Report - www.upload.ee/download/15661808/600fdb93b0521d84e423/MadDuckHWIDSpoof.exe

Report Overview

Visited public
2023-09-10 23:01:22
Tags
URL
www.upload.ee/download/15661808/600fdb93b0521d84e423/MadDuckHWIDSpoof.exe
Finishing URL
www.upload.ee/files/15661808/MadDuckHWIDSpoof.exe.html?msg=sess_error
IP / ASN
51.91.30.159
#16276 OVH SAS
Title
UPLOAD.EE - MadDuckHWIDSpoof.exe - Download

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
aticalfelixstownrus.info	unknown	2023-08-27	2023-09-04 10:20:31	2023-09-04 11:42:41	3.8 kB	6.9 kB	54.230.111.124
accounts.google.com	81	1997-09-15	2016-03-20 13:44:49	2023-09-10 21:01:04	3.7 kB	11 kB	142.250.74.109
www.upload.ee	981196	2010-07-04	2012-05-24 10:39:37	2023-09-10 05:42:15	4.2 kB	46 kB	51.91.30.159
du0pud0sdlmzf.cloudfront.net	unknown	2008-04-25	2023-08-24 12:49:59	2023-09-10 21:13:44	2.4 kB	121 kB	143.204.42.89
empafnyfiexpectt.info	unknown	2023-08-27	2023-09-04 12:22:49	2023-09-04 12:22:49	2.2 kB	3.7 kB	104.21.6.211
static.bepolite.eu	unknown	unknown	2017-01-29 06:13:55	2023-09-10 19:51:49	15 kB	301 kB	212.47.222.22
pogothere.xyz	unknown	2022-08-22	2022-09-04 21:11:25	2023-09-10 16:47:42	1.7 kB	208 kB	172.64.96.14
ocsp.pki.goog	175	2016-06-13	2018-07-01 08:43:07	2023-09-10 18:13:14	1.7 kB	3.5 kB	142.250.74.131
www.googletagmanager.com	75	2011-11-11	2013-05-22 04:07:37	2023-09-10 20:35:27	2.4 kB	140 kB	142.250.74.168
serving.bepolite.eu	unknown	unknown	2017-01-29 19:42:29	2023-09-10 19:51:49	3.3 kB	2.9 kB	212.47.222.22

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-09-10	medium	empafnyfiexpectt.info	Sinkholed
2023-09-10	medium	empafnyfiexpectt.info	Sinkholed
2023-09-10	medium	empafnyfiexpectt.info	Sinkholed
2023-09-10	medium	empafnyfiexpectt.info	Sinkholed

ThreatFox

No alerts detected

JavaScript (22)

	URL	From	Size	First Seen	Last Seen
	www.upload.ee/files/15661808/MadDuckHWIDSpoof.exe.html?msg=sess_error	ScriptElement	14 B	2023-03-09	2025-05-10
Pretty URL www.upload.ee/files/15661808/MadDuckHWIDSpoof.exe.html?msg=sess_error IP 51.91.30.159 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-09 23:09 Last Seen2025-05-10 09:06 Times Seen3354 Hash 48e07e6b9e60fc36f21db6b71bf0b4b1 fb4085cc0058779b28e5c366a2b92cf242399c2f 3cbdc71216bd0aa119c93b4c5213941e9972e26ef16b3386c7c9cb32bcc60d64 Loading...

	www.upload.ee/files/15661808/sandbox%20eval%20code		128 B	2023-05-06	2025-05-10
Pretty URL www.upload.ee/files/15661808/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-05-06 01:21 Last Seen2025-05-10 09:06 Times Seen24393 Hash 23c336606ee3a6d444b305153fa0e2e2 473a2111970ae2a94b373e656d20c4bd4184d703 305375d5052f6a14434d2d338f852f0f4f04fb26495f88a5d62b6afde2e2cc60 Loading...

	static.bepolite.eu/scripts/saresponsive.js	ScriptElement	175 kB	2023-08-16	2023-09-13
Pretty URL static.bepolite.eu/scripts/saresponsive.js IP 212.47.222.22 ASN #3327 CITIC Telecom CPC Netherlands B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-16 08:58 Last Seen2023-09-13 20:46 Times Seen72 Hash 1bf7f467e8e0d7bbc53585aad8ea467c 9a438e3c801182c612d82ecbec28d6dc5a643b93 08af140297a6c256dcd10d0b815e41b80217789ebe5ac9558a24546432adddeb Loading...

	www.upload.ee/files/15661808/MadDuckHWIDSpoof.exe.html?msg=sess_error	ScriptElement	57 B	2023-03-09	2025-05-10
Pretty URL www.upload.ee/files/15661808/MadDuckHWIDSpoof.exe.html?msg=sess_error IP 51.91.30.159 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-09 23:09 Last Seen2025-05-10 09:06 Times Seen3352 Hash 63fa78e3d4ae4b7fc4cf5126264cb75e 65657518c61173b8205d4fb68aabfae6ae7270a0 a31d904d1ab6191632f68d0b375b622e4699c6e840f99ce53699df5d9f77ef6a Loading...

	unknown	DomTimer	101 B	2024-08-21	2024-08-21
Pretty Introduced by domTimer Embedded in HTML false Observations First Seen2024-08-21 07:06 Last Seen2024-08-21 07:06 Times Seen1 Hash 439a4248e84654223495aa20de876055 de9d29882fbfcbda4103d5e4a6b5268e4cdb1f1e 27ffc9c591aaff785cde943eb1da7d36833d158be330abad77224840a7e475ef Loading...

	www.upload.ee/files/15661808/sandbox%20eval%20code		147 B	2023-04-11	2025-05-10
Pretty URL www.upload.ee/files/15661808/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-05-10 12:03 Times Seen341650 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

	www.upload.ee/files/15661808/MadDuckHWIDSpoof.exe.html?msg=sess_error	ScriptElement	155 B	2023-03-09	2025-05-10
Pretty URL www.upload.ee/files/15661808/MadDuckHWIDSpoof.exe.html?msg=sess_error IP 51.91.30.159 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-09 23:09 Last Seen2025-05-10 09:06 Times Seen3343 Hash ba71a86056b5c9ef37b625aade54337e 4769c2a07aa71c342dcb06dfa2950cff7ecae40f 65d96ab8cd224643e09a693cdc8fa0b76eb9c6cfe0a4be8b797136ca83a305c0 Loading...

	du0pud0sdlmzf.cloudfront.net/?dupud=997369	ScriptElement	363 kB	2023-09-11	2023-09-11
Pretty URL du0pud0sdlmzf.cloudfront.net/?dupud=997369 IP 143.204.42.89 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-11 01:01 Last Seen2023-09-11 01:01 Times Seen1 Hash 66fb499f6c765cfb134c30f32ca5063c a161c3343a3db838838d0a5a4a680c9006e009d7 f70b1290633468f89c31d3d0579b272ef482762f97806c226f56be03707c54a9 Loading...

	pagead2.googlesyndication.com/pagead/js/adsbygoogle.js	ScriptElement	1.6 kB	2023-05-06	2025-05-10
Pretty URL pagead2.googlesyndication.com/pagead/js/adsbygoogle.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-06 01:21 Last Seen2025-05-10 09:06 Times Seen24184 Hash 2e9e391ad98fbe1b2de0b7b4fa9ca904 21d7771223e8286a06ad878af425094a40de32b5 1468d954f25ab75355f3c0f42cd9c84efd64a67922c47d3b69bdb6d0eb399e69 Loading...

	www.googletagmanager.com/gtag/js?id=G-LT9YQX0N49&l=dataLayer&cx=c	ScriptElement	251 kB	2023-09-11	2023-09-11
Pretty URL www.googletagmanager.com/gtag/js?id=G-LT9YQX0N49&l=dataLayer&cx=c IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-11 01:01 Last Seen2023-09-11 01:01 Times Seen1 Hash a2034734d899499a3c4f5d1505ea7766 772213f486f28efb2b694298a854d44579a996e3 129ba884af6720d2437e4682f66b4d0444a50643cb36c99ac92ccc802585b4b1 Loading...

	unknown	DomTimer	95 B	2024-08-21	2024-08-21
Pretty Introduced by domTimer Embedded in HTML false Observations First Seen2024-08-21 07:06 Last Seen2024-08-21 07:06 Times Seen1 Hash a6c616ed7e2440994e34942369b3256d 25b7ec0582c52d39b1b9919ac96e8f617c478f7e e1fe84ddc6a01164b2af767bd50be7fa6bb5ca409d89aaf98bc709f3fc4088ed Loading...

	www.upload.ee/files/15661808/MadDuckHWIDSpoof.exe.html?msg=sess_error	ScriptElement	1.6 kB	2023-03-09	2024-08-21
Pretty URL www.upload.ee/files/15661808/MadDuckHWIDSpoof.exe.html?msg=sess_error IP 51.91.30.159 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-09 23:09 Last Seen2024-08-21 09:18 Times Seen114 Hash bada815b0add3317d69cbff824573d6b 60ebc2061d3dbf196d418b6802aa0d971b7bc189 f2fe3c2dc65244420df6fc8efd959211c4ef3d9f76e2a3c530b4a3163138d92b Loading...

	www.google-analytics.com/analytics.js	ScriptElement	4.7 kB	2023-04-11	2025-05-10
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-05-10 12:03 Times Seen340849 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

	serving.bepolite.eu/script?space=50dd7b0f-4105-441f-8f60-18cc3fcb090c&type=direct&page_id=6895167&screen_width=1280&screen_height=1024&os=Linux%20x86_64&refurl=https%3A%2F%2Fwww.upload.ee%2Fdownload%2F15661808%2F600fdb93b0521d84e423%2FMadDuckHWIDSpoof.exe&pageurl=https%3A%2F%2Fwww.upload.ee%2Ffiles%2F15661808%2FMadDuckHWIDSpoof.exe.html%3Fmsg%3Dsess_error&rnd=1694386865790	ScriptElement	7.6 kB	2023-09-11	2023-09-11
Pretty URL serving.bepolite.eu/script?space=50dd7b0f-4105-441f-8f60-18cc3fcb090c&type=direct&page_id=6895167&screen_width=1280&screen_height=1024&os=Linux%20x86_64&refurl=https%3A%2F%2Fwww.upload.ee%2Fdownload%2F15661808%2F600fdb93b0521d84e423%2FMadDuckHWIDSpoof.exe&pageurl=https%3A%2F%2Fwww.upload.ee%2Ffiles%2F15661808%2FMadDuckHWIDSpoof.exe.html%3Fmsg%3Dsess_error&rnd=1694386865790 IP 212.47.222.22 ASN #3327 CITIC Telecom CPC Netherlands B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-11 01:01 Last Seen2023-09-11 01:01 Times Seen1 Hash c2a2a08e7ee5b596bdbd646bd7dcedd5 f4c417aba64bbb883aa3ba7f03a2d7eaf7dc6c9b f4fa3a8e55ff958b3cc3e310d10ec1f8e9f5012f538475e9b1621f9ed3b5f43a Loading...

	unknown	DomTimer	142 B	2024-08-21	2024-08-21
Pretty Introduced by domTimer Embedded in HTML false Observations First Seen2024-08-21 07:06 Last Seen2024-08-21 07:06 Times Seen1 Hash b6f49fa24b597e13ece1356ab7d4cb9b d1498759c58821488640325a633b350f74c38fe2 29cdae3c5a04baf41f6ebd71025c673dad07ccc6cb98aec3b384652eac1ac379 Loading...

	static.bepolite.eu/banners/a247979d-f898-4aab-a992-ab17ac1c83a6/app.js	ScriptElement	1.7 kB	2023-09-08	2024-08-21
Pretty URL static.bepolite.eu/banners/a247979d-f898-4aab-a992-ab17ac1c83a6/app.js IP 212.47.222.22 ASN #3327 CITIC Telecom CPC Netherlands B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-08 07:03 Last Seen2024-08-21 07:18 Times Seen15 Hash 1490aac2cf251cb7a3827a5602b8b509 ce48a21df8129270737a70bc9d9c94070ce81c52 b7b9a176a0902b49e9f052670293d84ce122874dde3d0dd80af95dcecfd9c026 Loading...

	unknown	DomTimer	148 B	2024-08-21	2024-08-21
Pretty Introduced by domTimer Embedded in HTML false Observations First Seen2024-08-21 07:06 Last Seen2024-08-21 07:06 Times Seen1 Hash 94dbcc3b293e18ffae8616103a583405 da7f1dbd49e3781841a77f2a4001db4582d52a0a f55e8ecb8287cff9a1bd4271bec8dbe9974863fd1aae4940f853f03d4a6b34ce Loading...

	static.bepolite.eu/banners/a247979d-f898-4aab-a992-ab17ac1c83a6/index.html?click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4C5LNGUTvRO0X4fIS12o_1qwiDEw_KdgHVjk40LQXXl0Z3QfWl1pLgyV0Ann-FoV9O0-6ZGAxLcxsKdMI3bBJcgWkG9sBU5WlMklrL_pZQxpJM6l6V3pttOAo_kC4E5Eo7CSrpWyCLqIhMWgxoYPGvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1WXZ8X6JSe0Gnw2zRAzhRqzoptxWl3N6M6wSBlOWoR-TR_lOyfSdK8HxRrQktEc-na5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttps%253A%252F%252Fwww.kaubamaja.ee%252F%253Futm_source%253Dsmartad%2526utm_medium%253Dbanner%2526utm_campaign%253Dilu_aeg_sygis_2023%2526utm_content%253Dsisu%2526utm_term%253Dee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4C5LNGUTvRO0X4fIS12o_1qwiDEw_KdgHVjk40LQXXl0Z3QfWl1pLgyV0Ann-FoV9O0-6ZGAxLcxsKdMI3bBJcgWkG9sBU5WlMklrL_pZQxpJM6l6V3pttOAo_kC4E5Eo7CSrpWyCLqIhMWgxoYPGvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1WXZ8X6JSe0Gnw2zRAzhRqzoptxWl3N6M6wSBlOWoR-TR_lOyfSdK8HxRrQktEc-na5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fstatic.bepolite.eu%2Fbanners%2Fa247979d-f898-4aab-a992-ab17ac1c83a6%2Findex.html&clink=https%3A%2F%2Fwww.kaubamaja.ee%2F%3Futm_source%3Dsmartad%26utm_medium%3Dbanner%26utm_campaign%3Dilu_aeg_sygis_2023%26utm_content%3Dsisu%26utm_term%3Dee&banner_id=104788ef97cd4dc28dbe29d4dd65d6bc50dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner	ScriptElement	0 B	0001-01-01	2025-05-10
Pretty URL static.bepolite.eu/banners/a247979d-f898-4aab-a992-ab17ac1c83a6/index.html?click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4C5LNGUTvRO0X4fIS12o_1qwiDEw_KdgHVjk40LQXXl0Z3QfWl1pLgyV0Ann-FoV9O0-6ZGAxLcxsKdMI3bBJcgWkG9sBU5WlMklrL_pZQxpJM6l6V3pttOAo_kC4E5Eo7CSrpWyCLqIhMWgxoYPGvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1WXZ8X6JSe0Gnw2zRAzhRqzoptxWl3N6M6wSBlOWoR-TR_lOyfSdK8HxRrQktEc-na5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttps%253A%252F%252Fwww.kaubamaja.ee%252F%253Futm_source%253Dsmartad%2526utm_medium%253Dbanner%2526utm_campaign%253Dilu_aeg_sygis_2023%2526utm_content%253Dsisu%2526utm_term%253Dee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4C5LNGUTvRO0X4fIS12o_1qwiDEw_KdgHVjk40LQXXl0Z3QfWl1pLgyV0Ann-FoV9O0-6ZGAxLcxsKdMI3bBJcgWkG9sBU5WlMklrL_pZQxpJM6l6V3pttOAo_kC4E5Eo7CSrpWyCLqIhMWgxoYPGvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1WXZ8X6JSe0Gnw2zRAzhRqzoptxWl3N6M6wSBlOWoR-TR_lOyfSdK8HxRrQktEc-na5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fstatic.bepolite.eu%2Fbanners%2Fa247979d-f898-4aab-a992-ab17ac1c83a6%2Findex.html&clink=https%3A%2F%2Fwww.kaubamaja.ee%2F%3Futm_source%3Dsmartad%26utm_medium%3Dbanner%26utm_campaign%3Dilu_aeg_sygis_2023%26utm_content%3Dsisu%26utm_term%3Dee&banner_id=104788ef97cd4dc28dbe29d4dd65d6bc50dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner IP 212.47.222.22 ASN #3327 CITIC Telecom CPC Netherlands B.V. Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-05-10 12:08 Times Seen4643556 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	static.bepolite.eu/banners/a247979d-f898-4aab-a992-ab17ac1c83a6/index.html?click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4C5LNGUTvRO0X4fIS12o_1qwiDEw_KdgHVjk40LQXXl0Z3QfWl1pLgyV0Ann-FoV9O0-6ZGAxLcxsKdMI3bBJcgWkG9sBU5WlMklrL_pZQxpJM6l6V3pttOAo_kC4E5Eo7CSrpWyCLqIhMWgxoYPGvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1WXZ8X6JSe0Gnw2zRAzhRqzoptxWl3N6M6wSBlOWoR-TR_lOyfSdK8HxRrQktEc-na5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttps%253A%252F%252Fwww.kaubamaja.ee%252F%253Futm_source%253Dsmartad%2526utm_medium%253Dbanner%2526utm_campaign%253Dilu_aeg_sygis_2023%2526utm_content%253Dsisu%2526utm_term%253Dee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4C5LNGUTvRO0X4fIS12o_1qwiDEw_KdgHVjk40LQXXl0Z3QfWl1pLgyV0Ann-FoV9O0-6ZGAxLcxsKdMI3bBJcgWkG9sBU5WlMklrL_pZQxpJM6l6V3pttOAo_kC4E5Eo7CSrpWyCLqIhMWgxoYPGvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1WXZ8X6JSe0Gnw2zRAzhRqzoptxWl3N6M6wSBlOWoR-TR_lOyfSdK8HxRrQktEc-na5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fstatic.bepolite.eu%2Fbanners%2Fa247979d-f898-4aab-a992-ab17ac1c83a6%2Findex.html&clink=https%3A%2F%2Fwww.kaubamaja.ee%2F%3Futm_source%3Dsmartad%26utm_medium%3Dbanner%26utm_campaign%3Dilu_aeg_sygis_2023%26utm_content%3Dsisu%26utm_term%3Dee&banner_id=104788ef97cd4dc28dbe29d4dd65d6bc50dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner	ScriptElement	0 B	0001-01-01	2025-05-10
Pretty URL static.bepolite.eu/banners/a247979d-f898-4aab-a992-ab17ac1c83a6/index.html?click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4C5LNGUTvRO0X4fIS12o_1qwiDEw_KdgHVjk40LQXXl0Z3QfWl1pLgyV0Ann-FoV9O0-6ZGAxLcxsKdMI3bBJcgWkG9sBU5WlMklrL_pZQxpJM6l6V3pttOAo_kC4E5Eo7CSrpWyCLqIhMWgxoYPGvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1WXZ8X6JSe0Gnw2zRAzhRqzoptxWl3N6M6wSBlOWoR-TR_lOyfSdK8HxRrQktEc-na5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttps%253A%252F%252Fwww.kaubamaja.ee%252F%253Futm_source%253Dsmartad%2526utm_medium%253Dbanner%2526utm_campaign%253Dilu_aeg_sygis_2023%2526utm_content%253Dsisu%2526utm_term%253Dee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4C5LNGUTvRO0X4fIS12o_1qwiDEw_KdgHVjk40LQXXl0Z3QfWl1pLgyV0Ann-FoV9O0-6ZGAxLcxsKdMI3bBJcgWkG9sBU5WlMklrL_pZQxpJM6l6V3pttOAo_kC4E5Eo7CSrpWyCLqIhMWgxoYPGvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1WXZ8X6JSe0Gnw2zRAzhRqzoptxWl3N6M6wSBlOWoR-TR_lOyfSdK8HxRrQktEc-na5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fstatic.bepolite.eu%2Fbanners%2Fa247979d-f898-4aab-a992-ab17ac1c83a6%2Findex.html&clink=https%3A%2F%2Fwww.kaubamaja.ee%2F%3Futm_source%3Dsmartad%26utm_medium%3Dbanner%26utm_campaign%3Dilu_aeg_sygis_2023%26utm_content%3Dsisu%26utm_term%3Dee&banner_id=104788ef97cd4dc28dbe29d4dd65d6bc50dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner IP 212.47.222.22 ASN #3327 CITIC Telecom CPC Netherlands B.V. Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-05-10 12:08 Times Seen4643556 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	www.upload.ee/js/js__file_upload.js	ScriptElement	27 kB	2023-03-09	2023-10-14
Pretty URL www.upload.ee/js/js__file_upload.js IP 51.91.30.159 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 23:09 Last Seen2023-10-14 14:45 Times Seen96 Hash 617f6d5a2744bc8c02e3d2c67544bd68 f57c068257c8bc85644d3be1e845c36506cd4625 62a3bb4d9d2b5a55b6d821a75d7b155fac47def3c241e4f1215d17e022f02658 Loading...

	www.googletagmanager.com/gtag/js?id=UA-6703115-1	ScriptElement	133 kB	2023-09-11	2023-09-11
Pretty URL www.googletagmanager.com/gtag/js?id=UA-6703115-1 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-11 01:01 Last Seen2023-09-11 01:01 Times Seen1 Hash c98d6b08df5e6a0963a0aeec9e6a9460 9368e4d3034c3763a71f1794f98ecf6193a16ef5 18f1a91e209021daa8b4b5c7661a86e2789e419e29c0ef073238dac16445dd2b Loading...

		Size	First Seen	Last Seen
	#1 Write - a5f5120ba7f2e6ec051ea676535b94c3	106 B	2024-08-21 07:06	2024-08-21 07:06
Pretty Observations First Seen2024-08-21 07:06 Last Seen2024-08-21 07:06 Times Seen1 Hash a5f5120ba7f2e6ec051ea676535b94c3 e11bf3d547c5ae53abcf0b9b8602ddf08ac12fe3 effb1041e02fce85cd32a8b8eb302c5753062a3a20bcefb61f0d705093cc7adf Loading...

HTTP Transactions (54)

URL IP Response Size

www.upload.ee/download/15661808/600fdb93b0521d84e423/MadDuckHWIDSpoof.exe

51.91.30.159

421 B

URL
www.upload.ee/download/15661808/600fdb93b0521d84e423/MadDuckHWIDSpoof.exe
IP
51.91.30.159:0
ASN
#16276 OVH SAS

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (421), with no line terminators
Size
421 B (421 bytes)
Hash
2d40a0a083f8d04bbf4b1bd935ed2838
bf364c7bdd720661500875ec25b692e180b763b9
f2fdd5d9edb03d9b1935d531ea13a30c2b28e627118183cdd9539815533aaa8c

HTTP Headers

GET /download/15661808/600fdb93b0521d84e423/MadDuckHWIDSpoof.exe HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: nginx
Date: Sun, 10 Sep 2023 23:01:04 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 421
Connection: keep-alive
Keep-Alive: timeout=5
Strict-Transport-Security: max-age=31536000
X-XSS-Protection: 1
P3P: CP="CAO PSA OUR"

www.upload.ee/download/15661808/600fdb93b0521d84e423/MadDuckHWIDSpoof.exe

51.91.30.159

421 B

URL
www.upload.ee/download/15661808/600fdb93b0521d84e423/MadDuckHWIDSpoof.exe
IP
51.91.30.159:0
ASN
#16276 OVH SAS

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (421), with no line terminators
Size
421 B (421 bytes)
Hash
2d40a0a083f8d04bbf4b1bd935ed2838
bf364c7bdd720661500875ec25b692e180b763b9
f2fdd5d9edb03d9b1935d531ea13a30c2b28e627118183cdd9539815533aaa8c

HTTP Headers

GET /download/15661808/600fdb93b0521d84e423/MadDuckHWIDSpoof.exe HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: nginx
Date: Sun, 10 Sep 2023 23:01:05 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 421
Connection: keep-alive
Keep-Alive: timeout=5
Strict-Transport-Security: max-age=31536000
X-XSS-Protection: 1
P3P: CP="CAO PSA OUR"

www.upload.ee/files/15661808/MadDuckHWIDSpoof.exe.html?msg=sess_error

51.91.30.159

200 OK

9.0 kB

URL User Request GET HTTP/1.1
www.upload.ee/files/15661808/MadDuckHWIDSpoof.exe.html?msg=sess_error
IP
51.91.30.159:443
ASN
#16276 OVH SAS

Certificate
IssuerDigiCert, Inc.
Subjectwww.upload.ee
Fingerprint50:32:93:34:C8:04:2F:84:49:77:0D:C4:DD:CA:79:C9:CB:3E:C0:F4
ValidityThu, 02 Mar 2023 00:00:00 GMT - Mon, 01 Apr 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4526)
Size
9.0 kB (9001 bytes)
Hash
5337070141698e2dc7000a56ba8cea1f
1e76a05e3e552a2637d938a14c560ff6c24316e2
8a5d95974ac6f7df8fb081b31d33629726a19a2307797021eedce2335f87fb8e

HTTP Headers

GET /files/15661808/MadDuckHWIDSpoof.exe.html?msg=sess_error HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/download/15661808/600fdb93b0521d84e423/MadDuckHWIDSpoof.exe
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 10 Sep 2023 23:01:05 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 9001
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 11 Sep 2023 02:01:05 +0300
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Strict-Transport-Security: max-age=31536000
X-XSS-Protection: 1
P3P: CP="CAO PSA OUR"
Set-Cookie: lng=eng; expires=Sun, 08-Oct-2023 23:01:05 GMT; path=/; domain=www.upload.ee; secure; httponly; SameSite=None
Content-Encoding: gzip

www.upload.ee/static/ubr__style.css

51.91.30.159

200 OK

2.9 kB

URL GET HTTP/1.1
www.upload.ee/static/ubr__style.css
IP
51.91.30.159:443
ASN
#16276 OVH SAS

Requested by
https://www.upload.ee/files/15661808/MadDuckHWIDSpoof.exe.html?msg=sess_error
Certificate
IssuerDigiCert, Inc.
Subjectwww.upload.ee
Fingerprint50:32:93:34:C8:04:2F:84:49:77:0D:C4:DD:CA:79:C9:CB:3E:C0:F4
ValidityThu, 02 Mar 2023 00:00:00 GMT - Mon, 01 Apr 2024 23:59:59 GMT

File type
ASCII text, with very long lines (591), with CRLF line terminators
Size
2.9 kB (2880 bytes)
Hash
3ba04e290212b44bcca8f10a60a4e879
a9b021c9019bdbb28250836039b2372a1b4d0f0f
f618b1c7be10c3203620d44c6f323be5b61ac10e67588d96cb69988b3173c7d2

HTTP Headers

GET /static/ubr__style.css HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/files/15661808/MadDuckHWIDSpoof.exe.html?msg=sess_error
Cookie: lng=eng
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 10 Sep 2023 23:01:05 GMT
Content-Type: text/css
Last-Modified: Fri, 04 Oct 2013 10:02:27 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
ETag: W/"524e9233-25a0"
Expires: Sun, 17 Sep 2023 23:01:05 GMT
Cache-Control: max-age=604800
Vary: Accept-Encoding
Content-Encoding: gzip

www.upload.ee/js/js__file_upload.js

51.91.30.159

200 OK

27 kB

URL GET HTTP/1.1
www.upload.ee/js/js__file_upload.js
IP
51.91.30.159:443
ASN
#16276 OVH SAS

Requested by
https://www.upload.ee/files/15661808/MadDuckHWIDSpoof.exe.html?msg=sess_error
Certificate
IssuerDigiCert, Inc.
Subjectwww.upload.ee
Fingerprint50:32:93:34:C8:04:2F:84:49:77:0D:C4:DD:CA:79:C9:CB:3E:C0:F4
ValidityThu, 02 Mar 2023 00:00:00 GMT - Mon, 01 Apr 2024 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (1853)
Size
27 kB (27351 bytes)
Hash
617f6d5a2744bc8c02e3d2c67544bd68
f57c068257c8bc85644d3be1e845c36506cd4625
62a3bb4d9d2b5a55b6d821a75d7b155fac47def3c241e4f1215d17e022f02658

HTTP Headers

GET /js/js__file_upload.js HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/files/15661808/MadDuckHWIDSpoof.exe.html?msg=sess_error
Cookie: lng=eng
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 10 Sep 2023 23:01:05 GMT
Content-Type: application/javascript
Content-Length: 27351
Last-Modified: Thu, 07 May 2020 19:13:28 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "5eb45dd8-6ad7"
Expires: Sun, 17 Sep 2023 23:01:05 GMT
Cache-Control: max-age=604800
Vary: Accept-Encoding
Accept-Ranges: bytes

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
b04ec1f4081598d7b98c949662054cfa
ecb53717e66a4c8977a7ae99cbf31b6d91eca951
25d11bb095cd75ed184c1ad396a62463f5a75c8de3bd44b9d5eacb7ec5f317bd

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 10 Sep 2023 23:01:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.upload.ee/images/arrow.gif

51.91.30.159

200 OK

59 B

URL GET HTTP/1.1
www.upload.ee/images/arrow.gif
IP
51.91.30.159:443
ASN
#16276 OVH SAS

Requested by
https://www.upload.ee/files/15661808/MadDuckHWIDSpoof.exe.html?msg=sess_error
Certificate
IssuerDigiCert, Inc.
Subjectwww.upload.ee
Fingerprint50:32:93:34:C8:04:2F:84:49:77:0D:C4:DD:CA:79:C9:CB:3E:C0:F4
ValidityThu, 02 Mar 2023 00:00:00 GMT - Mon, 01 Apr 2024 23:59:59 GMT

File type
GIF image data, version 89a, 6 x 9\012- data
Size
59 B (59 bytes)
Hash
6675f814b94f13f91f1383707b250e36
31452650e8fce2095613a2010799bdb7548bdd51
061d01a0b85f948c6ec464870ecec4654c4bd2ff15cacda941bbbf16225ec411

HTTP Headers

GET /images/arrow.gif HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/files/15661808/MadDuckHWIDSpoof.exe.html?msg=sess_error
Cookie: lng=eng
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 10 Sep 2023 23:01:05 GMT
Content-Type: image/gif
Content-Length: 59
Last-Modified: Sun, 14 Apr 2013 07:15:01 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "516a5775-3b"
Expires: Sun, 17 Sep 2023 23:01:05 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes

www.upload.ee/images/dl_.png

51.91.30.159

200 OK

1.9 kB

URL GET HTTP/1.1
www.upload.ee/images/dl_.png
IP
51.91.30.159:443
ASN
#16276 OVH SAS

Requested by
https://www.upload.ee/files/15661808/MadDuckHWIDSpoof.exe.html?msg=sess_error
Certificate
IssuerDigiCert, Inc.
Subjectwww.upload.ee
Fingerprint50:32:93:34:C8:04:2F:84:49:77:0D:C4:DD:CA:79:C9:CB:3E:C0:F4
ValidityThu, 02 Mar 2023 00:00:00 GMT - Mon, 01 Apr 2024 23:59:59 GMT

File type
PNG image data, 154 x 32, 8-bit colormap, non-interlaced\012- data
Size
1.9 kB (1900 bytes)
Hash
f3e8f284a4e98cdb91b6abfc142d94a4
fa9e618c2f56bea752ddd7e45a372c5539dadda9
2f13919383f54ca21e5b87f5644df8a875b99815c821dcbbabea352d854c6882

HTTP Headers

GET /images/dl_.png HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/files/15661808/MadDuckHWIDSpoof.exe.html?msg=sess_error
Cookie: lng=eng
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 10 Sep 2023 23:01:05 GMT
Content-Type: image/png
Content-Length: 1900
Last-Modified: Thu, 01 Dec 2016 09:37:27 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "583fef57-76c"
Expires: Sun, 17 Sep 2023 23:01:05 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes

www.googletagmanager.com/gtag/js?id=UA-6703115-1

142.250.74.168

200 OK

51 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=UA-6703115-1
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://www.upload.ee/files/15661808/MadDuckHWIDSpoof.exe.html?msg=sess_error
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintE6:F7:82:C1:10:AC:08:76:A1:97:70:B7:56:B7:EF:92:30:BA:1E:12
ValidityMon, 14 Aug 2023 08:16:28 GMT - Mon, 06 Nov 2023 08:16:27 GMT

File type
ASCII text, with very long lines (2271)
Size
51 kB (51163 bytes)
Hash
c98d6b08df5e6a0963a0aeec9e6a9460
9368e4d3034c3763a71f1794f98ecf6193a16ef5
18f1a91e209021daa8b4b5c7661a86e2789e419e29c0ef073238dac16445dd2b

HTTP Headers

GET /gtag/js?id=UA-6703115-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 10 Sep 2023 23:01:05 GMT
expires: Sun, 10 Sep 2023 23:01:05 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 51163
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
b04ec1f4081598d7b98c949662054cfa
ecb53717e66a4c8977a7ae99cbf31b6d91eca951
25d11bb095cd75ed184c1ad396a62463f5a75c8de3bd44b9d5eacb7ec5f317bd

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 10 Sep 2023 23:01:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

du0pud0sdlmzf.cloudfront.net/?dupud=997369

143.204.42.89

200 OK

118 kB

URL GET HTTP/2
du0pud0sdlmzf.cloudfront.net/?dupud=997369
IP
143.204.42.89:443
ASN
#16509 AMAZON-02

Requested by
https://www.upload.ee/files/15661808/MadDuckHWIDSpoof.exe.html?msg=sess_error
Certificate
IssuerAmazon
Subject*.cloudfront.net
FingerprintBA:0F:CD:B3:EA:19:B2:9D:99:9B:51:2D:16:33:6B:D0:3F:31:A2:AB
ValidityThu, 08 Dec 2022 00:00:00 GMT - Thu, 07 Dec 2023 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (15948)
Size
118 kB (117791 bytes)
Hash
66fb499f6c765cfb134c30f32ca5063c
a161c3343a3db838838d0a5a4a680c9006e009d7
f70b1290633468f89c31d3d0579b272ef482762f97806c226f56be03707c54a9

HTTP Headers

GET /?dupud=997369 HTTP/1.1
Host: du0pud0sdlmzf.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-length: 117791
date: Sun, 10 Sep 2023 23:01:05 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Miss from cloudfront
via: 1.1 f66e3db0f0449307dba3fbf72bbf3bac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: -c7VtIM5N5YFhA5vl49_jEStF-365HbCgQcRUQqXvT0Ic43raaIcXg==
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-LT9YQX0N49&l=dataLayer&cx=c

142.250.74.168

200 OK

87 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=G-LT9YQX0N49&l=dataLayer&cx=c
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://www.upload.ee/files/15661808/MadDuckHWIDSpoof.exe.html?msg=sess_error
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintE6:F7:82:C1:10:AC:08:76:A1:97:70:B7:56:B7:EF:92:30:BA:1E:12
ValidityMon, 14 Aug 2023 08:16:28 GMT - Mon, 06 Nov 2023 08:16:27 GMT

File type
ASCII text, with very long lines (3034)
Size
87 kB (87378 bytes)
Hash
a2034734d899499a3c4f5d1505ea7766
772213f486f28efb2b694298a854d44579a996e3
129ba884af6720d2437e4682f66b4d0444a50643cb36c99ac92ccc802585b4b1

HTTP Headers

GET /gtag/js?id=G-LT9YQX0N49&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 10 Sep 2023 23:01:05 GMT
expires: Sun, 10 Sep 2023 23:01:05 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 87378
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

empafnyfiexpectt.info/QWdHZkduWCQVeg8xDRAKcQQEBysuICQ3IzAxICR2AzAjPwRyImESLiVafl9wclF+QDcoA3pXYTITJhIyMlp2QC4vAShbYTdadkh0dUl0UmlxQTJbdmcTNwcgfFZhFjM1C3pXcXhTdF5xeVFyX352

104.21.6.211

204 No Content

0 B

URL GET HTTP/2
empafnyfiexpectt.info/QWdHZkduWCQVeg8xDRAKcQQEBysuICQ3IzAxICR2AzAjPwRyImESLiVafl9wclF+QDcoA3pXYTITJhIyMlp2QC4vAShbYTdadkh0dUl0UmlxQTJbdmcTNwcgfFZhFjM1C3pXcXhTdF5xeVFyX352
IP
104.21.6.211:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.upload.ee/files/15661808/MadDuckHWIDSpoof.exe.html?msg=sess_error
Certificate
IssuerLet's Encrypt
Subjectempafnyfiexpectt.info
Fingerprint0A:3C:72:5A:AE:C9:CE:C3:ED:9D:55:D4:4A:C3:28:A5:31:C0:1B:2B
ValidityMon, 04 Sep 2023 06:52:14 GMT - Sun, 03 Dec 2023 06:52:13 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /QWdHZkduWCQVeg8xDRAKcQQEBysuICQ3IzAxICR2AzAjPwRyImESLiVafl9wclF+QDcoA3pXYTITJhIyMlp2QC4vAShbYTdadkh0dUl0UmlxQTJbdmcTNwcgfFZhFjM1C3pXcXhTdF5xeVFyX352 HTTP/1.1
Host: empafnyfiexpectt.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
date: Sun, 10 Sep 2023 23:01:06 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QdxWZOQTHBtFmxfT31yfh4wie0jKiavroHmW2OecojZWhK6ZR46EI1QeTqqsJr3yySGL9D5lcLkI3NOMo3sDniCnMX4eVUol29gteOZFbisy%2BpnC4AVBSuQoNCOVCJ%2BMkilOUbwZ3X0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 804b4a786d605684-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

aticalfelixstownrus.info/QjlqOXAjWwlUTyMECB8FMFVXHEIEHFh/FDcJGkwUckoOVR04X0RaHC1MDl8CLVceFx4nTU8LNnB0WkECIVQ8aDk1bD9uGyFVLglJIXoETSkQfx1vOipeDnpADEEjfQMFaxBJKQtoLFs2LnM/fCUpVjxSOgZhEwk2BG8NbzsTbDhuMQhIKVEpCn0EUT4AUTxaOnNgI3ocekguTjkKawBoFhR7KGoTE2AOcUEtXihBPgN4O0kVGn8/bhYuTQtxIQgAPlI1LH8EDBIKXhJdPxB3Mm8HDwk/CSF0ezJRPxNqCW4WLkorfAgYHFh/Oyl3PHodCFs9CTEAXysUBxp7Bl4aFlIrUzEaQQtoHBd6DH8AGm8ddAEDXit4JhF0Pm9BJggMbwAGah13AQpSU2xWKEoFVwB/ciNaBDQKOV0YGAA

54.230.111.124

200 OK

1.2 kB

URL GET HTTP/2
aticalfelixstownrus.info/QjlqOXAjWwlUTyMECB8FMFVXHEIEHFh/FDcJGkwUckoOVR04X0RaHC1MDl8CLVceFx4nTU8LNnB0WkECIVQ8aDk1bD9uGyFVLglJIXoETSkQfx1vOipeDnpADEEjfQMFaxBJKQtoLFs2LnM/fCUpVjxSOgZhEwk2BG8NbzsTbDhuMQhIKVEpCn0EUT4AUTxaOnNgI3ocekguTjkKawBoFhR7KGoTE2AOcUEtXihBPgN4O0kVGn8/bhYuTQtxIQgAPlI1LH8EDBIKXhJdPxB3Mm8HDwk/CSF0ezJRPxNqCW4WLkorfAgYHFh/Oyl3PHodCFs9CTEAXysUBxp7Bl4aFlIrUzEaQQtoHBd6DH8AGm8ddAEDXit4JhF0Pm9BJggMbwAGah13AQpSU2xWKEoFVwB/ciNaBDQKOV0YGAA
IP
54.230.111.124:443
ASN
#16509 AMAZON-02

Requested by
https://www.upload.ee/files/15661808/MadDuckHWIDSpoof.exe.html?msg=sess_error
Certificate
IssuerAmazon
Subjectaticalfelixstownrus.info
FingerprintD6:60:E2:3A:1A:81:0A:24:51:1B:33:FA:52:EB:2F:F6:58:B1:D6:DB
ValidityMon, 04 Sep 2023 00:00:00 GMT - Wed, 02 Oct 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3017), with no line terminators
Size
1.2 kB (1172 bytes)
Hash
7ed72fd9f45c248e5565689c4fc6770d
0ea641585d0ea18565dc8c02084bd5516c6bc011
25a23db79397b6ed84f294b94375f2740e01f3398e6b79ae23ca395c1ade60e8

HTTP Headers

GET /QjlqOXAjWwlUTyMECB8FMFVXHEIEHFh/FDcJGkwUckoOVR04X0RaHC1MDl8CLVceFx4nTU8LNnB0WkECIVQ8aDk1bD9uGyFVLglJIXoETSkQfx1vOipeDnpADEEjfQMFaxBJKQtoLFs2LnM/fCUpVjxSOgZhEwk2BG8NbzsTbDhuMQhIKVEpCn0EUT4AUTxaOnNgI3ocekguTjkKawBoFhR7KGoTE2AOcUEtXihBPgN4O0kVGn8/bhYuTQtxIQgAPlI1LH8EDBIKXhJdPxB3Mm8HDwk/CSF0ezJRPxNqCW4WLkorfAgYHFh/Oyl3PHodCFs9CTEAXysUBxp7Bl4aFlIrUzEaQQtoHBd6DH8AGm8ddAEDXit4JhF0Pm9BJggMbwAGah13AQpSU2xWKEoFVwB/ciNaBDQKOV0YGAA HTTP/1.1
Host: aticalfelixstownrus.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html
content-length: 1172
date: Sun, 10 Sep 2023 23:01:06 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 6259d2cd8a5947ad41a420527bbed7a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: FFG_2IvT0FMEghjGekdTbTRiGTIVKxIflLnWLcwmMo31voOExslkwg==
X-Firefox-Spdy: h2

empafnyfiexpectt.info/ZE92amhLcBUZVTcHNxM6LA1POCkQOCciBCwNLigtAX8jIg4xJFAeAQByT1NfUH9OTBgNK0tbUEI8AgscETxLW04NIRAFVUI5S1tGVGFERFxCOktbThA/Fw1VVWkGHhwIckdcUVB8TlxQUnlGWF0

104.21.6.211

204 No Content

0 B

URL GET HTTP/2
empafnyfiexpectt.info/ZE92amhLcBUZVTcHNxM6LA1POCkQOCciBCwNLigtAX8jIg4xJFAeAQByT1NfUH9OTBgNK0tbUEI8AgscETxLW04NIRAFVUI5S1tGVGFERFxCOktbThA/Fw1VVWkGHhwIckdcUVB8TlxQUnlGWF0
IP
104.21.6.211:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.upload.ee/files/15661808/MadDuckHWIDSpoof.exe.html?msg=sess_error
Certificate
IssuerLet's Encrypt
Subjectempafnyfiexpectt.info
Fingerprint0A:3C:72:5A:AE:C9:CE:C3:ED:9D:55:D4:4A:C3:28:A5:31:C0:1B:2B
ValidityMon, 04 Sep 2023 06:52:14 GMT - Sun, 03 Dec 2023 06:52:13 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ZE92amhLcBUZVTcHNxM6LA1POCkQOCciBCwNLigtAX8jIg4xJFAeAQByT1NfUH9OTBgNK0tbUEI8AgscETxLW04NIRAFVUI5S1tGVGFERFxCOktbThA/Fw1VVWkGHhwIckdcUVB8TlxQUnlGWF0 HTTP/1.1
Host: empafnyfiexpectt.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 204 No Content
date: Sun, 10 Sep 2023 23:01:06 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7BVHMaqHtmIpngNx8mjZjwKdTFJFYy54vA8lmd1CYeS273vjgTZdyESBIXqzesE90zq8znNod7Xk89utYXwgDTZmo5LXtpc9ZeI6B7HyRHXUtuBZP4sIPyJletrFmFdgBg0Et7Dbj7k%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 804b4a787d805684-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

aticalfelixstownrus.info/TmxlM2EvDgZeXi9RBxUUPABYFlMISVd1BTtcFUYFfh8BXww0CktQDSEZAVUTIQIRHQ8rGEABJwkiCHpRGzozZSUYA1ZSCgcgMHQZPShUZiAXO1ViIgsPQAEjAVw/VQI0PTVxJRgqBHInFi8kaggtXCxqNAkUCXYgezo1SSgCPiN2RHwqK1QVGikPchkYKl1yBTcuPWtQJUlXcS1/VCpkJQwbJ3AwDApXZjUbLTcGLR8IMXY2BzQgAiALPDFLOAhcHQM7OTUEdyYtJyR1OBw1DVA1Gy00WSg2IjdXNgwAIQMWCwktciQbACgDLyJcK3Y2AzgndSgINTJmKRsLSGVRFBs8djkdIRJmIH8hAXQFOTkSZQYrGz92MBkUDhULPQMLQ1wJCT8BNj9VMVILfB8

54.230.111.124

200 OK

1.2 kB

URL GET HTTP/2
aticalfelixstownrus.info/TmxlM2EvDgZeXi9RBxUUPABYFlMISVd1BTtcFUYFfh8BXww0CktQDSEZAVUTIQIRHQ8rGEABJwkiCHpRGzozZSUYA1ZSCgcgMHQZPShUZiAXO1ViIgsPQAEjAVw/VQI0PTVxJRgqBHInFi8kaggtXCxqNAkUCXYgezo1SSgCPiN2RHwqK1QVGikPchkYKl1yBTcuPWtQJUlXcS1/VCpkJQwbJ3AwDApXZjUbLTcGLR8IMXY2BzQgAiALPDFLOAhcHQM7OTUEdyYtJyR1OBw1DVA1Gy00WSg2IjdXNgwAIQMWCwktciQbACgDLyJcK3Y2AzgndSgINTJmKRsLSGVRFBs8djkdIRJmIH8hAXQFOTkSZQYrGz92MBkUDhULPQMLQ1wJCT8BNj9VMVILfB8
IP
54.230.111.124:443
ASN
#16509 AMAZON-02

Requested by
https://www.upload.ee/files/15661808/MadDuckHWIDSpoof.exe.html?msg=sess_error
Certificate
IssuerAmazon
Subjectaticalfelixstownrus.info
FingerprintD6:60:E2:3A:1A:81:0A:24:51:1B:33:FA:52:EB:2F:F6:58:B1:D6:DB
ValidityMon, 04 Sep 2023 00:00:00 GMT - Wed, 02 Oct 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2998), with no line terminators
Size
1.2 kB (1154 bytes)
Hash
ca640413f6a8c5db5ddbbce16c00290f
2594a8f4f1a8173d5883549ee104fa353e8d01c0
d4e8514f472b645c79a6fa55fc8400b05422e56a8b216db80a8899cf7496ff68

HTTP Headers

GET /TmxlM2EvDgZeXi9RBxUUPABYFlMISVd1BTtcFUYFfh8BXww0CktQDSEZAVUTIQIRHQ8rGEABJwkiCHpRGzozZSUYA1ZSCgcgMHQZPShUZiAXO1ViIgsPQAEjAVw/VQI0PTVxJRgqBHInFi8kaggtXCxqNAkUCXYgezo1SSgCPiN2RHwqK1QVGikPchkYKl1yBTcuPWtQJUlXcS1/VCpkJQwbJ3AwDApXZjUbLTcGLR8IMXY2BzQgAiALPDFLOAhcHQM7OTUEdyYtJyR1OBw1DVA1Gy00WSg2IjdXNgwAIQMWCwktciQbACgDLyJcK3Y2AzgndSgINTJmKRsLSGVRFBs8djkdIRJmIH8hAXQFOTkSZQYrGz92MBkUDhULPQMLQ1wJCT8BNj9VMVILfB8 HTTP/1.1
Host: aticalfelixstownrus.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: text/html
content-length: 1154
date: Sun, 10 Sep 2023 23:01:06 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 6259d2cd8a5947ad41a420527bbed7a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 4ahC5fw9bQeH1DEnl5Y4ZLWJJwkvYMhjOrnMfoThQdobqL8Qpv_w3A==
X-Firefox-Spdy: h2

aticalfelixstownrus.info/Q3RFRW8iFiYoUCJJJ2MaMRh4YF0FUXcDCzZENTALcwchKQI5EmsmAywBISMdLBoxawEmAGB3KQk5DQc8DDIHESc5DCAnXxIuCyI5MzcQIQIAIxQSKCoyHRUEAToMLhcvLAd1PQc3NSE5Ki4GCy5yNSEDPjssLSEZCx4TICpxTA8hAwYhCAQ5KDIiFAYVDjYLLClFEAsDEjUIAF8sJgMcARQjdCEnOhwXFSk0JiEyABQ2E3AGCyMMBDgAGw8cPRUwAAdeKjUHMlgVHRMMORQ1DA4uKzMBFFooMhAIPgsjDAQuKiUhHFwFNhwiKWZGBwQpL0cGKC0bMhFoKRckPRMsBTU1Ii4WNiwGOAI2ExIuCjopLiwNRXFgXQUnAxMIJRkABz4bAwwhBBU6HDJJKQcqKx9+BDFwAy43cT8C

54.230.111.124

200 OK

1.2 kB

URL GET HTTP/2
aticalfelixstownrus.info/Q3RFRW8iFiYoUCJJJ2MaMRh4YF0FUXcDCzZENTALcwchKQI5EmsmAywBISMdLBoxawEmAGB3KQk5DQc8DDIHESc5DCAnXxIuCyI5MzcQIQIAIxQSKCoyHRUEAToMLhcvLAd1PQc3NSE5Ki4GCy5yNSEDPjssLSEZCx4TICpxTA8hAwYhCAQ5KDIiFAYVDjYLLClFEAsDEjUIAF8sJgMcARQjdCEnOhwXFSk0JiEyABQ2E3AGCyMMBDgAGw8cPRUwAAdeKjUHMlgVHRMMORQ1DA4uKzMBFFooMhAIPgsjDAQuKiUhHFwFNhwiKWZGBwQpL0cGKC0bMhFoKRckPRMsBTU1Ii4WNiwGOAI2ExIuCjopLiwNRXFgXQUnAxMIJRkABz4bAwwhBBU6HDJJKQcqKx9+BDFwAy43cT8C
IP
54.230.111.124:443
ASN
#16509 AMAZON-02

Requested by
https://www.upload.ee/files/15661808/MadDuckHWIDSpoof.exe.html?msg=sess_error
Certificate
IssuerAmazon
Subjectaticalfelixstownrus.info
FingerprintD6:60:E2:3A:1A:81:0A:24:51:1B:33:FA:52:EB:2F:F6:58:B1:D6:DB
ValidityMon, 04 Sep 2023 00:00:00 GMT - Wed, 02 Oct 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3013), with no line terminators
Size
1.2 kB (1167 bytes)
Hash
7eefa309587e7a1e336c42b453ae4ba9
7c6370578198e9412b0a39360e2e5f406f74194b
9252887c5fb55540e9cd13eb81ac34cb5c24784e7e1c95fcd66daef11b137818

HTTP Headers

GET /Q3RFRW8iFiYoUCJJJ2MaMRh4YF0FUXcDCzZENTALcwchKQI5EmsmAywBISMdLBoxawEmAGB3KQk5DQc8DDIHESc5DCAnXxIuCyI5MzcQIQIAIxQSKCoyHRUEAToMLhcvLAd1PQc3NSE5Ki4GCy5yNSEDPjssLSEZCx4TICpxTA8hAwYhCAQ5KDIiFAYVDjYLLClFEAsDEjUIAF8sJgMcARQjdCEnOhwXFSk0JiEyABQ2E3AGCyMMBDgAGw8cPRUwAAdeKjUHMlgVHRMMORQ1DA4uKzMBFFooMhAIPgsjDAQuKiUhHFwFNhwiKWZGBwQpL0cGKC0bMhFoKRckPRMsBTU1Ii4WNiwGOAI2ExIuCjopLiwNRXFgXQUnAxMIJRkABz4bAwwhBBU6HDJJKQcqKx9+BDFwAy43cT8C HTTP/1.1
Host: aticalfelixstownrus.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: text/html
content-length: 1167
date: Sun, 10 Sep 2023 23:01:06 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 6259d2cd8a5947ad41a420527bbed7a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: bm1w9_dfbtfXLAG41Wa9zcES4C3yIwa4KxvKewhuL_PZOuCXpmxMlw==
X-Firefox-Spdy: h2

empafnyfiexpectt.info/REFublJrfg0dbxcrID0DKXhLXBQFLCBeBQwmKTc8HhkIGQQsJQIddDAoClNrfXZaX2ZiMQcKb3VnHRozMDQdU2NiKAAIPXlnGFNjanJaQGFwb15IJ3lwSBoiJSZTX3Q0NRoCb3V3V1phfHdWWGR0dVo

104.21.6.211

204 No Content

0 B

URL GET HTTP/2
empafnyfiexpectt.info/REFublJrfg0dbxcrID0DKXhLXBQFLCBeBQwmKTc8HhkIGQQsJQIddDAoClNrfXZaX2ZiMQcKb3VnHRozMDQdU2NiKAAIPXlnGFNjanJaQGFwb15IJ3lwSBoiJSZTX3Q0NRoCb3V3V1phfHdWWGR0dVo
IP
104.21.6.211:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.upload.ee/files/15661808/MadDuckHWIDSpoof.exe.html?msg=sess_error
Certificate
IssuerLet's Encrypt
Subjectempafnyfiexpectt.info
Fingerprint0A:3C:72:5A:AE:C9:CE:C3:ED:9D:55:D4:4A:C3:28:A5:31:C0:1B:2B
ValidityMon, 04 Sep 2023 06:52:14 GMT - Sun, 03 Dec 2023 06:52:13 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /REFublJrfg0dbxcrID0DKXhLXBQFLCBeBQwmKTc8HhkIGQQsJQIddDAoClNrfXZaX2ZiMQcKb3VnHRozMDQdU2NiKAAIPXlnGFNjanJaQGFwb15IJ3lwSBoiJSZTX3Q0NRoCb3V3V1phfHdWWGR0dVo HTTP/1.1
Host: empafnyfiexpectt.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 204 No Content
date: Sun, 10 Sep 2023 23:01:06 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WihoDHKQWDo6AzkFL%2FMNKPGxTQGoD2zBqsJU%2BoaUA%2F88JqtNHQDujlURXX5c%2B%2BlUE1m%2FbkWE0%2FXchXwC13I8u4khl6Nf2WUKJVjnq354wYckHWhOgWA3lYLHrLXd%2F1E583wpAovDrj0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 804b4a78adb15684-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

www.upload.ee/favicon.ico

51.91.30.159

200 OK

1.2 kB

URL GET HTTP/1.1
www.upload.ee/favicon.ico
IP
51.91.30.159:443
ASN
#16276 OVH SAS

Requested by
https://www.upload.ee/files/15661808/MadDuckHWIDSpoof.exe.html?msg=sess_error
Certificate
IssuerDigiCert, Inc.
Subjectwww.upload.ee
Fingerprint50:32:93:34:C8:04:2F:84:49:77:0D:C4:DD:CA:79:C9:CB:3E:C0:F4
ValidityThu, 02 Mar 2023 00:00:00 GMT - Mon, 01 Apr 2024 23:59:59 GMT

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Size
1.2 kB (1150 bytes)
Hash
f299cf2e651c19e48d27900ced493ccb
c2d1086d517d7a26292e0d7b32da7c55b166c23b
115c8eb4840245f7aed0cb2a17fa7e91b86f79bb2f223a25af8cc533e1dedff1

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/files/15661808/MadDuckHWIDSpoof.exe.html?msg=sess_error
Cookie: lng=eng; _ga_LT9YQX0N49=GS1.1.1694386866.1.0.1694386866.0.0.0; _ga=GA1.1.1886201401.1694386866
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 10 Sep 2023 23:01:06 GMT
Content-Type: image/x-icon
Content-Length: 1150
Last-Modified: Tue, 16 Dec 2008 17:17:25 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "4947e2a5-47e"
Expires: Sun, 17 Sep 2023 23:01:06 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
16f619b15277d1a38232c2086442b10d
c2ee740d7f31da96cfdd695e32c41f5d42d6e059
be818594112004a174ea8bf03c345f67a1ec617fcb1263b70197c8aa157e9265

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 10 Sep 2023 23:01:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
16f619b15277d1a38232c2086442b10d
c2ee740d7f31da96cfdd695e32c41f5d42d6e059
be818594112004a174ea8bf03c345f67a1ec617fcb1263b70197c8aa157e9265

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 10 Sep 2023 23:01:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube

142.250.74.109

302 Found

0 B

URL GET HTTP/2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP
142.250.74.109:443
ASN
#15169 GOOGLE

Requested by
https://www.upload.ee/files/15661808/MadDuckHWIDSpoof.exe.html?msg=sess_error
Certificate
IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
Fingerprint75:5C:17:06:78:FB:DD:37:D1:56:96:14:FC:26:4B:66:26:5F:D9:9D
ValidityMon, 14 Aug 2023 08:23:05 GMT - Mon, 06 Nov 2023 08:23:04 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:sRtcibxxDZ9T8dKxvAvV5d7gvT2D6g:pAmiTHLz-Z6mYPi9; Expires=Tue, 09-Sep-2025 23:01:06 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 10 Sep 2023 23:01:06 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AYZoVhfi1vdJgUrDeE8-2V0IK70M2B-bFGpMHfeiNoVX7ukN1gPTjj_sNgAtpgTEWdb6M47hTVGrOg
strict-transport-security: max-age=31536000; includeSubDomains
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy: unsafe-none
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-security-policy: script-src 'nonce-wzAadnpkanBkxG-swb97vQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport
cross-origin-resource-policy: cross-origin
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

aticalfelixstownrus.info/utx?cb=JkUuAgHHTyvH&top=www.upload.ee&tid=997414

54.230.111.124

204 No Content

0 B

URL GET HTTP/2
aticalfelixstownrus.info/utx?cb=JkUuAgHHTyvH&top=www.upload.ee&tid=997414
IP
54.230.111.124:443
ASN
#16509 AMAZON-02

Requested by
https://www.upload.ee/files/15661808/MadDuckHWIDSpoof.exe.html?msg=sess_error
Certificate
IssuerAmazon
Subjectaticalfelixstownrus.info
FingerprintD6:60:E2:3A:1A:81:0A:24:51:1B:33:FA:52:EB:2F:F6:58:B1:D6:DB
ValidityMon, 04 Sep 2023 00:00:00 GMT - Wed, 02 Oct 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /utx?cb=JkUuAgHHTyvH&top=www.upload.ee&tid=997414 HTTP/1.1
Host: aticalfelixstownrus.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.upload.ee
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 204 No Content
date: Sun, 10 Sep 2023 23:01:06 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://www.upload.ee
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sun, 10 Sep 2023 23:02:06 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 6259d2cd8a5947ad41a420527bbed7a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: YN0kUrVIgCrZPKOtLHpnooTG0a7cmPChiTyjc_LXvSqaSCEVTddiug==
X-Firefox-Spdy: h2

accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail

142.250.74.109

302 Found

0 B

URL GET HTTP/2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP
142.250.74.109:443
ASN
#15169 GOOGLE

Requested by
https://www.upload.ee/files/15661808/MadDuckHWIDSpoof.exe.html?msg=sess_error
Certificate
IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
Fingerprint75:5C:17:06:78:FB:DD:37:D1:56:96:14:FC:26:4B:66:26:5F:D9:9D
ValidityMon, 14 Aug 2023 08:23:05 GMT - Mon, 06 Nov 2023 08:23:04 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:WjITDhTr6TtMuI69-v0SRgfuGqC7ag:ovGLfVMotpkvh2bn; Expires=Tue, 09-Sep-2025 23:01:06 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 10 Sep 2023 23:01:06 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AYZoVhesr2LTtYIGxT1ql0_iJhG9QmkxbNg7OrlJU-87E-u6BYd-nehGnumxIhW6bvJzrOmXh8-KeQ
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: script-src 'nonce-g-CvQPNdt14jR4jMxuJuIg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport
cross-origin-opener-policy: unsafe-none
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
e2dfeebda42275462be4c1b20fe1b66c
99021e22053a501bed57981c24ce6dbc1486cee0
487f4ecfe7ca98212b2274e00625ff493add046e76b28c9382731e7211856567

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 10 Sep 2023 23:01:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

aticalfelixstownrus.info/utx?cb=CZuIp451WHZP&top=www.upload.ee&tid=997369

54.230.111.124

204 No Content

0 B

URL GET HTTP/2
aticalfelixstownrus.info/utx?cb=CZuIp451WHZP&top=www.upload.ee&tid=997369
IP
54.230.111.124:443
ASN
#16509 AMAZON-02

Requested by
https://www.upload.ee/files/15661808/MadDuckHWIDSpoof.exe.html?msg=sess_error
Certificate
IssuerAmazon
Subjectaticalfelixstownrus.info
FingerprintD6:60:E2:3A:1A:81:0A:24:51:1B:33:FA:52:EB:2F:F6:58:B1:D6:DB
ValidityMon, 04 Sep 2023 00:00:00 GMT - Wed, 02 Oct 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /utx?cb=CZuIp451WHZP&top=www.upload.ee&tid=997369 HTTP/1.1
Host: aticalfelixstownrus.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.upload.ee
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 204 No Content
date: Sun, 10 Sep 2023 23:01:06 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://www.upload.ee
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sun, 10 Sep 2023 23:02:06 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 6259d2cd8a5947ad41a420527bbed7a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: _NXZzkhOF1qpG1KqZlY1FDFf0Js9OsBjAJIgnhrW-2bTwjajz1HEAg==
X-Firefox-Spdy: h2

accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AYZoVhfi1vdJgUrDeE8-2V0IK70M2B-bFGpMHfeiNoVX7ukN1gPTjj_sNgAtpgTEWdb6M47hTVGrOg

142.250.74.109

302 Found

407 B

URL GET HTTP/2
accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AYZoVhfi1vdJgUrDeE8-2V0IK70M2B-bFGpMHfeiNoVX7ukN1gPTjj_sNgAtpgTEWdb6M47hTVGrOg
IP
142.250.74.109:443
ASN
#15169 GOOGLE

Requested by
https://www.upload.ee/files/15661808/MadDuckHWIDSpoof.exe.html?msg=sess_error
Certificate
IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
Fingerprint75:5C:17:06:78:FB:DD:37:D1:56:96:14:FC:26:4B:66:26:5F:D9:9D
ValidityMon, 14 Aug 2023 08:23:05 GMT - Mon, 06 Nov 2023 08:23:04 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (400)
Size
407 B (407 bytes)
Hash
7fb3484ec34f06f2e06ac8227daf3f2c
f4268ff73fcddd1c6b720b0b7fab378626532f30
e7734f8b820b34588186742ccc02e276bb5310703568f2483a819efeee5b02d0

HTTP Headers

GET /InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AYZoVhfi1vdJgUrDeE8-2V0IK70M2B-bFGpMHfeiNoVX7ukN1gPTjj_sNgAtpgTEWdb6M47hTVGrOg HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:dtOUOXcvSRLD24yJEfpl6wNn2QQv3w:CvxbvqBjdiAjCRAX;Path=/;Expires=Tue, 09-Sep-2025 23:01:06 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 10 Sep 2023 23:01:06 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AYZoVhcQ1NBIwv2oE3Ai03NUs0OJQAtUjVQVGuUQH3Q20AgSv5d7fn1XG5pnaDEBsn_DPQNlNeeIDA&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1408366128%3A1694386866494230&theme=glif
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-LU1v6lyLMv7QUBKy5jDoBQ' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 407
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

du0pud0sdlmzf.cloudfront.net/2M0xrcmVQIwUUWkclD09cCntYRFwVJhgdC0NxIDsGRzpYIQFbFlJUEUkoVkJDXy0FFVgVKQURWAJqChYHDnhNBhVcJ1YICl8qDwIHRjQfVBBScQYdH1ogBxNAAQpeXFUWfltaHQJ9TkEnFn5bHgxdORNXVwM0U0Q6BXhOQScWflsAExZ/KkNVCmJbW0ABfA-wXBlgjTkAjAXxaQlUCfFpXVwMqAgAAVSMTV1d1fVpDSwNqHk9U

143.204.42.89

623 B

URL
du0pud0sdlmzf.cloudfront.net/2M0xrcmVQIwUUWkclD09cCntYRFwVJhgdC0NxIDsGRzpYIQFbFlJUEUkoVkJDXy0FFVgVKQURWAJqChYHDnhNBhVcJ1YICl8qDwIHRjQfVBBScQYdH1ogBxNAAQpeXFUWfltaHQJ9TkEnFn5bHgxdORNXVwM0U0Q6BXhOQScWflsAExZ/KkNVCmJbW0ABfA-wXBlgjTkAjAXxaQlUCfFpXVwMqAgAAVSMTV1d1fVpDSwNqHk9U
IP
143.204.42.89:0
ASN
#16509 AMAZON-02

Certificate
IssuerAmazon
Subject*.cloudfront.net
FingerprintBA:0F:CD:B3:EA:19:B2:9D:99:9B:51:2D:16:33:6B:D0:3F:31:A2:AB
ValidityThu, 08 Dec 2022 00:00:00 GMT - Thu, 07 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (883), with no line terminators
Size
623 B (623 bytes)
Hash
8a0d276b0653f5bbffd22e7a7ae2d161
7dd9dd4958c34c8b94f7727874633e9291c4f261
ab194d6b3330129414caaca1eaa2ad735ba4de48d2a1c5330810a55188bd777b

HTTP Headers

GET /2M0xrcmVQIwUUWkclD09cCntYRFwVJhgdC0NxIDsGRzpYIQFbFlJUEUkoVkJDXy0FFVgVKQURWAJqChYHDnhNBhVcJ1YICl8qDwIHRjQfVBBScQYdH1ogBxNAAQpeXFUWfltaHQJ9TkEnFn5bHgxdORNXVwM0U0Q6BXhOQScWflsAExZ/KkNVCmJbW0ABfA-wXBlgjTkAjAXxaQlUCfFpXVwMqAgAAVSMTV1d1fVpDSwNqHk9U HTTP/1.1
Host: du0pud0sdlmzf.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aticalfelixstownrus.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-length: 623
date: Sun, 10 Sep 2023 23:01:06 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 f66e3db0f0449307dba3fbf72bbf3bac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: gozQOOf_KJl9lbauU7DwW2UksDLDxn2d2S3yC-ONKogumkYnRbl1TA==
X-Firefox-Spdy: h2

du0pud0sdlmzf.cloudfront.net/GNmI0UVVVDVo3akILUGxsD1UAYW0QCEc+O0ZfczQPBDVFaAFXCAYic0IYUGxlEA5VPzILRFE/NgtTEjAxVF8AdyBXX1k+L18OWDBwBCQBf2UTUAR5LQdTEWIXE1AEPTxYF0x0ZwYaDGcKAFYRYhcTUAQjIxNRdWBlD0wEeHAEUlM0Nl0NEWMTBFIFYWUHUg-V0ZwYEXSMwUA1MdGdwUwVgewZEQWxk

143.204.42.89

197 B

URL
du0pud0sdlmzf.cloudfront.net/GNmI0UVVVDVo3akILUGxsD1UAYW0QCEc+O0ZfczQPBDVFaAFXCAYic0IYUGxlEA5VPzILRFE/NgtTEjAxVF8AdyBXX1k+L18OWDBwBCQBf2UTUAR5LQdTEWIXE1AEPTxYF0x0ZwYaDGcKAFYRYhcTUAQjIxNRdWBlD0wEeHAEUlM0Nl0NEWMTBFIFYWUHUg-V0ZwYEXSMwUA1MdGdwUwVgewZEQWxk
IP
143.204.42.89:0
ASN
#16509 AMAZON-02

Certificate
IssuerAmazon
Subject*.cloudfront.net
FingerprintBA:0F:CD:B3:EA:19:B2:9D:99:9B:51:2D:16:33:6B:D0:3F:31:A2:AB
ValidityThu, 08 Dec 2022 00:00:00 GMT - Thu, 07 Dec 2023 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
197 B (197 bytes)
Hash
11ab142eb7ccbbfd5bf6e76718730865
4ffc7a26ad66fa2b59a63798bb64486049655e3d
e718fc4a4a74ed84e98115c7d1d89db873ee19136b963371f39de1f9cd227128

HTTP Headers

GET /GNmI0UVVVDVo3akILUGxsD1UAYW0QCEc+O0ZfczQPBDVFaAFXCAYic0IYUGxlEA5VPzILRFE/NgtTEjAxVF8AdyBXX1k+L18OWDBwBCQBf2UTUAR5LQdTEWIXE1AEPTxYF0x0ZwYaDGcKAFYRYhcTUAQjIxNRdWBlD0wEeHAEUlM0Nl0NEWMTBFIFYWUHUg-V0ZwYEXSMwUA1MdGdwUwVgewZEQWxk HTTP/1.1
Host: du0pud0sdlmzf.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aticalfelixstownrus.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-length: 197
date: Sun, 10 Sep 2023 23:01:06 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 f66e3db0f0449307dba3fbf72bbf3bac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: eugEr5xYmpkM872daDq9ZRoBOt4FNPTslhdso3M5EekybkqxSt7n1w==
X-Firefox-Spdy: h2

du0pud0sdlmzf.cloudfront.net/JMHBSOFBTHzxeb0QZNgVpCUdmCWQWGiFXPkBNIkxlXB0RDCpdViZCNA1AdFQxXhdvHjVeE28JdlEUMAVkFgQiVzsNCj1UNlQAME0oRFYnWW1dHyhRPFwRdwoWBV5iHWIAWCoJYRVDEB1iABw7ViVIVWAIKAhGDQ5kFUMQHWIAAiQdY3FBYgF+AFl3CmBXFT-FTPxVCFApgAUBiCWABVWAINlkCN14/SFVgfmEBQXwIdkVNYw

143.204.42.89

581 B

URL
du0pud0sdlmzf.cloudfront.net/JMHBSOFBTHzxeb0QZNgVpCUdmCWQWGiFXPkBNIkxlXB0RDCpdViZCNA1AdFQxXhdvHjVeE28JdlEUMAVkFgQiVzsNCj1UNlQAME0oRFYnWW1dHyhRPFwRdwoWBV5iHWIAWCoJYRVDEB1iABw7ViVIVWAIKAhGDQ5kFUMQHWIAAiQdY3FBYgF+AFl3CmBXFT-FTPxVCFApgAUBiCWABVWAINlkCN14/SFVgfmEBQXwIdkVNYw
IP
143.204.42.89:0
ASN
#16509 AMAZON-02

Certificate
IssuerAmazon
Subject*.cloudfront.net
FingerprintBA:0F:CD:B3:EA:19:B2:9D:99:9B:51:2D:16:33:6B:D0:3F:31:A2:AB
ValidityThu, 08 Dec 2022 00:00:00 GMT - Thu, 07 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (813), with no line terminators
Size
581 B (581 bytes)
Hash
83215f67b86c50b65f9d716e100212f6
c0a23e901120d3cdde3139cfbdf33d58a4f00db5
587084c296021c7aee06a4af6318686d8a80010d0364e3e89a7f3753301f0b20

HTTP Headers

GET /JMHBSOFBTHzxeb0QZNgVpCUdmCWQWGiFXPkBNIkxlXB0RDCpdViZCNA1AdFQxXhdvHjVeE28JdlEUMAVkFgQiVzsNCj1UNlQAME0oRFYnWW1dHyhRPFwRdwoWBV5iHWIAWCoJYRVDEB1iABw7ViVIVWAIKAhGDQ5kFUMQHWIAAiQdY3FBYgF+AFl3CmBXFT-FTPxVCFApgAUBiCWABVWAINlkCN14/SFVgfmEBQXwIdkVNYw HTTP/1.1
Host: du0pud0sdlmzf.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aticalfelixstownrus.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-length: 581
date: Sun, 10 Sep 2023 23:01:06 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 f66e3db0f0449307dba3fbf72bbf3bac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: azbOM2_rASVTY3VZ6qC8NMCRkslbrDBPKV0OKfbZvW-sF1yxCF4u0w==
X-Firefox-Spdy: h2

accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AYZoVhesr2LTtYIGxT1ql0_iJhG9QmkxbNg7OrlJU-87E-u6BYd-nehGnumxIhW6bvJzrOmXh8-KeQ

142.250.74.109

302 Found

401 B

URL GET HTTP/3
accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AYZoVhesr2LTtYIGxT1ql0_iJhG9QmkxbNg7OrlJU-87E-u6BYd-nehGnumxIhW6bvJzrOmXh8-KeQ
IP
142.250.74.109:443
ASN
#15169 GOOGLE

Requested by
https://www.upload.ee/files/15661808/MadDuckHWIDSpoof.exe.html?msg=sess_error
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint5A:48:5B:27:A7:FB:0B:D6:63:83:8E:8E:80:DB:29:B7:2C:72:A8:8E
ValidityMon, 14 Aug 2023 08:16:28 GMT - Mon, 06 Nov 2023 08:16:27 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (396)
Size
401 B (401 bytes)
Hash
ec80e7833d079bdcdb92cc0b264adc3a
4f83aa27734a985f3812831e981eaa9d1f7fb639
5450e22f8faaf57386536df89e2ba6128d53f2e7f0369acf385df6f5a5bbc5ac

HTTP Headers

GET /InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AYZoVhesr2LTtYIGxT1ql0_iJhG9QmkxbNg7OrlJU-87E-u6BYd-nehGnumxIhW6bvJzrOmXh8-KeQ HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:SWyIRh1s5nxz1JgPwpjPV_OxFxpDjg:3FcUfdBGqJMdACn0;Path=/;Expires=Tue, 09-Sep-2025 23:01:06 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 10 Sep 2023 23:01:06 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AYZoVhcHvkhCU3iOHXZpb3m7Zy56lKmzdeGayZIvbTWirzLdD0PtsvnrRYdvQm0-ZU5FAo3jrMReCw&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1693655835%3A1694386866583530&theme=glif
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-dAw2DjnP6RajClGIQxQOzw' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 401
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.googletagmanager.com/a?v=3&t=l&pid=1249144585&rv=3960&u=AAAAAAAAAAAAAIAAAAAAAAE&ut=AACA&h=Ag&cid=88781555&l=88781555.EC2.TC0.HTC0~*~*~GA340.371

142.250.74.168

200 OK

0 B

URL GET HTTP/3
www.googletagmanager.com/a?v=3&t=l&pid=1249144585&rv=3960&u=AAAAAAAAAAAAAIAAAAAAAAE&ut=AACA&h=Ag&cid=88781555&l=88781555.EC2.TC0.HTC0~*~*~GA340.371
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://www.upload.ee/files/15661808/MadDuckHWIDSpoof.exe.html?msg=sess_error
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintE6:F7:82:C1:10:AC:08:76:A1:97:70:B7:56:B7:EF:92:30:BA:1E:12
ValidityMon, 14 Aug 2023 08:16:28 GMT - Mon, 06 Nov 2023 08:16:27 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /a?v=3&t=l&pid=1249144585&rv=3960&u=AAAAAAAAAAAAAIAAAAAAAAE&ut=AACA&h=Ag&cid=88781555&l=88781555.EC2.TC0.HTC0~*~*~GA340.371 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 10 Sep 2023 23:01:07 GMT
content-type: text/html
server: Google Tag Manager
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AYZoVhcHvkhCU3iOHXZpb3m7Zy56lKmzdeGayZIvbTWirzLdD0PtsvnrRYdvQm0-ZU5FAo3jrMReCw&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1693655835%3A1694386866583530&theme=glif

142.250.74.109

403 Forbidden

809 B

URL GET HTTP/3
accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AYZoVhcHvkhCU3iOHXZpb3m7Zy56lKmzdeGayZIvbTWirzLdD0PtsvnrRYdvQm0-ZU5FAo3jrMReCw&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1693655835%3A1694386866583530&theme=glif
IP
142.250.74.109:443
ASN
#15169 GOOGLE

Requested by
https://www.upload.ee/files/15661808/MadDuckHWIDSpoof.exe.html?msg=sess_error
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint5A:48:5B:27:A7:FB:0B:D6:63:83:8E:8E:80:DB:29:B7:2C:72:A8:8E
ValidityMon, 14 Aug 2023 08:16:28 GMT - Mon, 06 Nov 2023 08:16:27 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (1644), with no line terminators
Size
809 B (809 bytes)
Hash
15332e90a1589f86dbada4e3c00c59f3
4f209022631c38f0fb29be3332d17306bd94f622
dad7592bb606d8e9849c93da0613d2c9b24a39b2f0ee785abf4b6a62916c3a06

HTTP Headers

GET /v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AYZoVhcHvkhCU3iOHXZpb3m7Zy56lKmzdeGayZIvbTWirzLdD0PtsvnrRYdvQm0-ZU5FAo3jrMReCw&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1693655835%3A1694386866583530&theme=glif HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 10 Sep 2023 23:01:06 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-security-policy: script-src 'nonce-t2rWMBOZeccsQY-yAKJ51A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

empafnyfiexpectt.info/popunder.gif

104.21.6.211

200 OK

1.3 kB

URL GET HTTP/3
empafnyfiexpectt.info/popunder.gif
IP
104.21.6.211:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.upload.ee/files/15661808/MadDuckHWIDSpoof.exe.html?msg=sess_error
Certificate
IssuerLet's Encrypt
Subjectempafnyfiexpectt.info
Fingerprint0A:3C:72:5A:AE:C9:CE:C3:ED:9D:55:D4:4A:C3:28:A5:31:C0:1B:2B
ValidityMon, 04 Sep 2023 06:52:14 GMT - Sun, 03 Dec 2023 06:52:13 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
1.3 kB (1347 bytes)
Hash
d75032da9693982f48a45588c6d518e7
3618cde03860776d62b7f9296aa7ed93647c1684
3be0bd6a522586f38d5f8e30196e41a38a6451dcdb59d90f50450f55ba34429b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /popunder.gif HTTP/1.1
Host: empafnyfiexpectt.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 10 Sep 2023 23:01:06 GMT
content-type: image/gif
access-control-allow-origin: *
pragma: public
cache-control: public, max-age=604800, immutable
cf-cache-status: HIT
age: 38868
last-modified: Sun, 10 Sep 2023 12:13:18 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5wS7k%2F%2FXrF58Xlh3qqBLCGn%2F6TVKGl8TCegjNHTa7gRxD%2FK53mMuMmgHJKgTyWv%2BuRM24JIZMiKGttqgJRLW9umbvNYr3lMsgqaUb8DQsmDXc5VBjqNt9esgo3cojm59RG7J%2B6E6VFs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 804b4a7c8d480afa-OSL
alt-svc: h3=":443"; ma=86400

serving.bepolite.eu/script?space=50dd7b0f-4105-441f-8f60-18cc3fcb090c&type=direct&page_id=6895167&screen_width=1280&screen_height=1024&os=Linux%20x86_64&refurl=https%3A%2F%2Fwww.upload.ee%2Fdownload%2F15661808%2F600fdb93b0521d84e423%2FMadDuckHWIDSpoof.exe&pageurl=https%3A%2F%2Fwww.upload.ee%2Ffiles%2F15661808%2FMadDuckHWIDSpoof.exe.html%3Fmsg%3Dsess_error&rnd=1694386865790

212.47.222.22

1.9 kB

URL GET
serving.bepolite.eu/script?space=50dd7b0f-4105-441f-8f60-18cc3fcb090c&type=direct&page_id=6895167&screen_width=1280&screen_height=1024&os=Linux%20x86_64&refurl=https%3A%2F%2Fwww.upload.ee%2Fdownload%2F15661808%2F600fdb93b0521d84e423%2FMadDuckHWIDSpoof.exe&pageurl=https%3A%2F%2Fwww.upload.ee%2Ffiles%2F15661808%2FMadDuckHWIDSpoof.exe.html%3Fmsg%3Dsess_error&rnd=1694386865790
IP
212.47.222.22:0
ASN
#3327 CITIC Telecom CPC Netherlands B.V.

Requested by
https://www.upload.ee/files/15661808/MadDuckHWIDSpoof.exe.html?msg=sess_error
Certificate
IssuerLet's Encrypt
Subjectstatic.bepolite.eu
FingerprintB7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD
ValidityMon, 04 Sep 2023 21:06:47 GMT - Sun, 03 Dec 2023 21:06:46 GMT

File type
ASCII text, with very long lines (394)
Size
1.9 kB (1873 bytes)
Hash
c2a2a08e7ee5b596bdbd646bd7dcedd5
f4c417aba64bbb883aa3ba7f03a2d7eaf7dc6c9b
f4fa3a8e55ff958b3cc3e310d10ec1f8e9f5012f538475e9b1621f9ed3b5f43a

HTTP Headers

GET /script?space=50dd7b0f-4105-441f-8f60-18cc3fcb090c&type=direct&page_id=6895167&screen_width=1280&screen_height=1024&os=Linux%20x86_64&refurl=https%3A%2F%2Fwww.upload.ee%2Fdownload%2F15661808%2F600fdb93b0521d84e423%2FMadDuckHWIDSpoof.exe&pageurl=https%3A%2F%2Fwww.upload.ee%2Ffiles%2F15661808%2FMadDuckHWIDSpoof.exe.html%3Fmsg%3Dsess_error&rnd=1694386865790 HTTP/1.1
Host: serving.bepolite.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
cache-control: private, must-revalidate, max-age=0
vary: accept-encoding
content-encoding: gzip
content-type: text/plain;charset=ISO-8859-1
date: Sun, 10 Sep 2023 23:01:05 GMT
set-cookie: bepolite_id=045a94f36cc2a44e2cbdd12429a0acfb; Max-Age=7776000; Expires=Sat, 09-Dec-2023 23:01:05 GMT; SameSite=None; Secure
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 103759445
age: 0
accept-ranges: bytes
content-length: 1873
X-Firefox-Spdy: h2

static.bepolite.eu/scripts/saresponsive.js

212.47.222.22

200 OK

175 kB

URL GET HTTP/2
static.bepolite.eu/scripts/saresponsive.js
IP
212.47.222.22:443
ASN
#3327 CITIC Telecom CPC Netherlands B.V.

Requested by
https://www.upload.ee/files/15661808/MadDuckHWIDSpoof.exe.html?msg=sess_error
Certificate
IssuerLet's Encrypt
Subjectstatic.bepolite.eu
FingerprintB7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD
ValidityMon, 04 Sep 2023 21:06:47 GMT - Sun, 03 Dec 2023 21:06:46 GMT

File type
ASCII text, with very long lines (32077), with CRLF line terminators
Size
175 kB (174934 bytes)
Hash
1bf7f467e8e0d7bbc53585aad8ea467c
9a438e3c801182c612d82ecbec28d6dc5a643b93
08af140297a6c256dcd10d0b815e41b80217789ebe5ac9558a24546432adddeb

HTTP Headers

GET /scripts/saresponsive.js HTTP/1.1
Host: static.bepolite.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: application/javascript
accept-ranges: bytes
etag: "98611151"
last-modified: Mon, 14 Aug 2023 20:11:50 GMT
content-length: 174934
date: Sun, 10 Sep 2023 23:00:57 GMT
cache-control: must-revalidate, private
expires: -1
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 103759448
age: 0
X-Firefox-Spdy: h2

static.bepolite.eu/banners/07b9f12f-80b5-4dce-b54d-a47082b49d62/Big_Win_1000x400_tag2.jpg

212.47.222.22

200 OK

44 kB

URL GET HTTP/2
static.bepolite.eu/banners/07b9f12f-80b5-4dce-b54d-a47082b49d62/Big_Win_1000x400_tag2.jpg
IP
212.47.222.22:443
ASN
#3327 CITIC Telecom CPC Netherlands B.V.

Requested by
https://www.upload.ee/files/15661808/MadDuckHWIDSpoof.exe.html?msg=sess_error
Certificate
IssuerLet's Encrypt
Subjectstatic.bepolite.eu
FingerprintB7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD
ValidityMon, 04 Sep 2023 21:06:47 GMT - Sun, 03 Dec 2023 21:06:46 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 1000x400, components 3\012- data
Size
44 kB (43932 bytes)
Hash
694e189137a0b4fd1a417bdd156f84db
a516e4feaedb4814b846c512fa756414493b749f
41e62beb4bcbfb98bdcffac62a38592a37437a0298f5d58befea9909b2f799f4

HTTP Headers

GET /banners/07b9f12f-80b5-4dce-b54d-a47082b49d62/Big_Win_1000x400_tag2.jpg HTTP/1.1
Host: static.bepolite.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
accept-ranges: bytes
etag: "1178900201"
last-modified: Sat, 02 Sep 2023 08:03:36 GMT
content-length: 43932
date: Sun, 10 Sep 2023 23:01:05 GMT
cache-control: must-revalidate, private
expires: -1
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 104514013
age: 0
X-Firefox-Spdy: h2

static.bepolite.eu/banners/a247979d-f898-4aab-a992-ab17ac1c83a6/index.html?click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4C5LNGUTvRO0X4fIS12o_1qwiDEw_KdgHVjk40LQXXl0Z3QfWl1pLgyV0Ann-FoV9O0-6ZGAxLcxsKdMI3bBJcgWkG9sBU5WlMklrL_pZQxpJM6l6V3pttOAo_kC4E5Eo7CSrpWyCLqIhMWgxoYPGvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1WXZ8X6JSe0Gnw2zRAzhRqzoptxWl3N6M6wSBlOWoR-TR_lOyfSdK8HxRrQktEc-na5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttps%253A%252F%252Fwww.kaubamaja.ee%252F%253Futm_source%253Dsmartad%2526utm_medium%253Dbanner%2526utm_campaign%253Dilu_aeg_sygis_2023%2526utm_content%253Dsisu%2526utm_term%253Dee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4C5LNGUTvRO0X4fIS12o_1qwiDEw_KdgHVjk40LQXXl0Z3QfWl1pLgyV0Ann-FoV9O0-6ZGAxLcxsKdMI3bBJcgWkG9sBU5WlMklrL_pZQxpJM6l6V3pttOAo_kC4E5Eo7CSrpWyCLqIhMWgxoYPGvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1WXZ8X6JSe0Gnw2zRAzhRqzoptxWl3N6M6wSBlOWoR-TR_lOyfSdK8HxRrQktEc-na5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fstatic.bepolite.eu%2Fbanners%2Fa247979d-f898-4aab-a992-ab17ac1c83a6%2Findex.html&clink=https%3A%2F%2Fwww.kaubamaja.ee%2F%3Futm_source%3Dsmartad%26utm_medium%3Dbanner%26utm_campaign%3Dilu_aeg_sygis_2023%26utm_content%3Dsisu%26utm_term%3Dee&banner_id=104788ef97cd4dc28dbe29d4dd65d6bc50dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner

212.47.222.22

200 OK

2.1 kB

URL GET HTTP/2
static.bepolite.eu/banners/a247979d-f898-4aab-a992-ab17ac1c83a6/index.html?click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4C5LNGUTvRO0X4fIS12o_1qwiDEw_KdgHVjk40LQXXl0Z3QfWl1pLgyV0Ann-FoV9O0-6ZGAxLcxsKdMI3bBJcgWkG9sBU5WlMklrL_pZQxpJM6l6V3pttOAo_kC4E5Eo7CSrpWyCLqIhMWgxoYPGvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1WXZ8X6JSe0Gnw2zRAzhRqzoptxWl3N6M6wSBlOWoR-TR_lOyfSdK8HxRrQktEc-na5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttps%253A%252F%252Fwww.kaubamaja.ee%252F%253Futm_source%253Dsmartad%2526utm_medium%253Dbanner%2526utm_campaign%253Dilu_aeg_sygis_2023%2526utm_content%253Dsisu%2526utm_term%253Dee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4C5LNGUTvRO0X4fIS12o_1qwiDEw_KdgHVjk40LQXXl0Z3QfWl1pLgyV0Ann-FoV9O0-6ZGAxLcxsKdMI3bBJcgWkG9sBU5WlMklrL_pZQxpJM6l6V3pttOAo_kC4E5Eo7CSrpWyCLqIhMWgxoYPGvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1WXZ8X6JSe0Gnw2zRAzhRqzoptxWl3N6M6wSBlOWoR-TR_lOyfSdK8HxRrQktEc-na5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fstatic.bepolite.eu%2Fbanners%2Fa247979d-f898-4aab-a992-ab17ac1c83a6%2Findex.html&clink=https%3A%2F%2Fwww.kaubamaja.ee%2F%3Futm_source%3Dsmartad%26utm_medium%3Dbanner%26utm_campaign%3Dilu_aeg_sygis_2023%26utm_content%3Dsisu%26utm_term%3Dee&banner_id=104788ef97cd4dc28dbe29d4dd65d6bc50dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
IP
212.47.222.22:443
ASN
#3327 CITIC Telecom CPC Netherlands B.V.

Requested by
https://www.upload.ee/files/15661808/MadDuckHWIDSpoof.exe.html?msg=sess_error
Certificate
IssuerLet's Encrypt
Subjectstatic.bepolite.eu
FingerprintB7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD
ValidityMon, 04 Sep 2023 21:06:47 GMT - Sun, 03 Dec 2023 21:06:46 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size
2.1 kB (2141 bytes)
Hash
e550164902f92f0e647f0a04e1f70e78
7dabb8cdd25e9e1e95db19d0eb99ce2616fcf4f7
66fc2e4838058041efd1e179ae21a300c9cad11c151e96952ec5aef6fdfbfb66

HTTP Headers

GET /banners/a247979d-f898-4aab-a992-ab17ac1c83a6/index.html?click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4C5LNGUTvRO0X4fIS12o_1qwiDEw_KdgHVjk40LQXXl0Z3QfWl1pLgyV0Ann-FoV9O0-6ZGAxLcxsKdMI3bBJcgWkG9sBU5WlMklrL_pZQxpJM6l6V3pttOAo_kC4E5Eo7CSrpWyCLqIhMWgxoYPGvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1WXZ8X6JSe0Gnw2zRAzhRqzoptxWl3N6M6wSBlOWoR-TR_lOyfSdK8HxRrQktEc-na5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttps%253A%252F%252Fwww.kaubamaja.ee%252F%253Futm_source%253Dsmartad%2526utm_medium%253Dbanner%2526utm_campaign%253Dilu_aeg_sygis_2023%2526utm_content%253Dsisu%2526utm_term%253Dee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4C5LNGUTvRO0X4fIS12o_1qwiDEw_KdgHVjk40LQXXl0Z3QfWl1pLgyV0Ann-FoV9O0-6ZGAxLcxsKdMI3bBJcgWkG9sBU5WlMklrL_pZQxpJM6l6V3pttOAo_kC4E5Eo7CSrpWyCLqIhMWgxoYPGvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1WXZ8X6JSe0Gnw2zRAzhRqzoptxWl3N6M6wSBlOWoR-TR_lOyfSdK8HxRrQktEc-na5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fstatic.bepolite.eu%2Fbanners%2Fa247979d-f898-4aab-a992-ab17ac1c83a6%2Findex.html&clink=https%3A%2F%2Fwww.kaubamaja.ee%2F%3Futm_source%3Dsmartad%26utm_medium%3Dbanner%26utm_campaign%3Dilu_aeg_sygis_2023%26utm_content%3Dsisu%26utm_term%3Dee&banner_id=104788ef97cd4dc28dbe29d4dd65d6bc50dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner HTTP/1.1
Host: static.bepolite.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: text/html
accept-ranges: bytes
etag: "2998264573"
last-modified: Thu, 07 Sep 2023 08:52:50 GMT
content-length: 2141
date: Sun, 10 Sep 2023 23:01:05 GMT
cache-control: must-revalidate, private
expires: -1
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 103668578
age: 0
X-Firefox-Spdy: h2

static.bepolite.eu/files/close-gray.png

212.47.222.22

200 OK

1.5 kB

URL GET HTTP/2
static.bepolite.eu/files/close-gray.png
IP
212.47.222.22:443
ASN
#3327 CITIC Telecom CPC Netherlands B.V.

Requested by
https://www.upload.ee/files/15661808/MadDuckHWIDSpoof.exe.html?msg=sess_error
Certificate
IssuerLet's Encrypt
Subjectstatic.bepolite.eu
FingerprintB7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD
ValidityMon, 04 Sep 2023 21:06:47 GMT - Sun, 03 Dec 2023 21:06:46 GMT

File type
PNG image data, 35 x 35, 8-bit/color RGBA, non-interlaced\012- data
Size
1.5 kB (1497 bytes)
Hash
41d9676ab94bece3f7a549b4769ddbe2
521f14490fc57fea51e2e5bf00e2299dce51561b
c2f89787bda82263fceb9ec11d398fa83a5f22abf248956df29bdee2987d2f34

HTTP Headers

GET /files/close-gray.png HTTP/1.1
Host: static.bepolite.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/png
accept-ranges: bytes
etag: "3930991918"
last-modified: Fri, 08 Apr 2022 18:07:56 GMT
content-length: 1497
date: Sun, 10 Sep 2023 22:53:29 GMT
cache-control: must-revalidate, private
expires: -1
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 102714192
age: 0
X-Firefox-Spdy: h2

static.bepolite.eu/banners/a247979d-f898-4aab-a992-ab17ac1c83a6/app.css

212.47.222.22

200 OK

3.1 kB

URL GET HTTP/2
static.bepolite.eu/banners/a247979d-f898-4aab-a992-ab17ac1c83a6/app.css
IP
212.47.222.22:443
ASN
#3327 CITIC Telecom CPC Netherlands B.V.

Requested by
https://static.bepolite.eu/banners/a247979d-f898-4aab-a992-ab17ac1c83a6/index.html?click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4C5LNGUTvRO0X4fIS12o_1qwiDEw_KdgHVjk40LQXXl0Z3QfWl1pLgyV0Ann-FoV9O0-6ZGAxLcxsKdMI3bBJcgWkG9sBU5WlMklrL_pZQxpJM6l6V3pttOAo_kC4E5Eo7CSrpWyCLqIhMWgxoYPGvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1WXZ8X6JSe0Gnw2zRAzhRqzoptxWl3N6M6wSBlOWoR-TR_lOyfSdK8HxRrQktEc-na5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttps%253A%252F%252Fwww.kaubamaja.ee%252F%253Futm_source%253Dsmartad%2526utm_medium%253Dbanner%2526utm_campaign%253Dilu_aeg_sygis_2023%2526utm_content%253Dsisu%2526utm_term%253Dee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4C5LNGUTvRO0X4fIS12o_1qwiDEw_KdgHVjk40LQXXl0Z3QfWl1pLgyV0Ann-FoV9O0-6ZGAxLcxsKdMI3bBJcgWkG9sBU5WlMklrL_pZQxpJM6l6V3pttOAo_kC4E5Eo7CSrpWyCLqIhMWgxoYPGvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1WXZ8X6JSe0Gnw2zRAzhRqzoptxWl3N6M6wSBlOWoR-TR_lOyfSdK8HxRrQktEc-na5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fstatic.bepolite.eu%2Fbanners%2Fa247979d-f898-4aab-a992-ab17ac1c83a6%2Findex.html&clink=https%3A%2F%2Fwww.kaubamaja.ee%2F%3Futm_source%3Dsmartad%26utm_medium%3Dbanner%26utm_campaign%3Dilu_aeg_sygis_2023%26utm_content%3Dsisu%26utm_term%3Dee&banner_id=104788ef97cd4dc28dbe29d4dd65d6bc50dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate
IssuerLet's Encrypt
Subjectstatic.bepolite.eu
FingerprintB7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD
ValidityMon, 04 Sep 2023 21:06:47 GMT - Sun, 03 Dec 2023 21:06:46 GMT

File type
ASCII text, with CRLF line terminators
Size
3.1 kB (3069 bytes)
Hash
95ce689283925015d64561c139e56353
f6f49da8d33b8d4591513bfd24d418ecfd053665
23045f9d3b2d50abbb3c8843a1ff85a91bf3d0e4a9a2b0d186614d9274c87858

HTTP Headers

GET /banners/a247979d-f898-4aab-a992-ab17ac1c83a6/app.css HTTP/1.1
Host: static.bepolite.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://static.bepolite.eu/banners/a247979d-f898-4aab-a992-ab17ac1c83a6/index.html?click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4C5LNGUTvRO0X4fIS12o_1qwiDEw_KdgHVjk40LQXXl0Z3QfWl1pLgyV0Ann-FoV9O0-6ZGAxLcxsKdMI3bBJcgWkG9sBU5WlMklrL_pZQxpJM6l6V3pttOAo_kC4E5Eo7CSrpWyCLqIhMWgxoYPGvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1WXZ8X6JSe0Gnw2zRAzhRqzoptxWl3N6M6wSBlOWoR-TR_lOyfSdK8HxRrQktEc-na5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttps%253A%252F%252Fwww.kaubamaja.ee%252F%253Futm_source%253Dsmartad%2526utm_medium%253Dbanner%2526utm_campaign%253Dilu_aeg_sygis_2023%2526utm_content%253Dsisu%2526utm_term%253Dee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4C5LNGUTvRO0X4fIS12o_1qwiDEw_KdgHVjk40LQXXl0Z3QfWl1pLgyV0Ann-FoV9O0-6ZGAxLcxsKdMI3bBJcgWkG9sBU5WlMklrL_pZQxpJM6l6V3pttOAo_kC4E5Eo7CSrpWyCLqIhMWgxoYPGvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1WXZ8X6JSe0Gnw2zRAzhRqzoptxWl3N6M6wSBlOWoR-TR_lOyfSdK8HxRrQktEc-na5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fstatic.bepolite.eu%2Fbanners%2Fa247979d-f898-4aab-a992-ab17ac1c83a6%2Findex.html&clink=https%3A%2F%2Fwww.kaubamaja.ee%2F%3Futm_source%3Dsmartad%26utm_medium%3Dbanner%26utm_campaign%3Dilu_aeg_sygis_2023%26utm_content%3Dsisu%26utm_term%3Dee&banner_id=104788ef97cd4dc28dbe29d4dd65d6bc50dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: text/css; charset=utf-8
accept-ranges: bytes
etag: "306050553"
last-modified: Thu, 07 Sep 2023 08:52:50 GMT
content-length: 3069
date: Sun, 10 Sep 2023 23:00:57 GMT
cache-control: must-revalidate, private
expires: -1
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 103668581
age: 0
X-Firefox-Spdy: h2

static.bepolite.eu/banners/a247979d-f898-4aab-a992-ab17ac1c83a6/slide.png

212.47.222.22

200 OK

4.1 kB

URL GET HTTP/2
static.bepolite.eu/banners/a247979d-f898-4aab-a992-ab17ac1c83a6/slide.png
IP
212.47.222.22:443
ASN
#3327 CITIC Telecom CPC Netherlands B.V.

Requested by
https://static.bepolite.eu/banners/a247979d-f898-4aab-a992-ab17ac1c83a6/index.html?click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4C5LNGUTvRO0X4fIS12o_1qwiDEw_KdgHVjk40LQXXl0Z3QfWl1pLgyV0Ann-FoV9O0-6ZGAxLcxsKdMI3bBJcgWkG9sBU5WlMklrL_pZQxpJM6l6V3pttOAo_kC4E5Eo7CSrpWyCLqIhMWgxoYPGvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1WXZ8X6JSe0Gnw2zRAzhRqzoptxWl3N6M6wSBlOWoR-TR_lOyfSdK8HxRrQktEc-na5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttps%253A%252F%252Fwww.kaubamaja.ee%252F%253Futm_source%253Dsmartad%2526utm_medium%253Dbanner%2526utm_campaign%253Dilu_aeg_sygis_2023%2526utm_content%253Dsisu%2526utm_term%253Dee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4C5LNGUTvRO0X4fIS12o_1qwiDEw_KdgHVjk40LQXXl0Z3QfWl1pLgyV0Ann-FoV9O0-6ZGAxLcxsKdMI3bBJcgWkG9sBU5WlMklrL_pZQxpJM6l6V3pttOAo_kC4E5Eo7CSrpWyCLqIhMWgxoYPGvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1WXZ8X6JSe0Gnw2zRAzhRqzoptxWl3N6M6wSBlOWoR-TR_lOyfSdK8HxRrQktEc-na5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fstatic.bepolite.eu%2Fbanners%2Fa247979d-f898-4aab-a992-ab17ac1c83a6%2Findex.html&clink=https%3A%2F%2Fwww.kaubamaja.ee%2F%3Futm_source%3Dsmartad%26utm_medium%3Dbanner%26utm_campaign%3Dilu_aeg_sygis_2023%26utm_content%3Dsisu%26utm_term%3Dee&banner_id=104788ef97cd4dc28dbe29d4dd65d6bc50dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate
IssuerLet's Encrypt
Subjectstatic.bepolite.eu
FingerprintB7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD
ValidityMon, 04 Sep 2023 21:06:47 GMT - Sun, 03 Dec 2023 21:06:46 GMT

File type
PNG image data, 1000 x 200, 8-bit/color RGBA, non-interlaced\012- data
Size
4.1 kB (4062 bytes)
Hash
b51540f93709fa5cba5b273adaa7dfb5
07dd75d5ddfa5f5e39c6ff4978b70b82dadfbe82
bf75d98b3287eee9260f16df11f43e0fdb790d9e5313b41e57f915ca46a93cba

HTTP Headers

GET /banners/a247979d-f898-4aab-a992-ab17ac1c83a6/slide.png HTTP/1.1
Host: static.bepolite.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://static.bepolite.eu/banners/a247979d-f898-4aab-a992-ab17ac1c83a6/index.html?click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4C5LNGUTvRO0X4fIS12o_1qwiDEw_KdgHVjk40LQXXl0Z3QfWl1pLgyV0Ann-FoV9O0-6ZGAxLcxsKdMI3bBJcgWkG9sBU5WlMklrL_pZQxpJM6l6V3pttOAo_kC4E5Eo7CSrpWyCLqIhMWgxoYPGvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1WXZ8X6JSe0Gnw2zRAzhRqzoptxWl3N6M6wSBlOWoR-TR_lOyfSdK8HxRrQktEc-na5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttps%253A%252F%252Fwww.kaubamaja.ee%252F%253Futm_source%253Dsmartad%2526utm_medium%253Dbanner%2526utm_campaign%253Dilu_aeg_sygis_2023%2526utm_content%253Dsisu%2526utm_term%253Dee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4C5LNGUTvRO0X4fIS12o_1qwiDEw_KdgHVjk40LQXXl0Z3QfWl1pLgyV0Ann-FoV9O0-6ZGAxLcxsKdMI3bBJcgWkG9sBU5WlMklrL_pZQxpJM6l6V3pttOAo_kC4E5Eo7CSrpWyCLqIhMWgxoYPGvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1WXZ8X6JSe0Gnw2zRAzhRqzoptxWl3N6M6wSBlOWoR-TR_lOyfSdK8HxRrQktEc-na5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fstatic.bepolite.eu%2Fbanners%2Fa247979d-f898-4aab-a992-ab17ac1c83a6%2Findex.html&clink=https%3A%2F%2Fwww.kaubamaja.ee%2F%3Futm_source%3Dsmartad%26utm_medium%3Dbanner%26utm_campaign%3Dilu_aeg_sygis_2023%26utm_content%3Dsisu%26utm_term%3Dee&banner_id=104788ef97cd4dc28dbe29d4dd65d6bc50dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/png
accept-ranges: bytes
etag: "1405592900"
last-modified: Thu, 07 Sep 2023 08:52:50 GMT
content-length: 4062
date: Sun, 10 Sep 2023 23:01:06 GMT
cache-control: must-revalidate, private
expires: -1
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 103625871
age: 0
X-Firefox-Spdy: h2

static.bepolite.eu/banners/a247979d-f898-4aab-a992-ab17ac1c83a6/app.js

212.47.222.22

200 OK

1.7 kB

URL GET HTTP/2
static.bepolite.eu/banners/a247979d-f898-4aab-a992-ab17ac1c83a6/app.js
IP
212.47.222.22:443
ASN
#3327 CITIC Telecom CPC Netherlands B.V.

Requested by
https://static.bepolite.eu/banners/a247979d-f898-4aab-a992-ab17ac1c83a6/index.html?click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4C5LNGUTvRO0X4fIS12o_1qwiDEw_KdgHVjk40LQXXl0Z3QfWl1pLgyV0Ann-FoV9O0-6ZGAxLcxsKdMI3bBJcgWkG9sBU5WlMklrL_pZQxpJM6l6V3pttOAo_kC4E5Eo7CSrpWyCLqIhMWgxoYPGvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1WXZ8X6JSe0Gnw2zRAzhRqzoptxWl3N6M6wSBlOWoR-TR_lOyfSdK8HxRrQktEc-na5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttps%253A%252F%252Fwww.kaubamaja.ee%252F%253Futm_source%253Dsmartad%2526utm_medium%253Dbanner%2526utm_campaign%253Dilu_aeg_sygis_2023%2526utm_content%253Dsisu%2526utm_term%253Dee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4C5LNGUTvRO0X4fIS12o_1qwiDEw_KdgHVjk40LQXXl0Z3QfWl1pLgyV0Ann-FoV9O0-6ZGAxLcxsKdMI3bBJcgWkG9sBU5WlMklrL_pZQxpJM6l6V3pttOAo_kC4E5Eo7CSrpWyCLqIhMWgxoYPGvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1WXZ8X6JSe0Gnw2zRAzhRqzoptxWl3N6M6wSBlOWoR-TR_lOyfSdK8HxRrQktEc-na5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fstatic.bepolite.eu%2Fbanners%2Fa247979d-f898-4aab-a992-ab17ac1c83a6%2Findex.html&clink=https%3A%2F%2Fwww.kaubamaja.ee%2F%3Futm_source%3Dsmartad%26utm_medium%3Dbanner%26utm_campaign%3Dilu_aeg_sygis_2023%26utm_content%3Dsisu%26utm_term%3Dee&banner_id=104788ef97cd4dc28dbe29d4dd65d6bc50dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate
IssuerLet's Encrypt
Subjectstatic.bepolite.eu
FingerprintB7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD
ValidityMon, 04 Sep 2023 21:06:47 GMT - Sun, 03 Dec 2023 21:06:46 GMT

File type
ASCII text, with very long lines (352), with CRLF line terminators
Size
1.7 kB (1692 bytes)
Hash
1490aac2cf251cb7a3827a5602b8b509
ce48a21df8129270737a70bc9d9c94070ce81c52
b7b9a176a0902b49e9f052670293d84ce122874dde3d0dd80af95dcecfd9c026

HTTP Headers

GET /banners/a247979d-f898-4aab-a992-ab17ac1c83a6/app.js HTTP/1.1
Host: static.bepolite.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://static.bepolite.eu/banners/a247979d-f898-4aab-a992-ab17ac1c83a6/index.html?click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4C5LNGUTvRO0X4fIS12o_1qwiDEw_KdgHVjk40LQXXl0Z3QfWl1pLgyV0Ann-FoV9O0-6ZGAxLcxsKdMI3bBJcgWkG9sBU5WlMklrL_pZQxpJM6l6V3pttOAo_kC4E5Eo7CSrpWyCLqIhMWgxoYPGvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1WXZ8X6JSe0Gnw2zRAzhRqzoptxWl3N6M6wSBlOWoR-TR_lOyfSdK8HxRrQktEc-na5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttps%253A%252F%252Fwww.kaubamaja.ee%252F%253Futm_source%253Dsmartad%2526utm_medium%253Dbanner%2526utm_campaign%253Dilu_aeg_sygis_2023%2526utm_content%253Dsisu%2526utm_term%253Dee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4C5LNGUTvRO0X4fIS12o_1qwiDEw_KdgHVjk40LQXXl0Z3QfWl1pLgyV0Ann-FoV9O0-6ZGAxLcxsKdMI3bBJcgWkG9sBU5WlMklrL_pZQxpJM6l6V3pttOAo_kC4E5Eo7CSrpWyCLqIhMWgxoYPGvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1WXZ8X6JSe0Gnw2zRAzhRqzoptxWl3N6M6wSBlOWoR-TR_lOyfSdK8HxRrQktEc-na5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fstatic.bepolite.eu%2Fbanners%2Fa247979d-f898-4aab-a992-ab17ac1c83a6%2Findex.html&clink=https%3A%2F%2Fwww.kaubamaja.ee%2F%3Futm_source%3Dsmartad%26utm_medium%3Dbanner%26utm_campaign%3Dilu_aeg_sygis_2023%26utm_content%3Dsisu%26utm_term%3Dee&banner_id=104788ef97cd4dc28dbe29d4dd65d6bc50dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: application/javascript
accept-ranges: bytes
etag: "306079837"
last-modified: Thu, 07 Sep 2023 08:52:50 GMT
content-length: 1692
date: Sun, 10 Sep 2023 23:01:05 GMT
cache-control: must-revalidate, private
expires: -1
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 102714195
age: 0
X-Firefox-Spdy: h2

static.bepolite.eu/banners/a247979d-f898-4aab-a992-ab17ac1c83a6/bg.jpg

212.47.222.22

200 OK

42 kB

URL GET HTTP/2
static.bepolite.eu/banners/a247979d-f898-4aab-a992-ab17ac1c83a6/bg.jpg
IP
212.47.222.22:443
ASN
#3327 CITIC Telecom CPC Netherlands B.V.

Requested by
https://static.bepolite.eu/banners/a247979d-f898-4aab-a992-ab17ac1c83a6/index.html?click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4C5LNGUTvRO0X4fIS12o_1qwiDEw_KdgHVjk40LQXXl0Z3QfWl1pLgyV0Ann-FoV9O0-6ZGAxLcxsKdMI3bBJcgWkG9sBU5WlMklrL_pZQxpJM6l6V3pttOAo_kC4E5Eo7CSrpWyCLqIhMWgxoYPGvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1WXZ8X6JSe0Gnw2zRAzhRqzoptxWl3N6M6wSBlOWoR-TR_lOyfSdK8HxRrQktEc-na5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttps%253A%252F%252Fwww.kaubamaja.ee%252F%253Futm_source%253Dsmartad%2526utm_medium%253Dbanner%2526utm_campaign%253Dilu_aeg_sygis_2023%2526utm_content%253Dsisu%2526utm_term%253Dee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4C5LNGUTvRO0X4fIS12o_1qwiDEw_KdgHVjk40LQXXl0Z3QfWl1pLgyV0Ann-FoV9O0-6ZGAxLcxsKdMI3bBJcgWkG9sBU5WlMklrL_pZQxpJM6l6V3pttOAo_kC4E5Eo7CSrpWyCLqIhMWgxoYPGvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1WXZ8X6JSe0Gnw2zRAzhRqzoptxWl3N6M6wSBlOWoR-TR_lOyfSdK8HxRrQktEc-na5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fstatic.bepolite.eu%2Fbanners%2Fa247979d-f898-4aab-a992-ab17ac1c83a6%2Findex.html&clink=https%3A%2F%2Fwww.kaubamaja.ee%2F%3Futm_source%3Dsmartad%26utm_medium%3Dbanner%26utm_campaign%3Dilu_aeg_sygis_2023%26utm_content%3Dsisu%26utm_term%3Dee&banner_id=104788ef97cd4dc28dbe29d4dd65d6bc50dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate
IssuerLet's Encrypt
Subjectstatic.bepolite.eu
FingerprintB7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD
ValidityMon, 04 Sep 2023 21:06:47 GMT - Sun, 03 Dec 2023 21:06:46 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1000x200, components 3\012- data
Size
42 kB (42238 bytes)
Hash
af1a254a5f123d454cb0e1ec63254fe9
1d9797b1762aa67dc778c95b80fb6b3295c41d55
74603b6a138d1cf198a3ff0c4e1c79efcee89d4a22c0d669fb320b6dd47acee2

HTTP Headers

GET /banners/a247979d-f898-4aab-a992-ab17ac1c83a6/bg.jpg HTTP/1.1
Host: static.bepolite.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://static.bepolite.eu/banners/a247979d-f898-4aab-a992-ab17ac1c83a6/index.html?click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4C5LNGUTvRO0X4fIS12o_1qwiDEw_KdgHVjk40LQXXl0Z3QfWl1pLgyV0Ann-FoV9O0-6ZGAxLcxsKdMI3bBJcgWkG9sBU5WlMklrL_pZQxpJM6l6V3pttOAo_kC4E5Eo7CSrpWyCLqIhMWgxoYPGvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1WXZ8X6JSe0Gnw2zRAzhRqzoptxWl3N6M6wSBlOWoR-TR_lOyfSdK8HxRrQktEc-na5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttps%253A%252F%252Fwww.kaubamaja.ee%252F%253Futm_source%253Dsmartad%2526utm_medium%253Dbanner%2526utm_campaign%253Dilu_aeg_sygis_2023%2526utm_content%253Dsisu%2526utm_term%253Dee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4C5LNGUTvRO0X4fIS12o_1qwiDEw_KdgHVjk40LQXXl0Z3QfWl1pLgyV0Ann-FoV9O0-6ZGAxLcxsKdMI3bBJcgWkG9sBU5WlMklrL_pZQxpJM6l6V3pttOAo_kC4E5Eo7CSrpWyCLqIhMWgxoYPGvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1WXZ8X6JSe0Gnw2zRAzhRqzoptxWl3N6M6wSBlOWoR-TR_lOyfSdK8HxRrQktEc-na5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fstatic.bepolite.eu%2Fbanners%2Fa247979d-f898-4aab-a992-ab17ac1c83a6%2Findex.html&clink=https%3A%2F%2Fwww.kaubamaja.ee%2F%3Futm_source%3Dsmartad%26utm_medium%3Dbanner%26utm_campaign%3Dilu_aeg_sygis_2023%26utm_content%3Dsisu%26utm_term%3Dee&banner_id=104788ef97cd4dc28dbe29d4dd65d6bc50dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
accept-ranges: bytes
etag: "287780702"
last-modified: Thu, 07 Sep 2023 08:52:50 GMT
content-length: 42238
date: Sun, 10 Sep 2023 23:01:05 GMT
cache-control: must-revalidate, private
expires: -1
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 103668584
age: 0
X-Firefox-Spdy: h2

static.bepolite.eu/banners/a247979d-f898-4aab-a992-ab17ac1c83a6/s1.png

212.47.222.22

200 OK

16 kB

URL GET HTTP/2
static.bepolite.eu/banners/a247979d-f898-4aab-a992-ab17ac1c83a6/s1.png
IP
212.47.222.22:443
ASN
#3327 CITIC Telecom CPC Netherlands B.V.

Requested by
https://static.bepolite.eu/banners/a247979d-f898-4aab-a992-ab17ac1c83a6/index.html?click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4C5LNGUTvRO0X4fIS12o_1qwiDEw_KdgHVjk40LQXXl0Z3QfWl1pLgyV0Ann-FoV9O0-6ZGAxLcxsKdMI3bBJcgWkG9sBU5WlMklrL_pZQxpJM6l6V3pttOAo_kC4E5Eo7CSrpWyCLqIhMWgxoYPGvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1WXZ8X6JSe0Gnw2zRAzhRqzoptxWl3N6M6wSBlOWoR-TR_lOyfSdK8HxRrQktEc-na5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttps%253A%252F%252Fwww.kaubamaja.ee%252F%253Futm_source%253Dsmartad%2526utm_medium%253Dbanner%2526utm_campaign%253Dilu_aeg_sygis_2023%2526utm_content%253Dsisu%2526utm_term%253Dee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4C5LNGUTvRO0X4fIS12o_1qwiDEw_KdgHVjk40LQXXl0Z3QfWl1pLgyV0Ann-FoV9O0-6ZGAxLcxsKdMI3bBJcgWkG9sBU5WlMklrL_pZQxpJM6l6V3pttOAo_kC4E5Eo7CSrpWyCLqIhMWgxoYPGvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1WXZ8X6JSe0Gnw2zRAzhRqzoptxWl3N6M6wSBlOWoR-TR_lOyfSdK8HxRrQktEc-na5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fstatic.bepolite.eu%2Fbanners%2Fa247979d-f898-4aab-a992-ab17ac1c83a6%2Findex.html&clink=https%3A%2F%2Fwww.kaubamaja.ee%2F%3Futm_source%3Dsmartad%26utm_medium%3Dbanner%26utm_campaign%3Dilu_aeg_sygis_2023%26utm_content%3Dsisu%26utm_term%3Dee&banner_id=104788ef97cd4dc28dbe29d4dd65d6bc50dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate
IssuerLet's Encrypt
Subjectstatic.bepolite.eu
FingerprintB7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD
ValidityMon, 04 Sep 2023 21:06:47 GMT - Sun, 03 Dec 2023 21:06:46 GMT

File type
PNG image data, 1000 x 200, 8-bit/color RGBA, non-interlaced\012- data
Size
16 kB (16268 bytes)
Hash
4b9b514b46a9902a7aedaac6d68ef4ac
16ff3a6383fc987d0908869aa628586bd1d20a96
8a495162f888ba3ca028f0b36e9d63c9aa248045539f2a79b3881d7138a58e11

HTTP Headers

GET /banners/a247979d-f898-4aab-a992-ab17ac1c83a6/s1.png HTTP/1.1
Host: static.bepolite.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://static.bepolite.eu/banners/a247979d-f898-4aab-a992-ab17ac1c83a6/index.html?click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4C5LNGUTvRO0X4fIS12o_1qwiDEw_KdgHVjk40LQXXl0Z3QfWl1pLgyV0Ann-FoV9O0-6ZGAxLcxsKdMI3bBJcgWkG9sBU5WlMklrL_pZQxpJM6l6V3pttOAo_kC4E5Eo7CSrpWyCLqIhMWgxoYPGvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1WXZ8X6JSe0Gnw2zRAzhRqzoptxWl3N6M6wSBlOWoR-TR_lOyfSdK8HxRrQktEc-na5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttps%253A%252F%252Fwww.kaubamaja.ee%252F%253Futm_source%253Dsmartad%2526utm_medium%253Dbanner%2526utm_campaign%253Dilu_aeg_sygis_2023%2526utm_content%253Dsisu%2526utm_term%253Dee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4C5LNGUTvRO0X4fIS12o_1qwiDEw_KdgHVjk40LQXXl0Z3QfWl1pLgyV0Ann-FoV9O0-6ZGAxLcxsKdMI3bBJcgWkG9sBU5WlMklrL_pZQxpJM6l6V3pttOAo_kC4E5Eo7CSrpWyCLqIhMWgxoYPGvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1WXZ8X6JSe0Gnw2zRAzhRqzoptxWl3N6M6wSBlOWoR-TR_lOyfSdK8HxRrQktEc-na5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fstatic.bepolite.eu%2Fbanners%2Fa247979d-f898-4aab-a992-ab17ac1c83a6%2Findex.html&clink=https%3A%2F%2Fwww.kaubamaja.ee%2F%3Futm_source%3Dsmartad%26utm_medium%3Dbanner%26utm_campaign%3Dilu_aeg_sygis_2023%26utm_content%3Dsisu%26utm_term%3Dee&banner_id=104788ef97cd4dc28dbe29d4dd65d6bc50dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/png
accept-ranges: bytes
etag: "1321280244"
last-modified: Thu, 07 Sep 2023 08:52:50 GMT
content-length: 16268
date: Sun, 10 Sep 2023 22:53:29 GMT
cache-control: must-revalidate, private
expires: -1
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 103625874
age: 0
X-Firefox-Spdy: h2

serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF4C5LNGUTvRO0X4fIS12o_1qwiDEw_KdgHVjk40LQXXl0Z3QfWl1pLgyV0Ann-FoV9O0-6ZGAxLcxsKdMI3bBJcgWkG9sBU5WlMklrL_pZQxpJM6l6V3pttOAo_kC4E5Eo7CSrpWyCLqIhMWgxoYPGvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-0nsZfIbOnJznUOEdQ0bS66tloH9Xhu4mLSSCoLEc-zI2uPCSYef_FAUt7mNTBWpqra5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g

212.47.222.22

200 OK

0 B

URL GET HTTP/2
serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF4C5LNGUTvRO0X4fIS12o_1qwiDEw_KdgHVjk40LQXXl0Z3QfWl1pLgyV0Ann-FoV9O0-6ZGAxLcxsKdMI3bBJcgWkG9sBU5WlMklrL_pZQxpJM6l6V3pttOAo_kC4E5Eo7CSrpWyCLqIhMWgxoYPGvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-0nsZfIbOnJznUOEdQ0bS66tloH9Xhu4mLSSCoLEc-zI2uPCSYef_FAUt7mNTBWpqra5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g
IP
212.47.222.22:443
ASN
#3327 CITIC Telecom CPC Netherlands B.V.

Requested by
https://www.upload.ee/files/15661808/MadDuckHWIDSpoof.exe.html?msg=sess_error
Certificate
IssuerLet's Encrypt
Subjectstatic.bepolite.eu
FingerprintB7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD
ValidityMon, 04 Sep 2023 21:06:47 GMT - Sun, 03 Dec 2023 21:06:46 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /event?key=FYFWuDany3hwv6rfuoAYF4C5LNGUTvRO0X4fIS12o_1qwiDEw_KdgHVjk40LQXXl0Z3QfWl1pLgyV0Ann-FoV9O0-6ZGAxLcxsKdMI3bBJcgWkG9sBU5WlMklrL_pZQxpJM6l6V3pttOAo_kC4E5Eo7CSrpWyCLqIhMWgxoYPGvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-0nsZfIbOnJznUOEdQ0bS66tloH9Xhu4mLSSCoLEc-zI2uPCSYef_FAUt7mNTBWpqra5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g HTTP/1.1
Host: serving.bepolite.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Cookie: bepolite_id=045a94f36cc2a44e2cbdd12429a0acfb
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-length: 0
date: Sun, 10 Sep 2023 23:01:05 GMT
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 103759451
age: 0
accept-ranges: bytes
X-Firefox-Spdy: h2

static.bepolite.eu/banners/a247979d-f898-4aab-a992-ab17ac1c83a6/btn.png

212.47.222.22

200 OK

8.0 kB

URL GET HTTP/2
static.bepolite.eu/banners/a247979d-f898-4aab-a992-ab17ac1c83a6/btn.png
IP
212.47.222.22:443
ASN
#3327 CITIC Telecom CPC Netherlands B.V.

Requested by
https://static.bepolite.eu/banners/a247979d-f898-4aab-a992-ab17ac1c83a6/index.html?click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4C5LNGUTvRO0X4fIS12o_1qwiDEw_KdgHVjk40LQXXl0Z3QfWl1pLgyV0Ann-FoV9O0-6ZGAxLcxsKdMI3bBJcgWkG9sBU5WlMklrL_pZQxpJM6l6V3pttOAo_kC4E5Eo7CSrpWyCLqIhMWgxoYPGvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1WXZ8X6JSe0Gnw2zRAzhRqzoptxWl3N6M6wSBlOWoR-TR_lOyfSdK8HxRrQktEc-na5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttps%253A%252F%252Fwww.kaubamaja.ee%252F%253Futm_source%253Dsmartad%2526utm_medium%253Dbanner%2526utm_campaign%253Dilu_aeg_sygis_2023%2526utm_content%253Dsisu%2526utm_term%253Dee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4C5LNGUTvRO0X4fIS12o_1qwiDEw_KdgHVjk40LQXXl0Z3QfWl1pLgyV0Ann-FoV9O0-6ZGAxLcxsKdMI3bBJcgWkG9sBU5WlMklrL_pZQxpJM6l6V3pttOAo_kC4E5Eo7CSrpWyCLqIhMWgxoYPGvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1WXZ8X6JSe0Gnw2zRAzhRqzoptxWl3N6M6wSBlOWoR-TR_lOyfSdK8HxRrQktEc-na5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fstatic.bepolite.eu%2Fbanners%2Fa247979d-f898-4aab-a992-ab17ac1c83a6%2Findex.html&clink=https%3A%2F%2Fwww.kaubamaja.ee%2F%3Futm_source%3Dsmartad%26utm_medium%3Dbanner%26utm_campaign%3Dilu_aeg_sygis_2023%26utm_content%3Dsisu%26utm_term%3Dee&banner_id=104788ef97cd4dc28dbe29d4dd65d6bc50dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate
IssuerLet's Encrypt
Subjectstatic.bepolite.eu
FingerprintB7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD
ValidityMon, 04 Sep 2023 21:06:47 GMT - Sun, 03 Dec 2023 21:06:46 GMT

File type
PNG image data, 1000 x 200, 8-bit/color RGBA, non-interlaced\012- data
Size
8.0 kB (7971 bytes)
Hash
4761331603de667e145efe17142b5732
25ac69257257af4d4e52ac7154bb13a858bd02d5
f4d586462a9544054a3253a2d45cc0da02581c4182a6a57388390ac132fb72e1

HTTP Headers

GET /banners/a247979d-f898-4aab-a992-ab17ac1c83a6/btn.png HTTP/1.1
Host: static.bepolite.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://static.bepolite.eu/banners/a247979d-f898-4aab-a992-ab17ac1c83a6/index.html?click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4C5LNGUTvRO0X4fIS12o_1qwiDEw_KdgHVjk40LQXXl0Z3QfWl1pLgyV0Ann-FoV9O0-6ZGAxLcxsKdMI3bBJcgWkG9sBU5WlMklrL_pZQxpJM6l6V3pttOAo_kC4E5Eo7CSrpWyCLqIhMWgxoYPGvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1WXZ8X6JSe0Gnw2zRAzhRqzoptxWl3N6M6wSBlOWoR-TR_lOyfSdK8HxRrQktEc-na5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttps%253A%252F%252Fwww.kaubamaja.ee%252F%253Futm_source%253Dsmartad%2526utm_medium%253Dbanner%2526utm_campaign%253Dilu_aeg_sygis_2023%2526utm_content%253Dsisu%2526utm_term%253Dee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4C5LNGUTvRO0X4fIS12o_1qwiDEw_KdgHVjk40LQXXl0Z3QfWl1pLgyV0Ann-FoV9O0-6ZGAxLcxsKdMI3bBJcgWkG9sBU5WlMklrL_pZQxpJM6l6V3pttOAo_kC4E5Eo7CSrpWyCLqIhMWgxoYPGvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1WXZ8X6JSe0Gnw2zRAzhRqzoptxWl3N6M6wSBlOWoR-TR_lOyfSdK8HxRrQktEc-na5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fstatic.bepolite.eu%2Fbanners%2Fa247979d-f898-4aab-a992-ab17ac1c83a6%2Findex.html&clink=https%3A%2F%2Fwww.kaubamaja.ee%2F%3Futm_source%3Dsmartad%26utm_medium%3Dbanner%26utm_campaign%3Dilu_aeg_sygis_2023%26utm_content%3Dsisu%26utm_term%3Dee&banner_id=104788ef97cd4dc28dbe29d4dd65d6bc50dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/png
accept-ranges: bytes
etag: "1914681209"
last-modified: Thu, 07 Sep 2023 08:52:50 GMT
content-length: 7971
date: Sun, 10 Sep 2023 23:00:57 GMT
cache-control: must-revalidate, private
expires: -1
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 103993021
age: 0
X-Firefox-Spdy: h2

serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF4C5LNGUTvRO0X4fIS12o_1qwiDEw_KdgHVjk40LQXXl0Z3QfWl1pLgyV0Ann-FoV9O0-6ZGAxLcxsKdMI3bBJcgWkG9sBU5WlMklrL_pZQxpJM6l6V3pttOAo_kC4E5Eo7CSrpWyCLqIhMWgxoYPGvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1WXZ8X6JSe0Gnw2zRAzhRqzoptxWl3N6M6wSBlOWoR-TR_lOyfSdK8HxRrQktEc-na5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g

212.47.222.22

200 OK

0 B

URL GET HTTP/2
serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF4C5LNGUTvRO0X4fIS12o_1qwiDEw_KdgHVjk40LQXXl0Z3QfWl1pLgyV0Ann-FoV9O0-6ZGAxLcxsKdMI3bBJcgWkG9sBU5WlMklrL_pZQxpJM6l6V3pttOAo_kC4E5Eo7CSrpWyCLqIhMWgxoYPGvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1WXZ8X6JSe0Gnw2zRAzhRqzoptxWl3N6M6wSBlOWoR-TR_lOyfSdK8HxRrQktEc-na5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g
IP
212.47.222.22:443
ASN
#3327 CITIC Telecom CPC Netherlands B.V.

Requested by
https://www.upload.ee/files/15661808/MadDuckHWIDSpoof.exe.html?msg=sess_error
Certificate
IssuerLet's Encrypt
Subjectstatic.bepolite.eu
FingerprintB7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD
ValidityMon, 04 Sep 2023 21:06:47 GMT - Sun, 03 Dec 2023 21:06:46 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /event?key=FYFWuDany3hwv6rfuoAYF4C5LNGUTvRO0X4fIS12o_1qwiDEw_KdgHVjk40LQXXl0Z3QfWl1pLgyV0Ann-FoV9O0-6ZGAxLcxsKdMI3bBJcgWkG9sBU5WlMklrL_pZQxpJM6l6V3pttOAo_kC4E5Eo7CSrpWyCLqIhMWgxoYPGvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1WXZ8X6JSe0Gnw2zRAzhRqzoptxWl3N6M6wSBlOWoR-TR_lOyfSdK8HxRrQktEc-na5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g HTTP/1.1
Host: serving.bepolite.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Cookie: bepolite_id=045a94f36cc2a44e2cbdd12429a0acfb
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-length: 0
date: Sun, 10 Sep 2023 23:01:06 GMT
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 103759454
age: 0
accept-ranges: bytes
X-Firefox-Spdy: h2

212.47.222.22

200 OK

0 B

URL GET HTTP/2
serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF4C5LNGUTvRO0X4fIS12o_1qwiDEw_KdgHVjk40LQXXl0Z3QfWl1pLgyV0Ann-FoV9O0-6ZGAxLcxsKdMI3bBJcgWkG9sBU5WlMklrL_pZQxpJM6l6V3pttOAo_kC4E5Eo7CSrpWyCLqIhMWgxoYPGvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-0nsZfIbOnJznUOEdQ0bS66tloH9Xhu4mLSSCoLEc-zI2uPCSYef_FAUt7mNTBWpqra5hY8OvOxWaQQS9P0iYfnPQFkqynusZJvi-LzBjp4mA
IP
212.47.222.22:443
ASN
#3327 CITIC Telecom CPC Netherlands B.V.

Requested by
https://www.upload.ee/files/15661808/MadDuckHWIDSpoof.exe.html?msg=sess_error
Certificate
IssuerLet's Encrypt
Subjectstatic.bepolite.eu
FingerprintB7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD
ValidityMon, 04 Sep 2023 21:06:47 GMT - Sun, 03 Dec 2023 21:06:46 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /event?key=FYFWuDany3hwv6rfuoAYF4C5LNGUTvRO0X4fIS12o_1qwiDEw_KdgHVjk40LQXXl0Z3QfWl1pLgyV0Ann-FoV9O0-6ZGAxLcxsKdMI3bBJcgWkG9sBU5WlMklrL_pZQxpJM6l6V3pttOAo_kC4E5Eo7CSrpWyCLqIhMWgxoYPGvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-0nsZfIbOnJznUOEdQ0bS66tloH9Xhu4mLSSCoLEc-zI2uPCSYef_FAUt7mNTBWpqra5hY8OvOxWaQQS9P0iYfnPQFkqynusZJvi-LzBjp4mA HTTP/1.1
Host: serving.bepolite.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Cookie: bepolite_id=045a94f36cc2a44e2cbdd12429a0acfb
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-length: 0
date: Sun, 10 Sep 2023 23:01:07 GMT
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 103993027
age: 0
accept-ranges: bytes
X-Firefox-Spdy: h2

www.googletagmanager.com/a?v=3&t=l&pid=740956471&rv=3960&u=AAAAAAAAAAAAAIAAAAAAAAE&ut=AACA&h=Ag&cid=G-LT9YQX0N49&l=G-LT9YQX0N49.L366.S51.E980.EC6.TC11.HTC0~gtm.init.S1.V1.E120.TS5ccdconversionmarking.TI3.TE2.TS5ccdemdownload.TI5.TE3.TS5ccdemoutboundclick.TI6.TE2.TS5ccdempageview.TI7.TE2.TS5ccdemscroll.TI8.TE3.TS5ccdemsitesearch.TI9.TE3.TS5ccdemvideo.TI10.TE2.TS5ccdgaregscope.TI11.TE2.TS5setproductsettings.TI12.TE1.TS5ogtgooglesignals.TI13.TE1~gtm.js.S1.V0.E96.TS5gct.TI1.TE1~gtm.dom.S0.V0.E60~gtm.scrollDepth.S1.V0.E58~gtm.load.S1.V0.E2~gtm.init_consent.S1.V0.E60

142.250.74.168

200 OK

0 B

URL GET HTTP/3
www.googletagmanager.com/a?v=3&t=l&pid=740956471&rv=3960&u=AAAAAAAAAAAAAIAAAAAAAAE&ut=AACA&h=Ag&cid=G-LT9YQX0N49&l=G-LT9YQX0N49.L366.S51.E980.EC6.TC11.HTC0~gtm.init.S1.V1.E120.TS5ccdconversionmarking.TI3.TE2.TS5ccdemdownload.TI5.TE3.TS5ccdemoutboundclick.TI6.TE2.TS5ccdempageview.TI7.TE2.TS5ccdemscroll.TI8.TE3.TS5ccdemsitesearch.TI9.TE3.TS5ccdemvideo.TI10.TE2.TS5ccdgaregscope.TI11.TE2.TS5setproductsettings.TI12.TE1.TS5ogtgooglesignals.TI13.TE1~gtm.js.S1.V0.E96.TS5gct.TI1.TE1~gtm.dom.S0.V0.E60~gtm.scrollDepth.S1.V0.E58~gtm.load.S1.V0.E2~gtm.init_consent.S1.V0.E60
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://www.upload.ee/files/15661808/MadDuckHWIDSpoof.exe.html?msg=sess_error
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintE6:F7:82:C1:10:AC:08:76:A1:97:70:B7:56:B7:EF:92:30:BA:1E:12
ValidityMon, 14 Aug 2023 08:16:28 GMT - Mon, 06 Nov 2023 08:16:27 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /a?v=3&t=l&pid=740956471&rv=3960&u=AAAAAAAAAAAAAIAAAAAAAAE&ut=AACA&h=Ag&cid=G-LT9YQX0N49&l=G-LT9YQX0N49.L366.S51.E980.EC6.TC11.HTC0~gtm.init.S1.V1.E120.TS5ccdconversionmarking.TI3.TE2.TS5ccdemdownload.TI5.TE3.TS5ccdemoutboundclick.TI6.TE2.TS5ccdempageview.TI7.TE2.TS5ccdemscroll.TI8.TE3.TS5ccdemsitesearch.TI9.TE3.TS5ccdemvideo.TI10.TE2.TS5ccdgaregscope.TI11.TE2.TS5setproductsettings.TI12.TE1.TS5ogtgooglesignals.TI13.TE1~gtm.js.S1.V0.E96.TS5gct.TI1.TE1~gtm.dom.S0.V0.E60~gtm.scrollDepth.S1.V0.E58~gtm.load.S1.V0.E2~gtm.init_consent.S1.V0.E60 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 10 Sep 2023 23:01:07 GMT
content-type: text/html
server: Google Tag Manager
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

pogothere.xyz/asd100.bin

172.64.96.14

200 OK

102 kB

URL GET HTTP/2
pogothere.xyz/asd100.bin
IP
172.64.96.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.upload.ee/files/15661808/MadDuckHWIDSpoof.exe.html?msg=sess_error
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint17:F9:2D:6F:B5:5E:5F:37:A6:FB:BE:61:4F:97:64:33:85:5C:3A:FB
ValidityTue, 28 Feb 2023 00:00:00 GMT - Tue, 27 Feb 2024 23:59:59 GMT

File type
data
Size
102 kB (102400 bytes)
Hash
4c6426ac7ef186464ecbb0d81cbfcb1e
5a6918eebd9d635e8f632e3ef34e3792b1b5ec13
f627ca4c2c322f15db26152df306bd4f983f0146409b81a4341b9b340c365a16

HTTP Headers

GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
Origin: https://www.upload.ee
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 10 Sep 2023 23:01:06 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://www.upload.ee
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 1094
last-modified: Sun, 10 Sep 2023 22:42:52 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EAXWAy%2BmTpTeSU4BsovEX3vroUcibzcJccPvzQX2iJN5sBXAx1j430b9HBzb75kbweb5QAVQEHqduAEkLfOXm4zpnWmdh7O0tUtxDWCxaQRf0IfllM0K43XR1v199Kk0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 804b4a7b1df476f0-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

pogothere.xyz/

172.64.96.14

200 OK

26 B

URL GET HTTP/2
pogothere.xyz/
IP
172.64.96.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.upload.ee/files/15661808/MadDuckHWIDSpoof.exe.html?msg=sess_error
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint17:F9:2D:6F:B5:5E:5F:37:A6:FB:BE:61:4F:97:64:33:85:5C:3A:FB
ValidityTue, 28 Feb 2023 00:00:00 GMT - Tue, 27 Feb 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
26 B (26 bytes)
Hash
0a04ef9c850e0369748bf00858ef0d15
632322a902e6ea7d6dc7946d830eff6890669dd5
f89c91ab0d8d79efa4f8ae633e3ff26a59293198f17211b0326d1c67fde8bf32

HTTP Headers

GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
Origin: https://www.upload.ee
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 10 Sep 2023 23:01:06 GMT
content-type: text/plain
set-cookie: csu=931214879110767@1@1694386866; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://www.upload.ee
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cdjjkPOSeCTSbgWLMPSU7Ubd6qaQfDz5NyReHsTeMt4kIVQez8dKldzSHI8fC%2FbOpeP%2B6ENA2spBz7HeANY%2BkN65NIk1tkdBXvQGN2hgDUrqZjGT9%2BK6fB2t2tZk56YC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 804b4a7b1ded76f0-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AYZoVhcQ1NBIwv2oE3Ai03NUs0OJQAtUjVQVGuUQH3Q20AgSv5d7fn1XG5pnaDEBsn_DPQNlNeeIDA&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1408366128%3A1694386866494230&theme=glif

142.250.74.109

403 Forbidden

0 B

URL GET HTTP/3
accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AYZoVhcQ1NBIwv2oE3Ai03NUs0OJQAtUjVQVGuUQH3Q20AgSv5d7fn1XG5pnaDEBsn_DPQNlNeeIDA&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1408366128%3A1694386866494230&theme=glif
IP
142.250.74.109:443
ASN
#15169 GOOGLE

Requested by
https://www.upload.ee/files/15661808/MadDuckHWIDSpoof.exe.html?msg=sess_error
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint5A:48:5B:27:A7:FB:0B:D6:63:83:8E:8E:80:DB:29:B7:2C:72:A8:8E
ValidityMon, 14 Aug 2023 08:16:28 GMT - Mon, 06 Nov 2023 08:16:27 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AYZoVhcQ1NBIwv2oE3Ai03NUs0OJQAtUjVQVGuUQH3Q20AgSv5d7fn1XG5pnaDEBsn_DPQNlNeeIDA&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1408366128%3A1694386866494230&theme=glif HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 10 Sep 2023 23:01:06 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-GpFCcNG76SprVQESC8Fq4Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

pogothere.xyz/

172.64.96.14

200 OK

27 B

URL GET HTTP/2
pogothere.xyz/
IP
172.64.96.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.upload.ee/files/15661808/MadDuckHWIDSpoof.exe.html?msg=sess_error
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint17:F9:2D:6F:B5:5E:5F:37:A6:FB:BE:61:4F:97:64:33:85:5C:3A:FB
ValidityTue, 28 Feb 2023 00:00:00 GMT - Tue, 27 Feb 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
27 B (27 bytes)
Hash
72ce02b670cf01e6ee5be34d562964e4
0354317ddd3db03c3741fa9ef8fddc05a9c92c62
dcac826bba22257aa6069f8dc52831e48c736eb9684335b0447ed1e9a5eb375e

HTTP Headers

GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
Origin: https://www.upload.ee
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 10 Sep 2023 23:01:06 GMT
content-type: text/plain
set-cookie: csu=1746770651606630@1@1694386866; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://www.upload.ee
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iqeihr5WJAqTrLvxZnTOc6F6xaJRZj%2FfI%2BlCCBG4AaISQZpWX3S6hoO6V1uRoWIaYIe21FmPZ3BT%2BJBA3dTboCT6wziK3eFsoM%2BWv%2F4R0bcT89sT6LwP3vE7smJiAODw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 804b4a7b2dfe76f0-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

pogothere.xyz/asd100.bin

172.64.96.14

200 OK

102 kB

URL GET HTTP/2
pogothere.xyz/asd100.bin
IP
172.64.96.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.upload.ee/files/15661808/MadDuckHWIDSpoof.exe.html?msg=sess_error
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint17:F9:2D:6F:B5:5E:5F:37:A6:FB:BE:61:4F:97:64:33:85:5C:3A:FB
ValidityTue, 28 Feb 2023 00:00:00 GMT - Tue, 27 Feb 2024 23:59:59 GMT

File type
data
Size
102 kB (102400 bytes)
Hash
4c6426ac7ef186464ecbb0d81cbfcb1e
5a6918eebd9d635e8f632e3ef34e3792b1b5ec13
f627ca4c2c322f15db26152df306bd4f983f0146409b81a4341b9b340c365a16

HTTP Headers

GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
Origin: https://www.upload.ee
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 10 Sep 2023 23:01:06 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://www.upload.ee
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 1094
last-modified: Sun, 10 Sep 2023 22:42:52 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FqCRkUMG1YhLIJmJ4faEmQobHNgB%2BiwDa1YBBWDQARgl74NYmR4lXzfYG8aaGsstKEj7GQuZmgDv%2FLN3caGP%2BxTsJE3EcujRHZ%2BJ51tQa9%2FNdJDqn3btSspHW9i8VRx5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 804b4a7b2df676f0-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (22)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash