upload.ee/download/15851345/3797f05bf2341dbeb135/sadfok.hta
51.91.30.159 278 B URL upload.ee/download/15851345/3797f05bf2341dbeb135/sadfok.hta
IP 51.91.30.159:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 1100158b140fe036fdb8834ca5451de8
c9bc18c6e09447509196049ad6e5542d8e6b2b58
ca79b55ff026e68387df1346def7f187caaca3a0affd7030d2d13785f807464c
GET /download/15851345/3797f05bf2341dbeb135/sadfok.hta HTTP/1.1
Host: upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Thu, 26 Oct 2023 17:30:22 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 278
Connection: keep-alive
Keep-Alive: timeout=5
Location: http://www.upload.ee/download/15851345/3797f05bf2341dbeb135/sadfok.hta
www.upload.ee/download/15851345/3797f05bf2341dbeb135/sadfok.hta
51.91.30.159 0 B URL www.upload.ee/download/15851345/3797f05bf2341dbeb135/sadfok.hta
IP 51.91.30.159:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
NIDS Severity Alert suricata medium ET POLICY Possible HTA Application Download
GET /download/15851345/3797f05bf2341dbeb135/sadfok.hta HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Thu, 26 Oct 2023 17:30:22 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Keep-Alive: timeout=5
Strict-Transport-Security: max-age=31536000
X-XSS-Protection: 1
Location: https://www.upload.ee/download/15851345/3797f05bf2341dbeb135/sadfok.hta
www.upload.ee/download/15851345/3797f05bf2341dbeb135/sadfok.hta
51.91.30.159 401 B URL www.upload.ee/download/15851345/3797f05bf2341dbeb135/sadfok.hta
IP 51.91.30.159:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (401), with no line terminators
Hash bf975add8f8623d71ac9e3d56d6bbce7
9b1c5a26fee65f5b170b0d2c0b50f6e6c62175ed
e703e833f6971eec9953bc8713b656812ef260b34d75bc9c2a4c4199f5917614
NIDS Severity Alert suricata medium ET POLICY Possible HTA Application Download
GET /download/15851345/3797f05bf2341dbeb135/sadfok.hta HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Server: nginx
Date: Thu, 26 Oct 2023 17:30:22 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 401
Connection: keep-alive
Keep-Alive: timeout=5
Strict-Transport-Security: max-age=31536000
X-XSS-Protection: 1
P3P: CP="CAO PSA OUR"
www.upload.ee/download/15851345/3797f05bf2341dbeb135/sadfok.hta
51.91.30.159 401 B URL www.upload.ee/download/15851345/3797f05bf2341dbeb135/sadfok.hta
IP 51.91.30.159:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (401), with no line terminators
Hash bf975add8f8623d71ac9e3d56d6bbce7
9b1c5a26fee65f5b170b0d2c0b50f6e6c62175ed
e703e833f6971eec9953bc8713b656812ef260b34d75bc9c2a4c4199f5917614
NIDS Severity Alert suricata medium ET POLICY Possible HTA Application Download
GET /download/15851345/3797f05bf2341dbeb135/sadfok.hta HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Server: nginx
Date: Thu, 26 Oct 2023 17:30:22 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 401
Connection: keep-alive
Keep-Alive: timeout=5
Strict-Transport-Security: max-age=31536000
X-XSS-Protection: 1
P3P: CP="CAO PSA OUR"
www.upload.ee/files/15851345/sadfok.hta.html?msg=sess_error
51.91.30.159200 OK 9.0 kB URL User Request GET HTTP/1.1 www.upload.ee/files/15851345/sadfok.hta.html?msg=sess_error
IP 51.91.30.159:443
Certificate IssuerDigiCert, Inc.
Subjectwww.upload.ee
Fingerprint50:32:93:34:C8:04:2F:84:49:77:0D:C4:DD:CA:79:C9:CB:3E:C0:F4
ValidityThu, 02 Mar 2023 00:00:00 GMT - Mon, 01 Apr 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4526)
Hash d136cb45b898b911fdf3fc1a00b2fab4
ba3df85cc37c53fce92fb322505b818a2dc8b208
d443f13df19a3d19fe9f73273344e4b47568b9ec93d033fa47478ca587baea0f
GET /files/15851345/sadfok.hta.html?msg=sess_error HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/download/15851345/3797f05bf2341dbeb135/sadfok.hta
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 26 Oct 2023 17:30:22 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 8985
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Thu, 26 Oct 2023 20:30:22 +0300
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Strict-Transport-Security: max-age=31536000
X-XSS-Protection: 1
P3P: CP="CAO PSA OUR"
Set-Cookie: lng=eng; expires=Thu, 23-Nov-2023 17:30:22 GMT; path=/; domain=www.upload.ee; secure; httponly; SameSite=None
Content-Encoding: gzip
www.upload.ee/static/ubr__style.css
51.91.30.159200 OK 2.8 kB URL GET HTTP/1.1 www.upload.ee/static/ubr__style.css
IP 51.91.30.159:443
Requested by https://www.upload.ee/files/15851345/sadfok.hta.html?msg=sess_error
Certificate IssuerDigiCert, Inc.
Subjectwww.upload.ee
Fingerprint50:32:93:34:C8:04:2F:84:49:77:0D:C4:DD:CA:79:C9:CB:3E:C0:F4
ValidityThu, 02 Mar 2023 00:00:00 GMT - Mon, 01 Apr 2024 23:59:59 GMT
File type ASCII text, with very long lines (591), with CRLF line terminators
Hash 7b9692d4caecccf38e40d2333f8e00b0
8ecb4f873571250f02a5cc2ceff0a24aed25fc33
c4042306388924b75aa7d584c1e61165264967a52d09544ecba836f0d00eb9b9
GET /static/ubr__style.css HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/files/15851345/sadfok.hta.html?msg=sess_error
Cookie: lng=eng
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 26 Oct 2023 17:30:22 GMT
Content-Type: text/css
Last-Modified: Tue, 17 Oct 2023 12:17:20 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
ETag: W/"652e7b50-24da"
Expires: Thu, 02 Nov 2023 17:30:22 GMT
Cache-Control: max-age=604800
Vary: Accept-Encoding
Content-Encoding: gzip
www.upload.ee/js/js__file_upload.js
51.91.30.159200 OK 7.7 kB URL GET HTTP/1.1 www.upload.ee/js/js__file_upload.js
IP 51.91.30.159:443
Requested by https://www.upload.ee/files/15851345/sadfok.hta.html?msg=sess_error
Certificate IssuerDigiCert, Inc.
Subjectwww.upload.ee
Fingerprint50:32:93:34:C8:04:2F:84:49:77:0D:C4:DD:CA:79:C9:CB:3E:C0:F4
ValidityThu, 02 Mar 2023 00:00:00 GMT - Mon, 01 Apr 2024 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (1853)
Hash 66684709338f7239056ff3302e16bc4a
7dbd501434bdc062cdc8f6744e272a7d39ca5136
5163e50a8fe4549a8ca064e266de9c8e6aebd1d848185e0931959824a4d32c0f
GET /js/js__file_upload.js HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/files/15851345/sadfok.hta.html?msg=sess_error
Cookie: lng=eng
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 26 Oct 2023 17:30:22 GMT
Content-Type: application/javascript
Last-Modified: Tue, 17 Oct 2023 12:32:21 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
ETag: W/"652e7ed5-651c"
Expires: Thu, 02 Nov 2023 17:30:22 GMT
Cache-Control: max-age=604800
Vary: Accept-Encoding
Content-Encoding: gzip
www.upload.ee/images/arrow.gif
51.91.30.159200 OK 59 B URL GET HTTP/1.1 www.upload.ee/images/arrow.gif
IP 51.91.30.159:443
Requested by https://www.upload.ee/files/15851345/sadfok.hta.html?msg=sess_error
Certificate IssuerDigiCert, Inc.
Subjectwww.upload.ee
Fingerprint50:32:93:34:C8:04:2F:84:49:77:0D:C4:DD:CA:79:C9:CB:3E:C0:F4
ValidityThu, 02 Mar 2023 00:00:00 GMT - Mon, 01 Apr 2024 23:59:59 GMT
File type GIF image data, version 89a, 6 x 9\012- data
Hash 6675f814b94f13f91f1383707b250e36
31452650e8fce2095613a2010799bdb7548bdd51
061d01a0b85f948c6ec464870ecec4654c4bd2ff15cacda941bbbf16225ec411
GET /images/arrow.gif HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/files/15851345/sadfok.hta.html?msg=sess_error
Cookie: lng=eng
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 26 Oct 2023 17:30:22 GMT
Content-Type: image/gif
Content-Length: 59
Last-Modified: Sun, 14 Apr 2013 07:15:01 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "516a5775-3b"
Expires: Thu, 02 Nov 2023 17:30:22 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.131 472 B IP 142.250.74.131:0
Hash c088aa1505da9f4e034c43608e2135bb
0ea8e2a58b27fc8a7f547367c4fda26c78bdefd9
60c63114d67758ba8a98a5ceae6f2f0a6ca9b7a6e3367e6545517e78e07b74ad
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 26 Oct 2023 17:30:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.upload.ee/images/dl_.png
51.91.30.159200 OK 1.9 kB URL GET HTTP/1.1 www.upload.ee/images/dl_.png
IP 51.91.30.159:443
Requested by https://www.upload.ee/files/15851345/sadfok.hta.html?msg=sess_error
Certificate IssuerDigiCert, Inc.
Subjectwww.upload.ee
Fingerprint50:32:93:34:C8:04:2F:84:49:77:0D:C4:DD:CA:79:C9:CB:3E:C0:F4
ValidityThu, 02 Mar 2023 00:00:00 GMT - Mon, 01 Apr 2024 23:59:59 GMT
File type PNG image data, 154 x 32, 8-bit colormap, non-interlaced\012- data
Hash f3e8f284a4e98cdb91b6abfc142d94a4
fa9e618c2f56bea752ddd7e45a372c5539dadda9
2f13919383f54ca21e5b87f5644df8a875b99815c821dcbbabea352d854c6882
GET /images/dl_.png HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/files/15851345/sadfok.hta.html?msg=sess_error
Cookie: lng=eng
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 26 Oct 2023 17:30:22 GMT
Content-Type: image/png
Content-Length: 1900
Last-Modified: Thu, 01 Dec 2016 09:37:27 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "583fef57-76c"
Expires: Thu, 02 Nov 2023 17:30:22 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes
www.googletagmanager.com/gtag/js?id=UA-6703115-1
142.250.74.168200 OK 51 kB URL GET HTTP/2 www.googletagmanager.com/gtag/js?id=UA-6703115-1
IP 142.250.74.168:443
Requested by https://www.upload.ee/files/15851345/sadfok.hta.html?msg=sess_error
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint81:B9:A4:E4:E4:84:05:A7:F6:52:4F:E2:74:27:36:05:0D:74:15:89
ValidityThu, 28 Sep 2023 05:26:20 GMT - Thu, 21 Dec 2023 05:26:19 GMT
File type ASCII text, with very long lines (2213)
Hash 647fc35b2b337fa6d9d8df9cc0b0a223
e463fe4d716d59dbd9b6e38a6afde66fee185bb5
2305e3a2c3a4f011b060dcb9fff8b820fcdf064f1793706c46e24e890e91ec19
GET /gtag/js?id=UA-6703115-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 26 Oct 2023 17:30:22 GMT
expires: Thu, 26 Oct 2023 17:30:22 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 51069
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131 472 B IP 142.250.74.131:0
Hash c088aa1505da9f4e034c43608e2135bb
0ea8e2a58b27fc8a7f547367c4fda26c78bdefd9
60c63114d67758ba8a98a5ceae6f2f0a6ca9b7a6e3367e6545517e78e07b74ad
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 26 Oct 2023 17:30:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
du0pud0sdlmzf.cloudfront.net/?dupud=997369
143.204.42.48200 OK 118 kB URL GET HTTP/2 du0pud0sdlmzf.cloudfront.net/?dupud=997369
IP 143.204.42.48:443
Requested by https://www.upload.ee/files/15851345/sadfok.hta.html?msg=sess_error
Certificate IssuerAmazon
Subject*.cloudfront.net
FingerprintBA:0F:CD:B3:EA:19:B2:9D:99:9B:51:2D:16:33:6B:D0:3F:31:A2:AB
ValidityThu, 08 Dec 2022 00:00:00 GMT - Thu, 07 Dec 2023 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (15948)
Size 118 kB (117768 bytes)
Hash 9aab97f2a6e1e0d9e904582b89e98180
35ca105900e4da6099e530995c2e572f70d5ca07
bc3de5f026eead63b88652a8eb08b527aee3a1092b6ca245dc0e7a676143522d
GET /?dupud=997369 HTTP/1.1
Host: du0pud0sdlmzf.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-length: 117768
date: Thu, 26 Oct 2023 17:30:23 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Miss from cloudfront
via: 1.1 a034aae43a19aef875fa395182990970.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 0HxU9WN54Oc1nHUhbTzi_xVK69woblKLKa_0VltHkMmODTXQRocIFw==
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=G-LT9YQX0N49&l=dataLayer&cx=c
142.250.74.168200 OK 85 kB URL GET HTTP/3 www.googletagmanager.com/gtag/js?id=G-LT9YQX0N49&l=dataLayer&cx=c
IP 142.250.74.168:443
Requested by https://www.upload.ee/files/15851345/sadfok.hta.html?msg=sess_error
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint81:B9:A4:E4:E4:84:05:A7:F6:52:4F:E2:74:27:36:05:0D:74:15:89
ValidityThu, 28 Sep 2023 05:26:20 GMT - Thu, 21 Dec 2023 05:26:19 GMT
File type ASCII text, with very long lines (3034)
Hash 2b77a5a151642ca57682308f9e696737
0f56fa95dab7db831e036527f327abe0dff04e45
808b56d2d784ed3918d99ff53c7e7e6d5941f2a0058103fdec10a2846f159cd6
GET /gtag/js?id=G-LT9YQX0N49&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 26 Oct 2023 17:30:23 GMT
expires: Thu, 26 Oct 2023 17:30:23 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 85399
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
ismscoldnesfspl.info/R1kwSXFoZlM6TBM0Xz4jdQsGHAYVaWYRHSMaeAMgIg9XChUBDBY9GCNkCXBGc2kIbwEuPQ14SWEqRCgFMioNeFcuN1YmTGEvDXhfd3cCZ0VhLA14VzMpUS5Mdn9APQUrZAF/SH9qBHhFdW0BeUM
172.67.195.47204 No Content 0 B URL GET HTTP/2 ismscoldnesfspl.info/R1kwSXFoZlM6TBM0Xz4jdQsGHAYVaWYRHSMaeAMgIg9XChUBDBY9GCNkCXBGc2kIbwEuPQ14SWEqRCgFMioNeFcuN1YmTGEvDXhfd3cCZ0VhLA14VzMpUS5Mdn9APQUrZAF/SH9qBHhFdW0BeUM
IP 172.67.195.47:443
Requested by https://www.upload.ee/files/15851345/sadfok.hta.html?msg=sess_error
Certificate IssuerGoogle Trust Services LLC
Subjectismscoldnesfspl.info
FingerprintA0:89:A4:0E:87:A8:62:EA:DC:42:35:82:62:8C:B6:CC:95:A1:9C:5E
ValidityThu, 12 Oct 2023 08:47:57 GMT - Wed, 10 Jan 2024 08:47:56 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /R1kwSXFoZlM6TBM0Xz4jdQsGHAYVaWYRHSMaeAMgIg9XChUBDBY9GCNkCXBGc2kIbwEuPQ14SWEqRCgFMioNeFcuN1YmTGEvDXhfd3cCZ0VhLA14VzMpUS5Mdn9APQUrZAF/SH9qBHhFdW0BeUM HTTP/1.1
Host: ismscoldnesfspl.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
date: Thu, 26 Oct 2023 17:30:23 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ocZaAZbJkLu5gHg0qRoD2mVrfrZZjVK%2F1IYhaP3SWFH1HRuPuYlWLyPOO5X%2Fg%2F%2FcbQw62ukzupxxy89IF2Eo2jeZkQkl8sLmLf3paioNFLFSS22h3ayEZ2pblioqBTDvCWBSgt%2FTdg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 81c46d479af50b06-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ismscoldnesfspl.info/UzNUODh8DDdLBR1ZGlNiYwsTem4JZzJfABZlEnYLEXIgXGA9WHJMUTcObQEPYAVtHkg6V2kJHiBHNUxNIA5lHlE9VTsFHiUOZRYLZx1nDBZjFSEFCXVHJFlfbgJySEwnX2kJDmoLZwwJZwFgCA9l
172.67.195.47204 No Content 0 B URL GET HTTP/2 ismscoldnesfspl.info/UzNUODh8DDdLBR1ZGlNiYwsTem4JZzJfABZlEnYLEXIgXGA9WHJMUTcObQEPYAVtHkg6V2kJHiBHNUxNIA5lHlE9VTsFHiUOZRYLZx1nDBZjFSEFCXVHJFlfbgJySEwnX2kJDmoLZwwJZwFgCA9l
IP 172.67.195.47:443
Requested by https://www.upload.ee/files/15851345/sadfok.hta.html?msg=sess_error
Certificate IssuerGoogle Trust Services LLC
Subjectismscoldnesfspl.info
FingerprintA0:89:A4:0E:87:A8:62:EA:DC:42:35:82:62:8C:B6:CC:95:A1:9C:5E
ValidityThu, 12 Oct 2023 08:47:57 GMT - Wed, 10 Jan 2024 08:47:56 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /UzNUODh8DDdLBR1ZGlNiYwsTem4JZzJfABZlEnYLEXIgXGA9WHJMUTcObQEPYAVtHkg6V2kJHiBHNUxNIA5lHlE9VTsFHiUOZRYLZx1nDBZjFSEFCXVHJFlfbgJySEwnX2kJDmoLZwwJZwFgCA9l HTTP/1.1
Host: ismscoldnesfspl.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
date: Thu, 26 Oct 2023 17:30:23 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kTRQzXOAKxRv20HA8aVnukIxXhsz2paw4PWtsw0UEyot2NvXrsMRkmiy8DWaIDIfqePibBEkSRIABlAwTcyy8YDXM%2B07amy%2BZ116j1%2Fp0iGfgUGtnQSBDhtdhxcxMbKjQtRyjMXB7A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 81c46d479aee0b06-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ticalfelixstownru.info/TVpLMk4sOChfcSxnKRQ7PzZ2F3wLf3l0KjhqO0cqfSkvXiM3PGVRIiIvL1Q8IjQ/HCAoLm4ACAM7DXM2Lw1zfh58YgdnDDpvHWQMGg8cUQ0aaxF9ASYTCHMcJS4ZS3YvHRlCeAMOL1ceJjEMYg0paBlgLQEMHHMWDAt/dQA6IgdxKRQgD3Q2BxkfYBoYHD99BAgfCHAIGDMccw8XGSF8KwktOHAqJgsGZykYf3l0HToLD3AKCA8TSyIpPCx0BxUMIwYdGyIuZhkDIBh0fxQKDVUKCjIJAw98ahNnCRcvHAM6AwN4fAcVDCxbHH0yKHkZCBgddwgUPxkfHCsCPAp/GD0ScxoaEHhqf3QAEnMILgJ6Xn8Ma3t4Dx4QHnE5DAsvYwM/AideJgVrengGGmoKFCQ+NSVCczsYP0MEBgITBCA1MRh9
143.204.55.117200 OK 1.2 kB URL GET HTTP/2 ticalfelixstownru.info/TVpLMk4sOChfcSxnKRQ7PzZ2F3wLf3l0KjhqO0cqfSkvXiM3PGVRIiIvL1Q8IjQ/HCAoLm4ACAM7DXM2Lw1zfh58YgdnDDpvHWQMGg8cUQ0aaxF9ASYTCHMcJS4ZS3YvHRlCeAMOL1ceJjEMYg0paBlgLQEMHHMWDAt/dQA6IgdxKRQgD3Q2BxkfYBoYHD99BAgfCHAIGDMccw8XGSF8KwktOHAqJgsGZykYf3l0HToLD3AKCA8TSyIpPCx0BxUMIwYdGyIuZhkDIBh0fxQKDVUKCjIJAw98ahNnCRcvHAM6AwN4fAcVDCxbHH0yKHkZCBgddwgUPxkfHCsCPAp/GD0ScxoaEHhqf3QAEnMILgJ6Xn8Ma3t4Dx4QHnE5DAsvYwM/AideJgVrengGGmoKFCQ+NSVCczsYP0MEBgITBCA1MRh9
IP 143.204.55.117:443
Requested by https://www.upload.ee/files/15851345/sadfok.hta.html?msg=sess_error
Certificate IssuerAmazon
Subjectticalfelixstownru.info
Fingerprint86:76:7C:D2:5F:B7:F1:4A:DD:80:F6:D4:16:23:2B:37:97:3B:D1:C8
ValidityThu, 12 Oct 2023 00:00:00 GMT - Sat, 09 Nov 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3024), with no line terminators
Hash b893a341cad113bf144025c900384966
bfbcc5a996169962566373e15593450b3f209c14
4378671318ed86cbd289f2b09536200421dd371f8a25d44012bae2ea6468929d
GET /TVpLMk4sOChfcSxnKRQ7PzZ2F3wLf3l0KjhqO0cqfSkvXiM3PGVRIiIvL1Q8IjQ/HCAoLm4ACAM7DXM2Lw1zfh58YgdnDDpvHWQMGg8cUQ0aaxF9ASYTCHMcJS4ZS3YvHRlCeAMOL1ceJjEMYg0paBlgLQEMHHMWDAt/dQA6IgdxKRQgD3Q2BxkfYBoYHD99BAgfCHAIGDMccw8XGSF8KwktOHAqJgsGZykYf3l0HToLD3AKCA8TSyIpPCx0BxUMIwYdGyIuZhkDIBh0fxQKDVUKCjIJAw98ahNnCRcvHAM6AwN4fAcVDCxbHH0yKHkZCBgddwgUPxkfHCsCPAp/GD0ScxoaEHhqf3QAEnMILgJ6Xn8Ma3t4Dx4QHnE5DAsvYwM/AideJgVrengGGmoKFCQ+NSVCczsYP0MEBgITBCA1MRh9 HTTP/1.1
Host: ticalfelixstownru.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/html
content-length: 1179
date: Thu, 26 Oct 2023 17:30:23 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 bcd5dadccb0831729969c938747ff79a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: P5nkUMBwH8hu_MA0aGMn0AcqtSGp5c1JyI40ZxYVieXWPWGwHlPw_A==
X-Firefox-Spdy: h2
ticalfelixstownru.info/ckdDOU0TJSBUchN6IR84ACt+HH80YnF/KQd3M0wpQjQnVSAIIW1aIR0yJ18/HSk3FyMXM2YLCxEUcQwYIS0OVgwmKDB9CUoPDnEuOSQvVSoXIDdNDzEkL2EZBhMBQwc3IhFaKj4Bc18KNnMAfxlKEg5xLjYlEnB8OAERCx42AihsBSghIFA5KgwVdyoQAhpIGAgsL2oeOwQMej4lIhBRJSgGDUwVNRUqan4CISBhIQolL0EmOCssVQoLPzV4FQEQIXE1ASEVSTUXHwVMFTUWd2saRyMFYT42JCh7Jis/GQwVGAo1bA4zBSBhJUMiFQwhFyANDxUfahVPDCo0CmkZGhAPaAgBJTR8Ayp1FQ4FKjMKcBURBGVTPh0pMwQeCjBxQDkUKRdPJzo
143.204.55.117200 OK 1.2 kB URL GET HTTP/2 ticalfelixstownru.info/ckdDOU0TJSBUchN6IR84ACt+HH80YnF/KQd3M0wpQjQnVSAIIW1aIR0yJ18/HSk3FyMXM2YLCxEUcQwYIS0OVgwmKDB9CUoPDnEuOSQvVSoXIDdNDzEkL2EZBhMBQwc3IhFaKj4Bc18KNnMAfxlKEg5xLjYlEnB8OAERCx42AihsBSghIFA5KgwVdyoQAhpIGAgsL2oeOwQMej4lIhBRJSgGDUwVNRUqan4CISBhIQolL0EmOCssVQoLPzV4FQEQIXE1ASEVSTUXHwVMFTUWd2saRyMFYT42JCh7Jis/GQwVGAo1bA4zBSBhJUMiFQwhFyANDxUfahVPDCo0CmkZGhAPaAgBJTR8Ayp1FQ4FKjMKcBURBGVTPh0pMwQeCjBxQDkUKRdPJzo
IP 143.204.55.117:443
Requested by https://www.upload.ee/files/15851345/sadfok.hta.html?msg=sess_error
Certificate IssuerAmazon
Subjectticalfelixstownru.info
Fingerprint86:76:7C:D2:5F:B7:F1:4A:DD:80:F6:D4:16:23:2B:37:97:3B:D1:C8
ValidityThu, 12 Oct 2023 00:00:00 GMT - Sat, 09 Nov 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2998), with no line terminators
Hash 1c452f08a1d17580ad4846c8321f2092
3618348fe0e16a1e7dce98b952ca846dce158d4b
ce79f30564ff6ba9c88b3058c79ace9e4fab39e19f626f6fc0905be121e8db56
GET /ckdDOU0TJSBUchN6IR84ACt+HH80YnF/KQd3M0wpQjQnVSAIIW1aIR0yJ18/HSk3FyMXM2YLCxEUcQwYIS0OVgwmKDB9CUoPDnEuOSQvVSoXIDdNDzEkL2EZBhMBQwc3IhFaKj4Bc18KNnMAfxlKEg5xLjYlEnB8OAERCx42AihsBSghIFA5KgwVdyoQAhpIGAgsL2oeOwQMej4lIhBRJSgGDUwVNRUqan4CISBhIQolL0EmOCssVQoLPzV4FQEQIXE1ASEVSTUXHwVMFTUWd2saRyMFYT42JCh7Jis/GQwVGAo1bA4zBSBhJUMiFQwhFyANDxUfahVPDCo0CmkZGhAPaAgBJTR8Ayp1FQ4FKjMKcBURBGVTPh0pMwQeCjBxQDkUKRdPJzo HTTP/1.1
Host: ticalfelixstownru.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1154
date: Thu, 26 Oct 2023 17:30:23 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 bcd5dadccb0831729969c938747ff79a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 42RqfNnF5lHycFfN5xS2zWU-B8Zozg_u-F05Bm4mdahZp_kfMfl3bw==
X-Firefox-Spdy: h2
ticalfelixstownru.info/ajB3dkELUhQbfgsNFVA0GFxKU3MsFUUwJR8ABwMlWkMTGiwQVlkVLQVFExAzBV4DWC8PRFJEBz1+RwZ0OWQtIws4UwE1FCdaPy4QOnQZRw8PcT4kCCtfGiEEDgMxMnQlUzQBECcCIjMDAHE0JBkCQzMiDzlzGQYnIGYTLA0/YgEjcAFAJT4mO2YeQiMOcT4kEQ1bGi4QBQQyNRMrZiQdFiEBPRMjK0cYNXAFXDYPAwtnDgIiDwM2NRsvXAQ0AA5ZNi4mInUZHXYIcSY+CwJxGSdxU0YkRS0ldEQBLAxHPiUkPkQENAAJBDNENixUGQILCXIQPhhbHQ9BAwZxATEoIGoyGCZPAjETNjN3Eh0tXnIQLDc5AxsnGQBXFDpwBmAVRjI6cgAsdjwDHCcQBFQ+UCsZXxkGfAdHDzEnA0okRQ0jewQ5
143.204.55.117200 OK 1.2 kB URL GET HTTP/2 ticalfelixstownru.info/ajB3dkELUhQbfgsNFVA0GFxKU3MsFUUwJR8ABwMlWkMTGiwQVlkVLQVFExAzBV4DWC8PRFJEBz1+RwZ0OWQtIws4UwE1FCdaPy4QOnQZRw8PcT4kCCtfGiEEDgMxMnQlUzQBECcCIjMDAHE0JBkCQzMiDzlzGQYnIGYTLA0/YgEjcAFAJT4mO2YeQiMOcT4kEQ1bGi4QBQQyNRMrZiQdFiEBPRMjK0cYNXAFXDYPAwtnDgIiDwM2NRsvXAQ0AA5ZNi4mInUZHXYIcSY+CwJxGSdxU0YkRS0ldEQBLAxHPiUkPkQENAAJBDNENixUGQILCXIQPhhbHQ9BAwZxATEoIGoyGCZPAjETNjN3Eh0tXnIQLDc5AxsnGQBXFDpwBmAVRjI6cgAsdjwDHCcQBFQ+UCsZXxkGfAdHDzEnA0okRQ0jewQ5
IP 143.204.55.117:443
Requested by https://www.upload.ee/files/15851345/sadfok.hta.html?msg=sess_error
Certificate IssuerAmazon
Subjectticalfelixstownru.info
Fingerprint86:76:7C:D2:5F:B7:F1:4A:DD:80:F6:D4:16:23:2B:37:97:3B:D1:C8
ValidityThu, 12 Oct 2023 00:00:00 GMT - Sat, 09 Nov 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3024), with no line terminators
Hash ea421c3c8c010be7ad5f3d3dd46fcd7d
c972cb595f5d211866ae1f3ef04e8802a33b705b
1bd2b6ef520f8f331ff9603787b1ecc94b74417dc8802bc93ca0b25585ae8e36
GET /ajB3dkELUhQbfgsNFVA0GFxKU3MsFUUwJR8ABwMlWkMTGiwQVlkVLQVFExAzBV4DWC8PRFJEBz1+RwZ0OWQtIws4UwE1FCdaPy4QOnQZRw8PcT4kCCtfGiEEDgMxMnQlUzQBECcCIjMDAHE0JBkCQzMiDzlzGQYnIGYTLA0/YgEjcAFAJT4mO2YeQiMOcT4kEQ1bGi4QBQQyNRMrZiQdFiEBPRMjK0cYNXAFXDYPAwtnDgIiDwM2NRsvXAQ0AA5ZNi4mInUZHXYIcSY+CwJxGSdxU0YkRS0ldEQBLAxHPiUkPkQENAAJBDNENixUGQILCXIQPhhbHQ9BAwZxATEoIGoyGCZPAjETNjN3Eh0tXnIQLDc5AxsnGQBXFDpwBmAVRjI6cgAsdjwDHCcQBFQ+UCsZXxkGfAdHDzEnA0okRQ0jewQ5 HTTP/1.1
Host: ticalfelixstownru.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1177
date: Thu, 26 Oct 2023 17:30:23 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 bcd5dadccb0831729969c938747ff79a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: hFvqrKXETWPogSqhjNjjTuS5ScrTf8_yG16bWzMqlKZGTRvhROBlGg==
X-Firefox-Spdy: h2
ismscoldnesfspl.info/aE42UUJHcVUifzo0dGQYWwhMEBdRKGQZISkaWh8DDileHRQtLRAlKwxzD2h1XH8CdzIBKgtgZBs6VyU3G3MHdysGKFlsZB5zB39xXGAFZWxYaENsc046RjAlVX8QITYcIgtgdFF2BWVzXHwCYHBd
172.67.195.47204 No Content 0 B URL GET HTTP/2 ismscoldnesfspl.info/aE42UUJHcVUifzo0dGQYWwhMEBdRKGQZISkaWh8DDileHRQtLRAlKwxzD2h1XH8CdzIBKgtgZBs6VyU3G3MHdysGKFlsZB5zB39xXGAFZWxYaENsc046RjAlVX8QITYcIgtgdFF2BWVzXHwCYHBd
IP 172.67.195.47:443
Requested by https://www.upload.ee/files/15851345/sadfok.hta.html?msg=sess_error
Certificate IssuerGoogle Trust Services LLC
Subjectismscoldnesfspl.info
FingerprintA0:89:A4:0E:87:A8:62:EA:DC:42:35:82:62:8C:B6:CC:95:A1:9C:5E
ValidityThu, 12 Oct 2023 08:47:57 GMT - Wed, 10 Jan 2024 08:47:56 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /aE42UUJHcVUifzo0dGQYWwhMEBdRKGQZISkaWh8DDileHRQtLRAlKwxzD2h1XH8CdzIBKgtgZBs6VyU3G3MHdysGKFlsZB5zB39xXGAFZWxYaENsc046RjAlVX8QITYcIgtgdFF2BWVzXHwCYHBd HTTP/1.1
Host: ismscoldnesfspl.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
date: Thu, 26 Oct 2023 17:30:23 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VGqZcxFhv70hbRSSNOV9WFQTmtU3ia7Z0fPPsqVhX4m9u3tHfop6xVoR4p0j35yeil7qmI11V9fE8WdgkMWxX3bSBwnpbQ8TzoG7hDk4bi3%2B03cqeoGmhUxc4fgniddEggnOYIS8yQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 81c46d47db0e0b06-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
www.upload.ee/favicon.ico
51.91.30.159200 OK 1.2 kB URL GET HTTP/1.1 www.upload.ee/favicon.ico
IP 51.91.30.159:443
Requested by https://www.upload.ee/files/15851345/sadfok.hta.html?msg=sess_error
Certificate IssuerDigiCert, Inc.
Subjectwww.upload.ee
Fingerprint50:32:93:34:C8:04:2F:84:49:77:0D:C4:DD:CA:79:C9:CB:3E:C0:F4
ValidityThu, 02 Mar 2023 00:00:00 GMT - Mon, 01 Apr 2024 23:59:59 GMT
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash f299cf2e651c19e48d27900ced493ccb
c2d1086d517d7a26292e0d7b32da7c55b166c23b
115c8eb4840245f7aed0cb2a17fa7e91b86f79bb2f223a25af8cc533e1dedff1
GET /favicon.ico HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/files/15851345/sadfok.hta.html?msg=sess_error
Cookie: lng=eng; _ga_LT9YQX0N49=GS1.1.1698341424.1.0.1698341424.0.0.0; _ga=GA1.1.1496193467.1698341424
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 26 Oct 2023 17:30:23 GMT
Content-Type: image/x-icon
Content-Length: 1150
Last-Modified: Tue, 16 Dec 2008 17:17:25 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "4947e2a5-47e"
Expires: Thu, 02 Nov 2023 17:30:23 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.131 472 B IP 142.250.74.131:0
Hash 285bbba68b5592c22437bac94e89c841
eb59489bdc1ba05b6f270afac3b5d24c7b1c29b9
58892ccd9341b4335f930416670de4bbe22f70aad55bd7e111fa90337aa6cb98
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 26 Oct 2023 17:30:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131 472 B IP 142.250.74.131:0
Hash 285bbba68b5592c22437bac94e89c841
eb59489bdc1ba05b6f270afac3b5d24c7b1c29b9
58892ccd9341b4335f930416670de4bbe22f70aad55bd7e111fa90337aa6cb98
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 26 Oct 2023 17:30:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
142.250.74.109302 Found 0 B URL GET HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP 142.250.74.109:443
Requested by https://www.upload.ee/files/15851345/sadfok.hta.html?msg=sess_error
Certificate IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
FingerprintC3:EF:CC:C7:6C:FD:21:E8:B0:08:50:37:0F:AC:B1:DD:AB:1D:1E:FF
ValidityThu, 28 Sep 2023 05:32:39 GMT - Thu, 21 Dec 2023 05:32:38 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:QFMTnlHHiporLuG3-1YemOdEc4uwBA:kZePv6MFRgH0go9K; Expires=Sat, 25-Oct-2025 17:30:23 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 26 Oct 2023 17:30:23 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AVQVeywt83A_6QvJvJwrh18JMWOuHojkQgUCI8H3bxPO-XFSRi9sD0XEQaj9vbAE9iUYyk6CBZu0AA
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport, script-src 'nonce-20exVT40k_8HVeKXocwnfw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ticalfelixstownru.info/utx?cb=l8G025tieKVC&top=www.upload.ee&tid=997369
143.204.55.117204 No Content 0 B URL GET HTTP/2 ticalfelixstownru.info/utx?cb=l8G025tieKVC&top=www.upload.ee&tid=997369
IP 143.204.55.117:443
Requested by https://www.upload.ee/files/15851345/sadfok.hta.html?msg=sess_error
Certificate IssuerAmazon
Subjectticalfelixstownru.info
Fingerprint86:76:7C:D2:5F:B7:F1:4A:DD:80:F6:D4:16:23:2B:37:97:3B:D1:C8
ValidityThu, 12 Oct 2023 00:00:00 GMT - Sat, 09 Nov 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=l8G025tieKVC&top=www.upload.ee&tid=997369 HTTP/1.1
Host: ticalfelixstownru.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.upload.ee
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
date: Thu, 26 Oct 2023 17:30:23 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://www.upload.ee
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Thu, 26 Oct 2023 17:31:23 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 bcd5dadccb0831729969c938747ff79a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: ggnwGMeVprmfTCOpC60mM4vAgOUlHQ-O9Yr8pJC70zo5bGh9kFbyEQ==
X-Firefox-Spdy: h2
ticalfelixstownru.info/utx?cb=DvnrgY6auPPb&top=www.upload.ee&tid=997414
143.204.55.117204 No Content 0 B URL GET HTTP/2 ticalfelixstownru.info/utx?cb=DvnrgY6auPPb&top=www.upload.ee&tid=997414
IP 143.204.55.117:443
Requested by https://www.upload.ee/files/15851345/sadfok.hta.html?msg=sess_error
Certificate IssuerAmazon
Subjectticalfelixstownru.info
Fingerprint86:76:7C:D2:5F:B7:F1:4A:DD:80:F6:D4:16:23:2B:37:97:3B:D1:C8
ValidityThu, 12 Oct 2023 00:00:00 GMT - Sat, 09 Nov 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=DvnrgY6auPPb&top=www.upload.ee&tid=997414 HTTP/1.1
Host: ticalfelixstownru.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.upload.ee
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
date: Thu, 26 Oct 2023 17:30:23 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://www.upload.ee
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Thu, 26 Oct 2023 17:31:23 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 bcd5dadccb0831729969c938747ff79a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: JuN4bw1XhUZ8ozrM6p79eN7hHVjGHBZe80HrcfYxU8r4KNSLMk2gNg==
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
142.250.74.109302 Found 0 B URL GET HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP 142.250.74.109:443
Requested by https://www.upload.ee/files/15851345/sadfok.hta.html?msg=sess_error
Certificate IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
FingerprintC3:EF:CC:C7:6C:FD:21:E8:B0:08:50:37:0F:AC:B1:DD:AB:1D:1E:FF
ValidityThu, 28 Sep 2023 05:32:39 GMT - Thu, 21 Dec 2023 05:32:38 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:V1l9LBs3uscBNN6xcsFYNwlzuZzctA:FHJt7Z3BKIWb8Obl; Expires=Sat, 25-Oct-2025 17:30:23 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 26 Oct 2023 17:30:23 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AVQVeyzpT6LIK84CwsiF2-6uoOPBN4SVJwVjIhndrRPOwLbjE3UdEBNC24IqEzA6wR9NumlUuEr4zA
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-V1KYeutLd0EPxJPR2qeaKQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131 472 B IP 142.250.74.131:0
Hash 4b6a32d56d9cb7328aaab78926acda91
2f85bb8c58223c6bc24ffbf8a90797ce62388495
dc0646907d82d407bb70478f1527bff3fe4ba388604831bf3b70ddb99bed1f98
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 26 Oct 2023 17:30:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AVQVeywt83A_6QvJvJwrh18JMWOuHojkQgUCI8H3bxPO-XFSRi9sD0XEQaj9vbAE9iUYyk6CBZu0AA
142.250.74.109302 Found 409 B URL GET HTTP/2 accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AVQVeywt83A_6QvJvJwrh18JMWOuHojkQgUCI8H3bxPO-XFSRi9sD0XEQaj9vbAE9iUYyk6CBZu0AA
IP 142.250.74.109:443
Requested by https://www.upload.ee/files/15851345/sadfok.hta.html?msg=sess_error
Certificate IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
FingerprintC3:EF:CC:C7:6C:FD:21:E8:B0:08:50:37:0F:AC:B1:DD:AB:1D:1E:FF
ValidityThu, 28 Sep 2023 05:32:39 GMT - Thu, 21 Dec 2023 05:32:38 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (400)
Hash 24263e11752bceafb8d7cb60d1f85759
2fa3cf433039cfee1f78545dfde93fd574f3b9a2
fb76b576846d3686626d9a268bccc71e2f8bc21753ca08867fcc46a2f30a3c12
GET /InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AVQVeywt83A_6QvJvJwrh18JMWOuHojkQgUCI8H3bxPO-XFSRi9sD0XEQaj9vbAE9iUYyk6CBZu0AA HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:DmeEIIjrz7uVpq373adqmzid4YC_Qw:6YuPlgy5TuYzuFQ1;Path=/;Expires=Sat, 25-Oct-2025 17:30:23 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 26 Oct 2023 17:30:23 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AVQVeyw_hOwQhDZvDAm6ZZGaA1Kzyt6WhSxaSuJQBD0IH64MyWwZJU3UH-zMeHiFyVbjJKe07AK0Pw&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1022763188%3A1698341423810205&theme=glif
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-security-policy: script-src 'nonce-1BFIcU3wn9O3goYWpWhAqw' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 409
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AVQVeyzpT6LIK84CwsiF2-6uoOPBN4SVJwVjIhndrRPOwLbjE3UdEBNC24IqEzA6wR9NumlUuEr4zA
142.250.74.109302 Found 405 B URL GET HTTP/2 accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AVQVeyzpT6LIK84CwsiF2-6uoOPBN4SVJwVjIhndrRPOwLbjE3UdEBNC24IqEzA6wR9NumlUuEr4zA
IP 142.250.74.109:443
Requested by https://www.upload.ee/files/15851345/sadfok.hta.html?msg=sess_error
Certificate IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
FingerprintC3:EF:CC:C7:6C:FD:21:E8:B0:08:50:37:0F:AC:B1:DD:AB:1D:1E:FF
ValidityThu, 28 Sep 2023 05:32:39 GMT - Thu, 21 Dec 2023 05:32:38 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (396)
Hash b08f0a53d36e9f96033d4d62663891e8
27dd9cd7329d3b24f51a05d6cd06a55108b4b29b
c9f3b7061664bfb011810c55a265d0ab3b1877ae241f603824365cb0277c60bd
GET /InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AVQVeyzpT6LIK84CwsiF2-6uoOPBN4SVJwVjIhndrRPOwLbjE3UdEBNC24IqEzA6wR9NumlUuEr4zA HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:bU6azAxJLhKaoTLDDcryegNBei4Edw:S1k8bluP2AA2DWky;Path=/;Expires=Sat, 25-Oct-2025 17:30:23 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 26 Oct 2023 17:30:23 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AVQVeywu89zt7-iMTRCiUE2X4ez0rOYaPaYbJCYKYR5SRbiPrnHEhMlPhLdKBJW4sN_TRXaJubzaKg&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1559669267%3A1698341423830657&theme=glif
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-S0Inf0t6XXqqryHtxCPJtg' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 405
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
du0pud0sdlmzf.cloudfront.net/NaFAxbW8LP18LUBw5VVBWUWcCW1ZOOkICARhtRy8bGRp6NTdePkkGPCd2RRcLVWAXAQ4GNwxLCgYzDFxJCTRTUFtOJEECBFUiWAAZCjNeDwsBdkQMUgU/SwQDBDEUXyldfgFIXVh4SVxeTWNzSF1YPFgDGhB1A10XUGZuW1tNY3NIXVgiR0hcKWEBVEFYeR-RfXw81UgYATWJ3X19ZYAFcX1l1A10JASJUCwAQdQMrXllhH11JHW0A
143.204.42.48 617 B URL du0pud0sdlmzf.cloudfront.net/NaFAxbW8LP18LUBw5VVBWUWcCW1ZOOkICARhtRy8bGRp6NTdePkkGPCd2RRcLVWAXAQ4GNwxLCgYzDFxJCTRTUFtOJEECBFUiWAAZCjNeDwsBdkQMUgU/SwQDBDEUXyldfgFIXVh4SVxeTWNzSF1YPFgDGhB1A10XUGZuW1tNY3NIXVgiR0hcKWEBVEFYeR-RfXw81UgYATWJ3X19ZYAFcX1l1A10JASJUCwAQdQMrXllhH11JHW0A
IP 143.204.42.48:0
Certificate IssuerAmazon
Subject*.cloudfront.net
FingerprintBA:0F:CD:B3:EA:19:B2:9D:99:9B:51:2D:16:33:6B:D0:3F:31:A2:AB
ValidityThu, 08 Dec 2022 00:00:00 GMT - Thu, 07 Dec 2023 23:59:59 GMT
File type ASCII text, with very long lines (878), with no line terminators
Hash f305df099075ab7cd16da6d8453d7c38
910ff850363aa01c297f39c4cadd75a728a0d31e
b3a1cedc696759ff5f51682d3557649bfc3a163398d741f6543fb0a0fd9536ea
GET /NaFAxbW8LP18LUBw5VVBWUWcCW1ZOOkICARhtRy8bGRp6NTdePkkGPCd2RRcLVWAXAQ4GNwxLCgYzDFxJCTRTUFtOJEECBFUiWAAZCjNeDwsBdkQMUgU/SwQDBDEUXyldfgFIXVh4SVxeTWNzSF1YPFgDGhB1A10XUGZuW1tNY3NIXVgiR0hcKWEBVEFYeR-RfXw81UgYATWJ3X19ZYAFcX1l1A10JASJUCwAQdQMrXllhH11JHW0A HTTP/1.1
Host: du0pud0sdlmzf.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ticalfelixstownru.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 617
date: Thu, 26 Oct 2023 17:30:23 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 a034aae43a19aef875fa395182990970.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: v60bXf96uXgHv-FvQ4wtu5rBX2y8jO6S9vW0px92UMVlQ1R1uP4tyQ==
X-Firefox-Spdy: h2
du0pud0sdlmzf.cloudfront.net/cS25USjMoATosDD8HMHcKcllgegttBCclXTtTBzJEeRcgLF0fGD4CFT8UMHcDbQI1JFR2SDEkUHZfcitXKVNgbEYqUzklSSICOCsWeShhZANuXGRiS3pfcXlxblxkJlolGyxvAXsWbHxsfVpxeXFuXGQ4RW5dFXsDckBkYxZ5XjMvUCABcXh1eV5legN6Xm-VvAXsIPThWLQEsbwENX2V7HXtIIXcC
143.204.42.48 195 B URL du0pud0sdlmzf.cloudfront.net/cS25USjMoATosDD8HMHcKcllgegttBCclXTtTBzJEeRcgLF0fGD4CFT8UMHcDbQI1JFR2SDEkUHZfcitXKVNgbEYqUzklSSICOCsWeShhZANuXGRiS3pfcXlxblxkJlolGyxvAXsWbHxsfVpxeXFuXGQ4RW5dFXsDckBkYxZ5XjMvUCABcXh1eV5legN6Xm-VvAXsIPThWLQEsbwENX2V7HXtIIXcC
IP 143.204.42.48:0
Certificate IssuerAmazon
Subject*.cloudfront.net
FingerprintBA:0F:CD:B3:EA:19:B2:9D:99:9B:51:2D:16:33:6B:D0:3F:31:A2:AB
ValidityThu, 08 Dec 2022 00:00:00 GMT - Thu, 07 Dec 2023 23:59:59 GMT
File type ASCII text, with no line terminators
Hash 7a2a713feddf6207ed42db9cb734f218
951ae415fe383a28d62411e8be4012fe562d6137
440516ea5611385f1d98e4511d19403f7ac5787f78be5ef42d6712c59619cf97
GET /cS25USjMoATosDD8HMHcKcllgegttBCclXTtTBzJEeRcgLF0fGD4CFT8UMHcDbQI1JFR2SDEkUHZfcitXKVNgbEYqUzklSSICOCsWeShhZANuXGRiS3pfcXlxblxkJlolGyxvAXsWbHxsfVpxeXFuXGQ4RW5dFXsDckBkYxZ5XjMvUCABcXh1eV5legN6Xm-VvAXsIPThWLQEsbwENX2V7HXtIIXcC HTTP/1.1
Host: du0pud0sdlmzf.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ticalfelixstownru.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 195
date: Thu, 26 Oct 2023 17:30:23 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 a034aae43a19aef875fa395182990970.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 7YSKK7zdeItvJcCmQe78QUlm8eqHx8DpxWFLNa1mgRNYT86wmAu5yg==
X-Firefox-Spdy: h2
du0pud0sdlmzf.cloudfront.net/WN0p5STZUJRcvCUMjHXQPDn1NeAIRIAomWEd3FD5OcCwQM2UEBjACRXhsDTNSCnpfJVdZLURvU1kpRHgQVi4bdAIRPgkmXQo4ECRAVSkWK1JebAwoC1olAyBaWytce3ACZElsBAdiAXgHEnk7bAQHJhAnQ09vS3lOD3wmfwISeTtsBAc4D2wFdntJcBgHY1-x7BlAvGiJZEng/ewYGekl4BgZvS3lQXjgcL1lPb0sPBwZ7V3kQQndI
143.204.42.48 584 B URL du0pud0sdlmzf.cloudfront.net/WN0p5STZUJRcvCUMjHXQPDn1NeAIRIAomWEd3FD5OcCwQM2UEBjACRXhsDTNSCnpfJVdZLURvU1kpRHgQVi4bdAIRPgkmXQo4ECRAVSkWK1JebAwoC1olAyBaWytce3ACZElsBAdiAXgHEnk7bAQHJhAnQ09vS3lOD3wmfwISeTtsBAc4D2wFdntJcBgHY1-x7BlAvGiJZEng/ewYGekl4BgZvS3lQXjgcL1lPb0sPBwZ7V3kQQndI
IP 143.204.42.48:0
Certificate IssuerAmazon
Subject*.cloudfront.net
FingerprintBA:0F:CD:B3:EA:19:B2:9D:99:9B:51:2D:16:33:6B:D0:3F:31:A2:AB
ValidityThu, 08 Dec 2022 00:00:00 GMT - Thu, 07 Dec 2023 23:59:59 GMT
File type ASCII text, with very long lines (810), with no line terminators
Hash 56f90098b1b6f64eed0e6280a0b35a1e
8aca1b163c22f524233b1cbbeb55a148dc34a94f
bb13a0f1412bb771ec7a8bb93bd3d6a5994a2abe91e0852184c928b14915edac
GET /WN0p5STZUJRcvCUMjHXQPDn1NeAIRIAomWEd3FD5OcCwQM2UEBjACRXhsDTNSCnpfJVdZLURvU1kpRHgQVi4bdAIRPgkmXQo4ECRAVSkWK1JebAwoC1olAyBaWytce3ACZElsBAdiAXgHEnk7bAQHJhAnQ09vS3lOD3wmfwISeTtsBAc4D2wFdntJcBgHY1-x7BlAvGiJZEng/ewYGekl4BgZvS3lQXjgcL1lPb0sPBwZ7V3kQQndI HTTP/1.1
Host: du0pud0sdlmzf.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ticalfelixstownru.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 584
date: Thu, 26 Oct 2023 17:30:23 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 a034aae43a19aef875fa395182990970.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: SHBxWeXsiPpL-pQC91M9GqM921Yc-YLukQKTu323dSSaOwuoXTO_yA==
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
104.21.24.208200 OK 105 kB IP 104.21.24.208:443
Requested by https://www.upload.ee/files/15851345/sadfok.hta.html?msg=sess_error
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint17:F9:2D:6F:B5:5E:5F:37:A6:FB:BE:61:4F:97:64:33:85:5C:3A:FB
ValidityTue, 28 Feb 2023 00:00:00 GMT - Tue, 27 Feb 2024 23:59:59 GMT
Size 105 kB (104650 bytes)
Hash a8d478e2f969ffa7d1bbf8deddc5e352
f7be68d4045d19eb439ed428f3a72e82c2339512
7d38a3e9f2fbd2e5cc1accb2a40b7ca0453b4b3ac13a7c81e41a85cadb25e141
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
Origin: https://www.upload.ee
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 26 Oct 2023 17:30:23 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://www.upload.ee
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: EXPIRED
last-modified: Thu, 26 Oct 2023 13:40:48 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JHigWtOl783O8N95NJ1thLlI6tH4h5nGtqUU5UC0chAm1WR4yUDe4z7wfmOiv7kCmYqUgaW7qyUd9nM1QHVbZ2E5yev3M7wCNdBwyzjGq7KQjIWxV8%2BohLVkduXGO2jm"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 81c46d4a6a9e0b69-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.bepolite.eu/scripts/saresponsive.js
212.47.222.22200 OK 177 kB URL GET HTTP/2 static.bepolite.eu/scripts/saresponsive.js
IP 212.47.222.22:443
ASN #3327 CITIC Telecom CPC Netherlands B.V.
Requested by https://www.upload.ee/files/15851345/sadfok.hta.html?msg=sess_error
Certificate IssuerLet's Encrypt
Subjectstatic.bepolite.eu
FingerprintB7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD
ValidityMon, 04 Sep 2023 21:06:47 GMT - Sun, 03 Dec 2023 21:06:46 GMT
File type ASCII text, with very long lines (32077), with CRLF line terminators
Size 177 kB (176966 bytes)
Hash 8b966d35075632aae6108d54928c2ae9
c76f1c7ab28ade483e7a852c049eeb5bddaf4e5e
da22da01f20d28d9171f8107e155ca01f9811d6abcd3b64dbeb832ec6c34578e
GET /scripts/saresponsive.js HTTP/1.1
Host: static.bepolite.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
accept-ranges: bytes
etag: "2499122404"
last-modified: Mon, 09 Oct 2023 23:05:33 GMT
content-length: 176966
date: Thu, 26 Oct 2023 17:30:13 GMT
cache-control: must-revalidate, private
expires: -1
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 663518105
age: 0
X-Firefox-Spdy: h2
ocsp.r2m02.amazontrust.com/
54.230.218.11 471 B URL ocsp.r2m02.amazontrust.com/
IP 54.230.218.11:0
Hash ef6101d80c8513d0ac775ee8590c6daf
6b8d93a7f121c3cc5329c8605d7ab8cab5fb86f2
e2eb65fe693792d567f245c4e8e21da3da713c736db0bfb28de2354422cc7838
POST / HTTP/1.1
Host: ocsp.r2m02.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Thu, 26 Oct 2023 17:30:25 GMT
Last-Modified: Thu, 26 Oct 2023 16:22:35 GMT
Server: ECAcc (ska/F6D2)
X-Cache: Miss from cloudfront
Via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: d2BptsJdB592vusBfvon3ITSnwVIJgM4Eaaa8w_DKgm6IrWah3vLZg==
Age: 4070
ocsp.r2m02.amazontrust.com/
54.230.218.11 471 B URL ocsp.r2m02.amazontrust.com/
IP 54.230.218.11:0
Hash ef6101d80c8513d0ac775ee8590c6daf
6b8d93a7f121c3cc5329c8605d7ab8cab5fb86f2
e2eb65fe693792d567f245c4e8e21da3da713c736db0bfb28de2354422cc7838
POST / HTTP/1.1
Host: ocsp.r2m02.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Thu, 26 Oct 2023 17:30:25 GMT
Last-Modified: Thu, 26 Oct 2023 15:52:57 GMT
Server: ECAcc (amb/6B35)
X-Cache: Miss from cloudfront
Via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: ry_vQO7Cg5KVH_IHIN30ENTAkiLtJvgsxA9GzX99kyVImVSvTb4Y_Q==
Age: 5848
static.bepolite.eu/files/close-gray.png
212.47.222.22200 OK 1.5 kB URL GET HTTP/2 static.bepolite.eu/files/close-gray.png
IP 212.47.222.22:443
ASN #3327 CITIC Telecom CPC Netherlands B.V.
Requested by https://www.upload.ee/files/15851345/sadfok.hta.html?msg=sess_error
Certificate IssuerLet's Encrypt
Subjectstatic.bepolite.eu
FingerprintB7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD
ValidityMon, 04 Sep 2023 21:06:47 GMT - Sun, 03 Dec 2023 21:06:46 GMT
File type PNG image data, 35 x 35, 8-bit/color RGBA, non-interlaced\012- data
Hash 41d9676ab94bece3f7a549b4769ddbe2
521f14490fc57fea51e2e5bf00e2299dce51561b
c2f89787bda82263fceb9ec11d398fa83a5f22abf248956df29bdee2987d2f34
GET /files/close-gray.png HTTP/1.1
Host: static.bepolite.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/png
accept-ranges: bytes
etag: "801691811"
last-modified: Fri, 08 Apr 2022 18:07:56 GMT
content-length: 1497
date: Thu, 26 Oct 2023 17:30:13 GMT
cache-control: must-revalidate, private
expires: -1
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 666218446
age: 0
X-Firefox-Spdy: h2
banner.hookusbookus.com/config/config.js?v=1
18.157.94.205200 OK 75 B URL GET HTTP/2 banner.hookusbookus.com/config/config.js?v=1
IP 18.157.94.205:443
Requested by https://banner.hookusbookus.com/index_300x600.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFzzir6Afpwiyh6fTv_uHsWb9E40EMJX2UQXlyEToQJLTwFmu6gDVl7asyl09zAPXjdFPtVVt_xRE5WWFuPAQ7rLRZIO8j2HeqwbO7aUc72IUrW5sIWV5TVM4Ai6l6Zpf0L8ct-AKkEtNy8WgogPyXWTzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1lOBTrB2gNvK4ykboohAFg9GiTK6hksTtZYDcAaR_SLbZUMMdoZrmihwdxucuHa1za5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFzzir6Afpwiyh6fTv_uHsWb9E40EMJX2UQXlyEToQJLTwFmu6gDVl7asyl09zAPXjdFPtVVt_xRE5WWFuPAQ7rLRZIO8j2HeqwbO7aUc72IUrW5sIWV5TVM4Ai6l6Zpf0L8ct-AKkEtNy8WgogPyXWTzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1lOBTrB2gNvK4ykboohAFg9GiTK6hksTtZYDcAaR_SLbZUMMdoZrmihwdxucuHa1za5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_300x600.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=764e06c42a714b508c6da8df6296025f50dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=300&h=600&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerAmazon
Subject*.hookusbookus.com
FingerprintCD:CD:3C:03:66:21:F8:A9:21:BC:F8:C8:3C:DC:88:0A:C5:19:F1:7A
ValiditySun, 07 May 2023 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT
Hash ee16e21326dec006274a554647c4d759
8e4389c35e12ea6d1e4d7214c174fda343047865
5ccb649c18765165e7128191ea14ab53d8de87d6ad7eea29328b681d455d7a4f
GET /config/config.js?v=1 HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/index_300x600.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFzzir6Afpwiyh6fTv_uHsWb9E40EMJX2UQXlyEToQJLTwFmu6gDVl7asyl09zAPXjdFPtVVt_xRE5WWFuPAQ7rLRZIO8j2HeqwbO7aUc72IUrW5sIWV5TVM4Ai6l6Zpf0L8ct-AKkEtNy8WgogPyXWTzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1lOBTrB2gNvK4ykboohAFg9GiTK6hksTtZYDcAaR_SLbZUMMdoZrmihwdxucuHa1za5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFzzir6Afpwiyh6fTv_uHsWb9E40EMJX2UQXlyEToQJLTwFmu6gDVl7asyl09zAPXjdFPtVVt_xRE5WWFuPAQ7rLRZIO8j2HeqwbO7aUc72IUrW5sIWV5TVM4Ai6l6Zpf0L8ct-AKkEtNy8WgogPyXWTzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1lOBTrB2gNvK4ykboohAFg9GiTK6hksTtZYDcAaR_SLbZUMMdoZrmihwdxucuHa1za5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_300x600.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=764e06c42a714b508c6da8df6296025f50dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=300&h=600&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 26 Oct 2023 17:30:25 GMT
content-type: application/javascript
content-length: 75
server: nginx/1.15.12
last-modified: Tue, 24 Jan 2023 14:19:47 GMT
etag: "63cfe903-4b"
accept-ranges: bytes
X-Firefox-Spdy: h2
serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYFzzir6Afpwiyh6fTv_uHsWb9E40EMJX2UQXlyEToQJLTwFmu6gDVl7asyl09zAPXjdFPtVVt_xRE5WWFuPAQ7rLRZIO8j2HeqwbO7aUc72IUrW5sIWV5TVM4Ai6l6Zpf0L8ct-AKkEtNy8WgogPyXWTzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1lOBTrB2gNvK4ykboohAFg9GiTK6hksTtZYDcAaR_SLbZUMMdoZrmihwdxucuHa1za5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g
212.47.222.22200 OK 0 B URL GET HTTP/2 serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYFzzir6Afpwiyh6fTv_uHsWb9E40EMJX2UQXlyEToQJLTwFmu6gDVl7asyl09zAPXjdFPtVVt_xRE5WWFuPAQ7rLRZIO8j2HeqwbO7aUc72IUrW5sIWV5TVM4Ai6l6Zpf0L8ct-AKkEtNy8WgogPyXWTzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1lOBTrB2gNvK4ykboohAFg9GiTK6hksTtZYDcAaR_SLbZUMMdoZrmihwdxucuHa1za5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g
IP 212.47.222.22:443
ASN #3327 CITIC Telecom CPC Netherlands B.V.
Requested by https://www.upload.ee/files/15851345/sadfok.hta.html?msg=sess_error
Certificate IssuerLet's Encrypt
Subjectstatic.bepolite.eu
FingerprintB7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD
ValidityMon, 04 Sep 2023 21:06:47 GMT - Sun, 03 Dec 2023 21:06:46 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /event?key=FYFWuDany3hwv6rfuoAYFzzir6Afpwiyh6fTv_uHsWb9E40EMJX2UQXlyEToQJLTwFmu6gDVl7asyl09zAPXjdFPtVVt_xRE5WWFuPAQ7rLRZIO8j2HeqwbO7aUc72IUrW5sIWV5TVM4Ai6l6Zpf0L8ct-AKkEtNy8WgogPyXWTzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1lOBTrB2gNvK4ykboohAFg9GiTK6hksTtZYDcAaR_SLbZUMMdoZrmihwdxucuHa1za5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g HTTP/1.1
Host: serving.bepolite.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Cookie: bepolite_id=53c84cc0cba1f5f1b905feb7941ca153
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 0
date: Thu, 26 Oct 2023 17:30:13 GMT
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 665043456
age: 0
accept-ranges: bytes
X-Firefox-Spdy: h2
serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYFzzir6Afpwiyh6fTv_uHsWb9E40EMJX2UQXlyEToQJLTwFmu6gDVl7asyl09zAPXjdFPtVVt_xRE5WWFuPAQ7rLRZIO8j2HeqwbO7aUc72IUrW5sIWV5TVM4Ai6l6Zpf0L8ct-AKkEtNy8WgogPyXWTzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1-evhWID3ORXadlzh-PDTFyohtAUnWvPFvxHzT-ywuaqFN0px0PrukqcX27oIItUza5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g
212.47.222.22200 OK 0 B URL GET HTTP/2 serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYFzzir6Afpwiyh6fTv_uHsWb9E40EMJX2UQXlyEToQJLTwFmu6gDVl7asyl09zAPXjdFPtVVt_xRE5WWFuPAQ7rLRZIO8j2HeqwbO7aUc72IUrW5sIWV5TVM4Ai6l6Zpf0L8ct-AKkEtNy8WgogPyXWTzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1-evhWID3ORXadlzh-PDTFyohtAUnWvPFvxHzT-ywuaqFN0px0PrukqcX27oIItUza5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g
IP 212.47.222.22:443
ASN #3327 CITIC Telecom CPC Netherlands B.V.
Requested by https://www.upload.ee/files/15851345/sadfok.hta.html?msg=sess_error
Certificate IssuerLet's Encrypt
Subjectstatic.bepolite.eu
FingerprintB7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD
ValidityMon, 04 Sep 2023 21:06:47 GMT - Sun, 03 Dec 2023 21:06:46 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /event?key=FYFWuDany3hwv6rfuoAYFzzir6Afpwiyh6fTv_uHsWb9E40EMJX2UQXlyEToQJLTwFmu6gDVl7asyl09zAPXjdFPtVVt_xRE5WWFuPAQ7rLRZIO8j2HeqwbO7aUc72IUrW5sIWV5TVM4Ai6l6Zpf0L8ct-AKkEtNy8WgogPyXWTzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1-evhWID3ORXadlzh-PDTFyohtAUnWvPFvxHzT-ywuaqFN0px0PrukqcX27oIItUza5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g HTTP/1.1
Host: serving.bepolite.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Cookie: bepolite_id=53c84cc0cba1f5f1b905feb7941ca153
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 0
date: Thu, 26 Oct 2023 17:30:13 GMT
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 666573160
age: 0
accept-ranges: bytes
X-Firefox-Spdy: h2
banner.hookusbookus.com/config/config.js?v=1
18.157.94.205200 OK 75 B URL GET HTTP/2 banner.hookusbookus.com/config/config.js?v=1
IP 18.157.94.205:443
Requested by https://banner.hookusbookus.com/index_300x600.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFzzir6Afpwiyh6fTv_uHsWb9E40EMJX2UQXlyEToQJLTwFmu6gDVl7asyl09zAPXjdFPtVVt_xRE5WWFuPAQ7rLRZIO8j2HeqwbO7aUc72IUrW5sIWV5TVM4Ai6l6Zpf0L8ct-AKkEtNy8WgogPyXWTzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1lOBTrB2gNvK4ykboohAFg9GiTK6hksTtZYDcAaR_SLbZUMMdoZrmihwdxucuHa1za5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFzzir6Afpwiyh6fTv_uHsWb9E40EMJX2UQXlyEToQJLTwFmu6gDVl7asyl09zAPXjdFPtVVt_xRE5WWFuPAQ7rLRZIO8j2HeqwbO7aUc72IUrW5sIWV5TVM4Ai6l6Zpf0L8ct-AKkEtNy8WgogPyXWTzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1lOBTrB2gNvK4ykboohAFg9GiTK6hksTtZYDcAaR_SLbZUMMdoZrmihwdxucuHa1za5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_300x600.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=764e06c42a714b508c6da8df6296025f50dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=300&h=600&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerAmazon
Subject*.hookusbookus.com
FingerprintCD:CD:3C:03:66:21:F8:A9:21:BC:F8:C8:3C:DC:88:0A:C5:19:F1:7A
ValiditySun, 07 May 2023 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT
Hash ee16e21326dec006274a554647c4d759
8e4389c35e12ea6d1e4d7214c174fda343047865
5ccb649c18765165e7128191ea14ab53d8de87d6ad7eea29328b681d455d7a4f
GET /config/config.js?v=1 HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFzzir6Afpwiyh6fTv_uHsWb9E40EMJX2UQXlyEToQJLTwFmu6gDVl7asyl09zAPXjdFPtVVt_xRE5WWFuPAQ7rLRZIO8j2HeqwbO7aUc72IUrW5sIWV5TVM4Ai6l6Zpf0L8ct-AKkEtNy8WgogPyXWTzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1-evhWID3ORXadlzh-PDTFyohtAUnWvPFvxHzT-ywuaqFN0px0PrukqcX27oIItUza5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFzzir6Afpwiyh6fTv_uHsWb9E40EMJX2UQXlyEToQJLTwFmu6gDVl7asyl09zAPXjdFPtVVt_xRE5WWFuPAQ7rLRZIO8j2HeqwbO7aUc72IUrW5sIWV5TVM4Ai6l6Zpf0L8ct-AKkEtNy8WgogPyXWTzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1-evhWID3ORXadlzh-PDTFyohtAUnWvPFvxHzT-ywuaqFN0px0PrukqcX27oIItUza5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=d0e67994dc7f4c0c89c220c278dae86e50dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 26 Oct 2023 17:30:25 GMT
content-type: application/javascript
content-length: 75
server: nginx/1.15.12
last-modified: Tue, 24 Jan 2023 14:19:47 GMT
etag: "63cfe903-4b"
accept-ranges: bytes
X-Firefox-Spdy: h2
banner.hookusbookus.com/assets/fonts/greycliff-cf-regular.woff
18.157.94.205200 OK 53 kB URL GET HTTP/2 banner.hookusbookus.com/assets/fonts/greycliff-cf-regular.woff
IP 18.157.94.205:443
Requested by https://banner.hookusbookus.com/index_300x600.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFzzir6Afpwiyh6fTv_uHsWb9E40EMJX2UQXlyEToQJLTwFmu6gDVl7asyl09zAPXjdFPtVVt_xRE5WWFuPAQ7rLRZIO8j2HeqwbO7aUc72IUrW5sIWV5TVM4Ai6l6Zpf0L8ct-AKkEtNy8WgogPyXWTzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1lOBTrB2gNvK4ykboohAFg9GiTK6hksTtZYDcAaR_SLbZUMMdoZrmihwdxucuHa1za5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFzzir6Afpwiyh6fTv_uHsWb9E40EMJX2UQXlyEToQJLTwFmu6gDVl7asyl09zAPXjdFPtVVt_xRE5WWFuPAQ7rLRZIO8j2HeqwbO7aUc72IUrW5sIWV5TVM4Ai6l6Zpf0L8ct-AKkEtNy8WgogPyXWTzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1lOBTrB2gNvK4ykboohAFg9GiTK6hksTtZYDcAaR_SLbZUMMdoZrmihwdxucuHa1za5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_300x600.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=764e06c42a714b508c6da8df6296025f50dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=300&h=600&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerAmazon
Subject*.hookusbookus.com
FingerprintCD:CD:3C:03:66:21:F8:A9:21:BC:F8:C8:3C:DC:88:0A:C5:19:F1:7A
ValiditySun, 07 May 2023 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT
File type Web Open Font Format, TrueType, length 53104, version 1.500\012- data
Hash 4f5975fe17a8ca74963be0165ff6a443
4bca2ab6c3da2b6ae09602601adeac22e7a90381
5b8f98e0c93afef19bd64c3dea2a16d60dc1574e5a4a79b788ef03b9eb3c22df
GET /assets/fonts/greycliff-cf-regular.woff HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/assets/css/index_300x600.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 26 Oct 2023 17:30:25 GMT
content-type: font/woff
content-length: 53104
server: nginx/1.15.12
last-modified: Thu, 22 Apr 2021 07:20:15 GMT
etag: "608123af-cf70"
accept-ranges: bytes
X-Firefox-Spdy: h2
banner.hookusbookus.com/assets/fonts/greycliff-cf-bold.woff
18.157.94.205200 OK 53 kB URL GET HTTP/2 banner.hookusbookus.com/assets/fonts/greycliff-cf-bold.woff
IP 18.157.94.205:443
Requested by https://banner.hookusbookus.com/index_300x600.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFzzir6Afpwiyh6fTv_uHsWb9E40EMJX2UQXlyEToQJLTwFmu6gDVl7asyl09zAPXjdFPtVVt_xRE5WWFuPAQ7rLRZIO8j2HeqwbO7aUc72IUrW5sIWV5TVM4Ai6l6Zpf0L8ct-AKkEtNy8WgogPyXWTzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1lOBTrB2gNvK4ykboohAFg9GiTK6hksTtZYDcAaR_SLbZUMMdoZrmihwdxucuHa1za5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFzzir6Afpwiyh6fTv_uHsWb9E40EMJX2UQXlyEToQJLTwFmu6gDVl7asyl09zAPXjdFPtVVt_xRE5WWFuPAQ7rLRZIO8j2HeqwbO7aUc72IUrW5sIWV5TVM4Ai6l6Zpf0L8ct-AKkEtNy8WgogPyXWTzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1lOBTrB2gNvK4ykboohAFg9GiTK6hksTtZYDcAaR_SLbZUMMdoZrmihwdxucuHa1za5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_300x600.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=764e06c42a714b508c6da8df6296025f50dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=300&h=600&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerAmazon
Subject*.hookusbookus.com
FingerprintCD:CD:3C:03:66:21:F8:A9:21:BC:F8:C8:3C:DC:88:0A:C5:19:F1:7A
ValiditySun, 07 May 2023 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT
File type Web Open Font Format, TrueType, length 53208, version 1.500\012- data
Hash c03dece8ec0635406a35b888337dca8f
b72706815dccadd44dba1693ed8865b41782b14f
092416b2a5cbe9f6596ff7ee177db702262c64326231a3664a34a65c861601b1
GET /assets/fonts/greycliff-cf-bold.woff HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/assets/css/index_300x600.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 26 Oct 2023 17:30:25 GMT
content-type: font/woff
content-length: 53208
server: nginx/1.15.12
last-modified: Thu, 22 Apr 2021 07:20:15 GMT
etag: "608123af-cfd8"
accept-ranges: bytes
X-Firefox-Spdy: h2
banner.hookusbookus.com/assets/image/prices-bg-3.png
18.157.94.205200 OK 2.4 kB URL GET HTTP/2 banner.hookusbookus.com/assets/image/prices-bg-3.png
IP 18.157.94.205:443
Requested by https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFzzir6Afpwiyh6fTv_uHsWb9E40EMJX2UQXlyEToQJLTwFmu6gDVl7asyl09zAPXjdFPtVVt_xRE5WWFuPAQ7rLRZIO8j2HeqwbO7aUc72IUrW5sIWV5TVM4Ai6l6Zpf0L8ct-AKkEtNy8WgogPyXWTzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1-evhWID3ORXadlzh-PDTFyohtAUnWvPFvxHzT-ywuaqFN0px0PrukqcX27oIItUza5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFzzir6Afpwiyh6fTv_uHsWb9E40EMJX2UQXlyEToQJLTwFmu6gDVl7asyl09zAPXjdFPtVVt_xRE5WWFuPAQ7rLRZIO8j2HeqwbO7aUc72IUrW5sIWV5TVM4Ai6l6Zpf0L8ct-AKkEtNy8WgogPyXWTzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1-evhWID3ORXadlzh-PDTFyohtAUnWvPFvxHzT-ywuaqFN0px0PrukqcX27oIItUza5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=d0e67994dc7f4c0c89c220c278dae86e50dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerAmazon
Subject*.hookusbookus.com
FingerprintCD:CD:3C:03:66:21:F8:A9:21:BC:F8:C8:3C:DC:88:0A:C5:19:F1:7A
ValiditySun, 07 May 2023 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT
File type PNG image data, 250 x 118, 8-bit/color RGBA, non-interlaced\012- data
Hash ef56eff9c1246b25c0088c156116ae05
21f5a8245443365c960a196d005277a3c5ef4709
be624625b85909d1b549672c0a13b167751f842e035c3156f1d5e4a1b677ce54
GET /assets/image/prices-bg-3.png HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/assets/css/index_1000x200.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 26 Oct 2023 17:30:25 GMT
content-type: image/png
content-length: 2442
server: nginx/1.15.12
last-modified: Thu, 22 Apr 2021 07:20:15 GMT
etag: "608123af-98a"
accept-ranges: bytes
X-Firefox-Spdy: h2
banner.hookusbookus.com/assets/fonts/greycliff-cf-regular.woff
18.157.94.205200 OK 53 kB URL GET HTTP/2 banner.hookusbookus.com/assets/fonts/greycliff-cf-regular.woff
IP 18.157.94.205:443
Requested by https://banner.hookusbookus.com/index_300x600.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFzzir6Afpwiyh6fTv_uHsWb9E40EMJX2UQXlyEToQJLTwFmu6gDVl7asyl09zAPXjdFPtVVt_xRE5WWFuPAQ7rLRZIO8j2HeqwbO7aUc72IUrW5sIWV5TVM4Ai6l6Zpf0L8ct-AKkEtNy8WgogPyXWTzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1lOBTrB2gNvK4ykboohAFg9GiTK6hksTtZYDcAaR_SLbZUMMdoZrmihwdxucuHa1za5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFzzir6Afpwiyh6fTv_uHsWb9E40EMJX2UQXlyEToQJLTwFmu6gDVl7asyl09zAPXjdFPtVVt_xRE5WWFuPAQ7rLRZIO8j2HeqwbO7aUc72IUrW5sIWV5TVM4Ai6l6Zpf0L8ct-AKkEtNy8WgogPyXWTzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1lOBTrB2gNvK4ykboohAFg9GiTK6hksTtZYDcAaR_SLbZUMMdoZrmihwdxucuHa1za5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_300x600.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=764e06c42a714b508c6da8df6296025f50dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=300&h=600&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerAmazon
Subject*.hookusbookus.com
FingerprintCD:CD:3C:03:66:21:F8:A9:21:BC:F8:C8:3C:DC:88:0A:C5:19:F1:7A
ValiditySun, 07 May 2023 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT
File type Web Open Font Format, TrueType, length 53104, version 1.500\012- data
Hash 4f5975fe17a8ca74963be0165ff6a443
4bca2ab6c3da2b6ae09602601adeac22e7a90381
5b8f98e0c93afef19bd64c3dea2a16d60dc1574e5a4a79b788ef03b9eb3c22df
GET /assets/fonts/greycliff-cf-regular.woff HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/assets/css/index_1000x200.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 26 Oct 2023 17:30:25 GMT
content-type: font/woff
content-length: 53104
server: nginx/1.15.12
last-modified: Thu, 22 Apr 2021 07:20:15 GMT
etag: "608123af-cf70"
accept-ranges: bytes
X-Firefox-Spdy: h2
banner.hookusbookus.com/assets/js/jquery.min.js
18.157.94.205200 OK 102 kB URL GET HTTP/2 banner.hookusbookus.com/assets/js/jquery.min.js
IP 18.157.94.205:443
Requested by https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFzzir6Afpwiyh6fTv_uHsWb9E40EMJX2UQXlyEToQJLTwFmu6gDVl7asyl09zAPXjdFPtVVt_xRE5WWFuPAQ7rLRZIO8j2HeqwbO7aUc72IUrW5sIWV5TVM4Ai6l6Zpf0L8ct-AKkEtNy8WgogPyXWTzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1-evhWID3ORXadlzh-PDTFyohtAUnWvPFvxHzT-ywuaqFN0px0PrukqcX27oIItUza5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFzzir6Afpwiyh6fTv_uHsWb9E40EMJX2UQXlyEToQJLTwFmu6gDVl7asyl09zAPXjdFPtVVt_xRE5WWFuPAQ7rLRZIO8j2HeqwbO7aUc72IUrW5sIWV5TVM4Ai6l6Zpf0L8ct-AKkEtNy8WgogPyXWTzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1-evhWID3ORXadlzh-PDTFyohtAUnWvPFvxHzT-ywuaqFN0px0PrukqcX27oIItUza5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=d0e67994dc7f4c0c89c220c278dae86e50dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerAmazon
Subject*.hookusbookus.com
FingerprintCD:CD:3C:03:66:21:F8:A9:21:BC:F8:C8:3C:DC:88:0A:C5:19:F1:7A
ValiditySun, 07 May 2023 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT
File type gzip compressed data, from Unix\012- data
Size 102 kB (101680 bytes)
Hash 4f1adf4bf89832d17978c19772edfcaf
50e75d2bdc28a1f1ef2239af31faa0bb824dff74
9ff72430f7588048696cbfca2eb43f08753adf8e151030e1cdd8465d79f7a563
GET /assets/js/jquery.min.js HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFzzir6Afpwiyh6fTv_uHsWb9E40EMJX2UQXlyEToQJLTwFmu6gDVl7asyl09zAPXjdFPtVVt_xRE5WWFuPAQ7rLRZIO8j2HeqwbO7aUc72IUrW5sIWV5TVM4Ai6l6Zpf0L8ct-AKkEtNy8WgogPyXWTzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1-evhWID3ORXadlzh-PDTFyohtAUnWvPFvxHzT-ywuaqFN0px0PrukqcX27oIItUza5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFzzir6Afpwiyh6fTv_uHsWb9E40EMJX2UQXlyEToQJLTwFmu6gDVl7asyl09zAPXjdFPtVVt_xRE5WWFuPAQ7rLRZIO8j2HeqwbO7aUc72IUrW5sIWV5TVM4Ai6l6Zpf0L8ct-AKkEtNy8WgogPyXWTzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1-evhWID3ORXadlzh-PDTFyohtAUnWvPFvxHzT-ywuaqFN0px0PrukqcX27oIItUza5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=d0e67994dc7f4c0c89c220c278dae86e50dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 26 Oct 2023 17:30:25 GMT
content-type: application/javascript
server: nginx/1.15.12
last-modified: Thu, 22 Apr 2021 07:20:15 GMT
vary: Accept-Encoding
etag: W/"608123af-15d84"
content-encoding: gzip
X-Firefox-Spdy: h2
dskwugy0u6y9l.cloudfront.net/hotelliveeb/images/general/1/siAdbm36aJT4SbFwxrl2.jpg
143.204.42.48421 Misdirected Request 46 kB URL GET HTTP/2 dskwugy0u6y9l.cloudfront.net/hotelliveeb/images/general/1/siAdbm36aJT4SbFwxrl2.jpg
IP 143.204.42.48:443
Requested by https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFzzir6Afpwiyh6fTv_uHsWb9E40EMJX2UQXlyEToQJLTwFmu6gDVl7asyl09zAPXjdFPtVVt_xRE5WWFuPAQ7rLRZIO8j2HeqwbO7aUc72IUrW5sIWV5TVM4Ai6l6Zpf0L8ct-AKkEtNy8WgogPyXWTzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1-evhWID3ORXadlzh-PDTFyohtAUnWvPFvxHzT-ywuaqFN0px0PrukqcX27oIItUza5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFzzir6Afpwiyh6fTv_uHsWb9E40EMJX2UQXlyEToQJLTwFmu6gDVl7asyl09zAPXjdFPtVVt_xRE5WWFuPAQ7rLRZIO8j2HeqwbO7aUc72IUrW5sIWV5TVM4Ai6l6Zpf0L8ct-AKkEtNy8WgogPyXWTzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1-evhWID3ORXadlzh-PDTFyohtAUnWvPFvxHzT-ywuaqFN0px0PrukqcX27oIItUza5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=d0e67994dc7f4c0c89c220c278dae86e50dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerAmazon
Subject*.cloudfront.net
FingerprintBA:0F:CD:B3:EA:19:B2:9D:99:9B:51:2D:16:33:6B:D0:3F:31:A2:AB
ValidityThu, 08 Dec 2022 00:00:00 GMT - Thu, 07 Dec 2023 23:59:59 GMT
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 346x198, components 3\012- data
Hash 91451d1ec57ce1bc7c4c8ca7bddec42f
45745a127deca1d09ce6b76ad6fc61098a40d488
acbf223b98dddada08e0b403986fc5f7bfd8c360d6c63cd50cafc3fc5540979d
GET /hotelliveeb/images/general/1/siAdbm36aJT4SbFwxrl2.jpg HTTP/1.1
Host: dskwugy0u6y9l.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 421 Misdirected Request
server: CloudFront
date: Thu, 26 Oct 2023 17:30:25 GMT
content-type: text/html
content-length: 1003
x-cache: Error from cloudfront
via: 1.1 a034aae43a19aef875fa395182990970.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Ma9r5duNQMzaInZvmC10Y9YuwiEHvVeraznovHiej_4dRNPNnZh6JA==
X-Firefox-Spdy: h2
serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYFzzir6Afpwiyh6fTv_uHsWb9E40EMJX2UQXlyEToQJLTwFmu6gDVl7asyl09zAPXjdFPtVVt_xRE5WWFuPAQ7rLRZIO8j2HeqwbO7aUc72IUrW5sIWV5TVM4Ai6l6Zpf0L8ct-AKkEtNy8WgogPyXWTzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1-evhWID3ORXadlzh-PDTFyohtAUnWvPFvxHzT-ywuaqFN0px0PrukqcX27oIItUza5hY8OvOxWaQQS9P0iYfnPQFkqynusZJvi-LzBjp4mA
212.47.222.22200 OK 0 B URL GET HTTP/2 serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYFzzir6Afpwiyh6fTv_uHsWb9E40EMJX2UQXlyEToQJLTwFmu6gDVl7asyl09zAPXjdFPtVVt_xRE5WWFuPAQ7rLRZIO8j2HeqwbO7aUc72IUrW5sIWV5TVM4Ai6l6Zpf0L8ct-AKkEtNy8WgogPyXWTzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1-evhWID3ORXadlzh-PDTFyohtAUnWvPFvxHzT-ywuaqFN0px0PrukqcX27oIItUza5hY8OvOxWaQQS9P0iYfnPQFkqynusZJvi-LzBjp4mA
IP 212.47.222.22:443
ASN #3327 CITIC Telecom CPC Netherlands B.V.
Requested by https://www.upload.ee/files/15851345/sadfok.hta.html?msg=sess_error
Certificate IssuerLet's Encrypt
Subjectstatic.bepolite.eu
FingerprintB7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD
ValidityMon, 04 Sep 2023 21:06:47 GMT - Sun, 03 Dec 2023 21:06:46 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /event?key=FYFWuDany3hwv6rfuoAYFzzir6Afpwiyh6fTv_uHsWb9E40EMJX2UQXlyEToQJLTwFmu6gDVl7asyl09zAPXjdFPtVVt_xRE5WWFuPAQ7rLRZIO8j2HeqwbO7aUc72IUrW5sIWV5TVM4Ai6l6Zpf0L8ct-AKkEtNy8WgogPyXWTzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1-evhWID3ORXadlzh-PDTFyohtAUnWvPFvxHzT-ywuaqFN0px0PrukqcX27oIItUza5hY8OvOxWaQQS9P0iYfnPQFkqynusZJvi-LzBjp4mA HTTP/1.1
Host: serving.bepolite.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Cookie: bepolite_id=53c84cc0cba1f5f1b905feb7941ca153
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 0
date: Thu, 26 Oct 2023 17:30:15 GMT
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 666478067
age: 0
accept-ranges: bytes
X-Firefox-Spdy: h2
dskwugy0u6y9l.cloudfront.net/hotelliveeb/images/general/1/B7IwTxkHR5fkysoQaj01.jpg
143.204.42.89200 OK 64 kB URL GET HTTP/2 dskwugy0u6y9l.cloudfront.net/hotelliveeb/images/general/1/B7IwTxkHR5fkysoQaj01.jpg
IP 143.204.42.89:443
Requested by https://banner.hookusbookus.com/index_300x600.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFzzir6Afpwiyh6fTv_uHsWb9E40EMJX2UQXlyEToQJLTwFmu6gDVl7asyl09zAPXjdFPtVVt_xRE5WWFuPAQ7rLRZIO8j2HeqwbO7aUc72IUrW5sIWV5TVM4Ai6l6Zpf0L8ct-AKkEtNy8WgogPyXWTzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1lOBTrB2gNvK4ykboohAFg9GiTK6hksTtZYDcAaR_SLbZUMMdoZrmihwdxucuHa1za5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFzzir6Afpwiyh6fTv_uHsWb9E40EMJX2UQXlyEToQJLTwFmu6gDVl7asyl09zAPXjdFPtVVt_xRE5WWFuPAQ7rLRZIO8j2HeqwbO7aUc72IUrW5sIWV5TVM4Ai6l6Zpf0L8ct-AKkEtNy8WgogPyXWTzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1lOBTrB2gNvK4ykboohAFg9GiTK6hksTtZYDcAaR_SLbZUMMdoZrmihwdxucuHa1za5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_300x600.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=764e06c42a714b508c6da8df6296025f50dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=300&h=600&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerAmazon
Subject*.cloudfront.net
FingerprintBA:0F:CD:B3:EA:19:B2:9D:99:9B:51:2D:16:33:6B:D0:3F:31:A2:AB
ValidityThu, 08 Dec 2022 00:00:00 GMT - Thu, 07 Dec 2023 23:59:59 GMT
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x230, components 3\012- data
Hash d972a34b1a1b834989b84bac0782a6ae
8fd9e3ad378bc036c7d52f8e00520f2a1a86c6de
41d582f52c7efdb1cfe4352b10a881bc05f4f2e88bead954adcf3e8efd179179
GET /hotelliveeb/images/general/1/B7IwTxkHR5fkysoQaj01.jpg HTTP/1.1
Host: dskwugy0u6y9l.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/jpeg
content-length: 64040
date: Thu, 26 Oct 2023 07:40:39 GMT
last-modified: Mon, 20 Dec 2021 05:01:29 GMT
etag: "d972a34b1a1b834989b84bac0782a6ae"
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 f46f7100ad6fc83a021f62212f945830.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: R4-iUxxhgcSw1OU7VcFVJnjUk5SvT03AMWwyPK0v2gyT02XdQIJT8w==
age: 35393
X-Firefox-Spdy: h2
dskwugy0u6y9l.cloudfront.net/hotelliveeb/images/general/1/cG1bEB3nZo9dBelViWmV.jpg
143.204.42.89200 OK 66 kB URL GET HTTP/2 dskwugy0u6y9l.cloudfront.net/hotelliveeb/images/general/1/cG1bEB3nZo9dBelViWmV.jpg
IP 143.204.42.89:443
Requested by https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFzzir6Afpwiyh6fTv_uHsWb9E40EMJX2UQXlyEToQJLTwFmu6gDVl7asyl09zAPXjdFPtVVt_xRE5WWFuPAQ7rLRZIO8j2HeqwbO7aUc72IUrW5sIWV5TVM4Ai6l6Zpf0L8ct-AKkEtNy8WgogPyXWTzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1-evhWID3ORXadlzh-PDTFyohtAUnWvPFvxHzT-ywuaqFN0px0PrukqcX27oIItUza5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFzzir6Afpwiyh6fTv_uHsWb9E40EMJX2UQXlyEToQJLTwFmu6gDVl7asyl09zAPXjdFPtVVt_xRE5WWFuPAQ7rLRZIO8j2HeqwbO7aUc72IUrW5sIWV5TVM4Ai6l6Zpf0L8ct-AKkEtNy8WgogPyXWTzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1-evhWID3ORXadlzh-PDTFyohtAUnWvPFvxHzT-ywuaqFN0px0PrukqcX27oIItUza5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=d0e67994dc7f4c0c89c220c278dae86e50dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerAmazon
Subject*.cloudfront.net
FingerprintBA:0F:CD:B3:EA:19:B2:9D:99:9B:51:2D:16:33:6B:D0:3F:31:A2:AB
ValidityThu, 08 Dec 2022 00:00:00 GMT - Thu, 07 Dec 2023 23:59:59 GMT
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 346x198, components 3\012- data
Hash 7cec3a9fd00d4d6ec1b1aa7adbf4c31d
554920ade5bff12c44b7c631977e7b9938e75b9d
3ec3f0e6b1d9f68d5f17ccf3b318ed1f719aefc6e9faffba763e789fe30ac0ae
GET /hotelliveeb/images/general/1/cG1bEB3nZo9dBelViWmV.jpg HTTP/1.1
Host: dskwugy0u6y9l.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
content-length: 65788
date: Wed, 25 Oct 2023 20:46:32 GMT
last-modified: Mon, 20 Dec 2021 05:01:49 GMT
etag: "7cec3a9fd00d4d6ec1b1aa7adbf4c31d"
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 f46f7100ad6fc83a021f62212f945830.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 4-eKrFgupug_imMS6vee30MNWe0vSXQyjspt7WElkFMmLE5v5CANKQ==
age: 74640
X-Firefox-Spdy: h2
pogothere.xyz/
104.21.24.208200 OK 71 kB IP 104.21.24.208:443
Requested by https://www.upload.ee/files/15851345/sadfok.hta.html?msg=sess_error
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint17:F9:2D:6F:B5:5E:5F:37:A6:FB:BE:61:4F:97:64:33:85:5C:3A:FB
ValidityTue, 28 Feb 2023 00:00:00 GMT - Tue, 27 Feb 2024 23:59:59 GMT
File type ASCII text, with no line terminators
Hash 1df3d77a82ae262ca7ee5354f17f19f9
9fd83e1563420a3a28e1433198872ebd94cc15e4
e0077b84b1dc8fa6b03923a11a731b3896efa231ae3b8002c39b661be9e883d2
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
Origin: https://www.upload.ee
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 26 Oct 2023 17:30:23 GMT
content-type: text/plain
set-cookie: csu=428065100723909@1@1698341423; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://www.upload.ee
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tIYpGX3BCb0lLh495gfWA8Wklt6VZL2qVxY13ng8rMA0PuiMXRy9riC2FmYA7lW%2F7bWypwvlU1XXMvc8E7AEQIwoLF5CkG3ZI%2FZomoOELYVLG1zriDwBJrSpewG47mq1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 81c46d4a7aa70b69-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
dskwugy0u6y9l.cloudfront.net/hotelliveeb/images/general/1/uKEQ3VnYU3XSxSyNM64d.jpg
143.204.42.89 73 kB URL GET dskwugy0u6y9l.cloudfront.net/hotelliveeb/images/general/1/uKEQ3VnYU3XSxSyNM64d.jpg
IP 143.204.42.89:0
Requested by https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFzzir6Afpwiyh6fTv_uHsWb9E40EMJX2UQXlyEToQJLTwFmu6gDVl7asyl09zAPXjdFPtVVt_xRE5WWFuPAQ7rLRZIO8j2HeqwbO7aUc72IUrW5sIWV5TVM4Ai6l6Zpf0L8ct-AKkEtNy8WgogPyXWTzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1-evhWID3ORXadlzh-PDTFyohtAUnWvPFvxHzT-ywuaqFN0px0PrukqcX27oIItUza5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFzzir6Afpwiyh6fTv_uHsWb9E40EMJX2UQXlyEToQJLTwFmu6gDVl7asyl09zAPXjdFPtVVt_xRE5WWFuPAQ7rLRZIO8j2HeqwbO7aUc72IUrW5sIWV5TVM4Ai6l6Zpf0L8ct-AKkEtNy8WgogPyXWTzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1-evhWID3ORXadlzh-PDTFyohtAUnWvPFvxHzT-ywuaqFN0px0PrukqcX27oIItUza5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=d0e67994dc7f4c0c89c220c278dae86e50dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerAmazon
Subject*.cloudfront.net
FingerprintBA:0F:CD:B3:EA:19:B2:9D:99:9B:51:2D:16:33:6B:D0:3F:31:A2:AB
ValidityThu, 08 Dec 2022 00:00:00 GMT - Thu, 07 Dec 2023 23:59:59 GMT
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 346x198, components 3\012- data
Hash bf36e0bf265a935a340671b4d66f2e01
71eacdd355861fa4500b9961d4fcd24b81aa87e4
8e6b881322ec75b0070fe04c905f40284ddc3806fdb6253cce210d544c8a0c19
GET /hotelliveeb/images/general/1/uKEQ3VnYU3XSxSyNM64d.jpg HTTP/1.1
Host: dskwugy0u6y9l.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
content-length: 72949
date: Thu, 26 Oct 2023 04:04:09 GMT
last-modified: Mon, 20 Dec 2021 05:01:42 GMT
etag: "bf36e0bf265a935a340671b4d66f2e01"
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 f46f7100ad6fc83a021f62212f945830.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Tvc1uiLzTQKh-YYBlLSh05Q8hvh01vKyMhyEjs7maLTCh2wi9p8VHg==
age: 48389
X-Firefox-Spdy: h2
dskwugy0u6y9l.cloudfront.net/hotelliveeb/images/general/1/qmEWWQHZrt0q6Dj1KgR0.jpg
143.204.42.48421 Misdirected Request 45 kB URL GET HTTP/2 dskwugy0u6y9l.cloudfront.net/hotelliveeb/images/general/1/qmEWWQHZrt0q6Dj1KgR0.jpg
IP 143.204.42.48:443
Requested by https://banner.hookusbookus.com/index_300x600.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFzzir6Afpwiyh6fTv_uHsWb9E40EMJX2UQXlyEToQJLTwFmu6gDVl7asyl09zAPXjdFPtVVt_xRE5WWFuPAQ7rLRZIO8j2HeqwbO7aUc72IUrW5sIWV5TVM4Ai6l6Zpf0L8ct-AKkEtNy8WgogPyXWTzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1lOBTrB2gNvK4ykboohAFg9GiTK6hksTtZYDcAaR_SLbZUMMdoZrmihwdxucuHa1za5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFzzir6Afpwiyh6fTv_uHsWb9E40EMJX2UQXlyEToQJLTwFmu6gDVl7asyl09zAPXjdFPtVVt_xRE5WWFuPAQ7rLRZIO8j2HeqwbO7aUc72IUrW5sIWV5TVM4Ai6l6Zpf0L8ct-AKkEtNy8WgogPyXWTzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1lOBTrB2gNvK4ykboohAFg9GiTK6hksTtZYDcAaR_SLbZUMMdoZrmihwdxucuHa1za5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_300x600.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=764e06c42a714b508c6da8df6296025f50dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=300&h=600&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerAmazon
Subject*.cloudfront.net
FingerprintBA:0F:CD:B3:EA:19:B2:9D:99:9B:51:2D:16:33:6B:D0:3F:31:A2:AB
ValidityThu, 08 Dec 2022 00:00:00 GMT - Thu, 07 Dec 2023 23:59:59 GMT
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x230, components 3\012- data
Hash 3696054995e4d4e836b239612a3422dc
79859a15f9ed363ec60913afa2e2249ea7449501
a91c8531d66e78e7a4f0ada00a92bdbe75d1812ea650f5787aefa7331ba5925b
GET /hotelliveeb/images/general/1/qmEWWQHZrt0q6Dj1KgR0.jpg HTTP/1.1
Host: dskwugy0u6y9l.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 421 Misdirected Request
server: CloudFront
date: Thu, 26 Oct 2023 17:30:25 GMT
content-type: text/html
content-length: 1003
x-cache: Error from cloudfront
via: 1.1 a034aae43a19aef875fa395182990970.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: SE8jVb2GV8XhTFEfmY6TioyaTs44eDAJeF87ruEP3xloiP0diVYlbQ==
X-Firefox-Spdy: h2
banner-server.hookusbookus.com/package-feed?language=et_ee&utmSource=allmedia
18.194.32.185200 OK 25 kB URL GET HTTP/2 banner-server.hookusbookus.com/package-feed?language=et_ee&utmSource=allmedia
IP 18.194.32.185:443
Requested by https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFzzir6Afpwiyh6fTv_uHsWb9E40EMJX2UQXlyEToQJLTwFmu6gDVl7asyl09zAPXjdFPtVVt_xRE5WWFuPAQ7rLRZIO8j2HeqwbO7aUc72IUrW5sIWV5TVM4Ai6l6Zpf0L8ct-AKkEtNy8WgogPyXWTzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1-evhWID3ORXadlzh-PDTFyohtAUnWvPFvxHzT-ywuaqFN0px0PrukqcX27oIItUza5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFzzir6Afpwiyh6fTv_uHsWb9E40EMJX2UQXlyEToQJLTwFmu6gDVl7asyl09zAPXjdFPtVVt_xRE5WWFuPAQ7rLRZIO8j2HeqwbO7aUc72IUrW5sIWV5TVM4Ai6l6Zpf0L8ct-AKkEtNy8WgogPyXWTzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1-evhWID3ORXadlzh-PDTFyohtAUnWvPFvxHzT-ywuaqFN0px0PrukqcX27oIItUza5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=d0e67994dc7f4c0c89c220c278dae86e50dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerAmazon
Subject*.hookusbookus.com
FingerprintCD:CD:3C:03:66:21:F8:A9:21:BC:F8:C8:3C:DC:88:0A:C5:19:F1:7A
ValiditySun, 07 May 2023 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /package-feed?language=et_ee&utmSource=allmedia HTTP/1.1
Host: banner-server.hookusbookus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://banner.hookusbookus.com
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 26 Oct 2023 17:30:25 GMT
content-type: application/json
access-control-allow-origin: https://banner.hookusbookus.com
access-control-allow-methods: POST, PUT, GET, PATCH, OPTIONS, DELETE
access-control-max-age: 3600
access-control-allow-headers: origin, authorization, accept, content-type, x-requested-with, Pragma, Cache-Control, If-Modified-Since, X-Auth-Token, X-Client-Certificate
access-control-allow-credentials: true
access-control-expose-headers: X-Auth-Token, Content-Disposition, Content-Length
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
x-frame-options: DENY
X-Firefox-Spdy: h2
serving.bepolite.eu/script?space=50dd7b0f-4105-441f-8f60-18cc3fcb090c&type=direct&page_id=9635669&screen_width=1280&screen_height=1024&os=Linux%20x86_64&refurl=https%3A%2F%2Fwww.upload.ee%2Fdownload%2F15851345%2F3797f05bf2341dbeb135%2Fsadfok.hta&pageurl=https%3A%2F%2Fwww.upload.ee%2Ffiles%2F15851345%2Fsadfok.hta.html%3Fmsg%3Dsess_error&rnd=1698341423792
0.0.0.0 0 B URL GET serving.bepolite.eu/script?space=50dd7b0f-4105-441f-8f60-18cc3fcb090c&type=direct&page_id=9635669&screen_width=1280&screen_height=1024&os=Linux%20x86_64&refurl=https%3A%2F%2Fwww.upload.ee%2Fdownload%2F15851345%2F3797f05bf2341dbeb135%2Fsadfok.hta&pageurl=https%3A%2F%2Fwww.upload.ee%2Ffiles%2F15851345%2Fsadfok.hta.html%3Fmsg%3Dsess_error&rnd=1698341423792
IP 0.0.0.0:0
Requested by https://www.upload.ee/files/15851345/sadfok.hta.html?msg=sess_error
Certificate IssuerLet's Encrypt
Subjectstatic.bepolite.eu
FingerprintB7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD
ValidityMon, 04 Sep 2023 21:06:47 GMT - Sun, 03 Dec 2023 21:06:46 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /script?space=50dd7b0f-4105-441f-8f60-18cc3fcb090c&type=direct&page_id=9635669&screen_width=1280&screen_height=1024&os=Linux%20x86_64&refurl=https%3A%2F%2Fwww.upload.ee%2Fdownload%2F15851345%2F3797f05bf2341dbeb135%2Fsadfok.hta&pageurl=https%3A%2F%2Fwww.upload.ee%2Ffiles%2F15851345%2Fsadfok.hta.html%3Fmsg%3Dsess_error&rnd=1698341423792 HTTP/1.1
Host: serving.bepolite.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
cache-control: private, must-revalidate, max-age=0
vary: accept-encoding
content-encoding: gzip
content-type: text/plain;charset=ISO-8859-1
date: Thu, 26 Oct 2023 17:30:12 GMT
set-cookie: bepolite_id=53c84cc0cba1f5f1b905feb7941ca153; Max-Age=7776000; Expires=Wed, 24-Jan-2024 17:30:13 GMT; SameSite=None; Secure
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 663518099
age: 0
accept-ranges: bytes
content-length: 1443
X-Firefox-Spdy: h2
banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFzzir6Afpwiyh6fTv_uHsWb9E40EMJX2UQXlyEToQJLTwFmu6gDVl7asyl09zAPXjdFPtVVt_xRE5WWFuPAQ7rLRZIO8j2HeqwbO7aUc72IUrW5sIWV5TVM4Ai6l6Zpf0L8ct-AKkEtNy8WgogPyXWTzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1-evhWID3ORXadlzh-PDTFyohtAUnWvPFvxHzT-ywuaqFN0px0PrukqcX27oIItUza5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFzzir6Afpwiyh6fTv_uHsWb9E40EMJX2UQXlyEToQJLTwFmu6gDVl7asyl09zAPXjdFPtVVt_xRE5WWFuPAQ7rLRZIO8j2HeqwbO7aUc72IUrW5sIWV5TVM4Ai6l6Zpf0L8ct-AKkEtNy8WgogPyXWTzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1-evhWID3ORXadlzh-PDTFyohtAUnWvPFvxHzT-ywuaqFN0px0PrukqcX27oIItUza5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=d0e67994dc7f4c0c89c220c278dae86e50dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
18.157.94.205200 OK 6.0 kB URL GET HTTP/2 banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFzzir6Afpwiyh6fTv_uHsWb9E40EMJX2UQXlyEToQJLTwFmu6gDVl7asyl09zAPXjdFPtVVt_xRE5WWFuPAQ7rLRZIO8j2HeqwbO7aUc72IUrW5sIWV5TVM4Ai6l6Zpf0L8ct-AKkEtNy8WgogPyXWTzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1-evhWID3ORXadlzh-PDTFyohtAUnWvPFvxHzT-ywuaqFN0px0PrukqcX27oIItUza5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFzzir6Afpwiyh6fTv_uHsWb9E40EMJX2UQXlyEToQJLTwFmu6gDVl7asyl09zAPXjdFPtVVt_xRE5WWFuPAQ7rLRZIO8j2HeqwbO7aUc72IUrW5sIWV5TVM4Ai6l6Zpf0L8ct-AKkEtNy8WgogPyXWTzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1-evhWID3ORXadlzh-PDTFyohtAUnWvPFvxHzT-ywuaqFN0px0PrukqcX27oIItUza5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=d0e67994dc7f4c0c89c220c278dae86e50dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
IP 18.157.94.205:443
Requested by https://www.upload.ee/files/15851345/sadfok.hta.html?msg=sess_error
Certificate IssuerAmazon
Subject*.hookusbookus.com
FingerprintCD:CD:3C:03:66:21:F8:A9:21:BC:F8:C8:3C:DC:88:0A:C5:19:F1:7A
ValiditySun, 07 May 2023 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (6210), with no line terminators
Hash b2c258a8d77db021c8f33f8e84dba71b
c453e30dac638f4e1b897309fe32db795d540f80
2d1065201a188a85c1a7d0a3ee130f5a8dc4e60db8fe221fb2081e77222e5a9f
GET /index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFzzir6Afpwiyh6fTv_uHsWb9E40EMJX2UQXlyEToQJLTwFmu6gDVl7asyl09zAPXjdFPtVVt_xRE5WWFuPAQ7rLRZIO8j2HeqwbO7aUc72IUrW5sIWV5TVM4Ai6l6Zpf0L8ct-AKkEtNy8WgogPyXWTzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1-evhWID3ORXadlzh-PDTFyohtAUnWvPFvxHzT-ywuaqFN0px0PrukqcX27oIItUza5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFzzir6Afpwiyh6fTv_uHsWb9E40EMJX2UQXlyEToQJLTwFmu6gDVl7asyl09zAPXjdFPtVVt_xRE5WWFuPAQ7rLRZIO8j2HeqwbO7aUc72IUrW5sIWV5TVM4Ai6l6Zpf0L8ct-AKkEtNy8WgogPyXWTzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1-evhWID3ORXadlzh-PDTFyohtAUnWvPFvxHzT-ywuaqFN0px0PrukqcX27oIItUza5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=d0e67994dc7f4c0c89c220c278dae86e50dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 26 Oct 2023 17:30:25 GMT
content-type: text/html
server: nginx/1.15.12
last-modified: Tue, 24 Jan 2023 14:19:47 GMT
vary: Accept-Encoding
etag: W/"63cfe903-1781"
content-encoding: gzip
X-Firefox-Spdy: h2
banner.hookusbookus.com/assets/css/index_1000x200.css
18.157.94.205200 OK 4.9 kB URL GET HTTP/2 banner.hookusbookus.com/assets/css/index_1000x200.css
IP 18.157.94.205:443
Requested by https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFzzir6Afpwiyh6fTv_uHsWb9E40EMJX2UQXlyEToQJLTwFmu6gDVl7asyl09zAPXjdFPtVVt_xRE5WWFuPAQ7rLRZIO8j2HeqwbO7aUc72IUrW5sIWV5TVM4Ai6l6Zpf0L8ct-AKkEtNy8WgogPyXWTzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1-evhWID3ORXadlzh-PDTFyohtAUnWvPFvxHzT-ywuaqFN0px0PrukqcX27oIItUza5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFzzir6Afpwiyh6fTv_uHsWb9E40EMJX2UQXlyEToQJLTwFmu6gDVl7asyl09zAPXjdFPtVVt_xRE5WWFuPAQ7rLRZIO8j2HeqwbO7aUc72IUrW5sIWV5TVM4Ai6l6Zpf0L8ct-AKkEtNy8WgogPyXWTzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1-evhWID3ORXadlzh-PDTFyohtAUnWvPFvxHzT-ywuaqFN0px0PrukqcX27oIItUza5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=d0e67994dc7f4c0c89c220c278dae86e50dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerAmazon
Subject*.hookusbookus.com
FingerprintCD:CD:3C:03:66:21:F8:A9:21:BC:F8:C8:3C:DC:88:0A:C5:19:F1:7A
ValiditySun, 07 May 2023 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT
File type ASCII text, with very long lines (5152), with no line terminators
Hash bbea28c29e42d59be2f13c38e8eb0845
b93e2ad2b20ab7d449a672afc091dc413695c606
62990b77849d8b95ca831a9f630cfda48af5be340a3f1e5aa4ee5792a37e4e76
GET /assets/css/index_1000x200.css HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFzzir6Afpwiyh6fTv_uHsWb9E40EMJX2UQXlyEToQJLTwFmu6gDVl7asyl09zAPXjdFPtVVt_xRE5WWFuPAQ7rLRZIO8j2HeqwbO7aUc72IUrW5sIWV5TVM4Ai6l6Zpf0L8ct-AKkEtNy8WgogPyXWTzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1-evhWID3ORXadlzh-PDTFyohtAUnWvPFvxHzT-ywuaqFN0px0PrukqcX27oIItUza5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFzzir6Afpwiyh6fTv_uHsWb9E40EMJX2UQXlyEToQJLTwFmu6gDVl7asyl09zAPXjdFPtVVt_xRE5WWFuPAQ7rLRZIO8j2HeqwbO7aUc72IUrW5sIWV5TVM4Ai6l6Zpf0L8ct-AKkEtNy8WgogPyXWTzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1-evhWID3ORXadlzh-PDTFyohtAUnWvPFvxHzT-ywuaqFN0px0PrukqcX27oIItUza5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=d0e67994dc7f4c0c89c220c278dae86e50dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 26 Oct 2023 17:30:25 GMT
content-type: text/css
server: nginx/1.15.12
last-modified: Fri, 17 Dec 2021 08:13:58 GMT
vary: Accept-Encoding
etag: W/"61bc46c6-1301"
content-encoding: gzip
X-Firefox-Spdy: h2
ismscoldnesfspl.info/popunder.gif
172.67.195.47200 OK 35 B URL GET HTTP/3 ismscoldnesfspl.info/popunder.gif
IP 172.67.195.47:443
Requested by https://www.upload.ee/files/15851345/sadfok.hta.html?msg=sess_error
Certificate IssuerGoogle Trust Services LLC
Subjectismscoldnesfspl.info
FingerprintA0:89:A4:0E:87:A8:62:EA:DC:42:35:82:62:8C:B6:CC:95:A1:9C:5E
ValidityThu, 12 Oct 2023 08:47:57 GMT - Wed, 10 Jan 2024 08:47:56 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
GET /popunder.gif HTTP/1.1
Host: ismscoldnesfspl.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 26 Oct 2023 17:30:23 GMT
content-type: image/gif
access-control-allow-origin: *
pragma: public
cache-control: public, max-age=604800, immutable
cf-cache-status: HIT
age: 912
last-modified: Thu, 26 Oct 2023 17:15:11 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aDXMtMXHkCQY%2FsPykM%2FtERBvoPP4JapMYrg86s8uLjAXt2lvNIhVKG0BqcYUP3DfysuxF%2BHV4c2SI4TGvJjo0eSnz6mjSwbnTLJng3K3MODj3rOcfLEcZAPBPYWKgYtrM2t%2FPfxciw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 81c46d4b395b56b7-OSL
alt-svc: h3=":443"; ma=86400
banner.hookusbookus.com/assets/css/index_300x600.css
18.157.94.205200 OK 7.2 kB URL GET HTTP/2 banner.hookusbookus.com/assets/css/index_300x600.css
IP 18.157.94.205:443
Requested by https://banner.hookusbookus.com/index_300x600.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFzzir6Afpwiyh6fTv_uHsWb9E40EMJX2UQXlyEToQJLTwFmu6gDVl7asyl09zAPXjdFPtVVt_xRE5WWFuPAQ7rLRZIO8j2HeqwbO7aUc72IUrW5sIWV5TVM4Ai6l6Zpf0L8ct-AKkEtNy8WgogPyXWTzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1lOBTrB2gNvK4ykboohAFg9GiTK6hksTtZYDcAaR_SLbZUMMdoZrmihwdxucuHa1za5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFzzir6Afpwiyh6fTv_uHsWb9E40EMJX2UQXlyEToQJLTwFmu6gDVl7asyl09zAPXjdFPtVVt_xRE5WWFuPAQ7rLRZIO8j2HeqwbO7aUc72IUrW5sIWV5TVM4Ai6l6Zpf0L8ct-AKkEtNy8WgogPyXWTzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1lOBTrB2gNvK4ykboohAFg9GiTK6hksTtZYDcAaR_SLbZUMMdoZrmihwdxucuHa1za5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_300x600.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=764e06c42a714b508c6da8df6296025f50dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=300&h=600&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerAmazon
Subject*.hookusbookus.com
FingerprintCD:CD:3C:03:66:21:F8:A9:21:BC:F8:C8:3C:DC:88:0A:C5:19:F1:7A
ValiditySun, 07 May 2023 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT
File type ASCII text, with very long lines (7402), with no line terminators
Hash ef4576b025213d57cd958c234d61a8a1
5dd8d741efe63291e503bb6bf23e603c810b9030
69478abb1501f6c8fb03f774621b5f0275d59f55b3fc4f24d95bade9e277efdb
GET /assets/css/index_300x600.css HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/index_300x600.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFzzir6Afpwiyh6fTv_uHsWb9E40EMJX2UQXlyEToQJLTwFmu6gDVl7asyl09zAPXjdFPtVVt_xRE5WWFuPAQ7rLRZIO8j2HeqwbO7aUc72IUrW5sIWV5TVM4Ai6l6Zpf0L8ct-AKkEtNy8WgogPyXWTzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1lOBTrB2gNvK4ykboohAFg9GiTK6hksTtZYDcAaR_SLbZUMMdoZrmihwdxucuHa1za5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFzzir6Afpwiyh6fTv_uHsWb9E40EMJX2UQXlyEToQJLTwFmu6gDVl7asyl09zAPXjdFPtVVt_xRE5WWFuPAQ7rLRZIO8j2HeqwbO7aUc72IUrW5sIWV5TVM4Ai6l6Zpf0L8ct-AKkEtNy8WgogPyXWTzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1lOBTrB2gNvK4ykboohAFg9GiTK6hksTtZYDcAaR_SLbZUMMdoZrmihwdxucuHa1za5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_300x600.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=764e06c42a714b508c6da8df6296025f50dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=300&h=600&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 26 Oct 2023 17:30:25 GMT
content-type: text/css
server: nginx/1.15.12
last-modified: Mon, 05 Jul 2021 19:56:59 GMT
vary: Accept-Encoding
etag: W/"60e3640b-1c4f"
content-encoding: gzip
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AVQVeywu89zt7-iMTRCiUE2X4ez0rOYaPaYbJCYKYR5SRbiPrnHEhMlPhLdKBJW4sN_TRXaJubzaKg&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1559669267%3A1698341423830657&theme=glif
142.250.74.109403 Forbidden 0 B URL GET HTTP/3 accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AVQVeywu89zt7-iMTRCiUE2X4ez0rOYaPaYbJCYKYR5SRbiPrnHEhMlPhLdKBJW4sN_TRXaJubzaKg&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1559669267%3A1698341423830657&theme=glif
IP 142.250.74.109:443
Requested by https://www.upload.ee/files/15851345/sadfok.hta.html?msg=sess_error
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
FingerprintC9:4D:78:AD:EC:04:27:EE:F0:06:4C:C8:78:D8:9F:06:B5:CC:39:37
ValidityThu, 28 Sep 2023 05:26:21 GMT - Thu, 21 Dec 2023 05:26:20 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AVQVeywu89zt7-iMTRCiUE2X4ez0rOYaPaYbJCYKYR5SRbiPrnHEhMlPhLdKBJW4sN_TRXaJubzaKg&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1559669267%3A1698341423830657&theme=glif HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 26 Oct 2023 17:30:24 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-pxrcvzUYReaTL9P3Ty47zQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
banner-server.hookusbookus.com/package-feed?language=et_ee&utmSource=allmedia
18.194.32.185200 OK 25 kB URL GET HTTP/2 banner-server.hookusbookus.com/package-feed?language=et_ee&utmSource=allmedia
IP 18.194.32.185:443
Requested by https://banner.hookusbookus.com/index_300x600.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFzzir6Afpwiyh6fTv_uHsWb9E40EMJX2UQXlyEToQJLTwFmu6gDVl7asyl09zAPXjdFPtVVt_xRE5WWFuPAQ7rLRZIO8j2HeqwbO7aUc72IUrW5sIWV5TVM4Ai6l6Zpf0L8ct-AKkEtNy8WgogPyXWTzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1lOBTrB2gNvK4ykboohAFg9GiTK6hksTtZYDcAaR_SLbZUMMdoZrmihwdxucuHa1za5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFzzir6Afpwiyh6fTv_uHsWb9E40EMJX2UQXlyEToQJLTwFmu6gDVl7asyl09zAPXjdFPtVVt_xRE5WWFuPAQ7rLRZIO8j2HeqwbO7aUc72IUrW5sIWV5TVM4Ai6l6Zpf0L8ct-AKkEtNy8WgogPyXWTzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1lOBTrB2gNvK4ykboohAFg9GiTK6hksTtZYDcAaR_SLbZUMMdoZrmihwdxucuHa1za5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_300x600.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=764e06c42a714b508c6da8df6296025f50dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=300&h=600&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerAmazon
Subject*.hookusbookus.com
FingerprintCD:CD:3C:03:66:21:F8:A9:21:BC:F8:C8:3C:DC:88:0A:C5:19:F1:7A
ValiditySun, 07 May 2023 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /package-feed?language=et_ee&utmSource=allmedia HTTP/1.1
Host: banner-server.hookusbookus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://banner.hookusbookus.com
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 26 Oct 2023 17:30:25 GMT
content-type: application/json
access-control-allow-origin: https://banner.hookusbookus.com
access-control-allow-methods: POST, PUT, GET, PATCH, OPTIONS, DELETE
access-control-max-age: 3600
access-control-allow-headers: origin, authorization, accept, content-type, x-requested-with, Pragma, Cache-Control, If-Modified-Since, X-Auth-Token, X-Client-Certificate
access-control-allow-credentials: true
access-control-expose-headers: X-Auth-Token, Content-Disposition, Content-Length
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
x-frame-options: DENY
X-Firefox-Spdy: h2
banner.hookusbookus.com/index_300x600.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFzzir6Afpwiyh6fTv_uHsWb9E40EMJX2UQXlyEToQJLTwFmu6gDVl7asyl09zAPXjdFPtVVt_xRE5WWFuPAQ7rLRZIO8j2HeqwbO7aUc72IUrW5sIWV5TVM4Ai6l6Zpf0L8ct-AKkEtNy8WgogPyXWTzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1lOBTrB2gNvK4ykboohAFg9GiTK6hksTtZYDcAaR_SLbZUMMdoZrmihwdxucuHa1za5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFzzir6Afpwiyh6fTv_uHsWb9E40EMJX2UQXlyEToQJLTwFmu6gDVl7asyl09zAPXjdFPtVVt_xRE5WWFuPAQ7rLRZIO8j2HeqwbO7aUc72IUrW5sIWV5TVM4Ai6l6Zpf0L8ct-AKkEtNy8WgogPyXWTzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1lOBTrB2gNvK4ykboohAFg9GiTK6hksTtZYDcAaR_SLbZUMMdoZrmihwdxucuHa1za5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_300x600.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=764e06c42a714b508c6da8df6296025f50dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=300&h=600&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
18.157.94.205200 OK 6.0 kB URL GET HTTP/2 banner.hookusbookus.com/index_300x600.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFzzir6Afpwiyh6fTv_uHsWb9E40EMJX2UQXlyEToQJLTwFmu6gDVl7asyl09zAPXjdFPtVVt_xRE5WWFuPAQ7rLRZIO8j2HeqwbO7aUc72IUrW5sIWV5TVM4Ai6l6Zpf0L8ct-AKkEtNy8WgogPyXWTzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1lOBTrB2gNvK4ykboohAFg9GiTK6hksTtZYDcAaR_SLbZUMMdoZrmihwdxucuHa1za5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFzzir6Afpwiyh6fTv_uHsWb9E40EMJX2UQXlyEToQJLTwFmu6gDVl7asyl09zAPXjdFPtVVt_xRE5WWFuPAQ7rLRZIO8j2HeqwbO7aUc72IUrW5sIWV5TVM4Ai6l6Zpf0L8ct-AKkEtNy8WgogPyXWTzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1lOBTrB2gNvK4ykboohAFg9GiTK6hksTtZYDcAaR_SLbZUMMdoZrmihwdxucuHa1za5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_300x600.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=764e06c42a714b508c6da8df6296025f50dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=300&h=600&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
IP 18.157.94.205:443
Requested by https://www.upload.ee/files/15851345/sadfok.hta.html?msg=sess_error
Certificate IssuerAmazon
Subject*.hookusbookus.com
FingerprintCD:CD:3C:03:66:21:F8:A9:21:BC:F8:C8:3C:DC:88:0A:C5:19:F1:7A
ValiditySun, 07 May 2023 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (6183), with no line terminators
Hash e6203b2e0919f42103d8a3367bbc9b32
08d251797a13b125ec05294116373d90493045dd
e893c3c55f767327f9d5723610d23852fc9f34827dda3bd918575f75f5ef6e0b
GET /index_300x600.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFzzir6Afpwiyh6fTv_uHsWb9E40EMJX2UQXlyEToQJLTwFmu6gDVl7asyl09zAPXjdFPtVVt_xRE5WWFuPAQ7rLRZIO8j2HeqwbO7aUc72IUrW5sIWV5TVM4Ai6l6Zpf0L8ct-AKkEtNy8WgogPyXWTzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1lOBTrB2gNvK4ykboohAFg9GiTK6hksTtZYDcAaR_SLbZUMMdoZrmihwdxucuHa1za5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFzzir6Afpwiyh6fTv_uHsWb9E40EMJX2UQXlyEToQJLTwFmu6gDVl7asyl09zAPXjdFPtVVt_xRE5WWFuPAQ7rLRZIO8j2HeqwbO7aUc72IUrW5sIWV5TVM4Ai6l6Zpf0L8ct-AKkEtNy8WgogPyXWTzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1lOBTrB2gNvK4ykboohAFg9GiTK6hksTtZYDcAaR_SLbZUMMdoZrmihwdxucuHa1za5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_300x600.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=764e06c42a714b508c6da8df6296025f50dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=300&h=600&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 26 Oct 2023 17:30:25 GMT
content-type: text/html
server: nginx/1.15.12
last-modified: Tue, 24 Jan 2023 14:19:47 GMT
vary: Accept-Encoding
etag: W/"63cfe903-1761"
content-encoding: gzip
X-Firefox-Spdy: h2
banner.hookusbookus.com/assets/image/svg/hb-logo.svg
18.157.94.205200 OK 15 kB URL GET HTTP/2 banner.hookusbookus.com/assets/image/svg/hb-logo.svg
IP 18.157.94.205:443
Requested by https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFzzir6Afpwiyh6fTv_uHsWb9E40EMJX2UQXlyEToQJLTwFmu6gDVl7asyl09zAPXjdFPtVVt_xRE5WWFuPAQ7rLRZIO8j2HeqwbO7aUc72IUrW5sIWV5TVM4Ai6l6Zpf0L8ct-AKkEtNy8WgogPyXWTzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1-evhWID3ORXadlzh-PDTFyohtAUnWvPFvxHzT-ywuaqFN0px0PrukqcX27oIItUza5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFzzir6Afpwiyh6fTv_uHsWb9E40EMJX2UQXlyEToQJLTwFmu6gDVl7asyl09zAPXjdFPtVVt_xRE5WWFuPAQ7rLRZIO8j2HeqwbO7aUc72IUrW5sIWV5TVM4Ai6l6Zpf0L8ct-AKkEtNy8WgogPyXWTzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1-evhWID3ORXadlzh-PDTFyohtAUnWvPFvxHzT-ywuaqFN0px0PrukqcX27oIItUza5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=d0e67994dc7f4c0c89c220c278dae86e50dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerAmazon
Subject*.hookusbookus.com
FingerprintCD:CD:3C:03:66:21:F8:A9:21:BC:F8:C8:3C:DC:88:0A:C5:19:F1:7A
ValiditySun, 07 May 2023 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (15333), with no line terminators
Hash bf6baf947f924bf8d67e947a025def06
9ac9fccb0351b41c1545714153ed5fa2c4bfef3a
64efdaebd020c39ec366f473c831cb51e8cd5d5b1afde13a9695d1f2dae4e60e
GET /assets/image/svg/hb-logo.svg HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/assets/css/index_1000x200.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 26 Oct 2023 17:30:25 GMT
content-type: image/svg+xml
server: nginx/1.15.12
last-modified: Mon, 05 Jul 2021 19:56:59 GMT
vary: Accept-Encoding
etag: W/"60e3640b-3be5"
content-encoding: gzip
X-Firefox-Spdy: h2
banner.hookusbookus.com/assets/image/svg/hb-logo.svg
18.157.94.205200 OK 15 kB URL GET HTTP/2 banner.hookusbookus.com/assets/image/svg/hb-logo.svg
IP 18.157.94.205:443
Requested by https://banner.hookusbookus.com/index_300x600.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFzzir6Afpwiyh6fTv_uHsWb9E40EMJX2UQXlyEToQJLTwFmu6gDVl7asyl09zAPXjdFPtVVt_xRE5WWFuPAQ7rLRZIO8j2HeqwbO7aUc72IUrW5sIWV5TVM4Ai6l6Zpf0L8ct-AKkEtNy8WgogPyXWTzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1lOBTrB2gNvK4ykboohAFg9GiTK6hksTtZYDcAaR_SLbZUMMdoZrmihwdxucuHa1za5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFzzir6Afpwiyh6fTv_uHsWb9E40EMJX2UQXlyEToQJLTwFmu6gDVl7asyl09zAPXjdFPtVVt_xRE5WWFuPAQ7rLRZIO8j2HeqwbO7aUc72IUrW5sIWV5TVM4Ai6l6Zpf0L8ct-AKkEtNy8WgogPyXWTzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1lOBTrB2gNvK4ykboohAFg9GiTK6hksTtZYDcAaR_SLbZUMMdoZrmihwdxucuHa1za5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_300x600.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=764e06c42a714b508c6da8df6296025f50dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=300&h=600&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerAmazon
Subject*.hookusbookus.com
FingerprintCD:CD:3C:03:66:21:F8:A9:21:BC:F8:C8:3C:DC:88:0A:C5:19:F1:7A
ValiditySun, 07 May 2023 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (15333), with no line terminators
Hash bf6baf947f924bf8d67e947a025def06
9ac9fccb0351b41c1545714153ed5fa2c4bfef3a
64efdaebd020c39ec366f473c831cb51e8cd5d5b1afde13a9695d1f2dae4e60e
GET /assets/image/svg/hb-logo.svg HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/index_300x600.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFzzir6Afpwiyh6fTv_uHsWb9E40EMJX2UQXlyEToQJLTwFmu6gDVl7asyl09zAPXjdFPtVVt_xRE5WWFuPAQ7rLRZIO8j2HeqwbO7aUc72IUrW5sIWV5TVM4Ai6l6Zpf0L8ct-AKkEtNy8WgogPyXWTzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1lOBTrB2gNvK4ykboohAFg9GiTK6hksTtZYDcAaR_SLbZUMMdoZrmihwdxucuHa1za5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFzzir6Afpwiyh6fTv_uHsWb9E40EMJX2UQXlyEToQJLTwFmu6gDVl7asyl09zAPXjdFPtVVt_xRE5WWFuPAQ7rLRZIO8j2HeqwbO7aUc72IUrW5sIWV5TVM4Ai6l6Zpf0L8ct-AKkEtNy8WgogPyXWTzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1lOBTrB2gNvK4ykboohAFg9GiTK6hksTtZYDcAaR_SLbZUMMdoZrmihwdxucuHa1za5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_300x600.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=764e06c42a714b508c6da8df6296025f50dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=300&h=600&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 26 Oct 2023 17:30:25 GMT
content-type: image/svg+xml
server: nginx/1.15.12
last-modified: Mon, 05 Jul 2021 19:56:59 GMT
vary: Accept-Encoding
etag: W/"60e3640b-3be5"
content-encoding: gzip
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AVQVeyw_hOwQhDZvDAm6ZZGaA1Kzyt6WhSxaSuJQBD0IH64MyWwZJU3UH-zMeHiFyVbjJKe07AK0Pw&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1022763188%3A1698341423810205&theme=glif
142.250.74.109403 Forbidden 0 B URL GET HTTP/3 accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AVQVeyw_hOwQhDZvDAm6ZZGaA1Kzyt6WhSxaSuJQBD0IH64MyWwZJU3UH-zMeHiFyVbjJKe07AK0Pw&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1022763188%3A1698341423810205&theme=glif
IP 142.250.74.109:443
Requested by https://www.upload.ee/files/15851345/sadfok.hta.html?msg=sess_error
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
FingerprintC9:4D:78:AD:EC:04:27:EE:F0:06:4C:C8:78:D8:9F:06:B5:CC:39:37
ValidityThu, 28 Sep 2023 05:26:21 GMT - Thu, 21 Dec 2023 05:26:20 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AVQVeyw_hOwQhDZvDAm6ZZGaA1Kzyt6WhSxaSuJQBD0IH64MyWwZJU3UH-zMeHiFyVbjJKe07AK0Pw&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1022763188%3A1698341423810205&theme=glif HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 26 Oct 2023 17:30:23 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-qxj9CFeuTjqN-d3PGoV5xQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000