www.upload.ee/download/15607744/121100e4029e1da0da8c/gomplayerplus2.3.90.5360x64.exe
413 B URL www.upload.ee/download/15607744/121100e4029e1da0da8c/gomplayerplus2.3.90.5360x64.exe
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (413), with no line terminators
Hash c964fea1e58dc7b70b1ebb1a12f247e4
2c737dbbffc264f04e0726b1cb24a9dc4aeebcf9
07c7346a947f1df6c0884bae69496317ccfb83ccc5bbb27d40ba8167dc66352c
GET /download/15607744/121100e4029e1da0da8c/gomplayerplus2.3.90.5360x64.exe HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Server: nginx
Date: Mon, 02 Oct 2023 05:30:53 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 413
Connection: keep-alive
Keep-Alive: timeout=5
Strict-Transport-Security: max-age=31536000
X-XSS-Protection: 1
P3P: CP="CAO PSA OUR"
www.upload.ee/download/15607744/121100e4029e1da0da8c/gomplayerplus2.3.90.5360x64.exe
413 B URL www.upload.ee/download/15607744/121100e4029e1da0da8c/gomplayerplus2.3.90.5360x64.exe
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (413), with no line terminators
Hash c964fea1e58dc7b70b1ebb1a12f247e4
2c737dbbffc264f04e0726b1cb24a9dc4aeebcf9
07c7346a947f1df6c0884bae69496317ccfb83ccc5bbb27d40ba8167dc66352c
GET /download/15607744/121100e4029e1da0da8c/gomplayerplus2.3.90.5360x64.exe HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Server: nginx
Date: Mon, 02 Oct 2023 05:30:53 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 413
Connection: keep-alive
Keep-Alive: timeout=5
Strict-Transport-Security: max-age=31536000
X-XSS-Protection: 1
P3P: CP="CAO PSA OUR"
www.upload.ee/files/15607744/GOMPlayerPlus2.3.90.5360x64.exe.html
200 OK 9.0 kB URL User Request GET HTTP/1.1 www.upload.ee/files/15607744/GOMPlayerPlus2.3.90.5360x64.exe.html
IP
Certificate IssuerDigiCert, Inc.
Subjectwww.upload.ee
Fingerprint50:32:93:34:C8:04:2F:84:49:77:0D:C4:DD:CA:79:C9:CB:3E:C0:F4
ValidityThu, 02 Mar 2023 00:00:00 GMT - Mon, 01 Apr 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4526)
Hash 85eeaa088a3ea59c9d2439c67925c3e1
4ea9cb4ca6f21a8d8eeb8f76e4af9e9f4489ee47
c7354392d83b08d189adeb78cd61a18307202dcbff6cc462fda424fd1b6d725f
GET /files/15607744/GOMPlayerPlus2.3.90.5360x64.exe.html HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/download/15607744/121100e4029e1da0da8c/gomplayerplus2.3.90.5360x64.exe
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 02 Oct 2023 05:30:54 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 8970
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 02 Oct 2023 08:30:54 +0300
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Strict-Transport-Security: max-age=31536000
X-XSS-Protection: 1
P3P: CP="CAO PSA OUR"
Set-Cookie: lng=eng; expires=Mon, 30-Oct-2023 05:30:54 GMT; path=/; domain=www.upload.ee; secure; httponly; SameSite=None
Content-Encoding: gzip
du0pud0sdlmzf.cloudfront.net/?dupud=997369
200 OK 118 kB URL GET HTTP/2 du0pud0sdlmzf.cloudfront.net/?dupud=997369
IP
Requested by https://www.upload.ee/files/15607744/GOMPlayerPlus2.3.90.5360x64.exe.html
Certificate IssuerAmazon
Subject*.cloudfront.net
FingerprintBA:0F:CD:B3:EA:19:B2:9D:99:9B:51:2D:16:33:6B:D0:3F:31:A2:AB
ValidityThu, 08 Dec 2022 00:00:00 GMT - Thu, 07 Dec 2023 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (15948)
Size 118 kB (117737 bytes)
Hash 5c9a96508cc272c37e8515524f974073
1d22eff75f68685c31f50c22b3170606c3b5e401
3bea66734d33aad6fa6cd5a5c50e5dbd24ffcf77138259b7d1fb83e37fa9f30d
GET /?dupud=997369 HTTP/1.1
Host: du0pud0sdlmzf.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-length: 117737
date: Mon, 02 Oct 2023 05:30:45 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Hit from cloudfront
via: 1.1 dbfaae0db03f11cf713bbcbdb25be4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 7AZRj3X4HJ-BviURB2KOnWGhhWk6nlSEwAfXkJUqybl8md6XOhvl1g==
age: 9
X-Firefox-Spdy: h2
www.upload.ee/static/ubr__style.css
200 OK 2.9 kB URL GET HTTP/1.1 www.upload.ee/static/ubr__style.css
IP
Requested by https://www.upload.ee/files/15607744/GOMPlayerPlus2.3.90.5360x64.exe.html
Certificate IssuerDigiCert, Inc.
Subjectwww.upload.ee
Fingerprint50:32:93:34:C8:04:2F:84:49:77:0D:C4:DD:CA:79:C9:CB:3E:C0:F4
ValidityThu, 02 Mar 2023 00:00:00 GMT - Mon, 01 Apr 2024 23:59:59 GMT
File type ASCII text, with very long lines (591), with CRLF line terminators
Hash 3ba04e290212b44bcca8f10a60a4e879
a9b021c9019bdbb28250836039b2372a1b4d0f0f
f618b1c7be10c3203620d44c6f323be5b61ac10e67588d96cb69988b3173c7d2
GET /static/ubr__style.css HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/files/15607744/GOMPlayerPlus2.3.90.5360x64.exe.html
Cookie: lng=eng
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 02 Oct 2023 05:30:54 GMT
Content-Type: text/css
Last-Modified: Fri, 04 Oct 2013 10:02:27 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
ETag: W/"524e9233-25a0"
Expires: Mon, 09 Oct 2023 05:30:54 GMT
Cache-Control: max-age=604800
Vary: Accept-Encoding
Content-Encoding: gzip
www.upload.ee/js/js__file_upload.js
200 OK 27 kB URL GET HTTP/1.1 www.upload.ee/js/js__file_upload.js
IP
Requested by https://www.upload.ee/files/15607744/GOMPlayerPlus2.3.90.5360x64.exe.html
Certificate IssuerDigiCert, Inc.
Subjectwww.upload.ee
Fingerprint50:32:93:34:C8:04:2F:84:49:77:0D:C4:DD:CA:79:C9:CB:3E:C0:F4
ValidityThu, 02 Mar 2023 00:00:00 GMT - Mon, 01 Apr 2024 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (1853)
Hash 617f6d5a2744bc8c02e3d2c67544bd68
f57c068257c8bc85644d3be1e845c36506cd4625
62a3bb4d9d2b5a55b6d821a75d7b155fac47def3c241e4f1215d17e022f02658
GET /js/js__file_upload.js HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/files/15607744/GOMPlayerPlus2.3.90.5360x64.exe.html
Cookie: lng=eng
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 02 Oct 2023 05:30:54 GMT
Content-Type: application/javascript
Content-Length: 27351
Last-Modified: Thu, 07 May 2020 19:13:28 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "5eb45dd8-6ad7"
Expires: Mon, 09 Oct 2023 05:30:54 GMT
Cache-Control: max-age=604800
Vary: Accept-Encoding
Accept-Ranges: bytes
www.upload.ee/images/arrow.gif
200 OK 59 B URL GET HTTP/1.1 www.upload.ee/images/arrow.gif
IP
Requested by https://www.upload.ee/files/15607744/GOMPlayerPlus2.3.90.5360x64.exe.html
Certificate IssuerDigiCert, Inc.
Subjectwww.upload.ee
Fingerprint50:32:93:34:C8:04:2F:84:49:77:0D:C4:DD:CA:79:C9:CB:3E:C0:F4
ValidityThu, 02 Mar 2023 00:00:00 GMT - Mon, 01 Apr 2024 23:59:59 GMT
File type GIF image data, version 89a, 6 x 9\012- data
Hash 6675f814b94f13f91f1383707b250e36
31452650e8fce2095613a2010799bdb7548bdd51
061d01a0b85f948c6ec464870ecec4654c4bd2ff15cacda941bbbf16225ec411
GET /images/arrow.gif HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/files/15607744/GOMPlayerPlus2.3.90.5360x64.exe.html
Cookie: lng=eng
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 02 Oct 2023 05:30:54 GMT
Content-Type: image/gif
Content-Length: 59
Last-Modified: Sun, 14 Apr 2013 07:15:01 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "516a5775-3b"
Expires: Mon, 09 Oct 2023 05:30:54 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes
www.upload.ee/images/dl_.png
200 OK 1.9 kB URL GET HTTP/1.1 www.upload.ee/images/dl_.png
IP
Requested by https://www.upload.ee/files/15607744/GOMPlayerPlus2.3.90.5360x64.exe.html
Certificate IssuerDigiCert, Inc.
Subjectwww.upload.ee
Fingerprint50:32:93:34:C8:04:2F:84:49:77:0D:C4:DD:CA:79:C9:CB:3E:C0:F4
ValidityThu, 02 Mar 2023 00:00:00 GMT - Mon, 01 Apr 2024 23:59:59 GMT
File type PNG image data, 154 x 32, 8-bit colormap, non-interlaced\012- data
Hash f3e8f284a4e98cdb91b6abfc142d94a4
fa9e618c2f56bea752ddd7e45a372c5539dadda9
2f13919383f54ca21e5b87f5644df8a875b99815c821dcbbabea352d854c6882
GET /images/dl_.png HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/files/15607744/GOMPlayerPlus2.3.90.5360x64.exe.html
Cookie: lng=eng
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 02 Oct 2023 05:30:54 GMT
Content-Type: image/png
Content-Length: 1900
Last-Modified: Thu, 01 Dec 2016 09:37:27 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "583fef57-76c"
Expires: Mon, 09 Oct 2023 05:30:54 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
471 B IP
Hash 46a98adcba0a067591be1fb36b779473
8303da516b26b1d75b6b9798730c6311245c4122
91e198fc434e5db4b6375002c0ab751f38e75e02e595a6a6024c1b1226151d5e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 02 Oct 2023 05:30:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=UA-6703115-1
200 OK 52 kB URL GET HTTP/2 www.googletagmanager.com/gtag/js?id=UA-6703115-1
IP
Requested by https://www.upload.ee/files/15607744/GOMPlayerPlus2.3.90.5360x64.exe.html
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint00:ED:16:68:8D:DB:14:8B:43:01:81:CA:83:9A:AE:5B:24:AB:11:18
ValidityMon, 04 Sep 2023 08:17:06 GMT - Mon, 27 Nov 2023 08:17:05 GMT
File type ASCII text, with very long lines (2213)
Hash 95a03d057220b60becd54505acc69f81
a786d25947f6627a7b7da733c4c85ad1bac4f765
ace869f995f9932dc66f5dc3141da7cc5242dd5d1e4db7405af480226767e3e9
GET /gtag/js?id=UA-6703115-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 02 Oct 2023 05:30:54 GMT
expires: Mon, 02 Oct 2023 05:30:54 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 51646
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
471 B IP
Hash 46a98adcba0a067591be1fb36b779473
8303da516b26b1d75b6b9798730c6311245c4122
91e198fc434e5db4b6375002c0ab751f38e75e02e595a6a6024c1b1226151d5e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 02 Oct 2023 05:30:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
umoughtcallm.com/dmlPWkZZViwpey8DJx8lIAUaGQ5HKhYcKTcNfww0IB5+aRREGmkuLxJUdmNxRV92fDYfDXJrYAUdLi4zBVR+fC8YDyBnYABUfnR1Qkd8bmhGTzpnd1AdPzshS1hpKjICBXJrcE9ffWhyQFx6bnFF
204 No Content 0 B URL GET HTTP/2 umoughtcallm.com/dmlPWkZZViwpey8DJx8lIAUaGQ5HKhYcKTcNfww0IB5+aRREGmkuLxJUdmNxRV92fDYfDXJrYAUdLi4zBVR+fC8YDyBnYABUfnR1Qkd8bmhGTzpnd1AdPzshS1hpKjICBXJrcE9ffWhyQFx6bnFF
IP
Requested by https://www.upload.ee/files/15607744/GOMPlayerPlus2.3.90.5360x64.exe.html
Certificate IssuerGoogle Trust Services LLC
Subjectumoughtcallm.com
Fingerprint6B:57:1E:F0:AE:98:F4:49:BE:13:72:49:EB:A1:C6:42:13:78:FE:7D
ValidityWed, 13 Sep 2023 06:21:16 GMT - Tue, 12 Dec 2023 06:21:15 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /dmlPWkZZViwpey8DJx8lIAUaGQ5HKhYcKTcNfww0IB5+aRREGmkuLxJUdmNxRV92fDYfDXJrYAUdLi4zBVR+fC8YDyBnYABUfnR1Qkd8bmhGTzpnd1AdPzshS1hpKjICBXJrcE9ffWhyQFx6bnFF HTTP/1.1
Host: umoughtcallm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
date: Mon, 02 Oct 2023 05:30:55 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9OJ%2FTlzVm%2FMnZ9VCJsaYQ7QzymChDdEFVkbqZhhUzSJuFwMoXvhJFq3bKOvyRX4zL9pDXW11FGg%2FvyaZrZ4yCeqxLNDKAXRV5ek2BfZaX9AroaAXumwvpVjX0oOFDabEpdvJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80fa8e5ea9c2b4f9-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
umoughtcallm.com/TkVHTEpheiQ/dy8dHn4uIy0dHj13FRB9MgEEEgobGRAeCB4ifWE4Iyp4fnV9enV/ajonIXp9cmg2My0+OzZ6fWwnKyEjd2gzen1kfmt1Yn5oMHp9bDo1Jit3f2M3OD4ieHZ6c3h3dXh8e3ByfXM
204 No Content 0 B URL GET HTTP/2 umoughtcallm.com/TkVHTEpheiQ/dy8dHn4uIy0dHj13FRB9MgEEEgobGRAeCB4ifWE4Iyp4fnV9enV/ajonIXp9cmg2My0+OzZ6fWwnKyEjd2gzen1kfmt1Yn5oMHp9bDo1Jit3f2M3OD4ieHZ6c3h3dXh8e3ByfXM
IP
Requested by https://www.upload.ee/files/15607744/GOMPlayerPlus2.3.90.5360x64.exe.html
Certificate IssuerGoogle Trust Services LLC
Subjectumoughtcallm.com
Fingerprint6B:57:1E:F0:AE:98:F4:49:BE:13:72:49:EB:A1:C6:42:13:78:FE:7D
ValidityWed, 13 Sep 2023 06:21:16 GMT - Tue, 12 Dec 2023 06:21:15 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /TkVHTEpheiQ/dy8dHn4uIy0dHj13FRB9MgEEEgobGRAeCB4ifWE4Iyp4fnV9enV/ajonIXp9cmg2My0+OzZ6fWwnKyEjd2gzen1kfmt1Yn5oMHp9bDo1Jit3f2M3OD4ieHZ6c3h3dXh8e3ByfXM HTTP/1.1
Host: umoughtcallm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
date: Mon, 02 Oct 2023 05:30:55 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZJzmQmUjndz7yyegFLjjhIIQqItPYAQHK7vjigLVCMOC2ApxBhtkGoh0ZUpZFc1l2xum6e0B3T8K%2FXUkCd5pLj3eZJDpcOP1kvxT4nXrklqw84sU2MJHRlHw903QC9noql5j"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80fa8e5ec9d2b4f9-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ngsinspiringtga.info/QUVPREggJywpdyB4LWI9MylyYXoHYH0CLDR1PzEscTYrKCU7I2EnJC4wKyI6Lis7aiYkMWp2DgkUIzQLGwAkLAYSMgwgIhg/BSgkNiB9dTAUKw0vBQUAAw4yCysBFQF4CB0veAoXOCsLED0aJjIYIgUoJHQfCx0iAix6YXoHIwwnAwordjYSABA7DQ8ldx4ueDgLHCgSCix7NwImHDUPIhQ8DSlwcgp8fAILLyg+BCYiIB56JgAaEyw4I3wGHRgRPzYrcQN5BQB4MhkHHTMLCycrIw0NNQctPWp2DgkSN3YZGSoOInsDEAA+GmR3CScbF3EsKQYyEwgGJiANYg0MDQYKPAQUA3gGDyk8GRwkOCR8Dh4jDQ01AgB1eA4yNjEHAzA2DQcKHiQCNzUSAwN/Jz9nLzwrJjF4OCI8MgY5CR0rFgF0
200 OK 1.2 kB URL GET HTTP/2 ngsinspiringtga.info/QUVPREggJywpdyB4LWI9MylyYXoHYH0CLDR1PzEscTYrKCU7I2EnJC4wKyI6Lis7aiYkMWp2DgkUIzQLGwAkLAYSMgwgIhg/BSgkNiB9dTAUKw0vBQUAAw4yCysBFQF4CB0veAoXOCsLED0aJjIYIgUoJHQfCx0iAix6YXoHIwwnAwordjYSABA7DQ8ldx4ueDgLHCgSCix7NwImHDUPIhQ8DSlwcgp8fAILLyg+BCYiIB56JgAaEyw4I3wGHRgRPzYrcQN5BQB4MhkHHTMLCycrIw0NNQctPWp2DgkSN3YZGSoOInsDEAA+GmR3CScbF3EsKQYyEwgGJiANYg0MDQYKPAQUA3gGDyk8GRwkOCR8Dh4jDQ01AgB1eA4yNjEHAzA2DQcKHiQCNzUSAwN/Jz9nLzwrJjF4OCI8MgY5CR0rFgF0
IP
Requested by https://www.upload.ee/files/15607744/GOMPlayerPlus2.3.90.5360x64.exe.html
Certificate IssuerAmazon
Subjectngsinspiringtga.info
Fingerprint8F:D1:EA:F4:FC:7C:FD:A1:B1:85:31:87:C9:EB:31:40:B8:07:E8:C3
ValidityThu, 21 Sep 2023 00:00:00 GMT - Sat, 19 Oct 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3020), with no line terminators
Hash 8e68e5e85cdd1e79d41ca0b01b5b20be
44ccc3065f620b876fc7fae21ef7048923653acd
2391f01e201aef2a082d2fa7fca5b2203b8648568a87738c7e19ad333aabf6ef
GET /QUVPREggJywpdyB4LWI9MylyYXoHYH0CLDR1PzEscTYrKCU7I2EnJC4wKyI6Lis7aiYkMWp2DgkUIzQLGwAkLAYSMgwgIhg/BSgkNiB9dTAUKw0vBQUAAw4yCysBFQF4CB0veAoXOCsLED0aJjIYIgUoJHQfCx0iAix6YXoHIwwnAwordjYSABA7DQ8ldx4ueDgLHCgSCix7NwImHDUPIhQ8DSlwcgp8fAILLyg+BCYiIB56JgAaEyw4I3wGHRgRPzYrcQN5BQB4MhkHHTMLCycrIw0NNQctPWp2DgkSN3YZGSoOInsDEAA+GmR3CScbF3EsKQYyEwgGJiANYg0MDQYKPAQUA3gGDyk8GRwkOCR8Dh4jDQ01AgB1eA4yNjEHAzA2DQcKHiQCNzUSAwN/Jz9nLzwrJjF4OCI8MgY5CR0rFgF0 HTTP/1.1
Host: ngsinspiringtga.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/html
content-length: 1175
date: Mon, 02 Oct 2023 05:30:55 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 59202edf772149f3e7805f2a4994d252.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: gKaBgBFYVsm_YArV6cLyLkzOdRXMUc8KOKMjyyZuAaGjE6t11gIH_Q==
X-Firefox-Spdy: h2
ngsinspiringtga.info/QjdYcjAjVTsfDyMKOlRFMFtlVwIEEmo0VDcHKAdUckQ8Hl04UXYRXC1CPBRCLVksXF4nQ31AdnNjNSBeFXBgBnM1XH1AchdzNzxxcGEPFgEMYzk0VC1zMCMDA2NtKGA6QDAwATUHASMAAXELPEYKZTAhYRFADjlcLm8+FX00dD8wXBFkKzlyBWE9E3EXcxceenRmMDsFF14VPngWchw7VxR0ORtcdWQ0Fgkab20/eHBbPRMBIVs+JAFnBRoxcXYFHxhqAGEPFWgmWxFGUi5DKiRJFA4AKgQVcgBDUwYGDippF3F9QHIWYhIDaDtcGjB0D3Y5Q2kqVjRLFXBxDjQdJkcAQQkAYQ8VeghPATFgJXZqI2YXUgAcCRRkDxp6DQY0JRYoRDccQH9vHDx5emRhEHwzc28AZnQ
200 OK 1.2 kB URL GET HTTP/2 ngsinspiringtga.info/QjdYcjAjVTsfDyMKOlRFMFtlVwIEEmo0VDcHKAdUckQ8Hl04UXYRXC1CPBRCLVksXF4nQ31AdnNjNSBeFXBgBnM1XH1AchdzNzxxcGEPFgEMYzk0VC1zMCMDA2NtKGA6QDAwATUHASMAAXELPEYKZTAhYRFADjlcLm8+FX00dD8wXBFkKzlyBWE9E3EXcxceenRmMDsFF14VPngWchw7VxR0ORtcdWQ0Fgkab20/eHBbPRMBIVs+JAFnBRoxcXYFHxhqAGEPFWgmWxFGUi5DKiRJFA4AKgQVcgBDUwYGDippF3F9QHIWYhIDaDtcGjB0D3Y5Q2kqVjRLFXBxDjQdJkcAQQkAYQ8VeghPATFgJXZqI2YXUgAcCRRkDxp6DQY0JRYoRDccQH9vHDx5emRhEHwzc28AZnQ
IP
Requested by https://www.upload.ee/files/15607744/GOMPlayerPlus2.3.90.5360x64.exe.html
Certificate IssuerAmazon
Subjectngsinspiringtga.info
Fingerprint8F:D1:EA:F4:FC:7C:FD:A1:B1:85:31:87:C9:EB:31:40:B8:07:E8:C3
ValidityThu, 21 Sep 2023 00:00:00 GMT - Sat, 19 Oct 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3005), with no line terminators
Hash 75e12096e619cc074ce599520f437dfb
2a4b1349ee4cf28c1b38379f722633a2f35e489a
e2704b66aa94a46b304725ddb836c5c754ee8211bc5d9adf82a76c33dfdb9e5c
GET /QjdYcjAjVTsfDyMKOlRFMFtlVwIEEmo0VDcHKAdUckQ8Hl04UXYRXC1CPBRCLVksXF4nQ31AdnNjNSBeFXBgBnM1XH1AchdzNzxxcGEPFgEMYzk0VC1zMCMDA2NtKGA6QDAwATUHASMAAXELPEYKZTAhYRFADjlcLm8+FX00dD8wXBFkKzlyBWE9E3EXcxceenRmMDsFF14VPngWchw7VxR0ORtcdWQ0Fgkab20/eHBbPRMBIVs+JAFnBRoxcXYFHxhqAGEPFWgmWxFGUi5DKiRJFA4AKgQVcgBDUwYGDippF3F9QHIWYhIDaDtcGjB0D3Y5Q2kqVjRLFXBxDjQdJkcAQQkAYQ8VeghPATFgJXZqI2YXUgAcCRRkDxp6DQY0JRYoRDccQH9vHDx5emRhEHwzc28AZnQ HTTP/1.1
Host: ngsinspiringtga.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1161
date: Mon, 02 Oct 2023 05:30:55 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 59202edf772149f3e7805f2a4994d252.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: nLtKwGnXp-uE1AIBIsHEYW-vInuX-IIo32fVa-GvtfJfDY03ly7i9g==
X-Firefox-Spdy: h2
umoughtcallm.com/SFhpQnFnZwoxTCkNBQUmDB4LJDkaKytzN21qKyZDfB0+CgVtaisbMAV+HSsVdWFQdUV5bE8yGCxlWGQCPDkdNwJ1aU8rHy43VGQHdWlHcUVma11sQW4tVHNXPCgIJUx5fhk2BSRlWHRIfmpbdkd9bVx2Rw
204 No Content 0 B URL GET HTTP/2 umoughtcallm.com/SFhpQnFnZwoxTCkNBQUmDB4LJDkaKytzN21qKyZDfB0+CgVtaisbMAV+HSsVdWFQdUV5bE8yGCxlWGQCPDkdNwJ1aU8rHy43VGQHdWlHcUVma11sQW4tVHNXPCgIJUx5fhk2BSRlWHRIfmpbdkd9bVx2Rw
IP
Requested by https://www.upload.ee/files/15607744/GOMPlayerPlus2.3.90.5360x64.exe.html
Certificate IssuerGoogle Trust Services LLC
Subjectumoughtcallm.com
Fingerprint6B:57:1E:F0:AE:98:F4:49:BE:13:72:49:EB:A1:C6:42:13:78:FE:7D
ValidityWed, 13 Sep 2023 06:21:16 GMT - Tue, 12 Dec 2023 06:21:15 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /SFhpQnFnZwoxTCkNBQUmDB4LJDkaKytzN21qKyZDfB0+CgVtaisbMAV+HSsVdWFQdUV5bE8yGCxlWGQCPDkdNwJ1aU8rHy43VGQHdWlHcUVma11sQW4tVHNXPCgIJUx5fhk2BSRlWHRIfmpbdkd9bVx2Rw HTTP/1.1
Host: umoughtcallm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
date: Mon, 02 Oct 2023 05:30:55 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=llwq60rvFNaHVL5G%2BswU6czbmU%2FqUvWCgUVYuARY0CLMMvKo%2B%2Bc8Jn5YUgwOE8bJ21%2B%2Bzo9eSTBbtYTuKvAtR3Z%2FakALpWNk0JDDwubSJq20vtJxAT6wOj5zh66qt3WO5mq%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80fa8e5f09f0b4f9-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ngsinspiringtga.info/ODVyMWhZVxFcV1kIEBcdSllPFFp+EEB3DE0FAkQMCEYWXQVCU1xSBFdAFlcaV1sGHwZdQVcDLnRUJmNcYQdKej9AbDRkKglROnddb2AzfyVtWQZhMF9GP3A6U38iSFBhbRxGOnRjAWMObUU0dhB2ZCBnJnJ3JGQ/enM4YT1qbDNkBF9mNWALdmMzcw1+TUp2MAhgM3AQAWQ1WQNwdxlgCWpnHXgramA/dzl6bDRwInNiQXsmbGNLfCpTXT53WV9zKmcpTGEzayF8Qit5OWl3NWk+VHgjdz1PbQVzDG12Q3wqU1Igdj1PfT1nIl5gMEEha14CUyp6GEp2LHl/EGk+fUUlRjpyYEMIMXpwHnYwblkhdDp9fjYAG3lnHgEeemAeYjluXiF1Pg1QVFsbV1sCDC90QkV5AXYBCnha
200 OK 1.2 kB URL GET HTTP/2 ngsinspiringtga.info/ODVyMWhZVxFcV1kIEBcdSllPFFp+EEB3DE0FAkQMCEYWXQVCU1xSBFdAFlcaV1sGHwZdQVcDLnRUJmNcYQdKej9AbDRkKglROnddb2AzfyVtWQZhMF9GP3A6U38iSFBhbRxGOnRjAWMObUU0dhB2ZCBnJnJ3JGQ/enM4YT1qbDNkBF9mNWALdmMzcw1+TUp2MAhgM3AQAWQ1WQNwdxlgCWpnHXgramA/dzl6bDRwInNiQXsmbGNLfCpTXT53WV9zKmcpTGEzayF8Qit5OWl3NWk+VHgjdz1PbQVzDG12Q3wqU1Igdj1PfT1nIl5gMEEha14CUyp6GEp2LHl/EGk+fUUlRjpyYEMIMXpwHnYwblkhdDp9fjYAG3lnHgEeemAeYjluXiF1Pg1QVFsbV1sCDC90QkV5AXYBCnha
IP
Requested by https://www.upload.ee/files/15607744/GOMPlayerPlus2.3.90.5360x64.exe.html
Certificate IssuerAmazon
Subjectngsinspiringtga.info
Fingerprint8F:D1:EA:F4:FC:7C:FD:A1:B1:85:31:87:C9:EB:31:40:B8:07:E8:C3
ValidityThu, 21 Sep 2023 00:00:00 GMT - Sat, 19 Oct 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3017), with no line terminators
Hash 932f2206b72570709c18da50d10254b0
66ba409fefe989baba39a67f4aefc631446d1cf0
b83374b16f1fe009acd67fdcbddfe76081ba0d59cf0700c23423e886b9a90ace
GET /ODVyMWhZVxFcV1kIEBcdSllPFFp+EEB3DE0FAkQMCEYWXQVCU1xSBFdAFlcaV1sGHwZdQVcDLnRUJmNcYQdKej9AbDRkKglROnddb2AzfyVtWQZhMF9GP3A6U38iSFBhbRxGOnRjAWMObUU0dhB2ZCBnJnJ3JGQ/enM4YT1qbDNkBF9mNWALdmMzcw1+TUp2MAhgM3AQAWQ1WQNwdxlgCWpnHXgramA/dzl6bDRwInNiQXsmbGNLfCpTXT53WV9zKmcpTGEzayF8Qit5OWl3NWk+VHgjdz1PbQVzDG12Q3wqU1Igdj1PfT1nIl5gMEEha14CUyp6GEp2LHl/EGk+fUUlRjpyYEMIMXpwHnYwblkhdDp9fjYAG3lnHgEeemAeYjluXiF1Pg1QVFsbV1sCDC90QkV5AXYBCnha HTTP/1.1
Host: ngsinspiringtga.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1172
date: Mon, 02 Oct 2023 05:30:55 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 59202edf772149f3e7805f2a4994d252.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: M036CXlpdjpxggvf_XOuOXxJeFHPkat0rc2HuF2GvlyWb7q9cdnWag==
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
471 B IP
Hash 63681d796e8c7139a0357658536f694d
0b645725542db2f9b9edb7f8d49bdca51e75af1d
bcc5b3c03912c52c0ae79cb1349a6cc304a198f8648e5a8be5b57c6c2eaf5541
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 02 Oct 2023 05:30:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=G-LT9YQX0N49&l=dataLayer&cx=c
200 OK 86 kB URL GET HTTP/3 www.googletagmanager.com/gtag/js?id=G-LT9YQX0N49&l=dataLayer&cx=c
IP
Requested by https://www.upload.ee/files/15607744/GOMPlayerPlus2.3.90.5360x64.exe.html
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint00:ED:16:68:8D:DB:14:8B:43:01:81:CA:83:9A:AE:5B:24:AB:11:18
ValidityMon, 04 Sep 2023 08:17:06 GMT - Mon, 27 Nov 2023 08:17:05 GMT
File type ASCII text, with very long lines (3034)
Hash 209a7c3cb159f29a5be040c4f2bac76c
4b078ce20120343f0207d4c8ae14ef9bafe3b08e
48e179e28903c5ab0414c67d355ea0a5f4fe2ba23ad0664ed13ab70bb611bbdc
GET /gtag/js?id=G-LT9YQX0N49&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 02 Oct 2023 05:30:55 GMT
expires: Mon, 02 Oct 2023 05:30:55 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 85955
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
ocsp.pki.goog/gts1c3
471 B IP
Hash 63681d796e8c7139a0357658536f694d
0b645725542db2f9b9edb7f8d49bdca51e75af1d
bcc5b3c03912c52c0ae79cb1349a6cc304a198f8648e5a8be5b57c6c2eaf5541
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 02 Oct 2023 05:30:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
302 Found 0 B URL GET HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP
Requested by https://www.upload.ee/files/15607744/GOMPlayerPlus2.3.90.5360x64.exe.html
Certificate IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
Fingerprint2F:C1:71:0A:05:D9:0F:38:EF:D1:16:F7:50:AF:41:48:6B:F9:BA:B5
ValidityMon, 04 Sep 2023 08:23:30 GMT - Mon, 27 Nov 2023 08:23:29 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:5LOXr8DNd3ml_h4dGOrqYxQC-8dvcg:tzDhx79agbQvbXQC; Expires=Wed, 01-Oct-2025 05:30:55 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 02 Oct 2023 05:30:55 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AYZoVhfXHHoaywK3-qdp6AtDelejWJPlKBClECJOdF1zykxHLLCyBH45q-DVAoFUeXnCi8E21BbmHQ
strict-transport-security: max-age=31536000; includeSubDomains
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-security-policy: require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport, script-src 'nonce-2chNYsoTGrpjWOhrEWyHXw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: unsafe-none
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
302 Found 0 B URL GET HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP
Requested by https://www.upload.ee/files/15607744/GOMPlayerPlus2.3.90.5360x64.exe.html
Certificate IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
Fingerprint2F:C1:71:0A:05:D9:0F:38:EF:D1:16:F7:50:AF:41:48:6B:F9:BA:B5
ValidityMon, 04 Sep 2023 08:23:30 GMT - Mon, 27 Nov 2023 08:23:29 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:4wAAtTiyowxEZjP3EoQjjjy24Bsfxw:Hr3dXKREBfUA34l4; Expires=Wed, 01-Oct-2025 05:30:55 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 02 Oct 2023 05:30:55 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AYZoVhdRYc3kO6Wa0scjxdLPPJlrrE2BUKwJ2WmFdIrGIRYmJGfd204SJSHbep76s4DtY9n7KsusHA
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy: unsafe-none
content-security-policy: script-src 'nonce-AtrnmTaHxAVwcGC_ZRtCaA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.upload.ee/favicon.ico
200 OK 1.2 kB URL GET HTTP/1.1 www.upload.ee/favicon.ico
IP
Requested by https://www.upload.ee/files/15607744/GOMPlayerPlus2.3.90.5360x64.exe.html
Certificate IssuerDigiCert, Inc.
Subjectwww.upload.ee
Fingerprint50:32:93:34:C8:04:2F:84:49:77:0D:C4:DD:CA:79:C9:CB:3E:C0:F4
ValidityThu, 02 Mar 2023 00:00:00 GMT - Mon, 01 Apr 2024 23:59:59 GMT
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash f299cf2e651c19e48d27900ced493ccb
c2d1086d517d7a26292e0d7b32da7c55b166c23b
115c8eb4840245f7aed0cb2a17fa7e91b86f79bb2f223a25af8cc533e1dedff1
GET /favicon.ico HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/files/15607744/GOMPlayerPlus2.3.90.5360x64.exe.html
Cookie: lng=eng
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 02 Oct 2023 05:30:55 GMT
Content-Type: image/x-icon
Content-Length: 1150
Last-Modified: Tue, 16 Dec 2008 17:17:25 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "4947e2a5-47e"
Expires: Mon, 09 Oct 2023 05:30:55 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
472 B IP
Hash f50819995d37b11240c3112af093a622
9efe6e66ebb2648137de977fe968ee03e5391cde
436263022f64f9d7c3dc95ee6c84485a947ea2eda6befb7ce96e5d9f890329b9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 02 Oct 2023 05:30:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ngsinspiringtga.info/utx?cb=o9fcHXMgKzwg&top=www.upload.ee&tid=997369
204 No Content 0 B URL GET HTTP/2 ngsinspiringtga.info/utx?cb=o9fcHXMgKzwg&top=www.upload.ee&tid=997369
IP
Requested by https://www.upload.ee/files/15607744/GOMPlayerPlus2.3.90.5360x64.exe.html
Certificate IssuerAmazon
Subjectngsinspiringtga.info
Fingerprint8F:D1:EA:F4:FC:7C:FD:A1:B1:85:31:87:C9:EB:31:40:B8:07:E8:C3
ValidityThu, 21 Sep 2023 00:00:00 GMT - Sat, 19 Oct 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=o9fcHXMgKzwg&top=www.upload.ee&tid=997369 HTTP/1.1
Host: ngsinspiringtga.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.upload.ee
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
date: Mon, 02 Oct 2023 05:30:55 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://www.upload.ee
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Mon, 02 Oct 2023 05:31:55 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 59202edf772149f3e7805f2a4994d252.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: wzz0fcotJ8x3AXUt_gAE7Ilp8qpV-HK0lu_nNF9BRr-FYlBWD0meNw==
X-Firefox-Spdy: h2
ngsinspiringtga.info/utx?cb=UD4N8HE5dSOh&top=www.upload.ee&tid=997414
204 No Content 0 B URL GET HTTP/2 ngsinspiringtga.info/utx?cb=UD4N8HE5dSOh&top=www.upload.ee&tid=997414
IP
Requested by https://www.upload.ee/files/15607744/GOMPlayerPlus2.3.90.5360x64.exe.html
Certificate IssuerAmazon
Subjectngsinspiringtga.info
Fingerprint8F:D1:EA:F4:FC:7C:FD:A1:B1:85:31:87:C9:EB:31:40:B8:07:E8:C3
ValidityThu, 21 Sep 2023 00:00:00 GMT - Sat, 19 Oct 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=UD4N8HE5dSOh&top=www.upload.ee&tid=997414 HTTP/1.1
Host: ngsinspiringtga.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.upload.ee
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
date: Mon, 02 Oct 2023 05:30:55 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://www.upload.ee
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Mon, 02 Oct 2023 05:31:55 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 59202edf772149f3e7805f2a4994d252.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: M7M5S50i7yjsV4u-qEVXYh45NxQHLwkZbGLjANCxtB_SBmIyOMNQGg==
X-Firefox-Spdy: h2
du0pud0sdlmzf.cloudfront.net/1TmRnWG8tCwk+UDoNA2VWd1NTaFdoDhQ3AT5ZPxwhB1w0YQ0CFSNvHRhSQSwVKllXfgMvCgBlSSsKBGVeaAUDOlJ6QhI5UiMLHTEDIgVCail7Sld9XX5MH2lea1clfV1+CA42GjZBVWgXdlI4bltrVyV9XX4WEX1cD1VXYUF+TUJqXykBBDMAa1Yhal9/VF-dpX39BVWgJJxYCPgA2QVUeXn9VSWhJO1lW
195 B URL du0pud0sdlmzf.cloudfront.net/1TmRnWG8tCwk+UDoNA2VWd1NTaFdoDhQ3AT5ZPxwhB1w0YQ0CFSNvHRhSQSwVKllXfgMvCgBlSSsKBGVeaAUDOlJ6QhI5UiMLHTEDIgVCail7Sld9XX5MH2lea1clfV1+CA42GjZBVWgXdlI4bltrVyV9XX4WEX1cD1VXYUF+TUJqXykBBDMAa1Yhal9/VF-dpX39BVWgJJxYCPgA2QVUeXn9VSWhJO1lW
IP
Certificate IssuerAmazon
Subject*.cloudfront.net
FingerprintBA:0F:CD:B3:EA:19:B2:9D:99:9B:51:2D:16:33:6B:D0:3F:31:A2:AB
ValidityThu, 08 Dec 2022 00:00:00 GMT - Thu, 07 Dec 2023 23:59:59 GMT
File type ASCII text, with no line terminators
Hash 42039e76bb557684b74bb26522d24099
82081092743b2723b7fff5f732e6a46f80845bf1
00dbda84666d0ad131e67f75afa5230013c754ffa399d32417aeba5154785c4a
GET /1TmRnWG8tCwk+UDoNA2VWd1NTaFdoDhQ3AT5ZPxwhB1w0YQ0CFSNvHRhSQSwVKllXfgMvCgBlSSsKBGVeaAUDOlJ6QhI5UiMLHTEDIgVCail7Sld9XX5MH2lea1clfV1+CA42GjZBVWgXdlI4bltrVyV9XX4WEX1cD1VXYUF+TUJqXykBBDMAa1Yhal9/VF-dpX39BVWgJJxYCPgA2QVUeXn9VSWhJO1lW HTTP/1.1
Host: du0pud0sdlmzf.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ngsinspiringtga.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 195
date: Mon, 02 Oct 2023 05:30:55 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 dbfaae0db03f11cf713bbcbdb25be4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: EZ25bEyG1Tfjijyg5wiTV34akX9m7ZdoAirL83seKz3_yLDibFlh4w==
X-Firefox-Spdy: h2
du0pud0sdlmzf.cloudfront.net/LaTR4Y28KWxYFUB1dHF5WUANMUltPXgsMARkJPy8YXnwRLVsRfUpFGxNQRVNJBVUWBFJPURYAUlgSGQcNVABeFx8GX0UAAx9QGhkHBkQaRRoICRUMFQBYFAJKW3JNTV9MBkhLF1gFXVAtTAZIDwYHQQBGXVlMQFUwXwBdUC1MBkgRGUwHOVJfUBpISkpbBB-8GDAJbXVEpWwRJU19YBElGXVlSEREKD1sARl0vBUlSQVkSDV5e
575 B URL du0pud0sdlmzf.cloudfront.net/LaTR4Y28KWxYFUB1dHF5WUANMUltPXgsMARkJPy8YXnwRLVsRfUpFGxNQRVNJBVUWBFJPURYAUlgSGQcNVABeFx8GX0UAAx9QGhkHBkQaRRoICRUMFQBYFAJKW3JNTV9MBkhLF1gFXVAtTAZIDwYHQQBGXVlMQFUwXwBdUC1MBkgRGUwHOVJfUBpISkpbBB-8GDAJbXVEpWwRJU19YBElGXVlSEREKD1sARl0vBUlSQVkSDV5e
IP
Certificate IssuerAmazon
Subject*.cloudfront.net
FingerprintBA:0F:CD:B3:EA:19:B2:9D:99:9B:51:2D:16:33:6B:D0:3F:31:A2:AB
ValidityThu, 08 Dec 2022 00:00:00 GMT - Thu, 07 Dec 2023 23:59:59 GMT
File type ASCII text, with very long lines (795), with no line terminators
Hash 21b1104b0f5b937654c041d303270c9b
fe1aeb0841cc2d2906b4f55789e63a04cdd420a5
99702e70f1f84f5b47e5e4ec3b1a6368f8f7c7631be7bdcd1c4cfa6cde9315a6
GET /LaTR4Y28KWxYFUB1dHF5WUANMUltPXgsMARkJPy8YXnwRLVsRfUpFGxNQRVNJBVUWBFJPURYAUlgSGQcNVABeFx8GX0UAAx9QGhkHBkQaRRoICRUMFQBYFAJKW3JNTV9MBkhLF1gFXVAtTAZIDwYHQQBGXVlMQFUwXwBdUC1MBkgRGUwHOVJfUBpISkpbBB-8GDAJbXVEpWwRJU19YBElGXVlSEREKD1sARl0vBUlSQVkSDV5e HTTP/1.1
Host: du0pud0sdlmzf.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ngsinspiringtga.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 575
date: Mon, 02 Oct 2023 05:30:55 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 dbfaae0db03f11cf713bbcbdb25be4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: CTES0jjaQpcBl7gNwVrSL5zkQOiJBuvma_iZcT90GdyRCCdHULfbxQ==
X-Firefox-Spdy: h2
du0pud0sdlmzf.cloudfront.net/HQlpCZEkhNSwCdjYzJllwe21xUnBkMDELJzJnNQI9MRk0KRwoCQxUbzYgJll5ZDYjCi5/fCcKKn9rZAUtIGd2Qj0yNSlZKi4sJgYzKjUyBm83O38JJjgzLggoZ2gEUWdyf3BUYTprc0F6AH9wVCUrNDccbHBqOlx/HWx2QXoAf3BUOzR/cSV4cmNsVGBnaH-IDLCExLUF7BGhyVXlya3JVbHBqJA07JzwtHGxwHHNVeGxqZBF0cw
610 B URL du0pud0sdlmzf.cloudfront.net/HQlpCZEkhNSwCdjYzJllwe21xUnBkMDELJzJnNQI9MRk0KRwoCQxUbzYgJll5ZDYjCi5/fCcKKn9rZAUtIGd2Qj0yNSlZKi4sJgYzKjUyBm83O38JJjgzLggoZ2gEUWdyf3BUYTprc0F6AH9wVCUrNDccbHBqOlx/HWx2QXoAf3BUOzR/cSV4cmNsVGBnaH-IDLCExLUF7BGhyVXlya3JVbHBqJA07JzwtHGxwHHNVeGxqZBF0cw
IP
Certificate IssuerAmazon
Subject*.cloudfront.net
FingerprintBA:0F:CD:B3:EA:19:B2:9D:99:9B:51:2D:16:33:6B:D0:3F:31:A2:AB
ValidityThu, 08 Dec 2022 00:00:00 GMT - Thu, 07 Dec 2023 23:59:59 GMT
File type ASCII text, with very long lines (864), with no line terminators
Hash d7ff52f887727c03a99a9fcb504e556c
6863917ccbb7368a076ff34cca7a31040017e3a9
2d785037a53d01ac2d722419922a043b173ec955923f90ce7452484dd89db721
GET /HQlpCZEkhNSwCdjYzJllwe21xUnBkMDELJzJnNQI9MRk0KRwoCQxUbzYgJll5ZDYjCi5/fCcKKn9rZAUtIGd2Qj0yNSlZKi4sJgYzKjUyBm83O38JJjgzLggoZ2gEUWdyf3BUYTprc0F6AH9wVCUrNDccbHBqOlx/HWx2QXoAf3BUOzR/cSV4cmNsVGBnaH-IDLCExLUF7BGhyVXlya3JVbHBqJA07JzwtHGxwHHNVeGxqZBF0cw HTTP/1.1
Host: du0pud0sdlmzf.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ngsinspiringtga.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 610
date: Mon, 02 Oct 2023 05:30:55 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 dbfaae0db03f11cf713bbcbdb25be4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: EVCE0qBVe8GuM2twTuemMFS2KMedjacZ-5ovgT8dLo--ROD6__G4Ug==
X-Firefox-Spdy: h2
accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AYZoVhfXHHoaywK3-qdp6AtDelejWJPlKBClECJOdF1zykxHLLCyBH45q-DVAoFUeXnCi8E21BbmHQ
302 Found 401 B URL GET HTTP/3 accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AYZoVhfXHHoaywK3-qdp6AtDelejWJPlKBClECJOdF1zykxHLLCyBH45q-DVAoFUeXnCi8E21BbmHQ
IP
Requested by https://www.upload.ee/files/15607744/GOMPlayerPlus2.3.90.5360x64.exe.html
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
FingerprintBB:B9:27:FB:7D:F3:A7:1A:57:CC:23:F8:42:E9:10:BE:59:7E:1F:D4
ValidityMon, 04 Sep 2023 08:17:06 GMT - Mon, 27 Nov 2023 08:17:05 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (396)
Hash b1d3a97ad8febedf0b87ceb51fe0d140
d82bc0d56419e55e852978044ef75773dd1cbfe0
03a498467eb82a384bf868ac2c7edddd263299faaf4907ed03ed975c3e3b02f6
GET /InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AYZoVhfXHHoaywK3-qdp6AtDelejWJPlKBClECJOdF1zykxHLLCyBH45q-DVAoFUeXnCi8E21BbmHQ HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:0__jAoTAdWv5h9Mcp0fPSlohwU2lLQ:TAgOOMW4C_Ik2Vdf;Path=/;Expires=Wed, 01-Oct-2025 05:30:56 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 02 Oct 2023 05:30:56 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AYZoVhcMmv2WCsCPbN8PVRt4twVhzmxutAAU8pyzoDH7pSXz9Xs5LsBjTimeYi2hD9xvT-pTYD-X&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S336363424%3A1696224656183068&theme=glif
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-hKSzz_j3I3CdzFVPyW-xtQ' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 401
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AYZoVhdRYc3kO6Wa0scjxdLPPJlrrE2BUKwJ2WmFdIrGIRYmJGfd204SJSHbep76s4DtY9n7KsusHA
302 Found 402 B URL GET HTTP/3 accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AYZoVhdRYc3kO6Wa0scjxdLPPJlrrE2BUKwJ2WmFdIrGIRYmJGfd204SJSHbep76s4DtY9n7KsusHA
IP
Requested by https://www.upload.ee/files/15607744/GOMPlayerPlus2.3.90.5360x64.exe.html
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
FingerprintBB:B9:27:FB:7D:F3:A7:1A:57:CC:23:F8:42:E9:10:BE:59:7E:1F:D4
ValidityMon, 04 Sep 2023 08:17:06 GMT - Mon, 27 Nov 2023 08:17:05 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (393)
Hash 42231f4328ea3073df1813cff8259450
1e195c3f182fbf3e828c648f32da3bd362d5d768
b3f0be50306264aff2d481a86c75d33f551561acfe7350dabc34155ac6863647
GET /InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AYZoVhdRYc3kO6Wa0scjxdLPPJlrrE2BUKwJ2WmFdIrGIRYmJGfd204SJSHbep76s4DtY9n7KsusHA HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:xWjlwfo12EZAR81R4yrDr5us7UlGWw:Kfbk_6xuFw2oTsc-;Path=/;Expires=Wed, 01-Oct-2025 05:30:56 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 02 Oct 2023 05:30:56 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AYZoVhfmFu7GvUOpAkKKmlqkIZN11QvVTntQ4jrDQJuI5apDhc-OvSTMpYCusu9DRLWVBHfvknrc&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-166899449%3A1696224656230620&theme=glif
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-OGt35UBRHA0ivnoKAAsstg' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 402
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AYZoVhfmFu7GvUOpAkKKmlqkIZN11QvVTntQ4jrDQJuI5apDhc-OvSTMpYCusu9DRLWVBHfvknrc&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-166899449%3A1696224656230620&theme=glif
403 Forbidden 2.7 kB URL GET HTTP/3 accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AYZoVhfmFu7GvUOpAkKKmlqkIZN11QvVTntQ4jrDQJuI5apDhc-OvSTMpYCusu9DRLWVBHfvknrc&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-166899449%3A1696224656230620&theme=glif
IP
Requested by https://www.upload.ee/files/15607744/GOMPlayerPlus2.3.90.5360x64.exe.html
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
FingerprintBB:B9:27:FB:7D:F3:A7:1A:57:CC:23:F8:42:E9:10:BE:59:7E:1F:D4
ValidityMon, 04 Sep 2023 08:17:06 GMT - Mon, 27 Nov 2023 08:17:05 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (1656)
Hash e7929b657e864055e23b688131b9d766
c8a156f7c7a83290e8ef21d4c17cf03579e1787d
ba9a26d343a4a2e68d2b557df299109a8f2ee3c44067175dfcfc35ae20b838d4
GET /v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AYZoVhfmFu7GvUOpAkKKmlqkIZN11QvVTntQ4jrDQJuI5apDhc-OvSTMpYCusu9DRLWVBHfvknrc&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-166899449%3A1696224656230620&theme=glif HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 02 Oct 2023 05:30:56 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-GKK5VIkRkAeTBJLAPvBLuA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
static.bepolite.eu/scripts/saresponsive.js
200 OK 177 kB URL GET HTTP/2 static.bepolite.eu/scripts/saresponsive.js
IP
ASN #3327 CITIC Telecom CPC Netherlands B.V.
Requested by https://www.upload.ee/files/15607744/GOMPlayerPlus2.3.90.5360x64.exe.html
Certificate IssuerLet's Encrypt
Subjectstatic.bepolite.eu
FingerprintB7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD
ValidityMon, 04 Sep 2023 21:06:47 GMT - Sun, 03 Dec 2023 21:06:46 GMT
File type ASCII text, with very long lines (32077), with CRLF line terminators
Size 177 kB (176967 bytes)
Hash 636b4ad7f97aa55c2242b396fe3e9f44
b4d6aae9e6f3de7fb4478f9ee5e12a8141bb02ba
54f7e44d9e8b65978b3753e157c4a3c9c338645fcc31429f6c49aca5e4bd1c62
GET /scripts/saresponsive.js HTTP/1.1
Host: static.bepolite.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
accept-ranges: bytes
etag: "3552162744"
last-modified: Sun, 17 Sep 2023 21:45:34 GMT
content-length: 176967
date: Mon, 02 Oct 2023 05:30:56 GMT
cache-control: must-revalidate, private
expires: -1
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 216671510
age: 0
X-Firefox-Spdy: h2
static.bepolite.eu/banners/9da78a06-047c-4fa3-9b48-491fb78f1825/RAV4_Petrol_SmartAd_1000x200px_est.gif
200 OK 160 kB URL GET HTTP/2 static.bepolite.eu/banners/9da78a06-047c-4fa3-9b48-491fb78f1825/RAV4_Petrol_SmartAd_1000x200px_est.gif
IP
ASN #3327 CITIC Telecom CPC Netherlands B.V.
Requested by https://www.upload.ee/files/15607744/GOMPlayerPlus2.3.90.5360x64.exe.html
Certificate IssuerLet's Encrypt
Subjectstatic.bepolite.eu
FingerprintB7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD
ValidityMon, 04 Sep 2023 21:06:47 GMT - Sun, 03 Dec 2023 21:06:46 GMT
File type GIF image data, version 89a, 1000 x 200\012- data
Size 160 kB (160523 bytes)
Hash 66e413884badc0fdb977d75155d199d0
55bcd0cd345dac70f6e7436f9fc9107380960940
e7e46f778373dcdfdf4af04d8d5c6758670a81e690f620e0249f66a851b523a1
GET /banners/9da78a06-047c-4fa3-9b48-491fb78f1825/RAV4_Petrol_SmartAd_1000x200px_est.gif HTTP/1.1
Host: static.bepolite.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/gif
accept-ranges: bytes
etag: "2896093749"
last-modified: Fri, 22 Sep 2023 08:31:14 GMT
content-length: 160523
date: Mon, 02 Oct 2023 05:30:55 GMT
cache-control: must-revalidate, private
expires: -1
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 626176658
age: 0
X-Firefox-Spdy: h2
static.bepolite.eu/banners/4e258263-3d05-4d24-b521-4791e889063f/AllMediaDigital_ee_1000x300.jpg
200 OK 99 kB URL GET HTTP/2 static.bepolite.eu/banners/4e258263-3d05-4d24-b521-4791e889063f/AllMediaDigital_ee_1000x300.jpg
IP
ASN #3327 CITIC Telecom CPC Netherlands B.V.
Requested by https://www.upload.ee/files/15607744/GOMPlayerPlus2.3.90.5360x64.exe.html
Certificate IssuerLet's Encrypt
Subjectstatic.bepolite.eu
FingerprintB7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD
ValidityMon, 04 Sep 2023 21:06:47 GMT - Sun, 03 Dec 2023 21:06:46 GMT
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 1000x300, components 3\012- data
Hash 9c63de4c3b8d6926ff569914e4880a93
fdea43faeada25faa5838b0b83de817a18659e64
fa200433e61842e41b8124306b441bfd067cb9111d625c969fc8ea715ecc11fc
GET /banners/4e258263-3d05-4d24-b521-4791e889063f/AllMediaDigital_ee_1000x300.jpg HTTP/1.1
Host: static.bepolite.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
accept-ranges: bytes
etag: "2401284093"
last-modified: Sun, 01 Oct 2023 15:11:22 GMT
content-length: 99312
date: Mon, 02 Oct 2023 05:30:56 GMT
cache-control: must-revalidate, private
expires: -1
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 216671519
age: 0
X-Firefox-Spdy: h2
static.bepolite.eu/files/close-gray.png
200 OK 1.5 kB URL GET HTTP/2 static.bepolite.eu/files/close-gray.png
IP
ASN #3327 CITIC Telecom CPC Netherlands B.V.
Requested by https://www.upload.ee/files/15607744/GOMPlayerPlus2.3.90.5360x64.exe.html
Certificate IssuerLet's Encrypt
Subjectstatic.bepolite.eu
FingerprintB7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD
ValidityMon, 04 Sep 2023 21:06:47 GMT - Sun, 03 Dec 2023 21:06:46 GMT
File type PNG image data, 35 x 35, 8-bit/color RGBA, non-interlaced\012- data
Hash 41d9676ab94bece3f7a549b4769ddbe2
521f14490fc57fea51e2e5bf00e2299dce51561b
c2f89787bda82263fceb9ec11d398fa83a5f22abf248956df29bdee2987d2f34
GET /files/close-gray.png HTTP/1.1
Host: static.bepolite.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/png
accept-ranges: bytes
etag: "732411054"
last-modified: Fri, 08 Apr 2022 18:07:56 GMT
content-length: 1497
date: Mon, 02 Oct 2023 05:30:55 GMT
cache-control: must-revalidate, private
expires: -1
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 622086291
age: 0
X-Firefox-Spdy: h2
serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF6cbHB-h9KUqwXsdNwS41H4QIX6jC2eiTTbh1uIQWCFVOeieJlSW-66ajki4xBpXdA3JhI1rZetSRMPn9hvkuS42wamW2zEQqqvtqPO-P6C-xO7F0Vom_ppfbxxnzmhoEdI9wbNT6E9mdrDJqV9X_xzzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-0zHvzx_0_O1Ha-mls1g0Tt7Pxz0M4_4F-RXfunQOEWs8gEY5QBORuBnGHB8ZPB2iba5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g
200 OK 0 B URL GET HTTP/2 serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF6cbHB-h9KUqwXsdNwS41H4QIX6jC2eiTTbh1uIQWCFVOeieJlSW-66ajki4xBpXdA3JhI1rZetSRMPn9hvkuS42wamW2zEQqqvtqPO-P6C-xO7F0Vom_ppfbxxnzmhoEdI9wbNT6E9mdrDJqV9X_xzzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-0zHvzx_0_O1Ha-mls1g0Tt7Pxz0M4_4F-RXfunQOEWs8gEY5QBORuBnGHB8ZPB2iba5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g
IP
ASN #3327 CITIC Telecom CPC Netherlands B.V.
Requested by https://www.upload.ee/files/15607744/GOMPlayerPlus2.3.90.5360x64.exe.html
Certificate IssuerLet's Encrypt
Subjectstatic.bepolite.eu
FingerprintB7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD
ValidityMon, 04 Sep 2023 21:06:47 GMT - Sun, 03 Dec 2023 21:06:46 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /event?key=FYFWuDany3hwv6rfuoAYF6cbHB-h9KUqwXsdNwS41H4QIX6jC2eiTTbh1uIQWCFVOeieJlSW-66ajki4xBpXdA3JhI1rZetSRMPn9hvkuS42wamW2zEQqqvtqPO-P6C-xO7F0Vom_ppfbxxnzmhoEdI9wbNT6E9mdrDJqV9X_xzzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-0zHvzx_0_O1Ha-mls1g0Tt7Pxz0M4_4F-RXfunQOEWs8gEY5QBORuBnGHB8ZPB2iba5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g HTTP/1.1
Host: serving.bepolite.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Cookie: bepolite_id=97ce5a2953e8561d4b39fbc44fa50c9c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 0
date: Mon, 02 Oct 2023 05:30:56 GMT
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 609777209
age: 0
accept-ranges: bytes
X-Firefox-Spdy: h2
serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF6cbHB-h9KUqwXsdNwS41H4QIX6jC2eiTTbh1uIQWCFVOeieJlSW-66ajki4xBpXdA3JhI1rZetSRMPn9hvkuS42wamW2zEQqqvtqPO-P6C-xO7F0Vom_ppfbxxnzmhoEdI9wbNT6E9mdrDJqV9X_xzzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-2bs80kQsbQDgg_17KyApydTu5CjBi8g4P6UGuOi6pLIHvoQHlRcK2etcUt3PrG5HDa5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g
200 OK 0 B URL GET HTTP/2 serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF6cbHB-h9KUqwXsdNwS41H4QIX6jC2eiTTbh1uIQWCFVOeieJlSW-66ajki4xBpXdA3JhI1rZetSRMPn9hvkuS42wamW2zEQqqvtqPO-P6C-xO7F0Vom_ppfbxxnzmhoEdI9wbNT6E9mdrDJqV9X_xzzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-2bs80kQsbQDgg_17KyApydTu5CjBi8g4P6UGuOi6pLIHvoQHlRcK2etcUt3PrG5HDa5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g
IP
ASN #3327 CITIC Telecom CPC Netherlands B.V.
Requested by https://www.upload.ee/files/15607744/GOMPlayerPlus2.3.90.5360x64.exe.html
Certificate IssuerLet's Encrypt
Subjectstatic.bepolite.eu
FingerprintB7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD
ValidityMon, 04 Sep 2023 21:06:47 GMT - Sun, 03 Dec 2023 21:06:46 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /event?key=FYFWuDany3hwv6rfuoAYF6cbHB-h9KUqwXsdNwS41H4QIX6jC2eiTTbh1uIQWCFVOeieJlSW-66ajki4xBpXdA3JhI1rZetSRMPn9hvkuS42wamW2zEQqqvtqPO-P6C-xO7F0Vom_ppfbxxnzmhoEdI9wbNT6E9mdrDJqV9X_xzzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-2bs80kQsbQDgg_17KyApydTu5CjBi8g4P6UGuOi6pLIHvoQHlRcK2etcUt3PrG5HDa5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g HTTP/1.1
Host: serving.bepolite.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Cookie: bepolite_id=97ce5a2953e8561d4b39fbc44fa50c9c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 0
date: Mon, 02 Oct 2023 05:30:55 GMT
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 523238748
age: 0
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.r2m02.amazontrust.com/
471 B URL ocsp.r2m02.amazontrust.com/
IP
Hash 0e6b7e3076a841fca12810f34d1013f8
159bed1bf2e4278d2818b990507b851d340d9e32
507b1cbde6cd8c574f8e91a10c24e4fc191b4160bc177e1380bc1c6615b840a3
POST / HTTP/1.1
Host: ocsp.r2m02.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Mon, 02 Oct 2023 05:30:57 GMT
Last-Modified: Mon, 02 Oct 2023 04:21:24 GMT
Server: ECAcc (ska/F6D2)
X-Cache: Miss from cloudfront
Via: 1.1 aa34a836095df9de9d246a53dd63f1d6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 918xv0SY_tZ41E8uUUeZlXzLSoCtIoF5Uh0JmcZ2Rk6N8UYFxNqcoA==
Age: 4173
banner.hookusbookus.com/config/config.js?v=1
200 OK 75 B URL GET HTTP/2 banner.hookusbookus.com/config/config.js?v=1
IP
Requested by https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF6cbHB-h9KUqwXsdNwS41H4QIX6jC2eiTTbh1uIQWCFVOeieJlSW-66ajki4xBpXdA3JhI1rZetSRMPn9hvkuS42wamW2zEQqqvtqPO-P6C-xO7F0Vom_ppfbxxnzmhoEdI9wbNT6E9mdrDJqV9X_xzzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF6cbHB-h9KUqwXsdNwS41H4QIX6jC2eiTTbh1uIQWCFVOeieJlSW-66ajki4xBpXdA3JhI1rZetSRMPn9hvkuS42wamW2zEQqqvtqPO-P6C-xO7F0Vom_ppfbxxnzmhoEdI9wbNT6E9mdrDJqV9X_xzzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=129c0d359bec46149fd9f0dec164740650dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerAmazon
Subject*.hookusbookus.com
FingerprintCD:CD:3C:03:66:21:F8:A9:21:BC:F8:C8:3C:DC:88:0A:C5:19:F1:7A
ValiditySun, 07 May 2023 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT
Hash ee16e21326dec006274a554647c4d759
8e4389c35e12ea6d1e4d7214c174fda343047865
5ccb649c18765165e7128191ea14ab53d8de87d6ad7eea29328b681d455d7a4f
GET /config/config.js?v=1 HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF6cbHB-h9KUqwXsdNwS41H4QIX6jC2eiTTbh1uIQWCFVOeieJlSW-66ajki4xBpXdA3JhI1rZetSRMPn9hvkuS42wamW2zEQqqvtqPO-P6C-xO7F0Vom_ppfbxxnzmhoEdI9wbNT6E9mdrDJqV9X_xzzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF6cbHB-h9KUqwXsdNwS41H4QIX6jC2eiTTbh1uIQWCFVOeieJlSW-66ajki4xBpXdA3JhI1rZetSRMPn9hvkuS42wamW2zEQqqvtqPO-P6C-xO7F0Vom_ppfbxxnzmhoEdI9wbNT6E9mdrDJqV9X_xzzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=129c0d359bec46149fd9f0dec164740650dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Mon, 02 Oct 2023 05:30:57 GMT
content-type: application/javascript
content-length: 75
server: nginx/1.15.12
last-modified: Tue, 24 Jan 2023 14:19:47 GMT
etag: "63cfe903-4b"
accept-ranges: bytes
X-Firefox-Spdy: h2
banner.hookusbookus.com/assets/image/prices-bg-3.png
200 OK 2.4 kB URL GET HTTP/2 banner.hookusbookus.com/assets/image/prices-bg-3.png
IP
Requested by https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF6cbHB-h9KUqwXsdNwS41H4QIX6jC2eiTTbh1uIQWCFVOeieJlSW-66ajki4xBpXdA3JhI1rZetSRMPn9hvkuS42wamW2zEQqqvtqPO-P6C-xO7F0Vom_ppfbxxnzmhoEdI9wbNT6E9mdrDJqV9X_xzzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF6cbHB-h9KUqwXsdNwS41H4QIX6jC2eiTTbh1uIQWCFVOeieJlSW-66ajki4xBpXdA3JhI1rZetSRMPn9hvkuS42wamW2zEQqqvtqPO-P6C-xO7F0Vom_ppfbxxnzmhoEdI9wbNT6E9mdrDJqV9X_xzzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=129c0d359bec46149fd9f0dec164740650dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerAmazon
Subject*.hookusbookus.com
FingerprintCD:CD:3C:03:66:21:F8:A9:21:BC:F8:C8:3C:DC:88:0A:C5:19:F1:7A
ValiditySun, 07 May 2023 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT
File type PNG image data, 250 x 118, 8-bit/color RGBA, non-interlaced\012- data
Hash ef56eff9c1246b25c0088c156116ae05
21f5a8245443365c960a196d005277a3c5ef4709
be624625b85909d1b549672c0a13b167751f842e035c3156f1d5e4a1b677ce54
GET /assets/image/prices-bg-3.png HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/assets/css/index_1000x200.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Mon, 02 Oct 2023 05:30:58 GMT
content-type: image/png
content-length: 2442
server: nginx/1.15.12
last-modified: Thu, 22 Apr 2021 07:20:15 GMT
etag: "608123af-98a"
accept-ranges: bytes
X-Firefox-Spdy: h2
dskwugy0u6y9l.cloudfront.net/hotelliveeb/images/general/1/dE2jZPuV1lytlmYXZ9E8.jpg
421 Misdirected Request 73 kB URL GET HTTP/2 dskwugy0u6y9l.cloudfront.net/hotelliveeb/images/general/1/dE2jZPuV1lytlmYXZ9E8.jpg
IP
Requested by https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF6cbHB-h9KUqwXsdNwS41H4QIX6jC2eiTTbh1uIQWCFVOeieJlSW-66ajki4xBpXdA3JhI1rZetSRMPn9hvkuS42wamW2zEQqqvtqPO-P6C-xO7F0Vom_ppfbxxnzmhoEdI9wbNT6E9mdrDJqV9X_xzzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF6cbHB-h9KUqwXsdNwS41H4QIX6jC2eiTTbh1uIQWCFVOeieJlSW-66ajki4xBpXdA3JhI1rZetSRMPn9hvkuS42wamW2zEQqqvtqPO-P6C-xO7F0Vom_ppfbxxnzmhoEdI9wbNT6E9mdrDJqV9X_xzzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=129c0d359bec46149fd9f0dec164740650dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerAmazon
Subject*.cloudfront.net
FingerprintBA:0F:CD:B3:EA:19:B2:9D:99:9B:51:2D:16:33:6B:D0:3F:31:A2:AB
ValidityThu, 08 Dec 2022 00:00:00 GMT - Thu, 07 Dec 2023 23:59:59 GMT
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 346x198, components 3\012- data
Hash e9d39408eeaa7d94d6a115caac899cef
1bb7353b84de09468ced918fe9e041684daac47f
bacf17f3060552925aea285d478ee81c30727b5c12e27a43619cec3a48e487d0
GET /hotelliveeb/images/general/1/dE2jZPuV1lytlmYXZ9E8.jpg HTTP/1.1
Host: dskwugy0u6y9l.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 421 Misdirected Request
server: CloudFront
date: Mon, 02 Oct 2023 05:30:58 GMT
content-type: text/html
content-length: 1003
x-cache: Error from cloudfront
via: 1.1 dbfaae0db03f11cf713bbcbdb25be4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: EupzzRYA8QBEKSxBSqVeRNAN834nuQ9-Kh4MOAyPiPFbp_XiLOGdJg==
X-Firefox-Spdy: h2
banner.hookusbookus.com/assets/css/index_1000x200.css
200 OK 83 kB URL GET HTTP/2 banner.hookusbookus.com/assets/css/index_1000x200.css
IP
Requested by https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF6cbHB-h9KUqwXsdNwS41H4QIX6jC2eiTTbh1uIQWCFVOeieJlSW-66ajki4xBpXdA3JhI1rZetSRMPn9hvkuS42wamW2zEQqqvtqPO-P6C-xO7F0Vom_ppfbxxnzmhoEdI9wbNT6E9mdrDJqV9X_xzzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF6cbHB-h9KUqwXsdNwS41H4QIX6jC2eiTTbh1uIQWCFVOeieJlSW-66ajki4xBpXdA3JhI1rZetSRMPn9hvkuS42wamW2zEQqqvtqPO-P6C-xO7F0Vom_ppfbxxnzmhoEdI9wbNT6E9mdrDJqV9X_xzzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=129c0d359bec46149fd9f0dec164740650dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerAmazon
Subject*.hookusbookus.com
FingerprintCD:CD:3C:03:66:21:F8:A9:21:BC:F8:C8:3C:DC:88:0A:C5:19:F1:7A
ValiditySun, 07 May 2023 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT
File type gzip compressed data, from Unix\012- data
Hash 50fe13b2ee9a0ce6e66ed3c4092e54f2
7c9fd6affc4ccc0ee1bdb1fe2952508775287da2
30ec457f958f66646700b14ca8206ef0e12fb4833b47698165c22c63c85d7785
GET /assets/css/index_1000x200.css HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF6cbHB-h9KUqwXsdNwS41H4QIX6jC2eiTTbh1uIQWCFVOeieJlSW-66ajki4xBpXdA3JhI1rZetSRMPn9hvkuS42wamW2zEQqqvtqPO-P6C-xO7F0Vom_ppfbxxnzmhoEdI9wbNT6E9mdrDJqV9X_xzzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF6cbHB-h9KUqwXsdNwS41H4QIX6jC2eiTTbh1uIQWCFVOeieJlSW-66ajki4xBpXdA3JhI1rZetSRMPn9hvkuS42wamW2zEQqqvtqPO-P6C-xO7F0Vom_ppfbxxnzmhoEdI9wbNT6E9mdrDJqV9X_xzzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=129c0d359bec46149fd9f0dec164740650dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Mon, 02 Oct 2023 05:30:57 GMT
content-type: text/css
server: nginx/1.15.12
last-modified: Fri, 17 Dec 2021 08:13:58 GMT
vary: Accept-Encoding
etag: W/"61bc46c6-1301"
content-encoding: gzip
X-Firefox-Spdy: h2
banner.hookusbookus.com/assets/js/jquery.min.js
200 OK 31 kB URL GET HTTP/2 banner.hookusbookus.com/assets/js/jquery.min.js
IP
Requested by https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF6cbHB-h9KUqwXsdNwS41H4QIX6jC2eiTTbh1uIQWCFVOeieJlSW-66ajki4xBpXdA3JhI1rZetSRMPn9hvkuS42wamW2zEQqqvtqPO-P6C-xO7F0Vom_ppfbxxnzmhoEdI9wbNT6E9mdrDJqV9X_xzzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF6cbHB-h9KUqwXsdNwS41H4QIX6jC2eiTTbh1uIQWCFVOeieJlSW-66ajki4xBpXdA3JhI1rZetSRMPn9hvkuS42wamW2zEQqqvtqPO-P6C-xO7F0Vom_ppfbxxnzmhoEdI9wbNT6E9mdrDJqV9X_xzzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=129c0d359bec46149fd9f0dec164740650dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerAmazon
Subject*.hookusbookus.com
FingerprintCD:CD:3C:03:66:21:F8:A9:21:BC:F8:C8:3C:DC:88:0A:C5:19:F1:7A
ValiditySun, 07 May 2023 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT
File type ASCII text, with very long lines (65451)
Hash dc5e7f18c8d36ac1d3d4753a87c98d0a
c8e1c8b386dc5b7a9184c763c88d19a346eb3342
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
GET /assets/js/jquery.min.js HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF6cbHB-h9KUqwXsdNwS41H4QIX6jC2eiTTbh1uIQWCFVOeieJlSW-66ajki4xBpXdA3JhI1rZetSRMPn9hvkuS42wamW2zEQqqvtqPO-P6C-xO7F0Vom_ppfbxxnzmhoEdI9wbNT6E9mdrDJqV9X_xzzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF6cbHB-h9KUqwXsdNwS41H4QIX6jC2eiTTbh1uIQWCFVOeieJlSW-66ajki4xBpXdA3JhI1rZetSRMPn9hvkuS42wamW2zEQqqvtqPO-P6C-xO7F0Vom_ppfbxxnzmhoEdI9wbNT6E9mdrDJqV9X_xzzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=129c0d359bec46149fd9f0dec164740650dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Mon, 02 Oct 2023 05:30:57 GMT
content-type: application/javascript
server: nginx/1.15.12
last-modified: Thu, 22 Apr 2021 07:20:15 GMT
vary: Accept-Encoding
etag: W/"608123af-15d84"
content-encoding: gzip
X-Firefox-Spdy: h2
serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF6cbHB-h9KUqwXsdNwS41H4QIX6jC2eiTTbh1uIQWCFVOeieJlSW-66ajki4xBpXdA3JhI1rZetSRMPn9hvkuS42wamW2zEQqqvtqPO-P6C-xO7F0Vom_ppfbxxnzmhoEdI9wbNT6E9mdrDJqV9X_xzzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-0zHvzx_0_O1Ha-mls1g0Tt7Pxz0M4_4F-RXfunQOEWs8gEY5QBORuBnGHB8ZPB2iba5hY8OvOxWaQQS9P0iYfnPQFkqynusZJvi-LzBjp4mA
200 OK 0 B URL GET HTTP/2 serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF6cbHB-h9KUqwXsdNwS41H4QIX6jC2eiTTbh1uIQWCFVOeieJlSW-66ajki4xBpXdA3JhI1rZetSRMPn9hvkuS42wamW2zEQqqvtqPO-P6C-xO7F0Vom_ppfbxxnzmhoEdI9wbNT6E9mdrDJqV9X_xzzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-0zHvzx_0_O1Ha-mls1g0Tt7Pxz0M4_4F-RXfunQOEWs8gEY5QBORuBnGHB8ZPB2iba5hY8OvOxWaQQS9P0iYfnPQFkqynusZJvi-LzBjp4mA
IP
ASN #3327 CITIC Telecom CPC Netherlands B.V.
Requested by https://www.upload.ee/files/15607744/GOMPlayerPlus2.3.90.5360x64.exe.html
Certificate IssuerLet's Encrypt
Subjectstatic.bepolite.eu
FingerprintB7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD
ValidityMon, 04 Sep 2023 21:06:47 GMT - Sun, 03 Dec 2023 21:06:46 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /event?key=FYFWuDany3hwv6rfuoAYF6cbHB-h9KUqwXsdNwS41H4QIX6jC2eiTTbh1uIQWCFVOeieJlSW-66ajki4xBpXdA3JhI1rZetSRMPn9hvkuS42wamW2zEQqqvtqPO-P6C-xO7F0Vom_ppfbxxnzmhoEdI9wbNT6E9mdrDJqV9X_xzzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-0zHvzx_0_O1Ha-mls1g0Tt7Pxz0M4_4F-RXfunQOEWs8gEY5QBORuBnGHB8ZPB2iba5hY8OvOxWaQQS9P0iYfnPQFkqynusZJvi-LzBjp4mA HTTP/1.1
Host: serving.bepolite.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Cookie: bepolite_id=97ce5a2953e8561d4b39fbc44fa50c9c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 0
date: Mon, 02 Oct 2023 05:30:56 GMT
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 519790072
age: 0
accept-ranges: bytes
X-Firefox-Spdy: h2
serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF6cbHB-h9KUqwXsdNwS41H4QIX6jC2eiTTbh1uIQWCFVOeieJlSW-66ajki4xBpXdA3JhI1rZetSRMPn9hvkuS42wamW2zEQqqvtqPO-P6C-xO7F0Vom_ppfbxxnzmhoEdI9wbNT6E9mdrDJqV9X_xzzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnPQFkqynusZJvi-LzBjp4mA
200 OK 0 B URL GET HTTP/2 serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF6cbHB-h9KUqwXsdNwS41H4QIX6jC2eiTTbh1uIQWCFVOeieJlSW-66ajki4xBpXdA3JhI1rZetSRMPn9hvkuS42wamW2zEQqqvtqPO-P6C-xO7F0Vom_ppfbxxnzmhoEdI9wbNT6E9mdrDJqV9X_xzzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnPQFkqynusZJvi-LzBjp4mA
IP
ASN #3327 CITIC Telecom CPC Netherlands B.V.
Requested by https://www.upload.ee/files/15607744/GOMPlayerPlus2.3.90.5360x64.exe.html
Certificate IssuerLet's Encrypt
Subjectstatic.bepolite.eu
FingerprintB7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD
ValidityMon, 04 Sep 2023 21:06:47 GMT - Sun, 03 Dec 2023 21:06:46 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /event?key=FYFWuDany3hwv6rfuoAYF6cbHB-h9KUqwXsdNwS41H4QIX6jC2eiTTbh1uIQWCFVOeieJlSW-66ajki4xBpXdA3JhI1rZetSRMPn9hvkuS42wamW2zEQqqvtqPO-P6C-xO7F0Vom_ppfbxxnzmhoEdI9wbNT6E9mdrDJqV9X_xzzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnPQFkqynusZJvi-LzBjp4mA HTTP/1.1
Host: serving.bepolite.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Cookie: bepolite_id=97ce5a2953e8561d4b39fbc44fa50c9c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 0
date: Mon, 02 Oct 2023 05:30:58 GMT
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 624780456
age: 0
accept-ranges: bytes
X-Firefox-Spdy: h2
dskwugy0u6y9l.cloudfront.net/hotelliveeb/images/general/1/nPEAWYJLUSat8p4TwADQ.jpg
200 OK 63 kB URL GET HTTP/2 dskwugy0u6y9l.cloudfront.net/hotelliveeb/images/general/1/nPEAWYJLUSat8p4TwADQ.jpg
IP
Requested by https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF6cbHB-h9KUqwXsdNwS41H4QIX6jC2eiTTbh1uIQWCFVOeieJlSW-66ajki4xBpXdA3JhI1rZetSRMPn9hvkuS42wamW2zEQqqvtqPO-P6C-xO7F0Vom_ppfbxxnzmhoEdI9wbNT6E9mdrDJqV9X_xzzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF6cbHB-h9KUqwXsdNwS41H4QIX6jC2eiTTbh1uIQWCFVOeieJlSW-66ajki4xBpXdA3JhI1rZetSRMPn9hvkuS42wamW2zEQqqvtqPO-P6C-xO7F0Vom_ppfbxxnzmhoEdI9wbNT6E9mdrDJqV9X_xzzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=129c0d359bec46149fd9f0dec164740650dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerAmazon
Subject*.cloudfront.net
FingerprintBA:0F:CD:B3:EA:19:B2:9D:99:9B:51:2D:16:33:6B:D0:3F:31:A2:AB
ValidityThu, 08 Dec 2022 00:00:00 GMT - Thu, 07 Dec 2023 23:59:59 GMT
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 346x198, components 3\012- data
Hash 9d39df13669f4b0a37f1ec935fcf07c1
bee556a5a2eb792bc07095365d7ce55e0f20c488
c4ae0112f49b2e7eec621163661ab594d1deab9e18f27dfe9c37f212d5292ebd
GET /hotelliveeb/images/general/1/nPEAWYJLUSat8p4TwADQ.jpg HTTP/1.1
Host: dskwugy0u6y9l.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/jpeg
content-length: 62663
date: Sun, 01 Oct 2023 09:20:52 GMT
last-modified: Mon, 20 Dec 2021 05:01:37 GMT
etag: "9d39df13669f4b0a37f1ec935fcf07c1"
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 aac54e3fe9825ce24d51e0204433c2c0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Ijy7FTaY_HrK5KqxZW9FDoW2nkW8kWZjIBx7udSwfff-sXOUGa8wjw==
age: 72613
X-Firefox-Spdy: h2
dskwugy0u6y9l.cloudfront.net/hotelliveeb/images/general/1/cG1bEB3nZo9dBelViWmV.jpg
66 kB URL dskwugy0u6y9l.cloudfront.net/hotelliveeb/images/general/1/cG1bEB3nZo9dBelViWmV.jpg
IP
Certificate IssuerAmazon
Subject*.cloudfront.net
FingerprintBA:0F:CD:B3:EA:19:B2:9D:99:9B:51:2D:16:33:6B:D0:3F:31:A2:AB
ValidityThu, 08 Dec 2022 00:00:00 GMT - Thu, 07 Dec 2023 23:59:59 GMT
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 346x198, components 3\012- data
Hash 7cec3a9fd00d4d6ec1b1aa7adbf4c31d
554920ade5bff12c44b7c631977e7b9938e75b9d
3ec3f0e6b1d9f68d5f17ccf3b318ed1f719aefc6e9faffba763e789fe30ac0ae
GET /hotelliveeb/images/general/1/cG1bEB3nZo9dBelViWmV.jpg HTTP/1.1
Host: dskwugy0u6y9l.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
content-length: 65788
date: Mon, 02 Oct 2023 04:25:44 GMT
last-modified: Mon, 20 Dec 2021 05:01:49 GMT
etag: "7cec3a9fd00d4d6ec1b1aa7adbf4c31d"
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 aac54e3fe9825ce24d51e0204433c2c0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 3Id10y41jUMrCbiIIdedRbHNJ5O8PaqU_nbH7Epvcf0cuDyKHloEuw==
age: 3927
X-Firefox-Spdy: h2
banner.hookusbookus.com/assets/image/svg/hb-logo.svg
200 OK 15 kB URL GET HTTP/2 banner.hookusbookus.com/assets/image/svg/hb-logo.svg
IP
Requested by https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF6cbHB-h9KUqwXsdNwS41H4QIX6jC2eiTTbh1uIQWCFVOeieJlSW-66ajki4xBpXdA3JhI1rZetSRMPn9hvkuS42wamW2zEQqqvtqPO-P6C-xO7F0Vom_ppfbxxnzmhoEdI9wbNT6E9mdrDJqV9X_xzzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF6cbHB-h9KUqwXsdNwS41H4QIX6jC2eiTTbh1uIQWCFVOeieJlSW-66ajki4xBpXdA3JhI1rZetSRMPn9hvkuS42wamW2zEQqqvtqPO-P6C-xO7F0Vom_ppfbxxnzmhoEdI9wbNT6E9mdrDJqV9X_xzzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=129c0d359bec46149fd9f0dec164740650dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerAmazon
Subject*.hookusbookus.com
FingerprintCD:CD:3C:03:66:21:F8:A9:21:BC:F8:C8:3C:DC:88:0A:C5:19:F1:7A
ValiditySun, 07 May 2023 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (15333), with no line terminators
Hash bf6baf947f924bf8d67e947a025def06
9ac9fccb0351b41c1545714153ed5fa2c4bfef3a
64efdaebd020c39ec366f473c831cb51e8cd5d5b1afde13a9695d1f2dae4e60e
GET /assets/image/svg/hb-logo.svg HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/assets/css/index_1000x200.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 02 Oct 2023 05:30:58 GMT
content-type: image/svg+xml
server: nginx/1.15.12
last-modified: Mon, 05 Jul 2021 19:56:59 GMT
vary: Accept-Encoding
etag: W/"60e3640b-3be5"
content-encoding: gzip
X-Firefox-Spdy: h2
banner-server.hookusbookus.com/package-feed?language=et_ee&utmSource=allmedia
200 OK 24 kB URL GET HTTP/2 banner-server.hookusbookus.com/package-feed?language=et_ee&utmSource=allmedia
IP
Requested by https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF6cbHB-h9KUqwXsdNwS41H4QIX6jC2eiTTbh1uIQWCFVOeieJlSW-66ajki4xBpXdA3JhI1rZetSRMPn9hvkuS42wamW2zEQqqvtqPO-P6C-xO7F0Vom_ppfbxxnzmhoEdI9wbNT6E9mdrDJqV9X_xzzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF6cbHB-h9KUqwXsdNwS41H4QIX6jC2eiTTbh1uIQWCFVOeieJlSW-66ajki4xBpXdA3JhI1rZetSRMPn9hvkuS42wamW2zEQqqvtqPO-P6C-xO7F0Vom_ppfbxxnzmhoEdI9wbNT6E9mdrDJqV9X_xzzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=129c0d359bec46149fd9f0dec164740650dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerAmazon
Subject*.hookusbookus.com
FingerprintCD:CD:3C:03:66:21:F8:A9:21:BC:F8:C8:3C:DC:88:0A:C5:19:F1:7A
ValiditySun, 07 May 2023 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /package-feed?language=et_ee&utmSource=allmedia HTTP/1.1
Host: banner-server.hookusbookus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://banner.hookusbookus.com
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 02 Oct 2023 05:30:58 GMT
content-type: application/json
access-control-allow-origin: https://banner.hookusbookus.com
access-control-allow-methods: POST, PUT, GET, PATCH, OPTIONS, DELETE
access-control-max-age: 3600
access-control-allow-headers: origin, authorization, accept, content-type, x-requested-with, Pragma, Cache-Control, If-Modified-Since, X-Auth-Token, X-Client-Certificate
access-control-allow-credentials: true
access-control-expose-headers: X-Auth-Token, Content-Disposition, Content-Length
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
x-frame-options: DENY
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
200 OK 102 kB IP
Requested by https://www.upload.ee/files/15607744/GOMPlayerPlus2.3.90.5360x64.exe.html
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint17:F9:2D:6F:B5:5E:5F:37:A6:FB:BE:61:4F:97:64:33:85:5C:3A:FB
ValidityTue, 28 Feb 2023 00:00:00 GMT - Tue, 27 Feb 2024 23:59:59 GMT
Size 102 kB (102400 bytes)
Hash 4c6426ac7ef186464ecbb0d81cbfcb1e
5a6918eebd9d635e8f632e3ef34e3792b1b5ec13
f627ca4c2c322f15db26152df306bd4f983f0146409b81a4341b9b340c365a16
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
Origin: https://www.upload.ee
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 02 Oct 2023 05:30:55 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://www.upload.ee
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 1293
last-modified: Mon, 02 Oct 2023 05:09:22 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kLWITPdcSKL4Dt%2FjPThXu1IKQ8vMofmP5aXVnldQAvH4GjNJWAJPAGAxY3Kij2GiRibM%2BTreLQd3uOV111gq2HHHk7kBQZ89UjU%2FYC4INNv%2FWmc6tNUkgTPwbyF%2F5T%2FO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 80fa8e63ece44970-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/
200 OK 27 B IP
Requested by https://www.upload.ee/files/15607744/GOMPlayerPlus2.3.90.5360x64.exe.html
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint17:F9:2D:6F:B5:5E:5F:37:A6:FB:BE:61:4F:97:64:33:85:5C:3A:FB
ValidityTue, 28 Feb 2023 00:00:00 GMT - Tue, 27 Feb 2024 23:59:59 GMT
File type ASCII text, with no line terminators
Hash acd8c541f941d1c1f6fe59bbfaa076ef
561e4e4076a64a4968502649588872a2d694ff2f
9db55058270d2b9ddfbcda5d95fa06fbfcd1793cee6354befe3ff521476e9390
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
Origin: https://www.upload.ee
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 02 Oct 2023 05:30:56 GMT
content-type: text/plain
set-cookie: csu=1084967837966951@1@1696224656; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://www.upload.ee
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FGDcB1Ij3B6hypAQWtl4h03FlYkcAHEW5kLWsWazf33S99NJ2Ne7cFA2usqwxK2zXgbwEOU2xS769%2FMX2KkDzTMjZohfvDoPLcSyK3BTUC20oNlTY6R5uDCgi7ePLyqC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80fa8e63ece04970-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
banner.hookusbookus.com/assets/fonts/greycliff-cf-regular.woff
200 OK 53 kB URL GET HTTP/2 banner.hookusbookus.com/assets/fonts/greycliff-cf-regular.woff
IP
Requested by https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF6cbHB-h9KUqwXsdNwS41H4QIX6jC2eiTTbh1uIQWCFVOeieJlSW-66ajki4xBpXdA3JhI1rZetSRMPn9hvkuS42wamW2zEQqqvtqPO-P6C-xO7F0Vom_ppfbxxnzmhoEdI9wbNT6E9mdrDJqV9X_xzzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF6cbHB-h9KUqwXsdNwS41H4QIX6jC2eiTTbh1uIQWCFVOeieJlSW-66ajki4xBpXdA3JhI1rZetSRMPn9hvkuS42wamW2zEQqqvtqPO-P6C-xO7F0Vom_ppfbxxnzmhoEdI9wbNT6E9mdrDJqV9X_xzzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=129c0d359bec46149fd9f0dec164740650dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerAmazon
Subject*.hookusbookus.com
FingerprintCD:CD:3C:03:66:21:F8:A9:21:BC:F8:C8:3C:DC:88:0A:C5:19:F1:7A
ValiditySun, 07 May 2023 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT
File type Web Open Font Format, TrueType, length 53104, version 1.500\012- data
Hash 4f5975fe17a8ca74963be0165ff6a443
4bca2ab6c3da2b6ae09602601adeac22e7a90381
5b8f98e0c93afef19bd64c3dea2a16d60dc1574e5a4a79b788ef03b9eb3c22df
GET /assets/fonts/greycliff-cf-regular.woff HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/assets/css/index_1000x200.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 02 Oct 2023 05:30:58 GMT
content-type: font/woff
content-length: 53104
server: nginx/1.15.12
last-modified: Thu, 22 Apr 2021 07:20:15 GMT
etag: "608123af-cf70"
accept-ranges: bytes
X-Firefox-Spdy: h2
pogothere.xyz/
200 OK 27 B IP
Requested by https://www.upload.ee/files/15607744/GOMPlayerPlus2.3.90.5360x64.exe.html
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint17:F9:2D:6F:B5:5E:5F:37:A6:FB:BE:61:4F:97:64:33:85:5C:3A:FB
ValidityTue, 28 Feb 2023 00:00:00 GMT - Tue, 27 Feb 2024 23:59:59 GMT
File type ASCII text, with no line terminators
Hash ed4e648dbec28455005aa9ecf4344325
b7c87e156fc7826e14d3634b2a8c32340f72a145
8e0e46b84c22fbfb88fd36601f9920ad07e65a08ac09f2d8958105d184221e63
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
Origin: https://www.upload.ee
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 02 Oct 2023 05:30:56 GMT
content-type: text/plain
set-cookie: csu=1823492720799202@1@1696224656; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://www.upload.ee
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rStWoPz0qVpngWvMeO57gmXfDiBpMj2jB%2BPmmlD02ZAIug5VY6U6SsOgtEuAytxdpwQLujZS%2B%2FWxqZWxAVUc9WzRV93gDeAqtBKxXjuznlCcftXrAx0DmAlnXxsW6GAL"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80fa8e63ece34970-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
umoughtcallm.com/popunder.gif
200 OK 35 B URL GET HTTP/3 umoughtcallm.com/popunder.gif
IP
Requested by https://www.upload.ee/files/15607744/GOMPlayerPlus2.3.90.5360x64.exe.html
Certificate IssuerGoogle Trust Services LLC
Subjectumoughtcallm.com
Fingerprint6B:57:1E:F0:AE:98:F4:49:BE:13:72:49:EB:A1:C6:42:13:78:FE:7D
ValidityWed, 13 Sep 2023 06:21:16 GMT - Tue, 12 Dec 2023 06:21:15 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
GET /popunder.gif HTTP/1.1
Host: umoughtcallm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 02 Oct 2023 05:30:56 GMT
content-type: image/gif
access-control-allow-origin: *
pragma: public
cache-control: public, max-age=604800, immutable
cf-cache-status: HIT
age: 53040
last-modified: Sun, 01 Oct 2023 14:46:56 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CLdoYAtW38KI2lydRVzrRquFkxiwEMblP1f6vTkNgmLBBx%2FKRgNeTY8FyRAUwy64iZGvWhupnGooviO3R6SBwpvjlIVNyRExnFZPrDJJX15jiFfT29Bg9vJDCGqFFbbnZ2uq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 80fa8e63feba5691-OSL
alt-svc: h3=":443"; ma=86400
serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF6cbHB-h9KUqwXsdNwS41H4QIX6jC2eiTTbh1uIQWCFVOeieJlSW-66ajki4xBpXdA3JhI1rZetSRMPn9hvkuS42wamW2zEQqqvtqPO-P6C-xO7F0Vom_ppfbxxnzmhoEdI9wbNT6E9mdrDJqV9X_xzzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g
200 OK 0 B URL GET HTTP/2 serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF6cbHB-h9KUqwXsdNwS41H4QIX6jC2eiTTbh1uIQWCFVOeieJlSW-66ajki4xBpXdA3JhI1rZetSRMPn9hvkuS42wamW2zEQqqvtqPO-P6C-xO7F0Vom_ppfbxxnzmhoEdI9wbNT6E9mdrDJqV9X_xzzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g
IP
ASN #3327 CITIC Telecom CPC Netherlands B.V.
Requested by https://www.upload.ee/files/15607744/GOMPlayerPlus2.3.90.5360x64.exe.html
Certificate IssuerLet's Encrypt
Subjectstatic.bepolite.eu
FingerprintB7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD
ValidityMon, 04 Sep 2023 21:06:47 GMT - Sun, 03 Dec 2023 21:06:46 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /event?key=FYFWuDany3hwv6rfuoAYF6cbHB-h9KUqwXsdNwS41H4QIX6jC2eiTTbh1uIQWCFVOeieJlSW-66ajki4xBpXdA3JhI1rZetSRMPn9hvkuS42wamW2zEQqqvtqPO-P6C-xO7F0Vom_ppfbxxnzmhoEdI9wbNT6E9mdrDJqV9X_xzzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g HTTP/1.1
Host: serving.bepolite.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Cookie: bepolite_id=97ce5a2953e8561d4b39fbc44fa50c9c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-length: 0
date: Mon, 02 Oct 2023 05:30:56 GMT
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 513615984
age: 0
accept-ranges: bytes
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AYZoVhcMmv2WCsCPbN8PVRt4twVhzmxutAAU8pyzoDH7pSXz9Xs5LsBjTimeYi2hD9xvT-pTYD-X&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S336363424%3A1696224656183068&theme=glif
403 Forbidden 0 B URL GET HTTP/3 accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AYZoVhcMmv2WCsCPbN8PVRt4twVhzmxutAAU8pyzoDH7pSXz9Xs5LsBjTimeYi2hD9xvT-pTYD-X&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S336363424%3A1696224656183068&theme=glif
IP
Requested by https://www.upload.ee/files/15607744/GOMPlayerPlus2.3.90.5360x64.exe.html
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
FingerprintBB:B9:27:FB:7D:F3:A7:1A:57:CC:23:F8:42:E9:10:BE:59:7E:1F:D4
ValidityMon, 04 Sep 2023 08:17:06 GMT - Mon, 27 Nov 2023 08:17:05 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AYZoVhcMmv2WCsCPbN8PVRt4twVhzmxutAAU8pyzoDH7pSXz9Xs5LsBjTimeYi2hD9xvT-pTYD-X&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S336363424%3A1696224656183068&theme=glif HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 02 Oct 2023 05:30:56 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-_eZwv0A8hP5v9bwOFGbQJQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF6cbHB-h9KUqwXsdNwS41H4QIX6jC2eiTTbh1uIQWCFVOeieJlSW-66ajki4xBpXdA3JhI1rZetSRMPn9hvkuS42wamW2zEQqqvtqPO-P6C-xO7F0Vom_ppfbxxnzmhoEdI9wbNT6E9mdrDJqV9X_xzzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF6cbHB-h9KUqwXsdNwS41H4QIX6jC2eiTTbh1uIQWCFVOeieJlSW-66ajki4xBpXdA3JhI1rZetSRMPn9hvkuS42wamW2zEQqqvtqPO-P6C-xO7F0Vom_ppfbxxnzmhoEdI9wbNT6E9mdrDJqV9X_xzzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=129c0d359bec46149fd9f0dec164740650dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
200 OK 6.0 kB URL GET HTTP/2 banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF6cbHB-h9KUqwXsdNwS41H4QIX6jC2eiTTbh1uIQWCFVOeieJlSW-66ajki4xBpXdA3JhI1rZetSRMPn9hvkuS42wamW2zEQqqvtqPO-P6C-xO7F0Vom_ppfbxxnzmhoEdI9wbNT6E9mdrDJqV9X_xzzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF6cbHB-h9KUqwXsdNwS41H4QIX6jC2eiTTbh1uIQWCFVOeieJlSW-66ajki4xBpXdA3JhI1rZetSRMPn9hvkuS42wamW2zEQqqvtqPO-P6C-xO7F0Vom_ppfbxxnzmhoEdI9wbNT6E9mdrDJqV9X_xzzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=129c0d359bec46149fd9f0dec164740650dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
IP
Requested by https://www.upload.ee/files/15607744/GOMPlayerPlus2.3.90.5360x64.exe.html
Certificate IssuerAmazon
Subject*.hookusbookus.com
FingerprintCD:CD:3C:03:66:21:F8:A9:21:BC:F8:C8:3C:DC:88:0A:C5:19:F1:7A
ValiditySun, 07 May 2023 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (6210), with no line terminators
Hash b2c258a8d77db021c8f33f8e84dba71b
c453e30dac638f4e1b897309fe32db795d540f80
2d1065201a188a85c1a7d0a3ee130f5a8dc4e60db8fe221fb2081e77222e5a9f
GET /index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF6cbHB-h9KUqwXsdNwS41H4QIX6jC2eiTTbh1uIQWCFVOeieJlSW-66ajki4xBpXdA3JhI1rZetSRMPn9hvkuS42wamW2zEQqqvtqPO-P6C-xO7F0Vom_ppfbxxnzmhoEdI9wbNT6E9mdrDJqV9X_xzzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF6cbHB-h9KUqwXsdNwS41H4QIX6jC2eiTTbh1uIQWCFVOeieJlSW-66ajki4xBpXdA3JhI1rZetSRMPn9hvkuS42wamW2zEQqqvtqPO-P6C-xO7F0Vom_ppfbxxnzmhoEdI9wbNT6E9mdrDJqV9X_xzzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=129c0d359bec46149fd9f0dec164740650dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 02 Oct 2023 05:30:57 GMT
content-type: text/html
server: nginx/1.15.12
last-modified: Tue, 24 Jan 2023 14:19:47 GMT
vary: Accept-Encoding
etag: W/"63cfe903-1781"
content-encoding: gzip
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
200 OK 102 kB IP
Requested by https://www.upload.ee/files/15607744/GOMPlayerPlus2.3.90.5360x64.exe.html
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint17:F9:2D:6F:B5:5E:5F:37:A6:FB:BE:61:4F:97:64:33:85:5C:3A:FB
ValidityTue, 28 Feb 2023 00:00:00 GMT - Tue, 27 Feb 2024 23:59:59 GMT
Size 102 kB (102400 bytes)
Hash 4c6426ac7ef186464ecbb0d81cbfcb1e
5a6918eebd9d635e8f632e3ef34e3792b1b5ec13
f627ca4c2c322f15db26152df306bd4f983f0146409b81a4341b9b340c365a16
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
Origin: https://www.upload.ee
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 02 Oct 2023 05:30:55 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://www.upload.ee
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 1293
last-modified: Mon, 02 Oct 2023 05:09:22 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AVOspFNrN5DzrhY%2B%2BmYrMj08IHj6PNxIPdStgj0UhU%2Fe8miWERANsfovGM9u3yJS5YbikEznADbMSxUKNagvjJyVjTqozn6AIcaLBqBfKmwAngeMCBJTeSxMbGQG85ip"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 80fa8e63ece54970-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
serving.bepolite.eu/script?space=50dd7b0f-4105-441f-8f60-18cc3fcb090c&type=direct&page_id=5478277&screen_width=1280&screen_height=1024&os=Linux%20x86_64&refurl=https%3A%2F%2Fwww.upload.ee%2Fdownload%2F15607744%2F121100e4029e1da0da8c%2Fgomplayerplus2.3.90.5360x64.exe&pageurl=https%3A%2F%2Fwww.upload.ee%2Ffiles%2F15607744%2FGOMPlayerPlus2.3.90.5360x64.exe.html&rnd=1696224655436
0 B URL GET serving.bepolite.eu/script?space=50dd7b0f-4105-441f-8f60-18cc3fcb090c&type=direct&page_id=5478277&screen_width=1280&screen_height=1024&os=Linux%20x86_64&refurl=https%3A%2F%2Fwww.upload.ee%2Fdownload%2F15607744%2F121100e4029e1da0da8c%2Fgomplayerplus2.3.90.5360x64.exe&pageurl=https%3A%2F%2Fwww.upload.ee%2Ffiles%2F15607744%2FGOMPlayerPlus2.3.90.5360x64.exe.html&rnd=1696224655436
IP
Requested by https://www.upload.ee/files/15607744/GOMPlayerPlus2.3.90.5360x64.exe.html
Certificate IssuerLet's Encrypt
Subjectstatic.bepolite.eu
FingerprintB7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD
ValidityMon, 04 Sep 2023 21:06:47 GMT - Sun, 03 Dec 2023 21:06:46 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /script?space=50dd7b0f-4105-441f-8f60-18cc3fcb090c&type=direct&page_id=5478277&screen_width=1280&screen_height=1024&os=Linux%20x86_64&refurl=https%3A%2F%2Fwww.upload.ee%2Fdownload%2F15607744%2F121100e4029e1da0da8c%2Fgomplayerplus2.3.90.5360x64.exe&pageurl=https%3A%2F%2Fwww.upload.ee%2Ffiles%2F15607744%2FGOMPlayerPlus2.3.90.5360x64.exe.html&rnd=1696224655436 HTTP/1.1
Host: serving.bepolite.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
cache-control: private, must-revalidate, max-age=0
vary: accept-encoding
content-encoding: gzip
content-type: text/plain;charset=ISO-8859-1
date: Mon, 02 Oct 2023 05:30:54 GMT
set-cookie: bepolite_id=97ce5a2953e8561d4b39fbc44fa50c9c; Max-Age=7776000; Expires=Sun, 31-Dec-2023 05:30:55 GMT; SameSite=None; Secure
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 216671501
age: 0
accept-ranges: bytes
content-length: 1866
X-Firefox-Spdy: h2
51.91.30.159
142.250.74.109
212.47.222.20
18.184.105.34
0.0.0.0
0.0.0.0