www.upload.ee/download/15987396/8033fb17f44c1dea9a37/557rwan.exe
51.91.30.159 403 B URL www.upload.ee/download/15987396/8033fb17f44c1dea9a37/557rwan.exe
IP 51.91.30.159:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (403), with no line terminators
Hash 0b9d0be3cd1fa9fbff6e2c0ad3e6ea91
14eecae7cc863df7d808ea41bc847b2ea548d160
6e8b05fbf3433947ff4702016f11cb5024b2fd66c141ceb7bc49c02fd581f40b
GET /download/15987396/8033fb17f44c1dea9a37/557rwan.exe HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Server: nginx
Date: Mon, 27 Nov 2023 02:39:54 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 403
Connection: keep-alive
Keep-Alive: timeout=5
Strict-Transport-Security: max-age=31536000
X-XSS-Protection: 1
P3P: CP="CAO PSA OUR"
www.upload.ee/download/15987396/8033fb17f44c1dea9a37/557rwan.exe
51.91.30.159 403 B URL www.upload.ee/download/15987396/8033fb17f44c1dea9a37/557rwan.exe
IP 51.91.30.159:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (403), with no line terminators
Hash 0b9d0be3cd1fa9fbff6e2c0ad3e6ea91
14eecae7cc863df7d808ea41bc847b2ea548d160
6e8b05fbf3433947ff4702016f11cb5024b2fd66c141ceb7bc49c02fd581f40b
GET /download/15987396/8033fb17f44c1dea9a37/557rwan.exe HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Server: nginx
Date: Mon, 27 Nov 2023 02:39:54 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 403
Connection: keep-alive
Keep-Alive: timeout=5
Strict-Transport-Security: max-age=31536000
X-XSS-Protection: 1
P3P: CP="CAO PSA OUR"
www.upload.ee/files/15987396/557rwan.exe.html?msg=sess_error
51.91.30.159200 OK 9.0 kB URL User Request GET HTTP/1.1 www.upload.ee/files/15987396/557rwan.exe.html?msg=sess_error
IP 51.91.30.159:443
Certificate IssuerDigiCert, Inc.
Subjectwww.upload.ee
Fingerprint50:32:93:34:C8:04:2F:84:49:77:0D:C4:DD:CA:79:C9:CB:3E:C0:F4
ValidityThu, 02 Mar 2023 00:00:00 GMT - Mon, 01 Apr 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4526)
Hash 6aa4a087cca78233bb01cd1e1c749c22
e53a535ec5bbb126f5d12f95f60207a3c75f1dfd
8a7a9c146b00f3210f223c9a72d0cd70da15fa4d8e71ffb1c361fab36c4feb10
GET /files/15987396/557rwan.exe.html?msg=sess_error HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/download/15987396/8033fb17f44c1dea9a37/557rwan.exe
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 27 Nov 2023 02:39:54 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 8986
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 27 Nov 2023 04:39:54 +0200
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Strict-Transport-Security: max-age=31536000
X-XSS-Protection: 1
P3P: CP="CAO PSA OUR"
Set-Cookie: lng=eng; expires=Mon, 25-Dec-2023 02:39:54 GMT; path=/; domain=www.upload.ee; secure; httponly; SameSite=None
Content-Encoding: gzip
www.upload.ee/static/ubr__style.css
51.91.30.159200 OK 2.8 kB URL GET HTTP/1.1 www.upload.ee/static/ubr__style.css
IP 51.91.30.159:443
Requested by https://www.upload.ee/files/15987396/557rwan.exe.html?msg=sess_error
Certificate IssuerDigiCert, Inc.
Subjectwww.upload.ee
Fingerprint50:32:93:34:C8:04:2F:84:49:77:0D:C4:DD:CA:79:C9:CB:3E:C0:F4
ValidityThu, 02 Mar 2023 00:00:00 GMT - Mon, 01 Apr 2024 23:59:59 GMT
File type ASCII text, with very long lines (591), with CRLF line terminators
Hash 7b9692d4caecccf38e40d2333f8e00b0
8ecb4f873571250f02a5cc2ceff0a24aed25fc33
c4042306388924b75aa7d584c1e61165264967a52d09544ecba836f0d00eb9b9
GET /static/ubr__style.css HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/files/15987396/557rwan.exe.html?msg=sess_error
Cookie: lng=eng
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 27 Nov 2023 02:39:54 GMT
Content-Type: text/css
Last-Modified: Tue, 17 Oct 2023 12:17:20 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
ETag: W/"652e7b50-24da"
Expires: Mon, 04 Dec 2023 02:39:54 GMT
Cache-Control: max-age=604800
Vary: Accept-Encoding
Content-Encoding: gzip
www.upload.ee/js/js__file_upload.js
51.91.30.159200 OK 7.7 kB URL GET HTTP/1.1 www.upload.ee/js/js__file_upload.js
IP 51.91.30.159:443
Requested by https://www.upload.ee/files/15987396/557rwan.exe.html?msg=sess_error
Certificate IssuerDigiCert, Inc.
Subjectwww.upload.ee
Fingerprint50:32:93:34:C8:04:2F:84:49:77:0D:C4:DD:CA:79:C9:CB:3E:C0:F4
ValidityThu, 02 Mar 2023 00:00:00 GMT - Mon, 01 Apr 2024 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (1853)
Hash 66684709338f7239056ff3302e16bc4a
7dbd501434bdc062cdc8f6744e272a7d39ca5136
5163e50a8fe4549a8ca064e266de9c8e6aebd1d848185e0931959824a4d32c0f
GET /js/js__file_upload.js HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/files/15987396/557rwan.exe.html?msg=sess_error
Cookie: lng=eng
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 27 Nov 2023 02:39:54 GMT
Content-Type: application/javascript
Last-Modified: Tue, 17 Oct 2023 12:32:21 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
ETag: W/"652e7ed5-651c"
Expires: Mon, 04 Dec 2023 02:39:54 GMT
Cache-Control: max-age=604800
Vary: Accept-Encoding
Content-Encoding: gzip
www.upload.ee/images/arrow.gif
51.91.30.159200 OK 59 B URL GET HTTP/1.1 www.upload.ee/images/arrow.gif
IP 51.91.30.159:443
Requested by https://www.upload.ee/files/15987396/557rwan.exe.html?msg=sess_error
Certificate IssuerDigiCert, Inc.
Subjectwww.upload.ee
Fingerprint50:32:93:34:C8:04:2F:84:49:77:0D:C4:DD:CA:79:C9:CB:3E:C0:F4
ValidityThu, 02 Mar 2023 00:00:00 GMT - Mon, 01 Apr 2024 23:59:59 GMT
File type GIF image data, version 89a, 6 x 9\012- data
Hash 6675f814b94f13f91f1383707b250e36
31452650e8fce2095613a2010799bdb7548bdd51
061d01a0b85f948c6ec464870ecec4654c4bd2ff15cacda941bbbf16225ec411
GET /images/arrow.gif HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/files/15987396/557rwan.exe.html?msg=sess_error
Cookie: lng=eng
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 27 Nov 2023 02:39:54 GMT
Content-Type: image/gif
Content-Length: 59
Last-Modified: Sun, 14 Apr 2013 07:15:01 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "516a5775-3b"
Expires: Mon, 04 Dec 2023 02:39:54 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes
www.upload.ee/images/dl_.png
51.91.30.159200 OK 1.9 kB URL GET HTTP/1.1 www.upload.ee/images/dl_.png
IP 51.91.30.159:443
Requested by https://www.upload.ee/files/15987396/557rwan.exe.html?msg=sess_error
Certificate IssuerDigiCert, Inc.
Subjectwww.upload.ee
Fingerprint50:32:93:34:C8:04:2F:84:49:77:0D:C4:DD:CA:79:C9:CB:3E:C0:F4
ValidityThu, 02 Mar 2023 00:00:00 GMT - Mon, 01 Apr 2024 23:59:59 GMT
File type PNG image data, 154 x 32, 8-bit colormap, non-interlaced\012- data
Hash f3e8f284a4e98cdb91b6abfc142d94a4
fa9e618c2f56bea752ddd7e45a372c5539dadda9
2f13919383f54ca21e5b87f5644df8a875b99815c821dcbbabea352d854c6882
GET /images/dl_.png HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/files/15987396/557rwan.exe.html?msg=sess_error
Cookie: lng=eng
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 27 Nov 2023 02:39:54 GMT
Content-Type: image/png
Content-Length: 1900
Last-Modified: Thu, 01 Dec 2016 09:37:27 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "583fef57-76c"
Expires: Mon, 04 Dec 2023 02:39:54 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes
du0pud0sdlmzf.cloudfront.net/?dupud=997369
143.204.42.211200 OK 118 kB URL GET HTTP/2 du0pud0sdlmzf.cloudfront.net/?dupud=997369
IP 143.204.42.211:443
Requested by https://www.upload.ee/files/15987396/557rwan.exe.html?msg=sess_error
Certificate IssuerAmazon
Subject*.cloudfront.net
FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52
ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (15945)
Size 118 kB (117754 bytes)
Hash a2468a25b36761b4aa10f20e9e73c9f2
b52f98e6be47f664b3e376f6b943b9050fb76b31
a3dc950e65e15217281269516e9c1b8d4638023283d268b40fa6ef72c8e790d2
GET /?dupud=997369 HTTP/1.1
Host: du0pud0sdlmzf.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-length: 117754
date: Mon, 27 Nov 2023 02:21:56 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Hit from cloudfront
via: 1.1 1d8cf7c8865ed1078c19a98771ad34ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: wgguEKZTq9-JnVppSLmswZDnEaMpgOKBIVDykf-PxxLkdhLVQHuw7g==
age: 1078
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=UA-6703115-1
142.250.74.168200 OK 51 kB URL GET HTTP/2 www.googletagmanager.com/gtag/js?id=UA-6703115-1
IP 142.250.74.168:443
Requested by https://www.upload.ee/files/15987396/557rwan.exe.html?msg=sess_error
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT
File type ASCII text, with very long lines (2213)
Hash 54010ed4aa50df9524db22d92f13c48b
23e3dc58920f00d2ec6ba6831ade26ff75a99c91
8c6dab57193a6ecda4a5c859f4276c29f781f6ff5d55e5d2a5be5a80858d60de
GET /gtag/js?id=UA-6703115-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 27 Nov 2023 02:39:54 GMT
expires: Mon, 27 Nov 2023 02:39:54 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 51436
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=G-LT9YQX0N49&l=dataLayer&cx=c
142.250.74.168200 OK 86 kB URL GET HTTP/2 www.googletagmanager.com/gtag/js?id=G-LT9YQX0N49&l=dataLayer&cx=c
IP 142.250.74.168:443
Requested by https://www.upload.ee/files/15987396/557rwan.exe.html?msg=sess_error
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT
File type ASCII text, with very long lines (3034)
Hash 673f330ae2f50aabcae04510c88ad6b8
b958be80db62c4d997d4408f90780ef3f0f951c2
a3e08a581a4435fc1f857a4baa68fb1952927b95935eb91b8d8854d48a99c059
GET /gtag/js?id=G-LT9YQX0N49&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 27 Nov 2023 02:39:54 GMT
expires: Mon, 27 Nov 2023 02:39:54 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 85962
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
nopoloferewer.com/YzQxZlBMC1IVbQcEWTUFNnpwABclX1UNClVtdg5nNwcEDAk7YRcSOQcJCF9nUAIIQCAKUAxXdhBAUBIlEAkAQDkNUl5bdhUJAEhjVxoCUn5TEkRbYUVAQQc3XgUXFiQXWAxXZ1MFAVNiVA0JVWNU
172.67.151.35204 No Content 0 B URL GET HTTP/2 nopoloferewer.com/YzQxZlBMC1IVbQcEWTUFNnpwABclX1UNClVtdg5nNwcEDAk7YRcSOQcJCF9nUAIIQCAKUAxXdhBAUBIlEAkAQDkNUl5bdhUJAEhjVxoCUn5TEkRbYUVAQQc3XgUXFiQXWAxXZ1MFAVNiVA0JVWNU
IP 172.67.151.35:443
Requested by https://www.upload.ee/files/15987396/557rwan.exe.html?msg=sess_error
Certificate IssuerLet's Encrypt
Subjectnopoloferewer.com
Fingerprint1C:1B:31:D2:BE:DB:1E:11:2D:94:5D:E0:D3:C4:E7:24:97:8D:D8:19
ValidityFri, 17 Nov 2023 18:18:56 GMT - Thu, 15 Feb 2024 18:18:55 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /YzQxZlBMC1IVbQcEWTUFNnpwABclX1UNClVtdg5nNwcEDAk7YRcSOQcJCF9nUAIIQCAKUAxXdhBAUBIlEAkAQDkNUl5bdhUJAEhjVxoCUn5TEkRbYUVAQQc3XgUXFiQXWAxXZ1MFAVNiVA0JVWNU HTTP/1.1
Host: nopoloferewer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
date: Mon, 27 Nov 2023 02:39:54 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BpPqPP88gEeVbWpcrNA4Bst97vuMV0jhjHfWzPwBDdgufEUf13EM%2FdX06igMun6P1ugOS2m6P4r5t2MCdKG6BBxP%2BTZsbIf%2F10dGTOA0OATFJ4y7alUuPzMaK66seeluzVEuvQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82c700dfbdd95693-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
nopoloferewer.com/ekJsVTBVfQ8mDStyIiR/MgAWNmYJDD0Ndk0VLSF4Hiw6AXEvG0ohWR5/VWwHTnNYc0ATJlFkFgk2DSFFCX9dc1kUJANoFgx/XXsDTmxfYR5KZBloAVw2HDRXR3NKJUQOLlFkB0pzXGACTXtUZgdK
172.67.151.35204 No Content 0 B URL GET HTTP/2 nopoloferewer.com/ekJsVTBVfQ8mDStyIiR/MgAWNmYJDD0Ndk0VLSF4Hiw6AXEvG0ohWR5/VWwHTnNYc0ATJlFkFgk2DSFFCX9dc1kUJANoFgx/XXsDTmxfYR5KZBloAVw2HDRXR3NKJUQOLlFkB0pzXGACTXtUZgdK
IP 172.67.151.35:443
Requested by https://www.upload.ee/files/15987396/557rwan.exe.html?msg=sess_error
Certificate IssuerLet's Encrypt
Subjectnopoloferewer.com
Fingerprint1C:1B:31:D2:BE:DB:1E:11:2D:94:5D:E0:D3:C4:E7:24:97:8D:D8:19
ValidityFri, 17 Nov 2023 18:18:56 GMT - Thu, 15 Feb 2024 18:18:55 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ekJsVTBVfQ8mDStyIiR/MgAWNmYJDD0Ndk0VLSF4Hiw6AXEvG0ohWR5/VWwHTnNYc0ATJlFkFgk2DSFFCX9dc1kUJANoFgx/XXsDTmxfYR5KZBloAVw2HDRXR3NKJUQOLlFkB0pzXGACTXtUZgdK HTTP/1.1
Host: nopoloferewer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
date: Mon, 27 Nov 2023 02:39:54 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H9xSUy8F%2BEfrHy1NgUVpr6FDMymqVbOB5fZuIogSqfvnuejP4m9Nwja3dGq%2BoJAQWGTClS%2FNV2VrUa1x9sAo4i4QX3IK3fsIsT%2FLyXSO%2BUzezjeGwdRtQuBv7sl3w1LzegxoAA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82c700dfcddd5693-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
nopoloferewer.com/ZUY2OEpKeVVLdysoYG0rViV5ah1UEmR5DC0kcA0IJBNOVB9VFxBMIwF7DwF9UXYOHjoMIgsJckM1Qlk+EDULCWwMKFBXd0MwCwlkVWgEFn5DMwsJbBE2V193VGBGTD4JewcPelR2Awp9XH4FDX8
172.67.151.35204 No Content 0 B URL GET HTTP/2 nopoloferewer.com/ZUY2OEpKeVVLdysoYG0rViV5ah1UEmR5DC0kcA0IJBNOVB9VFxBMIwF7DwF9UXYOHjoMIgsJckM1Qlk+EDULCWwMKFBXd0MwCwlkVWgEFn5DMwsJbBE2V193VGBGTD4JewcPelR2Awp9XH4FDX8
IP 172.67.151.35:443
Requested by https://www.upload.ee/files/15987396/557rwan.exe.html?msg=sess_error
Certificate IssuerLet's Encrypt
Subjectnopoloferewer.com
Fingerprint1C:1B:31:D2:BE:DB:1E:11:2D:94:5D:E0:D3:C4:E7:24:97:8D:D8:19
ValidityFri, 17 Nov 2023 18:18:56 GMT - Thu, 15 Feb 2024 18:18:55 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ZUY2OEpKeVVLdysoYG0rViV5ah1UEmR5DC0kcA0IJBNOVB9VFxBMIwF7DwF9UXYOHjoMIgsJckM1Qlk+EDULCWwMKFBXd0MwCwlkVWgEFn5DMwsJbBE2V193VGBGTD4JewcPelR2Awp9XH4FDX8 HTTP/1.1
Host: nopoloferewer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
date: Mon, 27 Nov 2023 02:39:54 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xNsyuITPGIIJxbV3079RS5XwOUREdIErzqsowqEh7Vb6peiO0VeDzKY2F2KJCfDSE4A15s6dZlgMPYhX0IsrYBz2Lp2%2BEP%2F9%2F1Ee%2BD9yYGrfSNJKRsTcIxpOdJDvL%2F58gkyRew%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82c700dfdde15693-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
riperfienwa.com/Q2p4cEQiCBsdeyJXGlYxMQZFVXYFT0o2IDZaCAUgcxkcHCk5DFYTKCwfHBY2LAQMXiomHl1CAgIOPxQOFwc1KAcACRcoBQIlNCgKIj4uMn0lWxwjABcFEDQVEQs7MxEWLSw5Nwo7DwMCFFJONxYBCx0nIxMsKRsxIFotIgcQGgIlKAotNCM8Jjs9NX0TDQ8WEyoJSjEGcy8yMy8CKDpJMgwdMjoHKjNIMywkJjM3MBEnFDoqJQEiNxJxL00zLCwuMhovEj8uJnEKKBwiEhsGXUICFlsIKCYLWhAlEhVfNyErIj8gQTYWLiIzIXBeGiEoDRkeIwIRPCBdL3ssLjYRACJBJBUWBk0qdBktLglwMSs6SA0hIg8cFi8OTBYoDSwuQywxPy0hBgouDzcBJA0AEXUGEy4eKHQ+LSIGEyI2I2IpGRceNH4rEwcpFg8XHxwx
108.157.214.58200 OK 1.2 kB URL GET HTTP/2 riperfienwa.com/Q2p4cEQiCBsdeyJXGlYxMQZFVXYFT0o2IDZaCAUgcxkcHCk5DFYTKCwfHBY2LAQMXiomHl1CAgIOPxQOFwc1KAcACRcoBQIlNCgKIj4uMn0lWxwjABcFEDQVEQs7MxEWLSw5Nwo7DwMCFFJONxYBCx0nIxMsKRsxIFotIgcQGgIlKAotNCM8Jjs9NX0TDQ8WEyoJSjEGcy8yMy8CKDpJMgwdMjoHKjNIMywkJjM3MBEnFDoqJQEiNxJxL00zLCwuMhovEj8uJnEKKBwiEhsGXUICFlsIKCYLWhAlEhVfNyErIj8gQTYWLiIzIXBeGiEoDRkeIwIRPCBdL3ssLjYRACJBJBUWBk0qdBktLglwMSs6SA0hIg8cFi8OTBYoDSwuQywxPy0hBgouDzcBJA0AEXUGEy4eKHQ+LSIGEyI2I2IpGRceNH4rEwcpFg8XHxwx
IP 108.157.214.58:443
Requested by https://www.upload.ee/files/15987396/557rwan.exe.html?msg=sess_error
Certificate IssuerAmazon
Subjectriperfienwa.com
Fingerprint4B:12:B3:11:21:59:25:3B:20:8F:04:FD:04:71:69:B3:30:E1:A0:FA
ValidityWed, 22 Nov 2023 00:00:00 GMT - Fri, 20 Dec 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3036), with no line terminators
Hash 1d36a459673ab4bdc209910d47bf02fc
e5206f4e6aeaf5c029a08e24ca0e502fefab16e0
2bde23a6b83ac5a7567742e36552e4dda3404aa668d36d9f0cd534bf9a160a0f
GET /Q2p4cEQiCBsdeyJXGlYxMQZFVXYFT0o2IDZaCAUgcxkcHCk5DFYTKCwfHBY2LAQMXiomHl1CAgIOPxQOFwc1KAcACRcoBQIlNCgKIj4uMn0lWxwjABcFEDQVEQs7MxEWLSw5Nwo7DwMCFFJONxYBCx0nIxMsKRsxIFotIgcQGgIlKAotNCM8Jjs9NX0TDQ8WEyoJSjEGcy8yMy8CKDpJMgwdMjoHKjNIMywkJjM3MBEnFDoqJQEiNxJxL00zLCwuMhovEj8uJnEKKBwiEhsGXUICFlsIKCYLWhAlEhVfNyErIj8gQTYWLiIzIXBeGiEoDRkeIwIRPCBdL3ssLjYRACJBJBUWBk0qdBktLglwMSs6SA0hIg8cFi8OTBYoDSwuQywxPy0hBgouDzcBJA0AEXUGEy4eKHQ+LSIGEyI2I2IpGRceNH4rEwcpFg8XHxwx HTTP/1.1
Host: riperfienwa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1186
date: Mon, 27 Nov 2023 02:39:54 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 d7969a7dfe0a063d186d3c72531d67be.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: uh7-Vp6tTwLaDlu8Q7hd4y6nVSnSBj1UywjrUumRQ-jpv-us57imWw==
X-Firefox-Spdy: h2
riperfienwa.com/Unp5QWMzGBosXDNHG2cWIBZEZFEUX0sHBydKCTQHYgkdLQ4oHFciDz0PHScRPRQNbw03DlxzJSg3AwM6AREBEDsoIwoiUzYgKQkHYzkeJRE0MiwXNDsJFQgIHzQ2L1pkLywQGzQSIAQHPE5ccyEcFhoPAhUNHhQPZl9LBwdgCi4ZCSZJHxM1ACo6KRsQAiAyLDs0IAU3CwM1cBMGNCpxFQNKEWRRECoAcSwKLho2KQRDGg40a19LAwcDLEskDjk4OAkiazAvcDYcAElkURQ8HgsMGD4eFiI/Ek4nIWI7HxkIHTweCwwCKS8lIT8CDydQFywYLwxiOCgTWjcrTRYiP1cedSw6Iz0GOyZCOylWPSNLKiETPkE3L2MSHyc7NTE4ECEiHxc2IBM9FTcFNTQuDDc1Ci8XWzUYSnRSEy0RZFEUIx4MNB4iHXhFOAkWLxNvGEx3ASYTTRtUFA
108.157.214.58200 OK 1.2 kB URL GET HTTP/2 riperfienwa.com/Unp5QWMzGBosXDNHG2cWIBZEZFEUX0sHBydKCTQHYgkdLQ4oHFciDz0PHScRPRQNbw03DlxzJSg3AwM6AREBEDsoIwoiUzYgKQkHYzkeJRE0MiwXNDsJFQgIHzQ2L1pkLywQGzQSIAQHPE5ccyEcFhoPAhUNHhQPZl9LBwdgCi4ZCSZJHxM1ACo6KRsQAiAyLDs0IAU3CwM1cBMGNCpxFQNKEWRRECoAcSwKLho2KQRDGg40a19LAwcDLEskDjk4OAkiazAvcDYcAElkURQ8HgsMGD4eFiI/Ek4nIWI7HxkIHTweCwwCKS8lIT8CDydQFywYLwxiOCgTWjcrTRYiP1cedSw6Iz0GOyZCOylWPSNLKiETPkE3L2MSHyc7NTE4ECEiHxc2IBM9FTcFNTQuDDc1Ci8XWzUYSnRSEy0RZFEUIx4MNB4iHXhFOAkWLxNvGEx3ASYTTRtUFA
IP 108.157.214.58:443
Requested by https://www.upload.ee/files/15987396/557rwan.exe.html?msg=sess_error
Certificate IssuerAmazon
Subjectriperfienwa.com
Fingerprint4B:12:B3:11:21:59:25:3B:20:8F:04:FD:04:71:69:B3:30:E1:A0:FA
ValidityWed, 22 Nov 2023 00:00:00 GMT - Fri, 20 Dec 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3036), with no line terminators
Hash a3dcc490c1a0f814d0d30a9b25f389c9
305a50401871119979fa07a2cff639c8f56ac0f8
1a8ffde5bbf4ea33a8b870211eae4d5612b0453a97abd118428f3fbd440d3cae
GET /Unp5QWMzGBosXDNHG2cWIBZEZFEUX0sHBydKCTQHYgkdLQ4oHFciDz0PHScRPRQNbw03DlxzJSg3AwM6AREBEDsoIwoiUzYgKQkHYzkeJRE0MiwXNDsJFQgIHzQ2L1pkLywQGzQSIAQHPE5ccyEcFhoPAhUNHhQPZl9LBwdgCi4ZCSZJHxM1ACo6KRsQAiAyLDs0IAU3CwM1cBMGNCpxFQNKEWRRECoAcSwKLho2KQRDGg40a19LAwcDLEskDjk4OAkiazAvcDYcAElkURQ8HgsMGD4eFiI/Ek4nIWI7HxkIHTweCwwCKS8lIT8CDydQFywYLwxiOCgTWjcrTRYiP1cedSw6Iz0GOyZCOylWPSNLKiETPkE3L2MSHyc7NTE4ECEiHxc2IBM9FTcFNTQuDDc1Ci8XWzUYSnRSEy0RZFEUIx4MNB4iHXhFOAkWLxNvGEx3ASYTTRtUFA HTTP/1.1
Host: riperfienwa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/html
content-length: 1189
date: Mon, 27 Nov 2023 02:39:54 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 d7969a7dfe0a063d186d3c72531d67be.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: U_BLYL6qjxL4sOo7il6pWRF91SMLfsX1bPD2UdXenQOkYpOgJidVMw==
X-Firefox-Spdy: h2
riperfienwa.com/UWVXME8wBzRdcDBYNRY6IwlqFX0XQGV2KyRVJ0UrYRYzXCIrA3lTIz4QM1Y9PgsjHiE0EXICCTwyPAU1CA8GBQYDVRJzNmULEQF3HzxkXAcEAi8IBRAkGWcmIR8dYyM/JDB5FRQCFgEFBAESYQwQFANcBgIrPggrEzQ7CAQpVRVzGCUKElcVBj9kQBkXVAFeBikSDmgbCAwSWywWLR9EKwQNEV8pPRYBaBsAFB9yGRkDZEgLFSAVFX0XAxJ+GxMtBRV9EzM7dn03Vi90CQdVZ1UKNS0VSCcjNAF6AjMtJ2caCT9yAgk3IBphHj9cbn0jHCA1Ag0VNi92IDcNemEHBx8SWBk9Jy5RB2QmAlcdIwM8egcTCDhfCDknBWAMFCkFRxYyA2d+FxYIJ18NPV0RFiUiCjlAcgcuBGgDOxVjXyRl
108.157.214.58200 OK 1.2 kB URL GET HTTP/2 riperfienwa.com/UWVXME8wBzRdcDBYNRY6IwlqFX0XQGV2KyRVJ0UrYRYzXCIrA3lTIz4QM1Y9PgsjHiE0EXICCTwyPAU1CA8GBQYDVRJzNmULEQF3HzxkXAcEAi8IBRAkGWcmIR8dYyM/JDB5FRQCFgEFBAESYQwQFANcBgIrPggrEzQ7CAQpVRVzGCUKElcVBj9kQBkXVAFeBikSDmgbCAwSWywWLR9EKwQNEV8pPRYBaBsAFB9yGRkDZEgLFSAVFX0XAxJ+GxMtBRV9EzM7dn03Vi90CQdVZ1UKNS0VSCcjNAF6AjMtJ2caCT9yAgk3IBphHj9cbn0jHCA1Ag0VNi92IDcNemEHBx8SWBk9Jy5RB2QmAlcdIwM8egcTCDhfCDknBWAMFCkFRxYyA2d+FxYIJ18NPV0RFiUiCjlAcgcuBGgDOxVjXyRl
IP 108.157.214.58:443
Requested by https://www.upload.ee/files/15987396/557rwan.exe.html?msg=sess_error
Certificate IssuerAmazon
Subjectriperfienwa.com
Fingerprint4B:12:B3:11:21:59:25:3B:20:8F:04:FD:04:71:69:B3:30:E1:A0:FA
ValidityWed, 22 Nov 2023 00:00:00 GMT - Fri, 20 Dec 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3017), with no line terminators
Hash 9c91cefdbe940d2208c8f136796fe7a8
e63864a36c88a2948102f41a471bed9728ab6038
cb0f2cfa9c190cd92e107d107f763bb0210027b59c5f68a9431b7f31fd580e65
GET /UWVXME8wBzRdcDBYNRY6IwlqFX0XQGV2KyRVJ0UrYRYzXCIrA3lTIz4QM1Y9PgsjHiE0EXICCTwyPAU1CA8GBQYDVRJzNmULEQF3HzxkXAcEAi8IBRAkGWcmIR8dYyM/JDB5FRQCFgEFBAESYQwQFANcBgIrPggrEzQ7CAQpVRVzGCUKElcVBj9kQBkXVAFeBikSDmgbCAwSWywWLR9EKwQNEV8pPRYBaBsAFB9yGRkDZEgLFSAVFX0XAxJ+GxMtBRV9EzM7dn03Vi90CQdVZ1UKNS0VSCcjNAF6AjMtJ2caCT9yAgk3IBphHj9cbn0jHCA1Ag0VNi92IDcNemEHBx8SWBk9Jy5RB2QmAlcdIwM8egcTCDhfCDknBWAMFCkFRxYyA2d+FxYIJ18NPV0RFiUiCjlAcgcuBGgDOxVjXyRl HTTP/1.1
Host: riperfienwa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/html
content-length: 1172
date: Mon, 27 Nov 2023 02:39:54 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 d7969a7dfe0a063d186d3c72531d67be.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: Rb7dEB5S2lwblQf1ZOBlJMOV9xcajyKG8kBEaCxjiaoIygEjmZVBmg==
X-Firefox-Spdy: h2
www.upload.ee/favicon.ico
51.91.30.159200 OK 1.2 kB URL GET HTTP/1.1 www.upload.ee/favicon.ico
IP 51.91.30.159:443
Requested by https://www.upload.ee/files/15987396/557rwan.exe.html?msg=sess_error
Certificate IssuerDigiCert, Inc.
Subjectwww.upload.ee
Fingerprint50:32:93:34:C8:04:2F:84:49:77:0D:C4:DD:CA:79:C9:CB:3E:C0:F4
ValidityThu, 02 Mar 2023 00:00:00 GMT - Mon, 01 Apr 2024 23:59:59 GMT
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash f299cf2e651c19e48d27900ced493ccb
c2d1086d517d7a26292e0d7b32da7c55b166c23b
115c8eb4840245f7aed0cb2a17fa7e91b86f79bb2f223a25af8cc533e1dedff1
GET /favicon.ico HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/files/15987396/557rwan.exe.html?msg=sess_error
Cookie: lng=eng; _ga_LT9YQX0N49=GS1.1.1701052798.1.0.1701052798.0.0.0; _ga=GA1.1.1981045213.1701052798
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 27 Nov 2023 02:39:55 GMT
Content-Type: image/x-icon
Content-Length: 1150
Last-Modified: Tue, 16 Dec 2008 17:17:25 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "4947e2a5-47e"
Expires: Mon, 04 Dec 2023 02:39:55 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
142.250.74.109302 Found 0 B URL GET HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP 142.250.74.109:443
Requested by https://www.upload.ee/files/15987396/557rwan.exe.html?msg=sess_error
Certificate IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
Fingerprint1E:A9:E1:96:78:1D:08:FC:96:C8:C2:34:4F:02:D3:3D:FA:9A:D2:6B
ValidityMon, 23 Oct 2023 11:25:04 GMT - Mon, 15 Jan 2024 11:25:03 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:dW3OOyjdIOTsGNz9SoShSyRRwz_Stg:8drkyfC4BYgUhxTG; Expires=Wed, 26-Nov-2025 02:39:55 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 27 Nov 2023 02:39:55 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=ASKXGp2CEEdS3oFJqQgL7dgdkttvzazpmC1KVF9uABhWzY66OXYnQ-uzleL_gv-XtkLP6dLdEtoU
strict-transport-security: max-age=31536000; includeSubDomains
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: script-src 'nonce-uKV018f5Me8yrGPDp69wfg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
142.250.74.109302 Found 0 B URL GET HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP 142.250.74.109:443
Requested by https://www.upload.ee/files/15987396/557rwan.exe.html?msg=sess_error
Certificate IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
Fingerprint1E:A9:E1:96:78:1D:08:FC:96:C8:C2:34:4F:02:D3:3D:FA:9A:D2:6B
ValidityMon, 23 Oct 2023 11:25:04 GMT - Mon, 15 Jan 2024 11:25:03 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:UM5wxkIysnO1Q0kyBN8D87BtyXszGg:7WYhLK10TEhzpRTl; Expires=Wed, 26-Nov-2025 02:39:55 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 27 Nov 2023 02:39:55 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=ASKXGp1gG0ww_X2f1l-G2Yr3UDtM-swW-bFrF8N0zUKVMAszRCy3-CAFV27fiUnI95i4ED-0O1nL
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-security-policy: script-src 'nonce-0iviDKgjGqSkzgG25Uruwg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=ASKXGp2CEEdS3oFJqQgL7dgdkttvzazpmC1KVF9uABhWzY66OXYnQ-uzleL_gv-XtkLP6dLdEtoU
142.250.74.109302 Found 403 B URL GET HTTP/2 accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=ASKXGp2CEEdS3oFJqQgL7dgdkttvzazpmC1KVF9uABhWzY66OXYnQ-uzleL_gv-XtkLP6dLdEtoU
IP 142.250.74.109:443
Requested by https://www.upload.ee/files/15987396/557rwan.exe.html?msg=sess_error
Certificate IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
Fingerprint1E:A9:E1:96:78:1D:08:FC:96:C8:C2:34:4F:02:D3:3D:FA:9A:D2:6B
ValidityMon, 23 Oct 2023 11:25:04 GMT - Mon, 15 Jan 2024 11:25:03 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (394)
Hash f4148c3ee0938a1163cc7864dfa2aa02
ac2c5e2d00aea32cd8b75988009c5854500d8643
9da55b5a78861b4eadd782bf46cbbb04aec700643989551e0c2ad86cae029443
GET /InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=ASKXGp2CEEdS3oFJqQgL7dgdkttvzazpmC1KVF9uABhWzY66OXYnQ-uzleL_gv-XtkLP6dLdEtoU HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:aiy3zgKoljxX7snEXUeUo8jD3njhPQ:ukVOD2B3aNgP1_zr;Path=/;Expires=Wed, 26-Nov-2025 02:39:55 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 27 Nov 2023 02:39:55 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp2xOUCn63Is42iwQ5Vjiwz1QvNZIsAmM6Zwxpq0WjG3km--gYO9IBwLDqPFyLwTRPHwHbdL&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1056667143%3A1701052795189997&theme=glif
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-bXzBTr54NnObT8Uh6EdoLw' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 403
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
riperfienwa.com/utx?cb=QM7qBj1vQnDG&top=www.upload.ee&tid=997369
108.157.214.58204 No Content 0 B URL GET HTTP/2 riperfienwa.com/utx?cb=QM7qBj1vQnDG&top=www.upload.ee&tid=997369
IP 108.157.214.58:443
Requested by https://www.upload.ee/files/15987396/557rwan.exe.html?msg=sess_error
Certificate IssuerAmazon
Subjectriperfienwa.com
Fingerprint4B:12:B3:11:21:59:25:3B:20:8F:04:FD:04:71:69:B3:30:E1:A0:FA
ValidityWed, 22 Nov 2023 00:00:00 GMT - Fri, 20 Dec 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=QM7qBj1vQnDG&top=www.upload.ee&tid=997369 HTTP/1.1
Host: riperfienwa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.upload.ee
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
date: Mon, 27 Nov 2023 02:39:55 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://www.upload.ee
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Mon, 27 Nov 2023 02:40:55 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 d7969a7dfe0a063d186d3c72531d67be.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: vYRUrjbgbYhgTAS7h0-gMrezcrxHrmoydwbjW_FGXIsCHTRGBh6nWA==
X-Firefox-Spdy: h2
riperfienwa.com/utx?cb=6kdrV3qBKILq&top=www.upload.ee&tid=997414
108.157.214.58204 No Content 0 B URL GET HTTP/2 riperfienwa.com/utx?cb=6kdrV3qBKILq&top=www.upload.ee&tid=997414
IP 108.157.214.58:443
Requested by https://www.upload.ee/files/15987396/557rwan.exe.html?msg=sess_error
Certificate IssuerAmazon
Subjectriperfienwa.com
Fingerprint4B:12:B3:11:21:59:25:3B:20:8F:04:FD:04:71:69:B3:30:E1:A0:FA
ValidityWed, 22 Nov 2023 00:00:00 GMT - Fri, 20 Dec 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=6kdrV3qBKILq&top=www.upload.ee&tid=997414 HTTP/1.1
Host: riperfienwa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.upload.ee
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
date: Mon, 27 Nov 2023 02:39:55 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://www.upload.ee
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Mon, 27 Nov 2023 02:40:55 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 d7969a7dfe0a063d186d3c72531d67be.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: 8pvr2BxtV1VMXMRDtJxTjKk0r73F0S-XBFHSv4jPCn4XR-l-6KKQKg==
X-Firefox-Spdy: h2
accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=ASKXGp1gG0ww_X2f1l-G2Yr3UDtM-swW-bFrF8N0zUKVMAszRCy3-CAFV27fiUnI95i4ED-0O1nL
142.250.74.109302 Found 405 B URL GET HTTP/2 accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=ASKXGp1gG0ww_X2f1l-G2Yr3UDtM-swW-bFrF8N0zUKVMAszRCy3-CAFV27fiUnI95i4ED-0O1nL
IP 142.250.74.109:443
Requested by https://www.upload.ee/files/15987396/557rwan.exe.html?msg=sess_error
Certificate IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
Fingerprint1E:A9:E1:96:78:1D:08:FC:96:C8:C2:34:4F:02:D3:3D:FA:9A:D2:6B
ValidityMon, 23 Oct 2023 11:25:04 GMT - Mon, 15 Jan 2024 11:25:03 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (397)
Hash 3736a04d0fc23595ac809f613d4506d4
3b636f037fd1d8853aa1b0df48760525f209c2ae
9118a12e44ba56102489a276a3fa2597221acfee6759d6a4153847656e9eaedd
GET /InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=ASKXGp1gG0ww_X2f1l-G2Yr3UDtM-swW-bFrF8N0zUKVMAszRCy3-CAFV27fiUnI95i4ED-0O1nL HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:O3UplZLbPHsend_ebdKtEa1eScaykg:i1QlNDzVW_shmgXk;Path=/;Expires=Wed, 26-Nov-2025 02:39:55 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 27 Nov 2023 02:39:55 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp2MYYD9dAuglXz93dnNC9_tmpH6STJqla0naBtjTVySGv50zvpQH1tSDarqNHTqFQf0YUsj&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S2047797627%3A1701052795236026&theme=glif
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-jFVZ90FoDoN04iYudB6YAA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 405
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
du0pud0sdlmzf.cloudfront.net/mWk5zYjQ5IR0ECy4nF18NY3lHUgx8JAANWipzJSlnAgIZEgA1JUdEQCAqTlISNi8dBQl8Kx0BCWtoEgZWZ3pVF1VnIxwYXTYiEkcGHHtdUhFoflsVXTQqHBVHf3xDDEB/fENTBHR+VlF2f3xDFV00eEdHBxhrQVJMbHpWUXZ/fEMQQn99MlMEb2BDSxFofh-QHVzEhVlByaH5CUgRrfkJHBmooGhBRPCELRwYcf0NXGmpoBl8F
143.204.42.211 183 B URL du0pud0sdlmzf.cloudfront.net/mWk5zYjQ5IR0ECy4nF18NY3lHUgx8JAANWipzJSlnAgIZEgA1JUdEQCAqTlISNi8dBQl8Kx0BCWtoEgZWZ3pVF1VnIxwYXTYiEkcGHHtdUhFoflsVXTQqHBVHf3xDDEB/fENTBHR+VlF2f3xDFV00eEdHBxhrQVJMbHpWUXZ/fEMQQn99MlMEb2BDSxFofh-QHVzEhVlByaH5CUgRrfkJHBmooGhBRPCELRwYcf0NXGmpoBl8F
IP 143.204.42.211:0
Certificate IssuerAmazon
Subject*.cloudfront.net
FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52
ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT
File type ASCII text, with no line terminators
Hash 0dc3d22f1e9105f3a0ae50a0f3721aee
af21d24ee03b949af36363eb1015a3e4129afa8f
49afa4d89621e47047536936c6840cd51c77b142ca0051ac2bfadad9cab2dca2
GET /mWk5zYjQ5IR0ECy4nF18NY3lHUgx8JAANWipzJSlnAgIZEgA1JUdEQCAqTlISNi8dBQl8Kx0BCWtoEgZWZ3pVF1VnIxwYXTYiEkcGHHtdUhFoflsVXTQqHBVHf3xDDEB/fENTBHR+VlF2f3xDFV00eEdHBxhrQVJMbHpWUXZ/fEMQQn99MlMEb2BDSxFofh-QHVzEhVlByaH5CUgRrfkJHBmooGhBRPCELRwYcf0NXGmpoBl8F HTTP/1.1
Host: du0pud0sdlmzf.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://riperfienwa.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 183
date: Mon, 27 Nov 2023 02:39:55 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 1d8cf7c8865ed1078c19a98771ad34ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: a939A_JSnQUUbD6-1AQV2RslGSZ7nzSlMMhpxoxsXD8vyfQTUEuHqw==
X-Firefox-Spdy: h2
du0pud0sdlmzf.cloudfront.net/AdGdJTmMXCCcoXAAOLXNaTVB9f1dSDTohDQRaCCUUGTIsIQwsFW86GRBaeWgPFQkuc0URCSpzUlIGLSxeQEE9PgwfWic2AB0EJCkABB9vOwJJCiY0ChgLKGtRMlJnfkZGV2E5ChoDJjkQUVV5IBdRVXl/U1pXbH0hUVV5OQoaUX1rUDZCe34bQlNsfSFRVX-k8FVFUCH9TQUl5Z0ZGVy4rAB8IbHwlRld4flNFV3hrUUQBIDwGEggxa1EyVnl7TURBPHNS
143.204.42.211 572 B URL du0pud0sdlmzf.cloudfront.net/AdGdJTmMXCCcoXAAOLXNaTVB9f1dSDTohDQRaCCUUGTIsIQwsFW86GRBaeWgPFQkuc0URCSpzUlIGLSxeQEE9PgwfWic2AB0EJCkABB9vOwJJCiY0ChgLKGtRMlJnfkZGV2E5ChoDJjkQUVV5IBdRVXl/U1pXbH0hUVV5OQoaUX1rUDZCe34bQlNsfSFRVX-k8FVFUCH9TQUl5Z0ZGVy4rAB8IbHwlRld4flNFV3hrUUQBIDwGEggxa1EyVnl7TURBPHNS
IP 143.204.42.211:0
Certificate IssuerAmazon
Subject*.cloudfront.net
FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52
ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT
File type ASCII text, with very long lines (790), with no line terminators
Hash 60bc55a129a4c2069735d2c8e22a7c16
fbc4c47f222da6de2b975b115d58f359f1f488a0
489709637901e8f67037fb6f319b96c57451c8e48e91f4c77cdbb370bb69de4f
GET /AdGdJTmMXCCcoXAAOLXNaTVB9f1dSDTohDQRaCCUUGTIsIQwsFW86GRBaeWgPFQkuc0URCSpzUlIGLSxeQEE9PgwfWic2AB0EJCkABB9vOwJJCiY0ChgLKGtRMlJnfkZGV2E5ChoDJjkQUVV5IBdRVXl/U1pXbH0hUVV5OQoaUX1rUDZCe34bQlNsfSFRVX-k8FVFUCH9TQUl5Z0ZGVy4rAB8IbHwlRld4flNFV3hrUUQBIDwGEggxa1EyVnl7TURBPHNS HTTP/1.1
Host: du0pud0sdlmzf.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://riperfienwa.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 572
date: Mon, 27 Nov 2023 02:39:55 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 1d8cf7c8865ed1078c19a98771ad34ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: izESRo5LJu7j34fuGmAf8qpUGC8uw6_1c6KvVgrcVH7SdHrI4hufJA==
X-Firefox-Spdy: h2
du0pud0sdlmzf.cloudfront.net/zMzBYSkxQXzYsc0dZPHd1CgdrfHUVWislIkMNOn96UUQxfhYEdn4+NlcNaGwgUl4/d2pWXjt3fRVRPChxBxYsOiNYDTYyL1pTNS0vQ0h+Py0OXTcwJV9cOW9+dQV2emkBAHA9JV1UNz0/FgJoJDgWAmh7fB0AfXkOFgJoPSVdBmxvf3EVano0BQR9eQ4WAm-g4OhYDGXt8Bh5oY2kBAD8vL1hffXgKAQBpenwCAGlvfgNWMTgpVV8gb351AWh/YgMWLXd9
143.204.42.211 608 B URL du0pud0sdlmzf.cloudfront.net/zMzBYSkxQXzYsc0dZPHd1CgdrfHUVWislIkMNOn96UUQxfhYEdn4+NlcNaGwgUl4/d2pWXjt3fRVRPChxBxYsOiNYDTYyL1pTNS0vQ0h+Py0OXTcwJV9cOW9+dQV2emkBAHA9JV1UNz0/FgJoJDgWAmh7fB0AfXkOFgJoPSVdBmxvf3EVano0BQR9eQ4WAm-g4OhYDGXt8Bh5oY2kBAD8vL1hffXgKAQBpenwCAGlvfgNWMTgpVV8gb351AWh/YgMWLXd9
IP 143.204.42.211:0
Certificate IssuerAmazon
Subject*.cloudfront.net
FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52
ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT
File type ASCII text, with very long lines (858), with no line terminators
Hash 7f6f2cc466aa5dcdd5d7dc92a2759982
d0773430855ee3214f79ed321dd03ddc5d3389f5
b0e7be87f8bb78ac2df4229bb3e1a0801518eab67e6fc294e98e4e7706623ffd
GET /zMzBYSkxQXzYsc0dZPHd1CgdrfHUVWislIkMNOn96UUQxfhYEdn4+NlcNaGwgUl4/d2pWXjt3fRVRPChxBxYsOiNYDTYyL1pTNS0vQ0h+Py0OXTcwJV9cOW9+dQV2emkBAHA9JV1UNz0/FgJoJDgWAmh7fB0AfXkOFgJoPSVdBmxvf3EVano0BQR9eQ4WAm-g4OhYDGXt8Bh5oY2kBAD8vL1hffXgKAQBpenwCAGlvfgNWMTgpVV8gb351AWh/YgMWLXd9 HTTP/1.1
Host: du0pud0sdlmzf.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://riperfienwa.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 608
date: Mon, 27 Nov 2023 02:39:55 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 1d8cf7c8865ed1078c19a98771ad34ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 4Du2vSvXB_wctZtPQ43o-UDsIQMaeTJjfJOKjKouDEhNE_TrGawH2w==
X-Firefox-Spdy: h2
serving.bepolite.eu/script?space=50dd7b0f-4105-441f-8f60-18cc3fcb090c&type=direct&page_id=6739419&screen_width=1280&screen_height=1024&os=Linux%20x86_64&refurl=https%3A%2F%2Fwww.upload.ee%2Fdownload%2F15987396%2F8033fb17f44c1dea9a37%2F557rwan.exe&pageurl=https%3A%2F%2Fwww.upload.ee%2Ffiles%2F15987396%2F557rwan.exe.html%3Fmsg%3Dsess_error&rnd=1701052798224
212.47.222.20 1.9 kB URL GET serving.bepolite.eu/script?space=50dd7b0f-4105-441f-8f60-18cc3fcb090c&type=direct&page_id=6739419&screen_width=1280&screen_height=1024&os=Linux%20x86_64&refurl=https%3A%2F%2Fwww.upload.ee%2Fdownload%2F15987396%2F8033fb17f44c1dea9a37%2F557rwan.exe&pageurl=https%3A%2F%2Fwww.upload.ee%2Ffiles%2F15987396%2F557rwan.exe.html%3Fmsg%3Dsess_error&rnd=1701052798224
IP 212.47.222.20:0
ASN #3327 CITIC Telecom CPC Netherlands B.V.
Requested by https://www.upload.ee/files/15987396/557rwan.exe.html?msg=sess_error
Certificate IssuerLet's Encrypt
Subjectstatic.bepolite.eu
Fingerprint8B:4D:B8:C8:25:20:C8:F7:6E:64:AD:6F:28:DF:17:96:B7:3E:67:B9
ValidityFri, 03 Nov 2023 22:07:14 GMT - Thu, 01 Feb 2024 22:07:13 GMT
File type ASCII text, with very long lines (394)
Hash 683d8a3934efc84c1bf4f39491a8c2a0
9e86f059d1f0ddc709928927f2352370efeee9f5
7740c2cf45e55c3d999ad96e579e218d1d71cdb497d00f2eaa505082f6f054c0
GET /script?space=50dd7b0f-4105-441f-8f60-18cc3fcb090c&type=direct&page_id=6739419&screen_width=1280&screen_height=1024&os=Linux%20x86_64&refurl=https%3A%2F%2Fwww.upload.ee%2Fdownload%2F15987396%2F8033fb17f44c1dea9a37%2F557rwan.exe&pageurl=https%3A%2F%2Fwww.upload.ee%2Ffiles%2F15987396%2F557rwan.exe.html%3Fmsg%3Dsess_error&rnd=1701052798224 HTTP/1.1
Host: serving.bepolite.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
cache-control: private, must-revalidate, max-age=0
vary: accept-encoding
content-encoding: gzip
content-type: text/plain;charset=ISO-8859-1
date: Mon, 27 Nov 2023 02:39:37 GMT
set-cookie: bepolite_id=caa90a0e43df82692d2f30470e8fb551; Max-Age=7776000; Expires=Sun, 25-Feb-2024 02:39:38 GMT; SameSite=None; Secure
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 163021291
age: 0
accept-ranges: bytes
content-length: 1902
X-Firefox-Spdy: h2
static.bepolite.eu/scripts/saresponsive.js
212.47.222.20200 OK 177 kB URL GET HTTP/2 static.bepolite.eu/scripts/saresponsive.js
IP 212.47.222.20:443
ASN #3327 CITIC Telecom CPC Netherlands B.V.
Requested by https://www.upload.ee/files/15987396/557rwan.exe.html?msg=sess_error
Certificate IssuerLet's Encrypt
Subjectstatic.bepolite.eu
Fingerprint8B:4D:B8:C8:25:20:C8:F7:6E:64:AD:6F:28:DF:17:96:B7:3E:67:B9
ValidityFri, 03 Nov 2023 22:07:14 GMT - Thu, 01 Feb 2024 22:07:13 GMT
File type ASCII text, with very long lines (32077), with CRLF line terminators
Size 177 kB (177002 bytes)
Hash e94b1e6619d5d0264e9073324b7fd667
72f27e0a09fdf92a40a0cdba0a8be9e902e85380
2ef9a9a195e17329b9e2a844c83ccfa1c80f93b9848f5430da8b0a63444da59c
GET /scripts/saresponsive.js HTTP/1.1
Host: static.bepolite.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
accept-ranges: bytes
etag: "3171122304"
last-modified: Thu, 26 Oct 2023 21:13:25 GMT
content-length: 177002
date: Mon, 27 Nov 2023 02:39:37 GMT
cache-control: must-revalidate, private
expires: -1
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 123822460
age: 0
X-Firefox-Spdy: h2
static.bepolite.eu/banners/2c571999-e5b7-410d-a271-bf1532acf5e0/Novembercampaing_1000x400_EE.jpg
212.47.222.20200 OK 53 kB URL GET HTTP/2 static.bepolite.eu/banners/2c571999-e5b7-410d-a271-bf1532acf5e0/Novembercampaing_1000x400_EE.jpg
IP 212.47.222.20:443
ASN #3327 CITIC Telecom CPC Netherlands B.V.
Requested by https://www.upload.ee/files/15987396/557rwan.exe.html?msg=sess_error
Certificate IssuerLet's Encrypt
Subjectstatic.bepolite.eu
Fingerprint8B:4D:B8:C8:25:20:C8:F7:6E:64:AD:6F:28:DF:17:96:B7:3E:67:B9
ValidityFri, 03 Nov 2023 22:07:14 GMT - Thu, 01 Feb 2024 22:07:13 GMT
File type JPEG image data, progressive, precision 8, 1000x400, components 3\012- data
Hash 4f8c6d530b3b16463c23f63c5c039f20
028f36c64868215ee266bf88f87126b8ca324c9c
0a671462370c495769e35b68d809de5ee4e0102f8dcc86ca7a882d2eaf6b9af1
GET /banners/2c571999-e5b7-410d-a271-bf1532acf5e0/Novembercampaing_1000x400_EE.jpg HTTP/1.1
Host: static.bepolite.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
accept-ranges: bytes
etag: "1952704138"
last-modified: Fri, 10 Nov 2023 22:00:23 GMT
content-length: 52870
date: Mon, 27 Nov 2023 02:39:17 GMT
cache-control: must-revalidate, private
expires: -1
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 163021294
age: 0
X-Firefox-Spdy: h2
nopoloferewer.com/popunder.gif
172.67.151.35200 OK 3.4 kB URL GET HTTP/3 nopoloferewer.com/popunder.gif
IP 172.67.151.35:443
Requested by https://www.upload.ee/files/15987396/557rwan.exe.html?msg=sess_error
Certificate IssuerLet's Encrypt
Subjectnopoloferewer.com
Fingerprint1C:1B:31:D2:BE:DB:1E:11:2D:94:5D:E0:D3:C4:E7:24:97:8D:D8:19
ValidityFri, 17 Nov 2023 18:18:56 GMT - Thu, 15 Feb 2024 18:18:55 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 3305efd1aab2e16319a0bf7378194cb4
14679a34a13b0938f716189e0b9e44cc0f139c62
bd08b52d84837bdec0461bcf0b8f569b2e1b9dd09dc2aab5ae2f0704aee1cc32
GET /popunder.gif HTTP/1.1
Host: nopoloferewer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 27 Nov 2023 02:39:55 GMT
content-type: image/gif
access-control-allow-origin: *
pragma: public
cache-control: public, max-age=604800, immutable
cf-cache-status: HIT
age: 9928
last-modified: Sun, 26 Nov 2023 23:54:27 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h%2BTkqka7nVkx%2F%2BIaE09f5uTiZaV12II5hKFHjvuo5fKl8eSEIQzgnL%2FGQPZgptUjXuQSgJrAhAH5ODW3k%2F35Y9G%2BRwkliCNxbkNybGJeOzt9ObR%2FGQ0HUswzz8t%2BDoZKCx7Afw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82c700e45c711c06-OSL
alt-svc: h3=":443"; ma=86400
static.bepolite.eu/files/close-gray.png
212.47.222.20200 OK 1.5 kB URL GET HTTP/2 static.bepolite.eu/files/close-gray.png
IP 212.47.222.20:443
ASN #3327 CITIC Telecom CPC Netherlands B.V.
Requested by https://www.upload.ee/files/15987396/557rwan.exe.html?msg=sess_error
Certificate IssuerLet's Encrypt
Subjectstatic.bepolite.eu
Fingerprint8B:4D:B8:C8:25:20:C8:F7:6E:64:AD:6F:28:DF:17:96:B7:3E:67:B9
ValidityFri, 03 Nov 2023 22:07:14 GMT - Thu, 01 Feb 2024 22:07:13 GMT
File type PNG image data, 35 x 35, 8-bit/color RGBA, non-interlaced\012- data
Hash 41d9676ab94bece3f7a549b4769ddbe2
521f14490fc57fea51e2e5bf00e2299dce51561b
c2f89787bda82263fceb9ec11d398fa83a5f22abf248956df29bdee2987d2f34
GET /files/close-gray.png HTTP/1.1
Host: static.bepolite.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/png
accept-ranges: bytes
etag: "801691811"
last-modified: Fri, 08 Apr 2022 18:07:56 GMT
content-length: 1497
date: Mon, 27 Nov 2023 02:39:38 GMT
cache-control: must-revalidate, private
expires: -1
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 123822463
age: 0
X-Firefox-Spdy: h2
serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF4__0339jCiSDdgWm7GNoFqQtVftHtHrtsc8KamDu6rJRAAn8PPpQ3H3AGD9jTHgExmbaYkW_hExzT5JyC3kaayC2NjCXD9vg8gIg6kus-oXvUBR4G683y5OEvtjL3BQOTFnh6s66PQD1sC_6TOZBmvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-2bY5oiw4fyrAwn75trUE1bqspeCQ9uTRSMQOvtTdOJeWFA4xtXAzUZpt8hxla7Gk7a5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g
212.47.222.20200 OK 0 B URL GET HTTP/2 serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF4__0339jCiSDdgWm7GNoFqQtVftHtHrtsc8KamDu6rJRAAn8PPpQ3H3AGD9jTHgExmbaYkW_hExzT5JyC3kaayC2NjCXD9vg8gIg6kus-oXvUBR4G683y5OEvtjL3BQOTFnh6s66PQD1sC_6TOZBmvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-2bY5oiw4fyrAwn75trUE1bqspeCQ9uTRSMQOvtTdOJeWFA4xtXAzUZpt8hxla7Gk7a5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g
IP 212.47.222.20:443
ASN #3327 CITIC Telecom CPC Netherlands B.V.
Requested by https://www.upload.ee/files/15987396/557rwan.exe.html?msg=sess_error
Certificate IssuerLet's Encrypt
Subjectstatic.bepolite.eu
Fingerprint8B:4D:B8:C8:25:20:C8:F7:6E:64:AD:6F:28:DF:17:96:B7:3E:67:B9
ValidityFri, 03 Nov 2023 22:07:14 GMT - Thu, 01 Feb 2024 22:07:13 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /event?key=FYFWuDany3hwv6rfuoAYF4__0339jCiSDdgWm7GNoFqQtVftHtHrtsc8KamDu6rJRAAn8PPpQ3H3AGD9jTHgExmbaYkW_hExzT5JyC3kaayC2NjCXD9vg8gIg6kus-oXvUBR4G683y5OEvtjL3BQOTFnh6s66PQD1sC_6TOZBmvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-2bY5oiw4fyrAwn75trUE1bqspeCQ9uTRSMQOvtTdOJeWFA4xtXAzUZpt8hxla7Gk7a5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g HTTP/1.1
Host: serving.bepolite.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Cookie: bepolite_id=caa90a0e43df82692d2f30470e8fb551
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 0
date: Mon, 27 Nov 2023 02:39:18 GMT
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 143628423
age: 0
accept-ranges: bytes
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.111.13200 OK 297 kB IP 172.64.111.13:443
Requested by https://www.upload.ee/files/15987396/557rwan.exe.html?msg=sess_error
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint17:F9:2D:6F:B5:5E:5F:37:A6:FB:BE:61:4F:97:64:33:85:5C:3A:FB
ValidityTue, 28 Feb 2023 00:00:00 GMT - Tue, 27 Feb 2024 23:59:59 GMT
Size 297 kB (297170 bytes)
Hash 64bc5e72a8834a1b32c1a792a578460e
5036892df9583a74028b17e5479e64750ff56568
b749b374315e3ffef586f70208c5721f76c4145efcabdf912e5c8a442fb21d3a
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
Origin: https://www.upload.ee
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 27 Nov 2023 02:39:55 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://www.upload.ee
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 1815
last-modified: Mon, 27 Nov 2023 02:09:40 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bn80tPtQKMyNfzuwEp001j%2B%2FPbPSEXSMXEbRu%2Fzx%2BD2%2F8VeUGJ2sc0sNdrykprEj8Lg1d7bYXhqqlrWWGaw2yn06aHrdt3vO3GMXFoXbbukN689tdGIJ7hTLAQCFwQub"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82c700e1fe008873-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF4__0339jCiSDdgWm7GNoFqQtVftHtHrtsc8KamDu6rJRAAn8PPpQ3H3AGD9jTHgExmbaYkW_hExzT5JyC3kaayC2NjCXD9vg8gIg6kus-oXvUBR4G683y5OEvtjL3BQOTFnh6s66PQD1sC_6TOZBmvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-36qxw8Ul2_rwVcuvzsLUipOtuW_QN7J6fUO08VJfhiOKqJKd716KUrG_T0DJ_T5D_a5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g
212.47.222.20200 OK 0 B URL GET HTTP/2 serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF4__0339jCiSDdgWm7GNoFqQtVftHtHrtsc8KamDu6rJRAAn8PPpQ3H3AGD9jTHgExmbaYkW_hExzT5JyC3kaayC2NjCXD9vg8gIg6kus-oXvUBR4G683y5OEvtjL3BQOTFnh6s66PQD1sC_6TOZBmvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-36qxw8Ul2_rwVcuvzsLUipOtuW_QN7J6fUO08VJfhiOKqJKd716KUrG_T0DJ_T5D_a5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g
IP 212.47.222.20:443
ASN #3327 CITIC Telecom CPC Netherlands B.V.
Requested by https://www.upload.ee/files/15987396/557rwan.exe.html?msg=sess_error
Certificate IssuerLet's Encrypt
Subjectstatic.bepolite.eu
Fingerprint8B:4D:B8:C8:25:20:C8:F7:6E:64:AD:6F:28:DF:17:96:B7:3E:67:B9
ValidityFri, 03 Nov 2023 22:07:14 GMT - Thu, 01 Feb 2024 22:07:13 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /event?key=FYFWuDany3hwv6rfuoAYF4__0339jCiSDdgWm7GNoFqQtVftHtHrtsc8KamDu6rJRAAn8PPpQ3H3AGD9jTHgExmbaYkW_hExzT5JyC3kaayC2NjCXD9vg8gIg6kus-oXvUBR4G683y5OEvtjL3BQOTFnh6s66PQD1sC_6TOZBmvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-36qxw8Ul2_rwVcuvzsLUipOtuW_QN7J6fUO08VJfhiOKqJKd716KUrG_T0DJ_T5D_a5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g HTTP/1.1
Host: serving.bepolite.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Cookie: bepolite_id=caa90a0e43df82692d2f30470e8fb551
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 0
date: Mon, 27 Nov 2023 02:39:14 GMT
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 149257235
age: 0
accept-ranges: bytes
X-Firefox-Spdy: h2
serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF4__0339jCiSDdgWm7GNoFqQtVftHtHrtsc8KamDu6rJRAAn8PPpQ3H3AGD9jTHgExmbaYkW_hExzT5JyC3kaayC2NjCXD9vg8gIg6kus-oXvUBR4G683y5OEvtjL3BQOTFnh6s66PQD1sC_6TOZBmvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-0zwbk9TqjRTnsYPUNaaxKGkCg7KGTRYT7fhFg-5SWH2B_mBCduUip8LVifwpfYkvXa5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g
212.47.222.20200 OK 0 B URL GET HTTP/2 serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF4__0339jCiSDdgWm7GNoFqQtVftHtHrtsc8KamDu6rJRAAn8PPpQ3H3AGD9jTHgExmbaYkW_hExzT5JyC3kaayC2NjCXD9vg8gIg6kus-oXvUBR4G683y5OEvtjL3BQOTFnh6s66PQD1sC_6TOZBmvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-0zwbk9TqjRTnsYPUNaaxKGkCg7KGTRYT7fhFg-5SWH2B_mBCduUip8LVifwpfYkvXa5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g
IP 212.47.222.20:443
ASN #3327 CITIC Telecom CPC Netherlands B.V.
Requested by https://www.upload.ee/files/15987396/557rwan.exe.html?msg=sess_error
Certificate IssuerLet's Encrypt
Subjectstatic.bepolite.eu
Fingerprint8B:4D:B8:C8:25:20:C8:F7:6E:64:AD:6F:28:DF:17:96:B7:3E:67:B9
ValidityFri, 03 Nov 2023 22:07:14 GMT - Thu, 01 Feb 2024 22:07:13 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /event?key=FYFWuDany3hwv6rfuoAYF4__0339jCiSDdgWm7GNoFqQtVftHtHrtsc8KamDu6rJRAAn8PPpQ3H3AGD9jTHgExmbaYkW_hExzT5JyC3kaayC2NjCXD9vg8gIg6kus-oXvUBR4G683y5OEvtjL3BQOTFnh6s66PQD1sC_6TOZBmvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-0zwbk9TqjRTnsYPUNaaxKGkCg7KGTRYT7fhFg-5SWH2B_mBCduUip8LVifwpfYkvXa5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g HTTP/1.1
Host: serving.bepolite.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Cookie: bepolite_id=caa90a0e43df82692d2f30470e8fb551
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 0
date: Mon, 27 Nov 2023 02:39:37 GMT
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 143628426
age: 0
accept-ranges: bytes
X-Firefox-Spdy: h2
banner.hookusbookus.com/config/config.js?v=1
3.72.173.230200 OK 75 B URL GET HTTP/2 banner.hookusbookus.com/config/config.js?v=1
IP 3.72.173.230:443
Requested by https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4__0339jCiSDdgWm7GNoFqQtVftHtHrtsc8KamDu6rJRAAn8PPpQ3H3AGD9jTHgExmbaYkW_hExzT5JyC3kaayC2NjCXD9vg8gIg6kus-oXvUBR4G683y5OEvtjL3BQOTFnh6s66PQD1sC_6TOZBmvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-36qxw8Ul2_rwVcuvzsLUipOtuW_QN7J6fUO08VJfhiOKqJKd716KUrG_T0DJ_T5D_a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4__0339jCiSDdgWm7GNoFqQtVftHtHrtsc8KamDu6rJRAAn8PPpQ3H3AGD9jTHgExmbaYkW_hExzT5JyC3kaayC2NjCXD9vg8gIg6kus-oXvUBR4G683y5OEvtjL3BQOTFnh6s66PQD1sC_6TOZBmvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-36qxw8Ul2_rwVcuvzsLUipOtuW_QN7J6fUO08VJfhiOKqJKd716KUrG_T0DJ_T5D_a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=550ae091e6d342dc802fe77be54e2ed650dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerAmazon
Subject*.hookusbookus.com
FingerprintCD:CD:3C:03:66:21:F8:A9:21:BC:F8:C8:3C:DC:88:0A:C5:19:F1:7A
ValiditySun, 07 May 2023 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT
Hash ee16e21326dec006274a554647c4d759
8e4389c35e12ea6d1e4d7214c174fda343047865
5ccb649c18765165e7128191ea14ab53d8de87d6ad7eea29328b681d455d7a4f
GET /config/config.js?v=1 HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4__0339jCiSDdgWm7GNoFqQtVftHtHrtsc8KamDu6rJRAAn8PPpQ3H3AGD9jTHgExmbaYkW_hExzT5JyC3kaayC2NjCXD9vg8gIg6kus-oXvUBR4G683y5OEvtjL3BQOTFnh6s66PQD1sC_6TOZBmvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-36qxw8Ul2_rwVcuvzsLUipOtuW_QN7J6fUO08VJfhiOKqJKd716KUrG_T0DJ_T5D_a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4__0339jCiSDdgWm7GNoFqQtVftHtHrtsc8KamDu6rJRAAn8PPpQ3H3AGD9jTHgExmbaYkW_hExzT5JyC3kaayC2NjCXD9vg8gIg6kus-oXvUBR4G683y5OEvtjL3BQOTFnh6s66PQD1sC_6TOZBmvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-36qxw8Ul2_rwVcuvzsLUipOtuW_QN7J6fUO08VJfhiOKqJKd716KUrG_T0DJ_T5D_a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=550ae091e6d342dc802fe77be54e2ed650dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Mon, 27 Nov 2023 02:39:56 GMT
content-type: application/javascript
content-length: 75
server: nginx/1.15.12
last-modified: Tue, 24 Jan 2023 14:19:47 GMT
etag: "63cfe903-4b"
accept-ranges: bytes
X-Firefox-Spdy: h2
banner.hookusbookus.com/assets/css/index_1000x200.css
3.72.173.230200 OK 3.6 kB URL GET HTTP/2 banner.hookusbookus.com/assets/css/index_1000x200.css
IP 3.72.173.230:443
Requested by https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4__0339jCiSDdgWm7GNoFqQtVftHtHrtsc8KamDu6rJRAAn8PPpQ3H3AGD9jTHgExmbaYkW_hExzT5JyC3kaayC2NjCXD9vg8gIg6kus-oXvUBR4G683y5OEvtjL3BQOTFnh6s66PQD1sC_6TOZBmvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-36qxw8Ul2_rwVcuvzsLUipOtuW_QN7J6fUO08VJfhiOKqJKd716KUrG_T0DJ_T5D_a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4__0339jCiSDdgWm7GNoFqQtVftHtHrtsc8KamDu6rJRAAn8PPpQ3H3AGD9jTHgExmbaYkW_hExzT5JyC3kaayC2NjCXD9vg8gIg6kus-oXvUBR4G683y5OEvtjL3BQOTFnh6s66PQD1sC_6TOZBmvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-36qxw8Ul2_rwVcuvzsLUipOtuW_QN7J6fUO08VJfhiOKqJKd716KUrG_T0DJ_T5D_a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=550ae091e6d342dc802fe77be54e2ed650dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerAmazon
Subject*.hookusbookus.com
FingerprintCD:CD:3C:03:66:21:F8:A9:21:BC:F8:C8:3C:DC:88:0A:C5:19:F1:7A
ValiditySun, 07 May 2023 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT
File type gzip compressed data, from Unix\012- data
Hash 805386b458c26412844874e80bbefc00
6fb5ebb2a34ca8403c2c45ef46e00480556fdbd4
012d0f48eb5661665403b394b6c52450d211fa73d683891ea34ce2555efd7471
GET /assets/css/index_1000x200.css HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4__0339jCiSDdgWm7GNoFqQtVftHtHrtsc8KamDu6rJRAAn8PPpQ3H3AGD9jTHgExmbaYkW_hExzT5JyC3kaayC2NjCXD9vg8gIg6kus-oXvUBR4G683y5OEvtjL3BQOTFnh6s66PQD1sC_6TOZBmvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-36qxw8Ul2_rwVcuvzsLUipOtuW_QN7J6fUO08VJfhiOKqJKd716KUrG_T0DJ_T5D_a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4__0339jCiSDdgWm7GNoFqQtVftHtHrtsc8KamDu6rJRAAn8PPpQ3H3AGD9jTHgExmbaYkW_hExzT5JyC3kaayC2NjCXD9vg8gIg6kus-oXvUBR4G683y5OEvtjL3BQOTFnh6s66PQD1sC_6TOZBmvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-36qxw8Ul2_rwVcuvzsLUipOtuW_QN7J6fUO08VJfhiOKqJKd716KUrG_T0DJ_T5D_a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=550ae091e6d342dc802fe77be54e2ed650dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Mon, 27 Nov 2023 02:39:56 GMT
content-type: text/css
server: nginx/1.15.12
last-modified: Fri, 17 Dec 2021 08:13:58 GMT
vary: Accept-Encoding
etag: W/"61bc46c6-1301"
content-encoding: gzip
X-Firefox-Spdy: h2
banner.hookusbookus.com/assets/fonts/greycliff-cf-regular.woff
3.72.173.230200 OK 53 kB URL GET HTTP/2 banner.hookusbookus.com/assets/fonts/greycliff-cf-regular.woff
IP 3.72.173.230:443
Requested by https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4__0339jCiSDdgWm7GNoFqQtVftHtHrtsc8KamDu6rJRAAn8PPpQ3H3AGD9jTHgExmbaYkW_hExzT5JyC3kaayC2NjCXD9vg8gIg6kus-oXvUBR4G683y5OEvtjL3BQOTFnh6s66PQD1sC_6TOZBmvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-36qxw8Ul2_rwVcuvzsLUipOtuW_QN7J6fUO08VJfhiOKqJKd716KUrG_T0DJ_T5D_a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4__0339jCiSDdgWm7GNoFqQtVftHtHrtsc8KamDu6rJRAAn8PPpQ3H3AGD9jTHgExmbaYkW_hExzT5JyC3kaayC2NjCXD9vg8gIg6kus-oXvUBR4G683y5OEvtjL3BQOTFnh6s66PQD1sC_6TOZBmvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-36qxw8Ul2_rwVcuvzsLUipOtuW_QN7J6fUO08VJfhiOKqJKd716KUrG_T0DJ_T5D_a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=550ae091e6d342dc802fe77be54e2ed650dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerAmazon
Subject*.hookusbookus.com
FingerprintCD:CD:3C:03:66:21:F8:A9:21:BC:F8:C8:3C:DC:88:0A:C5:19:F1:7A
ValiditySun, 07 May 2023 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT
File type Web Open Font Format, TrueType, length 53104, version 1.500\012- data
Hash 4f5975fe17a8ca74963be0165ff6a443
4bca2ab6c3da2b6ae09602601adeac22e7a90381
5b8f98e0c93afef19bd64c3dea2a16d60dc1574e5a4a79b788ef03b9eb3c22df
GET /assets/fonts/greycliff-cf-regular.woff HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/assets/css/index_1000x200.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Mon, 27 Nov 2023 02:39:56 GMT
content-type: font/woff
content-length: 53104
server: nginx/1.15.12
last-modified: Thu, 22 Apr 2021 07:20:15 GMT
etag: "608123af-cf70"
accept-ranges: bytes
X-Firefox-Spdy: h2
dskwugy0u6y9l.cloudfront.net/hotelliveeb/images/general/1/BUqiDJaVFSzS3FKZH4Jb.jpg
143.204.42.211421 Misdirected Request 61 kB URL GET HTTP/2 dskwugy0u6y9l.cloudfront.net/hotelliveeb/images/general/1/BUqiDJaVFSzS3FKZH4Jb.jpg
IP 143.204.42.211:443
Requested by https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4__0339jCiSDdgWm7GNoFqQtVftHtHrtsc8KamDu6rJRAAn8PPpQ3H3AGD9jTHgExmbaYkW_hExzT5JyC3kaayC2NjCXD9vg8gIg6kus-oXvUBR4G683y5OEvtjL3BQOTFnh6s66PQD1sC_6TOZBmvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-36qxw8Ul2_rwVcuvzsLUipOtuW_QN7J6fUO08VJfhiOKqJKd716KUrG_T0DJ_T5D_a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4__0339jCiSDdgWm7GNoFqQtVftHtHrtsc8KamDu6rJRAAn8PPpQ3H3AGD9jTHgExmbaYkW_hExzT5JyC3kaayC2NjCXD9vg8gIg6kus-oXvUBR4G683y5OEvtjL3BQOTFnh6s66PQD1sC_6TOZBmvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-36qxw8Ul2_rwVcuvzsLUipOtuW_QN7J6fUO08VJfhiOKqJKd716KUrG_T0DJ_T5D_a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=550ae091e6d342dc802fe77be54e2ed650dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerAmazon
Subject*.cloudfront.net
FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52
ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 346x198, components 3\012- data
Hash ae20017cb814683d3e74045dac714bae
1edaf029fb4bd033faa11e712e8aa0f500559902
8e1a0c042ea2ee4c9c9be94d2b24c898dbe1d8dd1c65240b2801f710b017517e
GET /hotelliveeb/images/general/1/BUqiDJaVFSzS3FKZH4Jb.jpg HTTP/1.1
Host: dskwugy0u6y9l.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 421 Misdirected Request
server: CloudFront
date: Mon, 27 Nov 2023 02:39:56 GMT
content-type: text/html
content-length: 1003
x-cache: Error from cloudfront
via: 1.1 1d8cf7c8865ed1078c19a98771ad34ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: _jy1zo6WB_mNXItTlX7PE1KUneol2DhsCm91N9ssWnsIw4AE3OoIkA==
X-Firefox-Spdy: h2
serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF4__0339jCiSDdgWm7GNoFqQtVftHtHrtsc8KamDu6rJRAAn8PPpQ3H3AGD9jTHgExmbaYkW_hExzT5JyC3kaayC2NjCXD9vg8gIg6kus-oXvUBR4G683y5OEvtjL3BQOTFnh6s66PQD1sC_6TOZBmvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-2bY5oiw4fyrAwn75trUE1bqspeCQ9uTRSMQOvtTdOJeWFA4xtXAzUZpt8hxla7Gk7a5hY8OvOxWaQQS9P0iYfnPQFkqynusZJvi-LzBjp4mA
212.47.222.20200 OK 0 B URL GET HTTP/2 serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF4__0339jCiSDdgWm7GNoFqQtVftHtHrtsc8KamDu6rJRAAn8PPpQ3H3AGD9jTHgExmbaYkW_hExzT5JyC3kaayC2NjCXD9vg8gIg6kus-oXvUBR4G683y5OEvtjL3BQOTFnh6s66PQD1sC_6TOZBmvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-2bY5oiw4fyrAwn75trUE1bqspeCQ9uTRSMQOvtTdOJeWFA4xtXAzUZpt8hxla7Gk7a5hY8OvOxWaQQS9P0iYfnPQFkqynusZJvi-LzBjp4mA
IP 212.47.222.20:443
ASN #3327 CITIC Telecom CPC Netherlands B.V.
Requested by https://www.upload.ee/files/15987396/557rwan.exe.html?msg=sess_error
Certificate IssuerLet's Encrypt
Subjectstatic.bepolite.eu
Fingerprint8B:4D:B8:C8:25:20:C8:F7:6E:64:AD:6F:28:DF:17:96:B7:3E:67:B9
ValidityFri, 03 Nov 2023 22:07:14 GMT - Thu, 01 Feb 2024 22:07:13 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /event?key=FYFWuDany3hwv6rfuoAYF4__0339jCiSDdgWm7GNoFqQtVftHtHrtsc8KamDu6rJRAAn8PPpQ3H3AGD9jTHgExmbaYkW_hExzT5JyC3kaayC2NjCXD9vg8gIg6kus-oXvUBR4G683y5OEvtjL3BQOTFnh6s66PQD1sC_6TOZBmvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-2bY5oiw4fyrAwn75trUE1bqspeCQ9uTRSMQOvtTdOJeWFA4xtXAzUZpt8hxla7Gk7a5hY8OvOxWaQQS9P0iYfnPQFkqynusZJvi-LzBjp4mA HTTP/1.1
Host: serving.bepolite.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Cookie: bepolite_id=caa90a0e43df82692d2f30470e8fb551
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 0
date: Mon, 27 Nov 2023 02:39:39 GMT
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 163021303
age: 0
accept-ranges: bytes
X-Firefox-Spdy: h2
dskwugy0u6y9l.cloudfront.net/hotelliveeb/images/general/1/fyjQNUZO5B6uKXzlqvRy.jpg
143.204.42.153200 OK 58 kB URL GET HTTP/2 dskwugy0u6y9l.cloudfront.net/hotelliveeb/images/general/1/fyjQNUZO5B6uKXzlqvRy.jpg
IP 143.204.42.153:443
Requested by https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4__0339jCiSDdgWm7GNoFqQtVftHtHrtsc8KamDu6rJRAAn8PPpQ3H3AGD9jTHgExmbaYkW_hExzT5JyC3kaayC2NjCXD9vg8gIg6kus-oXvUBR4G683y5OEvtjL3BQOTFnh6s66PQD1sC_6TOZBmvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-36qxw8Ul2_rwVcuvzsLUipOtuW_QN7J6fUO08VJfhiOKqJKd716KUrG_T0DJ_T5D_a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4__0339jCiSDdgWm7GNoFqQtVftHtHrtsc8KamDu6rJRAAn8PPpQ3H3AGD9jTHgExmbaYkW_hExzT5JyC3kaayC2NjCXD9vg8gIg6kus-oXvUBR4G683y5OEvtjL3BQOTFnh6s66PQD1sC_6TOZBmvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-36qxw8Ul2_rwVcuvzsLUipOtuW_QN7J6fUO08VJfhiOKqJKd716KUrG_T0DJ_T5D_a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=550ae091e6d342dc802fe77be54e2ed650dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerAmazon
Subject*.cloudfront.net
FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52
ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 346x198, components 3\012- data
Hash d69defd642415903fbf00ce6a0f0fe1d
77f5acefff9ee68e4a25483c8bf3817ded5b20f6
ad709d6f137a0c91b0042621f05a71d05a669b8994788cd0a0d1d68c37f448db
GET /hotelliveeb/images/general/1/fyjQNUZO5B6uKXzlqvRy.jpg HTTP/1.1
Host: dskwugy0u6y9l.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/jpeg
content-length: 58402
date: Sun, 26 Nov 2023 16:09:22 GMT
last-modified: Mon, 20 Dec 2021 05:01:39 GMT
etag: "d69defd642415903fbf00ce6a0f0fe1d"
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 a034aae43a19aef875fa395182990970.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 2EAVnd10HWpTYKbf-6Uce8xHUc39NPGgWM947j635pLbTaXSy8bACQ==
age: 37841
X-Firefox-Spdy: h2
dskwugy0u6y9l.cloudfront.net/hotelliveeb/images/general/1/lU1CCsbClhoCcQVCEPs0.jpg
143.204.42.153200 OK 54 kB URL GET HTTP/2 dskwugy0u6y9l.cloudfront.net/hotelliveeb/images/general/1/lU1CCsbClhoCcQVCEPs0.jpg
IP 143.204.42.153:443
Requested by https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4__0339jCiSDdgWm7GNoFqQtVftHtHrtsc8KamDu6rJRAAn8PPpQ3H3AGD9jTHgExmbaYkW_hExzT5JyC3kaayC2NjCXD9vg8gIg6kus-oXvUBR4G683y5OEvtjL3BQOTFnh6s66PQD1sC_6TOZBmvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-36qxw8Ul2_rwVcuvzsLUipOtuW_QN7J6fUO08VJfhiOKqJKd716KUrG_T0DJ_T5D_a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4__0339jCiSDdgWm7GNoFqQtVftHtHrtsc8KamDu6rJRAAn8PPpQ3H3AGD9jTHgExmbaYkW_hExzT5JyC3kaayC2NjCXD9vg8gIg6kus-oXvUBR4G683y5OEvtjL3BQOTFnh6s66PQD1sC_6TOZBmvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-36qxw8Ul2_rwVcuvzsLUipOtuW_QN7J6fUO08VJfhiOKqJKd716KUrG_T0DJ_T5D_a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=550ae091e6d342dc802fe77be54e2ed650dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerAmazon
Subject*.cloudfront.net
FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52
ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 346x198, components 3\012- data
Hash b3b22d6e79dafefaa41378e4a839bc95
48743634f4b28f1f25ecae8d265b33251f7acda0
6706b47055fc6abbaf44b8396451996598f462a751e77dff73321b53b38f3e0b
GET /hotelliveeb/images/general/1/lU1CCsbClhoCcQVCEPs0.jpg HTTP/1.1
Host: dskwugy0u6y9l.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
content-length: 54424
date: Sun, 26 Nov 2023 12:24:09 GMT
last-modified: Mon, 30 May 2022 08:30:09 GMT
etag: "b3b22d6e79dafefaa41378e4a839bc95"
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 a034aae43a19aef875fa395182990970.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: YexJgcZ47BWvdRWrMmuYKfWpf3PJstaMCqbKQvVMuDR8wtjKW5nHoA==
age: 51360
X-Firefox-Spdy: h2
banner.hookusbookus.com/assets/js/jquery.min.js
3.72.173.230200 OK 90 kB URL GET HTTP/2 banner.hookusbookus.com/assets/js/jquery.min.js
IP 3.72.173.230:443
Requested by https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4__0339jCiSDdgWm7GNoFqQtVftHtHrtsc8KamDu6rJRAAn8PPpQ3H3AGD9jTHgExmbaYkW_hExzT5JyC3kaayC2NjCXD9vg8gIg6kus-oXvUBR4G683y5OEvtjL3BQOTFnh6s66PQD1sC_6TOZBmvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-36qxw8Ul2_rwVcuvzsLUipOtuW_QN7J6fUO08VJfhiOKqJKd716KUrG_T0DJ_T5D_a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4__0339jCiSDdgWm7GNoFqQtVftHtHrtsc8KamDu6rJRAAn8PPpQ3H3AGD9jTHgExmbaYkW_hExzT5JyC3kaayC2NjCXD9vg8gIg6kus-oXvUBR4G683y5OEvtjL3BQOTFnh6s66PQD1sC_6TOZBmvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-36qxw8Ul2_rwVcuvzsLUipOtuW_QN7J6fUO08VJfhiOKqJKd716KUrG_T0DJ_T5D_a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=550ae091e6d342dc802fe77be54e2ed650dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerAmazon
Subject*.hookusbookus.com
FingerprintCD:CD:3C:03:66:21:F8:A9:21:BC:F8:C8:3C:DC:88:0A:C5:19:F1:7A
ValiditySun, 07 May 2023 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT
File type ASCII text, with very long lines (65451)
Hash dc5e7f18c8d36ac1d3d4753a87c98d0a
c8e1c8b386dc5b7a9184c763c88d19a346eb3342
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
GET /assets/js/jquery.min.js HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4__0339jCiSDdgWm7GNoFqQtVftHtHrtsc8KamDu6rJRAAn8PPpQ3H3AGD9jTHgExmbaYkW_hExzT5JyC3kaayC2NjCXD9vg8gIg6kus-oXvUBR4G683y5OEvtjL3BQOTFnh6s66PQD1sC_6TOZBmvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-36qxw8Ul2_rwVcuvzsLUipOtuW_QN7J6fUO08VJfhiOKqJKd716KUrG_T0DJ_T5D_a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4__0339jCiSDdgWm7GNoFqQtVftHtHrtsc8KamDu6rJRAAn8PPpQ3H3AGD9jTHgExmbaYkW_hExzT5JyC3kaayC2NjCXD9vg8gIg6kus-oXvUBR4G683y5OEvtjL3BQOTFnh6s66PQD1sC_6TOZBmvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-36qxw8Ul2_rwVcuvzsLUipOtuW_QN7J6fUO08VJfhiOKqJKd716KUrG_T0DJ_T5D_a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=550ae091e6d342dc802fe77be54e2ed650dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 27 Nov 2023 02:39:56 GMT
content-type: application/javascript
server: nginx/1.15.12
last-modified: Thu, 22 Apr 2021 07:20:15 GMT
vary: Accept-Encoding
etag: W/"608123af-15d84"
content-encoding: gzip
X-Firefox-Spdy: h2
banner-server.hookusbookus.com/package-feed?language=et_ee&utmSource=allmedia
3.125.21.104200 OK 25 kB URL GET HTTP/2 banner-server.hookusbookus.com/package-feed?language=et_ee&utmSource=allmedia
IP 3.125.21.104:443
Requested by https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4__0339jCiSDdgWm7GNoFqQtVftHtHrtsc8KamDu6rJRAAn8PPpQ3H3AGD9jTHgExmbaYkW_hExzT5JyC3kaayC2NjCXD9vg8gIg6kus-oXvUBR4G683y5OEvtjL3BQOTFnh6s66PQD1sC_6TOZBmvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-36qxw8Ul2_rwVcuvzsLUipOtuW_QN7J6fUO08VJfhiOKqJKd716KUrG_T0DJ_T5D_a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4__0339jCiSDdgWm7GNoFqQtVftHtHrtsc8KamDu6rJRAAn8PPpQ3H3AGD9jTHgExmbaYkW_hExzT5JyC3kaayC2NjCXD9vg8gIg6kus-oXvUBR4G683y5OEvtjL3BQOTFnh6s66PQD1sC_6TOZBmvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-36qxw8Ul2_rwVcuvzsLUipOtuW_QN7J6fUO08VJfhiOKqJKd716KUrG_T0DJ_T5D_a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=550ae091e6d342dc802fe77be54e2ed650dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerAmazon
Subject*.hookusbookus.com
FingerprintCD:CD:3C:03:66:21:F8:A9:21:BC:F8:C8:3C:DC:88:0A:C5:19:F1:7A
ValiditySun, 07 May 2023 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /package-feed?language=et_ee&utmSource=allmedia HTTP/1.1
Host: banner-server.hookusbookus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://banner.hookusbookus.com
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 27 Nov 2023 02:39:56 GMT
content-type: application/json
access-control-allow-origin: https://banner.hookusbookus.com
access-control-allow-methods: POST, PUT, GET, PATCH, OPTIONS, DELETE
access-control-max-age: 3600
access-control-allow-headers: origin, authorization, accept, content-type, x-requested-with, Pragma, Cache-Control, If-Modified-Since, X-Auth-Token, X-Client-Certificate
access-control-allow-credentials: true
access-control-expose-headers: X-Auth-Token, Content-Disposition, Content-Length
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
x-frame-options: DENY
X-Firefox-Spdy: h2
banner.hookusbookus.com/assets/image/svg/hb-logo.svg
3.72.173.230200 OK 15 kB URL GET HTTP/2 banner.hookusbookus.com/assets/image/svg/hb-logo.svg
IP 3.72.173.230:443
Requested by https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4__0339jCiSDdgWm7GNoFqQtVftHtHrtsc8KamDu6rJRAAn8PPpQ3H3AGD9jTHgExmbaYkW_hExzT5JyC3kaayC2NjCXD9vg8gIg6kus-oXvUBR4G683y5OEvtjL3BQOTFnh6s66PQD1sC_6TOZBmvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-36qxw8Ul2_rwVcuvzsLUipOtuW_QN7J6fUO08VJfhiOKqJKd716KUrG_T0DJ_T5D_a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4__0339jCiSDdgWm7GNoFqQtVftHtHrtsc8KamDu6rJRAAn8PPpQ3H3AGD9jTHgExmbaYkW_hExzT5JyC3kaayC2NjCXD9vg8gIg6kus-oXvUBR4G683y5OEvtjL3BQOTFnh6s66PQD1sC_6TOZBmvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-36qxw8Ul2_rwVcuvzsLUipOtuW_QN7J6fUO08VJfhiOKqJKd716KUrG_T0DJ_T5D_a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=550ae091e6d342dc802fe77be54e2ed650dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerAmazon
Subject*.hookusbookus.com
FingerprintCD:CD:3C:03:66:21:F8:A9:21:BC:F8:C8:3C:DC:88:0A:C5:19:F1:7A
ValiditySun, 07 May 2023 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (15333), with no line terminators
Hash bf6baf947f924bf8d67e947a025def06
9ac9fccb0351b41c1545714153ed5fa2c4bfef3a
64efdaebd020c39ec366f473c831cb51e8cd5d5b1afde13a9695d1f2dae4e60e
GET /assets/image/svg/hb-logo.svg HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/assets/css/index_1000x200.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 27 Nov 2023 02:39:56 GMT
content-type: image/svg+xml
server: nginx/1.15.12
last-modified: Mon, 05 Jul 2021 19:56:59 GMT
vary: Accept-Encoding
etag: W/"60e3640b-3be5"
content-encoding: gzip
X-Firefox-Spdy: h2
banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4__0339jCiSDdgWm7GNoFqQtVftHtHrtsc8KamDu6rJRAAn8PPpQ3H3AGD9jTHgExmbaYkW_hExzT5JyC3kaayC2NjCXD9vg8gIg6kus-oXvUBR4G683y5OEvtjL3BQOTFnh6s66PQD1sC_6TOZBmvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-36qxw8Ul2_rwVcuvzsLUipOtuW_QN7J6fUO08VJfhiOKqJKd716KUrG_T0DJ_T5D_a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4__0339jCiSDdgWm7GNoFqQtVftHtHrtsc8KamDu6rJRAAn8PPpQ3H3AGD9jTHgExmbaYkW_hExzT5JyC3kaayC2NjCXD9vg8gIg6kus-oXvUBR4G683y5OEvtjL3BQOTFnh6s66PQD1sC_6TOZBmvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-36qxw8Ul2_rwVcuvzsLUipOtuW_QN7J6fUO08VJfhiOKqJKd716KUrG_T0DJ_T5D_a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=550ae091e6d342dc802fe77be54e2ed650dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
3.72.173.230200 OK 6.0 kB URL GET HTTP/2 banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4__0339jCiSDdgWm7GNoFqQtVftHtHrtsc8KamDu6rJRAAn8PPpQ3H3AGD9jTHgExmbaYkW_hExzT5JyC3kaayC2NjCXD9vg8gIg6kus-oXvUBR4G683y5OEvtjL3BQOTFnh6s66PQD1sC_6TOZBmvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-36qxw8Ul2_rwVcuvzsLUipOtuW_QN7J6fUO08VJfhiOKqJKd716KUrG_T0DJ_T5D_a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4__0339jCiSDdgWm7GNoFqQtVftHtHrtsc8KamDu6rJRAAn8PPpQ3H3AGD9jTHgExmbaYkW_hExzT5JyC3kaayC2NjCXD9vg8gIg6kus-oXvUBR4G683y5OEvtjL3BQOTFnh6s66PQD1sC_6TOZBmvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-36qxw8Ul2_rwVcuvzsLUipOtuW_QN7J6fUO08VJfhiOKqJKd716KUrG_T0DJ_T5D_a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=550ae091e6d342dc802fe77be54e2ed650dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
IP 3.72.173.230:443
Requested by https://www.upload.ee/files/15987396/557rwan.exe.html?msg=sess_error
Certificate IssuerAmazon
Subject*.hookusbookus.com
FingerprintCD:CD:3C:03:66:21:F8:A9:21:BC:F8:C8:3C:DC:88:0A:C5:19:F1:7A
ValiditySun, 07 May 2023 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (6210), with no line terminators
Hash b2c258a8d77db021c8f33f8e84dba71b
c453e30dac638f4e1b897309fe32db795d540f80
2d1065201a188a85c1a7d0a3ee130f5a8dc4e60db8fe221fb2081e77222e5a9f
GET /index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4__0339jCiSDdgWm7GNoFqQtVftHtHrtsc8KamDu6rJRAAn8PPpQ3H3AGD9jTHgExmbaYkW_hExzT5JyC3kaayC2NjCXD9vg8gIg6kus-oXvUBR4G683y5OEvtjL3BQOTFnh6s66PQD1sC_6TOZBmvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-36qxw8Ul2_rwVcuvzsLUipOtuW_QN7J6fUO08VJfhiOKqJKd716KUrG_T0DJ_T5D_a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4__0339jCiSDdgWm7GNoFqQtVftHtHrtsc8KamDu6rJRAAn8PPpQ3H3AGD9jTHgExmbaYkW_hExzT5JyC3kaayC2NjCXD9vg8gIg6kus-oXvUBR4G683y5OEvtjL3BQOTFnh6s66PQD1sC_6TOZBmvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-36qxw8Ul2_rwVcuvzsLUipOtuW_QN7J6fUO08VJfhiOKqJKd716KUrG_T0DJ_T5D_a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=550ae091e6d342dc802fe77be54e2ed650dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 27 Nov 2023 02:39:56 GMT
content-type: text/html
server: nginx/1.15.12
last-modified: Tue, 24 Jan 2023 14:19:47 GMT
vary: Accept-Encoding
etag: W/"63cfe903-1781"
content-encoding: gzip
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp2MYYD9dAuglXz93dnNC9_tmpH6STJqla0naBtjTVySGv50zvpQH1tSDarqNHTqFQf0YUsj&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S2047797627%3A1701052795236026&theme=glif
142.250.74.109403 Forbidden 0 B URL GET HTTP/3 accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp2MYYD9dAuglXz93dnNC9_tmpH6STJqla0naBtjTVySGv50zvpQH1tSDarqNHTqFQf0YUsj&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S2047797627%3A1701052795236026&theme=glif
IP 142.250.74.109:443
Requested by https://www.upload.ee/files/15987396/557rwan.exe.html?msg=sess_error
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint4C:0D:17:8C:F1:30:7C:3A:6F:9B:8E:B4:83:0E:5C:BD:ED:17:3E:95
ValidityMon, 23 Oct 2023 11:18:24 GMT - Mon, 15 Jan 2024 11:18:23 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp2MYYD9dAuglXz93dnNC9_tmpH6STJqla0naBtjTVySGv50zvpQH1tSDarqNHTqFQf0YUsj&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S2047797627%3A1701052795236026&theme=glif HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 27 Nov 2023 02:39:55 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: script-src 'nonce-S-dgPS2rWSn3RalkQD8ZUg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
static.bepolite.eu/banners/a992d6ee-5868-493e-b7e6-213458d8d0eb/Luminor_Pension_Smartad_1000x200.html?click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4__0339jCiSDdgWm7GNoFqQtVftHtHrtsc8KamDu6rJRAAn8PPpQ3H3AGD9jTHgExmbaYkW_hExzT5JyC3kaayC2NjCXD9vg8gIg6kus-oXvUBR4G683y5OEvtjL3BQOTFnh6s66PQD1sC_6TOZBmvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-0zwbk9TqjRTnsYPUNaaxKGkCg7KGTRYT7fhFg-5SWH2B_mBCduUip8LVifwpfYkvXa5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttps%253A%252F%252Ftrack.adform.net%252FC%252F%253Fbn%253D68852279&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4__0339jCiSDdgWm7GNoFqQtVftHtHrtsc8KamDu6rJRAAn8PPpQ3H3AGD9jTHgExmbaYkW_hExzT5JyC3kaayC2NjCXD9vg8gIg6kus-oXvUBR4G683y5OEvtjL3BQOTFnh6s66PQD1sC_6TOZBmvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-0zwbk9TqjRTnsYPUNaaxKGkCg7KGTRYT7fhFg-5SWH2B_mBCduUip8LVifwpfYkvXa5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fstatic.bepolite.eu%2Fbanners%2Fa992d6ee-5868-493e-b7e6-213458d8d0eb%2FLuminor_Pension_Smartad_1000x200.html&clink=https%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D68852279&banner_id=0fd963c8d84347608193874f5662a4b850dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
212.47.222.20200 OK 3.3 kB URL GET HTTP/2 static.bepolite.eu/banners/a992d6ee-5868-493e-b7e6-213458d8d0eb/Luminor_Pension_Smartad_1000x200.html?click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4__0339jCiSDdgWm7GNoFqQtVftHtHrtsc8KamDu6rJRAAn8PPpQ3H3AGD9jTHgExmbaYkW_hExzT5JyC3kaayC2NjCXD9vg8gIg6kus-oXvUBR4G683y5OEvtjL3BQOTFnh6s66PQD1sC_6TOZBmvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-0zwbk9TqjRTnsYPUNaaxKGkCg7KGTRYT7fhFg-5SWH2B_mBCduUip8LVifwpfYkvXa5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttps%253A%252F%252Ftrack.adform.net%252FC%252F%253Fbn%253D68852279&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4__0339jCiSDdgWm7GNoFqQtVftHtHrtsc8KamDu6rJRAAn8PPpQ3H3AGD9jTHgExmbaYkW_hExzT5JyC3kaayC2NjCXD9vg8gIg6kus-oXvUBR4G683y5OEvtjL3BQOTFnh6s66PQD1sC_6TOZBmvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-0zwbk9TqjRTnsYPUNaaxKGkCg7KGTRYT7fhFg-5SWH2B_mBCduUip8LVifwpfYkvXa5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fstatic.bepolite.eu%2Fbanners%2Fa992d6ee-5868-493e-b7e6-213458d8d0eb%2FLuminor_Pension_Smartad_1000x200.html&clink=https%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D68852279&banner_id=0fd963c8d84347608193874f5662a4b850dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
IP 212.47.222.20:443
ASN #3327 CITIC Telecom CPC Netherlands B.V.
Requested by https://www.upload.ee/files/15987396/557rwan.exe.html?msg=sess_error
Certificate IssuerLet's Encrypt
Subjectstatic.bepolite.eu
Fingerprint8B:4D:B8:C8:25:20:C8:F7:6E:64:AD:6F:28:DF:17:96:B7:3E:67:B9
ValidityFri, 03 Nov 2023 22:07:14 GMT - Thu, 01 Feb 2024 22:07:13 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (3549), with no line terminators
Hash 959ec20b1903a6f2e42c1057729dbd53
a7b75807a148de4f03512d96068b75846e14fc25
3c89b83f941718fb59421f2bd7c3704aa590a508fad73b526e9fccf04f5808a2
GET /banners/a992d6ee-5868-493e-b7e6-213458d8d0eb/Luminor_Pension_Smartad_1000x200.html?click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4__0339jCiSDdgWm7GNoFqQtVftHtHrtsc8KamDu6rJRAAn8PPpQ3H3AGD9jTHgExmbaYkW_hExzT5JyC3kaayC2NjCXD9vg8gIg6kus-oXvUBR4G683y5OEvtjL3BQOTFnh6s66PQD1sC_6TOZBmvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-0zwbk9TqjRTnsYPUNaaxKGkCg7KGTRYT7fhFg-5SWH2B_mBCduUip8LVifwpfYkvXa5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttps%253A%252F%252Ftrack.adform.net%252FC%252F%253Fbn%253D68852279&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4__0339jCiSDdgWm7GNoFqQtVftHtHrtsc8KamDu6rJRAAn8PPpQ3H3AGD9jTHgExmbaYkW_hExzT5JyC3kaayC2NjCXD9vg8gIg6kus-oXvUBR4G683y5OEvtjL3BQOTFnh6s66PQD1sC_6TOZBmvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-0zwbk9TqjRTnsYPUNaaxKGkCg7KGTRYT7fhFg-5SWH2B_mBCduUip8LVifwpfYkvXa5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fstatic.bepolite.eu%2Fbanners%2Fa992d6ee-5868-493e-b7e6-213458d8d0eb%2FLuminor_Pension_Smartad_1000x200.html&clink=https%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D68852279&banner_id=0fd963c8d84347608193874f5662a4b850dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner HTTP/1.1
Host: static.bepolite.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/html
accept-ranges: bytes
etag: "1757675695"
last-modified: Thu, 26 Oct 2023 06:21:28 GMT
content-length: 3345
date: Mon, 27 Nov 2023 02:39:14 GMT
cache-control: must-revalidate, private
expires: -1
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 149257232
age: 0
X-Firefox-Spdy: h2
banner.hookusbookus.com/assets/image/prices-bg-3.png
3.72.173.230200 OK 2.4 kB URL GET HTTP/2 banner.hookusbookus.com/assets/image/prices-bg-3.png
IP 3.72.173.230:443
Requested by https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4__0339jCiSDdgWm7GNoFqQtVftHtHrtsc8KamDu6rJRAAn8PPpQ3H3AGD9jTHgExmbaYkW_hExzT5JyC3kaayC2NjCXD9vg8gIg6kus-oXvUBR4G683y5OEvtjL3BQOTFnh6s66PQD1sC_6TOZBmvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-36qxw8Ul2_rwVcuvzsLUipOtuW_QN7J6fUO08VJfhiOKqJKd716KUrG_T0DJ_T5D_a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4__0339jCiSDdgWm7GNoFqQtVftHtHrtsc8KamDu6rJRAAn8PPpQ3H3AGD9jTHgExmbaYkW_hExzT5JyC3kaayC2NjCXD9vg8gIg6kus-oXvUBR4G683y5OEvtjL3BQOTFnh6s66PQD1sC_6TOZBmvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-36qxw8Ul2_rwVcuvzsLUipOtuW_QN7J6fUO08VJfhiOKqJKd716KUrG_T0DJ_T5D_a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=550ae091e6d342dc802fe77be54e2ed650dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerAmazon
Subject*.hookusbookus.com
FingerprintCD:CD:3C:03:66:21:F8:A9:21:BC:F8:C8:3C:DC:88:0A:C5:19:F1:7A
ValiditySun, 07 May 2023 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT
File type PNG image data, 250 x 118, 8-bit/color RGBA, non-interlaced\012- data
Hash ef56eff9c1246b25c0088c156116ae05
21f5a8245443365c960a196d005277a3c5ef4709
be624625b85909d1b549672c0a13b167751f842e035c3156f1d5e4a1b677ce54
GET /assets/image/prices-bg-3.png HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/assets/css/index_1000x200.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 27 Nov 2023 02:39:56 GMT
content-type: image/png
content-length: 2442
server: nginx/1.15.12
last-modified: Thu, 22 Apr 2021 07:20:15 GMT
etag: "608123af-98a"
accept-ranges: bytes
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp2xOUCn63Is42iwQ5Vjiwz1QvNZIsAmM6Zwxpq0WjG3km--gYO9IBwLDqPFyLwTRPHwHbdL&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1056667143%3A1701052795189997&theme=glif
142.250.74.109403 Forbidden 0 B URL GET HTTP/3 accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp2xOUCn63Is42iwQ5Vjiwz1QvNZIsAmM6Zwxpq0WjG3km--gYO9IBwLDqPFyLwTRPHwHbdL&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1056667143%3A1701052795189997&theme=glif
IP 142.250.74.109:443
Requested by https://www.upload.ee/files/15987396/557rwan.exe.html?msg=sess_error
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint4C:0D:17:8C:F1:30:7C:3A:6F:9B:8E:B4:83:0E:5C:BD:ED:17:3E:95
ValidityMon, 23 Oct 2023 11:18:24 GMT - Mon, 15 Jan 2024 11:18:23 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp2xOUCn63Is42iwQ5Vjiwz1QvNZIsAmM6Zwxpq0WjG3km--gYO9IBwLDqPFyLwTRPHwHbdL&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1056667143%3A1701052795189997&theme=glif HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 27 Nov 2023 02:39:55 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-rdExpw5myzf9qef6K-ridg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
static.bepolite.eu/banners/a992d6ee-5868-493e-b7e6-213458d8d0eb/Luminor_Pension_Smartad_1000x200.js
212.47.222.20200 OK 195 kB URL GET HTTP/2 static.bepolite.eu/banners/a992d6ee-5868-493e-b7e6-213458d8d0eb/Luminor_Pension_Smartad_1000x200.js
IP 212.47.222.20:443
ASN #3327 CITIC Telecom CPC Netherlands B.V.
Requested by https://static.bepolite.eu/banners/a992d6ee-5868-493e-b7e6-213458d8d0eb/Luminor_Pension_Smartad_1000x200.html?click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4__0339jCiSDdgWm7GNoFqQtVftHtHrtsc8KamDu6rJRAAn8PPpQ3H3AGD9jTHgExmbaYkW_hExzT5JyC3kaayC2NjCXD9vg8gIg6kus-oXvUBR4G683y5OEvtjL3BQOTFnh6s66PQD1sC_6TOZBmvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-0zwbk9TqjRTnsYPUNaaxKGkCg7KGTRYT7fhFg-5SWH2B_mBCduUip8LVifwpfYkvXa5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttps%253A%252F%252Ftrack.adform.net%252FC%252F%253Fbn%253D68852279&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4__0339jCiSDdgWm7GNoFqQtVftHtHrtsc8KamDu6rJRAAn8PPpQ3H3AGD9jTHgExmbaYkW_hExzT5JyC3kaayC2NjCXD9vg8gIg6kus-oXvUBR4G683y5OEvtjL3BQOTFnh6s66PQD1sC_6TOZBmvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-0zwbk9TqjRTnsYPUNaaxKGkCg7KGTRYT7fhFg-5SWH2B_mBCduUip8LVifwpfYkvXa5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fstatic.bepolite.eu%2Fbanners%2Fa992d6ee-5868-493e-b7e6-213458d8d0eb%2FLuminor_Pension_Smartad_1000x200.html&clink=https%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D68852279&banner_id=0fd963c8d84347608193874f5662a4b850dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerLet's Encrypt
Subjectstatic.bepolite.eu
Fingerprint8B:4D:B8:C8:25:20:C8:F7:6E:64:AD:6F:28:DF:17:96:B7:3E:67:B9
ValidityFri, 03 Nov 2023 22:07:14 GMT - Thu, 01 Feb 2024 22:07:13 GMT
File type ASCII text, with very long lines (1227)
Size 195 kB (194770 bytes)
Hash a36161d0127e29d079e0c44b9cd43235
072ce2055c188d88e29661080b625e4632c0b4bd
c10f65d82cde67247e93d9146193ad566b30e0b23e262aefd8e068a77c3b3b33
GET /banners/a992d6ee-5868-493e-b7e6-213458d8d0eb/Luminor_Pension_Smartad_1000x200.js HTTP/1.1
Host: static.bepolite.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://static.bepolite.eu/banners/a992d6ee-5868-493e-b7e6-213458d8d0eb/Luminor_Pension_Smartad_1000x200.html?click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4__0339jCiSDdgWm7GNoFqQtVftHtHrtsc8KamDu6rJRAAn8PPpQ3H3AGD9jTHgExmbaYkW_hExzT5JyC3kaayC2NjCXD9vg8gIg6kus-oXvUBR4G683y5OEvtjL3BQOTFnh6s66PQD1sC_6TOZBmvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-0zwbk9TqjRTnsYPUNaaxKGkCg7KGTRYT7fhFg-5SWH2B_mBCduUip8LVifwpfYkvXa5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttps%253A%252F%252Ftrack.adform.net%252FC%252F%253Fbn%253D68852279&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF4__0339jCiSDdgWm7GNoFqQtVftHtHrtsc8KamDu6rJRAAn8PPpQ3H3AGD9jTHgExmbaYkW_hExzT5JyC3kaayC2NjCXD9vg8gIg6kus-oXvUBR4G683y5OEvtjL3BQOTFnh6s66PQD1sC_6TOZBmvzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-0zwbk9TqjRTnsYPUNaaxKGkCg7KGTRYT7fhFg-5SWH2B_mBCduUip8LVifwpfYkvXa5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fstatic.bepolite.eu%2Fbanners%2Fa992d6ee-5868-493e-b7e6-213458d8d0eb%2FLuminor_Pension_Smartad_1000x200.html&clink=https%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D68852279&banner_id=0fd963c8d84347608193874f5662a4b850dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript
accept-ranges: bytes
etag: "3643485393"
last-modified: Thu, 26 Oct 2023 06:21:28 GMT
content-length: 194770
date: Mon, 27 Nov 2023 02:39:37 GMT
cache-control: must-revalidate, private
expires: -1
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 163021297
age: 0
X-Firefox-Spdy: h2
pogothere.xyz/
172.64.111.13200 OK 27 B IP 172.64.111.13:443
Requested by https://www.upload.ee/files/15987396/557rwan.exe.html?msg=sess_error
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint17:F9:2D:6F:B5:5E:5F:37:A6:FB:BE:61:4F:97:64:33:85:5C:3A:FB
ValidityTue, 28 Feb 2023 00:00:00 GMT - Tue, 27 Feb 2024 23:59:59 GMT
File type ASCII text, with no line terminators
Hash b701895a9a1db35e9efd45689bccdcc9
c1e0d87adf1b37da7ea881b8f0c9b482c36637a4
77ac72cc5a74834a9969a34b497c6692ac7974d7ac924ba0a1648166f07259e8
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
Origin: https://www.upload.ee
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 27 Nov 2023 02:39:55 GMT
content-type: text/plain
set-cookie: csu=1682588333677880@1@1701052795; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://www.upload.ee
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=V7n%2BQ8eTnBJBuQGzVlAPgY%2Fxsfc0LGXS39hOIP2w9b%2FOgNwk%2B76n5hrHoSkDiXw6dvnrN2FmiwK1gL3kLFGiNmzycYXzLkVV2usjAudr%2BHXk1EV8cy7HjZqgHcaaTApq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82c700e1fdff8873-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/
172.64.111.13200 OK 27 B IP 172.64.111.13:443
Requested by https://www.upload.ee/files/15987396/557rwan.exe.html?msg=sess_error
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint17:F9:2D:6F:B5:5E:5F:37:A6:FB:BE:61:4F:97:64:33:85:5C:3A:FB
ValidityTue, 28 Feb 2023 00:00:00 GMT - Tue, 27 Feb 2024 23:59:59 GMT
File type ASCII text, with no line terminators
Hash b4970cf3bb14a617d24712ed54559924
3f585e72add8a688d4ee9cdc5aba41ac080c1bc0
f7dae0dddb263c880ca008263bb280a59bb26b58c123dcd35e2233f37e52ee78
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
Origin: https://www.upload.ee
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 27 Nov 2023 02:39:55 GMT
content-type: text/plain
set-cookie: csu=1658404289993352@1@1701052795; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://www.upload.ee
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=syCDQ1ZqmSGFzRellR785eZCtfxC1uLpl49pzOfWuIHfPQ2js2y6d1D9%2FgcicdV8wMqirGjxbi4l7mIBRYm3KWKXYZHLW6PLbux7%2BSATvLYZyu2d0%2BIVuE7QByAxp9C%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82c700e1fdf88873-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2