upload.ee/download/15806824/814ad66912d81db089bf/________________________________________________.pdf.exe
51.91.30.159 324 B URL upload.ee/download/15806824/814ad66912d81db089bf/________________________________________________.pdf.exe
IP 51.91.30.159:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 0a7341622f6214c7a4c09d7091169cd4
ffdcd9f177167e842d8f322bed6feac7408e3ccd
e266c47726d29620685958484870d321bf61a4e713e0491f55603e3f037b38ca
GET /download/15806824/814ad66912d81db089bf/________________________________________________.pdf.exe HTTP/1.1
Host: upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 14 Oct 2023 12:45:04 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 324
Connection: keep-alive
Keep-Alive: timeout=5
Location: http://www.upload.ee/download/15806824/814ad66912d81db089bf/________________________________________________.pdf.exe
www.upload.ee/download/15806824/814ad66912d81db089bf/________________________________________________.pdf.exe
51.91.30.159 0 B URL www.upload.ee/download/15806824/814ad66912d81db089bf/________________________________________________.pdf.exe
IP 51.91.30.159:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
NIDS Severity Alert suricata medium ET HUNTING SUSPICIOUS *.pdf.exe in HTTP URL
GET /download/15806824/814ad66912d81db089bf/________________________________________________.pdf.exe HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Sat, 14 Oct 2023 12:45:04 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Keep-Alive: timeout=5
Strict-Transport-Security: max-age=31536000
X-XSS-Protection: 1
Location: https://www.upload.ee/download/15806824/814ad66912d81db089bf/________________________________________________.pdf.exe
www.upload.ee/download/15806824/814ad66912d81db089bf/________________________________________________.pdf.exe
51.91.30.159 493 B URL www.upload.ee/download/15806824/814ad66912d81db089bf/________________________________________________.pdf.exe
IP 51.91.30.159:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (493), with no line terminators
Hash 0e48f440400150ce925233793ee8028d
ab7d99ea429d2295630dd33ed5ab825f00c41f85
f8c6e0d40d93a79b41a565e4723f9afc387dc0c33ac56c89900cdc890d37091e
NIDS Severity Alert suricata medium ET HUNTING SUSPICIOUS *.pdf.exe in HTTP URL
GET /download/15806824/814ad66912d81db089bf/________________________________________________.pdf.exe HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Server: nginx
Date: Sat, 14 Oct 2023 12:45:04 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 493
Connection: keep-alive
Keep-Alive: timeout=5
Strict-Transport-Security: max-age=31536000
X-XSS-Protection: 1
P3P: CP="CAO PSA OUR"
www.upload.ee/download/15806824/814ad66912d81db089bf/________________________________________________.pdf.exe
51.91.30.159 493 B URL www.upload.ee/download/15806824/814ad66912d81db089bf/________________________________________________.pdf.exe
IP 51.91.30.159:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (493), with no line terminators
Hash 0e48f440400150ce925233793ee8028d
ab7d99ea429d2295630dd33ed5ab825f00c41f85
f8c6e0d40d93a79b41a565e4723f9afc387dc0c33ac56c89900cdc890d37091e
NIDS Severity Alert suricata medium ET HUNTING SUSPICIOUS *.pdf.exe in HTTP URL
GET /download/15806824/814ad66912d81db089bf/________________________________________________.pdf.exe HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Server: nginx
Date: Sat, 14 Oct 2023 12:45:04 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 493
Connection: keep-alive
Keep-Alive: timeout=5
Strict-Transport-Security: max-age=31536000
X-XSS-Protection: 1
P3P: CP="CAO PSA OUR"
www.upload.ee/files/15806824/________________________________________________.pdf.exe.html?msg=sess_error
51.91.30.159200 OK 9.0 kB URL User Request GET HTTP/1.1 www.upload.ee/files/15806824/________________________________________________.pdf.exe.html?msg=sess_error
IP 51.91.30.159:443
Certificate IssuerDigiCert, Inc.
Subjectwww.upload.ee
Fingerprint50:32:93:34:C8:04:2F:84:49:77:0D:C4:DD:CA:79:C9:CB:3E:C0:F4
ValidityThu, 02 Mar 2023 00:00:00 GMT - Mon, 01 Apr 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4526)
Hash 43efa0b8a7d338275f6b9aa36686de85
cc8c410decdc48a013ee0fcd51447a46010ac4e8
15c3d18b0c486fa4ea18647f16fda21127d3d451f4da7d663c62c42b2dd58858
GET /files/15806824/________________________________________________.pdf.exe.html?msg=sess_error HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/download/15806824/814ad66912d81db089bf/________________________________________________.pdf.exe
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 14 Oct 2023 12:45:04 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 8995
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Sat, 14 Oct 2023 15:45:04 +0300
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Strict-Transport-Security: max-age=31536000
X-XSS-Protection: 1
P3P: CP="CAO PSA OUR"
Set-Cookie: lng=eng; expires=Sat, 11-Nov-2023 12:45:04 GMT; path=/; domain=www.upload.ee; secure; httponly; SameSite=None
Content-Encoding: gzip
www.upload.ee/static/ubr__style.css
51.91.30.159200 OK 2.9 kB URL GET HTTP/1.1 www.upload.ee/static/ubr__style.css
IP 51.91.30.159:443
Requested by https://www.upload.ee/files/15806824/________________________________________________.pdf.exe.html?msg=sess_error
Certificate IssuerDigiCert, Inc.
Subjectwww.upload.ee
Fingerprint50:32:93:34:C8:04:2F:84:49:77:0D:C4:DD:CA:79:C9:CB:3E:C0:F4
ValidityThu, 02 Mar 2023 00:00:00 GMT - Mon, 01 Apr 2024 23:59:59 GMT
File type ASCII text, with very long lines (591), with CRLF line terminators
Hash 3ba04e290212b44bcca8f10a60a4e879
a9b021c9019bdbb28250836039b2372a1b4d0f0f
f618b1c7be10c3203620d44c6f323be5b61ac10e67588d96cb69988b3173c7d2
GET /static/ubr__style.css HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/files/15806824/________________________________________________.pdf.exe.html?msg=sess_error
Cookie: lng=eng
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 14 Oct 2023 12:45:05 GMT
Content-Type: text/css
Last-Modified: Fri, 04 Oct 2013 10:02:27 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
ETag: W/"524e9233-25a0"
Expires: Sat, 21 Oct 2023 12:45:05 GMT
Cache-Control: max-age=604800
Vary: Accept-Encoding
Content-Encoding: gzip
www.upload.ee/js/js__file_upload.js
51.91.30.159200 OK 27 kB URL GET HTTP/1.1 www.upload.ee/js/js__file_upload.js
IP 51.91.30.159:443
Requested by https://www.upload.ee/files/15806824/________________________________________________.pdf.exe.html?msg=sess_error
Certificate IssuerDigiCert, Inc.
Subjectwww.upload.ee
Fingerprint50:32:93:34:C8:04:2F:84:49:77:0D:C4:DD:CA:79:C9:CB:3E:C0:F4
ValidityThu, 02 Mar 2023 00:00:00 GMT - Mon, 01 Apr 2024 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (1853)
Hash 617f6d5a2744bc8c02e3d2c67544bd68
f57c068257c8bc85644d3be1e845c36506cd4625
62a3bb4d9d2b5a55b6d821a75d7b155fac47def3c241e4f1215d17e022f02658
GET /js/js__file_upload.js HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/files/15806824/________________________________________________.pdf.exe.html?msg=sess_error
Cookie: lng=eng
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 14 Oct 2023 12:45:05 GMT
Content-Type: application/javascript
Content-Length: 27351
Last-Modified: Thu, 07 May 2020 19:13:28 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "5eb45dd8-6ad7"
Expires: Sat, 21 Oct 2023 12:45:05 GMT
Cache-Control: max-age=604800
Vary: Accept-Encoding
Accept-Ranges: bytes
www.googletagmanager.com/gtag/js?id=UA-6703115-1
142.250.74.168200 OK 51 kB URL GET HTTP/2 www.googletagmanager.com/gtag/js?id=UA-6703115-1
IP 142.250.74.168:443
Requested by https://www.upload.ee/files/15806824/________________________________________________.pdf.exe.html?msg=sess_error
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint54:FD:04:1B:2E:C7:46:95:DD:15:A3:A0:3F:CE:7F:03:02:53:36:8F
ValidityMon, 18 Sep 2023 08:19:25 GMT - Mon, 11 Dec 2023 08:19:24 GMT
File type ASCII text, with very long lines (2213)
Hash 37f706685084fd0b775c8c9537ea2ee7
6b1bf33880c4a90796c25608457e6d58c908b161
720d6e12c32851c6fbf565c9cd047f7b76020bc798fb121f2ac27a517902d592
GET /gtag/js?id=UA-6703115-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 14 Oct 2023 12:45:05 GMT
expires: Sat, 14 Oct 2023 12:45:05 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 50840
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.upload.ee/images/arrow.gif
51.91.30.159200 OK 59 B URL GET HTTP/1.1 www.upload.ee/images/arrow.gif
IP 51.91.30.159:443
Requested by https://www.upload.ee/files/15806824/________________________________________________.pdf.exe.html?msg=sess_error
Certificate IssuerDigiCert, Inc.
Subjectwww.upload.ee
Fingerprint50:32:93:34:C8:04:2F:84:49:77:0D:C4:DD:CA:79:C9:CB:3E:C0:F4
ValidityThu, 02 Mar 2023 00:00:00 GMT - Mon, 01 Apr 2024 23:59:59 GMT
File type GIF image data, version 89a, 6 x 9\012- data
Hash 6675f814b94f13f91f1383707b250e36
31452650e8fce2095613a2010799bdb7548bdd51
061d01a0b85f948c6ec464870ecec4654c4bd2ff15cacda941bbbf16225ec411
GET /images/arrow.gif HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/files/15806824/________________________________________________.pdf.exe.html?msg=sess_error
Cookie: lng=eng
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 14 Oct 2023 12:45:05 GMT
Content-Type: image/gif
Content-Length: 59
Last-Modified: Sun, 14 Apr 2013 07:15:01 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "516a5775-3b"
Expires: Sat, 21 Oct 2023 12:45:05 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes
www.upload.ee/images/dl_.png
51.91.30.159200 OK 1.9 kB URL GET HTTP/1.1 www.upload.ee/images/dl_.png
IP 51.91.30.159:443
Requested by https://www.upload.ee/files/15806824/________________________________________________.pdf.exe.html?msg=sess_error
Certificate IssuerDigiCert, Inc.
Subjectwww.upload.ee
Fingerprint50:32:93:34:C8:04:2F:84:49:77:0D:C4:DD:CA:79:C9:CB:3E:C0:F4
ValidityThu, 02 Mar 2023 00:00:00 GMT - Mon, 01 Apr 2024 23:59:59 GMT
File type PNG image data, 154 x 32, 8-bit colormap, non-interlaced\012- data
Hash f3e8f284a4e98cdb91b6abfc142d94a4
fa9e618c2f56bea752ddd7e45a372c5539dadda9
2f13919383f54ca21e5b87f5644df8a875b99815c821dcbbabea352d854c6882
GET /images/dl_.png HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/files/15806824/________________________________________________.pdf.exe.html?msg=sess_error
Cookie: lng=eng
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 14 Oct 2023 12:45:05 GMT
Content-Type: image/png
Content-Length: 1900
Last-Modified: Thu, 01 Dec 2016 09:37:27 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "583fef57-76c"
Expires: Sat, 21 Oct 2023 12:45:05 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes
du0pud0sdlmzf.cloudfront.net/?dupud=997369
143.204.42.211200 OK 118 kB URL GET HTTP/2 du0pud0sdlmzf.cloudfront.net/?dupud=997369
IP 143.204.42.211:443
Requested by https://www.upload.ee/files/15806824/________________________________________________.pdf.exe.html?msg=sess_error
Certificate IssuerAmazon
Subject*.cloudfront.net
FingerprintBA:0F:CD:B3:EA:19:B2:9D:99:9B:51:2D:16:33:6B:D0:3F:31:A2:AB
ValidityThu, 08 Dec 2022 00:00:00 GMT - Thu, 07 Dec 2023 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (15948)
Size 118 kB (117753 bytes)
Hash 835c66a219b8db32c7745e18d1c7bc1d
8e37c73d337fb5c667e012eef654915731c82844
001ff158f01e354a46664a7177434056e1fe3960e40deaebcaf9e0591e760143
GET /?dupud=997369 HTTP/1.1
Host: du0pud0sdlmzf.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-length: 117753
date: Sat, 14 Oct 2023 12:45:05 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Miss from cloudfront
via: 1.1 814e8c24454087e83cd261a6cf477166.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 17Mlo8cw2pNtff-JqIo_bf5Op7nRUAKwJquUNyFhSDlSGVRr4PEhpA==
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=G-LT9YQX0N49&l=dataLayer&cx=c
142.250.74.168200 OK 85 kB URL GET HTTP/3 www.googletagmanager.com/gtag/js?id=G-LT9YQX0N49&l=dataLayer&cx=c
IP 142.250.74.168:443
Requested by https://www.upload.ee/files/15806824/________________________________________________.pdf.exe.html?msg=sess_error
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint54:FD:04:1B:2E:C7:46:95:DD:15:A3:A0:3F:CE:7F:03:02:53:36:8F
ValidityMon, 18 Sep 2023 08:19:25 GMT - Mon, 11 Dec 2023 08:19:24 GMT
File type ASCII text, with very long lines (3034)
Hash 177f0c3c60d600bd9da2d5f1aa34aed6
8cfa5eecffa8b39a472de37f2c06a1d382b13ceb
cd153e771ac0f83850fef11e67bed1a9c7d89008d78c1503569439f9139755f0
GET /gtag/js?id=G-LT9YQX0N49&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 14 Oct 2023 12:45:05 GMT
expires: Sat, 14 Oct 2023 12:45:05 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 85005
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
blicatedlitytl.info/T2wzT0ZgU1A8exwrdScTGBQGGSoFHGt8PhY6dBknKV11Fh8jXBU7LytRCnZxe1wLaTYmCA5+fmkfRy4yOh8OfmAmAlUge2kaDn5of0IBYXJpGQ5+YDscUih7fkpDOzIjUQJ5f3heC3hzf1oDd3Y
188.114.97.1204 No Content 0 B URL GET HTTP/2 blicatedlitytl.info/T2wzT0ZgU1A8exwrdScTGBQGGSoFHGt8PhY6dBknKV11Fh8jXBU7LytRCnZxe1wLaTYmCA5+fmkfRy4yOh8OfmAmAlUge2kaDn5of0IBYXJpGQ5+YDscUih7fkpDOzIjUQJ5f3heC3hzf1oDd3Y
IP 188.114.97.1:443
Requested by https://www.upload.ee/files/15806824/________________________________________________.pdf.exe.html?msg=sess_error
Certificate IssuerGoogle Trust Services LLC
Subjectblicatedlitytl.info
FingerprintC4:A3:7B:D1:18:B2:B1:F5:7E:A8:42:31:5C:03:85:97:D4:91:7B:EE
ValidityThu, 12 Oct 2023 08:51:17 GMT - Wed, 10 Jan 2024 08:51:16 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /T2wzT0ZgU1A8exwrdScTGBQGGSoFHGt8PhY6dBknKV11Fh8jXBU7LytRCnZxe1wLaTYmCA5+fmkfRy4yOh8OfmAmAlUge2kaDn5of0IBYXJpGQ5+YDscUih7fkpDOzIjUQJ5f3heC3hzf1oDd3Y HTTP/1.1
Host: blicatedlitytl.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
date: Sat, 14 Oct 2023 12:45:05 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t1PjhenVtAj5mEv%2B7dfpthAJr%2FywrqD7m%2FBoMWr2Yc%2FNWvQNRY5ZbRz1jt3KBLS2Cz%2FVWtI3uuxqOTXjK5TN7XJuz9P6JyduzM7PfDOfdLGqfFxtx%2FHaP4FdRCrzDlQvrd48EaIG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 815feadd1ceab4eb-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
blicatedlitytl.info/QW1aTGduUjk/WiIoDAYzcDsQLy81SGgOPSoJICk/MQcLFC14CDcNQTUEPnFeeFppel5nHTMoWnBLKTgGNRgpcVZnBDQqCHxLLHFWb15uYlR1Q2pqEnxcfDgXIApnfUExGS4gWnBbY3tVeVpvfFFxXms
188.114.97.1204 No Content 0 B URL GET HTTP/2 blicatedlitytl.info/QW1aTGduUjk/WiIoDAYzcDsQLy81SGgOPSoJICk/MQcLFC14CDcNQTUEPnFeeFppel5nHTMoWnBLKTgGNRgpcVZnBDQqCHxLLHFWb15uYlR1Q2pqEnxcfDgXIApnfUExGS4gWnBbY3tVeVpvfFFxXms
IP 188.114.97.1:443
Requested by https://www.upload.ee/files/15806824/________________________________________________.pdf.exe.html?msg=sess_error
Certificate IssuerGoogle Trust Services LLC
Subjectblicatedlitytl.info
FingerprintC4:A3:7B:D1:18:B2:B1:F5:7E:A8:42:31:5C:03:85:97:D4:91:7B:EE
ValidityThu, 12 Oct 2023 08:51:17 GMT - Wed, 10 Jan 2024 08:51:16 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /QW1aTGduUjk/WiIoDAYzcDsQLy81SGgOPSoJICk/MQcLFC14CDcNQTUEPnFeeFppel5nHTMoWnBLKTgGNRgpcVZnBDQqCHxLLHFWb15uYlR1Q2pqEnxcfDgXIApnfUExGS4gWnBbY3tVeVpvfFFxXms HTTP/1.1
Host: blicatedlitytl.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
date: Sat, 14 Oct 2023 12:45:05 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o46UinfWleWPF57m%2BEUJyZYptSGlfiQoEytdnAZlpJgVPUrmZrC17oiXuB%2BEz23jrURZ1Glw5C3BM8ASj%2F9Uob3OIj%2B4AwwZoMLA6XhfugtexchCaJ3DoK%2FaxW7oLEbsxwa9cwdp"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 815feadd1ce9b4eb-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
blicatedlitytl.info/WkgwbG91d1MfUhR5QFkLanhxDSouClU9ISsbWwhYGx9AID4SIxYYBj51CVVYbnkESh8zLA1dSSk8URgaKXUBSgY0Ll9RSSx1AUJcbmYDWEFqbkVRXnw8QA0IZ3kWHBsuJA1dWWN/AlRYb3gGXV9u
188.114.97.1204 No Content 0 B URL GET HTTP/2 blicatedlitytl.info/WkgwbG91d1MfUhR5QFkLanhxDSouClU9ISsbWwhYGx9AID4SIxYYBj51CVVYbnkESh8zLA1dSSk8URgaKXUBSgY0Ll9RSSx1AUJcbmYDWEFqbkVRXnw8QA0IZ3kWHBsuJA1dWWN/AlRYb3gGXV9u
IP 188.114.97.1:443
Requested by https://www.upload.ee/files/15806824/________________________________________________.pdf.exe.html?msg=sess_error
Certificate IssuerGoogle Trust Services LLC
Subjectblicatedlitytl.info
FingerprintC4:A3:7B:D1:18:B2:B1:F5:7E:A8:42:31:5C:03:85:97:D4:91:7B:EE
ValidityThu, 12 Oct 2023 08:51:17 GMT - Wed, 10 Jan 2024 08:51:16 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /WkgwbG91d1MfUhR5QFkLanhxDSouClU9ISsbWwhYGx9AID4SIxYYBj51CVVYbnkESh8zLA1dSSk8URgaKXUBSgY0Ll9RSSx1AUJcbmYDWEFqbkVRXnw8QA0IZ3kWHBsuJA1dWWN/AlRYb3gGXV9u HTTP/1.1
Host: blicatedlitytl.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
date: Sat, 14 Oct 2023 12:45:05 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pVOpBwk0cNAAOnLjsaKuOZ0wF8pxebdJXa9uh4qX4%2FSfuu%2B9EQr5AZVn6DssRjqN%2FLNZjZi0KACkrpzifJLYQroNy%2FPQbq4w3OB8ce%2B0ySu%2FklD%2Fe%2FM0zGVSGHUev30UW2pFlXqj"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 815feadd4d01b4eb-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
forgotingolstono.com/cW1kYzAQDwcODxBQBkVFAwFZRgI3SFYlVARdFBZUQR4AD10LC0oAXB4YAAVCHgMQTV4UGUFRdkkOD1J9PypcMXkYJzc2cSgGLyJcJj5XExVDKyUPaiQnHlpSMDwuFHE5KFEucSdUMgRcOgweC38yXV1aUR0KKytzARUhBF8SIQomdiI/KRN8FgEGNXQaVTMUYiEnIDV4My8XVH80NAcmdwJYMjV5FyQOOVQwFVAQUSA0FDECP1UhNQEyNzAydikBAEYCMykMJVQgBCEPZxkCLwJ4RSgiU0BGKBMpUideUCx1J1wnM0oePzwnfkkLJVJyIAA2E3IdVTIoc1xUAiJ2FUhWJXMWNwIyA0BVJjUJNQwsV3UyPxdGAjcmMipxMgAMRgIzDghWdBcqLSZjIAkTBWFXBxcMXgFQKCZmMyVVAVZJ
65.9.55.103200 OK 1.2 kB URL GET HTTP/2 forgotingolstono.com/cW1kYzAQDwcODxBQBkVFAwFZRgI3SFYlVARdFBZUQR4AD10LC0oAXB4YAAVCHgMQTV4UGUFRdkkOD1J9PypcMXkYJzc2cSgGLyJcJj5XExVDKyUPaiQnHlpSMDwuFHE5KFEucSdUMgRcOgweC38yXV1aUR0KKytzARUhBF8SIQomdiI/KRN8FgEGNXQaVTMUYiEnIDV4My8XVH80NAcmdwJYMjV5FyQOOVQwFVAQUSA0FDECP1UhNQEyNzAydikBAEYCMykMJVQgBCEPZxkCLwJ4RSgiU0BGKBMpUideUCx1J1wnM0oePzwnfkkLJVJyIAA2E3IdVTIoc1xUAiJ2FUhWJXMWNwIyA0BVJjUJNQwsV3UyPxdGAjcmMipxMgAMRgIzDghWdBcqLSZjIAkTBWFXBxcMXgFQKCZmMyVVAVZJ
IP 65.9.55.103:443
Requested by https://www.upload.ee/files/15806824/________________________________________________.pdf.exe.html?msg=sess_error
Certificate IssuerAmazon
Subjectforgotingolstono.com
Fingerprint7C:16:DA:EA:ED:10:BC:84:3B:B8:08:EE:1E:92:2A:DE:2F:F7:70:02
ValidityWed, 04 Oct 2023 00:00:00 GMT - Sat, 02 Nov 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3013), with no line terminators
Hash d03537faee0bcf4e8ca5e71e3dca8bda
941b50a31542fbd2c112e0d19049035a063dee70
9e51008308895ad009ce02b8982e0df30ecee0fb89a26900747b652ee843e583
GET /cW1kYzAQDwcODxBQBkVFAwFZRgI3SFYlVARdFBZUQR4AD10LC0oAXB4YAAVCHgMQTV4UGUFRdkkOD1J9PypcMXkYJzc2cSgGLyJcJj5XExVDKyUPaiQnHlpSMDwuFHE5KFEucSdUMgRcOgweC38yXV1aUR0KKytzARUhBF8SIQomdiI/KRN8FgEGNXQaVTMUYiEnIDV4My8XVH80NAcmdwJYMjV5FyQOOVQwFVAQUSA0FDECP1UhNQEyNzAydikBAEYCMykMJVQgBCEPZxkCLwJ4RSgiU0BGKBMpUideUCx1J1wnM0oePzwnfkkLJVJyIAA2E3IdVTIoc1xUAiJ2FUhWJXMWNwIyA0BVJjUJNQwsV3UyPxdGAjcmMipxMgAMRgIzDghWdBcqLSZjIAkTBWFXBxcMXgFQKCZmMyVVAVZJ HTTP/1.1
Host: forgotingolstono.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/html
content-length: 1169
date: Sat, 14 Oct 2023 12:45:05 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 d42e11d52edd8bb7c6c82444d8414824.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: Mq7EpksdLhzvwjURY3o5os8UXJ0IQAIOagiDeoF1Vkk9PymnyZoFqw==
X-Firefox-Spdy: h2
forgotingolstono.com/c3BUUWUSEjc8WhJNNncQARxpdFc1VWYXAQZAJCQBQwMwPQgJFnoyCRwFMDcXHB4gfwsWBHFjIyEjAzk0IiQ/ICcJRDoTD0MyGhkSMhMSaA4QIRInJBo9IQcfHyYdAysbMjhpARY1Mx8kMUA9MyFKFDA7Mzc8AgcCKUEBPicZFGwZHAQ3GWISOhIjOlU6BwZoMRolMxMmIjgfOA0lOgU9VBBDbWk3HjI/ElYfMR8ZJDoSEiI2KTEgZCc3GyIFITU+DT8jMRMCZTUXB2UiMgs6PxJWGBEePDQ4MxI9AhYyMGQ0KyYuEjZHPhkoFSQSEj4yEAc4ZTI0XRYmJisYGggLNRYdEwpCOmUIHScnHRkmOxgONws2FgQXMxtWPiIKHQBpIDcrP2McXAI0PBwGJgZh
65.9.55.103200 OK 1.2 kB URL GET HTTP/2 forgotingolstono.com/c3BUUWUSEjc8WhJNNncQARxpdFc1VWYXAQZAJCQBQwMwPQgJFnoyCRwFMDcXHB4gfwsWBHFjIyEjAzk0IiQ/ICcJRDoTD0MyGhkSMhMSaA4QIRInJBo9IQcfHyYdAysbMjhpARY1Mx8kMUA9MyFKFDA7Mzc8AgcCKUEBPicZFGwZHAQ3GWISOhIjOlU6BwZoMRolMxMmIjgfOA0lOgU9VBBDbWk3HjI/ElYfMR8ZJDoSEiI2KTEgZCc3GyIFITU+DT8jMRMCZTUXB2UiMgs6PxJWGBEePDQ4MxI9AhYyMGQ0KyYuEjZHPhkoFSQSEj4yEAc4ZTI0XRYmJisYGggLNRYdEwpCOmUIHScnHRkmOxgONws2FgQXMxtWPiIKHQBpIDcrP2McXAI0PBwGJgZh
IP 65.9.55.103:443
Requested by https://www.upload.ee/files/15806824/________________________________________________.pdf.exe.html?msg=sess_error
Certificate IssuerAmazon
Subjectforgotingolstono.com
Fingerprint7C:16:DA:EA:ED:10:BC:84:3B:B8:08:EE:1E:92:2A:DE:2F:F7:70:02
ValidityWed, 04 Oct 2023 00:00:00 GMT - Sat, 02 Nov 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3005), with no line terminators
Hash e9d5b3a1ce0fc6a68a8941c38239c7bd
9f600c7e2d13d3dd2e23747d56ed15714d69fa4c
e512b91b8ae7cae631d312763bb49a43e76e684fe6965505cf8ad1ad7fdc9720
GET /c3BUUWUSEjc8WhJNNncQARxpdFc1VWYXAQZAJCQBQwMwPQgJFnoyCRwFMDcXHB4gfwsWBHFjIyEjAzk0IiQ/ICcJRDoTD0MyGhkSMhMSaA4QIRInJBo9IQcfHyYdAysbMjhpARY1Mx8kMUA9MyFKFDA7Mzc8AgcCKUEBPicZFGwZHAQ3GWISOhIjOlU6BwZoMRolMxMmIjgfOA0lOgU9VBBDbWk3HjI/ElYfMR8ZJDoSEiI2KTEgZCc3GyIFITU+DT8jMRMCZTUXB2UiMgs6PxJWGBEePDQ4MxI9AhYyMGQ0KyYuEjZHPhkoFSQSEj4yEAc4ZTI0XRYmJisYGggLNRYdEwpCOmUIHScnHRkmOxgONws2FgQXMxtWPiIKHQBpIDcrP2McXAI0PBwGJgZh HTTP/1.1
Host: forgotingolstono.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/html
content-length: 1164
date: Sat, 14 Oct 2023 12:45:05 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 d42e11d52edd8bb7c6c82444d8414824.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: Iv9UZIcYniCu7-Vnn1yBuOdkHOxvWFM9ebXyBEJvs1iILq39X3BPuA==
X-Firefox-Spdy: h2
forgotingolstono.com/S3MydEcqEVEZeCpOUFIyOR8PUXUNVgAyIz5DQgEjewBWGCoxFRwXKyQGVhI1JB1GWikuBxdGAQ0gAiY1BTtdGww8JWEmE3MHdgMrDxBcOiEJJgcACyMbUDIDP0ZiIncxMnAlHhEyBjUGGQdQMBB7BHciBQMWAD0PHSFjByIeQmAyBCNGZRwOKT9LLhAKNUVRdQ09cyYhGQp7TQANS2YkEwopYAwvPz5jGw0NCmNRdQkyXhMQAB50LiQgSl4QAn80YRkKcyRVIiEuMmg7BSAcXDgWHTFzGXJ5JAIMBC0hRhAGDUoGNix/NGEeLDInVRdwLh1gJwAgA1stEWYYdzwUfx1zMjMtFmM+HQk2RkMjDRx3J3V+QWVFDh88YTEJHAR4ASMiQ3QndDsCZQwOGxdcIWEhAF0aN3YlWz0MGwBiAAwOA10D
65.9.55.103200 OK 1.2 kB URL GET HTTP/2 forgotingolstono.com/S3MydEcqEVEZeCpOUFIyOR8PUXUNVgAyIz5DQgEjewBWGCoxFRwXKyQGVhI1JB1GWikuBxdGAQ0gAiY1BTtdGww8JWEmE3MHdgMrDxBcOiEJJgcACyMbUDIDP0ZiIncxMnAlHhEyBjUGGQdQMBB7BHciBQMWAD0PHSFjByIeQmAyBCNGZRwOKT9LLhAKNUVRdQ09cyYhGQp7TQANS2YkEwopYAwvPz5jGw0NCmNRdQkyXhMQAB50LiQgSl4QAn80YRkKcyRVIiEuMmg7BSAcXDgWHTFzGXJ5JAIMBC0hRhAGDUoGNix/NGEeLDInVRdwLh1gJwAgA1stEWYYdzwUfx1zMjMtFmM+HQk2RkMjDRx3J3V+QWVFDh88YTEJHAR4ASMiQ3QndDsCZQwOGxdcIWEhAF0aN3YlWz0MGwBiAAwOA10D
IP 65.9.55.103:443
Requested by https://www.upload.ee/files/15806824/________________________________________________.pdf.exe.html?msg=sess_error
Certificate IssuerAmazon
Subjectforgotingolstono.com
Fingerprint7C:16:DA:EA:ED:10:BC:84:3B:B8:08:EE:1E:92:2A:DE:2F:F7:70:02
ValidityWed, 04 Oct 2023 00:00:00 GMT - Sat, 02 Nov 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3022), with no line terminators
Hash 50c13c99926d2891a116aa311fdb34c1
d260d192a4c2bb3c613011b48e121f9905825575
b1717a1db0c6523c5111d5be9f4c9cfe3c1c9c2efecbd21ad723c15f6f861fa8
GET /S3MydEcqEVEZeCpOUFIyOR8PUXUNVgAyIz5DQgEjewBWGCoxFRwXKyQGVhI1JB1GWikuBxdGAQ0gAiY1BTtdGww8JWEmE3MHdgMrDxBcOiEJJgcACyMbUDIDP0ZiIncxMnAlHhEyBjUGGQdQMBB7BHciBQMWAD0PHSFjByIeQmAyBCNGZRwOKT9LLhAKNUVRdQ09cyYhGQp7TQANS2YkEwopYAwvPz5jGw0NCmNRdQkyXhMQAB50LiQgSl4QAn80YRkKcyRVIiEuMmg7BSAcXDgWHTFzGXJ5JAIMBC0hRhAGDUoGNix/NGEeLDInVRdwLh1gJwAgA1stEWYYdzwUfx1zMjMtFmM+HQk2RkMjDRx3J3V+QWVFDh88YTEJHAR4ASMiQ3QndDsCZQwOGxdcIWEhAF0aN3YlWz0MGwBiAAwOA10D HTTP/1.1
Host: forgotingolstono.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/html
content-length: 1176
date: Sat, 14 Oct 2023 12:45:05 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 d42e11d52edd8bb7c6c82444d8414824.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: MtenUA0dyjmAZK3uGXzEzvybwDhgejf6z70B7PFM8iPowdRRgozrCw==
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
142.250.74.109302 Found 0 B URL GET HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP 142.250.74.109:443
Requested by https://www.upload.ee/files/15806824/________________________________________________.pdf.exe.html?msg=sess_error
Certificate IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
Fingerprint4A:5A:3C:9D:EC:4D:02:20:DE:B6:76:11:1C:40:B5:78:E9:AA:A6:0D
ValidityMon, 18 Sep 2023 08:25:15 GMT - Mon, 11 Dec 2023 08:25:14 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:Y040QkkeIvbgAtcwLrYuGDXbcTo0EA:AIpITwphdpDqbE2c; Expires=Mon, 13-Oct-2025 12:45:05 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 14 Oct 2023 12:45:05 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AVQVeywfVz5w8GAVx2PmtbpftFDrp11La12ETn8okkbSOJWYxeqkZCFkBUAJuNb_sgnoPfuR48gkTQ
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy: unsafe-none
content-security-policy: require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport, script-src 'nonce-63Gj9z19udvVhzyx0EnAZA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.upload.ee/favicon.ico
51.91.30.159200 OK 1.2 kB URL GET HTTP/1.1 www.upload.ee/favicon.ico
IP 51.91.30.159:443
Requested by https://www.upload.ee/files/15806824/________________________________________________.pdf.exe.html?msg=sess_error
Certificate IssuerDigiCert, Inc.
Subjectwww.upload.ee
Fingerprint50:32:93:34:C8:04:2F:84:49:77:0D:C4:DD:CA:79:C9:CB:3E:C0:F4
ValidityThu, 02 Mar 2023 00:00:00 GMT - Mon, 01 Apr 2024 23:59:59 GMT
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash f299cf2e651c19e48d27900ced493ccb
c2d1086d517d7a26292e0d7b32da7c55b166c23b
115c8eb4840245f7aed0cb2a17fa7e91b86f79bb2f223a25af8cc533e1dedff1
GET /favicon.ico HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/files/15806824/________________________________________________.pdf.exe.html?msg=sess_error
Cookie: lng=eng; _ga_LT9YQX0N49=GS1.1.1697287506.1.0.1697287506.0.0.0; _ga=GA1.1.1220303529.1697287506
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 14 Oct 2023 12:45:05 GMT
Content-Type: image/x-icon
Content-Length: 1150
Last-Modified: Tue, 16 Dec 2008 17:17:25 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "4947e2a5-47e"
Expires: Sat, 21 Oct 2023 12:45:05 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
142.250.74.109302 Found 0 B URL GET HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP 142.250.74.109:443
Requested by https://www.upload.ee/files/15806824/________________________________________________.pdf.exe.html?msg=sess_error
Certificate IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
Fingerprint4A:5A:3C:9D:EC:4D:02:20:DE:B6:76:11:1C:40:B5:78:E9:AA:A6:0D
ValidityMon, 18 Sep 2023 08:25:15 GMT - Mon, 11 Dec 2023 08:25:14 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:HWBWdwriSVqtx2kdfcS3FYkHPLZ7Eg:MhnVvEsdBvWjWh4j; Expires=Mon, 13-Oct-2025 12:45:05 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 14 Oct 2023 12:45:05 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AVQVeyxMtM0NHdeIh0pUzgrWl4G3xebCc_8_f0JLxJNRk7zGLBZKccXOnPE4GExUZaaHwtkr73w5Cg
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport, script-src 'nonce-tj1yJ3VD2MM4l6CsI4nC6Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: unsafe-none
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
forgotingolstono.com/utx?cb=wtiBHGd6Hvo8&top=www.upload.ee&tid=997369
65.9.55.103204 No Content 0 B URL GET HTTP/2 forgotingolstono.com/utx?cb=wtiBHGd6Hvo8&top=www.upload.ee&tid=997369
IP 65.9.55.103:443
Requested by https://www.upload.ee/files/15806824/________________________________________________.pdf.exe.html?msg=sess_error
Certificate IssuerAmazon
Subjectforgotingolstono.com
Fingerprint7C:16:DA:EA:ED:10:BC:84:3B:B8:08:EE:1E:92:2A:DE:2F:F7:70:02
ValidityWed, 04 Oct 2023 00:00:00 GMT - Sat, 02 Nov 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=wtiBHGd6Hvo8&top=www.upload.ee&tid=997369 HTTP/1.1
Host: forgotingolstono.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.upload.ee
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
date: Sat, 14 Oct 2023 12:45:05 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://www.upload.ee
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sat, 14 Oct 2023 12:46:05 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 d42e11d52edd8bb7c6c82444d8414824.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: yrTRjHBLNmyYDVHttLuzb2is5_lZXuo0NxG2kwxxubzH63z7dfxSjg==
X-Firefox-Spdy: h2
forgotingolstono.com/utx?cb=tgAxpKYXtVZh&top=www.upload.ee&tid=997414
65.9.55.103204 No Content 0 B URL GET HTTP/2 forgotingolstono.com/utx?cb=tgAxpKYXtVZh&top=www.upload.ee&tid=997414
IP 65.9.55.103:443
Requested by https://www.upload.ee/files/15806824/________________________________________________.pdf.exe.html?msg=sess_error
Certificate IssuerAmazon
Subjectforgotingolstono.com
Fingerprint7C:16:DA:EA:ED:10:BC:84:3B:B8:08:EE:1E:92:2A:DE:2F:F7:70:02
ValidityWed, 04 Oct 2023 00:00:00 GMT - Sat, 02 Nov 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=tgAxpKYXtVZh&top=www.upload.ee&tid=997414 HTTP/1.1
Host: forgotingolstono.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.upload.ee
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
date: Sat, 14 Oct 2023 12:45:05 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://www.upload.ee
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sat, 14 Oct 2023 12:46:05 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 d42e11d52edd8bb7c6c82444d8414824.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: LQtieR8b6yuzDrcfI1S71JE03qqBtKXvMlE-l1NatwTRtTbP6YMfFw==
X-Firefox-Spdy: h2
accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AVQVeywfVz5w8GAVx2PmtbpftFDrp11La12ETn8okkbSOJWYxeqkZCFkBUAJuNb_sgnoPfuR48gkTQ
142.250.74.109302 Found 406 B URL GET HTTP/2 accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AVQVeywfVz5w8GAVx2PmtbpftFDrp11La12ETn8okkbSOJWYxeqkZCFkBUAJuNb_sgnoPfuR48gkTQ
IP 142.250.74.109:443
Requested by https://www.upload.ee/files/15806824/________________________________________________.pdf.exe.html?msg=sess_error
Certificate IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
Fingerprint4A:5A:3C:9D:EC:4D:02:20:DE:B6:76:11:1C:40:B5:78:E9:AA:A6:0D
ValidityMon, 18 Sep 2023 08:25:15 GMT - Mon, 11 Dec 2023 08:25:14 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (398)
Hash 36569b69c7614d64be5c538416d3128d
38c30b95d34320d9c319bf41ba4abddd6615ea57
2b691ae219a48baccaa454219d6646632cac231c437c0a5e6cc9c95d07f508a9
GET /InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AVQVeywfVz5w8GAVx2PmtbpftFDrp11La12ETn8okkbSOJWYxeqkZCFkBUAJuNb_sgnoPfuR48gkTQ HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:oAn5iJxJtv_U-UflRh5OeehYahhj7g:2ekxnBonGnVCHbsJ;Path=/;Expires=Mon, 13-Oct-2025 12:45:05 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 14 Oct 2023 12:45:05 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AVQVeywQlFPa68AZnrYkfgWxhm1bgBn3Beyjn-jn6thRjSJdT3TDT6nQj8Q4CI6VosY83BFSPJ7X_g&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S738281720%3A1697287505901908&theme=glif
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-1FKamr3575N6Hll9tLEBdw' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 406
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
du0pud0sdlmzf.cloudfront.net/RSWhQQTkqBz4nBj0BNHwAcF9kcQFvAiMuVzlVIRNhBl8deEgNAB0ibD9ddjVDLVVgZ1UoBjd8HywGM3wIbwk0IwR9TiUgBCQHKihVJQl1c398RmBkC3lAKHAIbFsSZAt5BDkvTDFNYnFBcV4Pdw1sWxJkC3kaJmQKCFlgeBd5QXVzCS4NMypWbFoWcwl4WG-BwCXhNYnFfIBo1J1YxTWIHCHhZfnEfPFVh
143.204.42.211 192 B URL du0pud0sdlmzf.cloudfront.net/RSWhQQTkqBz4nBj0BNHwAcF9kcQFvAiMuVzlVIRNhBl8deEgNAB0ibD9ddjVDLVVgZ1UoBjd8HywGM3wIbwk0IwR9TiUgBCQHKihVJQl1c398RmBkC3lAKHAIbFsSZAt5BDkvTDFNYnFBcV4Pdw1sWxJkC3kaJmQKCFlgeBd5QXVzCS4NMypWbFoWcwl4WG-BwCXhNYnFfIBo1J1YxTWIHCHhZfnEfPFVh
IP 143.204.42.211:0
Certificate IssuerAmazon
Subject*.cloudfront.net
FingerprintBA:0F:CD:B3:EA:19:B2:9D:99:9B:51:2D:16:33:6B:D0:3F:31:A2:AB
ValidityThu, 08 Dec 2022 00:00:00 GMT - Thu, 07 Dec 2023 23:59:59 GMT
File type ASCII text, with no line terminators
Hash 4b63a04ed7040716c5c6d73693c03ef1
7df26a55157b1e7ab0b177ec4739b3dd2c21380f
265013a89db8c9b63c8b855dc6a679bf64d7a156515d77724825567b8a64ae81
GET /RSWhQQTkqBz4nBj0BNHwAcF9kcQFvAiMuVzlVIRNhBl8deEgNAB0ibD9ddjVDLVVgZ1UoBjd8HywGM3wIbwk0IwR9TiUgBCQHKihVJQl1c398RmBkC3lAKHAIbFsSZAt5BDkvTDFNYnFBcV4Pdw1sWxJkC3kaJmQKCFlgeBd5QXVzCS4NMypWbFoWcwl4WG-BwCXhNYnFfIBo1J1YxTWIHCHhZfnEfPFVh HTTP/1.1
Host: du0pud0sdlmzf.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://forgotingolstono.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 192
date: Sat, 14 Oct 2023 12:45:06 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 814e8c24454087e83cd261a6cf477166.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: RVSV4ZVcd6EOws9WASah3lPEaGXLuwvctujvrk9uhqzyt7gNYkUJVw==
X-Firefox-Spdy: h2
du0pud0sdlmzf.cloudfront.net/FS0RrNHooKwVSRT8tDwlDcnNfBU5tLhhbFDt5PV0zABQYZA4AARtbDW0wEVBHe2IHVRQseU1RFCh5WhIbLyZWAFw/NARfRyI9GF8TPTAZRxhtMQoJFyQ+AlgWKmFZck9ldE4GSmM8WgVfeAZOBkonLQVBAm52W0xCfRtdAF94Bk4GSjkyTgc7enRSGkpiYV-kEHS4nAFtfeQJZBEt7dFoES252W1ITOSENWwJudi0FS3pqWxIPdnU
143.204.42.211 575 B URL du0pud0sdlmzf.cloudfront.net/FS0RrNHooKwVSRT8tDwlDcnNfBU5tLhhbFDt5PV0zABQYZA4AARtbDW0wEVBHe2IHVRQseU1RFCh5WhIbLyZWAFw/NARfRyI9GF8TPTAZRxhtMQoJFyQ+AlgWKmFZck9ldE4GSmM8WgVfeAZOBkonLQVBAm52W0xCfRtdAF94Bk4GSjkyTgc7enRSGkpiYV-kEHS4nAFtfeQJZBEt7dFoES252W1ITOSENWwJudi0FS3pqWxIPdnU
IP 143.204.42.211:0
Certificate IssuerAmazon
Subject*.cloudfront.net
FingerprintBA:0F:CD:B3:EA:19:B2:9D:99:9B:51:2D:16:33:6B:D0:3F:31:A2:AB
ValidityThu, 08 Dec 2022 00:00:00 GMT - Thu, 07 Dec 2023 23:59:59 GMT
File type ASCII text, with very long lines (801), with no line terminators
Hash 996a0c75f4d2fd30947b68ac2725424c
87a540ab7f658aef78365b1cf741209eb914a718
e7a374d92caa94d4e353e63594a763b4537ea239f35d72e2461c4be79b85cb21
GET /FS0RrNHooKwVSRT8tDwlDcnNfBU5tLhhbFDt5PV0zABQYZA4AARtbDW0wEVBHe2IHVRQseU1RFCh5WhIbLyZWAFw/NARfRyI9GF8TPTAZRxhtMQoJFyQ+AlgWKmFZck9ldE4GSmM8WgVfeAZOBkonLQVBAm52W0xCfRtdAF94Bk4GSjkyTgc7enRSGkpiYV-kEHS4nAFtfeQJZBEt7dFoES252W1ITOSENWwJudi0FS3pqWxIPdnU HTTP/1.1
Host: du0pud0sdlmzf.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://forgotingolstono.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 575
date: Sat, 14 Oct 2023 12:45:06 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 814e8c24454087e83cd261a6cf477166.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: wMUMKfdPckW13R8Xn6APuSipZAKDzjajXlJkWtXGCCrbksMAE3yeSw==
X-Firefox-Spdy: h2
du0pud0sdlmzf.cloudfront.net/8ck1MNG8RIiJSUAYkKAlWS3p/AlZUJz9bAQJwAHE5MAV9VglKazhOC099algOHCpxEgocLnEFSRMpLglbVDk8WwRPJDVHBBs7OEYcEGs5VVIfIjZdAx4saQYpR2N8EV1CZTQFXld+DhFdQiElWhoKaH4EF0p7EwJbV34OEV1CPzoRXDN8fA1BQmRpBl8VKC-9fAFd/CgZfQ318BV9DaH4ECRs/KVIACmh+cl5DfGIESQdwfQ
143.204.42.211 606 B URL du0pud0sdlmzf.cloudfront.net/8ck1MNG8RIiJSUAYkKAlWS3p/AlZUJz9bAQJwAHE5MAV9VglKazhOC099algOHCpxEgocLnEFSRMpLglbVDk8WwRPJDVHBBs7OEYcEGs5VVIfIjZdAx4saQYpR2N8EV1CZTQFXld+DhFdQiElWhoKaH4EF0p7EwJbV34OEV1CPzoRXDN8fA1BQmRpBl8VKC-9fAFd/CgZfQ318BV9DaH4ECRs/KVIACmh+cl5DfGIESQdwfQ
IP 143.204.42.211:0
Certificate IssuerAmazon
Subject*.cloudfront.net
FingerprintBA:0F:CD:B3:EA:19:B2:9D:99:9B:51:2D:16:33:6B:D0:3F:31:A2:AB
ValidityThu, 08 Dec 2022 00:00:00 GMT - Thu, 07 Dec 2023 23:59:59 GMT
File type ASCII text, with very long lines (865), with no line terminators
Hash d66ae5245560fc08cb4d92efbc87b8d4
47adcc81360e8191c891e316db33c118ac3635b0
db1b343493c1d924776cac4bb95c64000eff5055137eea39f3df3f137d2dd02f
GET /8ck1MNG8RIiJSUAYkKAlWS3p/AlZUJz9bAQJwAHE5MAV9VglKazhOC099algOHCpxEgocLnEFSRMpLglbVDk8WwRPJDVHBBs7OEYcEGs5VVIfIjZdAx4saQYpR2N8EV1CZTQFXld+DhFdQiElWhoKaH4EF0p7EwJbV34OEV1CPzoRXDN8fA1BQmRpBl8VKC-9fAFd/CgZfQ318BV9DaH4ECRs/KVIACmh+cl5DfGIESQdwfQ HTTP/1.1
Host: du0pud0sdlmzf.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://forgotingolstono.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 606
date: Sat, 14 Oct 2023 12:45:06 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 814e8c24454087e83cd261a6cf477166.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 8BN7nQ4MKgHk7qFtKyHzqyUdaiql7GYmVCQe3U006iCoOpiZiF9HSw==
X-Firefox-Spdy: h2
accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AVQVeyxMtM0NHdeIh0pUzgrWl4G3xebCc_8_f0JLxJNRk7zGLBZKccXOnPE4GExUZaaHwtkr73w5Cg
142.250.74.109302 Found 404 B URL GET HTTP/3 accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AVQVeyxMtM0NHdeIh0pUzgrWl4G3xebCc_8_f0JLxJNRk7zGLBZKccXOnPE4GExUZaaHwtkr73w5Cg
IP 142.250.74.109:443
Requested by https://www.upload.ee/files/15806824/________________________________________________.pdf.exe.html?msg=sess_error
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint09:1E:68:9F:BD:40:4B:47:8D:AC:BE:FE:EF:35:D6:52:C1:A0:EC:9F
ValidityMon, 18 Sep 2023 08:19:26 GMT - Mon, 11 Dec 2023 08:19:25 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (393)
Hash 276d9f71b3f20e8aa99fc2c931c40cfd
a9cffb0800085a17cfbec0866b7c3bc96a9430f8
120542bb1cc42289dd30dfe9a9d5c7a5d1bb0be72afc9eb88e197c0901802731
GET /InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AVQVeyxMtM0NHdeIh0pUzgrWl4G3xebCc_8_f0JLxJNRk7zGLBZKccXOnPE4GExUZaaHwtkr73w5Cg HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:IYTFUmvcaCZSVjeZ_E4hGFl0Ffx__Q:s34-N_7I5_XunZGr;Path=/;Expires=Mon, 13-Oct-2025 12:45:06 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 14 Oct 2023 12:45:06 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AVQVeyxPP9L-G9nx3JYVQaOG8SC_R40ZDBFrSIl3AkfDddZmFChkyjAjK6hXnGLdBJ5kPLSeS5dU&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-703825681%3A1697287506156431&theme=glif
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-security-policy: script-src 'nonce-0IA8vCCgIGaXutWRDgQ-2Q' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 404
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
blicatedlitytl.info/SWZZVDlmWTonBBwgA2VaMzwpDQktJRsDXS40DA14EDEfFmsuK38gUC1bYG0OelBgckkgAmRlHzoSOCBMOltqZAl4QDA6XyZbaWQJeEAvaQhnVW16Cn1IaXJMdFJobQxxXm9jCHtfbGQAeEAtJFguW2hyST0SNWkIf19uZgF+U2ljCHBU
188.114.97.1204 No Content 0 B URL POST HTTP/3 blicatedlitytl.info/SWZZVDlmWTonBBwgA2VaMzwpDQktJRsDXS40DA14EDEfFmsuK38gUC1bYG0OelBgckkgAmRlHzoSOCBMOltqZAl4QDA6XyZbaWQJeEAvaQhnVW16Cn1IaXJMdFJobQxxXm9jCHtfbGQAeEAtJFguW2hyST0SNWkIf19uZgF+U2ljCHBU
IP 188.114.97.1:443
Requested by https://www.upload.ee/files/15806824/________________________________________________.pdf.exe.html?msg=sess_error
Certificate IssuerGoogle Trust Services LLC
Subjectblicatedlitytl.info
FingerprintC4:A3:7B:D1:18:B2:B1:F5:7E:A8:42:31:5C:03:85:97:D4:91:7B:EE
ValidityThu, 12 Oct 2023 08:51:17 GMT - Wed, 10 Jan 2024 08:51:16 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /SWZZVDlmWTonBBwgA2VaMzwpDQktJRsDXS40DA14EDEfFmsuK38gUC1bYG0OelBgckkgAmRlHzoSOCBMOltqZAl4QDA6XyZbaWQJeEAvaQhnVW16Cn1IaXJMdFJobQxxXm9jCHtfbGQAeEAtJFguW2hyST0SNWkIf19uZgF+U2ljCHBU HTTP/1.1
Host: blicatedlitytl.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.upload.ee
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/3 204 No Content
date: Sat, 14 Oct 2023 12:45:06 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YMEnDA5sPCi9XZwgro4w4mHUmbQvzt%2F5FF0o0Y%2BrzqsyY8iaq2A%2FaFAjVS%2BO%2BZSGETkXZVKY6mlE65xMLa9aXVg%2Bw2F0btd6BVRYUIktglaz5HhCNhbOAzbEeEhDt9%2FtNZt%2BAXw6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 815feae44d3bb505-OSL
alt-svc: h3=":443"; ma=86400
accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AVQVeyxPP9L-G9nx3JYVQaOG8SC_R40ZDBFrSIl3AkfDddZmFChkyjAjK6hXnGLdBJ5kPLSeS5dU&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-703825681%3A1697287506156431&theme=glif
142.250.74.109403 Forbidden 2.2 kB URL GET HTTP/3 accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AVQVeyxPP9L-G9nx3JYVQaOG8SC_R40ZDBFrSIl3AkfDddZmFChkyjAjK6hXnGLdBJ5kPLSeS5dU&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-703825681%3A1697287506156431&theme=glif
IP 142.250.74.109:443
Requested by https://www.upload.ee/files/15806824/________________________________________________.pdf.exe.html?msg=sess_error
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint09:1E:68:9F:BD:40:4B:47:8D:AC:BE:FE:EF:35:D6:52:C1:A0:EC:9F
ValidityMon, 18 Sep 2023 08:19:26 GMT - Mon, 11 Dec 2023 08:19:25 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (1656)
Hash 1fe849b9e288a085cfe9916fe386a112
22067f25e11221994450df61550b716a30c56df2
d52d9ed300b01054aa3aea651e026ed85c02494a4cf9d87f066da8598976c127
GET /v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AVQVeyxPP9L-G9nx3JYVQaOG8SC_R40ZDBFrSIl3AkfDddZmFChkyjAjK6hXnGLdBJ5kPLSeS5dU&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-703825681%3A1697287506156431&theme=glif HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 14 Oct 2023 12:45:06 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-4vNk_UaJVa7Kd0lZ9H6fSA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
static.bepolite.eu/scripts/saresponsive.js
212.47.222.20200 OK 177 kB URL GET HTTP/2 static.bepolite.eu/scripts/saresponsive.js
IP 212.47.222.20:443
ASN #3327 CITIC Telecom CPC Netherlands B.V.
Requested by https://www.upload.ee/files/15806824/________________________________________________.pdf.exe.html?msg=sess_error
Certificate IssuerLet's Encrypt
Subjectstatic.bepolite.eu
FingerprintB7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD
ValidityMon, 04 Sep 2023 21:06:47 GMT - Sun, 03 Dec 2023 21:06:46 GMT
File type ASCII text, with very long lines (32077), with CRLF line terminators
Size 177 kB (176966 bytes)
Hash 8b966d35075632aae6108d54928c2ae9
c76f1c7ab28ade483e7a852c049eeb5bddaf4e5e
da22da01f20d28d9171f8107e155ca01f9811d6abcd3b64dbeb832ec6c34578e
GET /scripts/saresponsive.js HTTP/1.1
Host: static.bepolite.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
accept-ranges: bytes
etag: "3036610600"
last-modified: Mon, 09 Oct 2023 23:05:33 GMT
content-length: 176966
date: Sat, 14 Oct 2023 12:45:00 GMT
cache-control: must-revalidate, private
expires: -1
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 773303348
age: 0
X-Firefox-Spdy: h2
static.bepolite.eu/files/close-gray.png
212.47.222.20200 OK 1.5 kB URL GET HTTP/2 static.bepolite.eu/files/close-gray.png
IP 212.47.222.20:443
ASN #3327 CITIC Telecom CPC Netherlands B.V.
Requested by https://www.upload.ee/files/15806824/________________________________________________.pdf.exe.html?msg=sess_error
Certificate IssuerLet's Encrypt
Subjectstatic.bepolite.eu
FingerprintB7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD
ValidityMon, 04 Sep 2023 21:06:47 GMT - Sun, 03 Dec 2023 21:06:46 GMT
File type PNG image data, 35 x 35, 8-bit/color RGBA, non-interlaced\012- data
Hash 41d9676ab94bece3f7a549b4769ddbe2
521f14490fc57fea51e2e5bf00e2299dce51561b
c2f89787bda82263fceb9ec11d398fa83a5f22abf248956df29bdee2987d2f34
GET /files/close-gray.png HTTP/1.1
Host: static.bepolite.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/png
accept-ranges: bytes
etag: "3930991918"
last-modified: Fri, 08 Apr 2022 18:07:56 GMT
content-length: 1497
date: Sat, 14 Oct 2023 12:45:01 GMT
cache-control: must-revalidate, private
expires: -1
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 773531433
age: 0
X-Firefox-Spdy: h2
banner.hookusbookus.com/config/config.js?v=1
3.65.16.162200 OK 75 B URL GET HTTP/2 banner.hookusbookus.com/config/config.js?v=1
IP 3.65.16.162:443
Requested by https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF6jOLAWoJbzeTOeBVb06QiapaXkzxQBSIBEvnomftsApUpqUGnYdGy2HxkxXJfZhEoui-G1q_vDkHC02gKnuSEZWPCqD0vIIyRGE88cgX8cIT2jfKNh08u_SVnKfUHX2-Fl4QNZMEYupdtDrXnQJV2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF6jOLAWoJbzeTOeBVb06QiapaXkzxQBSIBEvnomftsApUpqUGnYdGy2HxkxXJfZhEoui-G1q_vDkHC02gKnuSEZWPCqD0vIIyRGE88cgX8cIT2jfKNh08u_SVnKfUHX2-Fl4QNZMEYupdtDrXnQJV2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=129c0d359bec46149fd9f0dec164740650dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerAmazon
Subject*.hookusbookus.com
FingerprintCD:CD:3C:03:66:21:F8:A9:21:BC:F8:C8:3C:DC:88:0A:C5:19:F1:7A
ValiditySun, 07 May 2023 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT
Hash ee16e21326dec006274a554647c4d759
8e4389c35e12ea6d1e4d7214c174fda343047865
5ccb649c18765165e7128191ea14ab53d8de87d6ad7eea29328b681d455d7a4f
GET /config/config.js?v=1 HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/index_300x600.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF6jOLAWoJbzeTOeBVb06QiapaXkzxQBSIBEvnomftsApUpqUGnYdGy2HxkxXJfZhEoui-G1q_vDkHC02gKnuSEZWPCqD0vIIyRGE88cgX8cIT2jfKNh08u_SVnKfUHX2-Fl4QNZMEYupdtDrXnQJV2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3GkrPtl30bRttEg6xGYsRnFbaKN4yJEFlwh9HrIZUdSqf8rsm0xg-WHbjnoMbP7Vra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF6jOLAWoJbzeTOeBVb06QiapaXkzxQBSIBEvnomftsApUpqUGnYdGy2HxkxXJfZhEoui-G1q_vDkHC02gKnuSEZWPCqD0vIIyRGE88cgX8cIT2jfKNh08u_SVnKfUHX2-Fl4QNZMEYupdtDrXnQJV2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3GkrPtl30bRttEg6xGYsRnFbaKN4yJEFlwh9HrIZUdSqf8rsm0xg-WHbjnoMbP7Vra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_300x600.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=66baacca7d4948f283e04dc97ef2612850dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=300&h=600&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 14 Oct 2023 12:45:07 GMT
content-type: application/javascript
content-length: 75
server: nginx/1.15.12
last-modified: Tue, 24 Jan 2023 14:19:47 GMT
etag: "63cfe903-4b"
accept-ranges: bytes
X-Firefox-Spdy: h2
serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF6jOLAWoJbzeTOeBVb06QiapaXkzxQBSIBEvnomftsApUpqUGnYdGy2HxkxXJfZhEoui-G1q_vDkHC02gKnuSEZWPCqD0vIIyRGE88cgX8cIT2jfKNh08u_SVnKfUHX2-Fl4QNZMEYupdtDrXnQJV2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g
212.47.222.20200 OK 0 B URL GET HTTP/2 serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF6jOLAWoJbzeTOeBVb06QiapaXkzxQBSIBEvnomftsApUpqUGnYdGy2HxkxXJfZhEoui-G1q_vDkHC02gKnuSEZWPCqD0vIIyRGE88cgX8cIT2jfKNh08u_SVnKfUHX2-Fl4QNZMEYupdtDrXnQJV2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g
IP 212.47.222.20:443
ASN #3327 CITIC Telecom CPC Netherlands B.V.
Requested by https://www.upload.ee/files/15806824/________________________________________________.pdf.exe.html?msg=sess_error
Certificate IssuerLet's Encrypt
Subjectstatic.bepolite.eu
FingerprintB7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD
ValidityMon, 04 Sep 2023 21:06:47 GMT - Sun, 03 Dec 2023 21:06:46 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /event?key=FYFWuDany3hwv6rfuoAYF6jOLAWoJbzeTOeBVb06QiapaXkzxQBSIBEvnomftsApUpqUGnYdGy2HxkxXJfZhEoui-G1q_vDkHC02gKnuSEZWPCqD0vIIyRGE88cgX8cIT2jfKNh08u_SVnKfUHX2-Fl4QNZMEYupdtDrXnQJV2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g HTTP/1.1
Host: serving.bepolite.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Cookie: bepolite_id=e4cc63bcba8733b63c72f09636d2c1b5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 0
date: Sat, 14 Oct 2023 12:45:03 GMT
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 773368711
age: 0
accept-ranges: bytes
X-Firefox-Spdy: h2
serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF6jOLAWoJbzeTOeBVb06QiapaXkzxQBSIBEvnomftsApUpqUGnYdGy2HxkxXJfZhEoui-G1q_vDkHC02gKnuSEZWPCqD0vIIyRGE88cgX8cIT2jfKNh08u_SVnKfUHX2-Fl4QNZMEYupdtDrXnQJV2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3GkrPtl30bRttEg6xGYsRnFbaKN4yJEFlwh9HrIZUdSqf8rsm0xg-WHbjnoMbP7Vra5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g
212.47.222.20200 OK 0 B URL GET HTTP/2 serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF6jOLAWoJbzeTOeBVb06QiapaXkzxQBSIBEvnomftsApUpqUGnYdGy2HxkxXJfZhEoui-G1q_vDkHC02gKnuSEZWPCqD0vIIyRGE88cgX8cIT2jfKNh08u_SVnKfUHX2-Fl4QNZMEYupdtDrXnQJV2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3GkrPtl30bRttEg6xGYsRnFbaKN4yJEFlwh9HrIZUdSqf8rsm0xg-WHbjnoMbP7Vra5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g
IP 212.47.222.20:443
ASN #3327 CITIC Telecom CPC Netherlands B.V.
Requested by https://www.upload.ee/files/15806824/________________________________________________.pdf.exe.html?msg=sess_error
Certificate IssuerLet's Encrypt
Subjectstatic.bepolite.eu
FingerprintB7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD
ValidityMon, 04 Sep 2023 21:06:47 GMT - Sun, 03 Dec 2023 21:06:46 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /event?key=FYFWuDany3hwv6rfuoAYF6jOLAWoJbzeTOeBVb06QiapaXkzxQBSIBEvnomftsApUpqUGnYdGy2HxkxXJfZhEoui-G1q_vDkHC02gKnuSEZWPCqD0vIIyRGE88cgX8cIT2jfKNh08u_SVnKfUHX2-Fl4QNZMEYupdtDrXnQJV2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3GkrPtl30bRttEg6xGYsRnFbaKN4yJEFlwh9HrIZUdSqf8rsm0xg-WHbjnoMbP7Vra5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g HTTP/1.1
Host: serving.bepolite.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Cookie: bepolite_id=e4cc63bcba8733b63c72f09636d2c1b5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 0
date: Sat, 14 Oct 2023 12:45:00 GMT
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 772066960
age: 0
accept-ranges: bytes
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
188.114.96.1200 OK 102 kB IP 188.114.96.1:443
Requested by https://www.upload.ee/files/15806824/________________________________________________.pdf.exe.html?msg=sess_error
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint17:F9:2D:6F:B5:5E:5F:37:A6:FB:BE:61:4F:97:64:33:85:5C:3A:FB
ValidityTue, 28 Feb 2023 00:00:00 GMT - Tue, 27 Feb 2024 23:59:59 GMT
Size 102 kB (102475 bytes)
Hash f2ae432186eb28b23f2e8cc79417365c
375a04385352442f2298ec8134619800563b53ac
109c7cf44e2a4d587f2bb72a3d20316539c8af8f3de5b693be1f01ef51963f10
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
Origin: https://www.upload.ee
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 14 Oct 2023 12:45:05 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://www.upload.ee
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 4697
last-modified: Sat, 14 Oct 2023 11:26:48 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ocphbMOxJLAQBk17FCMOFq%2FSfKn7ft6v0rHWPUaNFLC7jgvJ2KAPQE7alq79WnCeiI3tLHar4mPKuQRyCVPuWlvZcSAZLttwseSDc7w8zAy4HInvwSoot%2B2ly1%2FvrVRP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 815feadfc97c568a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
banner.hookusbookus.com/assets/js/jquery.min.js
3.65.16.162200 OK 84 kB URL GET HTTP/2 banner.hookusbookus.com/assets/js/jquery.min.js
IP 3.65.16.162:443
Requested by https://banner.hookusbookus.com/index_300x600.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF6jOLAWoJbzeTOeBVb06QiapaXkzxQBSIBEvnomftsApUpqUGnYdGy2HxkxXJfZhEoui-G1q_vDkHC02gKnuSEZWPCqD0vIIyRGE88cgX8cIT2jfKNh08u_SVnKfUHX2-Fl4QNZMEYupdtDrXnQJV2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3GkrPtl30bRttEg6xGYsRnFbaKN4yJEFlwh9HrIZUdSqf8rsm0xg-WHbjnoMbP7Vra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF6jOLAWoJbzeTOeBVb06QiapaXkzxQBSIBEvnomftsApUpqUGnYdGy2HxkxXJfZhEoui-G1q_vDkHC02gKnuSEZWPCqD0vIIyRGE88cgX8cIT2jfKNh08u_SVnKfUHX2-Fl4QNZMEYupdtDrXnQJV2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3GkrPtl30bRttEg6xGYsRnFbaKN4yJEFlwh9HrIZUdSqf8rsm0xg-WHbjnoMbP7Vra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_300x600.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=66baacca7d4948f283e04dc97ef2612850dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=300&h=600&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerAmazon
Subject*.hookusbookus.com
FingerprintCD:CD:3C:03:66:21:F8:A9:21:BC:F8:C8:3C:DC:88:0A:C5:19:F1:7A
ValiditySun, 07 May 2023 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT
File type gzip compressed data, from Unix\012- data
Hash 0916059107c0f58599101f895170bff8
46ec4413262e861f4ec1de96c6a677ff2734064d
7885bf57f3c92cab8c85714717e0eee788ca93008abaaee93ed3d0481825ca3b
GET /assets/js/jquery.min.js HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF6jOLAWoJbzeTOeBVb06QiapaXkzxQBSIBEvnomftsApUpqUGnYdGy2HxkxXJfZhEoui-G1q_vDkHC02gKnuSEZWPCqD0vIIyRGE88cgX8cIT2jfKNh08u_SVnKfUHX2-Fl4QNZMEYupdtDrXnQJV2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF6jOLAWoJbzeTOeBVb06QiapaXkzxQBSIBEvnomftsApUpqUGnYdGy2HxkxXJfZhEoui-G1q_vDkHC02gKnuSEZWPCqD0vIIyRGE88cgX8cIT2jfKNh08u_SVnKfUHX2-Fl4QNZMEYupdtDrXnQJV2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=129c0d359bec46149fd9f0dec164740650dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 14 Oct 2023 12:45:07 GMT
content-type: application/javascript
server: nginx/1.15.12
last-modified: Thu, 22 Apr 2021 07:20:15 GMT
vary: Accept-Encoding
etag: W/"608123af-15d84"
content-encoding: gzip
X-Firefox-Spdy: h2
banner.hookusbookus.com/assets/fonts/greycliff-cf-bold.woff
3.65.16.162200 OK 53 kB URL GET HTTP/2 banner.hookusbookus.com/assets/fonts/greycliff-cf-bold.woff
IP 3.65.16.162:443
Requested by https://banner.hookusbookus.com/index_300x600.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF6jOLAWoJbzeTOeBVb06QiapaXkzxQBSIBEvnomftsApUpqUGnYdGy2HxkxXJfZhEoui-G1q_vDkHC02gKnuSEZWPCqD0vIIyRGE88cgX8cIT2jfKNh08u_SVnKfUHX2-Fl4QNZMEYupdtDrXnQJV2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3GkrPtl30bRttEg6xGYsRnFbaKN4yJEFlwh9HrIZUdSqf8rsm0xg-WHbjnoMbP7Vra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF6jOLAWoJbzeTOeBVb06QiapaXkzxQBSIBEvnomftsApUpqUGnYdGy2HxkxXJfZhEoui-G1q_vDkHC02gKnuSEZWPCqD0vIIyRGE88cgX8cIT2jfKNh08u_SVnKfUHX2-Fl4QNZMEYupdtDrXnQJV2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3GkrPtl30bRttEg6xGYsRnFbaKN4yJEFlwh9HrIZUdSqf8rsm0xg-WHbjnoMbP7Vra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_300x600.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=66baacca7d4948f283e04dc97ef2612850dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=300&h=600&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerAmazon
Subject*.hookusbookus.com
FingerprintCD:CD:3C:03:66:21:F8:A9:21:BC:F8:C8:3C:DC:88:0A:C5:19:F1:7A
ValiditySun, 07 May 2023 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT
File type Web Open Font Format, TrueType, length 53208, version 1.500\012- data
Hash c03dece8ec0635406a35b888337dca8f
b72706815dccadd44dba1693ed8865b41782b14f
092416b2a5cbe9f6596ff7ee177db702262c64326231a3664a34a65c861601b1
GET /assets/fonts/greycliff-cf-bold.woff HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/assets/css/index_300x600.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 14 Oct 2023 12:45:07 GMT
content-type: font/woff
content-length: 53208
server: nginx/1.15.12
last-modified: Thu, 22 Apr 2021 07:20:15 GMT
etag: "608123af-cfd8"
accept-ranges: bytes
X-Firefox-Spdy: h2
banner.hookusbookus.com/assets/image/prices-bg-3.png
3.65.16.162200 OK 2.4 kB URL GET HTTP/2 banner.hookusbookus.com/assets/image/prices-bg-3.png
IP 3.65.16.162:443
Requested by https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF6jOLAWoJbzeTOeBVb06QiapaXkzxQBSIBEvnomftsApUpqUGnYdGy2HxkxXJfZhEoui-G1q_vDkHC02gKnuSEZWPCqD0vIIyRGE88cgX8cIT2jfKNh08u_SVnKfUHX2-Fl4QNZMEYupdtDrXnQJV2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF6jOLAWoJbzeTOeBVb06QiapaXkzxQBSIBEvnomftsApUpqUGnYdGy2HxkxXJfZhEoui-G1q_vDkHC02gKnuSEZWPCqD0vIIyRGE88cgX8cIT2jfKNh08u_SVnKfUHX2-Fl4QNZMEYupdtDrXnQJV2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=129c0d359bec46149fd9f0dec164740650dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerAmazon
Subject*.hookusbookus.com
FingerprintCD:CD:3C:03:66:21:F8:A9:21:BC:F8:C8:3C:DC:88:0A:C5:19:F1:7A
ValiditySun, 07 May 2023 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT
File type PNG image data, 250 x 118, 8-bit/color RGBA, non-interlaced\012- data
Hash ef56eff9c1246b25c0088c156116ae05
21f5a8245443365c960a196d005277a3c5ef4709
be624625b85909d1b549672c0a13b167751f842e035c3156f1d5e4a1b677ce54
GET /assets/image/prices-bg-3.png HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/assets/css/index_1000x200.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 14 Oct 2023 12:45:07 GMT
content-type: image/png
content-length: 2442
server: nginx/1.15.12
last-modified: Thu, 22 Apr 2021 07:20:15 GMT
etag: "608123af-98a"
accept-ranges: bytes
X-Firefox-Spdy: h2
banner.hookusbookus.com/assets/js/jquery.min.js
3.65.16.162200 OK 125 kB URL GET HTTP/2 banner.hookusbookus.com/assets/js/jquery.min.js
IP 3.65.16.162:443
Requested by https://banner.hookusbookus.com/index_300x600.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF6jOLAWoJbzeTOeBVb06QiapaXkzxQBSIBEvnomftsApUpqUGnYdGy2HxkxXJfZhEoui-G1q_vDkHC02gKnuSEZWPCqD0vIIyRGE88cgX8cIT2jfKNh08u_SVnKfUHX2-Fl4QNZMEYupdtDrXnQJV2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3GkrPtl30bRttEg6xGYsRnFbaKN4yJEFlwh9HrIZUdSqf8rsm0xg-WHbjnoMbP7Vra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF6jOLAWoJbzeTOeBVb06QiapaXkzxQBSIBEvnomftsApUpqUGnYdGy2HxkxXJfZhEoui-G1q_vDkHC02gKnuSEZWPCqD0vIIyRGE88cgX8cIT2jfKNh08u_SVnKfUHX2-Fl4QNZMEYupdtDrXnQJV2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3GkrPtl30bRttEg6xGYsRnFbaKN4yJEFlwh9HrIZUdSqf8rsm0xg-WHbjnoMbP7Vra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_300x600.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=66baacca7d4948f283e04dc97ef2612850dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=300&h=600&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerAmazon
Subject*.hookusbookus.com
FingerprintCD:CD:3C:03:66:21:F8:A9:21:BC:F8:C8:3C:DC:88:0A:C5:19:F1:7A
ValiditySun, 07 May 2023 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT
File type gzip compressed data, from Unix\012- data
Size 125 kB (125118 bytes)
Hash c02cb87f39d492ea5abd7b67e00b3f5e
87f33cc195d3e7ffae9d788a1db8c9093103c1eb
50a7b9edf3a6c39fd6bdd5b5522627fcd9272616d1b1dfed2b4e3755ead556de
GET /assets/js/jquery.min.js HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/index_300x600.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF6jOLAWoJbzeTOeBVb06QiapaXkzxQBSIBEvnomftsApUpqUGnYdGy2HxkxXJfZhEoui-G1q_vDkHC02gKnuSEZWPCqD0vIIyRGE88cgX8cIT2jfKNh08u_SVnKfUHX2-Fl4QNZMEYupdtDrXnQJV2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3GkrPtl30bRttEg6xGYsRnFbaKN4yJEFlwh9HrIZUdSqf8rsm0xg-WHbjnoMbP7Vra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF6jOLAWoJbzeTOeBVb06QiapaXkzxQBSIBEvnomftsApUpqUGnYdGy2HxkxXJfZhEoui-G1q_vDkHC02gKnuSEZWPCqD0vIIyRGE88cgX8cIT2jfKNh08u_SVnKfUHX2-Fl4QNZMEYupdtDrXnQJV2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3GkrPtl30bRttEg6xGYsRnFbaKN4yJEFlwh9HrIZUdSqf8rsm0xg-WHbjnoMbP7Vra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_300x600.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=66baacca7d4948f283e04dc97ef2612850dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=300&h=600&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 14 Oct 2023 12:45:07 GMT
content-type: application/javascript
server: nginx/1.15.12
last-modified: Thu, 22 Apr 2021 07:20:15 GMT
vary: Accept-Encoding
etag: W/"608123af-15d84"
content-encoding: gzip
X-Firefox-Spdy: h2
dskwugy0u6y9l.cloudfront.net/hotelliveeb/images/general/1/cG1bEB3nZo9dBelViWmV.jpg
143.204.42.89200 OK 66 kB URL GET HTTP/2 dskwugy0u6y9l.cloudfront.net/hotelliveeb/images/general/1/cG1bEB3nZo9dBelViWmV.jpg
IP 143.204.42.89:443
Requested by https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF6jOLAWoJbzeTOeBVb06QiapaXkzxQBSIBEvnomftsApUpqUGnYdGy2HxkxXJfZhEoui-G1q_vDkHC02gKnuSEZWPCqD0vIIyRGE88cgX8cIT2jfKNh08u_SVnKfUHX2-Fl4QNZMEYupdtDrXnQJV2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF6jOLAWoJbzeTOeBVb06QiapaXkzxQBSIBEvnomftsApUpqUGnYdGy2HxkxXJfZhEoui-G1q_vDkHC02gKnuSEZWPCqD0vIIyRGE88cgX8cIT2jfKNh08u_SVnKfUHX2-Fl4QNZMEYupdtDrXnQJV2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=129c0d359bec46149fd9f0dec164740650dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerAmazon
Subject*.cloudfront.net
FingerprintBA:0F:CD:B3:EA:19:B2:9D:99:9B:51:2D:16:33:6B:D0:3F:31:A2:AB
ValidityThu, 08 Dec 2022 00:00:00 GMT - Thu, 07 Dec 2023 23:59:59 GMT
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 346x198, components 3\012- data
Hash 7cec3a9fd00d4d6ec1b1aa7adbf4c31d
554920ade5bff12c44b7c631977e7b9938e75b9d
3ec3f0e6b1d9f68d5f17ccf3b318ed1f719aefc6e9faffba763e789fe30ac0ae
GET /hotelliveeb/images/general/1/cG1bEB3nZo9dBelViWmV.jpg HTTP/1.1
Host: dskwugy0u6y9l.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/jpeg
content-length: 65788
last-modified: Mon, 20 Dec 2021 05:01:49 GMT
accept-ranges: bytes
server: AmazonS3
date: Sat, 14 Oct 2023 11:58:18 GMT
etag: "7cec3a9fd00d4d6ec1b1aa7adbf4c31d"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 aa34a836095df9de9d246a53dd63f1d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: mW6r5B_fU1jJJl2k59-lMgyurT5BE3hHSv1ui6TB-GrdGl88AaotMQ==
age: 2810
X-Firefox-Spdy: h2
banner.hookusbookus.com/assets/fonts/greycliff-cf-regular.woff
3.65.16.162200 OK 53 kB URL GET HTTP/2 banner.hookusbookus.com/assets/fonts/greycliff-cf-regular.woff
IP 3.65.16.162:443
Requested by https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF6jOLAWoJbzeTOeBVb06QiapaXkzxQBSIBEvnomftsApUpqUGnYdGy2HxkxXJfZhEoui-G1q_vDkHC02gKnuSEZWPCqD0vIIyRGE88cgX8cIT2jfKNh08u_SVnKfUHX2-Fl4QNZMEYupdtDrXnQJV2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF6jOLAWoJbzeTOeBVb06QiapaXkzxQBSIBEvnomftsApUpqUGnYdGy2HxkxXJfZhEoui-G1q_vDkHC02gKnuSEZWPCqD0vIIyRGE88cgX8cIT2jfKNh08u_SVnKfUHX2-Fl4QNZMEYupdtDrXnQJV2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=129c0d359bec46149fd9f0dec164740650dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerAmazon
Subject*.hookusbookus.com
FingerprintCD:CD:3C:03:66:21:F8:A9:21:BC:F8:C8:3C:DC:88:0A:C5:19:F1:7A
ValiditySun, 07 May 2023 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT
File type Web Open Font Format, TrueType, length 53104, version 1.500\012- data
Hash 4f5975fe17a8ca74963be0165ff6a443
4bca2ab6c3da2b6ae09602601adeac22e7a90381
5b8f98e0c93afef19bd64c3dea2a16d60dc1574e5a4a79b788ef03b9eb3c22df
GET /assets/fonts/greycliff-cf-regular.woff HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/assets/css/index_1000x200.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 14 Oct 2023 12:45:07 GMT
content-type: font/woff
content-length: 53104
server: nginx/1.15.12
last-modified: Thu, 22 Apr 2021 07:20:15 GMT
etag: "608123af-cf70"
accept-ranges: bytes
X-Firefox-Spdy: h2
serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF6jOLAWoJbzeTOeBVb06QiapaXkzxQBSIBEvnomftsApUpqUGnYdGy2HxkxXJfZhEoui-G1q_vDkHC02gKnuSEZWPCqD0vIIyRGE88cgX8cIT2jfKNh08u_SVnKfUHX2-Fl4QNZMEYupdtDrXnQJV2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnPQFkqynusZJvi-LzBjp4mA
212.47.222.20200 OK 0 B URL GET HTTP/2 serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF6jOLAWoJbzeTOeBVb06QiapaXkzxQBSIBEvnomftsApUpqUGnYdGy2HxkxXJfZhEoui-G1q_vDkHC02gKnuSEZWPCqD0vIIyRGE88cgX8cIT2jfKNh08u_SVnKfUHX2-Fl4QNZMEYupdtDrXnQJV2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnPQFkqynusZJvi-LzBjp4mA
IP 212.47.222.20:443
ASN #3327 CITIC Telecom CPC Netherlands B.V.
Requested by https://www.upload.ee/files/15806824/________________________________________________.pdf.exe.html?msg=sess_error
Certificate IssuerLet's Encrypt
Subjectstatic.bepolite.eu
FingerprintB7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD
ValidityMon, 04 Sep 2023 21:06:47 GMT - Sun, 03 Dec 2023 21:06:46 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /event?key=FYFWuDany3hwv6rfuoAYF6jOLAWoJbzeTOeBVb06QiapaXkzxQBSIBEvnomftsApUpqUGnYdGy2HxkxXJfZhEoui-G1q_vDkHC02gKnuSEZWPCqD0vIIyRGE88cgX8cIT2jfKNh08u_SVnKfUHX2-Fl4QNZMEYupdtDrXnQJV2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnPQFkqynusZJvi-LzBjp4mA HTTP/1.1
Host: serving.bepolite.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Cookie: bepolite_id=e4cc63bcba8733b63c72f09636d2c1b5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 0
date: Sat, 14 Oct 2023 12:45:01 GMT
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 772487845
age: 0
accept-ranges: bytes
X-Firefox-Spdy: h2
dskwugy0u6y9l.cloudfront.net/hotelliveeb/images/general/1/JdZmoWeiiQlpfMAuIIeC.jpg
143.204.42.89200 OK 61 kB URL GET HTTP/2 dskwugy0u6y9l.cloudfront.net/hotelliveeb/images/general/1/JdZmoWeiiQlpfMAuIIeC.jpg
IP 143.204.42.89:443
Requested by https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF6jOLAWoJbzeTOeBVb06QiapaXkzxQBSIBEvnomftsApUpqUGnYdGy2HxkxXJfZhEoui-G1q_vDkHC02gKnuSEZWPCqD0vIIyRGE88cgX8cIT2jfKNh08u_SVnKfUHX2-Fl4QNZMEYupdtDrXnQJV2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF6jOLAWoJbzeTOeBVb06QiapaXkzxQBSIBEvnomftsApUpqUGnYdGy2HxkxXJfZhEoui-G1q_vDkHC02gKnuSEZWPCqD0vIIyRGE88cgX8cIT2jfKNh08u_SVnKfUHX2-Fl4QNZMEYupdtDrXnQJV2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=129c0d359bec46149fd9f0dec164740650dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerAmazon
Subject*.cloudfront.net
FingerprintBA:0F:CD:B3:EA:19:B2:9D:99:9B:51:2D:16:33:6B:D0:3F:31:A2:AB
ValidityThu, 08 Dec 2022 00:00:00 GMT - Thu, 07 Dec 2023 23:59:59 GMT
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 346x195, components 3\012- data
Hash dd86bfb4bf775c862d2c4ce6c31b29b5
94119b0ecc2ae1f9fa98a98eb6c416622ef14547
de5103951b90a9ed1ba44af9919079bed54e32ab4c61d849d19c672ef26e0bca
GET /hotelliveeb/images/general/1/JdZmoWeiiQlpfMAuIIeC.jpg HTTP/1.1
Host: dskwugy0u6y9l.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
content-length: 60807
date: Sat, 14 Oct 2023 01:28:50 GMT
last-modified: Mon, 20 Dec 2021 05:01:37 GMT
etag: "dd86bfb4bf775c862d2c4ce6c31b29b5"
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 aa34a836095df9de9d246a53dd63f1d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 4Si4fsd0JKzrG2yfKxqHcQFAHLBGkvQwnjZiLXlEvWOkMv_73CT4Dg==
age: 40584
X-Firefox-Spdy: h2
dskwugy0u6y9l.cloudfront.net/hotelliveeb/images/general/1/Jorw2Rp4VOD7k5ZbHjql.jpg
143.204.42.89200 OK 71 kB URL GET HTTP/2 dskwugy0u6y9l.cloudfront.net/hotelliveeb/images/general/1/Jorw2Rp4VOD7k5ZbHjql.jpg
IP 143.204.42.89:443
Requested by https://banner.hookusbookus.com/index_300x600.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF6jOLAWoJbzeTOeBVb06QiapaXkzxQBSIBEvnomftsApUpqUGnYdGy2HxkxXJfZhEoui-G1q_vDkHC02gKnuSEZWPCqD0vIIyRGE88cgX8cIT2jfKNh08u_SVnKfUHX2-Fl4QNZMEYupdtDrXnQJV2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3GkrPtl30bRttEg6xGYsRnFbaKN4yJEFlwh9HrIZUdSqf8rsm0xg-WHbjnoMbP7Vra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF6jOLAWoJbzeTOeBVb06QiapaXkzxQBSIBEvnomftsApUpqUGnYdGy2HxkxXJfZhEoui-G1q_vDkHC02gKnuSEZWPCqD0vIIyRGE88cgX8cIT2jfKNh08u_SVnKfUHX2-Fl4QNZMEYupdtDrXnQJV2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3GkrPtl30bRttEg6xGYsRnFbaKN4yJEFlwh9HrIZUdSqf8rsm0xg-WHbjnoMbP7Vra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_300x600.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=66baacca7d4948f283e04dc97ef2612850dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=300&h=600&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerAmazon
Subject*.cloudfront.net
FingerprintBA:0F:CD:B3:EA:19:B2:9D:99:9B:51:2D:16:33:6B:D0:3F:31:A2:AB
ValidityThu, 08 Dec 2022 00:00:00 GMT - Thu, 07 Dec 2023 23:59:59 GMT
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x230, components 3\012- data
Hash b0b5dcdd6349f7b94fc70a7a3f4d17a3
5a00369565eb2d0be87ff05b220b12718374105b
44f9bb8492c393640d67a0a140254c3adc42007584db9314e7e8694305e39ddd
GET /hotelliveeb/images/general/1/Jorw2Rp4VOD7k5ZbHjql.jpg HTTP/1.1
Host: dskwugy0u6y9l.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
content-length: 71161
last-modified: Wed, 14 Dec 2022 11:00:05 GMT
accept-ranges: bytes
server: AmazonS3
date: Sat, 14 Oct 2023 12:45:14 GMT
etag: "b0b5dcdd6349f7b94fc70a7a3f4d17a3"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 aa34a836095df9de9d246a53dd63f1d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: ACjXTKxEu46MhHkzdMOyzb3tYcp_aCu5MF-d10TsKGR-ihuJWGQ3aA==
X-Firefox-Spdy: h2
banner.hookusbookus.com/assets/css/index_1000x200.css
3.65.16.162200 OK 4.9 kB URL GET HTTP/2 banner.hookusbookus.com/assets/css/index_1000x200.css
IP 3.65.16.162:443
Requested by https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF6jOLAWoJbzeTOeBVb06QiapaXkzxQBSIBEvnomftsApUpqUGnYdGy2HxkxXJfZhEoui-G1q_vDkHC02gKnuSEZWPCqD0vIIyRGE88cgX8cIT2jfKNh08u_SVnKfUHX2-Fl4QNZMEYupdtDrXnQJV2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF6jOLAWoJbzeTOeBVb06QiapaXkzxQBSIBEvnomftsApUpqUGnYdGy2HxkxXJfZhEoui-G1q_vDkHC02gKnuSEZWPCqD0vIIyRGE88cgX8cIT2jfKNh08u_SVnKfUHX2-Fl4QNZMEYupdtDrXnQJV2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=129c0d359bec46149fd9f0dec164740650dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerAmazon
Subject*.hookusbookus.com
FingerprintCD:CD:3C:03:66:21:F8:A9:21:BC:F8:C8:3C:DC:88:0A:C5:19:F1:7A
ValiditySun, 07 May 2023 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT
File type ASCII text, with very long lines (5152), with no line terminators
Hash bbea28c29e42d59be2f13c38e8eb0845
b93e2ad2b20ab7d449a672afc091dc413695c606
62990b77849d8b95ca831a9f630cfda48af5be340a3f1e5aa4ee5792a37e4e76
GET /assets/css/index_1000x200.css HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF6jOLAWoJbzeTOeBVb06QiapaXkzxQBSIBEvnomftsApUpqUGnYdGy2HxkxXJfZhEoui-G1q_vDkHC02gKnuSEZWPCqD0vIIyRGE88cgX8cIT2jfKNh08u_SVnKfUHX2-Fl4QNZMEYupdtDrXnQJV2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF6jOLAWoJbzeTOeBVb06QiapaXkzxQBSIBEvnomftsApUpqUGnYdGy2HxkxXJfZhEoui-G1q_vDkHC02gKnuSEZWPCqD0vIIyRGE88cgX8cIT2jfKNh08u_SVnKfUHX2-Fl4QNZMEYupdtDrXnQJV2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=129c0d359bec46149fd9f0dec164740650dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 14 Oct 2023 12:45:07 GMT
content-type: text/css
server: nginx/1.15.12
last-modified: Fri, 17 Dec 2021 08:13:58 GMT
vary: Accept-Encoding
etag: W/"61bc46c6-1301"
content-encoding: gzip
X-Firefox-Spdy: h2
banner-server.hookusbookus.com/package-feed?language=et_ee&utmSource=allmedia
35.157.243.110200 OK 24 kB URL GET HTTP/2 banner-server.hookusbookus.com/package-feed?language=et_ee&utmSource=allmedia
IP 35.157.243.110:443
Requested by https://banner.hookusbookus.com/index_300x600.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF6jOLAWoJbzeTOeBVb06QiapaXkzxQBSIBEvnomftsApUpqUGnYdGy2HxkxXJfZhEoui-G1q_vDkHC02gKnuSEZWPCqD0vIIyRGE88cgX8cIT2jfKNh08u_SVnKfUHX2-Fl4QNZMEYupdtDrXnQJV2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3GkrPtl30bRttEg6xGYsRnFbaKN4yJEFlwh9HrIZUdSqf8rsm0xg-WHbjnoMbP7Vra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF6jOLAWoJbzeTOeBVb06QiapaXkzxQBSIBEvnomftsApUpqUGnYdGy2HxkxXJfZhEoui-G1q_vDkHC02gKnuSEZWPCqD0vIIyRGE88cgX8cIT2jfKNh08u_SVnKfUHX2-Fl4QNZMEYupdtDrXnQJV2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3GkrPtl30bRttEg6xGYsRnFbaKN4yJEFlwh9HrIZUdSqf8rsm0xg-WHbjnoMbP7Vra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_300x600.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=66baacca7d4948f283e04dc97ef2612850dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=300&h=600&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerAmazon
Subject*.hookusbookus.com
FingerprintCD:CD:3C:03:66:21:F8:A9:21:BC:F8:C8:3C:DC:88:0A:C5:19:F1:7A
ValiditySun, 07 May 2023 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /package-feed?language=et_ee&utmSource=allmedia HTTP/1.1
Host: banner-server.hookusbookus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://banner.hookusbookus.com
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 14 Oct 2023 12:45:07 GMT
content-type: application/json
access-control-allow-origin: https://banner.hookusbookus.com
access-control-allow-methods: POST, PUT, GET, PATCH, OPTIONS, DELETE
access-control-max-age: 3600
access-control-allow-headers: origin, authorization, accept, content-type, x-requested-with, Pragma, Cache-Control, If-Modified-Since, X-Auth-Token, X-Client-Certificate
access-control-allow-credentials: true
access-control-expose-headers: X-Auth-Token, Content-Disposition, Content-Length
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
x-frame-options: DENY
X-Firefox-Spdy: h2
pogothere.xyz/
188.114.96.1200 OK 26 B IP 188.114.96.1:443
Requested by https://www.upload.ee/files/15806824/________________________________________________.pdf.exe.html?msg=sess_error
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint17:F9:2D:6F:B5:5E:5F:37:A6:FB:BE:61:4F:97:64:33:85:5C:3A:FB
ValidityTue, 28 Feb 2023 00:00:00 GMT - Tue, 27 Feb 2024 23:59:59 GMT
File type ASCII text, with no line terminators
Hash 30f45814129965b80f39448904b989e9
4f3e41ca3a8076feeda910f231250f87339b278a
8f7ff633f9daf466a8a78ba7f4af0c10759d90dc6e7b7a309cf49ad086899b02
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
Origin: https://www.upload.ee
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 14 Oct 2023 12:45:05 GMT
content-type: text/plain
set-cookie: csu=419588671295091@1@1697287505; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://www.upload.ee
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wXVseh1ZDvXwIM2mRSBrIENhsnLkua%2Ftgn6teHHMn5qWT3KKo4E4ojt17e%2BoJmVu5K9srkwvFIIf0vTlk%2BHXDyG8Be%2BhoEhO%2B470o1KezDJjVfB8Qi7nwFE3vUIcBbkO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 815feadfc975568a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
banner.hookusbookus.com/assets/image/svg/hb-logo.svg
3.65.16.162200 OK 15 kB URL GET HTTP/2 banner.hookusbookus.com/assets/image/svg/hb-logo.svg
IP 3.65.16.162:443
Requested by https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF6jOLAWoJbzeTOeBVb06QiapaXkzxQBSIBEvnomftsApUpqUGnYdGy2HxkxXJfZhEoui-G1q_vDkHC02gKnuSEZWPCqD0vIIyRGE88cgX8cIT2jfKNh08u_SVnKfUHX2-Fl4QNZMEYupdtDrXnQJV2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF6jOLAWoJbzeTOeBVb06QiapaXkzxQBSIBEvnomftsApUpqUGnYdGy2HxkxXJfZhEoui-G1q_vDkHC02gKnuSEZWPCqD0vIIyRGE88cgX8cIT2jfKNh08u_SVnKfUHX2-Fl4QNZMEYupdtDrXnQJV2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=129c0d359bec46149fd9f0dec164740650dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerAmazon
Subject*.hookusbookus.com
FingerprintCD:CD:3C:03:66:21:F8:A9:21:BC:F8:C8:3C:DC:88:0A:C5:19:F1:7A
ValiditySun, 07 May 2023 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (15333), with no line terminators
Hash bf6baf947f924bf8d67e947a025def06
9ac9fccb0351b41c1545714153ed5fa2c4bfef3a
64efdaebd020c39ec366f473c831cb51e8cd5d5b1afde13a9695d1f2dae4e60e
GET /assets/image/svg/hb-logo.svg HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/assets/css/index_1000x200.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 14 Oct 2023 12:45:07 GMT
content-type: image/svg+xml
server: nginx/1.15.12
last-modified: Mon, 05 Jul 2021 19:56:59 GMT
vary: Accept-Encoding
etag: W/"60e3640b-3be5"
content-encoding: gzip
X-Firefox-Spdy: h2
blicatedlitytl.info/popunder.gif
188.114.97.1200 OK 35 B URL GET HTTP/3 blicatedlitytl.info/popunder.gif
IP 188.114.97.1:443
Requested by https://www.upload.ee/files/15806824/________________________________________________.pdf.exe.html?msg=sess_error
Certificate IssuerGoogle Trust Services LLC
Subjectblicatedlitytl.info
FingerprintC4:A3:7B:D1:18:B2:B1:F5:7E:A8:42:31:5C:03:85:97:D4:91:7B:EE
ValidityThu, 12 Oct 2023 08:51:17 GMT - Wed, 10 Jan 2024 08:51:16 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
GET /popunder.gif HTTP/1.1
Host: blicatedlitytl.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 14 Oct 2023 12:45:06 GMT
content-type: image/gif
access-control-allow-origin: *
pragma: public
cache-control: public, max-age=604800, immutable
cf-cache-status: HIT
age: 129435
last-modified: Fri, 13 Oct 2023 00:47:51 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PBWI3whgvisYh0qIM3On%2BAoItVgM8HbxutjVjXmlRy1xtD9UusHSPgJk4h9eojBcFfd2UHEROKrS5E%2FQNFiqsObERjuL5f9YYJQ%2FrEBHIWybP0%2BRVhUE1ipQ2SuCWliAjOgbwHTu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 815feae16b73b505-OSL
alt-svc: h3=":443"; ma=86400
accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AVQVeywQlFPa68AZnrYkfgWxhm1bgBn3Beyjn-jn6thRjSJdT3TDT6nQj8Q4CI6VosY83BFSPJ7X_g&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S738281720%3A1697287505901908&theme=glif
142.250.74.109403 Forbidden 0 B URL GET HTTP/3 accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AVQVeywQlFPa68AZnrYkfgWxhm1bgBn3Beyjn-jn6thRjSJdT3TDT6nQj8Q4CI6VosY83BFSPJ7X_g&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S738281720%3A1697287505901908&theme=glif
IP 142.250.74.109:443
Requested by https://www.upload.ee/files/15806824/________________________________________________.pdf.exe.html?msg=sess_error
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint09:1E:68:9F:BD:40:4B:47:8D:AC:BE:FE:EF:35:D6:52:C1:A0:EC:9F
ValidityMon, 18 Sep 2023 08:19:26 GMT - Mon, 11 Dec 2023 08:19:25 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AVQVeywQlFPa68AZnrYkfgWxhm1bgBn3Beyjn-jn6thRjSJdT3TDT6nQj8Q4CI6VosY83BFSPJ7X_g&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S738281720%3A1697287505901908&theme=glif HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 14 Oct 2023 12:45:06 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: script-src 'nonce-kExiFr3G3lXBiVqPI4FDjA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
banner.hookusbookus.com/assets/image/svg/hb-logo.svg
3.65.16.162200 OK 15 kB URL GET HTTP/2 banner.hookusbookus.com/assets/image/svg/hb-logo.svg
IP 3.65.16.162:443
Requested by https://banner.hookusbookus.com/index_300x600.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF6jOLAWoJbzeTOeBVb06QiapaXkzxQBSIBEvnomftsApUpqUGnYdGy2HxkxXJfZhEoui-G1q_vDkHC02gKnuSEZWPCqD0vIIyRGE88cgX8cIT2jfKNh08u_SVnKfUHX2-Fl4QNZMEYupdtDrXnQJV2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3GkrPtl30bRttEg6xGYsRnFbaKN4yJEFlwh9HrIZUdSqf8rsm0xg-WHbjnoMbP7Vra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF6jOLAWoJbzeTOeBVb06QiapaXkzxQBSIBEvnomftsApUpqUGnYdGy2HxkxXJfZhEoui-G1q_vDkHC02gKnuSEZWPCqD0vIIyRGE88cgX8cIT2jfKNh08u_SVnKfUHX2-Fl4QNZMEYupdtDrXnQJV2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3GkrPtl30bRttEg6xGYsRnFbaKN4yJEFlwh9HrIZUdSqf8rsm0xg-WHbjnoMbP7Vra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_300x600.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=66baacca7d4948f283e04dc97ef2612850dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=300&h=600&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerAmazon
Subject*.hookusbookus.com
FingerprintCD:CD:3C:03:66:21:F8:A9:21:BC:F8:C8:3C:DC:88:0A:C5:19:F1:7A
ValiditySun, 07 May 2023 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (15333), with no line terminators
Hash bf6baf947f924bf8d67e947a025def06
9ac9fccb0351b41c1545714153ed5fa2c4bfef3a
64efdaebd020c39ec366f473c831cb51e8cd5d5b1afde13a9695d1f2dae4e60e
GET /assets/image/svg/hb-logo.svg HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/index_300x600.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF6jOLAWoJbzeTOeBVb06QiapaXkzxQBSIBEvnomftsApUpqUGnYdGy2HxkxXJfZhEoui-G1q_vDkHC02gKnuSEZWPCqD0vIIyRGE88cgX8cIT2jfKNh08u_SVnKfUHX2-Fl4QNZMEYupdtDrXnQJV2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3GkrPtl30bRttEg6xGYsRnFbaKN4yJEFlwh9HrIZUdSqf8rsm0xg-WHbjnoMbP7Vra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF6jOLAWoJbzeTOeBVb06QiapaXkzxQBSIBEvnomftsApUpqUGnYdGy2HxkxXJfZhEoui-G1q_vDkHC02gKnuSEZWPCqD0vIIyRGE88cgX8cIT2jfKNh08u_SVnKfUHX2-Fl4QNZMEYupdtDrXnQJV2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3GkrPtl30bRttEg6xGYsRnFbaKN4yJEFlwh9HrIZUdSqf8rsm0xg-WHbjnoMbP7Vra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_300x600.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=66baacca7d4948f283e04dc97ef2612850dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=300&h=600&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 14 Oct 2023 12:45:07 GMT
content-type: image/svg+xml
server: nginx/1.15.12
last-modified: Mon, 05 Jul 2021 19:56:59 GMT
vary: Accept-Encoding
etag: W/"60e3640b-3be5"
content-encoding: gzip
X-Firefox-Spdy: h2
serving.bepolite.eu/script?space=50dd7b0f-4105-441f-8f60-18cc3fcb090c&type=direct&page_id=7373791&screen_width=1280&screen_height=1024&os=Linux%20x86_64&refurl=https%3A%2F%2Fwww.upload.ee%2Fdownload%2F15806824%2F814ad66912d81db089bf%2F________________________________________________.pdf.exe&pageurl=https%3A%2F%2Fwww.upload.ee%2Ffiles%2F15806824%2F________________________________________________.pdf.exe.html%3Fmsg%3Dsess_error&rnd=1697287505837
0.0.0.0 0 B URL GET serving.bepolite.eu/script?space=50dd7b0f-4105-441f-8f60-18cc3fcb090c&type=direct&page_id=7373791&screen_width=1280&screen_height=1024&os=Linux%20x86_64&refurl=https%3A%2F%2Fwww.upload.ee%2Fdownload%2F15806824%2F814ad66912d81db089bf%2F________________________________________________.pdf.exe&pageurl=https%3A%2F%2Fwww.upload.ee%2Ffiles%2F15806824%2F________________________________________________.pdf.exe.html%3Fmsg%3Dsess_error&rnd=1697287505837
IP 0.0.0.0:0
Requested by https://www.upload.ee/files/15806824/________________________________________________.pdf.exe.html?msg=sess_error
Certificate IssuerLet's Encrypt
Subjectstatic.bepolite.eu
FingerprintB7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD
ValidityMon, 04 Sep 2023 21:06:47 GMT - Sun, 03 Dec 2023 21:06:46 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /script?space=50dd7b0f-4105-441f-8f60-18cc3fcb090c&type=direct&page_id=7373791&screen_width=1280&screen_height=1024&os=Linux%20x86_64&refurl=https%3A%2F%2Fwww.upload.ee%2Fdownload%2F15806824%2F814ad66912d81db089bf%2F________________________________________________.pdf.exe&pageurl=https%3A%2F%2Fwww.upload.ee%2Ffiles%2F15806824%2F________________________________________________.pdf.exe.html%3Fmsg%3Dsess_error&rnd=1697287505837 HTTP/1.1
Host: serving.bepolite.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
cache-control: private, must-revalidate, max-age=0
vary: accept-encoding
content-encoding: gzip
content-type: text/plain;charset=ISO-8859-1
date: Sat, 14 Oct 2023 12:45:00 GMT
set-cookie: bepolite_id=e4cc63bcba8733b63c72f09636d2c1b5; Max-Age=7776000; Expires=Fri, 12-Jan-2024 12:45:00 GMT; SameSite=None; Secure
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 774149328
age: 0
accept-ranges: bytes
content-length: 1445
X-Firefox-Spdy: h2
dskwugy0u6y9l.cloudfront.net/hotelliveeb/images/general/1/7sIRHZVsYjhTLoQfwnHk.jpg
143.204.42.211421 Misdirected Request 71 kB URL GET HTTP/2 dskwugy0u6y9l.cloudfront.net/hotelliveeb/images/general/1/7sIRHZVsYjhTLoQfwnHk.jpg
IP 143.204.42.211:443
Requested by https://banner.hookusbookus.com/index_300x600.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF6jOLAWoJbzeTOeBVb06QiapaXkzxQBSIBEvnomftsApUpqUGnYdGy2HxkxXJfZhEoui-G1q_vDkHC02gKnuSEZWPCqD0vIIyRGE88cgX8cIT2jfKNh08u_SVnKfUHX2-Fl4QNZMEYupdtDrXnQJV2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3GkrPtl30bRttEg6xGYsRnFbaKN4yJEFlwh9HrIZUdSqf8rsm0xg-WHbjnoMbP7Vra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF6jOLAWoJbzeTOeBVb06QiapaXkzxQBSIBEvnomftsApUpqUGnYdGy2HxkxXJfZhEoui-G1q_vDkHC02gKnuSEZWPCqD0vIIyRGE88cgX8cIT2jfKNh08u_SVnKfUHX2-Fl4QNZMEYupdtDrXnQJV2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3GkrPtl30bRttEg6xGYsRnFbaKN4yJEFlwh9HrIZUdSqf8rsm0xg-WHbjnoMbP7Vra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_300x600.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=66baacca7d4948f283e04dc97ef2612850dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=300&h=600&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerAmazon
Subject*.cloudfront.net
FingerprintBA:0F:CD:B3:EA:19:B2:9D:99:9B:51:2D:16:33:6B:D0:3F:31:A2:AB
ValidityThu, 08 Dec 2022 00:00:00 GMT - Thu, 07 Dec 2023 23:59:59 GMT
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x230, components 3\012- data
Hash b9c2ea2f74718e60952202d98e335b5a
f31b685ba8b5076a30685213e88752d9121a3038
ce1b765529b6c323d2617cf71aebcb0a66427d174bf120ee2e51347899e0b99f
GET /hotelliveeb/images/general/1/7sIRHZVsYjhTLoQfwnHk.jpg HTTP/1.1
Host: dskwugy0u6y9l.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 421 Misdirected Request
server: CloudFront
date: Sat, 14 Oct 2023 12:45:07 GMT
content-type: text/html
content-length: 1003
x-cache: Error from cloudfront
via: 1.1 814e8c24454087e83cd261a6cf477166.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: NJ__gW4Z4kIcQZ4ByFCe4578_sw6Muaz0xKDBsTqWjpmAFSMZjKN4A==
X-Firefox-Spdy: h2
pogothere.xyz/
188.114.96.1200 OK 27 B IP 188.114.96.1:443
Requested by https://www.upload.ee/files/15806824/________________________________________________.pdf.exe.html?msg=sess_error
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint17:F9:2D:6F:B5:5E:5F:37:A6:FB:BE:61:4F:97:64:33:85:5C:3A:FB
ValidityTue, 28 Feb 2023 00:00:00 GMT - Tue, 27 Feb 2024 23:59:59 GMT
File type ASCII text, with no line terminators
Hash ed126803e32e37e1d9780bb99bfba541
98c6371dfe6e5dff8716cae391d055832fe6408e
3cc8d394abaf0c634b6f61af11ebabba43e6d0e01af14eaf260572ee95a7b2ee
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
Origin: https://www.upload.ee
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 14 Oct 2023 12:45:05 GMT
content-type: text/plain
set-cookie: csu=1669672483329174@1@1697287505; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://www.upload.ee
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MguSruU3T%2B3hBzHSQ389i2OEBgyZ%2FdmWZuWmSxqdodZXfFWhlYYeBj3bqPrvSj0Lm772yKlwxcxqOQXWcrYWsSzSmggTlI7gii%2FdW7hGvVXLJ4EFq5IVoC%2F5cVNHyegj"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 815feadfb96c568a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF6jOLAWoJbzeTOeBVb06QiapaXkzxQBSIBEvnomftsApUpqUGnYdGy2HxkxXJfZhEoui-G1q_vDkHC02gKnuSEZWPCqD0vIIyRGE88cgX8cIT2jfKNh08u_SVnKfUHX2-Fl4QNZMEYupdtDrXnQJV2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF6jOLAWoJbzeTOeBVb06QiapaXkzxQBSIBEvnomftsApUpqUGnYdGy2HxkxXJfZhEoui-G1q_vDkHC02gKnuSEZWPCqD0vIIyRGE88cgX8cIT2jfKNh08u_SVnKfUHX2-Fl4QNZMEYupdtDrXnQJV2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=129c0d359bec46149fd9f0dec164740650dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
3.65.16.162200 OK 6.0 kB URL GET HTTP/2 banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF6jOLAWoJbzeTOeBVb06QiapaXkzxQBSIBEvnomftsApUpqUGnYdGy2HxkxXJfZhEoui-G1q_vDkHC02gKnuSEZWPCqD0vIIyRGE88cgX8cIT2jfKNh08u_SVnKfUHX2-Fl4QNZMEYupdtDrXnQJV2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF6jOLAWoJbzeTOeBVb06QiapaXkzxQBSIBEvnomftsApUpqUGnYdGy2HxkxXJfZhEoui-G1q_vDkHC02gKnuSEZWPCqD0vIIyRGE88cgX8cIT2jfKNh08u_SVnKfUHX2-Fl4QNZMEYupdtDrXnQJV2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=129c0d359bec46149fd9f0dec164740650dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
IP 3.65.16.162:443
Requested by https://www.upload.ee/files/15806824/________________________________________________.pdf.exe.html?msg=sess_error
Certificate IssuerAmazon
Subject*.hookusbookus.com
FingerprintCD:CD:3C:03:66:21:F8:A9:21:BC:F8:C8:3C:DC:88:0A:C5:19:F1:7A
ValiditySun, 07 May 2023 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (6210), with no line terminators
Hash b2c258a8d77db021c8f33f8e84dba71b
c453e30dac638f4e1b897309fe32db795d540f80
2d1065201a188a85c1a7d0a3ee130f5a8dc4e60db8fe221fb2081e77222e5a9f
GET /index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF6jOLAWoJbzeTOeBVb06QiapaXkzxQBSIBEvnomftsApUpqUGnYdGy2HxkxXJfZhEoui-G1q_vDkHC02gKnuSEZWPCqD0vIIyRGE88cgX8cIT2jfKNh08u_SVnKfUHX2-Fl4QNZMEYupdtDrXnQJV2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF6jOLAWoJbzeTOeBVb06QiapaXkzxQBSIBEvnomftsApUpqUGnYdGy2HxkxXJfZhEoui-G1q_vDkHC02gKnuSEZWPCqD0vIIyRGE88cgX8cIT2jfKNh08u_SVnKfUHX2-Fl4QNZMEYupdtDrXnQJV2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=129c0d359bec46149fd9f0dec164740650dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 14 Oct 2023 12:45:07 GMT
content-type: text/html
server: nginx/1.15.12
last-modified: Tue, 24 Jan 2023 14:19:47 GMT
vary: Accept-Encoding
etag: W/"63cfe903-1781"
content-encoding: gzip
X-Firefox-Spdy: h2
banner.hookusbookus.com/assets/css/index_300x600.css
3.65.16.162200 OK 7.2 kB URL GET HTTP/2 banner.hookusbookus.com/assets/css/index_300x600.css
IP 3.65.16.162:443
Requested by https://banner.hookusbookus.com/index_300x600.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF6jOLAWoJbzeTOeBVb06QiapaXkzxQBSIBEvnomftsApUpqUGnYdGy2HxkxXJfZhEoui-G1q_vDkHC02gKnuSEZWPCqD0vIIyRGE88cgX8cIT2jfKNh08u_SVnKfUHX2-Fl4QNZMEYupdtDrXnQJV2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3GkrPtl30bRttEg6xGYsRnFbaKN4yJEFlwh9HrIZUdSqf8rsm0xg-WHbjnoMbP7Vra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF6jOLAWoJbzeTOeBVb06QiapaXkzxQBSIBEvnomftsApUpqUGnYdGy2HxkxXJfZhEoui-G1q_vDkHC02gKnuSEZWPCqD0vIIyRGE88cgX8cIT2jfKNh08u_SVnKfUHX2-Fl4QNZMEYupdtDrXnQJV2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3GkrPtl30bRttEg6xGYsRnFbaKN4yJEFlwh9HrIZUdSqf8rsm0xg-WHbjnoMbP7Vra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_300x600.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=66baacca7d4948f283e04dc97ef2612850dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=300&h=600&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerAmazon
Subject*.hookusbookus.com
FingerprintCD:CD:3C:03:66:21:F8:A9:21:BC:F8:C8:3C:DC:88:0A:C5:19:F1:7A
ValiditySun, 07 May 2023 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT
File type ASCII text, with very long lines (7402), with no line terminators
Hash ef4576b025213d57cd958c234d61a8a1
5dd8d741efe63291e503bb6bf23e603c810b9030
69478abb1501f6c8fb03f774621b5f0275d59f55b3fc4f24d95bade9e277efdb
GET /assets/css/index_300x600.css HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/index_300x600.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF6jOLAWoJbzeTOeBVb06QiapaXkzxQBSIBEvnomftsApUpqUGnYdGy2HxkxXJfZhEoui-G1q_vDkHC02gKnuSEZWPCqD0vIIyRGE88cgX8cIT2jfKNh08u_SVnKfUHX2-Fl4QNZMEYupdtDrXnQJV2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3GkrPtl30bRttEg6xGYsRnFbaKN4yJEFlwh9HrIZUdSqf8rsm0xg-WHbjnoMbP7Vra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF6jOLAWoJbzeTOeBVb06QiapaXkzxQBSIBEvnomftsApUpqUGnYdGy2HxkxXJfZhEoui-G1q_vDkHC02gKnuSEZWPCqD0vIIyRGE88cgX8cIT2jfKNh08u_SVnKfUHX2-Fl4QNZMEYupdtDrXnQJV2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3GkrPtl30bRttEg6xGYsRnFbaKN4yJEFlwh9HrIZUdSqf8rsm0xg-WHbjnoMbP7Vra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_300x600.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=66baacca7d4948f283e04dc97ef2612850dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=300&h=600&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 14 Oct 2023 12:45:07 GMT
content-type: text/css
server: nginx/1.15.12
last-modified: Mon, 05 Jul 2021 19:56:59 GMT
vary: Accept-Encoding
etag: W/"60e3640b-1c4f"
content-encoding: gzip
X-Firefox-Spdy: h2
banner-server.hookusbookus.com/package-feed?language=et_ee&utmSource=allmedia
35.157.243.110200 OK 24 kB URL GET HTTP/2 banner-server.hookusbookus.com/package-feed?language=et_ee&utmSource=allmedia
IP 35.157.243.110:443
Requested by https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF6jOLAWoJbzeTOeBVb06QiapaXkzxQBSIBEvnomftsApUpqUGnYdGy2HxkxXJfZhEoui-G1q_vDkHC02gKnuSEZWPCqD0vIIyRGE88cgX8cIT2jfKNh08u_SVnKfUHX2-Fl4QNZMEYupdtDrXnQJV2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF6jOLAWoJbzeTOeBVb06QiapaXkzxQBSIBEvnomftsApUpqUGnYdGy2HxkxXJfZhEoui-G1q_vDkHC02gKnuSEZWPCqD0vIIyRGE88cgX8cIT2jfKNh08u_SVnKfUHX2-Fl4QNZMEYupdtDrXnQJV2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=129c0d359bec46149fd9f0dec164740650dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerAmazon
Subject*.hookusbookus.com
FingerprintCD:CD:3C:03:66:21:F8:A9:21:BC:F8:C8:3C:DC:88:0A:C5:19:F1:7A
ValiditySun, 07 May 2023 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /package-feed?language=et_ee&utmSource=allmedia HTTP/1.1
Host: banner-server.hookusbookus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://banner.hookusbookus.com
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 14 Oct 2023 12:45:07 GMT
content-type: application/json
access-control-allow-origin: https://banner.hookusbookus.com
access-control-allow-methods: POST, PUT, GET, PATCH, OPTIONS, DELETE
access-control-max-age: 3600
access-control-allow-headers: origin, authorization, accept, content-type, x-requested-with, Pragma, Cache-Control, If-Modified-Since, X-Auth-Token, X-Client-Certificate
access-control-allow-credentials: true
access-control-expose-headers: X-Auth-Token, Content-Disposition, Content-Length
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
x-frame-options: DENY
X-Firefox-Spdy: h2
banner.hookusbookus.com/index_300x600.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF6jOLAWoJbzeTOeBVb06QiapaXkzxQBSIBEvnomftsApUpqUGnYdGy2HxkxXJfZhEoui-G1q_vDkHC02gKnuSEZWPCqD0vIIyRGE88cgX8cIT2jfKNh08u_SVnKfUHX2-Fl4QNZMEYupdtDrXnQJV2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3GkrPtl30bRttEg6xGYsRnFbaKN4yJEFlwh9HrIZUdSqf8rsm0xg-WHbjnoMbP7Vra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF6jOLAWoJbzeTOeBVb06QiapaXkzxQBSIBEvnomftsApUpqUGnYdGy2HxkxXJfZhEoui-G1q_vDkHC02gKnuSEZWPCqD0vIIyRGE88cgX8cIT2jfKNh08u_SVnKfUHX2-Fl4QNZMEYupdtDrXnQJV2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3GkrPtl30bRttEg6xGYsRnFbaKN4yJEFlwh9HrIZUdSqf8rsm0xg-WHbjnoMbP7Vra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_300x600.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=66baacca7d4948f283e04dc97ef2612850dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=300&h=600&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
3.65.16.162200 OK 6.0 kB URL GET HTTP/2 banner.hookusbookus.com/index_300x600.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF6jOLAWoJbzeTOeBVb06QiapaXkzxQBSIBEvnomftsApUpqUGnYdGy2HxkxXJfZhEoui-G1q_vDkHC02gKnuSEZWPCqD0vIIyRGE88cgX8cIT2jfKNh08u_SVnKfUHX2-Fl4QNZMEYupdtDrXnQJV2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3GkrPtl30bRttEg6xGYsRnFbaKN4yJEFlwh9HrIZUdSqf8rsm0xg-WHbjnoMbP7Vra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF6jOLAWoJbzeTOeBVb06QiapaXkzxQBSIBEvnomftsApUpqUGnYdGy2HxkxXJfZhEoui-G1q_vDkHC02gKnuSEZWPCqD0vIIyRGE88cgX8cIT2jfKNh08u_SVnKfUHX2-Fl4QNZMEYupdtDrXnQJV2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3GkrPtl30bRttEg6xGYsRnFbaKN4yJEFlwh9HrIZUdSqf8rsm0xg-WHbjnoMbP7Vra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_300x600.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=66baacca7d4948f283e04dc97ef2612850dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=300&h=600&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
IP 3.65.16.162:443
Requested by https://www.upload.ee/files/15806824/________________________________________________.pdf.exe.html?msg=sess_error
Certificate IssuerAmazon
Subject*.hookusbookus.com
FingerprintCD:CD:3C:03:66:21:F8:A9:21:BC:F8:C8:3C:DC:88:0A:C5:19:F1:7A
ValiditySun, 07 May 2023 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (6183), with no line terminators
Hash e6203b2e0919f42103d8a3367bbc9b32
08d251797a13b125ec05294116373d90493045dd
e893c3c55f767327f9d5723610d23852fc9f34827dda3bd918575f75f5ef6e0b
GET /index_300x600.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF6jOLAWoJbzeTOeBVb06QiapaXkzxQBSIBEvnomftsApUpqUGnYdGy2HxkxXJfZhEoui-G1q_vDkHC02gKnuSEZWPCqD0vIIyRGE88cgX8cIT2jfKNh08u_SVnKfUHX2-Fl4QNZMEYupdtDrXnQJV2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3GkrPtl30bRttEg6xGYsRnFbaKN4yJEFlwh9HrIZUdSqf8rsm0xg-WHbjnoMbP7Vra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF6jOLAWoJbzeTOeBVb06QiapaXkzxQBSIBEvnomftsApUpqUGnYdGy2HxkxXJfZhEoui-G1q_vDkHC02gKnuSEZWPCqD0vIIyRGE88cgX8cIT2jfKNh08u_SVnKfUHX2-Fl4QNZMEYupdtDrXnQJV2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3GkrPtl30bRttEg6xGYsRnFbaKN4yJEFlwh9HrIZUdSqf8rsm0xg-WHbjnoMbP7Vra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_300x600.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=66baacca7d4948f283e04dc97ef2612850dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=300&h=600&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 14 Oct 2023 12:45:07 GMT
content-type: text/html
server: nginx/1.15.12
last-modified: Tue, 24 Jan 2023 14:19:47 GMT
vary: Accept-Encoding
etag: W/"63cfe903-1761"
content-encoding: gzip
X-Firefox-Spdy: h2