policy: script-src 'nonce-CgFguSJ2hOV1vmxsXXy9GQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
static.bepolite.eu/files/close-gray.png
212.47.222.20200 OK 1.5 kB URL GET HTTP/2 static.bepolite.eu/files/close-gray.png
IP 212.47.222.20:443
ASN #3327 CITIC Telecom CPC Netherlands B.V.
Requested by https://www.upload.ee/files/15707493/svhosts.exe.html?msg=sess_error
Certificate IssuerLet's Encrypt
Subjectstatic.bepolite.eu
FingerprintB7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD
ValidityMon, 04 Sep 2023 21:06:47 GMT - Sun, 03 Dec 2023 21:06:46 GMT
File type PNG image data, 35 x 35, 8-bit/color RGBA, non-interlaced\012- data
Hash 41d9676ab94bece3f7a549b4769ddbe2
521f14490fc57fea51e2e5bf00e2299dce51561b
c2f89787bda82263fceb9ec11d398fa83a5f22abf248956df29bdee2987d2f34
GET /files/close-gray.png HTTP/1.1
Host: static.bepolite.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/png
accept-ranges: bytes
etag: "3930991918"
last-modified: Fri, 08 Apr 2022 18:07:56 GMT
content-length: 1497
date: Thu, 21 Sep 2023 00:07:16 GMT
cache-control: must-revalidate, private
expires: -1
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 483344113
age: 0
X-Firefox-Spdy: h2