upload.ee/download/15988886/9d951953cb721deb0cc8/fra.exe
51.91.30.159 275 B URL upload.ee/download/15988886/9d951953cb721deb0cc8/fra.exe
IP 51.91.30.159:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash ea51a9113d468a98933cc8bcadae7d19
65f483de274ebb08ccfe1f4dea38363f5ebc4319
5784e7b6c3a9146b48900a60ba4572e8820fa53e7f5195a2d848ea4cc01ef7a2
GET /download/15988886/9d951953cb721deb0cc8/fra.exe HTTP/1.1
Host: upload.ee
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 27 Nov 2023 18:16:01 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 275
Connection: keep-alive
Keep-Alive: timeout=5
Location: http://www.upload.ee/download/15988886/9d951953cb721deb0cc8/fra.exe
www.upload.ee/download/15988886/9d951953cb721deb0cc8/fra.exe
51.91.30.159 0 B URL www.upload.ee/download/15988886/9d951953cb721deb0cc8/fra.exe
IP 51.91.30.159:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
NIDS Severity Alert suricata medium ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
GET /download/15988886/9d951953cb721deb0cc8/fra.exe HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Mon, 27 Nov 2023 18:16:01 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Keep-Alive: timeout=5
Strict-Transport-Security: max-age=31536000
X-XSS-Protection: 1
Location: https://www.upload.ee/download/15988886/9d951953cb721deb0cc8/fra.exe
www.upload.ee/download/15988886/9d951953cb721deb0cc8/fra.exe
51.91.30.159 365 B URL www.upload.ee/download/15988886/9d951953cb721deb0cc8/fra.exe
IP 51.91.30.159:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (365), with no line terminators
Hash 3548924b0b2bc68149a1b86ac1439eab
029c7fb26baddf614b4de38781faa5bf4a76c171
a1fe7e9d1dae8771e11cb67d82f59104231090675f6512cbf84040b1270b3f77
NIDS Severity Alert suricata medium ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
GET /download/15988886/9d951953cb721deb0cc8/fra.exe HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Server: nginx
Date: Mon, 27 Nov 2023 18:16:01 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 365
Connection: keep-alive
Keep-Alive: timeout=5
Strict-Transport-Security: max-age=31536000
X-XSS-Protection: 1
P3P: CP="CAO PSA OUR"
www.upload.ee/download/15988886/9d951953cb721deb0cc8/fra.exe
51.91.30.159 365 B URL www.upload.ee/download/15988886/9d951953cb721deb0cc8/fra.exe
IP 51.91.30.159:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (365), with no line terminators
Hash 3548924b0b2bc68149a1b86ac1439eab
029c7fb26baddf614b4de38781faa5bf4a76c171
a1fe7e9d1dae8771e11cb67d82f59104231090675f6512cbf84040b1270b3f77
NIDS Severity Alert suricata medium ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
GET /download/15988886/9d951953cb721deb0cc8/fra.exe HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Server: nginx
Date: Mon, 27 Nov 2023 18:16:02 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 365
Connection: keep-alive
Keep-Alive: timeout=5
Strict-Transport-Security: max-age=31536000
X-XSS-Protection: 1
P3P: CP="CAO PSA OUR"
www.upload.ee/files/15988886/FRA.exe.html
51.91.30.159200 OK 8.9 kB URL User Request GET HTTP/1.1 www.upload.ee/files/15988886/FRA.exe.html
IP 51.91.30.159:443
Certificate IssuerDigiCert, Inc.
Subjectwww.upload.ee
Fingerprint50:32:93:34:C8:04:2F:84:49:77:0D:C4:DD:CA:79:C9:CB:3E:C0:F4
ValidityThu, 02 Mar 2023 00:00:00 GMT - Mon, 01 Apr 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4526)
Hash af4b98e9f5d5d2abe746da434be1625d
eb852d3ba033187a2071cb47636c4ee4faf0d47a
4860c8645008e2512c67f24920b700ba9a25398a3e5caf7cb7ed32aa1988d487
GET /files/15988886/FRA.exe.html HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/download/15988886/9d951953cb721deb0cc8/fra.exe
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 27 Nov 2023 18:16:02 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 8940
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 27 Nov 2023 20:16:02 +0200
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Strict-Transport-Security: max-age=31536000
X-XSS-Protection: 1
P3P: CP="CAO PSA OUR"
Set-Cookie: lng=eng; expires=Mon, 25-Dec-2023 18:16:02 GMT; path=/; domain=www.upload.ee; secure; httponly; SameSite=None
Content-Encoding: gzip
www.upload.ee/static/ubr__style.css
51.91.30.159200 OK 2.8 kB URL GET HTTP/1.1 www.upload.ee/static/ubr__style.css
IP 51.91.30.159:443
Requested by https://www.upload.ee/files/15988886/FRA.exe.html
Certificate IssuerDigiCert, Inc.
Subjectwww.upload.ee
Fingerprint50:32:93:34:C8:04:2F:84:49:77:0D:C4:DD:CA:79:C9:CB:3E:C0:F4
ValidityThu, 02 Mar 2023 00:00:00 GMT - Mon, 01 Apr 2024 23:59:59 GMT
File type ASCII text, with very long lines (591), with CRLF line terminators
Hash 7b9692d4caecccf38e40d2333f8e00b0
8ecb4f873571250f02a5cc2ceff0a24aed25fc33
c4042306388924b75aa7d584c1e61165264967a52d09544ecba836f0d00eb9b9
GET /static/ubr__style.css HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/files/15988886/FRA.exe.html
Cookie: lng=eng
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 27 Nov 2023 18:16:02 GMT
Content-Type: text/css
Last-Modified: Tue, 17 Oct 2023 12:17:20 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
ETag: W/"652e7b50-24da"
Expires: Mon, 04 Dec 2023 18:16:02 GMT
Cache-Control: max-age=604800
Vary: Accept-Encoding
Content-Encoding: gzip
www.upload.ee/js/js__file_upload.js
51.91.30.159200 OK 7.7 kB URL GET HTTP/1.1 www.upload.ee/js/js__file_upload.js
IP 51.91.30.159:443
Requested by https://www.upload.ee/files/15988886/FRA.exe.html
Certificate IssuerDigiCert, Inc.
Subjectwww.upload.ee
Fingerprint50:32:93:34:C8:04:2F:84:49:77:0D:C4:DD:CA:79:C9:CB:3E:C0:F4
ValidityThu, 02 Mar 2023 00:00:00 GMT - Mon, 01 Apr 2024 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (1853)
Hash 66684709338f7239056ff3302e16bc4a
7dbd501434bdc062cdc8f6744e272a7d39ca5136
5163e50a8fe4549a8ca064e266de9c8e6aebd1d848185e0931959824a4d32c0f
GET /js/js__file_upload.js HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/files/15988886/FRA.exe.html
Cookie: lng=eng
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 27 Nov 2023 18:16:02 GMT
Content-Type: application/javascript
Last-Modified: Tue, 17 Oct 2023 12:32:21 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
ETag: W/"652e7ed5-651c"
Expires: Mon, 04 Dec 2023 18:16:02 GMT
Cache-Control: max-age=604800
Vary: Accept-Encoding
Content-Encoding: gzip
du0pud0sdlmzf.cloudfront.net/?dupud=997369
143.204.42.89200 OK 118 kB URL GET HTTP/2 du0pud0sdlmzf.cloudfront.net/?dupud=997369
IP 143.204.42.89:443
Requested by https://www.upload.ee/files/15988886/FRA.exe.html
Certificate IssuerAmazon
Subject*.cloudfront.net
FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52
ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (15945)
Size 118 kB (117751 bytes)
Hash 32846f48497490ca17fae3f6c5e69493
6ce7b4eafb44b831c6693aab8a8a7bca678b527a
f58d99f52674c2c24fd55158ec57c405884bace26288402a43ec36d8e08b57ee
GET /?dupud=997369 HTTP/1.1
Host: du0pud0sdlmzf.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-length: 117751
date: Mon, 27 Nov 2023 17:20:54 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Hit from cloudfront
via: 1.1 f46f7100ad6fc83a021f62212f945830.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: RevpBhMso7Qt0nwP97tWkfnDQ3L0ryd5jzs-prF4_TBVK0UGx6TT1Q==
age: 3308
X-Firefox-Spdy: h2
www.upload.ee/images/dl_.png
51.91.30.159200 OK 1.9 kB URL GET HTTP/1.1 www.upload.ee/images/dl_.png
IP 51.91.30.159:443
Requested by https://www.upload.ee/files/15988886/FRA.exe.html
Certificate IssuerDigiCert, Inc.
Subjectwww.upload.ee
Fingerprint50:32:93:34:C8:04:2F:84:49:77:0D:C4:DD:CA:79:C9:CB:3E:C0:F4
ValidityThu, 02 Mar 2023 00:00:00 GMT - Mon, 01 Apr 2024 23:59:59 GMT
File type PNG image data, 154 x 32, 8-bit colormap, non-interlaced\012- data
Hash f3e8f284a4e98cdb91b6abfc142d94a4
fa9e618c2f56bea752ddd7e45a372c5539dadda9
2f13919383f54ca21e5b87f5644df8a875b99815c821dcbbabea352d854c6882
GET /images/dl_.png HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/files/15988886/FRA.exe.html
Cookie: lng=eng
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 27 Nov 2023 18:16:02 GMT
Content-Type: image/png
Content-Length: 1900
Last-Modified: Thu, 01 Dec 2016 09:37:27 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "583fef57-76c"
Expires: Mon, 04 Dec 2023 18:16:02 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes
www.upload.ee/images/arrow.gif
51.91.30.159200 OK 59 B URL GET HTTP/1.1 www.upload.ee/images/arrow.gif
IP 51.91.30.159:443
Requested by https://www.upload.ee/files/15988886/FRA.exe.html
Certificate IssuerDigiCert, Inc.
Subjectwww.upload.ee
Fingerprint50:32:93:34:C8:04:2F:84:49:77:0D:C4:DD:CA:79:C9:CB:3E:C0:F4
ValidityThu, 02 Mar 2023 00:00:00 GMT - Mon, 01 Apr 2024 23:59:59 GMT
File type GIF image data, version 89a, 6 x 9\012- data
Hash 6675f814b94f13f91f1383707b250e36
31452650e8fce2095613a2010799bdb7548bdd51
061d01a0b85f948c6ec464870ecec4654c4bd2ff15cacda941bbbf16225ec411
GET /images/arrow.gif HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/files/15988886/FRA.exe.html
Cookie: lng=eng
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 27 Nov 2023 18:16:02 GMT
Content-Type: image/gif
Content-Length: 59
Last-Modified: Sun, 14 Apr 2013 07:15:01 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "516a5775-3b"
Expires: Mon, 04 Dec 2023 18:16:02 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes
www.googletagmanager.com/gtag/js?id=UA-6703115-1
142.250.74.168200 OK 51 kB URL GET HTTP/2 www.googletagmanager.com/gtag/js?id=UA-6703115-1
IP 142.250.74.168:443
Requested by https://www.upload.ee/files/15988886/FRA.exe.html
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT
File type ASCII text, with very long lines (2213)
Hash c989df6ee6ba7fcf00b5cea4a1776746
c93340247d7b4c1005d8383f89bdcd88123dc338
23e5c76fcf70c3cd58c706332c8d852e601009dde455264f5ac9bf3bf5b1ea3f
GET /gtag/js?id=UA-6703115-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 27 Nov 2023 18:16:02 GMT
expires: Mon, 27 Nov 2023 18:16:02 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 51415
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=G-LT9YQX0N49&l=dataLayer&cx=c
142.250.74.168200 OK 88 kB URL GET HTTP/3 www.googletagmanager.com/gtag/js?id=G-LT9YQX0N49&l=dataLayer&cx=c
IP 142.250.74.168:443
Requested by https://www.upload.ee/files/15988886/FRA.exe.html
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT
File type ASCII text, with very long lines (3034)
Hash 14a8da4836397938ddb9b6cb5bcc90b1
61686571a29ac4b9bbf56e56c12c8f903bd1aebc
4d2452482fd488d5d2b3f6f36d5f3718ffd58963039a5ede153aa4765a825dd7
GET /gtag/js?id=G-LT9YQX0N49&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 27 Nov 2023 18:16:02 GMT
expires: Mon, 27 Nov 2023 18:16:02 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 88203
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
onegoropsintold.com/QnltVHZtRg4nSyAhIz44Cj80BUcXPD8CAg4sLDAzFUk3ADdyMEsgHyZEVG1BcU9UcgYrHVBlUDENDCADMURcch8sHwJpUDREXHpFdldeYFhyXxhpR2QNHTURf0hLJAI2FVBlQXJIXGROe09bZU53
172.67.146.179204 No Content 0 B URL GET HTTP/2 onegoropsintold.com/QnltVHZtRg4nSyAhIz44Cj80BUcXPD8CAg4sLDAzFUk3ADdyMEsgHyZEVG1BcU9UcgYrHVBlUDENDCADMURcch8sHwJpUDREXHpFdldeYFhyXxhpR2QNHTURf0hLJAI2FVBlQXJIXGROe09bZU53
IP 172.67.146.179:443
Requested by https://www.upload.ee/files/15988886/FRA.exe.html
Certificate IssuerGoogle Trust Services LLC
Subjectonegoropsintold.com
FingerprintE5:43:A2:F3:B5:80:39:62:E4:80:E1:9B:0C:63:6D:D2:C2:C1:D9:29
ValidityFri, 17 Nov 2023 18:19:14 GMT - Thu, 15 Feb 2024 18:19:13 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /QnltVHZtRg4nSyAhIz44Cj80BUcXPD8CAg4sLDAzFUk3ADdyMEsgHyZEVG1BcU9UcgYrHVBlUDENDCADMURcch8sHwJpUDREXHpFdldeYFhyXxhpR2QNHTURf0hLJAI2FVBlQXJIXGROe09bZU53 HTTP/1.1
Host: onegoropsintold.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
date: Mon, 27 Nov 2023 18:16:02 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gsGV3chXNXFLToA5M3vCkuZAUE8rlS89lp0SlMkSIbXKnFlYX5YluAc2ennCZGU1PjgZvZ4Eo8G%2FaAqkykvI9g3WlgOhfZN96i3cTiIzy3aBvqSk9vJixp1DhsRZWQJEwiCld%2FUr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82cc5c278d8b0b02-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
onegoropsintold.com/VjJLU1J5DSggbwJ3OGIBO0JuYRAwVQFkBWUHMhFhIlMtCzUVVx1rdCJbL25rbwV/Y2pwQiI3b2cKbSAmN0Y+IG9nFCI9NDkPbSVvZxx7fWB4Bm0mb2cUPyMzMQ96dSIiRiduY2ECemJibgt9ZWBmCw
172.67.146.179204 No Content 0 B URL GET HTTP/2 onegoropsintold.com/VjJLU1J5DSggbwJ3OGIBO0JuYRAwVQFkBWUHMhFhIlMtCzUVVx1rdCJbL25rbwV/Y2pwQiI3b2cKbSAmN0Y+IG9nFCI9NDkPbSVvZxx7fWB4Bm0mb2cUPyMzMQ96dSIiRiduY2ECemJibgt9ZWBmCw
IP 172.67.146.179:443
Requested by https://www.upload.ee/files/15988886/FRA.exe.html
Certificate IssuerGoogle Trust Services LLC
Subjectonegoropsintold.com
FingerprintE5:43:A2:F3:B5:80:39:62:E4:80:E1:9B:0C:63:6D:D2:C2:C1:D9:29
ValidityFri, 17 Nov 2023 18:19:14 GMT - Thu, 15 Feb 2024 18:19:13 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /VjJLU1J5DSggbwJ3OGIBO0JuYRAwVQFkBWUHMhFhIlMtCzUVVx1rdCJbL25rbwV/Y2pwQiI3b2cKbSAmN0Y+IG9nFCI9NDkPbSVvZxx7fWB4Bm0mb2cUPyMzMQ96dSIiRiduY2ECemJibgt9ZWBmCw HTTP/1.1
Host: onegoropsintold.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
date: Mon, 27 Nov 2023 18:16:02 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u1xeYIEgIsQ4wGwUlypJRg%2F%2BpEPss7%2BVXDxhtwzC%2BQiNWthZzbpR3XJTqk7dIw70b6WVA8P1Rg9G19adFOSPOcn0lTAAzFCKa03JfjQBOkQbTZJaleNtPQjMoWcSoF2L4lDJ0lE9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82cc5c279da60b02-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
fortatoneterrow.com/TEhyZGstKhEJVC11EEIePiRPQVkKbUAiDzl4AhEPfDsWCAY2LlwHByM9FgIZIyYGSgUpPFdWLSUeCA8SGQ4VVD0gP0A+EgIZJAlaJCoVUCkWJTQcPnwNV1YtAiERIT40GRMiBQkKOhNSOR8cJVkPEDQqOAgaHj4TdS0/MDI7CjA1WgIiIyEqfxFHKVo/GCgsXyYbJFRcFhweAj4IHUooBwoDPzAtNBw0Kh8CHBogPDY/QioDOwk0CVp5CyAAAi0ASys8NnxKKy55ChYzGyIeQj5aLSURLSoifR0HDDw/FjMbIhweF05+ChAJJi8JIC5SFhkeLzEhMAsnBWEKQwUGKAQgLD0+DhUDKBYQKAouDiwbBS8OKycwGH8rFRBbFSUaCSgdAhoFLBUrMyMqaXowNAA4EDwOCDoAMyU8LR8RKSMLCldWKQUvIyBNJjsdChtxKTYmKgR7PTNSLwoUNQ
143.204.55.57200 OK 1.2 kB URL GET HTTP/2 fortatoneterrow.com/TEhyZGstKhEJVC11EEIePiRPQVkKbUAiDzl4AhEPfDsWCAY2LlwHByM9FgIZIyYGSgUpPFdWLSUeCA8SGQ4VVD0gP0A+EgIZJAlaJCoVUCkWJTQcPnwNV1YtAiERIT40GRMiBQkKOhNSOR8cJVkPEDQqOAgaHj4TdS0/MDI7CjA1WgIiIyEqfxFHKVo/GCgsXyYbJFRcFhweAj4IHUooBwoDPzAtNBw0Kh8CHBogPDY/QioDOwk0CVp5CyAAAi0ASys8NnxKKy55ChYzGyIeQj5aLSURLSoifR0HDDw/FjMbIhweF05+ChAJJi8JIC5SFhkeLzEhMAsnBWEKQwUGKAQgLD0+DhUDKBYQKAouDiwbBS8OKycwGH8rFRBbFSUaCSgdAhoFLBUrMyMqaXowNAA4EDwOCDoAMyU8LR8RKSMLCldWKQUvIyBNJjsdChtxKTYmKgR7PTNSLwoUNQ
IP 143.204.55.57:443
Requested by https://www.upload.ee/files/15988886/FRA.exe.html
Certificate IssuerAmazon
Subjectfortatoneterrow.com
Fingerprint2E:9B:DD:C0:E0:30:2A:E9:01:AA:39:2A:3D:DE:A6:C3:00:BD:A4:F9
ValidityWed, 22 Nov 2023 00:00:00 GMT - Fri, 20 Dec 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3043), with no line terminators
Hash fc397fc278529d173247eaf196a21788
228a601e25d16e6b6f912cae92d08aaf82fa5548
b9d9f386ea10bc1d0c6877c2b8e48c2384470818ea9cb35ae3437ddd3512a69d
GET /TEhyZGstKhEJVC11EEIePiRPQVkKbUAiDzl4AhEPfDsWCAY2LlwHByM9FgIZIyYGSgUpPFdWLSUeCA8SGQ4VVD0gP0A+EgIZJAlaJCoVUCkWJTQcPnwNV1YtAiERIT40GRMiBQkKOhNSOR8cJVkPEDQqOAgaHj4TdS0/MDI7CjA1WgIiIyEqfxFHKVo/GCgsXyYbJFRcFhweAj4IHUooBwoDPzAtNBw0Kh8CHBogPDY/QioDOwk0CVp5CyAAAi0ASys8NnxKKy55ChYzGyIeQj5aLSURLSoifR0HDDw/FjMbIhweF05+ChAJJi8JIC5SFhkeLzEhMAsnBWEKQwUGKAQgLD0+DhUDKBYQKAouDiwbBS8OKycwGH8rFRBbFSUaCSgdAhoFLBUrMyMqaXowNAA4EDwOCDoAMyU8LR8RKSMLCldWKQUvIyBNJjsdChtxKTYmKgR7PTNSLwoUNQ HTTP/1.1
Host: fortatoneterrow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/html
content-length: 1193
date: Mon, 27 Nov 2023 18:16:02 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 185768229530368be94556dcab1c486a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: jwaslOVsiyDij9EQ-J26VR3d6Q12XyqG3XMa46-KtLQ7VybbCIcFXg==
X-Firefox-Spdy: h2
fortatoneterrow.com/b3o4U3YOGFs+SQ5HWnUDHRYFdkQpXwoVEhpKSCYSXwlcPxsVHBYwGgAPXDUEABRMfRgKDh1hMBggbjsGNi1pFDgYGXAEDioCfAUOCyJ/ahI6LEAXOwcVdxAeORZ5Oz84L19qEysseWAQB0paEjAHFWwkRik5QmojPQ19HzleKGkCET5Ce2IOPitBYz83O1MYPwg7dhA3PUNvKhI9KQo7OzpLah06GDtoEjcADH84JDgsbAoSPTxiBRc5FmgFMy0Ic2MkOCxrazcrS3IBEDkVUgIgCxV9BRI+K38gBD08YgU9B0N9BQ89Cm8FJCQsYBU7OktpECY+V1cYNV84SR9HIS9uFB41L34BIwksTAE3CA1JFzcMNnALRw0wCQUgDS9cAScHOFQEN0kQSzwYH0dTIARYLQ8/Qj0
143.204.55.57200 OK 1.2 kB URL GET HTTP/2 fortatoneterrow.com/b3o4U3YOGFs+SQ5HWnUDHRYFdkQpXwoVEhpKSCYSXwlcPxsVHBYwGgAPXDUEABRMfRgKDh1hMBggbjsGNi1pFDgYGXAEDioCfAUOCyJ/ahI6LEAXOwcVdxAeORZ5Oz84L19qEysseWAQB0paEjAHFWwkRik5QmojPQ19HzleKGkCET5Ce2IOPitBYz83O1MYPwg7dhA3PUNvKhI9KQo7OzpLah06GDtoEjcADH84JDgsbAoSPTxiBRc5FmgFMy0Ic2MkOCxrazcrS3IBEDkVUgIgCxV9BRI+K38gBD08YgU9B0N9BQ89Cm8FJCQsYBU7OktpECY+V1cYNV84SR9HIS9uFB41L34BIwksTAE3CA1JFzcMNnALRw0wCQUgDS9cAScHOFQEN0kQSzwYH0dTIARYLQ8/Qj0
IP 143.204.55.57:443
Requested by https://www.upload.ee/files/15988886/FRA.exe.html
Certificate IssuerAmazon
Subjectfortatoneterrow.com
Fingerprint2E:9B:DD:C0:E0:30:2A:E9:01:AA:39:2A:3D:DE:A6:C3:00:BD:A4:F9
ValidityWed, 22 Nov 2023 00:00:00 GMT - Fri, 20 Dec 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3013), with no line terminators
Hash 64a1adef2b074415e151a17e9fbf910b
0d2304511993bbf2656231dc74b90a58bf1a19e6
5e6975796a68bee854a711b50da2b4ed5b025f6153709f23c3be2bab945d69cf
GET /b3o4U3YOGFs+SQ5HWnUDHRYFdkQpXwoVEhpKSCYSXwlcPxsVHBYwGgAPXDUEABRMfRgKDh1hMBggbjsGNi1pFDgYGXAEDioCfAUOCyJ/ahI6LEAXOwcVdxAeORZ5Oz84L19qEysseWAQB0paEjAHFWwkRik5QmojPQ19HzleKGkCET5Ce2IOPitBYz83O1MYPwg7dhA3PUNvKhI9KQo7OzpLah06GDtoEjcADH84JDgsbAoSPTxiBRc5FmgFMy0Ic2MkOCxrazcrS3IBEDkVUgIgCxV9BRI+K38gBD08YgU9B0N9BQ89Cm8FJCQsYBU7OktpECY+V1cYNV84SR9HIS9uFB41L34BIwksTAE3CA1JFzcMNnALRw0wCQUgDS9cAScHOFQEN0kQSzwYH0dTIARYLQ8/Qj0 HTTP/1.1
Host: fortatoneterrow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1165
date: Mon, 27 Nov 2023 18:16:02 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 185768229530368be94556dcab1c486a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: govcBcvYI-NA9wCsPbXRxPxcaNLMYbvGbeT8y8WXJAEmlJ-HaXSHuA==
X-Firefox-Spdy: h2
fortatoneterrow.com/MTQ4MlJQVltfbVAJWhQnQ1gFF2B3EQp0NkQESEc2AUdcXj9LUhZRPl5BXFQgXlpMHDxUQB0AFFdnVHwjZXxTQgJwZUlgOAUCfFwUcFcKYDdXYQlBHWNfUnQoQUF8SzVbfUF/HXZ3S1MCRgxzYTVkZ2x2NXV4VQczUFxtQAJgBUBqKwkNe2oUeFZ8ex19X2oXYHNQagZqd11+RxByW1p+KFJgcnMXQ3tTRWd2fFsXYHN2bGsDe14AfjNkR3VoOWMMYHo6W2VSQQN7cFt0HUZETmsEXl18ZWtZY1YDGGtzdmI0S0BOawReA31xAF1sVV4ZcnxiazRwcgBoYhwNHQAUfgYBWgVbAGhQYHBGXmc+FAZ+VARBWGB6Oltwa1kzeGBAYjRbDQxrY0UMa2omW2MKXh5UXm12AllDS2IQe0RrRSpYY1ZeClRabVQxZFMeWCFeWkgPN1VuUUI2ZWZoXjd3B3dz
143.204.55.57200 OK 1.2 kB URL GET HTTP/2 fortatoneterrow.com/MTQ4MlJQVltfbVAJWhQnQ1gFF2B3EQp0NkQESEc2AUdcXj9LUhZRPl5BXFQgXlpMHDxUQB0AFFdnVHwjZXxTQgJwZUlgOAUCfFwUcFcKYDdXYQlBHWNfUnQoQUF8SzVbfUF/HXZ3S1MCRgxzYTVkZ2x2NXV4VQczUFxtQAJgBUBqKwkNe2oUeFZ8ex19X2oXYHNQagZqd11+RxByW1p+KFJgcnMXQ3tTRWd2fFsXYHN2bGsDe14AfjNkR3VoOWMMYHo6W2VSQQN7cFt0HUZETmsEXl18ZWtZY1YDGGtzdmI0S0BOawReA31xAF1sVV4ZcnxiazRwcgBoYhwNHQAUfgYBWgVbAGhQYHBGXmc+FAZ+VARBWGB6Oltwa1kzeGBAYjRbDQxrY0UMa2omW2MKXh5UXm12AllDS2IQe0RrRSpYY1ZeClRabVQxZFMeWCFeWkgPN1VuUUI2ZWZoXjd3B3dz
IP 143.204.55.57:443
Requested by https://www.upload.ee/files/15988886/FRA.exe.html
Certificate IssuerAmazon
Subjectfortatoneterrow.com
Fingerprint2E:9B:DD:C0:E0:30:2A:E9:01:AA:39:2A:3D:DE:A6:C3:00:BD:A4:F9
ValidityWed, 22 Nov 2023 00:00:00 GMT - Fri, 20 Dec 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3048), with no line terminators
Hash b0ade41b04fd9abeb29eaf1afe0f15c2
a231d7beae603aaf23804f639389a6770fb7b9ff
5586928e18ac1ce6f5489131d2d8b439f391e32181134b84565d97775b46c0e1
GET /MTQ4MlJQVltfbVAJWhQnQ1gFF2B3EQp0NkQESEc2AUdcXj9LUhZRPl5BXFQgXlpMHDxUQB0AFFdnVHwjZXxTQgJwZUlgOAUCfFwUcFcKYDdXYQlBHWNfUnQoQUF8SzVbfUF/HXZ3S1MCRgxzYTVkZ2x2NXV4VQczUFxtQAJgBUBqKwkNe2oUeFZ8ex19X2oXYHNQagZqd11+RxByW1p+KFJgcnMXQ3tTRWd2fFsXYHN2bGsDe14AfjNkR3VoOWMMYHo6W2VSQQN7cFt0HUZETmsEXl18ZWtZY1YDGGtzdmI0S0BOawReA31xAF1sVV4ZcnxiazRwcgBoYhwNHQAUfgYBWgVbAGhQYHBGXmc+FAZ+VARBWGB6Oltwa1kzeGBAYjRbDQxrY0UMa2omW2MKXh5UXm12AllDS2IQe0RrRSpYY1ZeClRabVQxZFMeWCFeWkgPN1VuUUI2ZWZoXjd3B3dz HTTP/1.1
Host: fortatoneterrow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1198
date: Mon, 27 Nov 2023 18:16:02 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 185768229530368be94556dcab1c486a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: DaZ3FSIefZqNzavPm7O2Yz3Nx7UDIymcp78BoVdny_P_A2CnE4huMg==
X-Firefox-Spdy: h2
onegoropsintold.com/bm01cWxBUlYCUSAXYxA+OAZlMF4CGlcwISwPWzMELyxzGA85XRMFBQpQDEhbWlwBVxwHCQhASh0ZVAUZHVAEVwUAC1pMShhQBF9fWkMGRUJeS0BMXUgZRRALU1wTARgaAQhAW15cBEFUV1sDQ15a
172.67.146.179204 No Content 0 B URL GET HTTP/2 onegoropsintold.com/bm01cWxBUlYCUSAXYxA+OAZlMF4CGlcwISwPWzMELyxzGA85XRMFBQpQDEhbWlwBVxwHCQhASh0ZVAUZHVAEVwUAC1pMShhQBF9fWkMGRUJeS0BMXUgZRRALU1wTARgaAQhAW15cBEFUV1sDQ15a
IP 172.67.146.179:443
Requested by https://www.upload.ee/files/15988886/FRA.exe.html
Certificate IssuerGoogle Trust Services LLC
Subjectonegoropsintold.com
FingerprintE5:43:A2:F3:B5:80:39:62:E4:80:E1:9B:0C:63:6D:D2:C2:C1:D9:29
ValidityFri, 17 Nov 2023 18:19:14 GMT - Thu, 15 Feb 2024 18:19:13 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /bm01cWxBUlYCUSAXYxA+OAZlMF4CGlcwISwPWzMELyxzGA85XRMFBQpQDEhbWlwBVxwHCQhASh0ZVAUZHVAEVwUAC1pMShhQBF9fWkMGRUJeS0BMXUgZRRALU1wTARgaAQhAW15cBEFUV1sDQ15a HTTP/1.1
Host: onegoropsintold.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
date: Mon, 27 Nov 2023 18:16:02 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mi6O1Dx%2Bh9XyltJMTUmthi4Y%2FtraBWJx6E%2F%2BsQwXN1lBwCGKU7JGmVYp%2FVOh3ir6yI4qne8sq3eJvTOxzuFbc00X6RNj5GR%2FET2almshn32%2BPap9KSmqTVy%2BxhfgBUpn8PXiFXnz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82cc5c27bdc30b02-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
www.upload.ee/favicon.ico
51.91.30.159200 OK 1.2 kB URL GET HTTP/1.1 www.upload.ee/favicon.ico
IP 51.91.30.159:443
Requested by https://www.upload.ee/files/15988886/FRA.exe.html
Certificate IssuerDigiCert, Inc.
Subjectwww.upload.ee
Fingerprint50:32:93:34:C8:04:2F:84:49:77:0D:C4:DD:CA:79:C9:CB:3E:C0:F4
ValidityThu, 02 Mar 2023 00:00:00 GMT - Mon, 01 Apr 2024 23:59:59 GMT
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash f299cf2e651c19e48d27900ced493ccb
c2d1086d517d7a26292e0d7b32da7c55b166c23b
115c8eb4840245f7aed0cb2a17fa7e91b86f79bb2f223a25af8cc533e1dedff1
GET /favicon.ico HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/files/15988886/FRA.exe.html
Cookie: lng=eng; _ga_LT9YQX0N49=GS1.1.1701108966.1.0.1701108966.0.0.0; _ga=GA1.1.75232319.1701108966
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 27 Nov 2023 18:16:02 GMT
Content-Type: image/x-icon
Content-Length: 1150
Last-Modified: Tue, 16 Dec 2008 17:17:25 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "4947e2a5-47e"
Expires: Mon, 04 Dec 2023 18:16:02 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
142.250.74.109302 Found 0 B URL GET HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP 142.250.74.109:443
Requested by https://www.upload.ee/files/15988886/FRA.exe.html
Certificate IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
Fingerprint1E:A9:E1:96:78:1D:08:FC:96:C8:C2:34:4F:02:D3:3D:FA:9A:D2:6B
ValidityMon, 23 Oct 2023 11:25:04 GMT - Mon, 15 Jan 2024 11:25:03 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:ruCtMpR1flVESIv2S9y6lFqcyLjI7g:oC1bcjFQWeQXOwMg; Expires=Wed, 26-Nov-2025 18:16:02 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 27 Nov 2023 18:16:02 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=ASKXGp1wrwmeoYGedKeVUkF61m1eGS9i8uwH_dM67FSVYDPeVjjE2Dvm0II8VfWcQ1DyO2crWrFTrA
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy: unsafe-none
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: script-src 'nonce-7INI8OWYZZGm0wlXyxizog' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport
cross-origin-resource-policy: cross-origin
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
142.250.74.109302 Found 0 B URL GET HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP 142.250.74.109:443
Requested by https://www.upload.ee/files/15988886/FRA.exe.html
Certificate IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
Fingerprint1E:A9:E1:96:78:1D:08:FC:96:C8:C2:34:4F:02:D3:3D:FA:9A:D2:6B
ValidityMon, 23 Oct 2023 11:25:04 GMT - Mon, 15 Jan 2024 11:25:03 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:6C0TJ53Xc9g-kstMQ3uCYCz6cW1R2A:E65WPtr8_Zi_UiIj; Expires=Wed, 26-Nov-2025 18:16:02 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 27 Nov 2023 18:16:02 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=ASKXGp130cHnY93TKSMsaqKK4Y1xrbZQslprqkgqNy93oM1MYruc1PQD_VeR26iGQNrOLCWdW3Fwfg
strict-transport-security: max-age=31536000; includeSubDomains
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-security-policy: require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport, script-src 'nonce-FxqrMBO63c6laKboWHfIHw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fortatoneterrow.com/utx?cb=WVSU6rBmTHNh&top=www.upload.ee&tid=997369
143.204.55.57204 No Content 0 B URL GET HTTP/2 fortatoneterrow.com/utx?cb=WVSU6rBmTHNh&top=www.upload.ee&tid=997369
IP 143.204.55.57:443
Requested by https://www.upload.ee/files/15988886/FRA.exe.html
Certificate IssuerAmazon
Subjectfortatoneterrow.com
Fingerprint2E:9B:DD:C0:E0:30:2A:E9:01:AA:39:2A:3D:DE:A6:C3:00:BD:A4:F9
ValidityWed, 22 Nov 2023 00:00:00 GMT - Fri, 20 Dec 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=WVSU6rBmTHNh&top=www.upload.ee&tid=997369 HTTP/1.1
Host: fortatoneterrow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.upload.ee
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
date: Mon, 27 Nov 2023 18:16:02 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://www.upload.ee
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Mon, 27 Nov 2023 18:17:02 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 185768229530368be94556dcab1c486a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: aCYEReBJcnbXNcx9lqNMfE437wadLLXkUJlVt5jOEEBfqH4Dfu96BQ==
X-Firefox-Spdy: h2
fortatoneterrow.com/utx?cb=VPfEkEGKK0mo&top=www.upload.ee&tid=997414
143.204.55.57204 No Content 0 B URL GET HTTP/2 fortatoneterrow.com/utx?cb=VPfEkEGKK0mo&top=www.upload.ee&tid=997414
IP 143.204.55.57:443
Requested by https://www.upload.ee/files/15988886/FRA.exe.html
Certificate IssuerAmazon
Subjectfortatoneterrow.com
Fingerprint2E:9B:DD:C0:E0:30:2A:E9:01:AA:39:2A:3D:DE:A6:C3:00:BD:A4:F9
ValidityWed, 22 Nov 2023 00:00:00 GMT - Fri, 20 Dec 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=VPfEkEGKK0mo&top=www.upload.ee&tid=997414 HTTP/1.1
Host: fortatoneterrow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.upload.ee
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
date: Mon, 27 Nov 2023 18:16:02 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://www.upload.ee
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Mon, 27 Nov 2023 18:17:02 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 185768229530368be94556dcab1c486a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: tnQunGna63V2ot3rY13sVpd7eHQDRXDXcij_LvJsTJF__mwiN-cjwg==
X-Firefox-Spdy: h2
accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=ASKXGp1wrwmeoYGedKeVUkF61m1eGS9i8uwH_dM67FSVYDPeVjjE2Dvm0II8VfWcQ1DyO2crWrFTrA
142.250.74.109302 Found 403 B URL GET HTTP/2 accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=ASKXGp1wrwmeoYGedKeVUkF61m1eGS9i8uwH_dM67FSVYDPeVjjE2Dvm0II8VfWcQ1DyO2crWrFTrA
IP 142.250.74.109:443
Requested by https://www.upload.ee/files/15988886/FRA.exe.html
Certificate IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
Fingerprint1E:A9:E1:96:78:1D:08:FC:96:C8:C2:34:4F:02:D3:3D:FA:9A:D2:6B
ValidityMon, 23 Oct 2023 11:25:04 GMT - Mon, 15 Jan 2024 11:25:03 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (395)
Hash 9fac3a38300861de743c5970b20d454e
38a477defb4070de069ff841ebbd4c3aee3466af
2b33183af835478dbb1676690d0ac21b8112ff07c9a85b7c2391f23467eb086c
GET /InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=ASKXGp1wrwmeoYGedKeVUkF61m1eGS9i8uwH_dM67FSVYDPeVjjE2Dvm0II8VfWcQ1DyO2crWrFTrA HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:RjT0TdxO7gaGEDKH4faiSd7aQAgcuQ:kP9XmUMQfp3kRDpF;Path=/;Expires=Wed, 26-Nov-2025 18:16:02 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 27 Nov 2023 18:16:02 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp0p-j1lAZH0_HhTI0TQIOrpIRfWhQl-R24gVSfON9wJ6rkkgVpyPjpqPfeOVkRicdC_1ug_EQ&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-570196975%3A1701108962902818&theme=glif
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-ft0SfARFzC__jiFzRgfiGg' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 403
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=ASKXGp130cHnY93TKSMsaqKK4Y1xrbZQslprqkgqNy93oM1MYruc1PQD_VeR26iGQNrOLCWdW3Fwfg
142.250.74.109302 Found 404 B URL GET HTTP/2 accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=ASKXGp130cHnY93TKSMsaqKK4Y1xrbZQslprqkgqNy93oM1MYruc1PQD_VeR26iGQNrOLCWdW3Fwfg
IP 142.250.74.109:443
Requested by https://www.upload.ee/files/15988886/FRA.exe.html
Certificate IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
Fingerprint1E:A9:E1:96:78:1D:08:FC:96:C8:C2:34:4F:02:D3:3D:FA:9A:D2:6B
ValidityMon, 23 Oct 2023 11:25:04 GMT - Mon, 15 Jan 2024 11:25:03 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (399)
Hash 846d2b7df740336db8024a7bfaabffa9
0a9d38e8cb699ff284fffba5385eee40bcd38c4b
87d1844b0d35af043cf842e709f726ed65a1fb6ef46d0464e43c2829def36782
GET /InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=ASKXGp130cHnY93TKSMsaqKK4Y1xrbZQslprqkgqNy93oM1MYruc1PQD_VeR26iGQNrOLCWdW3Fwfg HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:QtN2g5KuYbYpsc-t-8r4dQV7V1luwQ:ll_7HbM83mVoct-t;Path=/;Expires=Wed, 26-Nov-2025 18:16:02 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 27 Nov 2023 18:16:02 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp0eDvjUoCiS3oUGUNOSs2xboC1T-9l_zOLIoYjFjj4UWGiguBI3f75WQNFc-z7WiVfQpuqvNg&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1023808277%3A1701108962923017&theme=glif
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-KJ4sovOji-0pR-BS5COxnA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 404
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
du0pud0sdlmzf.cloudfront.net/wZVhpYWQGNwcHWxExDVxdXG9dUVxDMhoOChVlAhIWUg9eDVA3fh0bAFhoTw0FCz9URwELO1RQQgQ8C1xQQy0IXAkKIgANCAR9WydRS2hMU1RNLwAPAAovGkRWVTYdRFZVaVlPVEBrK0RWVS8AD1JRfVojQVdoEVdQQGsrRFZVKh9EVyRpWVRKVXFMU1QCPQ-oKC0BqL1NUVGhZUFRUfVtRAgwqDAcLHX1bJ1VVbUdRQhBlWA
143.204.42.89 189 B URL du0pud0sdlmzf.cloudfront.net/wZVhpYWQGNwcHWxExDVxdXG9dUVxDMhoOChVlAhIWUg9eDVA3fh0bAFhoTw0FCz9URwELO1RQQgQ8C1xQQy0IXAkKIgANCAR9WydRS2hMU1RNLwAPAAovGkRWVTYdRFZVaVlPVEBrK0RWVS8AD1JRfVojQVdoEVdQQGsrRFZVKh9EVyRpWVRKVXFMU1QCPQ-oKC0BqL1NUVGhZUFRUfVtRAgwqDAcLHX1bJ1VVbUdRQhBlWA
IP 143.204.42.89:0
Certificate IssuerAmazon
Subject*.cloudfront.net
FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52
ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT
File type ASCII text, with no line terminators
Hash 82e4a00e9bac4e223e26bfd39cb72898
d4ebddf78e3315f25e052c7d985ec8413551c509
ee011edd89440b793426dfe3d658628536bd3fc8c883e10fb9e66a1924ae046b
GET /wZVhpYWQGNwcHWxExDVxdXG9dUVxDMhoOChVlAhIWUg9eDVA3fh0bAFhoTw0FCz9URwELO1RQQgQ8C1xQQy0IXAkKIgANCAR9WydRS2hMU1RNLwAPAAovGkRWVTYdRFZVaVlPVEBrK0RWVS8AD1JRfVojQVdoEVdQQGsrRFZVKh9EVyRpWVRKVXFMU1QCPQ-oKC0BqL1NUVGhZUFRUfVtRAgwqDAcLHX1bJ1VVbUdRQhBlWA HTTP/1.1
Host: du0pud0sdlmzf.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fortatoneterrow.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 189
date: Mon, 27 Nov 2023 18:16:03 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 f46f7100ad6fc83a021f62212f945830.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: wJTVKa_h3xpK394aoapJVIZPknVJ3h0kOdCrzH1whx6cuq_8djf8QA==
X-Firefox-Spdy: h2
du0pud0sdlmzf.cloudfront.net/iVzkyUFg0Vlw2ZyNQVm1hbg4BZmFxU0E/NicEUxQaFnEBHw9uWnA2CXFNSDRlZx9eMTYwBBQ1NjQEA3Y5M1sPZH4jSV07ZTlfUDU8LlFKMTFxTFNtNThDWzw0NhwAFm15CRdiaH9OWz48OE5BdWpnV0Z1amcIAn5ocgpwdWpnTls+bmMcARJ9ZQlKZmxyCn-B1amdLRHVrFggCZXZnEBdiaDBcUTs3cgt0YmhmCQJhaGYcAGA+PktXNjcvHAAWaWcMHGB+IgQD
143.204.42.89 611 B URL du0pud0sdlmzf.cloudfront.net/iVzkyUFg0Vlw2ZyNQVm1hbg4BZmFxU0E/NicEUxQaFnEBHw9uWnA2CXFNSDRlZx9eMTYwBBQ1NjQEA3Y5M1sPZH4jSV07ZTlfUDU8LlFKMTFxTFNtNThDWzw0NhwAFm15CRdiaH9OWz48OE5BdWpnV0Z1amcIAn5ocgpwdWpnTls+bmMcARJ9ZQlKZmxyCn-B1amdLRHVrFggCZXZnEBdiaDBcUTs3cgt0YmhmCQJhaGYcAGA+PktXNjcvHAAWaWcMHGB+IgQD
IP 143.204.42.89:0
Certificate IssuerAmazon
Subject*.cloudfront.net
FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52
ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT
File type ASCII text, with very long lines (873), with no line terminators
Hash e5ad9644c26958f8f05e052926dd9c13
dd6429edd1d49e2cb8cfacc6c714735ad2bd76a9
176c31f89938a3f6977c152d26dccd1ca1e19950d162254e3cee65cb1151601f
GET /iVzkyUFg0Vlw2ZyNQVm1hbg4BZmFxU0E/NicEUxQaFnEBHw9uWnA2CXFNSDRlZx9eMTYwBBQ1NjQEA3Y5M1sPZH4jSV07ZTlfUDU8LlFKMTFxTFNtNThDWzw0NhwAFm15CRdiaH9OWz48OE5BdWpnV0Z1amcIAn5ocgpwdWpnTls+bmMcARJ9ZQlKZmxyCn-B1amdLRHVrFggCZXZnEBdiaDBcUTs3cgt0YmhmCQJhaGYcAGA+PktXNjcvHAAWaWcMHGB+IgQD HTTP/1.1
Host: du0pud0sdlmzf.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fortatoneterrow.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 611
date: Mon, 27 Nov 2023 18:16:03 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 f46f7100ad6fc83a021f62212f945830.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: hSmGaPoUzIAT6ihQsltw0sJv3pX4vdarUikGxO3f_Jf8hUCKVejuqw==
X-Firefox-Spdy: h2
du0pud0sdlmzf.cloudfront.net/fSlNqTHkpPAQqRj46DnFAc2RefU1sORkjFzpuDygjIyMOGCsaPw8KSgUSTDgDLm5aahUrPQ1xXy89CXFIbDIOLkR+dR48FiFuBCobLzcTJAErOkw5GHc+BTYQJj8LaUsMZkR8XHhjQjsQJDcFOwpvYVoiDW9hWn1JZGNPfztvYVo7ECRlXmlKCHZYfAF8Z0-9/O29hWj4Pb2ArfUl/fVplXHhjDSkaITxPfj94Y1t8SXtjW2lLejUDPhwsPBJpSwxiWnlXenUfcUg
143.204.42.89 575 B URL du0pud0sdlmzf.cloudfront.net/fSlNqTHkpPAQqRj46DnFAc2RefU1sORkjFzpuDygjIyMOGCsaPw8KSgUSTDgDLm5aahUrPQ1xXy89CXFIbDIOLkR+dR48FiFuBCobLzcTJAErOkw5GHc+BTYQJj8LaUsMZkR8XHhjQjsQJDcFOwpvYVoiDW9hWn1JZGNPfztvYVo7ECRlXmlKCHZYfAF8Z0-9/O29hWj4Pb2ArfUl/fVplXHhjDSkaITxPfj94Y1t8SXtjW2lLejUDPhwsPBJpSwxiWnlXenUfcUg
IP 143.204.42.89:0
Certificate IssuerAmazon
Subject*.cloudfront.net
FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52
ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT
File type ASCII text, with very long lines (807), with no line terminators
Hash 6c4fb17937d279947189b21cba18275a
11f60e36b7fbcd3cb6499be0541e3cacdbb5273e
5ca65f9de4a3bcf8678cc2d04900ffa3aed30b2435a0429387309404c20394ce
GET /fSlNqTHkpPAQqRj46DnFAc2RefU1sORkjFzpuDygjIyMOGCsaPw8KSgUSTDgDLm5aahUrPQ1xXy89CXFIbDIOLkR+dR48FiFuBCobLzcTJAErOkw5GHc+BTYQJj8LaUsMZkR8XHhjQjsQJDcFOwpvYVoiDW9hWn1JZGNPfztvYVo7ECRlXmlKCHZYfAF8Z0-9/O29hWj4Pb2ArfUl/fVplXHhjDSkaITxPfj94Y1t8SXtjW2lLejUDPhwsPBJpSwxiWnlXenUfcUg HTTP/1.1
Host: du0pud0sdlmzf.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fortatoneterrow.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 575
date: Mon, 27 Nov 2023 18:16:03 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 f46f7100ad6fc83a021f62212f945830.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: VifTmkK_iGm09LRTQa6AeH3pOqiBYyOzuzGQN72qB8xm66-pQKCYEA==
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp0eDvjUoCiS3oUGUNOSs2xboC1T-9l_zOLIoYjFjj4UWGiguBI3f75WQNFc-z7WiVfQpuqvNg&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1023808277%3A1701108962923017&theme=glif
142.250.74.109403 Forbidden 805 B URL GET HTTP/3 accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp0eDvjUoCiS3oUGUNOSs2xboC1T-9l_zOLIoYjFjj4UWGiguBI3f75WQNFc-z7WiVfQpuqvNg&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1023808277%3A1701108962923017&theme=glif
IP 142.250.74.109:443
Requested by https://www.upload.ee/files/15988886/FRA.exe.html
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint4C:0D:17:8C:F1:30:7C:3A:6F:9B:8E:B4:83:0E:5C:BD:ED:17:3E:95
ValidityMon, 23 Oct 2023 11:18:24 GMT - Mon, 15 Jan 2024 11:18:23 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (1644), with no line terminators
Hash b32f4feec0170d89294913645814c984
1d12a3286dd9d910ee6520ce0147f0d9c830bfd9
12d69f0bfa2bd3743c0c8db14f70c6330b713fec212eb654833f49b2f8969b8e
GET /v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp0eDvjUoCiS3oUGUNOSs2xboC1T-9l_zOLIoYjFjj4UWGiguBI3f75WQNFc-z7WiVfQpuqvNg&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1023808277%3A1701108962923017&theme=glif HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 27 Nov 2023 18:16:03 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-5KPtUexUfRovvJoVw4oZDw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp0p-j1lAZH0_HhTI0TQIOrpIRfWhQl-R24gVSfON9wJ6rkkgVpyPjpqPfeOVkRicdC_1ug_EQ&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-570196975%3A1701108962902818&theme=glif
142.250.74.109403 Forbidden 1.3 kB URL GET HTTP/3 accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp0p-j1lAZH0_HhTI0TQIOrpIRfWhQl-R24gVSfON9wJ6rkkgVpyPjpqPfeOVkRicdC_1ug_EQ&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-570196975%3A1701108962902818&theme=glif
IP 142.250.74.109:443
Requested by https://www.upload.ee/files/15988886/FRA.exe.html
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint4C:0D:17:8C:F1:30:7C:3A:6F:9B:8E:B4:83:0E:5C:BD:ED:17:3E:95
ValidityMon, 23 Oct 2023 11:18:24 GMT - Mon, 15 Jan 2024 11:18:23 GMT
File type gzip compressed data, max compression\012- data
Hash 9f8a6e8623f85f9956178630fb7c82b2
fa1c76986d391328f8f97e90a24a3bcb193e8748
d699af5493763b7ee5c7b136d01d67c3a79a9c0d9fd6eec8d65423118a225d8e
GET /v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp0p-j1lAZH0_HhTI0TQIOrpIRfWhQl-R24gVSfON9wJ6rkkgVpyPjpqPfeOVkRicdC_1ug_EQ&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-570196975%3A1701108962902818&theme=glif HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 27 Nov 2023 18:16:02 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
content-security-policy: script-src 'nonce-uNXCULWVnjEVTWUpNLGmEQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
serving.bepolite.eu/script?space=50dd7b0f-4105-441f-8f60-18cc3fcb090c&type=direct&page_id=6280797&screen_width=1280&screen_height=1024&os=Linux%20x86_64&refurl=https%3A%2F%2Fwww.upload.ee%2Fdownload%2F15988886%2F9d951953cb721deb0cc8%2Ffra.exe&pageurl=https%3A%2F%2Fwww.upload.ee%2Ffiles%2F15988886%2FFRA.exe.html&rnd=1701108966127
212.47.222.20 1.6 kB URL GET serving.bepolite.eu/script?space=50dd7b0f-4105-441f-8f60-18cc3fcb090c&type=direct&page_id=6280797&screen_width=1280&screen_height=1024&os=Linux%20x86_64&refurl=https%3A%2F%2Fwww.upload.ee%2Fdownload%2F15988886%2F9d951953cb721deb0cc8%2Ffra.exe&pageurl=https%3A%2F%2Fwww.upload.ee%2Ffiles%2F15988886%2FFRA.exe.html&rnd=1701108966127
IP 212.47.222.20:0
ASN #3327 CITIC Telecom CPC Netherlands B.V.
Requested by https://www.upload.ee/files/15988886/FRA.exe.html
Certificate IssuerLet's Encrypt
Subjectstatic.bepolite.eu
Fingerprint8B:4D:B8:C8:25:20:C8:F7:6E:64:AD:6F:28:DF:17:96:B7:3E:67:B9
ValidityFri, 03 Nov 2023 22:07:14 GMT - Thu, 01 Feb 2024 22:07:13 GMT
File type ASCII text, with very long lines (394)
Hash 1078703ec3af18c1c161431007862498
764ddfde6c0b396637a9b241e58b66f8d25a307d
7abb80c668a6c0bd49073c893694c5208c06cf23eb2950344e5fa813545d05b3
GET /script?space=50dd7b0f-4105-441f-8f60-18cc3fcb090c&type=direct&page_id=6280797&screen_width=1280&screen_height=1024&os=Linux%20x86_64&refurl=https%3A%2F%2Fwww.upload.ee%2Fdownload%2F15988886%2F9d951953cb721deb0cc8%2Ffra.exe&pageurl=https%3A%2F%2Fwww.upload.ee%2Ffiles%2F15988886%2FFRA.exe.html&rnd=1701108966127 HTTP/1.1
Host: serving.bepolite.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
cache-control: private, must-revalidate, max-age=0
vary: accept-encoding
content-encoding: gzip
content-type: text/plain;charset=ISO-8859-1
date: Mon, 27 Nov 2023 18:15:45 GMT
set-cookie: bepolite_id=1d1c294ea76d287584b493d07361b6af; Max-Age=7776000; Expires=Sun, 25-Feb-2024 18:15:45 GMT; SameSite=None; Secure
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 168517841
age: 0
accept-ranges: bytes
content-length: 1641
X-Firefox-Spdy: h2
static.bepolite.eu/scripts/saresponsive.js
212.47.222.20200 OK 177 kB URL GET HTTP/2 static.bepolite.eu/scripts/saresponsive.js
IP 212.47.222.20:443
ASN #3327 CITIC Telecom CPC Netherlands B.V.
Requested by https://www.upload.ee/files/15988886/FRA.exe.html
Certificate IssuerLet's Encrypt
Subjectstatic.bepolite.eu
Fingerprint8B:4D:B8:C8:25:20:C8:F7:6E:64:AD:6F:28:DF:17:96:B7:3E:67:B9
ValidityFri, 03 Nov 2023 22:07:14 GMT - Thu, 01 Feb 2024 22:07:13 GMT
File type ASCII text, with very long lines (32077), with CRLF line terminators
Size 177 kB (177002 bytes)
Hash e94b1e6619d5d0264e9073324b7fd667
72f27e0a09fdf92a40a0cdba0a8be9e902e85380
2ef9a9a195e17329b9e2a844c83ccfa1c80f93b9848f5430da8b0a63444da59c
GET /scripts/saresponsive.js HTTP/1.1
Host: static.bepolite.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
accept-ranges: bytes
etag: "2912359364"
last-modified: Thu, 26 Oct 2023 21:13:25 GMT
content-length: 177002
date: Mon, 27 Nov 2023 18:15:45 GMT
cache-control: must-revalidate, private
expires: -1
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 169914822
age: 0
X-Firefox-Spdy: h2
static.bepolite.eu/banners/0e130e08-09d9-424c-b0c1-bf0f6499cd6d/Bakugan-300x600-ee.jpg
212.47.222.20200 OK 128 kB URL GET HTTP/2 static.bepolite.eu/banners/0e130e08-09d9-424c-b0c1-bf0f6499cd6d/Bakugan-300x600-ee.jpg
IP 212.47.222.20:443
ASN #3327 CITIC Telecom CPC Netherlands B.V.
Requested by https://www.upload.ee/files/15988886/FRA.exe.html
Certificate IssuerLet's Encrypt
Subjectstatic.bepolite.eu
Fingerprint8B:4D:B8:C8:25:20:C8:F7:6E:64:AD:6F:28:DF:17:96:B7:3E:67:B9
ValidityFri, 03 Nov 2023 22:07:14 GMT - Thu, 01 Feb 2024 22:07:13 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 300x600, components 3\012- data
Size 128 kB (128072 bytes)
Hash 65b0ce3c72595ac560c8eb236ac0a104
7b8b3037df09cfcbe2693f63480e93b2cd0985bc
ee9627e11b69984c5825216ea61a6403dda3975ee4625be96436aa79f3921122
GET /banners/0e130e08-09d9-424c-b0c1-bf0f6499cd6d/Bakugan-300x600-ee.jpg HTTP/1.1
Host: static.bepolite.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
accept-ranges: bytes
etag: "367350955"
last-modified: Thu, 16 Nov 2023 16:47:39 GMT
content-length: 128072
date: Mon, 27 Nov 2023 18:15:20 GMT
cache-control: must-revalidate, private
expires: -1
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 169627272
age: 0
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.166.32200 OK 104 kB IP 172.64.166.32:443
Requested by https://www.upload.ee/files/15988886/FRA.exe.html
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint17:F9:2D:6F:B5:5E:5F:37:A6:FB:BE:61:4F:97:64:33:85:5C:3A:FB
ValidityTue, 28 Feb 2023 00:00:00 GMT - Tue, 27 Feb 2024 23:59:59 GMT
Size 104 kB (103897 bytes)
Hash 982034c341d787a8bc0201891b2deaaf
55e3cf6858c81a2678337a5874b7a55c221291a7
356ff235d7f84ba15251df347c90d7f81af137c0ac9158ddd141ff16e288ebbd
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
Origin: https://www.upload.ee
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 27 Nov 2023 18:16:02 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://www.upload.ee
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 2765
last-modified: Mon, 27 Nov 2023 17:29:57 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qtc9pQeMsvPwXDsqPvXsYgT10%2Bf2IEKmgkC9QU%2FfEyxcohna%2FjOFLYO9OrWheCMZFlM6cP6YiSyjBzdDrZGxjpPTMtQvAKMBI3BMc5wgPu9kKD9ksNiVFlO7nAhftuuy"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82cc5c2a2c4a369a-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF9i_d2MV3on0MFYHHd0rcYuqHAC_YC1JRmBTat06R_HXpXcUmogldMAdEkfXBZCW717a3wwbO8pFw2NXNase_UFTxtGk_I3VOec8RFvjk0eEBEjn-4EZYjQiWXc2EShN_X_8W3RBqckKxGqpHmCRL2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-247S-r59iqsg42zzNATEvjPSKwSI3kWUCzEVEilwKOz6vJC75cya34B2MvtIyXVEfa5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g
212.47.222.20200 OK 0 B URL GET HTTP/2 serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF9i_d2MV3on0MFYHHd0rcYuqHAC_YC1JRmBTat06R_HXpXcUmogldMAdEkfXBZCW717a3wwbO8pFw2NXNase_UFTxtGk_I3VOec8RFvjk0eEBEjn-4EZYjQiWXc2EShN_X_8W3RBqckKxGqpHmCRL2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-247S-r59iqsg42zzNATEvjPSKwSI3kWUCzEVEilwKOz6vJC75cya34B2MvtIyXVEfa5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g
IP 212.47.222.20:443
ASN #3327 CITIC Telecom CPC Netherlands B.V.
Requested by https://www.upload.ee/files/15988886/FRA.exe.html
Certificate IssuerLet's Encrypt
Subjectstatic.bepolite.eu
Fingerprint8B:4D:B8:C8:25:20:C8:F7:6E:64:AD:6F:28:DF:17:96:B7:3E:67:B9
ValidityFri, 03 Nov 2023 22:07:14 GMT - Thu, 01 Feb 2024 22:07:13 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /event?key=FYFWuDany3hwv6rfuoAYF9i_d2MV3on0MFYHHd0rcYuqHAC_YC1JRmBTat06R_HXpXcUmogldMAdEkfXBZCW717a3wwbO8pFw2NXNase_UFTxtGk_I3VOec8RFvjk0eEBEjn-4EZYjQiWXc2EShN_X_8W3RBqckKxGqpHmCRL2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-247S-r59iqsg42zzNATEvjPSKwSI3kWUCzEVEilwKOz6vJC75cya34B2MvtIyXVEfa5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g HTTP/1.1
Host: serving.bepolite.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Cookie: bepolite_id=1d1c294ea76d287584b493d07361b6af
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 0
date: Mon, 27 Nov 2023 18:15:45 GMT
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 169529489
age: 0
accept-ranges: bytes
X-Firefox-Spdy: h2
banner.hookusbookus.com/config/config.js?v=1
3.125.21.104200 OK 75 B URL GET HTTP/2 banner.hookusbookus.com/config/config.js?v=1
IP 3.125.21.104:443
Requested by https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF9i_d2MV3on0MFYHHd0rcYuqHAC_YC1JRmBTat06R_HXpXcUmogldMAdEkfXBZCW717a3wwbO8pFw2NXNase_UFTxtGk_I3VOec8RFvjk0eEBEjn-4EZYjQiWXc2EShN_X_8W3RBqckKxGqpHmCRL2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-36qxw8Ul2_rwVcuvzsLUipOtuW_QN7J6fUO08VJfhiOKqJKd716KUrG_T0DJ_T5D_a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF9i_d2MV3on0MFYHHd0rcYuqHAC_YC1JRmBTat06R_HXpXcUmogldMAdEkfXBZCW717a3wwbO8pFw2NXNase_UFTxtGk_I3VOec8RFvjk0eEBEjn-4EZYjQiWXc2EShN_X_8W3RBqckKxGqpHmCRL2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-36qxw8Ul2_rwVcuvzsLUipOtuW_QN7J6fUO08VJfhiOKqJKd716KUrG_T0DJ_T5D_a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=550ae091e6d342dc802fe77be54e2ed650dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerAmazon
Subject*.hookusbookus.com
FingerprintCD:CD:3C:03:66:21:F8:A9:21:BC:F8:C8:3C:DC:88:0A:C5:19:F1:7A
ValiditySun, 07 May 2023 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT
Hash ee16e21326dec006274a554647c4d759
8e4389c35e12ea6d1e4d7214c174fda343047865
5ccb649c18765165e7128191ea14ab53d8de87d6ad7eea29328b681d455d7a4f
GET /config/config.js?v=1 HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF9i_d2MV3on0MFYHHd0rcYuqHAC_YC1JRmBTat06R_HXpXcUmogldMAdEkfXBZCW717a3wwbO8pFw2NXNase_UFTxtGk_I3VOec8RFvjk0eEBEjn-4EZYjQiWXc2EShN_X_8W3RBqckKxGqpHmCRL2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-36qxw8Ul2_rwVcuvzsLUipOtuW_QN7J6fUO08VJfhiOKqJKd716KUrG_T0DJ_T5D_a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF9i_d2MV3on0MFYHHd0rcYuqHAC_YC1JRmBTat06R_HXpXcUmogldMAdEkfXBZCW717a3wwbO8pFw2NXNase_UFTxtGk_I3VOec8RFvjk0eEBEjn-4EZYjQiWXc2EShN_X_8W3RBqckKxGqpHmCRL2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-36qxw8Ul2_rwVcuvzsLUipOtuW_QN7J6fUO08VJfhiOKqJKd716KUrG_T0DJ_T5D_a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=550ae091e6d342dc802fe77be54e2ed650dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Mon, 27 Nov 2023 18:16:03 GMT
content-type: application/javascript
content-length: 75
server: nginx/1.15.12
last-modified: Tue, 24 Jan 2023 14:19:47 GMT
etag: "63cfe903-4b"
accept-ranges: bytes
X-Firefox-Spdy: h2
banner.hookusbookus.com/assets/css/index_1000x200.css
3.125.21.104200 OK 3.6 kB URL GET HTTP/2 banner.hookusbookus.com/assets/css/index_1000x200.css
IP 3.125.21.104:443
Requested by https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF9i_d2MV3on0MFYHHd0rcYuqHAC_YC1JRmBTat06R_HXpXcUmogldMAdEkfXBZCW717a3wwbO8pFw2NXNase_UFTxtGk_I3VOec8RFvjk0eEBEjn-4EZYjQiWXc2EShN_X_8W3RBqckKxGqpHmCRL2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-36qxw8Ul2_rwVcuvzsLUipOtuW_QN7J6fUO08VJfhiOKqJKd716KUrG_T0DJ_T5D_a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF9i_d2MV3on0MFYHHd0rcYuqHAC_YC1JRmBTat06R_HXpXcUmogldMAdEkfXBZCW717a3wwbO8pFw2NXNase_UFTxtGk_I3VOec8RFvjk0eEBEjn-4EZYjQiWXc2EShN_X_8W3RBqckKxGqpHmCRL2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-36qxw8Ul2_rwVcuvzsLUipOtuW_QN7J6fUO08VJfhiOKqJKd716KUrG_T0DJ_T5D_a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=550ae091e6d342dc802fe77be54e2ed650dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerAmazon
Subject*.hookusbookus.com
FingerprintCD:CD:3C:03:66:21:F8:A9:21:BC:F8:C8:3C:DC:88:0A:C5:19:F1:7A
ValiditySun, 07 May 2023 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT
File type gzip compressed data, from Unix\012- data
Hash 805386b458c26412844874e80bbefc00
6fb5ebb2a34ca8403c2c45ef46e00480556fdbd4
012d0f48eb5661665403b394b6c52450d211fa73d683891ea34ce2555efd7471
GET /assets/css/index_1000x200.css HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF9i_d2MV3on0MFYHHd0rcYuqHAC_YC1JRmBTat06R_HXpXcUmogldMAdEkfXBZCW717a3wwbO8pFw2NXNase_UFTxtGk_I3VOec8RFvjk0eEBEjn-4EZYjQiWXc2EShN_X_8W3RBqckKxGqpHmCRL2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-36qxw8Ul2_rwVcuvzsLUipOtuW_QN7J6fUO08VJfhiOKqJKd716KUrG_T0DJ_T5D_a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF9i_d2MV3on0MFYHHd0rcYuqHAC_YC1JRmBTat06R_HXpXcUmogldMAdEkfXBZCW717a3wwbO8pFw2NXNase_UFTxtGk_I3VOec8RFvjk0eEBEjn-4EZYjQiWXc2EShN_X_8W3RBqckKxGqpHmCRL2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-36qxw8Ul2_rwVcuvzsLUipOtuW_QN7J6fUO08VJfhiOKqJKd716KUrG_T0DJ_T5D_a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=550ae091e6d342dc802fe77be54e2ed650dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Mon, 27 Nov 2023 18:16:03 GMT
content-type: text/css
server: nginx/1.15.12
last-modified: Fri, 17 Dec 2021 08:13:58 GMT
vary: Accept-Encoding
etag: W/"61bc46c6-1301"
content-encoding: gzip
X-Firefox-Spdy: h2
serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF9i_d2MV3on0MFYHHd0rcYuqHAC_YC1JRmBTat06R_HXpXcUmogldMAdEkfXBZCW717a3wwbO8pFw2NXNase_UFTxtGk_I3VOec8RFvjk0eEBEjn-4EZYjQiWXc2EShN_X_8W3RBqckKxGqpHmCRL2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-36qxw8Ul2_rwVcuvzsLUipOtuW_QN7J6fUO08VJfhiOKqJKd716KUrG_T0DJ_T5D_a5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g
212.47.222.20200 OK 0 B URL GET HTTP/2 serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF9i_d2MV3on0MFYHHd0rcYuqHAC_YC1JRmBTat06R_HXpXcUmogldMAdEkfXBZCW717a3wwbO8pFw2NXNase_UFTxtGk_I3VOec8RFvjk0eEBEjn-4EZYjQiWXc2EShN_X_8W3RBqckKxGqpHmCRL2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-36qxw8Ul2_rwVcuvzsLUipOtuW_QN7J6fUO08VJfhiOKqJKd716KUrG_T0DJ_T5D_a5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g
IP 212.47.222.20:443
ASN #3327 CITIC Telecom CPC Netherlands B.V.
Requested by https://www.upload.ee/files/15988886/FRA.exe.html
Certificate IssuerLet's Encrypt
Subjectstatic.bepolite.eu
Fingerprint8B:4D:B8:C8:25:20:C8:F7:6E:64:AD:6F:28:DF:17:96:B7:3E:67:B9
ValidityFri, 03 Nov 2023 22:07:14 GMT - Thu, 01 Feb 2024 22:07:13 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /event?key=FYFWuDany3hwv6rfuoAYF9i_d2MV3on0MFYHHd0rcYuqHAC_YC1JRmBTat06R_HXpXcUmogldMAdEkfXBZCW717a3wwbO8pFw2NXNase_UFTxtGk_I3VOec8RFvjk0eEBEjn-4EZYjQiWXc2EShN_X_8W3RBqckKxGqpHmCRL2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-36qxw8Ul2_rwVcuvzsLUipOtuW_QN7J6fUO08VJfhiOKqJKd716KUrG_T0DJ_T5D_a5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g HTTP/1.1
Host: serving.bepolite.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Cookie: bepolite_id=1d1c294ea76d287584b493d07361b6af
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 0
date: Mon, 27 Nov 2023 18:15:24 GMT
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 168517862
age: 0
accept-ranges: bytes
X-Firefox-Spdy: h2
banner.hookusbookus.com/assets/fonts/greycliff-cf-regular.woff
3.125.21.104200 OK 53 kB URL GET HTTP/2 banner.hookusbookus.com/assets/fonts/greycliff-cf-regular.woff
IP 3.125.21.104:443
Requested by https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF9i_d2MV3on0MFYHHd0rcYuqHAC_YC1JRmBTat06R_HXpXcUmogldMAdEkfXBZCW717a3wwbO8pFw2NXNase_UFTxtGk_I3VOec8RFvjk0eEBEjn-4EZYjQiWXc2EShN_X_8W3RBqckKxGqpHmCRL2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-36qxw8Ul2_rwVcuvzsLUipOtuW_QN7J6fUO08VJfhiOKqJKd716KUrG_T0DJ_T5D_a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF9i_d2MV3on0MFYHHd0rcYuqHAC_YC1JRmBTat06R_HXpXcUmogldMAdEkfXBZCW717a3wwbO8pFw2NXNase_UFTxtGk_I3VOec8RFvjk0eEBEjn-4EZYjQiWXc2EShN_X_8W3RBqckKxGqpHmCRL2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-36qxw8Ul2_rwVcuvzsLUipOtuW_QN7J6fUO08VJfhiOKqJKd716KUrG_T0DJ_T5D_a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=550ae091e6d342dc802fe77be54e2ed650dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerAmazon
Subject*.hookusbookus.com
FingerprintCD:CD:3C:03:66:21:F8:A9:21:BC:F8:C8:3C:DC:88:0A:C5:19:F1:7A
ValiditySun, 07 May 2023 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT
File type Web Open Font Format, TrueType, length 53104, version 1.500\012- data
Hash 4f5975fe17a8ca74963be0165ff6a443
4bca2ab6c3da2b6ae09602601adeac22e7a90381
5b8f98e0c93afef19bd64c3dea2a16d60dc1574e5a4a79b788ef03b9eb3c22df
GET /assets/fonts/greycliff-cf-regular.woff HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/assets/css/index_1000x200.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Mon, 27 Nov 2023 18:16:04 GMT
content-type: font/woff
content-length: 53104
server: nginx/1.15.12
last-modified: Thu, 22 Apr 2021 07:20:15 GMT
etag: "608123af-cf70"
accept-ranges: bytes
X-Firefox-Spdy: h2
banner-server.hookusbookus.com/package-feed?language=et_ee&utmSource=allmedia
3.125.21.104200 OK 72 kB URL GET HTTP/2 banner-server.hookusbookus.com/package-feed?language=et_ee&utmSource=allmedia
IP 3.125.21.104:443
Requested by https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF9i_d2MV3on0MFYHHd0rcYuqHAC_YC1JRmBTat06R_HXpXcUmogldMAdEkfXBZCW717a3wwbO8pFw2NXNase_UFTxtGk_I3VOec8RFvjk0eEBEjn-4EZYjQiWXc2EShN_X_8W3RBqckKxGqpHmCRL2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-36qxw8Ul2_rwVcuvzsLUipOtuW_QN7J6fUO08VJfhiOKqJKd716KUrG_T0DJ_T5D_a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF9i_d2MV3on0MFYHHd0rcYuqHAC_YC1JRmBTat06R_HXpXcUmogldMAdEkfXBZCW717a3wwbO8pFw2NXNase_UFTxtGk_I3VOec8RFvjk0eEBEjn-4EZYjQiWXc2EShN_X_8W3RBqckKxGqpHmCRL2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-36qxw8Ul2_rwVcuvzsLUipOtuW_QN7J6fUO08VJfhiOKqJKd716KUrG_T0DJ_T5D_a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=550ae091e6d342dc802fe77be54e2ed650dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerAmazon
Subject*.hookusbookus.com
FingerprintCD:CD:3C:03:66:21:F8:A9:21:BC:F8:C8:3C:DC:88:0A:C5:19:F1:7A
ValiditySun, 07 May 2023 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT
Hash b83b508748e8c7d54a25090a23be37e9
5b30d35eedffe13fbdc54e53a5b8f3ea159a354f
007274bc26ba3394fe7c319491bcb6cd8c1c98039fbb6c0c828cbc938d4a8b0d
GET /package-feed?language=et_ee&utmSource=allmedia HTTP/1.1
Host: banner-server.hookusbookus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://banner.hookusbookus.com
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 27 Nov 2023 18:16:04 GMT
content-type: application/json
access-control-allow-origin: https://banner.hookusbookus.com
access-control-allow-methods: POST, PUT, GET, PATCH, OPTIONS, DELETE
access-control-max-age: 3600
access-control-allow-headers: origin, authorization, accept, content-type, x-requested-with, Pragma, Cache-Control, If-Modified-Since, X-Auth-Token, X-Client-Certificate
access-control-allow-credentials: true
access-control-expose-headers: X-Auth-Token, Content-Disposition, Content-Length
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
x-frame-options: DENY
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.166.32200 OK 102 kB IP 172.64.166.32:443
Requested by https://www.upload.ee/files/15988886/FRA.exe.html
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint17:F9:2D:6F:B5:5E:5F:37:A6:FB:BE:61:4F:97:64:33:85:5C:3A:FB
ValidityTue, 28 Feb 2023 00:00:00 GMT - Tue, 27 Feb 2024 23:59:59 GMT
Size 102 kB (102400 bytes)
Hash 4c6426ac7ef186464ecbb0d81cbfcb1e
5a6918eebd9d635e8f632e3ef34e3792b1b5ec13
f627ca4c2c322f15db26152df306bd4f983f0146409b81a4341b9b340c365a16
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
Origin: https://www.upload.ee
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 27 Nov 2023 18:16:02 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://www.upload.ee
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 2765
last-modified: Mon, 27 Nov 2023 17:29:57 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7n6BH4sHRq3%2B45ZX2ipJZ9775hKmef14sCJA928dZo%2FQNbUfUc9LRDKgImVqN5fbbNygA8p2vskbcWC7lQ7qxgcf6BEFHZZ5qoabg9NVmwPW56YHnZnKtdFb%2BCQC7FPY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82cc5c2a2c4b369a-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
dskwugy0u6y9l.cloudfront.net/hotelliveeb/images/general/1/tr6nnHRJnwBbHsX18wBg.jpg
143.204.42.89200 OK 64 kB URL GET HTTP/2 dskwugy0u6y9l.cloudfront.net/hotelliveeb/images/general/1/tr6nnHRJnwBbHsX18wBg.jpg
IP 143.204.42.89:443
Requested by https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF9i_d2MV3on0MFYHHd0rcYuqHAC_YC1JRmBTat06R_HXpXcUmogldMAdEkfXBZCW717a3wwbO8pFw2NXNase_UFTxtGk_I3VOec8RFvjk0eEBEjn-4EZYjQiWXc2EShN_X_8W3RBqckKxGqpHmCRL2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-36qxw8Ul2_rwVcuvzsLUipOtuW_QN7J6fUO08VJfhiOKqJKd716KUrG_T0DJ_T5D_a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF9i_d2MV3on0MFYHHd0rcYuqHAC_YC1JRmBTat06R_HXpXcUmogldMAdEkfXBZCW717a3wwbO8pFw2NXNase_UFTxtGk_I3VOec8RFvjk0eEBEjn-4EZYjQiWXc2EShN_X_8W3RBqckKxGqpHmCRL2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-36qxw8Ul2_rwVcuvzsLUipOtuW_QN7J6fUO08VJfhiOKqJKd716KUrG_T0DJ_T5D_a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=550ae091e6d342dc802fe77be54e2ed650dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerAmazon
Subject*.cloudfront.net
FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52
ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 346x198, components 3\012- data
Hash 0255c693e8008d7a338f65ba57ce9229
a13ccea76ce66c54e6ce2e8e11ae577867c8564f
8ed54c9af21631938ebeb188bdb6ec377c2ebf21655c54e342e4fc47efa4d785
GET /hotelliveeb/images/general/1/tr6nnHRJnwBbHsX18wBg.jpg HTTP/1.1
Host: dskwugy0u6y9l.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/jpeg
content-length: 64435
date: Mon, 27 Nov 2023 15:27:33 GMT
last-modified: Wed, 22 Nov 2023 14:01:42 GMT
etag: "0255c693e8008d7a338f65ba57ce9229"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 8e6dce34fd223e0c9d89fd938d1784a2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: vu6mLAz-02ZeF3bOfzx5det-OXrpqnoOGv_QToie4miPIs5kUvfSjA==
age: 10117
X-Firefox-Spdy: h2
dskwugy0u6y9l.cloudfront.net/hotelliveeb/images/general/1/uKEQ3VnYU3XSxSyNM64d.jpg
143.204.42.89200 OK 73 kB URL GET HTTP/2 dskwugy0u6y9l.cloudfront.net/hotelliveeb/images/general/1/uKEQ3VnYU3XSxSyNM64d.jpg
IP 143.204.42.89:443
Requested by https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF9i_d2MV3on0MFYHHd0rcYuqHAC_YC1JRmBTat06R_HXpXcUmogldMAdEkfXBZCW717a3wwbO8pFw2NXNase_UFTxtGk_I3VOec8RFvjk0eEBEjn-4EZYjQiWXc2EShN_X_8W3RBqckKxGqpHmCRL2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-36qxw8Ul2_rwVcuvzsLUipOtuW_QN7J6fUO08VJfhiOKqJKd716KUrG_T0DJ_T5D_a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF9i_d2MV3on0MFYHHd0rcYuqHAC_YC1JRmBTat06R_HXpXcUmogldMAdEkfXBZCW717a3wwbO8pFw2NXNase_UFTxtGk_I3VOec8RFvjk0eEBEjn-4EZYjQiWXc2EShN_X_8W3RBqckKxGqpHmCRL2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-36qxw8Ul2_rwVcuvzsLUipOtuW_QN7J6fUO08VJfhiOKqJKd716KUrG_T0DJ_T5D_a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=550ae091e6d342dc802fe77be54e2ed650dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerAmazon
Subject*.cloudfront.net
FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52
ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 346x198, components 3\012- data
Hash bf36e0bf265a935a340671b4d66f2e01
71eacdd355861fa4500b9961d4fcd24b81aa87e4
8e6b881322ec75b0070fe04c905f40284ddc3806fdb6253cce210d544c8a0c19
GET /hotelliveeb/images/general/1/uKEQ3VnYU3XSxSyNM64d.jpg HTTP/1.1
Host: dskwugy0u6y9l.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
content-length: 72949
date: Mon, 27 Nov 2023 14:17:48 GMT
last-modified: Mon, 20 Dec 2021 05:01:42 GMT
etag: "bf36e0bf265a935a340671b4d66f2e01"
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 8e6dce34fd223e0c9d89fd938d1784a2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: BZbQz_Zd8-fmBir4D48BDIFeMrVkUAA_FmRUyRKq62dn2IGX-hbF8w==
age: 14309
X-Firefox-Spdy: h2
banner.hookusbookus.com/assets/image/svg/hb-logo.svg
3.125.21.104200 OK 15 kB URL GET HTTP/2 banner.hookusbookus.com/assets/image/svg/hb-logo.svg
IP 3.125.21.104:443
Requested by https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF9i_d2MV3on0MFYHHd0rcYuqHAC_YC1JRmBTat06R_HXpXcUmogldMAdEkfXBZCW717a3wwbO8pFw2NXNase_UFTxtGk_I3VOec8RFvjk0eEBEjn-4EZYjQiWXc2EShN_X_8W3RBqckKxGqpHmCRL2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-36qxw8Ul2_rwVcuvzsLUipOtuW_QN7J6fUO08VJfhiOKqJKd716KUrG_T0DJ_T5D_a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF9i_d2MV3on0MFYHHd0rcYuqHAC_YC1JRmBTat06R_HXpXcUmogldMAdEkfXBZCW717a3wwbO8pFw2NXNase_UFTxtGk_I3VOec8RFvjk0eEBEjn-4EZYjQiWXc2EShN_X_8W3RBqckKxGqpHmCRL2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-36qxw8Ul2_rwVcuvzsLUipOtuW_QN7J6fUO08VJfhiOKqJKd716KUrG_T0DJ_T5D_a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=550ae091e6d342dc802fe77be54e2ed650dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerAmazon
Subject*.hookusbookus.com
FingerprintCD:CD:3C:03:66:21:F8:A9:21:BC:F8:C8:3C:DC:88:0A:C5:19:F1:7A
ValiditySun, 07 May 2023 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (15333), with no line terminators
Hash bf6baf947f924bf8d67e947a025def06
9ac9fccb0351b41c1545714153ed5fa2c4bfef3a
64efdaebd020c39ec366f473c831cb51e8cd5d5b1afde13a9695d1f2dae4e60e
GET /assets/image/svg/hb-logo.svg HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/assets/css/index_1000x200.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 27 Nov 2023 18:16:04 GMT
content-type: image/svg+xml
server: nginx/1.15.12
last-modified: Mon, 05 Jul 2021 19:56:59 GMT
vary: Accept-Encoding
etag: W/"60e3640b-3be5"
content-encoding: gzip
X-Firefox-Spdy: h2
banner.hookusbookus.com/assets/image/prices-bg-3.png
3.125.21.104200 OK 2.4 kB URL GET HTTP/2 banner.hookusbookus.com/assets/image/prices-bg-3.png
IP 3.125.21.104:443
Requested by https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF9i_d2MV3on0MFYHHd0rcYuqHAC_YC1JRmBTat06R_HXpXcUmogldMAdEkfXBZCW717a3wwbO8pFw2NXNase_UFTxtGk_I3VOec8RFvjk0eEBEjn-4EZYjQiWXc2EShN_X_8W3RBqckKxGqpHmCRL2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-36qxw8Ul2_rwVcuvzsLUipOtuW_QN7J6fUO08VJfhiOKqJKd716KUrG_T0DJ_T5D_a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF9i_d2MV3on0MFYHHd0rcYuqHAC_YC1JRmBTat06R_HXpXcUmogldMAdEkfXBZCW717a3wwbO8pFw2NXNase_UFTxtGk_I3VOec8RFvjk0eEBEjn-4EZYjQiWXc2EShN_X_8W3RBqckKxGqpHmCRL2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-36qxw8Ul2_rwVcuvzsLUipOtuW_QN7J6fUO08VJfhiOKqJKd716KUrG_T0DJ_T5D_a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=550ae091e6d342dc802fe77be54e2ed650dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerAmazon
Subject*.hookusbookus.com
FingerprintCD:CD:3C:03:66:21:F8:A9:21:BC:F8:C8:3C:DC:88:0A:C5:19:F1:7A
ValiditySun, 07 May 2023 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT
File type PNG image data, 250 x 118, 8-bit/color RGBA, non-interlaced\012- data
Hash ef56eff9c1246b25c0088c156116ae05
21f5a8245443365c960a196d005277a3c5ef4709
be624625b85909d1b549672c0a13b167751f842e035c3156f1d5e4a1b677ce54
GET /assets/image/prices-bg-3.png HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/assets/css/index_1000x200.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 27 Nov 2023 18:16:04 GMT
content-type: image/png
content-length: 2442
server: nginx/1.15.12
last-modified: Thu, 22 Apr 2021 07:20:15 GMT
etag: "608123af-98a"
accept-ranges: bytes
X-Firefox-Spdy: h2
banner.hookusbookus.com/assets/js/jquery.min.js
3.125.21.104200 OK 90 kB URL GET HTTP/2 banner.hookusbookus.com/assets/js/jquery.min.js
IP 3.125.21.104:443
Requested by https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF9i_d2MV3on0MFYHHd0rcYuqHAC_YC1JRmBTat06R_HXpXcUmogldMAdEkfXBZCW717a3wwbO8pFw2NXNase_UFTxtGk_I3VOec8RFvjk0eEBEjn-4EZYjQiWXc2EShN_X_8W3RBqckKxGqpHmCRL2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-36qxw8Ul2_rwVcuvzsLUipOtuW_QN7J6fUO08VJfhiOKqJKd716KUrG_T0DJ_T5D_a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF9i_d2MV3on0MFYHHd0rcYuqHAC_YC1JRmBTat06R_HXpXcUmogldMAdEkfXBZCW717a3wwbO8pFw2NXNase_UFTxtGk_I3VOec8RFvjk0eEBEjn-4EZYjQiWXc2EShN_X_8W3RBqckKxGqpHmCRL2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-36qxw8Ul2_rwVcuvzsLUipOtuW_QN7J6fUO08VJfhiOKqJKd716KUrG_T0DJ_T5D_a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=550ae091e6d342dc802fe77be54e2ed650dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerAmazon
Subject*.hookusbookus.com
FingerprintCD:CD:3C:03:66:21:F8:A9:21:BC:F8:C8:3C:DC:88:0A:C5:19:F1:7A
ValiditySun, 07 May 2023 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT
File type ASCII text, with very long lines (65451)
Hash dc5e7f18c8d36ac1d3d4753a87c98d0a
c8e1c8b386dc5b7a9184c763c88d19a346eb3342
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
GET /assets/js/jquery.min.js HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF9i_d2MV3on0MFYHHd0rcYuqHAC_YC1JRmBTat06R_HXpXcUmogldMAdEkfXBZCW717a3wwbO8pFw2NXNase_UFTxtGk_I3VOec8RFvjk0eEBEjn-4EZYjQiWXc2EShN_X_8W3RBqckKxGqpHmCRL2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-36qxw8Ul2_rwVcuvzsLUipOtuW_QN7J6fUO08VJfhiOKqJKd716KUrG_T0DJ_T5D_a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF9i_d2MV3on0MFYHHd0rcYuqHAC_YC1JRmBTat06R_HXpXcUmogldMAdEkfXBZCW717a3wwbO8pFw2NXNase_UFTxtGk_I3VOec8RFvjk0eEBEjn-4EZYjQiWXc2EShN_X_8W3RBqckKxGqpHmCRL2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-36qxw8Ul2_rwVcuvzsLUipOtuW_QN7J6fUO08VJfhiOKqJKd716KUrG_T0DJ_T5D_a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=550ae091e6d342dc802fe77be54e2ed650dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 27 Nov 2023 18:16:03 GMT
content-type: application/javascript
server: nginx/1.15.12
last-modified: Thu, 22 Apr 2021 07:20:15 GMT
vary: Accept-Encoding
etag: W/"608123af-15d84"
content-encoding: gzip
X-Firefox-Spdy: h2
www.googletagmanager.com/a?v=3&t=l&pid=1008519288&rv=3b81&u=AAAAAAAAAAAAAIAAAAAAAAE&h=Ag>m=45je3b81v888781555&ccid=88781555&cid=G-LT9YQX0N49&l=G-LT9YQX0N49.L246.S63.B49.E662.I352.EC5.TC11.HTC0~gtm.init.S1.V0.E126.TS5ccdconversionmarking.TI3.TE1.TS5ccdemdownload.TI5.TE3.TS5ccdemoutboundclick.TI6.TE2.TS5ccdempageview.TI7.TE2.TS5ccdemscroll.TI8.TE1.TS5ccdemsitesearch.TI9.TE6.TS5ccdemvideo.TI10.TE1.TS5ccdgaregscope.TI11.TE3.TS5setproductsettings.TI12.TE1.TS5ogtgooglesignals.TI13.TE1~gtm.js.S0.V0.E96.TS5gct.TI1.TE0~gtm.scrollDepth.S1.V0.E70~gtm.load.S1.V1.E1~gtm.init_consent.S2.V1.E55~GA317.332
142.250.74.168200 OK 0 B URL GET HTTP/3 www.googletagmanager.com/a?v=3&t=l&pid=1008519288&rv=3b81&u=AAAAAAAAAAAAAIAAAAAAAAE&h=Ag>m=45je3b81v888781555&ccid=88781555&cid=G-LT9YQX0N49&l=G-LT9YQX0N49.L246.S63.B49.E662.I352.EC5.TC11.HTC0~gtm.init.S1.V0.E126.TS5ccdconversionmarking.TI3.TE1.TS5ccdemdownload.TI5.TE3.TS5ccdemoutboundclick.TI6.TE2.TS5ccdempageview.TI7.TE2.TS5ccdemscroll.TI8.TE1.TS5ccdemsitesearch.TI9.TE6.TS5ccdemvideo.TI10.TE1.TS5ccdgaregscope.TI11.TE3.TS5setproductsettings.TI12.TE1.TS5ogtgooglesignals.TI13.TE1~gtm.js.S0.V0.E96.TS5gct.TI1.TE0~gtm.scrollDepth.S1.V0.E70~gtm.load.S1.V1.E1~gtm.init_consent.S2.V1.E55~GA317.332
IP 142.250.74.168:443
Requested by https://www.upload.ee/files/15988886/FRA.exe.html
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /a?v=3&t=l&pid=1008519288&rv=3b81&u=AAAAAAAAAAAAAIAAAAAAAAE&h=Ag>m=45je3b81v888781555&ccid=88781555&cid=G-LT9YQX0N49&l=G-LT9YQX0N49.L246.S63.B49.E662.I352.EC5.TC11.HTC0~gtm.init.S1.V0.E126.TS5ccdconversionmarking.TI3.TE1.TS5ccdemdownload.TI5.TE3.TS5ccdemoutboundclick.TI6.TE2.TS5ccdempageview.TI7.TE2.TS5ccdemscroll.TI8.TE1.TS5ccdemsitesearch.TI9.TE6.TS5ccdemvideo.TI10.TE1.TS5ccdgaregscope.TI11.TE3.TS5setproductsettings.TI12.TE1.TS5ogtgooglesignals.TI13.TE1~gtm.js.S0.V0.E96.TS5gct.TI1.TE0~gtm.scrollDepth.S1.V0.E70~gtm.load.S1.V1.E1~gtm.init_consent.S2.V1.E55~GA317.332 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 27 Nov 2023 18:16:03 GMT
content-type: text/html
server: Google Tag Manager
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
static.bepolite.eu/files/close-gray.png
212.47.222.20200 OK 1.5 kB URL GET HTTP/2 static.bepolite.eu/files/close-gray.png
IP 212.47.222.20:443
ASN #3327 CITIC Telecom CPC Netherlands B.V.
Requested by https://www.upload.ee/files/15988886/FRA.exe.html
Certificate IssuerLet's Encrypt
Subjectstatic.bepolite.eu
Fingerprint8B:4D:B8:C8:25:20:C8:F7:6E:64:AD:6F:28:DF:17:96:B7:3E:67:B9
ValidityFri, 03 Nov 2023 22:07:14 GMT - Thu, 01 Feb 2024 22:07:13 GMT
File type PNG image data, 35 x 35, 8-bit/color RGBA, non-interlaced\012- data
Hash 41d9676ab94bece3f7a549b4769ddbe2
521f14490fc57fea51e2e5bf00e2299dce51561b
c2f89787bda82263fceb9ec11d398fa83a5f22abf248956df29bdee2987d2f34
GET /files/close-gray.png HTTP/1.1
Host: static.bepolite.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/png
accept-ranges: bytes
etag: "2525417386"
last-modified: Fri, 08 Apr 2022 18:07:56 GMT
content-length: 1497
date: Mon, 27 Nov 2023 18:15:45 GMT
cache-control: must-revalidate, private
expires: -1
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 169627275
age: 0
X-Firefox-Spdy: h2
onegoropsintold.com/popunder.gif
172.67.146.179200 OK 35 B URL GET HTTP/3 onegoropsintold.com/popunder.gif
IP 172.67.146.179:443
Requested by https://www.upload.ee/files/15988886/FRA.exe.html
Certificate IssuerGoogle Trust Services LLC
Subjectonegoropsintold.com
FingerprintE5:43:A2:F3:B5:80:39:62:E4:80:E1:9B:0C:63:6D:D2:C2:C1:D9:29
ValidityFri, 17 Nov 2023 18:19:14 GMT - Thu, 15 Feb 2024 18:19:13 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
GET /popunder.gif HTTP/1.1
Host: onegoropsintold.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 27 Nov 2023 18:16:03 GMT
content-type: image/gif
access-control-allow-origin: *
pragma: public
cache-control: public, max-age=604800, immutable
cf-cache-status: HIT
age: 3992
last-modified: Mon, 27 Nov 2023 17:09:31 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mMTr350mdhcMnz3fcpvF4ALlwl2YUjvq2jq%2FJ6tSOj3he0Rx%2BNPeM5l0O3FryQmPWP7UVI5lHs4rNtZoY4CuQMLAYjI3iZ3%2B%2BzYzJOAjuLrhENucerdb5qeSfW1trchwOqK74lVu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82cc5c2cafcbb4f1-OSL
alt-svc: h3=":443"; ma=86400
banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF9i_d2MV3on0MFYHHd0rcYuqHAC_YC1JRmBTat06R_HXpXcUmogldMAdEkfXBZCW717a3wwbO8pFw2NXNase_UFTxtGk_I3VOec8RFvjk0eEBEjn-4EZYjQiWXc2EShN_X_8W3RBqckKxGqpHmCRL2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-36qxw8Ul2_rwVcuvzsLUipOtuW_QN7J6fUO08VJfhiOKqJKd716KUrG_T0DJ_T5D_a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF9i_d2MV3on0MFYHHd0rcYuqHAC_YC1JRmBTat06R_HXpXcUmogldMAdEkfXBZCW717a3wwbO8pFw2NXNase_UFTxtGk_I3VOec8RFvjk0eEBEjn-4EZYjQiWXc2EShN_X_8W3RBqckKxGqpHmCRL2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-36qxw8Ul2_rwVcuvzsLUipOtuW_QN7J6fUO08VJfhiOKqJKd716KUrG_T0DJ_T5D_a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=550ae091e6d342dc802fe77be54e2ed650dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
3.125.21.104200 OK 6.0 kB URL GET HTTP/2 banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF9i_d2MV3on0MFYHHd0rcYuqHAC_YC1JRmBTat06R_HXpXcUmogldMAdEkfXBZCW717a3wwbO8pFw2NXNase_UFTxtGk_I3VOec8RFvjk0eEBEjn-4EZYjQiWXc2EShN_X_8W3RBqckKxGqpHmCRL2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-36qxw8Ul2_rwVcuvzsLUipOtuW_QN7J6fUO08VJfhiOKqJKd716KUrG_T0DJ_T5D_a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF9i_d2MV3on0MFYHHd0rcYuqHAC_YC1JRmBTat06R_HXpXcUmogldMAdEkfXBZCW717a3wwbO8pFw2NXNase_UFTxtGk_I3VOec8RFvjk0eEBEjn-4EZYjQiWXc2EShN_X_8W3RBqckKxGqpHmCRL2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-36qxw8Ul2_rwVcuvzsLUipOtuW_QN7J6fUO08VJfhiOKqJKd716KUrG_T0DJ_T5D_a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=550ae091e6d342dc802fe77be54e2ed650dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
IP 3.125.21.104:443
Requested by https://www.upload.ee/files/15988886/FRA.exe.html
Certificate IssuerAmazon
Subject*.hookusbookus.com
FingerprintCD:CD:3C:03:66:21:F8:A9:21:BC:F8:C8:3C:DC:88:0A:C5:19:F1:7A
ValiditySun, 07 May 2023 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (6210), with no line terminators
Hash b2c258a8d77db021c8f33f8e84dba71b
c453e30dac638f4e1b897309fe32db795d540f80
2d1065201a188a85c1a7d0a3ee130f5a8dc4e60db8fe221fb2081e77222e5a9f
GET /index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF9i_d2MV3on0MFYHHd0rcYuqHAC_YC1JRmBTat06R_HXpXcUmogldMAdEkfXBZCW717a3wwbO8pFw2NXNase_UFTxtGk_I3VOec8RFvjk0eEBEjn-4EZYjQiWXc2EShN_X_8W3RBqckKxGqpHmCRL2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-36qxw8Ul2_rwVcuvzsLUipOtuW_QN7J6fUO08VJfhiOKqJKd716KUrG_T0DJ_T5D_a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF9i_d2MV3on0MFYHHd0rcYuqHAC_YC1JRmBTat06R_HXpXcUmogldMAdEkfXBZCW717a3wwbO8pFw2NXNase_UFTxtGk_I3VOec8RFvjk0eEBEjn-4EZYjQiWXc2EShN_X_8W3RBqckKxGqpHmCRL2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-36qxw8Ul2_rwVcuvzsLUipOtuW_QN7J6fUO08VJfhiOKqJKd716KUrG_T0DJ_T5D_a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=550ae091e6d342dc802fe77be54e2ed650dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 27 Nov 2023 18:16:03 GMT
content-type: text/html
server: nginx/1.15.12
last-modified: Tue, 24 Jan 2023 14:19:47 GMT
vary: Accept-Encoding
etag: W/"63cfe903-1781"
content-encoding: gzip
X-Firefox-Spdy: h2
serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF9i_d2MV3on0MFYHHd0rcYuqHAC_YC1JRmBTat06R_HXpXcUmogldMAdEkfXBZCW717a3wwbO8pFw2NXNase_UFTxtGk_I3VOec8RFvjk0eEBEjn-4EZYjQiWXc2EShN_X_8W3RBqckKxGqpHmCRL2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-36qxw8Ul2_rwVcuvzsLUipOtuW_QN7J6fUO08VJfhiOKqJKd716KUrG_T0DJ_T5D_a5hY8OvOxWaQQS9P0iYfnPQFkqynusZJvi-LzBjp4mA
212.47.222.20200 OK 0 B URL GET HTTP/2 serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF9i_d2MV3on0MFYHHd0rcYuqHAC_YC1JRmBTat06R_HXpXcUmogldMAdEkfXBZCW717a3wwbO8pFw2NXNase_UFTxtGk_I3VOec8RFvjk0eEBEjn-4EZYjQiWXc2EShN_X_8W3RBqckKxGqpHmCRL2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-36qxw8Ul2_rwVcuvzsLUipOtuW_QN7J6fUO08VJfhiOKqJKd716KUrG_T0DJ_T5D_a5hY8OvOxWaQQS9P0iYfnPQFkqynusZJvi-LzBjp4mA
IP 212.47.222.20:443
ASN #3327 CITIC Telecom CPC Netherlands B.V.
Requested by https://www.upload.ee/files/15988886/FRA.exe.html
Certificate IssuerLet's Encrypt
Subjectstatic.bepolite.eu
Fingerprint8B:4D:B8:C8:25:20:C8:F7:6E:64:AD:6F:28:DF:17:96:B7:3E:67:B9
ValidityFri, 03 Nov 2023 22:07:14 GMT - Thu, 01 Feb 2024 22:07:13 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /event?key=FYFWuDany3hwv6rfuoAYF9i_d2MV3on0MFYHHd0rcYuqHAC_YC1JRmBTat06R_HXpXcUmogldMAdEkfXBZCW717a3wwbO8pFw2NXNase_UFTxtGk_I3VOec8RFvjk0eEBEjn-4EZYjQiWXc2EShN_X_8W3RBqckKxGqpHmCRL2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-36qxw8Ul2_rwVcuvzsLUipOtuW_QN7J6fUO08VJfhiOKqJKd716KUrG_T0DJ_T5D_a5hY8OvOxWaQQS9P0iYfnPQFkqynusZJvi-LzBjp4mA HTTP/1.1
Host: serving.bepolite.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Cookie: bepolite_id=1d1c294ea76d287584b493d07361b6af
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-length: 0
date: Mon, 27 Nov 2023 18:15:46 GMT
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 169914855
age: 0
accept-ranges: bytes
X-Firefox-Spdy: h2
pogothere.xyz/
172.64.166.32200 OK 27 B IP 172.64.166.32:443
Requested by https://www.upload.ee/files/15988886/FRA.exe.html
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint17:F9:2D:6F:B5:5E:5F:37:A6:FB:BE:61:4F:97:64:33:85:5C:3A:FB
ValidityTue, 28 Feb 2023 00:00:00 GMT - Tue, 27 Feb 2024 23:59:59 GMT
File type ASCII text, with no line terminators
Hash 1e126f8b7024f297cda313ff48135259
4f6060fc4b9c84d90d97e1473d9dc35539ec54a4
8cf3629c5ec7ff11df3158856fcc411f642cab0b066f7a85742b764116e03c2c
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
Origin: https://www.upload.ee
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 27 Nov 2023 18:16:02 GMT
content-type: text/plain
set-cookie: csu=1018629974305970@1@1701108962; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://www.upload.ee
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mX15saEowupO1yjcJt6BLcxf8A1Yc0Ha%2BixIYljqtQtnCqbJj4tC86ay1i%2F3VuJJRhYME%2Fce9PskfpxY18tiCtJg6288zDZqFo8MI1%2FxkJ5f4opVNUFsiGXMrzU91M0h"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82cc5c2a2c47369a-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/
172.64.166.32200 OK 27 B IP 172.64.166.32:443
Requested by https://www.upload.ee/files/15988886/FRA.exe.html
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint17:F9:2D:6F:B5:5E:5F:37:A6:FB:BE:61:4F:97:64:33:85:5C:3A:FB
ValidityTue, 28 Feb 2023 00:00:00 GMT - Tue, 27 Feb 2024 23:59:59 GMT
File type ASCII text, with no line terminators
Hash b224db7d1fd5c2ae3be03e71f2d33f00
820fb44f75ef158bcff20e8b3029689ef39a146f
5a3c95c6776e44366fc32a63c0beaa9da7739c88e5624a6f25e2f94c14215d95
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
Origin: https://www.upload.ee
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 27 Nov 2023 18:16:03 GMT
content-type: text/plain
set-cookie: csu=1934092879766855@1@1701108962; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://www.upload.ee
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p8hqiuGBfiqpogM5UUjQp5%2F1DBe1QH2yR%2F1z0crqPpFwCZLXsSbvI7OUTYfykzV%2F0hd6ET7GSpkxZnW4jjvgjihMTO4W5ZEVsutmo3mYackskfwPOGlwcFF1UljGe1Id"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82cc5c2a2c52369a-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
dskwugy0u6y9l.cloudfront.net/hotelliveeb/images/general/1/siAdbm36aJT4SbFwxrl2.jpg
143.204.42.89421 Misdirected Request 46 kB URL GET HTTP/2 dskwugy0u6y9l.cloudfront.net/hotelliveeb/images/general/1/siAdbm36aJT4SbFwxrl2.jpg
IP 143.204.42.89:443
Requested by https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF9i_d2MV3on0MFYHHd0rcYuqHAC_YC1JRmBTat06R_HXpXcUmogldMAdEkfXBZCW717a3wwbO8pFw2NXNase_UFTxtGk_I3VOec8RFvjk0eEBEjn-4EZYjQiWXc2EShN_X_8W3RBqckKxGqpHmCRL2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-36qxw8Ul2_rwVcuvzsLUipOtuW_QN7J6fUO08VJfhiOKqJKd716KUrG_T0DJ_T5D_a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF9i_d2MV3on0MFYHHd0rcYuqHAC_YC1JRmBTat06R_HXpXcUmogldMAdEkfXBZCW717a3wwbO8pFw2NXNase_UFTxtGk_I3VOec8RFvjk0eEBEjn-4EZYjQiWXc2EShN_X_8W3RBqckKxGqpHmCRL2Hzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-36qxw8Ul2_rwVcuvzsLUipOtuW_QN7J6fUO08VJfhiOKqJKd716KUrG_T0DJ_T5D_a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=550ae091e6d342dc802fe77be54e2ed650dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerAmazon
Subject*.cloudfront.net
FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52
ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 346x198, components 3\012- data
Hash 91451d1ec57ce1bc7c4c8ca7bddec42f
45745a127deca1d09ce6b76ad6fc61098a40d488
acbf223b98dddada08e0b403986fc5f7bfd8c360d6c63cd50cafc3fc5540979d
GET /hotelliveeb/images/general/1/siAdbm36aJT4SbFwxrl2.jpg HTTP/1.1
Host: dskwugy0u6y9l.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 421 Misdirected Request
server: CloudFront
date: Mon, 27 Nov 2023 18:16:04 GMT
content-type: text/html
content-length: 1003
x-cache: Error from cloudfront
via: 1.1 f46f7100ad6fc83a021f62212f945830.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: rd7JdRr-8uBCn9Nwy_7Z1d3vCAGGMDgCfAJY5ZEcGCcLX7Sn2IFZ2A==
X-Firefox-Spdy: h2