Report - upload.ee/download/15851345/4dbe3e30b13d1dbeccfe/sadfok.hta

Report Overview

Visited public
2023-10-26 17:30:42
Tags
URL
upload.ee/download/15851345/4dbe3e30b13d1dbeccfe/sadfok.hta
Finishing URL
www.upload.ee/files/15851345/sadfok.hta.html?msg=sess_error
IP / ASN
51.91.30.159
#16276 OVH SAS
Title
UPLOAD.EE - sadfok.hta - Download

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
du0pud0sdlmzf.cloudfront.net	unknown	2008-04-25	2023-08-24 12:49:59	2023-10-25 20:03:34	2.4 kB	121 kB	143.204.42.211
ticalfelixstownru.info	unknown	2023-10-04	2023-10-12 21:49:31	2023-10-12 22:20:32	3.8 kB	6.9 kB	143.204.55.80
ismscoldnesfspl.info	unknown	2023-10-04	2023-10-12 11:48:07	2023-10-12 11:48:07	2.1 kB	4.7 kB	104.21.20.251
accounts.google.com	81	1997-09-15	2016-03-20 13:44:49	2023-10-25 18:22:51	3.7 kB	11 kB	142.250.74.109
banner-server.hookusbookus.com	unknown	2018-09-12	2023-01-24 15:19:09	2023-10-25 18:37:16	497 B	82 kB	18.157.94.205
banner.hookusbookus.com	unknown	2018-09-12	2021-10-05 06:31:23	2023-10-25 18:37:16	16 kB	388 kB	18.194.32.185
pogothere.xyz	unknown	2022-08-22	2022-09-04 21:11:25	2023-10-25 19:10:48	1.3 kB	209 kB	172.67.220.203
www.upload.ee	981196	2010-07-04	2012-05-24 10:39:37	2023-10-25 14:07:50	4.6 kB	27 kB	51.91.30.159
ocsp.pki.goog	175	2016-06-13	2018-07-01 08:43:07	2023-10-25 18:12:06	1.7 kB	3.5 kB	142.250.74.131
static.bepolite.eu	unknown	unknown	2017-01-29 06:13:55	2023-10-25 18:37:16	866 B	179 kB	212.47.222.20
serving.bepolite.eu	unknown	unknown	2017-01-29 19:42:29	2023-10-25 18:37:15	2.5 kB	570 B	212.47.222.20
upload.ee	450367	2010-07-04	2015-01-15 12:52:19	2023-10-26 10:30:55	515 B	557 B	51.91.30.159
www.googletagmanager.com	75	2011-11-11	2013-05-22 04:07:37	2023-10-25 18:46:23	875 B	138 kB	142.250.74.168
ocsp.r2m02.amazontrust.com	unknown	2007-05-11	2022-10-12 16:01:39	2023-10-25 18:37:16	340 B	942 B	54.230.218.11
dskwugy0u6y9l.cloudfront.net	unknown	2008-04-25	2021-11-03 13:00:09	2023-10-25 20:03:37	3.0 kB	385 kB	143.204.42.103

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-10-26 17:30:24	medium	Client IP	51.91.30.159	ET POLICY Possible HTA Application Download

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (21)

	URL	From	Size	First Seen	Last Seen
	banner.hookusbookus.com/config/config.js?v=1	ScriptElement	75 B	2023-03-13	2024-08-21
Pretty URL banner.hookusbookus.com/config/config.js?v=1 IP 18.194.32.185 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 06:46 Last Seen2024-08-21 08:57 Times Seen97 Hash ee16e21326dec006274a554647c4d759 8e4389c35e12ea6d1e4d7214c174fda343047865 5ccb649c18765165e7128191ea14ab53d8de87d6ad7eea29328b681d455d7a4f Loading...

	www.upload.ee/files/15851345/sadfok.hta.html?msg=sess_error	ScriptElement	14 B	2023-03-09	2025-05-09
Pretty URL www.upload.ee/files/15851345/sadfok.hta.html?msg=sess_error IP 51.91.30.159 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-09 23:09 Last Seen2025-05-09 08:16 Times Seen3335 Hash 48e07e6b9e60fc36f21db6b71bf0b4b1 fb4085cc0058779b28e5c366a2b92cf242399c2f 3cbdc71216bd0aa119c93b4c5213941e9972e26ef16b3386c7c9cb32bcc60d64 Loading...

	www.upload.ee/files/15851345/sandbox%20eval%20code		128 B	2023-05-06	2025-05-09
Pretty URL www.upload.ee/files/15851345/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-05-06 01:21 Last Seen2025-05-09 08:24 Times Seen24342 Hash 23c336606ee3a6d444b305153fa0e2e2 473a2111970ae2a94b373e656d20c4bd4184d703 305375d5052f6a14434d2d338f852f0f4f04fb26495f88a5d62b6afde2e2cc60 Loading...

	pagead2.googlesyndication.com/pagead/js/adsbygoogle.js	ScriptElement	1.6 kB	2023-05-06	2025-05-09
Pretty URL pagead2.googlesyndication.com/pagead/js/adsbygoogle.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-06 01:21 Last Seen2025-05-09 08:24 Times Seen24133 Hash 2e9e391ad98fbe1b2de0b7b4fa9ca904 21d7771223e8286a06ad878af425094a40de32b5 1468d954f25ab75355f3c0f42cd9c84efd64a67922c47d3b69bdb6d0eb399e69 Loading...

	serving.bepolite.eu/script?space=50dd7b0f-4105-441f-8f60-18cc3fcb090c&type=direct&page_id=293009&screen_width=1280&screen_height=1024&os=Linux%20x86_64&refurl=https%3A%2F%2Fwww.upload.ee%2Fdownload%2F15851345%2F4dbe3e30b13d1dbeccfe%2Fsadfok.hta&pageurl=https%3A%2F%2Fwww.upload.ee%2Ffiles%2F15851345%2Fsadfok.hta.html%3Fmsg%3Dsess_error&rnd=1698341425498	ScriptElement	6.3 kB	2024-08-21	2024-08-21
Pretty URL serving.bepolite.eu/script?space=50dd7b0f-4105-441f-8f60-18cc3fcb090c&type=direct&page_id=293009&screen_width=1280&screen_height=1024&os=Linux%20x86_64&refurl=https%3A%2F%2Fwww.upload.ee%2Fdownload%2F15851345%2F4dbe3e30b13d1dbeccfe%2Fsadfok.hta&pageurl=https%3A%2F%2Fwww.upload.ee%2Ffiles%2F15851345%2Fsadfok.hta.html%3Fmsg%3Dsess_error&rnd=1698341425498 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-21 03:16 Last Seen2024-08-21 03:16 Times Seen1 Hash 4176bd29cdca9a7cbd50e39a4c651b09 343abe56a712b2ad14eb9a675470ef5c8d248c83 c98863ed196f22954919340d46e697caecb5fa28aa926115561fc8e74984a5b7 Loading...

	www.googletagmanager.com/gtag/js?id=G-LT9YQX0N49&l=dataLayer&cx=c	ScriptElement	248 kB	2023-10-26	2023-10-26
Pretty URL www.googletagmanager.com/gtag/js?id=G-LT9YQX0N49&l=dataLayer&cx=c IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-26 19:30 Last Seen2023-10-26 19:30 Times Seen1 Hash 51caa1396941693f02b3c4bca99791a4 23bac44fb4312f13ef8ae4a5fb44f3bed9990cea 75968efb1e283b7c208d5e39819f633bf5ce3b93f48dbd6515e9eef7456c4a6b Loading...

	banner.hookusbookus.com/index_300x600.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFw49J5M8b59LB6KjmzvcyzXpTQMUGJGl_xhadLxbDv9G-nbj_GGKyO8D1O0uQtK2sjWaroYCbRNHDAxkqc3T_zqL5hPN9TAG87FJj4XflR_kNxlBmTeS8aIrMsHFx7RLVif-jAupxPB1hGVM_v5Rsszzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1lOBTrB2gNvK4ykboohAFg9GiTK6hksTtZYDcAaR_SLbZUMMdoZrmihwdxucuHa1za5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFw49J5M8b59LB6KjmzvcyzXpTQMUGJGl_xhadLxbDv9G-nbj_GGKyO8D1O0uQtK2sjWaroYCbRNHDAxkqc3T_zqL5hPN9TAG87FJj4XflR_kNxlBmTeS8aIrMsHFx7RLVif-jAupxPB1hGVM_v5Rsszzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1lOBTrB2gNvK4ykboohAFg9GiTK6hksTtZYDcAaR_SLbZUMMdoZrmihwdxucuHa1za5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_300x600.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=764e06c42a714b508c6da8df6296025f50dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=300&h=600&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner	ScriptElement	0 B	0001-01-01	2025-05-09
Pretty URL banner.hookusbookus.com/index_300x600.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFw49J5M8b59LB6KjmzvcyzXpTQMUGJGl_xhadLxbDv9G-nbj_GGKyO8D1O0uQtK2sjWaroYCbRNHDAxkqc3T_zqL5hPN9TAG87FJj4XflR_kNxlBmTeS8aIrMsHFx7RLVif-jAupxPB1hGVM_v5Rsszzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1lOBTrB2gNvK4ykboohAFg9GiTK6hksTtZYDcAaR_SLbZUMMdoZrmihwdxucuHa1za5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFw49J5M8b59LB6KjmzvcyzXpTQMUGJGl_xhadLxbDv9G-nbj_GGKyO8D1O0uQtK2sjWaroYCbRNHDAxkqc3T_zqL5hPN9TAG87FJj4XflR_kNxlBmTeS8aIrMsHFx7RLVif-jAupxPB1hGVM_v5Rsszzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1lOBTrB2gNvK4ykboohAFg9GiTK6hksTtZYDcAaR_SLbZUMMdoZrmihwdxucuHa1za5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_300x600.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=764e06c42a714b508c6da8df6296025f50dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=300&h=600&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner IP 18.194.32.185 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-05-09 10:29 Times Seen4635324 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	unknown	DomTimer	125 B	2024-08-21	2024-08-21
Pretty Introduced by domTimer Embedded in HTML false Observations First Seen2024-08-21 03:16 Last Seen2024-08-21 03:16 Times Seen1 Hash 7414fb592c3e4cecf8a46c8027064638 e10b6b3b802430f8b6bed3554051191379c6fd3f 7985e095e94a15f4c8aaac7a84f4699cd0b6f051a09297c8cfb165e5b7bb83b2 Loading...

	unknown	DomTimer	88 B	2024-08-21	2024-08-21
Pretty Introduced by domTimer Embedded in HTML false Observations First Seen2024-08-21 03:16 Last Seen2024-08-21 03:16 Times Seen1 Hash dcc7d4b38a0ca5f24ebcf27da6d3667a 9eed536cf55ca8d642e40f01c900b0cff668d7e7 c57c2f6c138f1873d1c282e28abbec1af1957f1100dde1ffc6ef61e2d686e64c Loading...

	www.upload.ee/js/js__file_upload.js	ScriptElement	26 kB	2023-10-24	2025-05-09
Pretty URL www.upload.ee/js/js__file_upload.js IP 51.91.30.159 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-24 16:45 Last Seen2025-05-09 08:16 Times Seen3240 Hash 66684709338f7239056ff3302e16bc4a 7dbd501434bdc062cdc8f6744e272a7d39ca5136 5163e50a8fe4549a8ca064e266de9c8e6aebd1d848185e0931959824a4d32c0f Loading...

	unknown	DomTimer	91 B	2024-08-21	2024-08-21
Pretty Introduced by domTimer Embedded in HTML false Observations First Seen2024-08-21 03:16 Last Seen2024-08-21 03:16 Times Seen1 Hash cc545a7eac213ae2f86f321e5f1ec9fe ec45b0d0f31fa7ea2e0f970cd539465d8a08e3f9 dd3a97ea407bfd1540d462a9445da312051786eb6dc869bed2b26845167ed0d8 Loading...

	banner.hookusbookus.com/assets/js/jquery.min.js	ScriptElement	90 kB	2023-03-07	2025-05-09
Pretty URL banner.hookusbookus.com/assets/js/jquery.min.js IP 18.194.32.185 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-09 10:15 Times Seen108607 Hash dc5e7f18c8d36ac1d3d4753a87c98d0a c8e1c8b386dc5b7a9184c763c88d19a346eb3342 f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Loading...

	www.upload.ee/files/15851345/sadfok.hta.html?msg=sess_error	ScriptElement	57 B	2023-03-09	2025-05-09
Pretty URL www.upload.ee/files/15851345/sadfok.hta.html?msg=sess_error IP 51.91.30.159 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-09 23:09 Last Seen2025-05-09 08:16 Times Seen3333 Hash 63fa78e3d4ae4b7fc4cf5126264cb75e 65657518c61173b8205d4fb68aabfae6ae7270a0 a31d904d1ab6191632f68d0b375b622e4699c6e840f99ce53699df5d9f77ef6a Loading...

	www.google-analytics.com/analytics.js	ScriptElement	4.7 kB	2023-04-11	2025-05-09
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-05-09 10:22 Times Seen340617 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

	unknown	DomTimer	128 B	2024-08-21	2024-08-21
Pretty Introduced by domTimer Embedded in HTML false Observations First Seen2024-08-21 03:16 Last Seen2024-08-21 03:16 Times Seen1 Hash 887cb943f1adf0f84228e3210a644e01 b3c70935491c31b61f4dd8f81040858ea7417f1a 015d12fa36d084efc6ed5b546b958646748ff17289345999ea740442fe3b9364 Loading...

	static.bepolite.eu/scripts/saresponsive.js	ScriptElement	177 kB	2023-10-14	2023-10-26
Pretty URL static.bepolite.eu/scripts/saresponsive.js IP 212.47.222.20 ASN #3327 CITIC Telecom CPC Netherlands B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-14 14:45 Last Seen2023-10-26 19:30 Times Seen6 Hash 8b966d35075632aae6108d54928c2ae9 c76f1c7ab28ade483e7a852c049eeb5bddaf4e5e da22da01f20d28d9171f8107e155ca01f9811d6abcd3b64dbeb832ec6c34578e Loading...

	www.upload.ee/files/15851345/sadfok.hta.html?msg=sess_error	ScriptElement	155 B	2023-03-09	2025-05-09
Pretty URL www.upload.ee/files/15851345/sadfok.hta.html?msg=sess_error IP 51.91.30.159 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-09 23:09 Last Seen2025-05-09 08:16 Times Seen3324 Hash ba71a86056b5c9ef37b625aade54337e 4769c2a07aa71c342dcb06dfa2950cff7ecae40f 65d96ab8cd224643e09a693cdc8fa0b76eb9c6cfe0a4be8b797136ca83a305c0 Loading...

	www.upload.ee/files/15851345/sadfok.hta.html?msg=sess_error	ScriptElement	1.6 kB	2023-03-09	2024-08-21
Pretty URL www.upload.ee/files/15851345/sadfok.hta.html?msg=sess_error IP 51.91.30.159 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-09 23:09 Last Seen2024-08-21 09:18 Times Seen114 Hash bada815b0add3317d69cbff824573d6b 60ebc2061d3dbf196d418b6802aa0d971b7bc189 f2fe3c2dc65244420df6fc8efd959211c4ef3d9f76e2a3c530b4a3163138d92b Loading...

	du0pud0sdlmzf.cloudfront.net/?dupud=997369	ScriptElement	363 kB	2023-10-26	2023-10-26
Pretty URL du0pud0sdlmzf.cloudfront.net/?dupud=997369 IP 143.204.42.211 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-26 19:30 Last Seen2023-10-26 19:30 Times Seen3 Hash 9aab97f2a6e1e0d9e904582b89e98180 35ca105900e4da6099e530995c2e572f70d5ca07 bc3de5f026eead63b88652a8eb08b527aee3a1092b6ca245dc0e7a676143522d Loading...

	www.googletagmanager.com/gtag/js?id=UA-6703115-1	ScriptElement	134 kB	2023-10-26	2023-10-26
Pretty URL www.googletagmanager.com/gtag/js?id=UA-6703115-1 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-26 19:30 Last Seen2023-10-26 19:30 Times Seen1 Hash 22371cf8a9b1834f6e97e40a5e598baf 8de31c27c5d178f3337ac064bc5d99ac626fba9d 3b03ecf167990165ae01c415164cbdf653e99e4b78dacf56faa4c83e283e7d83 Loading...

	www.upload.ee/files/15851345/sandbox%20eval%20code		147 B	2023-04-11	2025-05-09
Pretty URL www.upload.ee/files/15851345/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-05-09 10:22 Times Seen341418 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

HTTP Transactions (64)

URL IP Response Size

upload.ee/download/15851345/4dbe3e30b13d1dbeccfe/sadfok.hta

51.91.30.159

278 B

URL
upload.ee/download/15851345/4dbe3e30b13d1dbeccfe/sadfok.hta
IP
51.91.30.159:0
ASN
#16276 OVH SAS

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
278 B (278 bytes)
Hash
3c8d937d4ab7f59f781a9faed6f8c1e9
3efd34d3465c0257c8e9e5c04ea6d241cbf35945
59106c4270321c8529a3f8f392977a6be320e6cc0eab26a28909721cf1f53183

HTTP Headers

GET /download/15851345/4dbe3e30b13d1dbeccfe/sadfok.hta HTTP/1.1
Host: upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Thu, 26 Oct 2023 17:30:23 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 278
Connection: keep-alive
Keep-Alive: timeout=5
Location: http://www.upload.ee/download/15851345/4dbe3e30b13d1dbeccfe/sadfok.hta

www.upload.ee/download/15851345/4dbe3e30b13d1dbeccfe/sadfok.hta

51.91.30.159

0 B

URL
www.upload.ee/download/15851345/4dbe3e30b13d1dbeccfe/sadfok.hta
IP
51.91.30.159:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY Possible HTA Application Download

HTTP Headers

GET /download/15851345/4dbe3e30b13d1dbeccfe/sadfok.hta HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Thu, 26 Oct 2023 17:30:23 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Keep-Alive: timeout=5
Strict-Transport-Security: max-age=31536000
X-XSS-Protection: 1
Location: https://www.upload.ee/download/15851345/4dbe3e30b13d1dbeccfe/sadfok.hta

www.upload.ee/download/15851345/4dbe3e30b13d1dbeccfe/sadfok.hta

51.91.30.159

401 B

URL
www.upload.ee/download/15851345/4dbe3e30b13d1dbeccfe/sadfok.hta
IP
51.91.30.159:0
ASN
#16276 OVH SAS

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (401), with no line terminators
Size
401 B (401 bytes)
Hash
bf975add8f8623d71ac9e3d56d6bbce7
9b1c5a26fee65f5b170b0d2c0b50f6e6c62175ed
e703e833f6971eec9953bc8713b656812ef260b34d75bc9c2a4c4199f5917614

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY Possible HTA Application Download

HTTP Headers

GET /download/15851345/4dbe3e30b13d1dbeccfe/sadfok.hta HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: nginx
Date: Thu, 26 Oct 2023 17:30:23 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 401
Connection: keep-alive
Keep-Alive: timeout=5
Strict-Transport-Security: max-age=31536000
X-XSS-Protection: 1
P3P: CP="CAO PSA OUR"

www.upload.ee/download/15851345/4dbe3e30b13d1dbeccfe/sadfok.hta

51.91.30.159

401 B

URL
www.upload.ee/download/15851345/4dbe3e30b13d1dbeccfe/sadfok.hta
IP
51.91.30.159:0
ASN
#16276 OVH SAS

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (401), with no line terminators
Size
401 B (401 bytes)
Hash
bf975add8f8623d71ac9e3d56d6bbce7
9b1c5a26fee65f5b170b0d2c0b50f6e6c62175ed
e703e833f6971eec9953bc8713b656812ef260b34d75bc9c2a4c4199f5917614

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY Possible HTA Application Download

HTTP Headers

GET /download/15851345/4dbe3e30b13d1dbeccfe/sadfok.hta HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: nginx
Date: Thu, 26 Oct 2023 17:30:24 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 401
Connection: keep-alive
Keep-Alive: timeout=5
Strict-Transport-Security: max-age=31536000
X-XSS-Protection: 1
P3P: CP="CAO PSA OUR"

www.upload.ee/files/15851345/sadfok.hta.html?msg=sess_error

51.91.30.159

200 OK

9.0 kB

URL User Request GET HTTP/1.1
www.upload.ee/files/15851345/sadfok.hta.html?msg=sess_error
IP
51.91.30.159:443
ASN
#16276 OVH SAS

Certificate
IssuerDigiCert, Inc.
Subjectwww.upload.ee
Fingerprint50:32:93:34:C8:04:2F:84:49:77:0D:C4:DD:CA:79:C9:CB:3E:C0:F4
ValidityThu, 02 Mar 2023 00:00:00 GMT - Mon, 01 Apr 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4526)
Size
9.0 kB (8987 bytes)
Hash
62eca001c99ec3984691da42552a7705
a6bbb6393ccad05fdbc88d38645683a5d3fed7e0
670cf8daf431c4e7a2d3fe33ad8cf522d63330454cd6f4cab03af10554a44081

HTTP Headers

GET /files/15851345/sadfok.hta.html?msg=sess_error HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/download/15851345/4dbe3e30b13d1dbeccfe/sadfok.hta
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 26 Oct 2023 17:30:24 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 8987
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Thu, 26 Oct 2023 20:30:24 +0300
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Strict-Transport-Security: max-age=31536000
X-XSS-Protection: 1
P3P: CP="CAO PSA OUR"
Set-Cookie: lng=eng; expires=Thu, 23-Nov-2023 17:30:24 GMT; path=/; domain=www.upload.ee; secure; httponly; SameSite=None
Content-Encoding: gzip

www.upload.ee/static/ubr__style.css

51.91.30.159

200 OK

2.8 kB

URL GET HTTP/1.1
www.upload.ee/static/ubr__style.css
IP
51.91.30.159:443
ASN
#16276 OVH SAS

Requested by
https://www.upload.ee/files/15851345/sadfok.hta.html?msg=sess_error
Certificate
IssuerDigiCert, Inc.
Subjectwww.upload.ee
Fingerprint50:32:93:34:C8:04:2F:84:49:77:0D:C4:DD:CA:79:C9:CB:3E:C0:F4
ValidityThu, 02 Mar 2023 00:00:00 GMT - Mon, 01 Apr 2024 23:59:59 GMT

File type
ASCII text, with very long lines (591), with CRLF line terminators
Size
2.8 kB (2841 bytes)
Hash
7b9692d4caecccf38e40d2333f8e00b0
8ecb4f873571250f02a5cc2ceff0a24aed25fc33
c4042306388924b75aa7d584c1e61165264967a52d09544ecba836f0d00eb9b9

HTTP Headers

GET /static/ubr__style.css HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/files/15851345/sadfok.hta.html?msg=sess_error
Cookie: lng=eng
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 26 Oct 2023 17:30:24 GMT
Content-Type: text/css
Last-Modified: Tue, 17 Oct 2023 12:17:20 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
ETag: W/"652e7b50-24da"
Expires: Thu, 02 Nov 2023 17:30:24 GMT
Cache-Control: max-age=604800
Vary: Accept-Encoding
Content-Encoding: gzip

www.upload.ee/js/js__file_upload.js

51.91.30.159

200 OK

7.7 kB

URL GET HTTP/1.1
www.upload.ee/js/js__file_upload.js
IP
51.91.30.159:443
ASN
#16276 OVH SAS

Requested by
https://www.upload.ee/files/15851345/sadfok.hta.html?msg=sess_error
Certificate
IssuerDigiCert, Inc.
Subjectwww.upload.ee
Fingerprint50:32:93:34:C8:04:2F:84:49:77:0D:C4:DD:CA:79:C9:CB:3E:C0:F4
ValidityThu, 02 Mar 2023 00:00:00 GMT - Mon, 01 Apr 2024 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (1853)
Size
7.7 kB (7670 bytes)
Hash
66684709338f7239056ff3302e16bc4a
7dbd501434bdc062cdc8f6744e272a7d39ca5136
5163e50a8fe4549a8ca064e266de9c8e6aebd1d848185e0931959824a4d32c0f

HTTP Headers

GET /js/js__file_upload.js HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/files/15851345/sadfok.hta.html?msg=sess_error
Cookie: lng=eng
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 26 Oct 2023 17:30:24 GMT
Content-Type: application/javascript
Last-Modified: Tue, 17 Oct 2023 12:32:21 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
ETag: W/"652e7ed5-651c"
Expires: Thu, 02 Nov 2023 17:30:24 GMT
Cache-Control: max-age=604800
Vary: Accept-Encoding
Content-Encoding: gzip

www.upload.ee/images/arrow.gif

51.91.30.159

200 OK

59 B

URL GET HTTP/1.1
www.upload.ee/images/arrow.gif
IP
51.91.30.159:443
ASN
#16276 OVH SAS

Requested by
https://www.upload.ee/files/15851345/sadfok.hta.html?msg=sess_error
Certificate
IssuerDigiCert, Inc.
Subjectwww.upload.ee
Fingerprint50:32:93:34:C8:04:2F:84:49:77:0D:C4:DD:CA:79:C9:CB:3E:C0:F4
ValidityThu, 02 Mar 2023 00:00:00 GMT - Mon, 01 Apr 2024 23:59:59 GMT

File type
GIF image data, version 89a, 6 x 9\012- data
Size
59 B (59 bytes)
Hash
6675f814b94f13f91f1383707b250e36
31452650e8fce2095613a2010799bdb7548bdd51
061d01a0b85f948c6ec464870ecec4654c4bd2ff15cacda941bbbf16225ec411

HTTP Headers

GET /images/arrow.gif HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/files/15851345/sadfok.hta.html?msg=sess_error
Cookie: lng=eng
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 26 Oct 2023 17:30:24 GMT
Content-Type: image/gif
Content-Length: 59
Last-Modified: Sun, 14 Apr 2013 07:15:01 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "516a5775-3b"
Expires: Thu, 02 Nov 2023 17:30:24 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes

du0pud0sdlmzf.cloudfront.net/?dupud=997369

143.204.42.211

118 kB

URL
du0pud0sdlmzf.cloudfront.net/?dupud=997369
IP
143.204.42.211:0
ASN
#16509 AMAZON-02

File type
Unicode text, UTF-8 text, with very long lines (15948)
Size
118 kB (117768 bytes)
Hash
9aab97f2a6e1e0d9e904582b89e98180
35ca105900e4da6099e530995c2e572f70d5ca07
bc3de5f026eead63b88652a8eb08b527aee3a1092b6ca245dc0e7a676143522d

HTTP Headers

GET /?dupud=997369 HTTP/1.1
Host: du0pud0sdlmzf.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-length: 117768
date: Thu, 26 Oct 2023 17:30:23 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Hit from cloudfront
via: 1.1 a6d89f7e2d55548b941f1ff5d5b3c8d4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: y8FhLy7Tbcw4E_LUlqPRSONCsFSQbXa-FH0NIEr9g9MERo1HUfxiGA==
age: 1
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c088aa1505da9f4e034c43608e2135bb
0ea8e2a58b27fc8a7f547367c4fda26c78bdefd9
60c63114d67758ba8a98a5ceae6f2f0a6ca9b7a6e3367e6545517e78e07b74ad

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 26 Oct 2023 17:30:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.upload.ee/images/dl_.png

51.91.30.159

200 OK

1.9 kB

URL GET HTTP/1.1
www.upload.ee/images/dl_.png
IP
51.91.30.159:443
ASN
#16276 OVH SAS

Requested by
https://www.upload.ee/files/15851345/sadfok.hta.html?msg=sess_error
Certificate
IssuerDigiCert, Inc.
Subjectwww.upload.ee
Fingerprint50:32:93:34:C8:04:2F:84:49:77:0D:C4:DD:CA:79:C9:CB:3E:C0:F4
ValidityThu, 02 Mar 2023 00:00:00 GMT - Mon, 01 Apr 2024 23:59:59 GMT

File type
PNG image data, 154 x 32, 8-bit colormap, non-interlaced\012- data
Size
1.9 kB (1900 bytes)
Hash
f3e8f284a4e98cdb91b6abfc142d94a4
fa9e618c2f56bea752ddd7e45a372c5539dadda9
2f13919383f54ca21e5b87f5644df8a875b99815c821dcbbabea352d854c6882

HTTP Headers

GET /images/dl_.png HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/files/15851345/sadfok.hta.html?msg=sess_error
Cookie: lng=eng
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 26 Oct 2023 17:30:24 GMT
Content-Type: image/png
Content-Length: 1900
Last-Modified: Thu, 01 Dec 2016 09:37:27 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "583fef57-76c"
Expires: Thu, 02 Nov 2023 17:30:24 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes

www.googletagmanager.com/gtag/js?id=UA-6703115-1

142.250.74.168

200 OK

51 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=UA-6703115-1
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://www.upload.ee/files/15851345/sadfok.hta.html?msg=sess_error
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint81:B9:A4:E4:E4:84:05:A7:F6:52:4F:E2:74:27:36:05:0D:74:15:89
ValidityThu, 28 Sep 2023 05:26:20 GMT - Thu, 21 Dec 2023 05:26:19 GMT

File type
ASCII text, with very long lines (2213)
Size
51 kB (51070 bytes)
Hash
22371cf8a9b1834f6e97e40a5e598baf
8de31c27c5d178f3337ac064bc5d99ac626fba9d
3b03ecf167990165ae01c415164cbdf653e99e4b78dacf56faa4c83e283e7d83

HTTP Headers

GET /gtag/js?id=UA-6703115-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 26 Oct 2023 17:30:24 GMT
expires: Thu, 26 Oct 2023 17:30:24 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 51070
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c088aa1505da9f4e034c43608e2135bb
0ea8e2a58b27fc8a7f547367c4fda26c78bdefd9
60c63114d67758ba8a98a5ceae6f2f0a6ca9b7a6e3367e6545517e78e07b74ad

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 26 Oct 2023 17:30:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.googletagmanager.com/gtag/js?id=G-LT9YQX0N49&l=dataLayer&cx=c

142.250.74.168

200 OK

85 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=G-LT9YQX0N49&l=dataLayer&cx=c
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://www.upload.ee/files/15851345/sadfok.hta.html?msg=sess_error
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint81:B9:A4:E4:E4:84:05:A7:F6:52:4F:E2:74:27:36:05:0D:74:15:89
ValidityThu, 28 Sep 2023 05:26:20 GMT - Thu, 21 Dec 2023 05:26:19 GMT

File type
ASCII text, with very long lines (3034)
Size
85 kB (85397 bytes)
Hash
51caa1396941693f02b3c4bca99791a4
23bac44fb4312f13ef8ae4a5fb44f3bed9990cea
75968efb1e283b7c208d5e39819f633bf5ce3b93f48dbd6515e9eef7456c4a6b

HTTP Headers

GET /gtag/js?id=G-LT9YQX0N49&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 26 Oct 2023 17:30:24 GMT
expires: Thu, 26 Oct 2023 17:30:24 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 85397
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

ticalfelixstownru.info/a2xPWFEKDiw1bgpRLX4kGQByfWMtSX0eNR5cPy01Wx8rNDwRCmE7PQQZKz4jBAI7dj8OGGpqFzIhIyg+DgcrCh86NSw9FDIWCx01Tl4NG2NaDhsQZT4hDSsHIDkFNgE4WAIJBSYdByEpBS0NYAklPTwABQxYdg48DzUXGyU/Ig5hGTI6LGgSWwh9HhUYIQgQPiwKDS8aICojNhYDIT4KFQwgCQsHPCF/bAEhC3drExwtOgA7MiYXawdbDn8CGjILDSkAKiZ9GWJSDgAfGCoNKAkFIDksMQU+BHwLPCEJBQAULAp+K2UyCw0pFgwUJhkDHzYcNmUIDSR1Fw0IHhFoLz4kKwkzVS4IGT4vLmk5IAgoEiM/OSdrBy8hLhAoLQgGM2AiLR4WIzw6HWsXKFUZCyZNBjw3PxtRGgwaGAUNPTo+Njg1I1Ih

143.204.55.80

200 OK

1.2 kB

URL GET HTTP/2
ticalfelixstownru.info/a2xPWFEKDiw1bgpRLX4kGQByfWMtSX0eNR5cPy01Wx8rNDwRCmE7PQQZKz4jBAI7dj8OGGpqFzIhIyg+DgcrCh86NSw9FDIWCx01Tl4NG2NaDhsQZT4hDSsHIDkFNgE4WAIJBSYdByEpBS0NYAklPTwABQxYdg48DzUXGyU/Ig5hGTI6LGgSWwh9HhUYIQgQPiwKDS8aICojNhYDIT4KFQwgCQsHPCF/bAEhC3drExwtOgA7MiYXawdbDn8CGjILDSkAKiZ9GWJSDgAfGCoNKAkFIDksMQU+BHwLPCEJBQAULAp+K2UyCw0pFgwUJhkDHzYcNmUIDSR1Fw0IHhFoLz4kKwkzVS4IGT4vLmk5IAgoEiM/OSdrBy8hLhAoLQgGM2AiLR4WIzw6HWsXKFUZCyZNBjw3PxtRGgwaGAUNPTo+Njg1I1Ih
IP
143.204.55.80:443
ASN
#16509 AMAZON-02

Requested by
https://www.upload.ee/files/15851345/sadfok.hta.html?msg=sess_error
Certificate
IssuerAmazon
Subjectticalfelixstownru.info
Fingerprint86:76:7C:D2:5F:B7:F1:4A:DD:80:F6:D4:16:23:2B:37:97:3B:D1:C8
ValidityThu, 12 Oct 2023 00:00:00 GMT - Sat, 09 Nov 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3027), with no line terminators
Size
1.2 kB (1180 bytes)
Hash
ac4bf7c12a76434b64b33fa648fd0c5d
97a5479611541ca54301c3aeed008476b58bab4e
953532f7d18af006c6eb378ba605717fe8b554859be3de8c3137a3feec7125f9

HTTP Headers

GET /a2xPWFEKDiw1bgpRLX4kGQByfWMtSX0eNR5cPy01Wx8rNDwRCmE7PQQZKz4jBAI7dj8OGGpqFzIhIyg+DgcrCh86NSw9FDIWCx01Tl4NG2NaDhsQZT4hDSsHIDkFNgE4WAIJBSYdByEpBS0NYAklPTwABQxYdg48DzUXGyU/Ig5hGTI6LGgSWwh9HhUYIQgQPiwKDS8aICojNhYDIT4KFQwgCQsHPCF/bAEhC3drExwtOgA7MiYXawdbDn8CGjILDSkAKiZ9GWJSDgAfGCoNKAkFIDksMQU+BHwLPCEJBQAULAp+K2UyCw0pFgwUJhkDHzYcNmUIDSR1Fw0IHhFoLz4kKwkzVS4IGT4vLmk5IAgoEiM/OSdrBy8hLhAoLQgGM2AiLR4WIzw6HWsXKFUZCyZNBjw3PxtRGgwaGAUNPTo+Njg1I1Ih HTTP/1.1
Host: ticalfelixstownru.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html
content-length: 1180
date: Thu, 26 Oct 2023 17:30:24 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 dbfaae0db03f11cf713bbcbdb25be4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: XeoPiTOon7_lFS0iM6uWT36E_rmbAcGZg6Dqe9zeX51lX1ZKH1IaRQ==
X-Firefox-Spdy: h2

ticalfelixstownru.info/V3JCbkc2ECEDeDZPIEgyJR5/S3URV3AoIyJCMhsjZwEmAiotFGwNKzgHJgg1OBw2QCkyBmdcARMQcwoRATQHIwgTATsMLyRXcCwKAB4tOCoVGhgpKx0iETdwBwp7Hxc9ASMiIG8QDQYzDzgQCQM2JykECy0wMTZ0EkcMOn8eEywjPwcFOh8dHzs1LT0BHRsmJDY8LwlyBxoXS3UVPRYJMAQfFzoeD0skDSozGSc8IzooCiguGyoIAB0TQgUhFBYBJih2OT4VFikaNQQGJAA7Ng0qMxkLFisuKCo4IA9Ad1kdHxoJNBACCAwvMG89LCgtHCUUAh0ANCQ0KnokLgoBZhwPFHc9MSgrcRs6EAoCACAuNwIRHCEXASQqJUgtJB0sHno8HQkvHxkcCFY1GiV6

143.204.55.80

200 OK

1.2 kB

URL GET HTTP/2
ticalfelixstownru.info/V3JCbkc2ECEDeDZPIEgyJR5/S3URV3AoIyJCMhsjZwEmAiotFGwNKzgHJgg1OBw2QCkyBmdcARMQcwoRATQHIwgTATsMLyRXcCwKAB4tOCoVGhgpKx0iETdwBwp7Hxc9ASMiIG8QDQYzDzgQCQM2JykECy0wMTZ0EkcMOn8eEywjPwcFOh8dHzs1LT0BHRsmJDY8LwlyBxoXS3UVPRYJMAQfFzoeD0skDSozGSc8IzooCiguGyoIAB0TQgUhFBYBJih2OT4VFikaNQQGJAA7Ng0qMxkLFisuKCo4IA9Ad1kdHxoJNBACCAwvMG89LCgtHCUUAh0ANCQ0KnokLgoBZhwPFHc9MSgrcRs6EAoCACAuNwIRHCEXASQqJUgtJB0sHno8HQkvHxkcCFY1GiV6
IP
143.204.55.80:443
ASN
#16509 AMAZON-02

Requested by
https://www.upload.ee/files/15851345/sadfok.hta.html?msg=sess_error
Certificate
IssuerAmazon
Subjectticalfelixstownru.info
Fingerprint86:76:7C:D2:5F:B7:F1:4A:DD:80:F6:D4:16:23:2B:37:97:3B:D1:C8
ValidityThu, 12 Oct 2023 00:00:00 GMT - Sat, 09 Nov 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3001), with no line terminators
Size
1.2 kB (1160 bytes)
Hash
ef0a32b99dcb939ec684cce637f47164
789dda2c35214ba52c59b2987c8f0ede744efcb2
3ccc21a1f4f8176e9525d60adcdd0c68f6ce5a50caecb3bbb994b22ae1625c88

HTTP Headers

GET /V3JCbkc2ECEDeDZPIEgyJR5/S3URV3AoIyJCMhsjZwEmAiotFGwNKzgHJgg1OBw2QCkyBmdcARMQcwoRATQHIwgTATsMLyRXcCwKAB4tOCoVGhgpKx0iETdwBwp7Hxc9ASMiIG8QDQYzDzgQCQM2JykECy0wMTZ0EkcMOn8eEywjPwcFOh8dHzs1LT0BHRsmJDY8LwlyBxoXS3UVPRYJMAQfFzoeD0skDSozGSc8IzooCiguGyoIAB0TQgUhFBYBJih2OT4VFikaNQQGJAA7Ng0qMxkLFisuKCo4IA9Ad1kdHxoJNBACCAwvMG89LCgtHCUUAh0ANCQ0KnokLgoBZhwPFHc9MSgrcRs6EAoCACAuNwIRHCEXASQqJUgtJB0sHno8HQkvHxkcCFY1GiV6 HTTP/1.1
Host: ticalfelixstownru.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: text/html
content-length: 1160
date: Thu, 26 Oct 2023 17:30:24 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 dbfaae0db03f11cf713bbcbdb25be4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: -42AzexvCm407SYTYHNzweoikIYXDvePL7x3_FR6BK9EjpBF5YzI-g==
X-Firefox-Spdy: h2

ticalfelixstownru.info/ZGNWbzAFATUCDwVeNElFFg9rSgIiRmQpVBFTJhpUVBAyA10eBXgMXAsWMglCCw0iQV4BF3NddjAHEzUBMTQfN3s2EGU3YSUVEzhIBjcOKXI9JQw8fCU6c11yICIEWHoMNgEpXiIkF15xHiATInIyJx8JZR02Dyp4ECUyGAQyKBQlQzYhEwB2CRsCOlkHMRteCSU6FypYIDFvWHIeBAYuWTU0BghxNS9nIlslUz0ddw0QGihzCzYyKXEdAGcbWDZTDF1oNw8CPWcqJBNfVCMHPgQEICITSgImNhEhYyArYyt0CDEXNgA9NwRfalYhLwt4NhQyKmkyFzcLXEkbZjp1NQsTK3kuJGQheCJSFCpUVDU+OgA2UAMofjcmP1d4KiIHDWAIITwldTJQBCcJNzY8IXk9InAFQwsNJlJjIBc0WAM2UREhBjRVEDY

143.204.55.80

200 OK

1.2 kB

URL GET HTTP/2
ticalfelixstownru.info/ZGNWbzAFATUCDwVeNElFFg9rSgIiRmQpVBFTJhpUVBAyA10eBXgMXAsWMglCCw0iQV4BF3NddjAHEzUBMTQfN3s2EGU3YSUVEzhIBjcOKXI9JQw8fCU6c11yICIEWHoMNgEpXiIkF15xHiATInIyJx8JZR02Dyp4ECUyGAQyKBQlQzYhEwB2CRsCOlkHMRteCSU6FypYIDFvWHIeBAYuWTU0BghxNS9nIlslUz0ddw0QGihzCzYyKXEdAGcbWDZTDF1oNw8CPWcqJBNfVCMHPgQEICITSgImNhEhYyArYyt0CDEXNgA9NwRfalYhLwt4NhQyKmkyFzcLXEkbZjp1NQsTK3kuJGQheCJSFCpUVDU+OgA2UAMofjcmP1d4KiIHDWAIITwldTJQBCcJNzY8IXk9InAFQwsNJlJjIBc0WAM2UREhBjRVEDY
IP
143.204.55.80:443
ASN
#16509 AMAZON-02

Requested by
https://www.upload.ee/files/15851345/sadfok.hta.html?msg=sess_error
Certificate
IssuerAmazon
Subjectticalfelixstownru.info
Fingerprint86:76:7C:D2:5F:B7:F1:4A:DD:80:F6:D4:16:23:2B:37:97:3B:D1:C8
ValidityThu, 12 Oct 2023 00:00:00 GMT - Sat, 09 Nov 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3027), with no line terminators
Size
1.2 kB (1179 bytes)
Hash
27ccfdeedde4e87cf16c7b67a34d95e6
9b49b09d139c1f3c4c85bc69139664ff69463168
92f798311cbebece0ab8625dea2f5355d04328ec5630f1bd08a2697651ce3f81

HTTP Headers

GET /ZGNWbzAFATUCDwVeNElFFg9rSgIiRmQpVBFTJhpUVBAyA10eBXgMXAsWMglCCw0iQV4BF3NddjAHEzUBMTQfN3s2EGU3YSUVEzhIBjcOKXI9JQw8fCU6c11yICIEWHoMNgEpXiIkF15xHiATInIyJx8JZR02Dyp4ECUyGAQyKBQlQzYhEwB2CRsCOlkHMRteCSU6FypYIDFvWHIeBAYuWTU0BghxNS9nIlslUz0ddw0QGihzCzYyKXEdAGcbWDZTDF1oNw8CPWcqJBNfVCMHPgQEICITSgImNhEhYyArYyt0CDEXNgA9NwRfalYhLwt4NhQyKmkyFzcLXEkbZjp1NQsTK3kuJGQheCJSFCpUVDU+OgA2UAMofjcmP1d4KiIHDWAIITwldTJQBCcJNzY8IXk9InAFQwsNJlJjIBc0WAM2UREhBjRVEDY HTTP/1.1
Host: ticalfelixstownru.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: text/html
content-length: 1179
date: Thu, 26 Oct 2023 17:30:24 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 dbfaae0db03f11cf713bbcbdb25be4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: hMo3bZBUJ2UYIGEjIf_HsMQc8EbIxRL4zEXje9Z1ECW_rClUjbflIg==
X-Firefox-Spdy: h2

ismscoldnesfspl.info/emdOcUtVWC0CdiwgF0AGPy0lJwovISo2ESIlDz97IwstMgkyPmgFIh5ad0h8Tld2VzsTA3NAc1wUOhA/DxRzQG0TCSgedlwRc0BlSkl8X39cEnNAbQ4XLxZ2S0E+BT8WWn9HckJUekB/SFJ7R3g

104.21.20.251

204 No Content

0 B

URL GET HTTP/2
ismscoldnesfspl.info/emdOcUtVWC0CdiwgF0AGPy0lJwovISo2ESIlDz97IwstMgkyPmgFIh5ad0h8Tld2VzsTA3NAc1wUOhA/DxRzQG0TCSgedlwRc0BlSkl8X39cEnNAbQ4XLxZ2S0E+BT8WWn9HckJUekB/SFJ7R3g
IP
104.21.20.251:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.upload.ee/files/15851345/sadfok.hta.html?msg=sess_error
Certificate
IssuerGoogle Trust Services LLC
Subjectismscoldnesfspl.info
FingerprintA0:89:A4:0E:87:A8:62:EA:DC:42:35:82:62:8C:B6:CC:95:A1:9C:5E
ValidityThu, 12 Oct 2023 08:47:57 GMT - Wed, 10 Jan 2024 08:47:56 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /emdOcUtVWC0CdiwgF0AGPy0lJwovISo2ESIlDz97IwstMgkyPmgFIh5ad0h8Tld2VzsTA3NAc1wUOhA/DxRzQG0TCSgedlwRc0BlSkl8X39cEnNAbQ4XLxZ2S0E+BT8WWn9HckJUekB/SFJ7R3g HTTP/1.1
Host: ismscoldnesfspl.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
date: Thu, 26 Oct 2023 17:30:24 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=35EPjd64I4A%2B4xsCmBYD1XCtL7ypPsBCDeTTvSuOMqEOIwf0lPTtnuOOrAFOaEzlaHziW%2B6FS%2Bl2wZAShyt3sru%2Fu%2BvE%2BaV9v1E%2FxZb6FC7BqmZiP%2FrS0XPl%2FeNRPWhP2f5PNSj%2B3w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 81c46d511a2756cb-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ismscoldnesfspl.info/SHJqRmxnTQk1URwqPBU7HjBfEjs4ADMoOgwoWH8ELRkSLTUPM0wyBSxPU39be0RTYBwhFld3SjsGCzIZO09bYAUmFAV7Sj5PW2hffFxZckJ4VB97XW4GGicLdUNMNhg8Hld3WnFKWXJdfEBfc156

104.21.20.251

204 No Content

0 B

URL GET HTTP/2
ismscoldnesfspl.info/SHJqRmxnTQk1URwqPBU7HjBfEjs4ADMoOgwoWH8ELRkSLTUPM0wyBSxPU39be0RTYBwhFld3SjsGCzIZO09bYAUmFAV7Sj5PW2hffFxZckJ4VB97XW4GGicLdUNMNhg8Hld3WnFKWXJdfEBfc156
IP
104.21.20.251:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.upload.ee/files/15851345/sadfok.hta.html?msg=sess_error
Certificate
IssuerGoogle Trust Services LLC
Subjectismscoldnesfspl.info
FingerprintA0:89:A4:0E:87:A8:62:EA:DC:42:35:82:62:8C:B6:CC:95:A1:9C:5E
ValidityThu, 12 Oct 2023 08:47:57 GMT - Wed, 10 Jan 2024 08:47:56 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /SHJqRmxnTQk1URwqPBU7HjBfEjs4ADMoOgwoWH8ELRkSLTUPM0wyBSxPU39be0RTYBwhFld3SjsGCzIZO09bYAUmFAV7Sj5PW2hffFxZckJ4VB97XW4GGicLdUNMNhg8Hld3WnFKWXJdfEBfc156 HTTP/1.1
Host: ismscoldnesfspl.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
date: Thu, 26 Oct 2023 17:30:24 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u5%2F%2FFLw%2BM3vGXwQ3rQaXjK2oIs1RhEa34WXBLdg0Otel8k9wgoWhk5c7Y%2FNM4O1oIl%2FHG5J5dNrgiE0cfeM0aqPh5uAQ6oRhaLHxxVcCTbkzaJCsqtZGRF2kk0prplQDk8Zm78bSRw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 81c46d510a2456cb-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ismscoldnesfspl.info/WWJOTmx2XS09UTs6LTkONDQoHC01OhgYABggCBQ0DicHDTpoK2g6BT1fd3dbbVN6aBwwBnN/SioWLzoZKl9/aAU3BCFzSi9ff2BfbUx9ekJpRDtzXX8WPi8LZFNoPhgtDnN/WmBafXpdbVB7e1Vq

104.21.20.251

0 B

URL
ismscoldnesfspl.info/WWJOTmx2XS09UTs6LTkONDQoHC01OhgYABggCBQ0DicHDTpoK2g6BT1fd3dbbVN6aBwwBnN/SioWLzoZKl9/aAU3BCFzSi9ff2BfbUx9ekJpRDtzXX8WPi8LZFNoPhgtDnN/WmBafXpdbVB7e1Vq
IP
104.21.20.251:0
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectismscoldnesfspl.info
FingerprintA0:89:A4:0E:87:A8:62:EA:DC:42:35:82:62:8C:B6:CC:95:A1:9C:5E
ValidityThu, 12 Oct 2023 08:47:57 GMT - Wed, 10 Jan 2024 08:47:56 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /WWJOTmx2XS09UTs6LTkONDQoHC01OhgYABggCBQ0DicHDTpoK2g6BT1fd3dbbVN6aBwwBnN/SioWLzoZKl9/aAU3BCFzSi9ff2BfbUx9ekJpRDtzXX8WPi8LZFNoPhgtDnN/WmBafXpdbVB7e1Vq HTTP/1.1
Host: ismscoldnesfspl.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 204 No Content
date: Thu, 26 Oct 2023 17:30:24 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v2I3WByR2dBdXczCVHj4RWYkPh4lYGL8RtXcTkxtgcLaEwurLda3NYmsxJ3fZoxPXZzLCaAfeZEF2zx2eNPIvGq7pUrT%2FA%2FhE81UDubA7%2B0CNUbVa4WKmv7rfjHgKoMjvBKdZpQxhQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 81c46d511a2556cb-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

www.upload.ee/favicon.ico

51.91.30.159

200 OK

1.2 kB

URL GET HTTP/1.1
www.upload.ee/favicon.ico
IP
51.91.30.159:443
ASN
#16276 OVH SAS

Requested by
https://www.upload.ee/files/15851345/sadfok.hta.html?msg=sess_error
Certificate
IssuerDigiCert, Inc.
Subjectwww.upload.ee
Fingerprint50:32:93:34:C8:04:2F:84:49:77:0D:C4:DD:CA:79:C9:CB:3E:C0:F4
ValidityThu, 02 Mar 2023 00:00:00 GMT - Mon, 01 Apr 2024 23:59:59 GMT

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Size
1.2 kB (1150 bytes)
Hash
f299cf2e651c19e48d27900ced493ccb
c2d1086d517d7a26292e0d7b32da7c55b166c23b
115c8eb4840245f7aed0cb2a17fa7e91b86f79bb2f223a25af8cc533e1dedff1

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/files/15851345/sadfok.hta.html?msg=sess_error
Cookie: lng=eng; _ga_LT9YQX0N49=GS1.1.1698341425.1.0.1698341425.0.0.0; _ga=GA1.1.1617009934.1698341426
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 26 Oct 2023 17:30:25 GMT
Content-Type: image/x-icon
Content-Length: 1150
Last-Modified: Tue, 16 Dec 2008 17:17:25 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "4947e2a5-47e"
Expires: Thu, 02 Nov 2023 17:30:25 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
285bbba68b5592c22437bac94e89c841
eb59489bdc1ba05b6f270afac3b5d24c7b1c29b9
58892ccd9341b4335f930416670de4bbe22f70aad55bd7e111fa90337aa6cb98

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 26 Oct 2023 17:30:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
285bbba68b5592c22437bac94e89c841
eb59489bdc1ba05b6f270afac3b5d24c7b1c29b9
58892ccd9341b4335f930416670de4bbe22f70aad55bd7e111fa90337aa6cb98

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 26 Oct 2023 17:30:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ticalfelixstownru.info/utx?cb=LfasBCBfVsqq&top=www.upload.ee&tid=997369

143.204.55.80

0 B

URL
ticalfelixstownru.info/utx?cb=LfasBCBfVsqq&top=www.upload.ee&tid=997369
IP
143.204.55.80:0
ASN
#16509 AMAZON-02

Certificate
IssuerAmazon
Subjectticalfelixstownru.info
Fingerprint86:76:7C:D2:5F:B7:F1:4A:DD:80:F6:D4:16:23:2B:37:97:3B:D1:C8
ValidityThu, 12 Oct 2023 00:00:00 GMT - Sat, 09 Nov 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /utx?cb=LfasBCBfVsqq&top=www.upload.ee&tid=997369 HTTP/1.1
Host: ticalfelixstownru.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.upload.ee
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 204 No Content
date: Thu, 26 Oct 2023 17:30:25 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://www.upload.ee
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Thu, 26 Oct 2023 17:31:25 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 dbfaae0db03f11cf713bbcbdb25be4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: BBBxG5OK-ce7FigtjKinjCpJoYwh3P2LzQkrboUxemYxgUAei3eMWA==
X-Firefox-Spdy: h2

accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail

142.250.74.109

302 Found

0 B

URL GET HTTP/2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP
142.250.74.109:443
ASN
#15169 GOOGLE

Requested by
https://www.upload.ee/files/15851345/sadfok.hta.html?msg=sess_error
Certificate
IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
FingerprintC3:EF:CC:C7:6C:FD:21:E8:B0:08:50:37:0F:AC:B1:DD:AB:1D:1E:FF
ValidityThu, 28 Sep 2023 05:32:39 GMT - Thu, 21 Dec 2023 05:32:38 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:__3vg2L3QMcmKDz_6NasmVZDOI-4iA:ANYgvO-sVrBNcDN-; Expires=Sat, 25-Oct-2025 17:30:25 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 26 Oct 2023 17:30:25 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AVQVeyzDdZ2ZgDhtueE5brCBfpED16GC0wvzZ4kovokVHcYweFkbuvCBBqT24IsirDaX2S3FLSFR
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-_eQwkFsjXMsbvStYAD4rGg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: unsafe-none
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ticalfelixstownru.info/utx?cb=Jrk3uxt4eKBn&top=www.upload.ee&tid=997414

143.204.55.80

204 No Content

0 B

URL GET HTTP/2
ticalfelixstownru.info/utx?cb=Jrk3uxt4eKBn&top=www.upload.ee&tid=997414
IP
143.204.55.80:443
ASN
#16509 AMAZON-02

Requested by
https://www.upload.ee/files/15851345/sadfok.hta.html?msg=sess_error
Certificate
IssuerAmazon
Subjectticalfelixstownru.info
Fingerprint86:76:7C:D2:5F:B7:F1:4A:DD:80:F6:D4:16:23:2B:37:97:3B:D1:C8
ValidityThu, 12 Oct 2023 00:00:00 GMT - Sat, 09 Nov 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /utx?cb=Jrk3uxt4eKBn&top=www.upload.ee&tid=997414 HTTP/1.1
Host: ticalfelixstownru.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.upload.ee
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 204 No Content
date: Thu, 26 Oct 2023 17:30:25 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://www.upload.ee
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Thu, 26 Oct 2023 17:31:25 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 dbfaae0db03f11cf713bbcbdb25be4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 7S1F2Q9hdtu4nfbJj_WhH7ddAomSzdKt75zB-sp3Vf6xMvLtMTt_lg==
X-Firefox-Spdy: h2

accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube

142.250.74.109

302 Found

0 B

URL GET HTTP/2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP
142.250.74.109:443
ASN
#15169 GOOGLE

Requested by
https://www.upload.ee/files/15851345/sadfok.hta.html?msg=sess_error
Certificate
IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
FingerprintC3:EF:CC:C7:6C:FD:21:E8:B0:08:50:37:0F:AC:B1:DD:AB:1D:1E:FF
ValidityThu, 28 Sep 2023 05:32:39 GMT - Thu, 21 Dec 2023 05:32:38 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:OYLrDqMBanQSllHH1evisFRkGOI1tg:S38q6cklOAMn3IY5; Expires=Sat, 25-Oct-2025 17:30:25 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 26 Oct 2023 17:30:25 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AVQVeyxqVf376BHPyVm54vnBq8borf15CXFBupG212T_0KkaHtOis3ywJZa2yFbN1k8diDq7ukjkdQ
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy: unsafe-none
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'nonce-W4gDkawhZowlK3FRsNIINQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

du0pud0sdlmzf.cloudfront.net/YMlpoekdRNQYceEYzDEd+C21bTH4UMBsVKUJnPS4MQTMqHyxnAB8XNQsXTg49VmdYXCtTNA9HYVc0C0d2FDsMGHoGfBwKKFlnGhMqRDgLFSVWM04PJg83BwAuXjYJX3V0b0ZKYgBqQAJ2A39bOGIAagQTKUciTUh3SmJeJXEGf1s4YgBqGgxiARtZSn4cak-FfdQI9DRksXX9aPHUCa1hKdgJrTUh3VDMaHyFdIk1IAQNrWVR3FC9VSw

143.204.42.211

617 B

URL
du0pud0sdlmzf.cloudfront.net/YMlpoekdRNQYceEYzDEd+C21bTH4UMBsVKUJnPS4MQTMqHyxnAB8XNQsXTg49VmdYXCtTNA9HYVc0C0d2FDsMGHoGfBwKKFlnGhMqRDgLFSVWM04PJg83BwAuXjYJX3V0b0ZKYgBqQAJ2A39bOGIAagQTKUciTUh3SmJeJXEGf1s4YgBqGgxiARtZSn4cak-FfdQI9DRksXX9aPHUCa1hKdgJrTUh3VDMaHyFdIk1IAQNrWVR3FC9VSw
IP
143.204.42.211:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (879), with no line terminators
Size
617 B (617 bytes)
Hash
f57601e61bd2207c4c94b11887fed35c
406910fa9fa01142ecf43ac5a0764327e0046aed
37de80917cfb3427597d7e8c7f23f157c43b46a537319ab3d6a89d98616c4a72

HTTP Headers

GET /YMlpoekdRNQYceEYzDEd+C21bTH4UMBsVKUJnPS4MQTMqHyxnAB8XNQsXTg49VmdYXCtTNA9HYVc0C0d2FDsMGHoGfBwKKFlnGhMqRDgLFSVWM04PJg83BwAuXjYJX3V0b0ZKYgBqQAJ2A39bOGIAagQTKUciTUh3SmJeJXEGf1s4YgBqGgxiARtZSn4cak-FfdQI9DRksXX9aPHUCa1hKdgJrTUh3VDMaHyFdIk1IAQNrWVR3FC9VSw HTTP/1.1
Host: du0pud0sdlmzf.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ticalfelixstownru.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-length: 617
date: Thu, 26 Oct 2023 17:30:25 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 a6d89f7e2d55548b941f1ff5d5b3c8d4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Os4vAkmK1OFKDQ0M8oBRdY55yDSKroblVvAuVNBe_C0v9GOpLi5qaA==
X-Firefox-Spdy: h2

accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AVQVeyzDdZ2ZgDhtueE5brCBfpED16GC0wvzZ4kovokVHcYweFkbuvCBBqT24IsirDaX2S3FLSFR

142.250.74.109

302 Found

402 B

URL GET HTTP/2
accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AVQVeyzDdZ2ZgDhtueE5brCBfpED16GC0wvzZ4kovokVHcYweFkbuvCBBqT24IsirDaX2S3FLSFR
IP
142.250.74.109:443
ASN
#15169 GOOGLE

Requested by
https://www.upload.ee/files/15851345/sadfok.hta.html?msg=sess_error
Certificate
IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
FingerprintC3:EF:CC:C7:6C:FD:21:E8:B0:08:50:37:0F:AC:B1:DD:AB:1D:1E:FF
ValidityThu, 28 Sep 2023 05:32:39 GMT - Thu, 21 Dec 2023 05:32:38 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (394)
Size
402 B (402 bytes)
Hash
286f4147799ddc347a8eccea4c9bba02
5be47cf0880e490e8cfce1ab04238cc524e9daf8
88f7047378c9e82fc0fa3cfb9c7a7807cec7a88f44fc60ea6d5012bd2d06d5f7

HTTP Headers

GET /InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AVQVeyzDdZ2ZgDhtueE5brCBfpED16GC0wvzZ4kovokVHcYweFkbuvCBBqT24IsirDaX2S3FLSFR HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:k-DUw0eF4jsErz6aoxx5xVYdKZEU8Q:fxwDPJdpgxl7BsoJ;Path=/;Expires=Sat, 25-Oct-2025 17:30:25 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 26 Oct 2023 17:30:25 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AVQVeywVUpWxqK18s-NTnAUk7NBA1Q1rAaReHxo7gZSnrAOY0V5QFuFaPBpERw6oH5lDDOftIXhW2Q&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S889887731%3A1698341425341842&theme=glif
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-uPp8IY9zGo_Qd7L98nVBvg' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 402
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
4b6a32d56d9cb7328aaab78926acda91
2f85bb8c58223c6bc24ffbf8a90797ce62388495
dc0646907d82d407bb70478f1527bff3fe4ba388604831bf3b70ddb99bed1f98

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 26 Oct 2023 17:30:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

du0pud0sdlmzf.cloudfront.net/Db1dVVFEMODsybhs+MWloVmBhZGlJPSY7Px9qPjsaLg8bOhtXJRgDaUkjLzBsX3E5NT8IanMxPwxqZHIwCzVoYHcaNmg5PhU+OTgwSmUTYX9fcmdkeRdmZHFiLXJnZD0GOSAsdF1nLWxnMGFhcWItcmdkIxlyZhVgX257ZHhKZWUzNAw8OnFjKWVlZWFfZm-VldF1nMz0jCjE6LHRdEWRlYEFncyFsXg

143.204.42.211

196 B

URL
du0pud0sdlmzf.cloudfront.net/Db1dVVFEMODsybhs+MWloVmBhZGlJPSY7Px9qPjsaLg8bOhtXJRgDaUkjLzBsX3E5NT8IanMxPwxqZHIwCzVoYHcaNmg5PhU+OTgwSmUTYX9fcmdkeRdmZHFiLXJnZD0GOSAsdF1nLWxnMGFhcWItcmdkIxlyZhVgX257ZHhKZWUzNAw8OnFjKWVlZWFfZm-VldF1nMz0jCjE6LHRdEWRlYEFncyFsXg
IP
143.204.42.211:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
196 B (196 bytes)
Hash
d80920e507d12870af0fc2ab0aff7cbf
9d905d11acb6636414d566e1dd3c3944c2fe11df
d40fce86282ed8a81d015504d4e7143f60db297bc42bfbcb552e51b10b9ef0b0

HTTP Headers

GET /Db1dVVFEMODsybhs+MWloVmBhZGlJPSY7Px9qPjsaLg8bOhtXJRgDaUkjLzBsX3E5NT8IanMxPwxqZHIwCzVoYHcaNmg5PhU+OTgwSmUTYX9fcmdkeRdmZHFiLXJnZD0GOSAsdF1nLWxnMGFhcWItcmdkIxlyZhVgX257ZHhKZWUzNAw8OnFjKWVlZWFfZm-VldF1nMz0jCjE6LHRdEWRlYEFncyFsXg HTTP/1.1
Host: du0pud0sdlmzf.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ticalfelixstownru.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-length: 196
date: Thu, 26 Oct 2023 17:30:25 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 a6d89f7e2d55548b941f1ff5d5b3c8d4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: nN3N86bo-0jdLZyeyOfGPdsxPw_kUTZ_sNXBLjMoERvMMcLq-J9DKg==
X-Firefox-Spdy: h2

du0pud0sdlmzf.cloudfront.net/TdEZ1UWIXKRs3XQAvEWxbTXFBYFZSLAY+DAR7JhUWFnFGA1AzCEMBVDIfUyUYEHtFdw4VKBJsRBEoFmxTUicRM19AYAEhDR97BzgPAiQWPgAQL1MkA0krGisLGCoUdFAyc1thR0Z2XSlTRWNGE0dGdhk4DAE+UGNSDH5DDlRAY0YTR0Z2BydHRwdEYVtadl-x0UEQhEDIJG2NHF1BEd0VhU0R3UGNSEi8HNAQbPlBjJEV3RH9SUjNIYA

143.204.42.211

585 B

URL
du0pud0sdlmzf.cloudfront.net/TdEZ1UWIXKRs3XQAvEWxbTXFBYFZSLAY+DAR7JhUWFnFGA1AzCEMBVDIfUyUYEHtFdw4VKBJsRBEoFmxTUicRM19AYAEhDR97BzgPAiQWPgAQL1MkA0krGisLGCoUdFAyc1thR0Z2XSlTRWNGE0dGdhk4DAE+UGNSDH5DDlRAY0YTR0Z2BydHRwdEYVtadl-x0UEQhEDIJG2NHF1BEd0VhU0R3UGNSEi8HNAQbPlBjJEV3RH9SUjNIYA
IP
143.204.42.211:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (811), with no line terminators
Size
585 B (585 bytes)
Hash
24bcad56a653bb04fd89a99bb059fd16
595c40828f20ea3f40fc55ba2bcaac235062bc83
e8aafbb3bdb35a9ccd68933dfb4a5f6cf5e639936ce7f1cec70408d80150d88a

HTTP Headers

GET /TdEZ1UWIXKRs3XQAvEWxbTXFBYFZSLAY+DAR7JhUWFnFGA1AzCEMBVDIfUyUYEHtFdw4VKBJsRBEoFmxTUicRM19AYAEhDR97BzgPAiQWPgAQL1MkA0krGisLGCoUdFAyc1thR0Z2XSlTRWNGE0dGdhk4DAE+UGNSDH5DDlRAY0YTR0Z2BydHRwdEYVtadl-x0UEQhEDIJG2NHF1BEd0VhU0R3UGNSEi8HNAQbPlBjJEV3RH9SUjNIYA HTTP/1.1
Host: du0pud0sdlmzf.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ticalfelixstownru.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-length: 585
date: Thu, 26 Oct 2023 17:30:25 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 a6d89f7e2d55548b941f1ff5d5b3c8d4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: NJYA9wZ0WEfTFENth9TBf9q1_wBPVlA0VbSgFeSBtDpMRSddlWSZVQ==
X-Firefox-Spdy: h2

accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AVQVeyxqVf376BHPyVm54vnBq8borf15CXFBupG212T_0KkaHtOis3ywJZa2yFbN1k8diDq7ukjkdQ

142.250.74.109

302 Found

408 B

URL GET HTTP/3
accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AVQVeyxqVf376BHPyVm54vnBq8borf15CXFBupG212T_0KkaHtOis3ywJZa2yFbN1k8diDq7ukjkdQ
IP
142.250.74.109:443
ASN
#15169 GOOGLE

Requested by
https://www.upload.ee/files/15851345/sadfok.hta.html?msg=sess_error
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
FingerprintC9:4D:78:AD:EC:04:27:EE:F0:06:4C:C8:78:D8:9F:06:B5:CC:39:37
ValidityThu, 28 Sep 2023 05:26:21 GMT - Thu, 21 Dec 2023 05:26:20 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (399)
Size
408 B (408 bytes)
Hash
1367a2f9b47c0d4a47b3975455107f25
487bc8251e35aaba75339ee60f51bae543f21f98
0bd35d86cec84535d49a336bd1836917b0951643a6aa542e076d72c715052b4e

HTTP Headers

GET /InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AVQVeyxqVf376BHPyVm54vnBq8borf15CXFBupG212T_0KkaHtOis3ywJZa2yFbN1k8diDq7ukjkdQ HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:cUP0k7xG7jIXmi4cCwwKkv6s7Aogwg:ZM3i3Zvkl8mOt7LY;Path=/;Expires=Sat, 25-Oct-2025 17:30:25 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 26 Oct 2023 17:30:25 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AVQVeyx0mFx39QNTh2J88oaAv2KvM-UNgEezqQBbZntawhXQEL08vdhAjWlbJaeY_biF29FWHJi00A&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-854786419%3A1698341425450044&theme=glif
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-QdItITGGhNqueJefAkXGWg' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 408
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

ismscoldnesfspl.info/popunder.gif

104.21.20.251

200 OK

2.3 kB

URL GET HTTP/3
ismscoldnesfspl.info/popunder.gif
IP
104.21.20.251:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.upload.ee/files/15851345/sadfok.hta.html?msg=sess_error
Certificate
IssuerGoogle Trust Services LLC
Subjectismscoldnesfspl.info
FingerprintA0:89:A4:0E:87:A8:62:EA:DC:42:35:82:62:8C:B6:CC:95:A1:9C:5E
ValidityThu, 12 Oct 2023 08:47:57 GMT - Wed, 10 Jan 2024 08:47:56 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
2.3 kB (2289 bytes)
Hash
5a40277b4d481d7993971f25fa6bd1e4
8359bb47cc4e444b0909a50c9e66821f69a52538
528d2c1bce5b88cd627a6c5dd171def1fdb70b11e20b5785521f4c86b7330e92

HTTP Headers

GET /popunder.gif HTTP/1.1
Host: ismscoldnesfspl.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 26 Oct 2023 17:30:25 GMT
content-type: image/gif
access-control-allow-origin: *
pragma: public
cache-control: public, max-age=604800, immutable
cf-cache-status: HIT
age: 914
last-modified: Thu, 26 Oct 2023 17:15:11 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vo2oDP64vpwOjCLINtp29qYudBEmTvBeJLDyb4B8nnbZPcr43erbJQOpRmW2inAZnFuUwLp%2BD4eYDoBbDozyR6kLEl%2BPcrwyYG4gLfzWqLV0xqLb7fMc7Wdlf43DmqkdWSw%2B9iEYpw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 81c46d55087256c0-OSL
alt-svc: h3=":443"; ma=86400

static.bepolite.eu/scripts/saresponsive.js

212.47.222.20

200 OK

177 kB

URL GET HTTP/2
static.bepolite.eu/scripts/saresponsive.js
IP
212.47.222.20:443
ASN
#3327 CITIC Telecom CPC Netherlands B.V.

Requested by
https://www.upload.ee/files/15851345/sadfok.hta.html?msg=sess_error
Certificate
IssuerLet's Encrypt
Subjectstatic.bepolite.eu
FingerprintB7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD
ValidityMon, 04 Sep 2023 21:06:47 GMT - Sun, 03 Dec 2023 21:06:46 GMT

File type
ASCII text, with very long lines (32077), with CRLF line terminators
Size
177 kB (176966 bytes)
Hash
8b966d35075632aae6108d54928c2ae9
c76f1c7ab28ade483e7a852c049eeb5bddaf4e5e
da22da01f20d28d9171f8107e155ca01f9811d6abcd3b64dbeb832ec6c34578e

HTTP Headers

GET /scripts/saresponsive.js HTTP/1.1
Host: static.bepolite.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: application/javascript
accept-ranges: bytes
etag: "3036610600"
last-modified: Mon, 09 Oct 2023 23:05:33 GMT
content-length: 176966
date: Thu, 26 Oct 2023 17:30:01 GMT
cache-control: must-revalidate, private
expires: -1
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 924827480
age: 0
X-Firefox-Spdy: h2

ocsp.r2m02.amazontrust.com/

54.230.218.11

471 B

URL
ocsp.r2m02.amazontrust.com/
IP
54.230.218.11:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
ef6101d80c8513d0ac775ee8590c6daf
6b8d93a7f121c3cc5329c8605d7ab8cab5fb86f2
e2eb65fe693792d567f245c4e8e21da3da713c736db0bfb28de2354422cc7838

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m02.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Thu, 26 Oct 2023 17:30:26 GMT
Last-Modified: Thu, 26 Oct 2023 16:18:42 GMT
Server: ECAcc (ska/F69C)
X-Cache: Miss from cloudfront
Via: 1.1 04c4f064943f75498361739eb063cb7a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: QcVmiZwIsbPcdetI1t5hnq1NX2MKUCr_JzZFRQFPcrlQ7kJw0IkJiQ==
Age: 4304

banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFw49J5M8b59LB6KjmzvcyzXpTQMUGJGl_xhadLxbDv9G-nbj_GGKyO8D1O0uQtK2sjWaroYCbRNHDAxkqc3T_zqL5hPN9TAG87FJj4XflR_kNxlBmTeS8aIrMsHFx7RLVif-jAupxPB1hGVM_v5Rsszzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1-evhWID3ORXadlzh-PDTFyohtAUnWvPFvxHzT-ywuaqFN0px0PrukqcX27oIItUza5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFw49J5M8b59LB6KjmzvcyzXpTQMUGJGl_xhadLxbDv9G-nbj_GGKyO8D1O0uQtK2sjWaroYCbRNHDAxkqc3T_zqL5hPN9TAG87FJj4XflR_kNxlBmTeS8aIrMsHFx7RLVif-jAupxPB1hGVM_v5Rsszzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1-evhWID3ORXadlzh-PDTFyohtAUnWvPFvxHzT-ywuaqFN0px0PrukqcX27oIItUza5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=d0e67994dc7f4c0c89c220c278dae86e50dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner

18.194.32.185

200 OK

1.8 kB

URL GET HTTP/2
banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFw49J5M8b59LB6KjmzvcyzXpTQMUGJGl_xhadLxbDv9G-nbj_GGKyO8D1O0uQtK2sjWaroYCbRNHDAxkqc3T_zqL5hPN9TAG87FJj4XflR_kNxlBmTeS8aIrMsHFx7RLVif-jAupxPB1hGVM_v5Rsszzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1-evhWID3ORXadlzh-PDTFyohtAUnWvPFvxHzT-ywuaqFN0px0PrukqcX27oIItUza5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFw49J5M8b59LB6KjmzvcyzXpTQMUGJGl_xhadLxbDv9G-nbj_GGKyO8D1O0uQtK2sjWaroYCbRNHDAxkqc3T_zqL5hPN9TAG87FJj4XflR_kNxlBmTeS8aIrMsHFx7RLVif-jAupxPB1hGVM_v5Rsszzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1-evhWID3ORXadlzh-PDTFyohtAUnWvPFvxHzT-ywuaqFN0px0PrukqcX27oIItUza5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=d0e67994dc7f4c0c89c220c278dae86e50dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
IP
18.194.32.185:443
ASN
#16509 AMAZON-02

Requested by
https://www.upload.ee/files/15851345/sadfok.hta.html?msg=sess_error
Certificate
IssuerAmazon
Subject*.hookusbookus.com
FingerprintCD:CD:3C:03:66:21:F8:A9:21:BC:F8:C8:3C:DC:88:0A:C5:19:F1:7A
ValiditySun, 07 May 2023 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT

File type
gzip compressed data, from Unix\012- data
Size
1.8 kB (1848 bytes)
Hash
ecc676685a4cf841761bbbbff955a50f
dfde4b9e5ba045069a8d72e2d4d516391e70fa9e
4fd45ff09198233dd9564b065671ac8b64ec14c04e5c063cfce72ef5e6ce4c12

HTTP Headers

GET /index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFw49J5M8b59LB6KjmzvcyzXpTQMUGJGl_xhadLxbDv9G-nbj_GGKyO8D1O0uQtK2sjWaroYCbRNHDAxkqc3T_zqL5hPN9TAG87FJj4XflR_kNxlBmTeS8aIrMsHFx7RLVif-jAupxPB1hGVM_v5Rsszzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1-evhWID3ORXadlzh-PDTFyohtAUnWvPFvxHzT-ywuaqFN0px0PrukqcX27oIItUza5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFw49J5M8b59LB6KjmzvcyzXpTQMUGJGl_xhadLxbDv9G-nbj_GGKyO8D1O0uQtK2sjWaroYCbRNHDAxkqc3T_zqL5hPN9TAG87FJj4XflR_kNxlBmTeS8aIrMsHFx7RLVif-jAupxPB1hGVM_v5Rsszzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1-evhWID3ORXadlzh-PDTFyohtAUnWvPFvxHzT-ywuaqFN0px0PrukqcX27oIItUza5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=d0e67994dc7f4c0c89c220c278dae86e50dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 26 Oct 2023 17:30:26 GMT
content-type: text/html
server: nginx/1.15.12
last-modified: Tue, 24 Jan 2023 14:19:47 GMT
vary: Accept-Encoding
etag: W/"63cfe903-1781"
content-encoding: gzip
X-Firefox-Spdy: h2

banner.hookusbookus.com/config/config.js?v=1

18.194.32.185

200 OK

75 B

URL GET HTTP/2
banner.hookusbookus.com/config/config.js?v=1
IP
18.194.32.185:443
ASN
#16509 AMAZON-02

Requested by
https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFw49J5M8b59LB6KjmzvcyzXpTQMUGJGl_xhadLxbDv9G-nbj_GGKyO8D1O0uQtK2sjWaroYCbRNHDAxkqc3T_zqL5hPN9TAG87FJj4XflR_kNxlBmTeS8aIrMsHFx7RLVif-jAupxPB1hGVM_v5Rsszzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1-evhWID3ORXadlzh-PDTFyohtAUnWvPFvxHzT-ywuaqFN0px0PrukqcX27oIItUza5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFw49J5M8b59LB6KjmzvcyzXpTQMUGJGl_xhadLxbDv9G-nbj_GGKyO8D1O0uQtK2sjWaroYCbRNHDAxkqc3T_zqL5hPN9TAG87FJj4XflR_kNxlBmTeS8aIrMsHFx7RLVif-jAupxPB1hGVM_v5Rsszzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1-evhWID3ORXadlzh-PDTFyohtAUnWvPFvxHzT-ywuaqFN0px0PrukqcX27oIItUza5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=d0e67994dc7f4c0c89c220c278dae86e50dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate
IssuerAmazon
Subject*.hookusbookus.com
FingerprintCD:CD:3C:03:66:21:F8:A9:21:BC:F8:C8:3C:DC:88:0A:C5:19:F1:7A
ValiditySun, 07 May 2023 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT

File type
ASCII text
Size
75 B (75 bytes)
Hash
ee16e21326dec006274a554647c4d759
8e4389c35e12ea6d1e4d7214c174fda343047865
5ccb649c18765165e7128191ea14ab53d8de87d6ad7eea29328b681d455d7a4f

HTTP Headers

GET /config/config.js?v=1 HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFw49J5M8b59LB6KjmzvcyzXpTQMUGJGl_xhadLxbDv9G-nbj_GGKyO8D1O0uQtK2sjWaroYCbRNHDAxkqc3T_zqL5hPN9TAG87FJj4XflR_kNxlBmTeS8aIrMsHFx7RLVif-jAupxPB1hGVM_v5Rsszzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1-evhWID3ORXadlzh-PDTFyohtAUnWvPFvxHzT-ywuaqFN0px0PrukqcX27oIItUza5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFw49J5M8b59LB6KjmzvcyzXpTQMUGJGl_xhadLxbDv9G-nbj_GGKyO8D1O0uQtK2sjWaroYCbRNHDAxkqc3T_zqL5hPN9TAG87FJj4XflR_kNxlBmTeS8aIrMsHFx7RLVif-jAupxPB1hGVM_v5Rsszzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1-evhWID3ORXadlzh-PDTFyohtAUnWvPFvxHzT-ywuaqFN0px0PrukqcX27oIItUza5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=d0e67994dc7f4c0c89c220c278dae86e50dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 26 Oct 2023 17:30:26 GMT
content-type: application/javascript
content-length: 75
server: nginx/1.15.12
last-modified: Tue, 24 Jan 2023 14:19:47 GMT
etag: "63cfe903-4b"
accept-ranges: bytes
X-Firefox-Spdy: h2

pogothere.xyz/

172.67.220.203

200 OK

1.5 kB

URL GET HTTP/2
pogothere.xyz/
IP
172.67.220.203:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.upload.ee/files/15851345/sadfok.hta.html?msg=sess_error
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint17:F9:2D:6F:B5:5E:5F:37:A6:FB:BE:61:4F:97:64:33:85:5C:3A:FB
ValidityTue, 28 Feb 2023 00:00:00 GMT - Tue, 27 Feb 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
1.5 kB (1526 bytes)
Hash
1d84a482898d96628ff7956faefcf03b
322fa6f23ed4c3935fffcb57e1780dd0fc8d560c
dd9ff0a5dafc55c586fd0fb0a98ce2c5c7d0917b9de0ef69f59f0343496fd1ba

HTTP Headers

GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
Origin: https://www.upload.ee
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 26 Oct 2023 17:30:25 GMT
content-type: text/plain
set-cookie: csu=1336198529669061@1@1698341425; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://www.upload.ee
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1%2BZ18Zqa0fYVobmV3fkypvQWg3OClfVhXviZwiCIRTvdjRfgNW7tZYB7tDPkKFB%2BU7caey2tfNMVAr9uZvtNeJ8gZfjl14yoWvsYAi%2FZf1uIGALzPBnz0CHI19XVhzJL"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 81c46d5398b05697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYFw49J5M8b59LB6KjmzvcyzXpTQMUGJGl_xhadLxbDv9G-nbj_GGKyO8D1O0uQtK2sjWaroYCbRNHDAxkqc3T_zqL5hPN9TAG87FJj4XflR_kNxlBmTeS8aIrMsHFx7RLVif-jAupxPB1hGVM_v5Rsszzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1lOBTrB2gNvK4ykboohAFg9GiTK6hksTtZYDcAaR_SLbZUMMdoZrmihwdxucuHa1za5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g

212.47.222.20

200 OK

0 B

URL GET HTTP/2
serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYFw49J5M8b59LB6KjmzvcyzXpTQMUGJGl_xhadLxbDv9G-nbj_GGKyO8D1O0uQtK2sjWaroYCbRNHDAxkqc3T_zqL5hPN9TAG87FJj4XflR_kNxlBmTeS8aIrMsHFx7RLVif-jAupxPB1hGVM_v5Rsszzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1lOBTrB2gNvK4ykboohAFg9GiTK6hksTtZYDcAaR_SLbZUMMdoZrmihwdxucuHa1za5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g
IP
212.47.222.20:443
ASN
#3327 CITIC Telecom CPC Netherlands B.V.

Requested by
https://www.upload.ee/files/15851345/sadfok.hta.html?msg=sess_error
Certificate
IssuerLet's Encrypt
Subjectstatic.bepolite.eu
FingerprintB7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD
ValidityMon, 04 Sep 2023 21:06:47 GMT - Sun, 03 Dec 2023 21:06:46 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /event?key=FYFWuDany3hwv6rfuoAYFw49J5M8b59LB6KjmzvcyzXpTQMUGJGl_xhadLxbDv9G-nbj_GGKyO8D1O0uQtK2sjWaroYCbRNHDAxkqc3T_zqL5hPN9TAG87FJj4XflR_kNxlBmTeS8aIrMsHFx7RLVif-jAupxPB1hGVM_v5Rsszzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1lOBTrB2gNvK4ykboohAFg9GiTK6hksTtZYDcAaR_SLbZUMMdoZrmihwdxucuHa1za5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g HTTP/1.1
Host: serving.bepolite.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Cookie: bepolite_id=37de9fb898f3d239e0976b68c63316a7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-length: 0
date: Thu, 26 Oct 2023 17:30:14 GMT
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 926106221
age: 0
accept-ranges: bytes
X-Firefox-Spdy: h2

serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYFw49J5M8b59LB6KjmzvcyzXpTQMUGJGl_xhadLxbDv9G-nbj_GGKyO8D1O0uQtK2sjWaroYCbRNHDAxkqc3T_zqL5hPN9TAG87FJj4XflR_kNxlBmTeS8aIrMsHFx7RLVif-jAupxPB1hGVM_v5Rsszzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1-evhWID3ORXadlzh-PDTFyohtAUnWvPFvxHzT-ywuaqFN0px0PrukqcX27oIItUza5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g

212.47.222.20

200 OK

0 B

URL GET HTTP/2
serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYFw49J5M8b59LB6KjmzvcyzXpTQMUGJGl_xhadLxbDv9G-nbj_GGKyO8D1O0uQtK2sjWaroYCbRNHDAxkqc3T_zqL5hPN9TAG87FJj4XflR_kNxlBmTeS8aIrMsHFx7RLVif-jAupxPB1hGVM_v5Rsszzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1-evhWID3ORXadlzh-PDTFyohtAUnWvPFvxHzT-ywuaqFN0px0PrukqcX27oIItUza5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g
IP
212.47.222.20:443
ASN
#3327 CITIC Telecom CPC Netherlands B.V.

Requested by
https://www.upload.ee/files/15851345/sadfok.hta.html?msg=sess_error
Certificate
IssuerLet's Encrypt
Subjectstatic.bepolite.eu
FingerprintB7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD
ValidityMon, 04 Sep 2023 21:06:47 GMT - Sun, 03 Dec 2023 21:06:46 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /event?key=FYFWuDany3hwv6rfuoAYFw49J5M8b59LB6KjmzvcyzXpTQMUGJGl_xhadLxbDv9G-nbj_GGKyO8D1O0uQtK2sjWaroYCbRNHDAxkqc3T_zqL5hPN9TAG87FJj4XflR_kNxlBmTeS8aIrMsHFx7RLVif-jAupxPB1hGVM_v5Rsszzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1-evhWID3ORXadlzh-PDTFyohtAUnWvPFvxHzT-ywuaqFN0px0PrukqcX27oIItUza5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g HTTP/1.1
Host: serving.bepolite.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Cookie: bepolite_id=37de9fb898f3d239e0976b68c63316a7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-length: 0
date: Thu, 26 Oct 2023 17:30:14 GMT
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 921958646
age: 0
accept-ranges: bytes
X-Firefox-Spdy: h2

banner.hookusbookus.com/assets/css/index_300x600.css

18.194.32.185

200 OK

4.4 kB

URL GET HTTP/2
banner.hookusbookus.com/assets/css/index_300x600.css
IP
18.194.32.185:443
ASN
#16509 AMAZON-02

Requested by
https://banner.hookusbookus.com/index_300x600.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFw49J5M8b59LB6KjmzvcyzXpTQMUGJGl_xhadLxbDv9G-nbj_GGKyO8D1O0uQtK2sjWaroYCbRNHDAxkqc3T_zqL5hPN9TAG87FJj4XflR_kNxlBmTeS8aIrMsHFx7RLVif-jAupxPB1hGVM_v5Rsszzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1lOBTrB2gNvK4ykboohAFg9GiTK6hksTtZYDcAaR_SLbZUMMdoZrmihwdxucuHa1za5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFw49J5M8b59LB6KjmzvcyzXpTQMUGJGl_xhadLxbDv9G-nbj_GGKyO8D1O0uQtK2sjWaroYCbRNHDAxkqc3T_zqL5hPN9TAG87FJj4XflR_kNxlBmTeS8aIrMsHFx7RLVif-jAupxPB1hGVM_v5Rsszzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1lOBTrB2gNvK4ykboohAFg9GiTK6hksTtZYDcAaR_SLbZUMMdoZrmihwdxucuHa1za5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_300x600.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=764e06c42a714b508c6da8df6296025f50dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=300&h=600&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate
IssuerAmazon
Subject*.hookusbookus.com
FingerprintCD:CD:3C:03:66:21:F8:A9:21:BC:F8:C8:3C:DC:88:0A:C5:19:F1:7A
ValiditySun, 07 May 2023 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT

File type
gzip compressed data, from Unix\012- data
Size
4.4 kB (4385 bytes)
Hash
44dc7faf9401dd950ee6ed7123d05150
173e48a90adf759171cd5679ee6782057ab2a0ba
de081a88455533044964cd1aa09dae647ccd35c3421ebfff052769a85f956642

HTTP Headers

GET /assets/css/index_300x600.css HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/index_300x600.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFw49J5M8b59LB6KjmzvcyzXpTQMUGJGl_xhadLxbDv9G-nbj_GGKyO8D1O0uQtK2sjWaroYCbRNHDAxkqc3T_zqL5hPN9TAG87FJj4XflR_kNxlBmTeS8aIrMsHFx7RLVif-jAupxPB1hGVM_v5Rsszzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1lOBTrB2gNvK4ykboohAFg9GiTK6hksTtZYDcAaR_SLbZUMMdoZrmihwdxucuHa1za5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFw49J5M8b59LB6KjmzvcyzXpTQMUGJGl_xhadLxbDv9G-nbj_GGKyO8D1O0uQtK2sjWaroYCbRNHDAxkqc3T_zqL5hPN9TAG87FJj4XflR_kNxlBmTeS8aIrMsHFx7RLVif-jAupxPB1hGVM_v5Rsszzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1lOBTrB2gNvK4ykboohAFg9GiTK6hksTtZYDcAaR_SLbZUMMdoZrmihwdxucuHa1za5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_300x600.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=764e06c42a714b508c6da8df6296025f50dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=300&h=600&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 26 Oct 2023 17:30:26 GMT
content-type: text/css
server: nginx/1.15.12
last-modified: Mon, 05 Jul 2021 19:56:59 GMT
vary: Accept-Encoding
etag: W/"60e3640b-1c4f"
content-encoding: gzip
X-Firefox-Spdy: h2

banner.hookusbookus.com/assets/css/index_1000x200.css

18.194.32.185

200 OK

54 kB

URL GET HTTP/2
banner.hookusbookus.com/assets/css/index_1000x200.css
IP
18.194.32.185:443
ASN
#16509 AMAZON-02

Requested by
https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFw49J5M8b59LB6KjmzvcyzXpTQMUGJGl_xhadLxbDv9G-nbj_GGKyO8D1O0uQtK2sjWaroYCbRNHDAxkqc3T_zqL5hPN9TAG87FJj4XflR_kNxlBmTeS8aIrMsHFx7RLVif-jAupxPB1hGVM_v5Rsszzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1-evhWID3ORXadlzh-PDTFyohtAUnWvPFvxHzT-ywuaqFN0px0PrukqcX27oIItUza5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFw49J5M8b59LB6KjmzvcyzXpTQMUGJGl_xhadLxbDv9G-nbj_GGKyO8D1O0uQtK2sjWaroYCbRNHDAxkqc3T_zqL5hPN9TAG87FJj4XflR_kNxlBmTeS8aIrMsHFx7RLVif-jAupxPB1hGVM_v5Rsszzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1-evhWID3ORXadlzh-PDTFyohtAUnWvPFvxHzT-ywuaqFN0px0PrukqcX27oIItUza5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=d0e67994dc7f4c0c89c220c278dae86e50dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate
IssuerAmazon
Subject*.hookusbookus.com
FingerprintCD:CD:3C:03:66:21:F8:A9:21:BC:F8:C8:3C:DC:88:0A:C5:19:F1:7A
ValiditySun, 07 May 2023 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT

File type
gzip compressed data, from Unix\012- data
Size
54 kB (54250 bytes)
Hash
8204d572a785d41b6f1f9f4bf7ec0a05
b71dc5d09c4c05d667172cd113871dac5ad8c9b6
bdc70b44e923fa4c9b46f38df55e726b1ff22bd5c9d0d384b8dadc3bea67e954

HTTP Headers

GET /assets/css/index_1000x200.css HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFw49J5M8b59LB6KjmzvcyzXpTQMUGJGl_xhadLxbDv9G-nbj_GGKyO8D1O0uQtK2sjWaroYCbRNHDAxkqc3T_zqL5hPN9TAG87FJj4XflR_kNxlBmTeS8aIrMsHFx7RLVif-jAupxPB1hGVM_v5Rsszzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1-evhWID3ORXadlzh-PDTFyohtAUnWvPFvxHzT-ywuaqFN0px0PrukqcX27oIItUza5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFw49J5M8b59LB6KjmzvcyzXpTQMUGJGl_xhadLxbDv9G-nbj_GGKyO8D1O0uQtK2sjWaroYCbRNHDAxkqc3T_zqL5hPN9TAG87FJj4XflR_kNxlBmTeS8aIrMsHFx7RLVif-jAupxPB1hGVM_v5Rsszzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1-evhWID3ORXadlzh-PDTFyohtAUnWvPFvxHzT-ywuaqFN0px0PrukqcX27oIItUza5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=d0e67994dc7f4c0c89c220c278dae86e50dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 26 Oct 2023 17:30:26 GMT
content-type: text/css
server: nginx/1.15.12
last-modified: Fri, 17 Dec 2021 08:13:58 GMT
vary: Accept-Encoding
etag: W/"61bc46c6-1301"
content-encoding: gzip
X-Firefox-Spdy: h2

banner.hookusbookus.com/assets/fonts/greycliff-cf-bold.woff

18.194.32.185

200 OK

53 kB

URL GET HTTP/2
banner.hookusbookus.com/assets/fonts/greycliff-cf-bold.woff
IP
18.194.32.185:443
ASN
#16509 AMAZON-02

Requested by
https://banner.hookusbookus.com/index_300x600.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFw49J5M8b59LB6KjmzvcyzXpTQMUGJGl_xhadLxbDv9G-nbj_GGKyO8D1O0uQtK2sjWaroYCbRNHDAxkqc3T_zqL5hPN9TAG87FJj4XflR_kNxlBmTeS8aIrMsHFx7RLVif-jAupxPB1hGVM_v5Rsszzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1lOBTrB2gNvK4ykboohAFg9GiTK6hksTtZYDcAaR_SLbZUMMdoZrmihwdxucuHa1za5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFw49J5M8b59LB6KjmzvcyzXpTQMUGJGl_xhadLxbDv9G-nbj_GGKyO8D1O0uQtK2sjWaroYCbRNHDAxkqc3T_zqL5hPN9TAG87FJj4XflR_kNxlBmTeS8aIrMsHFx7RLVif-jAupxPB1hGVM_v5Rsszzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1lOBTrB2gNvK4ykboohAFg9GiTK6hksTtZYDcAaR_SLbZUMMdoZrmihwdxucuHa1za5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_300x600.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=764e06c42a714b508c6da8df6296025f50dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=300&h=600&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate
IssuerAmazon
Subject*.hookusbookus.com
FingerprintCD:CD:3C:03:66:21:F8:A9:21:BC:F8:C8:3C:DC:88:0A:C5:19:F1:7A
ValiditySun, 07 May 2023 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT

File type
Web Open Font Format, TrueType, length 53208, version 1.500\012- data
Size
53 kB (53208 bytes)
Hash
c03dece8ec0635406a35b888337dca8f
b72706815dccadd44dba1693ed8865b41782b14f
092416b2a5cbe9f6596ff7ee177db702262c64326231a3664a34a65c861601b1

HTTP Headers

GET /assets/fonts/greycliff-cf-bold.woff HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/assets/css/index_300x600.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 26 Oct 2023 17:30:26 GMT
content-type: font/woff
content-length: 53208
server: nginx/1.15.12
last-modified: Thu, 22 Apr 2021 07:20:15 GMT
etag: "608123af-cfd8"
accept-ranges: bytes
X-Firefox-Spdy: h2

banner-server.hookusbookus.com/package-feed?language=et_ee&utmSource=allmedia

18.157.94.205

200 OK

81 kB

URL GET HTTP/2
banner-server.hookusbookus.com/package-feed?language=et_ee&utmSource=allmedia
IP
18.157.94.205:443
ASN
#16509 AMAZON-02

Requested by
https://banner.hookusbookus.com/index_300x600.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFw49J5M8b59LB6KjmzvcyzXpTQMUGJGl_xhadLxbDv9G-nbj_GGKyO8D1O0uQtK2sjWaroYCbRNHDAxkqc3T_zqL5hPN9TAG87FJj4XflR_kNxlBmTeS8aIrMsHFx7RLVif-jAupxPB1hGVM_v5Rsszzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1lOBTrB2gNvK4ykboohAFg9GiTK6hksTtZYDcAaR_SLbZUMMdoZrmihwdxucuHa1za5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFw49J5M8b59LB6KjmzvcyzXpTQMUGJGl_xhadLxbDv9G-nbj_GGKyO8D1O0uQtK2sjWaroYCbRNHDAxkqc3T_zqL5hPN9TAG87FJj4XflR_kNxlBmTeS8aIrMsHFx7RLVif-jAupxPB1hGVM_v5Rsszzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1lOBTrB2gNvK4ykboohAFg9GiTK6hksTtZYDcAaR_SLbZUMMdoZrmihwdxucuHa1za5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_300x600.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=764e06c42a714b508c6da8df6296025f50dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=300&h=600&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate
IssuerAmazon
Subject*.hookusbookus.com
FingerprintCD:CD:3C:03:66:21:F8:A9:21:BC:F8:C8:3C:DC:88:0A:C5:19:F1:7A
ValiditySun, 07 May 2023 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT

File type
JSON data\012- data
Size
81 kB (81115 bytes)
Hash
59f9a7009f2522fb60776f8c26c7f4d3
cb68c156101a28e3a6765363aea69cde78e778c6
b41ce1b61b360518e37cf5f155eb8a07a3021372a886f9ed30b39c5d4a52a42b

HTTP Headers

GET /package-feed?language=et_ee&utmSource=allmedia HTTP/1.1
Host: banner-server.hookusbookus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://banner.hookusbookus.com
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 26 Oct 2023 17:30:26 GMT
content-type: application/json
access-control-allow-origin: https://banner.hookusbookus.com
access-control-allow-methods: POST, PUT, GET, PATCH, OPTIONS, DELETE
access-control-max-age: 3600
access-control-allow-headers: origin, authorization, accept, content-type, x-requested-with, Pragma, Cache-Control, If-Modified-Since, X-Auth-Token, X-Client-Certificate
access-control-allow-credentials: true
access-control-expose-headers: X-Auth-Token, Content-Disposition, Content-Length
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
x-frame-options: DENY
X-Firefox-Spdy: h2

banner.hookusbookus.com/assets/fonts/greycliff-cf-regular.woff

18.194.32.185

200 OK

53 kB

URL GET HTTP/2
banner.hookusbookus.com/assets/fonts/greycliff-cf-regular.woff
IP
18.194.32.185:443
ASN
#16509 AMAZON-02

Requested by
https://banner.hookusbookus.com/index_300x600.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFw49J5M8b59LB6KjmzvcyzXpTQMUGJGl_xhadLxbDv9G-nbj_GGKyO8D1O0uQtK2sjWaroYCbRNHDAxkqc3T_zqL5hPN9TAG87FJj4XflR_kNxlBmTeS8aIrMsHFx7RLVif-jAupxPB1hGVM_v5Rsszzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1lOBTrB2gNvK4ykboohAFg9GiTK6hksTtZYDcAaR_SLbZUMMdoZrmihwdxucuHa1za5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFw49J5M8b59LB6KjmzvcyzXpTQMUGJGl_xhadLxbDv9G-nbj_GGKyO8D1O0uQtK2sjWaroYCbRNHDAxkqc3T_zqL5hPN9TAG87FJj4XflR_kNxlBmTeS8aIrMsHFx7RLVif-jAupxPB1hGVM_v5Rsszzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1lOBTrB2gNvK4ykboohAFg9GiTK6hksTtZYDcAaR_SLbZUMMdoZrmihwdxucuHa1za5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_300x600.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=764e06c42a714b508c6da8df6296025f50dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=300&h=600&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate
IssuerAmazon
Subject*.hookusbookus.com
FingerprintCD:CD:3C:03:66:21:F8:A9:21:BC:F8:C8:3C:DC:88:0A:C5:19:F1:7A
ValiditySun, 07 May 2023 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT

File type
Web Open Font Format, TrueType, length 53104, version 1.500\012- data
Size
53 kB (53104 bytes)
Hash
4f5975fe17a8ca74963be0165ff6a443
4bca2ab6c3da2b6ae09602601adeac22e7a90381
5b8f98e0c93afef19bd64c3dea2a16d60dc1574e5a4a79b788ef03b9eb3c22df

HTTP Headers

GET /assets/fonts/greycliff-cf-regular.woff HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/assets/css/index_1000x200.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 26 Oct 2023 17:30:26 GMT
content-type: font/woff
content-length: 53104
server: nginx/1.15.12
last-modified: Thu, 22 Apr 2021 07:20:15 GMT
etag: "608123af-cf70"
accept-ranges: bytes
X-Firefox-Spdy: h2

dskwugy0u6y9l.cloudfront.net/hotelliveeb/images/general/1/soKMSoUtgi9tQM5MYviC.jpg

143.204.42.103

200 OK

69 kB

URL GET HTTP/2
dskwugy0u6y9l.cloudfront.net/hotelliveeb/images/general/1/soKMSoUtgi9tQM5MYviC.jpg
IP
143.204.42.103:443
ASN
#16509 AMAZON-02

Requested by
https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFw49J5M8b59LB6KjmzvcyzXpTQMUGJGl_xhadLxbDv9G-nbj_GGKyO8D1O0uQtK2sjWaroYCbRNHDAxkqc3T_zqL5hPN9TAG87FJj4XflR_kNxlBmTeS8aIrMsHFx7RLVif-jAupxPB1hGVM_v5Rsszzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1-evhWID3ORXadlzh-PDTFyohtAUnWvPFvxHzT-ywuaqFN0px0PrukqcX27oIItUza5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFw49J5M8b59LB6KjmzvcyzXpTQMUGJGl_xhadLxbDv9G-nbj_GGKyO8D1O0uQtK2sjWaroYCbRNHDAxkqc3T_zqL5hPN9TAG87FJj4XflR_kNxlBmTeS8aIrMsHFx7RLVif-jAupxPB1hGVM_v5Rsszzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1-evhWID3ORXadlzh-PDTFyohtAUnWvPFvxHzT-ywuaqFN0px0PrukqcX27oIItUza5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=d0e67994dc7f4c0c89c220c278dae86e50dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate
IssuerAmazon
Subject*.cloudfront.net
FingerprintBA:0F:CD:B3:EA:19:B2:9D:99:9B:51:2D:16:33:6B:D0:3F:31:A2:AB
ValidityThu, 08 Dec 2022 00:00:00 GMT - Thu, 07 Dec 2023 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 346x195, components 3\012- data
Size
69 kB (68726 bytes)
Hash
3b3a80140cb69917ab572f878123a250
3afd5fa8de0b9c4f59e188b34230ebf13e35ddae
d1a2571d94db05e28fe4a212717d942385324ec9029981f855c8fb2c95bd786f

HTTP Headers

GET /hotelliveeb/images/general/1/soKMSoUtgi9tQM5MYviC.jpg HTTP/1.1
Host: dskwugy0u6y9l.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/jpeg
content-length: 68726
date: Thu, 26 Oct 2023 02:50:09 GMT
last-modified: Mon, 20 Dec 2021 05:01:52 GMT
etag: "3b3a80140cb69917ab572f878123a250"
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 410f51195842d9b592b15d6588c36654.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: s1iBCeUD8_NzIkS5Ry5XKOOeHTHo3guYUI5Eqh0PD1TTDEwP6jj3GQ==
age: 52818
X-Firefox-Spdy: h2

serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYFw49J5M8b59LB6KjmzvcyzXpTQMUGJGl_xhadLxbDv9G-nbj_GGKyO8D1O0uQtK2sjWaroYCbRNHDAxkqc3T_zqL5hPN9TAG87FJj4XflR_kNxlBmTeS8aIrMsHFx7RLVif-jAupxPB1hGVM_v5Rsszzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1-evhWID3ORXadlzh-PDTFyohtAUnWvPFvxHzT-ywuaqFN0px0PrukqcX27oIItUza5hY8OvOxWaQQS9P0iYfnPQFkqynusZJvi-LzBjp4mA

212.47.222.20

200 OK

0 B

URL GET HTTP/2
serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYFw49J5M8b59LB6KjmzvcyzXpTQMUGJGl_xhadLxbDv9G-nbj_GGKyO8D1O0uQtK2sjWaroYCbRNHDAxkqc3T_zqL5hPN9TAG87FJj4XflR_kNxlBmTeS8aIrMsHFx7RLVif-jAupxPB1hGVM_v5Rsszzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1-evhWID3ORXadlzh-PDTFyohtAUnWvPFvxHzT-ywuaqFN0px0PrukqcX27oIItUza5hY8OvOxWaQQS9P0iYfnPQFkqynusZJvi-LzBjp4mA
IP
212.47.222.20:443
ASN
#3327 CITIC Telecom CPC Netherlands B.V.

Requested by
https://www.upload.ee/files/15851345/sadfok.hta.html?msg=sess_error
Certificate
IssuerLet's Encrypt
Subjectstatic.bepolite.eu
FingerprintB7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD
ValidityMon, 04 Sep 2023 21:06:47 GMT - Sun, 03 Dec 2023 21:06:46 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /event?key=FYFWuDany3hwv6rfuoAYFw49J5M8b59LB6KjmzvcyzXpTQMUGJGl_xhadLxbDv9G-nbj_GGKyO8D1O0uQtK2sjWaroYCbRNHDAxkqc3T_zqL5hPN9TAG87FJj4XflR_kNxlBmTeS8aIrMsHFx7RLVif-jAupxPB1hGVM_v5Rsszzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1-evhWID3ORXadlzh-PDTFyohtAUnWvPFvxHzT-ywuaqFN0px0PrukqcX27oIItUza5hY8OvOxWaQQS9P0iYfnPQFkqynusZJvi-LzBjp4mA HTTP/1.1
Host: serving.bepolite.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Cookie: bepolite_id=37de9fb898f3d239e0976b68c63316a7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-length: 0
date: Thu, 26 Oct 2023 17:30:03 GMT
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 926946979
age: 0
accept-ranges: bytes
X-Firefox-Spdy: h2

dskwugy0u6y9l.cloudfront.net/hotelliveeb/images/general/1/orfv6s0keAKkS5RjClkt.jpg

143.204.42.103

200 OK

68 kB

URL GET HTTP/2
dskwugy0u6y9l.cloudfront.net/hotelliveeb/images/general/1/orfv6s0keAKkS5RjClkt.jpg
IP
143.204.42.103:443
ASN
#16509 AMAZON-02

Requested by
https://banner.hookusbookus.com/index_300x600.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFw49J5M8b59LB6KjmzvcyzXpTQMUGJGl_xhadLxbDv9G-nbj_GGKyO8D1O0uQtK2sjWaroYCbRNHDAxkqc3T_zqL5hPN9TAG87FJj4XflR_kNxlBmTeS8aIrMsHFx7RLVif-jAupxPB1hGVM_v5Rsszzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1lOBTrB2gNvK4ykboohAFg9GiTK6hksTtZYDcAaR_SLbZUMMdoZrmihwdxucuHa1za5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFw49J5M8b59LB6KjmzvcyzXpTQMUGJGl_xhadLxbDv9G-nbj_GGKyO8D1O0uQtK2sjWaroYCbRNHDAxkqc3T_zqL5hPN9TAG87FJj4XflR_kNxlBmTeS8aIrMsHFx7RLVif-jAupxPB1hGVM_v5Rsszzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1lOBTrB2gNvK4ykboohAFg9GiTK6hksTtZYDcAaR_SLbZUMMdoZrmihwdxucuHa1za5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_300x600.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=764e06c42a714b508c6da8df6296025f50dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=300&h=600&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate
IssuerAmazon
Subject*.cloudfront.net
FingerprintBA:0F:CD:B3:EA:19:B2:9D:99:9B:51:2D:16:33:6B:D0:3F:31:A2:AB
ValidityThu, 08 Dec 2022 00:00:00 GMT - Thu, 07 Dec 2023 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x230, components 3\012- data
Size
68 kB (67835 bytes)
Hash
d9ee5ee699a3b8d0be40690d8bf01252
49f3d4125fa40665faed26abac334e492de58874
46bbeb9cce2c6f835091fdf046c22e32e6a0697e4a35fa869f5ef2c3e533cca6

HTTP Headers

GET /hotelliveeb/images/general/1/orfv6s0keAKkS5RjClkt.jpg HTTP/1.1
Host: dskwugy0u6y9l.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
content-length: 67835
last-modified: Thu, 13 Apr 2023 06:00:09 GMT
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
date: Thu, 26 Oct 2023 16:13:21 GMT
etag: "d9ee5ee699a3b8d0be40690d8bf01252"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 410f51195842d9b592b15d6588c36654.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: xRJHBTITRfujjGO4UcyLtGgrDjjRBRR-mimMg1BEqKa5RlG7GyL3dg==
age: 4632
X-Firefox-Spdy: h2

dskwugy0u6y9l.cloudfront.net/hotelliveeb/images/general/1/tQmTG1GbXWdXqHUuzy3Z.jpg

143.204.42.103

200 OK

60 kB

URL GET HTTP/2
dskwugy0u6y9l.cloudfront.net/hotelliveeb/images/general/1/tQmTG1GbXWdXqHUuzy3Z.jpg
IP
143.204.42.103:443
ASN
#16509 AMAZON-02

Requested by
https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFw49J5M8b59LB6KjmzvcyzXpTQMUGJGl_xhadLxbDv9G-nbj_GGKyO8D1O0uQtK2sjWaroYCbRNHDAxkqc3T_zqL5hPN9TAG87FJj4XflR_kNxlBmTeS8aIrMsHFx7RLVif-jAupxPB1hGVM_v5Rsszzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1-evhWID3ORXadlzh-PDTFyohtAUnWvPFvxHzT-ywuaqFN0px0PrukqcX27oIItUza5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFw49J5M8b59LB6KjmzvcyzXpTQMUGJGl_xhadLxbDv9G-nbj_GGKyO8D1O0uQtK2sjWaroYCbRNHDAxkqc3T_zqL5hPN9TAG87FJj4XflR_kNxlBmTeS8aIrMsHFx7RLVif-jAupxPB1hGVM_v5Rsszzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1-evhWID3ORXadlzh-PDTFyohtAUnWvPFvxHzT-ywuaqFN0px0PrukqcX27oIItUza5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=d0e67994dc7f4c0c89c220c278dae86e50dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate
IssuerAmazon
Subject*.cloudfront.net
FingerprintBA:0F:CD:B3:EA:19:B2:9D:99:9B:51:2D:16:33:6B:D0:3F:31:A2:AB
ValidityThu, 08 Dec 2022 00:00:00 GMT - Thu, 07 Dec 2023 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 346x198, components 3\012- data
Size
60 kB (59951 bytes)
Hash
a756a4d90f264010333a4a2e6bb4b193
7335e794a68463cc62de4c54710f6ab362b1a52d
d0a829072236587031b97f964e3a8a22c6d130ee9388426af101f850830cd009

HTTP Headers

GET /hotelliveeb/images/general/1/tQmTG1GbXWdXqHUuzy3Z.jpg HTTP/1.1
Host: dskwugy0u6y9l.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
content-length: 59951
date: Thu, 26 Oct 2023 13:03:06 GMT
last-modified: Mon, 20 Dec 2021 05:01:45 GMT
etag: "a756a4d90f264010333a4a2e6bb4b193"
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 410f51195842d9b592b15d6588c36654.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 88q3FlZ_xoRqilA2yIbV3uqSL03-Ax5VN5YnBCV-aJJCtXiHJQZ3lw==
age: 16047
X-Firefox-Spdy: h2

dskwugy0u6y9l.cloudfront.net/hotelliveeb/images/general/1/o9MC9Iqc6C0Jgy0yCTXn.jpg

143.204.42.103

70 kB

URL
dskwugy0u6y9l.cloudfront.net/hotelliveeb/images/general/1/o9MC9Iqc6C0Jgy0yCTXn.jpg
IP
143.204.42.103:0
ASN
#16509 AMAZON-02

Certificate
IssuerAmazon
Subject*.cloudfront.net
FingerprintBA:0F:CD:B3:EA:19:B2:9D:99:9B:51:2D:16:33:6B:D0:3F:31:A2:AB
ValidityThu, 08 Dec 2022 00:00:00 GMT - Thu, 07 Dec 2023 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x230, components 3\012- data
Size
70 kB (69550 bytes)
Hash
a2250e88fef3b5decc9a3002c57db562
3eab6805f734570b08042ca318237dbdd284cead
0eded918a0d18b9d4bcd34e09c52bc18fee5ec59cc1d3bcc645cc9cbdd177f8b

HTTP Headers

GET /hotelliveeb/images/general/1/o9MC9Iqc6C0Jgy0yCTXn.jpg HTTP/1.1
Host: dskwugy0u6y9l.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
content-length: 69550
date: Wed, 25 Oct 2023 19:15:20 GMT
last-modified: Wed, 11 Jan 2023 11:31:01 GMT
etag: "a2250e88fef3b5decc9a3002c57db562"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 410f51195842d9b592b15d6588c36654.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: j4FM4XQvyZ_a3CzLdPGgSkPuS3C3K4esvLaQEPLYxntZ8wEQsrukTg==
age: 80119
X-Firefox-Spdy: h2

dskwugy0u6y9l.cloudfront.net/hotelliveeb/images/general/1/JdZmoWeiiQlpfMAuIIeC.jpg

143.204.42.103

61 kB

URL
dskwugy0u6y9l.cloudfront.net/hotelliveeb/images/general/1/JdZmoWeiiQlpfMAuIIeC.jpg
IP
143.204.42.103:0
ASN
#16509 AMAZON-02

Certificate
IssuerAmazon
Subject*.cloudfront.net
FingerprintBA:0F:CD:B3:EA:19:B2:9D:99:9B:51:2D:16:33:6B:D0:3F:31:A2:AB
ValidityThu, 08 Dec 2022 00:00:00 GMT - Thu, 07 Dec 2023 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 346x195, components 3\012- data
Size
61 kB (60807 bytes)
Hash
dd86bfb4bf775c862d2c4ce6c31b29b5
94119b0ecc2ae1f9fa98a98eb6c416622ef14547
de5103951b90a9ed1ba44af9919079bed54e32ab4c61d849d19c672ef26e0bca

HTTP Headers

GET /hotelliveeb/images/general/1/JdZmoWeiiQlpfMAuIIeC.jpg HTTP/1.1
Host: dskwugy0u6y9l.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
content-length: 60807
date: Thu, 26 Oct 2023 02:50:15 GMT
last-modified: Mon, 20 Dec 2021 05:01:37 GMT
etag: "dd86bfb4bf775c862d2c4ce6c31b29b5"
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 410f51195842d9b592b15d6588c36654.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 6HG5DHB3ZJVm7lH4yiyLLm2TFrH57Bw0Qr0ZuOnmuwmKsKffIUZ8gQ==
age: 52824
X-Firefox-Spdy: h2

banner.hookusbookus.com/assets/js/jquery.min.js

18.194.32.185

200 OK

90 kB

URL GET HTTP/2
banner.hookusbookus.com/assets/js/jquery.min.js
IP
18.194.32.185:443
ASN
#16509 AMAZON-02

Requested by
https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFw49J5M8b59LB6KjmzvcyzXpTQMUGJGl_xhadLxbDv9G-nbj_GGKyO8D1O0uQtK2sjWaroYCbRNHDAxkqc3T_zqL5hPN9TAG87FJj4XflR_kNxlBmTeS8aIrMsHFx7RLVif-jAupxPB1hGVM_v5Rsszzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1-evhWID3ORXadlzh-PDTFyohtAUnWvPFvxHzT-ywuaqFN0px0PrukqcX27oIItUza5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFw49J5M8b59LB6KjmzvcyzXpTQMUGJGl_xhadLxbDv9G-nbj_GGKyO8D1O0uQtK2sjWaroYCbRNHDAxkqc3T_zqL5hPN9TAG87FJj4XflR_kNxlBmTeS8aIrMsHFx7RLVif-jAupxPB1hGVM_v5Rsszzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1-evhWID3ORXadlzh-PDTFyohtAUnWvPFvxHzT-ywuaqFN0px0PrukqcX27oIItUza5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=d0e67994dc7f4c0c89c220c278dae86e50dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate
IssuerAmazon
Subject*.hookusbookus.com
FingerprintCD:CD:3C:03:66:21:F8:A9:21:BC:F8:C8:3C:DC:88:0A:C5:19:F1:7A
ValiditySun, 07 May 2023 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65451)
Size
90 kB (89476 bytes)
Hash
dc5e7f18c8d36ac1d3d4753a87c98d0a
c8e1c8b386dc5b7a9184c763c88d19a346eb3342
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

HTTP Headers

GET /assets/js/jquery.min.js HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFw49J5M8b59LB6KjmzvcyzXpTQMUGJGl_xhadLxbDv9G-nbj_GGKyO8D1O0uQtK2sjWaroYCbRNHDAxkqc3T_zqL5hPN9TAG87FJj4XflR_kNxlBmTeS8aIrMsHFx7RLVif-jAupxPB1hGVM_v5Rsszzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1-evhWID3ORXadlzh-PDTFyohtAUnWvPFvxHzT-ywuaqFN0px0PrukqcX27oIItUza5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFw49J5M8b59LB6KjmzvcyzXpTQMUGJGl_xhadLxbDv9G-nbj_GGKyO8D1O0uQtK2sjWaroYCbRNHDAxkqc3T_zqL5hPN9TAG87FJj4XflR_kNxlBmTeS8aIrMsHFx7RLVif-jAupxPB1hGVM_v5Rsszzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1-evhWID3ORXadlzh-PDTFyohtAUnWvPFvxHzT-ywuaqFN0px0PrukqcX27oIItUza5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=d0e67994dc7f4c0c89c220c278dae86e50dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 26 Oct 2023 17:30:26 GMT
content-type: application/javascript
server: nginx/1.15.12
last-modified: Thu, 22 Apr 2021 07:20:15 GMT
vary: Accept-Encoding
etag: W/"608123af-15d84"
content-encoding: gzip
X-Firefox-Spdy: h2

banner.hookusbookus.com/assets/image/prices-bg-3.png

18.194.32.185

200 OK

2.4 kB

URL GET HTTP/2
banner.hookusbookus.com/assets/image/prices-bg-3.png
IP
18.194.32.185:443
ASN
#16509 AMAZON-02

Requested by
https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFw49J5M8b59LB6KjmzvcyzXpTQMUGJGl_xhadLxbDv9G-nbj_GGKyO8D1O0uQtK2sjWaroYCbRNHDAxkqc3T_zqL5hPN9TAG87FJj4XflR_kNxlBmTeS8aIrMsHFx7RLVif-jAupxPB1hGVM_v5Rsszzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1-evhWID3ORXadlzh-PDTFyohtAUnWvPFvxHzT-ywuaqFN0px0PrukqcX27oIItUza5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFw49J5M8b59LB6KjmzvcyzXpTQMUGJGl_xhadLxbDv9G-nbj_GGKyO8D1O0uQtK2sjWaroYCbRNHDAxkqc3T_zqL5hPN9TAG87FJj4XflR_kNxlBmTeS8aIrMsHFx7RLVif-jAupxPB1hGVM_v5Rsszzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1-evhWID3ORXadlzh-PDTFyohtAUnWvPFvxHzT-ywuaqFN0px0PrukqcX27oIItUza5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=d0e67994dc7f4c0c89c220c278dae86e50dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate
IssuerAmazon
Subject*.hookusbookus.com
FingerprintCD:CD:3C:03:66:21:F8:A9:21:BC:F8:C8:3C:DC:88:0A:C5:19:F1:7A
ValiditySun, 07 May 2023 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT

File type
PNG image data, 250 x 118, 8-bit/color RGBA, non-interlaced\012- data
Size
2.4 kB (2442 bytes)
Hash
ef56eff9c1246b25c0088c156116ae05
21f5a8245443365c960a196d005277a3c5ef4709
be624625b85909d1b549672c0a13b167751f842e035c3156f1d5e4a1b677ce54

HTTP Headers

GET /assets/image/prices-bg-3.png HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/assets/css/index_1000x200.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 26 Oct 2023 17:30:26 GMT
content-type: image/png
content-length: 2442
server: nginx/1.15.12
last-modified: Thu, 22 Apr 2021 07:20:15 GMT
etag: "608123af-98a"
accept-ranges: bytes
X-Firefox-Spdy: h2

banner.hookusbookus.com/assets/image/svg/hb-logo.svg

18.194.32.185

200 OK

15 kB

URL GET HTTP/2
banner.hookusbookus.com/assets/image/svg/hb-logo.svg
IP
18.194.32.185:443
ASN
#16509 AMAZON-02

Requested by
https://banner.hookusbookus.com/index_300x600.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFw49J5M8b59LB6KjmzvcyzXpTQMUGJGl_xhadLxbDv9G-nbj_GGKyO8D1O0uQtK2sjWaroYCbRNHDAxkqc3T_zqL5hPN9TAG87FJj4XflR_kNxlBmTeS8aIrMsHFx7RLVif-jAupxPB1hGVM_v5Rsszzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1lOBTrB2gNvK4ykboohAFg9GiTK6hksTtZYDcAaR_SLbZUMMdoZrmihwdxucuHa1za5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFw49J5M8b59LB6KjmzvcyzXpTQMUGJGl_xhadLxbDv9G-nbj_GGKyO8D1O0uQtK2sjWaroYCbRNHDAxkqc3T_zqL5hPN9TAG87FJj4XflR_kNxlBmTeS8aIrMsHFx7RLVif-jAupxPB1hGVM_v5Rsszzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1lOBTrB2gNvK4ykboohAFg9GiTK6hksTtZYDcAaR_SLbZUMMdoZrmihwdxucuHa1za5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_300x600.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=764e06c42a714b508c6da8df6296025f50dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=300&h=600&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate
IssuerAmazon
Subject*.hookusbookus.com
FingerprintCD:CD:3C:03:66:21:F8:A9:21:BC:F8:C8:3C:DC:88:0A:C5:19:F1:7A
ValiditySun, 07 May 2023 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (15333), with no line terminators
Size
15 kB (15333 bytes)
Hash
bf6baf947f924bf8d67e947a025def06
9ac9fccb0351b41c1545714153ed5fa2c4bfef3a
64efdaebd020c39ec366f473c831cb51e8cd5d5b1afde13a9695d1f2dae4e60e

HTTP Headers

GET /assets/image/svg/hb-logo.svg HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/index_300x600.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFw49J5M8b59LB6KjmzvcyzXpTQMUGJGl_xhadLxbDv9G-nbj_GGKyO8D1O0uQtK2sjWaroYCbRNHDAxkqc3T_zqL5hPN9TAG87FJj4XflR_kNxlBmTeS8aIrMsHFx7RLVif-jAupxPB1hGVM_v5Rsszzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1lOBTrB2gNvK4ykboohAFg9GiTK6hksTtZYDcAaR_SLbZUMMdoZrmihwdxucuHa1za5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFw49J5M8b59LB6KjmzvcyzXpTQMUGJGl_xhadLxbDv9G-nbj_GGKyO8D1O0uQtK2sjWaroYCbRNHDAxkqc3T_zqL5hPN9TAG87FJj4XflR_kNxlBmTeS8aIrMsHFx7RLVif-jAupxPB1hGVM_v5Rsszzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1lOBTrB2gNvK4ykboohAFg9GiTK6hksTtZYDcAaR_SLbZUMMdoZrmihwdxucuHa1za5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_300x600.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=764e06c42a714b508c6da8df6296025f50dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=300&h=600&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 26 Oct 2023 17:30:26 GMT
content-type: image/svg+xml
server: nginx/1.15.12
last-modified: Mon, 05 Jul 2021 19:56:59 GMT
vary: Accept-Encoding
etag: W/"60e3640b-3be5"
content-encoding: gzip
X-Firefox-Spdy: h2

accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AVQVeywVUpWxqK18s-NTnAUk7NBA1Q1rAaReHxo7gZSnrAOY0V5QFuFaPBpERw6oH5lDDOftIXhW2Q&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S889887731%3A1698341425341842&theme=glif

142.250.74.109

403 Forbidden

0 B

URL GET HTTP/3
accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AVQVeywVUpWxqK18s-NTnAUk7NBA1Q1rAaReHxo7gZSnrAOY0V5QFuFaPBpERw6oH5lDDOftIXhW2Q&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S889887731%3A1698341425341842&theme=glif
IP
142.250.74.109:443
ASN
#15169 GOOGLE

Requested by
https://www.upload.ee/files/15851345/sadfok.hta.html?msg=sess_error
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
FingerprintC9:4D:78:AD:EC:04:27:EE:F0:06:4C:C8:78:D8:9F:06:B5:CC:39:37
ValidityThu, 28 Sep 2023 05:26:21 GMT - Thu, 21 Dec 2023 05:26:20 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AVQVeywVUpWxqK18s-NTnAUk7NBA1Q1rAaReHxo7gZSnrAOY0V5QFuFaPBpERw6oH5lDDOftIXhW2Q&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S889887731%3A1698341425341842&theme=glif HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 26 Oct 2023 17:30:25 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-U0nksQ3SvHcCr0WaBP96Dg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

pogothere.xyz/asd100.bin

172.67.220.203

200 OK

102 kB

URL GET HTTP/2
pogothere.xyz/asd100.bin
IP
172.67.220.203:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.upload.ee/files/15851345/sadfok.hta.html?msg=sess_error
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint17:F9:2D:6F:B5:5E:5F:37:A6:FB:BE:61:4F:97:64:33:85:5C:3A:FB
ValidityTue, 28 Feb 2023 00:00:00 GMT - Tue, 27 Feb 2024 23:59:59 GMT

File type
data
Size
102 kB (102400 bytes)
Hash
4c6426ac7ef186464ecbb0d81cbfcb1e
5a6918eebd9d635e8f632e3ef34e3792b1b5ec13
f627ca4c2c322f15db26152df306bd4f983f0146409b81a4341b9b340c365a16

HTTP Headers

GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
Origin: https://www.upload.ee
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 26 Oct 2023 17:30:25 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://www.upload.ee
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 2
last-modified: Thu, 26 Oct 2023 17:30:23 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tlPgGmVcbPXvjLwN4BVyZ3XYes1fmu0w9iiw7x3JuKTC1tNsNnDPv1RwkC0qZfrixxZhMMKegdIX7o5oCbt%2BDzN6DveqIad5k8PTibRQm%2Bs8FbRwW5aM4%2BV6Fn%2B%2BB0%2FY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 81c46d5378955697-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AVQVeyx0mFx39QNTh2J88oaAv2KvM-UNgEezqQBbZntawhXQEL08vdhAjWlbJaeY_biF29FWHJi00A&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-854786419%3A1698341425450044&theme=glif

142.250.74.109

403 Forbidden

0 B

URL GET HTTP/3
accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AVQVeyx0mFx39QNTh2J88oaAv2KvM-UNgEezqQBbZntawhXQEL08vdhAjWlbJaeY_biF29FWHJi00A&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-854786419%3A1698341425450044&theme=glif
IP
142.250.74.109:443
ASN
#15169 GOOGLE

Requested by
https://www.upload.ee/files/15851345/sadfok.hta.html?msg=sess_error
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
FingerprintC9:4D:78:AD:EC:04:27:EE:F0:06:4C:C8:78:D8:9F:06:B5:CC:39:37
ValidityThu, 28 Sep 2023 05:26:21 GMT - Thu, 21 Dec 2023 05:26:20 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AVQVeyx0mFx39QNTh2J88oaAv2KvM-UNgEezqQBbZntawhXQEL08vdhAjWlbJaeY_biF29FWHJi00A&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-854786419%3A1698341425450044&theme=glif HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 26 Oct 2023 17:30:25 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-CJmVDbxN7s2HkkVrESGjfw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

banner.hookusbookus.com/assets/image/svg/hb-logo.svg

18.194.32.185

200 OK

15 kB

URL GET HTTP/2
banner.hookusbookus.com/assets/image/svg/hb-logo.svg
IP
18.194.32.185:443
ASN
#16509 AMAZON-02

Requested by
https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFw49J5M8b59LB6KjmzvcyzXpTQMUGJGl_xhadLxbDv9G-nbj_GGKyO8D1O0uQtK2sjWaroYCbRNHDAxkqc3T_zqL5hPN9TAG87FJj4XflR_kNxlBmTeS8aIrMsHFx7RLVif-jAupxPB1hGVM_v5Rsszzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1-evhWID3ORXadlzh-PDTFyohtAUnWvPFvxHzT-ywuaqFN0px0PrukqcX27oIItUza5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFw49J5M8b59LB6KjmzvcyzXpTQMUGJGl_xhadLxbDv9G-nbj_GGKyO8D1O0uQtK2sjWaroYCbRNHDAxkqc3T_zqL5hPN9TAG87FJj4XflR_kNxlBmTeS8aIrMsHFx7RLVif-jAupxPB1hGVM_v5Rsszzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1-evhWID3ORXadlzh-PDTFyohtAUnWvPFvxHzT-ywuaqFN0px0PrukqcX27oIItUza5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=d0e67994dc7f4c0c89c220c278dae86e50dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate
IssuerAmazon
Subject*.hookusbookus.com
FingerprintCD:CD:3C:03:66:21:F8:A9:21:BC:F8:C8:3C:DC:88:0A:C5:19:F1:7A
ValiditySun, 07 May 2023 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (15333), with no line terminators
Size
15 kB (15333 bytes)
Hash
bf6baf947f924bf8d67e947a025def06
9ac9fccb0351b41c1545714153ed5fa2c4bfef3a
64efdaebd020c39ec366f473c831cb51e8cd5d5b1afde13a9695d1f2dae4e60e

HTTP Headers

GET /assets/image/svg/hb-logo.svg HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/assets/css/index_1000x200.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 26 Oct 2023 17:30:26 GMT
content-type: image/svg+xml
server: nginx/1.15.12
last-modified: Mon, 05 Jul 2021 19:56:59 GMT
vary: Accept-Encoding
etag: W/"60e3640b-3be5"
content-encoding: gzip
X-Firefox-Spdy: h2

dskwugy0u6y9l.cloudfront.net/hotelliveeb/images/general/1/I3Qfj8e7MckxIXbz78mw.jpg

143.204.42.211

421 Misdirected Request

56 kB

URL GET HTTP/2
dskwugy0u6y9l.cloudfront.net/hotelliveeb/images/general/1/I3Qfj8e7MckxIXbz78mw.jpg
IP
143.204.42.211:443
ASN
#16509 AMAZON-02

Requested by
https://banner.hookusbookus.com/index_300x600.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFw49J5M8b59LB6KjmzvcyzXpTQMUGJGl_xhadLxbDv9G-nbj_GGKyO8D1O0uQtK2sjWaroYCbRNHDAxkqc3T_zqL5hPN9TAG87FJj4XflR_kNxlBmTeS8aIrMsHFx7RLVif-jAupxPB1hGVM_v5Rsszzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1lOBTrB2gNvK4ykboohAFg9GiTK6hksTtZYDcAaR_SLbZUMMdoZrmihwdxucuHa1za5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFw49J5M8b59LB6KjmzvcyzXpTQMUGJGl_xhadLxbDv9G-nbj_GGKyO8D1O0uQtK2sjWaroYCbRNHDAxkqc3T_zqL5hPN9TAG87FJj4XflR_kNxlBmTeS8aIrMsHFx7RLVif-jAupxPB1hGVM_v5Rsszzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1lOBTrB2gNvK4ykboohAFg9GiTK6hksTtZYDcAaR_SLbZUMMdoZrmihwdxucuHa1za5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_300x600.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=764e06c42a714b508c6da8df6296025f50dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=300&h=600&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate
IssuerAmazon
Subject*.cloudfront.net
FingerprintBA:0F:CD:B3:EA:19:B2:9D:99:9B:51:2D:16:33:6B:D0:3F:31:A2:AB
ValidityThu, 08 Dec 2022 00:00:00 GMT - Thu, 07 Dec 2023 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x230, components 3\012- data
Size
56 kB (55749 bytes)
Hash
cddd4b220dbfd2c4641572afbcc3bbf9
2bf3de058bcb45d5a133c9e768a4e8fcdb6ec6c8
54c4a1b842c44277f35ff895c7be82711edf0591dd660744d3e18c3a62f236ce

HTTP Headers

GET /hotelliveeb/images/general/1/I3Qfj8e7MckxIXbz78mw.jpg HTTP/1.1
Host: dskwugy0u6y9l.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 421 Misdirected Request
server: CloudFront
date: Thu, 26 Oct 2023 17:30:26 GMT
content-type: text/html
content-length: 1003
x-cache: Error from cloudfront
via: 1.1 a6d89f7e2d55548b941f1ff5d5b3c8d4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: E64ytNn5fArYusGtqjumuH6SfZWkCoV2aE-HTK3txZg2yK1gTnu5JQ==
X-Firefox-Spdy: h2

static.bepolite.eu/files/close-gray.png

212.47.222.20

200 OK

1.5 kB

URL GET HTTP/2
static.bepolite.eu/files/close-gray.png
IP
212.47.222.20:443
ASN
#3327 CITIC Telecom CPC Netherlands B.V.

Requested by
https://www.upload.ee/files/15851345/sadfok.hta.html?msg=sess_error
Certificate
IssuerLet's Encrypt
Subjectstatic.bepolite.eu
FingerprintB7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD
ValidityMon, 04 Sep 2023 21:06:47 GMT - Sun, 03 Dec 2023 21:06:46 GMT

File type
PNG image data, 35 x 35, 8-bit/color RGBA, non-interlaced\012- data
Size
1.5 kB (1497 bytes)
Hash
41d9676ab94bece3f7a549b4769ddbe2
521f14490fc57fea51e2e5bf00e2299dce51561b
c2f89787bda82263fceb9ec11d398fa83a5f22abf248956df29bdee2987d2f34

HTTP Headers

GET /files/close-gray.png HTTP/1.1
Host: static.bepolite.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/png
accept-ranges: bytes
etag: "732411054"
last-modified: Fri, 08 Apr 2022 18:07:56 GMT
content-length: 1497
date: Thu, 26 Oct 2023 17:29:59 GMT
cache-control: must-revalidate, private
expires: -1
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 927140715
age: 0
X-Firefox-Spdy: h2

pogothere.xyz/asd100.bin

172.67.220.203

200 OK

102 kB

URL GET HTTP/2
pogothere.xyz/asd100.bin
IP
172.67.220.203:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.upload.ee/files/15851345/sadfok.hta.html?msg=sess_error
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint17:F9:2D:6F:B5:5E:5F:37:A6:FB:BE:61:4F:97:64:33:85:5C:3A:FB
ValidityTue, 28 Feb 2023 00:00:00 GMT - Tue, 27 Feb 2024 23:59:59 GMT

File type
data
Size
102 kB (102400 bytes)
Hash
4c6426ac7ef186464ecbb0d81cbfcb1e
5a6918eebd9d635e8f632e3ef34e3792b1b5ec13
f627ca4c2c322f15db26152df306bd4f983f0146409b81a4341b9b340c365a16

HTTP Headers

GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
Origin: https://www.upload.ee
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 26 Oct 2023 17:30:25 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://www.upload.ee
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 2
last-modified: Thu, 26 Oct 2023 17:30:23 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YbKT0%2FjmicGj73nTUeEfvXA%2FhUb9JeKdvR%2F6hOY2x%2ByJf0UvIOr1hiuA%2BKI4aTZa%2BwRppeCphBHvd6rnPxP08vZIpM%2BKLjN3tAZSo9xQ%2FFEFyN5yAu2BB4Z8tWZsF8qZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 81c46d5358795697-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

banner.hookusbookus.com/assets/js/jquery.min.js

18.194.32.185

200 OK

90 kB

URL GET HTTP/2
banner.hookusbookus.com/assets/js/jquery.min.js
IP
18.194.32.185:443
ASN
#16509 AMAZON-02

Requested by
https://banner.hookusbookus.com/index_300x600.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFw49J5M8b59LB6KjmzvcyzXpTQMUGJGl_xhadLxbDv9G-nbj_GGKyO8D1O0uQtK2sjWaroYCbRNHDAxkqc3T_zqL5hPN9TAG87FJj4XflR_kNxlBmTeS8aIrMsHFx7RLVif-jAupxPB1hGVM_v5Rsszzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1lOBTrB2gNvK4ykboohAFg9GiTK6hksTtZYDcAaR_SLbZUMMdoZrmihwdxucuHa1za5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFw49J5M8b59LB6KjmzvcyzXpTQMUGJGl_xhadLxbDv9G-nbj_GGKyO8D1O0uQtK2sjWaroYCbRNHDAxkqc3T_zqL5hPN9TAG87FJj4XflR_kNxlBmTeS8aIrMsHFx7RLVif-jAupxPB1hGVM_v5Rsszzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1lOBTrB2gNvK4ykboohAFg9GiTK6hksTtZYDcAaR_SLbZUMMdoZrmihwdxucuHa1za5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_300x600.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=764e06c42a714b508c6da8df6296025f50dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=300&h=600&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate
IssuerAmazon
Subject*.hookusbookus.com
FingerprintCD:CD:3C:03:66:21:F8:A9:21:BC:F8:C8:3C:DC:88:0A:C5:19:F1:7A
ValiditySun, 07 May 2023 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65451)
Size
90 kB (89476 bytes)
Hash
dc5e7f18c8d36ac1d3d4753a87c98d0a
c8e1c8b386dc5b7a9184c763c88d19a346eb3342
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

HTTP Headers

GET /assets/js/jquery.min.js HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/index_300x600.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFw49J5M8b59LB6KjmzvcyzXpTQMUGJGl_xhadLxbDv9G-nbj_GGKyO8D1O0uQtK2sjWaroYCbRNHDAxkqc3T_zqL5hPN9TAG87FJj4XflR_kNxlBmTeS8aIrMsHFx7RLVif-jAupxPB1hGVM_v5Rsszzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1lOBTrB2gNvK4ykboohAFg9GiTK6hksTtZYDcAaR_SLbZUMMdoZrmihwdxucuHa1za5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFw49J5M8b59LB6KjmzvcyzXpTQMUGJGl_xhadLxbDv9G-nbj_GGKyO8D1O0uQtK2sjWaroYCbRNHDAxkqc3T_zqL5hPN9TAG87FJj4XflR_kNxlBmTeS8aIrMsHFx7RLVif-jAupxPB1hGVM_v5Rsszzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1lOBTrB2gNvK4ykboohAFg9GiTK6hksTtZYDcAaR_SLbZUMMdoZrmihwdxucuHa1za5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_300x600.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=764e06c42a714b508c6da8df6296025f50dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=300&h=600&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 26 Oct 2023 17:30:26 GMT
content-type: application/javascript
server: nginx/1.15.12
last-modified: Thu, 22 Apr 2021 07:20:15 GMT
vary: Accept-Encoding
etag: W/"608123af-15d84"
content-encoding: gzip
X-Firefox-Spdy: h2

banner.hookusbookus.com/index_300x600.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFw49J5M8b59LB6KjmzvcyzXpTQMUGJGl_xhadLxbDv9G-nbj_GGKyO8D1O0uQtK2sjWaroYCbRNHDAxkqc3T_zqL5hPN9TAG87FJj4XflR_kNxlBmTeS8aIrMsHFx7RLVif-jAupxPB1hGVM_v5Rsszzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1lOBTrB2gNvK4ykboohAFg9GiTK6hksTtZYDcAaR_SLbZUMMdoZrmihwdxucuHa1za5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFw49J5M8b59LB6KjmzvcyzXpTQMUGJGl_xhadLxbDv9G-nbj_GGKyO8D1O0uQtK2sjWaroYCbRNHDAxkqc3T_zqL5hPN9TAG87FJj4XflR_kNxlBmTeS8aIrMsHFx7RLVif-jAupxPB1hGVM_v5Rsszzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1lOBTrB2gNvK4ykboohAFg9GiTK6hksTtZYDcAaR_SLbZUMMdoZrmihwdxucuHa1za5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_300x600.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=764e06c42a714b508c6da8df6296025f50dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=300&h=600&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner

18.194.32.185

200 OK

6.0 kB

URL GET HTTP/2
banner.hookusbookus.com/index_300x600.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFw49J5M8b59LB6KjmzvcyzXpTQMUGJGl_xhadLxbDv9G-nbj_GGKyO8D1O0uQtK2sjWaroYCbRNHDAxkqc3T_zqL5hPN9TAG87FJj4XflR_kNxlBmTeS8aIrMsHFx7RLVif-jAupxPB1hGVM_v5Rsszzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1lOBTrB2gNvK4ykboohAFg9GiTK6hksTtZYDcAaR_SLbZUMMdoZrmihwdxucuHa1za5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFw49J5M8b59LB6KjmzvcyzXpTQMUGJGl_xhadLxbDv9G-nbj_GGKyO8D1O0uQtK2sjWaroYCbRNHDAxkqc3T_zqL5hPN9TAG87FJj4XflR_kNxlBmTeS8aIrMsHFx7RLVif-jAupxPB1hGVM_v5Rsszzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1lOBTrB2gNvK4ykboohAFg9GiTK6hksTtZYDcAaR_SLbZUMMdoZrmihwdxucuHa1za5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_300x600.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=764e06c42a714b508c6da8df6296025f50dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=300&h=600&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
IP
18.194.32.185:443
ASN
#16509 AMAZON-02

Requested by
https://www.upload.ee/files/15851345/sadfok.hta.html?msg=sess_error
Certificate
IssuerAmazon
Subject*.hookusbookus.com
FingerprintCD:CD:3C:03:66:21:F8:A9:21:BC:F8:C8:3C:DC:88:0A:C5:19:F1:7A
ValiditySun, 07 May 2023 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (6183), with no line terminators
Size
6.0 kB (5985 bytes)
Hash
e6203b2e0919f42103d8a3367bbc9b32
08d251797a13b125ec05294116373d90493045dd
e893c3c55f767327f9d5723610d23852fc9f34827dda3bd918575f75f5ef6e0b

HTTP Headers

GET /index_300x600.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFw49J5M8b59LB6KjmzvcyzXpTQMUGJGl_xhadLxbDv9G-nbj_GGKyO8D1O0uQtK2sjWaroYCbRNHDAxkqc3T_zqL5hPN9TAG87FJj4XflR_kNxlBmTeS8aIrMsHFx7RLVif-jAupxPB1hGVM_v5Rsszzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1lOBTrB2gNvK4ykboohAFg9GiTK6hksTtZYDcAaR_SLbZUMMdoZrmihwdxucuHa1za5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYFw49J5M8b59LB6KjmzvcyzXpTQMUGJGl_xhadLxbDv9G-nbj_GGKyO8D1O0uQtK2sjWaroYCbRNHDAxkqc3T_zqL5hPN9TAG87FJj4XflR_kNxlBmTeS8aIrMsHFx7RLVif-jAupxPB1hGVM_v5Rsszzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1lOBTrB2gNvK4ykboohAFg9GiTK6hksTtZYDcAaR_SLbZUMMdoZrmihwdxucuHa1za5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_300x600.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=764e06c42a714b508c6da8df6296025f50dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=300&h=600&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 26 Oct 2023 17:30:26 GMT
content-type: text/html
server: nginx/1.15.12
last-modified: Tue, 24 Jan 2023 14:19:47 GMT
vary: Accept-Encoding
etag: W/"63cfe903-1761"
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (21)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations