324 B URL upload.ee/download/15806824/3e00354f03e01db085e3/________________________________________________.pdf.exe
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 3167abdee8ca90a571ae52f000054c38
7cc15b6c5c25f4a13744335003245ceb801653e1
191b4a0cd017b71439e722ec2567b924361ac63cc94b67ddf9ea4f7eb97a5fb0
GET /download/15806824/3e00354f03e01db085e3/________________________________________________.pdf.exe HTTP/1.1
Host: upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 14 Oct 2023 12:45:04 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 324
Connection: keep-alive
Keep-Alive: timeout=5
Location: http://www.upload.ee/download/15806824/3e00354f03e01db085e3/________________________________________________.pdf.exe
0 B URL www.upload.ee/download/15806824/3e00354f03e01db085e3/________________________________________________.pdf.exe
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
NIDS Severity Alert suricata medium ET HUNTING SUSPICIOUS *.pdf.exe in HTTP URL
GET /download/15806824/3e00354f03e01db085e3/________________________________________________.pdf.exe HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Sat, 14 Oct 2023 12:45:04 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Keep-Alive: timeout=5
Strict-Transport-Security: max-age=31536000
X-XSS-Protection: 1
Location: https://www.upload.ee/download/15806824/3e00354f03e01db085e3/________________________________________________.pdf.exe
493 B URL www.upload.ee/download/15806824/3e00354f03e01db085e3/________________________________________________.pdf.exe
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (493), with no line terminators
Hash 0e48f440400150ce925233793ee8028d
ab7d99ea429d2295630dd33ed5ab825f00c41f85
f8c6e0d40d93a79b41a565e4723f9afc387dc0c33ac56c89900cdc890d37091e
NIDS Severity Alert suricata medium ET HUNTING SUSPICIOUS *.pdf.exe in HTTP URL
GET /download/15806824/3e00354f03e01db085e3/________________________________________________.pdf.exe HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Server: nginx
Date: Sat, 14 Oct 2023 12:45:04 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 493
Connection: keep-alive
Keep-Alive: timeout=5
Strict-Transport-Security: max-age=31536000
X-XSS-Protection: 1
P3P: CP="CAO PSA OUR"
493 B URL www.upload.ee/download/15806824/3e00354f03e01db085e3/________________________________________________.pdf.exe
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (493), with no line terminators
Hash 0e48f440400150ce925233793ee8028d
ab7d99ea429d2295630dd33ed5ab825f00c41f85
f8c6e0d40d93a79b41a565e4723f9afc387dc0c33ac56c89900cdc890d37091e
NIDS Severity Alert suricata medium ET HUNTING SUSPICIOUS *.pdf.exe in HTTP URL
GET /download/15806824/3e00354f03e01db085e3/________________________________________________.pdf.exe HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Server: nginx
Date: Sat, 14 Oct 2023 12:45:04 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 493
Connection: keep-alive
Keep-Alive: timeout=5
Strict-Transport-Security: max-age=31536000
X-XSS-Protection: 1
P3P: CP="CAO PSA OUR"
GET www.upload.ee/files/15806824/________________________________________________.pdf.exe.html?msg=sess_error
200 OK 9.0 kB URL User Request GET HTTP/1.1 www.upload.ee/files/15806824/________________________________________________.pdf.exe.html?msg=sess_error
IP
Certificate IssuerDigiCert, Inc.
Subjectwww.upload.ee
Fingerprint50:32:93:34:C8:04:2F:84:49:77:0D:C4:DD:CA:79:C9:CB:3E:C0:F4
ValidityThu, 02 Mar 2023 00:00:00 GMT - Mon, 01 Apr 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4526)
Hash 0a7dde10d2a9f8cc3f3ed69fe6f5a455
2dddb2854936fe2e75cea0e5447685eab8dc7635
8940677b89e96360afcfd95bb483a4fbf25ad11ddbd78d1251692fba13a4d617
GET /files/15806824/________________________________________________.pdf.exe.html?msg=sess_error HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/download/15806824/3e00354f03e01db085e3/________________________________________________.pdf.exe
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 14 Oct 2023 12:45:05 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 8997
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Sat, 14 Oct 2023 15:45:05 +0300
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Strict-Transport-Security: max-age=31536000
X-XSS-Protection: 1
P3P: CP="CAO PSA OUR"
Set-Cookie: lng=eng; expires=Sat, 11-Nov-2023 12:45:05 GMT; path=/; domain=www.upload.ee; secure; httponly; SameSite=None
Content-Encoding: gzip
GET www.upload.ee/static/ubr__style.css
200 OK 2.9 kB URL GET HTTP/1.1 www.upload.ee/static/ubr__style.css
IP
Requested by https://www.upload.ee/files/15806824/________________________________________________.pdf.exe.html?msg=sess_error
Certificate IssuerDigiCert, Inc.
Subjectwww.upload.ee
Fingerprint50:32:93:34:C8:04:2F:84:49:77:0D:C4:DD:CA:79:C9:CB:3E:C0:F4
ValidityThu, 02 Mar 2023 00:00:00 GMT - Mon, 01 Apr 2024 23:59:59 GMT
File type ASCII text, with very long lines (591), with CRLF line terminators
Hash 3ba04e290212b44bcca8f10a60a4e879
a9b021c9019bdbb28250836039b2372a1b4d0f0f
f618b1c7be10c3203620d44c6f323be5b61ac10e67588d96cb69988b3173c7d2
GET /static/ubr__style.css HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/files/15806824/________________________________________________.pdf.exe.html?msg=sess_error
Cookie: lng=eng
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 14 Oct 2023 12:45:05 GMT
Content-Type: text/css
Last-Modified: Fri, 04 Oct 2013 10:02:27 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
ETag: W/"524e9233-25a0"
Expires: Sat, 21 Oct 2023 12:45:05 GMT
Cache-Control: max-age=604800
Vary: Accept-Encoding
Content-Encoding: gzip
471 B IP
Hash d5105c9f385f75ff22d1aa413ee100f1
21412d86e92c7afb22c777c607f688ad8e769061
2545d1da23fdcd3a8ebd00a316c06af7f6d74fbefcc6202bc768808a91cbc944
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 14 Oct 2023 12:45:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
GET www.upload.ee/js/js__file_upload.js
200 OK 27 kB URL GET HTTP/1.1 www.upload.ee/js/js__file_upload.js
IP
Requested by https://www.upload.ee/files/15806824/________________________________________________.pdf.exe.html?msg=sess_error
Certificate IssuerDigiCert, Inc.
Subjectwww.upload.ee
Fingerprint50:32:93:34:C8:04:2F:84:49:77:0D:C4:DD:CA:79:C9:CB:3E:C0:F4
ValidityThu, 02 Mar 2023 00:00:00 GMT - Mon, 01 Apr 2024 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (1853)
Hash 617f6d5a2744bc8c02e3d2c67544bd68
f57c068257c8bc85644d3be1e845c36506cd4625
62a3bb4d9d2b5a55b6d821a75d7b155fac47def3c241e4f1215d17e022f02658
GET /js/js__file_upload.js HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/files/15806824/________________________________________________.pdf.exe.html?msg=sess_error
Cookie: lng=eng
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 14 Oct 2023 12:45:05 GMT
Content-Type: application/javascript
Content-Length: 27351
Last-Modified: Thu, 07 May 2020 19:13:28 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "5eb45dd8-6ad7"
Expires: Sat, 21 Oct 2023 12:45:05 GMT
Cache-Control: max-age=604800
Vary: Accept-Encoding
Accept-Ranges: bytes
GET www.upload.ee/images/arrow.gif
200 OK 59 B URL GET HTTP/1.1 www.upload.ee/images/arrow.gif
IP
Requested by https://www.upload.ee/files/15806824/________________________________________________.pdf.exe.html?msg=sess_error
Certificate IssuerDigiCert, Inc.
Subjectwww.upload.ee
Fingerprint50:32:93:34:C8:04:2F:84:49:77:0D:C4:DD:CA:79:C9:CB:3E:C0:F4
ValidityThu, 02 Mar 2023 00:00:00 GMT - Mon, 01 Apr 2024 23:59:59 GMT
File type GIF image data, version 89a, 6 x 9\012- data
Hash 6675f814b94f13f91f1383707b250e36
31452650e8fce2095613a2010799bdb7548bdd51
061d01a0b85f948c6ec464870ecec4654c4bd2ff15cacda941bbbf16225ec411
GET /images/arrow.gif HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/files/15806824/________________________________________________.pdf.exe.html?msg=sess_error
Cookie: lng=eng
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 14 Oct 2023 12:45:05 GMT
Content-Type: image/gif
Content-Length: 59
Last-Modified: Sun, 14 Apr 2013 07:15:01 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "516a5775-3b"
Expires: Sat, 21 Oct 2023 12:45:05 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes
GET www.upload.ee/images/dl_.png
200 OK 1.9 kB URL GET HTTP/1.1 www.upload.ee/images/dl_.png
IP
Requested by https://www.upload.ee/files/15806824/________________________________________________.pdf.exe.html?msg=sess_error
Certificate IssuerDigiCert, Inc.
Subjectwww.upload.ee
Fingerprint50:32:93:34:C8:04:2F:84:49:77:0D:C4:DD:CA:79:C9:CB:3E:C0:F4
ValidityThu, 02 Mar 2023 00:00:00 GMT - Mon, 01 Apr 2024 23:59:59 GMT
File type PNG image data, 154 x 32, 8-bit colormap, non-interlaced\012- data
Hash f3e8f284a4e98cdb91b6abfc142d94a4
fa9e618c2f56bea752ddd7e45a372c5539dadda9
2f13919383f54ca21e5b87f5644df8a875b99815c821dcbbabea352d854c6882
GET /images/dl_.png HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/files/15806824/________________________________________________.pdf.exe.html?msg=sess_error
Cookie: lng=eng
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 14 Oct 2023 12:45:05 GMT
Content-Type: image/png
Content-Length: 1900
Last-Modified: Thu, 01 Dec 2016 09:37:27 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "583fef57-76c"
Expires: Sat, 21 Oct 2023 12:45:05 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes
GET www.googletagmanager.com/gtag/js?id=UA-6703115-1
200 OK 51 kB URL GET HTTP/2 www.googletagmanager.com/gtag/js?id=UA-6703115-1
IP
Requested by https://www.upload.ee/files/15806824/________________________________________________.pdf.exe.html?msg=sess_error
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint54:FD:04:1B:2E:C7:46:95:DD:15:A3:A0:3F:CE:7F:03:02:53:36:8F
ValidityMon, 18 Sep 2023 08:19:25 GMT - Mon, 11 Dec 2023 08:19:24 GMT
File type ASCII text, with very long lines (2213)
Hash 023ed83b6fb6226619f05b805018e589
e8a75f37029a265eaf7834355e11ed048d7e66a5
06732e5fd5730b83f6b339925836c185d0dfba15e4c957eceb127226cf4d1008
GET /gtag/js?id=UA-6703115-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 14 Oct 2023 12:45:05 GMT
expires: Sat, 14 Oct 2023 12:45:05 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 50838
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
GET du0pud0sdlmzf.cloudfront.net/?dupud=997369
200 OK 118 kB URL GET HTTP/2 du0pud0sdlmzf.cloudfront.net/?dupud=997369
IP
Requested by https://www.upload.ee/files/15806824/________________________________________________.pdf.exe.html?msg=sess_error
Certificate IssuerAmazon
Subject*.cloudfront.net
FingerprintBA:0F:CD:B3:EA:19:B2:9D:99:9B:51:2D:16:33:6B:D0:3F:31:A2:AB
ValidityThu, 08 Dec 2022 00:00:00 GMT - Thu, 07 Dec 2023 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (15948)
Size 118 kB (117753 bytes)
Hash 835c66a219b8db32c7745e18d1c7bc1d
8e37c73d337fb5c667e012eef654915731c82844
001ff158f01e354a46664a7177434056e1fe3960e40deaebcaf9e0591e760143
GET /?dupud=997369 HTTP/1.1
Host: du0pud0sdlmzf.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-length: 117753
date: Sat, 14 Oct 2023 12:45:05 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Hit from cloudfront
via: 1.1 dbfaae0db03f11cf713bbcbdb25be4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: rLt2N6lljgEdZAzwMA_8-Xx7mYpC54j7RFYnVpqi71sxhsBPRwJD6w==
X-Firefox-Spdy: h2
471 B IP
Hash d5105c9f385f75ff22d1aa413ee100f1
21412d86e92c7afb22c777c607f688ad8e769061
2545d1da23fdcd3a8ebd00a316c06af7f6d74fbefcc6202bc768808a91cbc944
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 14 Oct 2023 12:45:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
GET www.googletagmanager.com/gtag/js?id=G-LT9YQX0N49&l=dataLayer&cx=c
200 OK 85 kB URL GET HTTP/3 www.googletagmanager.com/gtag/js?id=G-LT9YQX0N49&l=dataLayer&cx=c
IP
Requested by https://www.upload.ee/files/15806824/________________________________________________.pdf.exe.html?msg=sess_error
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint54:FD:04:1B:2E:C7:46:95:DD:15:A3:A0:3F:CE:7F:03:02:53:36:8F
ValidityMon, 18 Sep 2023 08:19:25 GMT - Mon, 11 Dec 2023 08:19:24 GMT
File type ASCII text, with very long lines (3034)
Hash ef27c597ccaf33e722ffdcd513f17002
764aef01a880e0b06c77c2dfe1578ce7adf28bd7
b4d3659751f74592880d5de7ca9e24027e37af32df56748291bda52a60b8dd77
GET /gtag/js?id=G-LT9YQX0N49&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 14 Oct 2023 12:45:05 GMT
expires: Sat, 14 Oct 2023 12:45:05 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 85031
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET blicatedlitytl.info/NzJJN1gYDSpEZWIDD0ABTV4ubQ1TagpaAl5gD1QIbV8ffQ9AQW9DMVMPcA5vBARwESheVnQGfkRGKEMtRA94ETFZVCYKfkEPeBlrAxx6A3YHFDwKaRFGOVY/CgNvRyxDXnQGbg4Few9vAgJ/BmgD
204 No Content 0 B URL GET HTTP/2 blicatedlitytl.info/NzJJN1gYDSpEZWIDD0ABTV4ubQ1TagpaAl5gD1QIbV8ffQ9AQW9DMVMPcA5vBARwESheVnQGfkRGKEMtRA94ETFZVCYKfkEPeBlrAxx6A3YHFDwKaRFGOVY/CgNvRyxDXnQGbg4Few9vAgJ/BmgD
IP
Requested by https://www.upload.ee/files/15806824/________________________________________________.pdf.exe.html?msg=sess_error
Certificate IssuerGoogle Trust Services LLC
Subjectblicatedlitytl.info
FingerprintC4:A3:7B:D1:18:B2:B1:F5:7E:A8:42:31:5C:03:85:97:D4:91:7B:EE
ValidityThu, 12 Oct 2023 08:51:17 GMT - Wed, 10 Jan 2024 08:51:16 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /NzJJN1gYDSpEZWIDD0ABTV4ubQ1TagpaAl5gD1QIbV8ffQ9AQW9DMVMPcA5vBARwESheVnQGfkRGKEMtRA94ETFZVCYKfkEPeBlrAxx6A3YHFDwKaRFGOVY/CgNvRyxDXnQGbg4Few9vAgJ/BmgD HTTP/1.1
Host: blicatedlitytl.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
date: Sat, 14 Oct 2023 12:45:05 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uodk0yIbIb8GC7lRD6fj51g4yuk%2F1F8V0tedOYzQMVJIdCYPtvXJGy8TWXYnORGj%2BRf10ByszlcVkEaAqBpsOhQ1E4OMQNVgucrzwjSyRu%2F%2Bvg6vzIFmAMLbui6HhbcByOlM4Y6z"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 815feadd58c05689-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET blicatedlitytl.info/aG9lRU1HUAY2cA06AXEoPCUkJn0cIyR1eBE7MAALPCczDh45LkMxJAxSXHx6XF9dYz0BC1h0dU4cESQ5HRxYdGsBAQMqcE4ZWHRjWEFXa3lOGlh0axwfBCJwWUkVMTkEUlRzdF9dXXJ4WFlUdn8
204 No Content 0 B URL GET HTTP/2 blicatedlitytl.info/aG9lRU1HUAY2cA06AXEoPCUkJn0cIyR1eBE7MAALPCczDh45LkMxJAxSXHx6XF9dYz0BC1h0dU4cESQ5HRxYdGsBAQMqcE4ZWHRjWEFXa3lOGlh0axwfBCJwWUkVMTkEUlRzdF9dXXJ4WFlUdn8
IP
Requested by https://www.upload.ee/files/15806824/________________________________________________.pdf.exe.html?msg=sess_error
Certificate IssuerGoogle Trust Services LLC
Subjectblicatedlitytl.info
FingerprintC4:A3:7B:D1:18:B2:B1:F5:7E:A8:42:31:5C:03:85:97:D4:91:7B:EE
ValidityThu, 12 Oct 2023 08:51:17 GMT - Wed, 10 Jan 2024 08:51:16 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /aG9lRU1HUAY2cA06AXEoPCUkJn0cIyR1eBE7MAALPCczDh45LkMxJAxSXHx6XF9dYz0BC1h0dU4cESQ5HRxYdGsBAQMqcE4ZWHRjWEFXa3lOGlh0axwfBCJwWUkVMTkEUlRzdF9dXXJ4WFlUdn8 HTTP/1.1
Host: blicatedlitytl.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
date: Sat, 14 Oct 2023 12:45:05 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9UzKwe4pU9g1aHNUTnukkmuu%2BHOdUTMrQ5uBDRj%2FlGQwWM4ANg0rxvjw4Iu4CwneVI%2B8WLQs9L7sQqroxkUfEJFOJiu77PoV0WFwdwaJVKI4eKyfPBAUH5UUa%2BEdGdZs4JM3RzPW"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 815feadd68c95689-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET forgotingolstono.com/cjI0aGsTUFcFVBMPVk4eAF4JTVk0FwYuDwcCRB0PQkFQBAYIVBoLBx1HUA4ZHVxARgUXRhFaLTZmciERP15lHjskA2EJERUFYh9SBlZjPSowdQUZJDdwUCcBCkRVWDpAe2cMWhRjYScPN1Z9JSM0W3I+X0N7Xj0kNHZxASYjBnALAkIAYTlSFVNdMi8qZg0QJEJCdjgSJ1lmWCocflo6LCcAXwA7J15WJygzSHIPKiFXbB8vNABuUA4ZQXAyPB5aVzoPH1RwXQoqcXFYDwV3dyQjIFlWKTkVU2MuEzQAblAiN2dsMhxDWHUfH0RUfBs8M3VlGiVDH3YyJEBeUww6MFlSPyI2cwY6UhZFcSsmG2dTPgcjBXogCDBWcz5SK0oEKwgYXkIpDFRYRwcFAg9sHgkfR3InOjA
200 OK 1.2 kB URL GET HTTP/2 forgotingolstono.com/cjI0aGsTUFcFVBMPVk4eAF4JTVk0FwYuDwcCRB0PQkFQBAYIVBoLBx1HUA4ZHVxARgUXRhFaLTZmciERP15lHjskA2EJERUFYh9SBlZjPSowdQUZJDdwUCcBCkRVWDpAe2cMWhRjYScPN1Z9JSM0W3I+X0N7Xj0kNHZxASYjBnALAkIAYTlSFVNdMi8qZg0QJEJCdjgSJ1lmWCocflo6LCcAXwA7J15WJygzSHIPKiFXbB8vNABuUA4ZQXAyPB5aVzoPH1RwXQoqcXFYDwV3dyQjIFlWKTkVU2MuEzQAblAiN2dsMhxDWHUfH0RUfBs8M3VlGiVDH3YyJEBeUww6MFlSPyI2cwY6UhZFcSsmG2dTPgcjBXogCDBWcz5SK0oEKwgYXkIpDFRYRwcFAg9sHgkfR3InOjA
IP
Requested by https://www.upload.ee/files/15806824/________________________________________________.pdf.exe.html?msg=sess_error
Certificate IssuerAmazon
Subjectforgotingolstono.com
Fingerprint7C:16:DA:EA:ED:10:BC:84:3B:B8:08:EE:1E:92:2A:DE:2F:F7:70:02
ValidityWed, 04 Oct 2023 00:00:00 GMT - Sat, 02 Nov 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3013), with no line terminators
Hash 90d864146b03d868855dd1ff08859612
c2f0310f61e2ccd2689353712bcf6eb2871c83d8
bc552291792436b8818d9569c778e11c106307c3ba4313171ba39f0d81b94a91
GET /cjI0aGsTUFcFVBMPVk4eAF4JTVk0FwYuDwcCRB0PQkFQBAYIVBoLBx1HUA4ZHVxARgUXRhFaLTZmciERP15lHjskA2EJERUFYh9SBlZjPSowdQUZJDdwUCcBCkRVWDpAe2cMWhRjYScPN1Z9JSM0W3I+X0N7Xj0kNHZxASYjBnALAkIAYTlSFVNdMi8qZg0QJEJCdjgSJ1lmWCocflo6LCcAXwA7J15WJygzSHIPKiFXbB8vNABuUA4ZQXAyPB5aVzoPH1RwXQoqcXFYDwV3dyQjIFlWKTkVU2MuEzQAblAiN2dsMhxDWHUfH0RUfBs8M3VlGiVDH3YyJEBeUww6MFlSPyI2cwY6UhZFcSsmG2dTPgcjBXogCDBWcz5SK0oEKwgYXkIpDFRYRwcFAg9sHgkfR3InOjA HTTP/1.1
Host: forgotingolstono.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/html
content-length: 1168
date: Sat, 14 Oct 2023 12:45:05 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 2f7792bdc67f7953e2dce93aea1bb9ee.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: N5Tlmu-O9DKbgIkoaFPc9HtQrLhLufffRXI7jr7PthRWvZ49eR4RtQ==
X-Firefox-Spdy: h2
GET blicatedlitytl.info/dlVhMHFZagJDTCQAWGkmMjEZVTYGJCNoI0E0DEczEmZYQhM3FEdEGBJoWAlGQmRVFgEfMVwBVwUhAEQEBWhQFhgYMw4NVwBoUB5CQntSBF9GcxQNQFAhEVEWS2RHQAUCOVwBR09iUwhGQ2VXAURF
204 No Content 0 B URL GET HTTP/2 blicatedlitytl.info/dlVhMHFZagJDTCQAWGkmMjEZVTYGJCNoI0E0DEczEmZYQhM3FEdEGBJoWAlGQmRVFgEfMVwBVwUhAEQEBWhQFhgYMw4NVwBoUB5CQntSBF9GcxQNQFAhEVEWS2RHQAUCOVwBR09iUwhGQ2VXAURF
IP
Requested by https://www.upload.ee/files/15806824/________________________________________________.pdf.exe.html?msg=sess_error
Certificate IssuerGoogle Trust Services LLC
Subjectblicatedlitytl.info
FingerprintC4:A3:7B:D1:18:B2:B1:F5:7E:A8:42:31:5C:03:85:97:D4:91:7B:EE
ValidityThu, 12 Oct 2023 08:51:17 GMT - Wed, 10 Jan 2024 08:51:16 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /dlVhMHFZagJDTCQAWGkmMjEZVTYGJCNoI0E0DEczEmZYQhM3FEdEGBJoWAlGQmRVFgEfMVwBVwUhAEQEBWhQFhgYMw4NVwBoUB5CQntSBF9GcxQNQFAhEVEWS2RHQAUCOVwBR09iUwhGQ2VXAURF HTTP/1.1
Host: blicatedlitytl.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
date: Sat, 14 Oct 2023 12:45:05 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Mcw8UnP1nAvOrBSx6zX0fb0rXWw4MEKpzpk6%2FxmP3nwi2E%2FVz%2BzSxSiI8EbTOXc4jViKNW6fjjaMb0hm29FJRR7JRk6NlKEpNRXSCZhKKL1ahtAJWtkFpBGkPJH1BvXye5P8TUwt"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 815feadd98fc5689-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET forgotingolstono.com/SFFCQlYpMyEvaSlsIGQjOj1/Z2QOdHAEMj1hMjcyeCImLjsyN2whOickJiQkJz82bDgtJWdwECUECi4iGmEpOBAvHComPxkAARomPzAXdwwsP3NwEzBlLQgvChQIKm4wGQEDOwE4NioCJCEqEgUnNRcKMj4BACUSARkQcB4JHCkmEQ43BgEbOjMXcxoFKylnZA4ULgMjBRIPERQMFHsLMScBGxYhMAMDAzkFKykUFxsLMRs8cQgjGjp5AnNzIAUGBAsFAAAOJgM8NQk7F21jAAYUHjgncBcKBxoHARI6cwsyCSVzEWd4YBJxAAMdChhjKQcmJjQlKSsRB2U+Kwk8OwYRCgMYCCkuNSxiLioFHikrJ2QJNwAGAzsfKhsAET8xFQUOKXAYZAo3BQomfHcoMTkmIX8JDjAdGwkzKmB1dQ
200 OK 1.2 kB URL GET HTTP/2 forgotingolstono.com/SFFCQlYpMyEvaSlsIGQjOj1/Z2QOdHAEMj1hMjcyeCImLjsyN2whOickJiQkJz82bDgtJWdwECUECi4iGmEpOBAvHComPxkAARomPzAXdwwsP3NwEzBlLQgvChQIKm4wGQEDOwE4NioCJCEqEgUnNRcKMj4BACUSARkQcB4JHCkmEQ43BgEbOjMXcxoFKylnZA4ULgMjBRIPERQMFHsLMScBGxYhMAMDAzkFKykUFxsLMRs8cQgjGjp5AnNzIAUGBAsFAAAOJgM8NQk7F21jAAYUHjgncBcKBxoHARI6cwsyCSVzEWd4YBJxAAMdChhjKQcmJjQlKSsRB2U+Kwk8OwYRCgMYCCkuNSxiLioFHikrJ2QJNwAGAzsfKhsAET8xFQUOKXAYZAo3BQomfHcoMTkmIX8JDjAdGwkzKmB1dQ
IP
Requested by https://www.upload.ee/files/15806824/________________________________________________.pdf.exe.html?msg=sess_error
Certificate IssuerAmazon
Subjectforgotingolstono.com
Fingerprint7C:16:DA:EA:ED:10:BC:84:3B:B8:08:EE:1E:92:2A:DE:2F:F7:70:02
ValidityWed, 04 Oct 2023 00:00:00 GMT - Sat, 02 Nov 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3017), with no line terminators
Hash 2d0c2a940960b05ffe97171605ea4a50
8e26aab16193ad335353006784bafe61c2ff517f
06ed706acd5e8abea6abbd9f6bd1240a292d889b13cdb2d872625a8541e93034
GET /SFFCQlYpMyEvaSlsIGQjOj1/Z2QOdHAEMj1hMjcyeCImLjsyN2whOickJiQkJz82bDgtJWdwECUECi4iGmEpOBAvHComPxkAARomPzAXdwwsP3NwEzBlLQgvChQIKm4wGQEDOwE4NioCJCEqEgUnNRcKMj4BACUSARkQcB4JHCkmEQ43BgEbOjMXcxoFKylnZA4ULgMjBRIPERQMFHsLMScBGxYhMAMDAzkFKykUFxsLMRs8cQgjGjp5AnNzIAUGBAsFAAAOJgM8NQk7F21jAAYUHjgncBcKBxoHARI6cwsyCSVzEWd4YBJxAAMdChhjKQcmJjQlKSsRB2U+Kwk8OwYRCgMYCCkuNSxiLioFHikrJ2QJNwAGAzsfKhsAET8xFQUOKXAYZAo3BQomfHcoMTkmIX8JDjAdGwkzKmB1dQ HTTP/1.1
Host: forgotingolstono.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1170
date: Sat, 14 Oct 2023 12:45:05 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 2f7792bdc67f7953e2dce93aea1bb9ee.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: O-Vy7srqMq6-fWpwLf2DdaJmWPY02J6ELLDqnmCDlf4IYXCCYkX7Ew==
X-Firefox-Spdy: h2
GET forgotingolstono.com/R2tQa0MmCTMGfCZWMk02NQdtTnEBTmItJzJbIB4ndxg0By49DX4ILygeNA0xKAUkRS0iH3VZBSI9GBtyCVo3WAUVHwIxOgY/FTozLwkFWgEFWRISBgYxCSUqFSMYPHsKOzlaBQMBIygOPg9oDSoGKhU6MygIODIWED9pGxsFKQokcSsnBVoafyU7DwECOGBaET8DCSIpdzwXPRl+MToTAgA8OBMQAj42IgQRJwUqEiYIBQMFEBEVXQcwWwMKLhYoBDoGDzI7XhIFKSATEAI9FictASEeKhkoCQY5BQ8FYQYQLyEDJDl/PQUqFiIxOxsGBVk4BxAsRgE4Iio6MyMGElIdAxYJLj0EEBRbASwnKjkzKgI3G3YBMCgFIFYrHz86PHN+CAYiEQw
200 OK 1.2 kB URL GET HTTP/2 forgotingolstono.com/R2tQa0MmCTMGfCZWMk02NQdtTnEBTmItJzJbIB4ndxg0By49DX4ILygeNA0xKAUkRS0iH3VZBSI9GBtyCVo3WAUVHwIxOgY/FTozLwkFWgEFWRISBgYxCSUqFSMYPHsKOzlaBQMBIygOPg9oDSoGKhU6MygIODIWED9pGxsFKQokcSsnBVoafyU7DwECOGBaET8DCSIpdzwXPRl+MToTAgA8OBMQAj42IgQRJwUqEiYIBQMFEBEVXQcwWwMKLhYoBDoGDzI7XhIFKSATEAI9FictASEeKhkoCQY5BQ8FYQYQLyEDJDl/PQUqFiIxOxsGBVk4BxAsRgE4Iio6MyMGElIdAxYJLj0EEBRbASwnKjkzKgI3G3YBMCgFIFYrHz86PHN+CAYiEQw
IP
Requested by https://www.upload.ee/files/15806824/________________________________________________.pdf.exe.html?msg=sess_error
Certificate IssuerAmazon
Subjectforgotingolstono.com
Fingerprint7C:16:DA:EA:ED:10:BC:84:3B:B8:08:EE:1E:92:2A:DE:2F:F7:70:02
ValidityWed, 04 Oct 2023 00:00:00 GMT - Sat, 02 Nov 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2998), with no line terminators
Hash 53bde85d543e5c8943995fd02e4d865a
a0b11aca2c042bb49b2ca680199369526ded0aee
256b30cc3092381b7347f6063db389c72e8d454507fe0b2092aa8e103df6c2d3
GET /R2tQa0MmCTMGfCZWMk02NQdtTnEBTmItJzJbIB4ndxg0By49DX4ILygeNA0xKAUkRS0iH3VZBSI9GBtyCVo3WAUVHwIxOgY/FTozLwkFWgEFWRISBgYxCSUqFSMYPHsKOzlaBQMBIygOPg9oDSoGKhU6MygIODIWED9pGxsFKQokcSsnBVoafyU7DwECOGBaET8DCSIpdzwXPRl+MToTAgA8OBMQAj42IgQRJwUqEiYIBQMFEBEVXQcwWwMKLhYoBDoGDzI7XhIFKSATEAI9FictASEeKhkoCQY5BQ8FYQYQLyEDJDl/PQUqFiIxOxsGBVk4BxAsRgE4Iio6MyMGElIdAxYJLj0EEBRbASwnKjkzKgI3G3YBMCgFIFYrHz86PHN+CAYiEQw HTTP/1.1
Host: forgotingolstono.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1155
date: Sat, 14 Oct 2023 12:45:05 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 2f7792bdc67f7953e2dce93aea1bb9ee.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: kgb9nc1MkVtClwc6TV_CdzMhl7_Z1cpnhAS1xWLr6cIiyGBJmDzqHg==
X-Firefox-Spdy: h2
GET www.upload.ee/favicon.ico
200 OK 1.2 kB URL GET HTTP/1.1 www.upload.ee/favicon.ico
IP
Requested by https://www.upload.ee/files/15806824/________________________________________________.pdf.exe.html?msg=sess_error
Certificate IssuerDigiCert, Inc.
Subjectwww.upload.ee
Fingerprint50:32:93:34:C8:04:2F:84:49:77:0D:C4:DD:CA:79:C9:CB:3E:C0:F4
ValidityThu, 02 Mar 2023 00:00:00 GMT - Mon, 01 Apr 2024 23:59:59 GMT
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash f299cf2e651c19e48d27900ced493ccb
c2d1086d517d7a26292e0d7b32da7c55b166c23b
115c8eb4840245f7aed0cb2a17fa7e91b86f79bb2f223a25af8cc533e1dedff1
GET /favicon.ico HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/files/15806824/________________________________________________.pdf.exe.html?msg=sess_error
Cookie: lng=eng; _ga_LT9YQX0N49=GS1.1.1697287506.1.0.1697287506.0.0.0; _ga=GA1.1.1077689330.1697287506
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 14 Oct 2023 12:45:05 GMT
Content-Type: image/x-icon
Content-Length: 1150
Last-Modified: Tue, 16 Dec 2008 17:17:25 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "4947e2a5-47e"
Expires: Sat, 21 Oct 2023 12:45:05 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes
472 B IP
Hash d8e27c7b4a1060947a263e7c75e5523a
8ea1015eb1f1ca8c7e0632aeafa90eb13eac85db
1d16478e5b9c722c6b162abba263fcaf3c94c9595d3fe5b70abf943515f44af5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 14 Oct 2023 12:45:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
472 B IP
Hash d8e27c7b4a1060947a263e7c75e5523a
8ea1015eb1f1ca8c7e0632aeafa90eb13eac85db
1d16478e5b9c722c6b162abba263fcaf3c94c9595d3fe5b70abf943515f44af5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 14 Oct 2023 12:45:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
GET forgotingolstono.com/utx?cb=jaYtGh5zZaJa&top=www.upload.ee&tid=997369
204 No Content 0 B URL GET HTTP/2 forgotingolstono.com/utx?cb=jaYtGh5zZaJa&top=www.upload.ee&tid=997369
IP
Requested by https://www.upload.ee/files/15806824/________________________________________________.pdf.exe.html?msg=sess_error
Certificate IssuerAmazon
Subjectforgotingolstono.com
Fingerprint7C:16:DA:EA:ED:10:BC:84:3B:B8:08:EE:1E:92:2A:DE:2F:F7:70:02
ValidityWed, 04 Oct 2023 00:00:00 GMT - Sat, 02 Nov 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=jaYtGh5zZaJa&top=www.upload.ee&tid=997369 HTTP/1.1
Host: forgotingolstono.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.upload.ee
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
date: Sat, 14 Oct 2023 12:45:05 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://www.upload.ee
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sat, 14 Oct 2023 12:46:05 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 2f7792bdc67f7953e2dce93aea1bb9ee.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: pNYlp9g893bB7k69_TlXBWQJz93VhE7G77_yheQeHzYIzOj2cb9QUw==
X-Firefox-Spdy: h2
GET forgotingolstono.com/utx?cb=QYaHRduxN7FZ&top=www.upload.ee&tid=997414
204 No Content 0 B URL GET HTTP/2 forgotingolstono.com/utx?cb=QYaHRduxN7FZ&top=www.upload.ee&tid=997414
IP
Requested by https://www.upload.ee/files/15806824/________________________________________________.pdf.exe.html?msg=sess_error
Certificate IssuerAmazon
Subjectforgotingolstono.com
Fingerprint7C:16:DA:EA:ED:10:BC:84:3B:B8:08:EE:1E:92:2A:DE:2F:F7:70:02
ValidityWed, 04 Oct 2023 00:00:00 GMT - Sat, 02 Nov 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=QYaHRduxN7FZ&top=www.upload.ee&tid=997414 HTTP/1.1
Host: forgotingolstono.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.upload.ee
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
date: Sat, 14 Oct 2023 12:45:05 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://www.upload.ee
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sat, 14 Oct 2023 12:46:05 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 2f7792bdc67f7953e2dce93aea1bb9ee.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: pOMF8vV70mCnPIf60_mzHMXnv9PlOnanB_SzvtIP7NRb_X57_lB4Yg==
X-Firefox-Spdy: h2
GET accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
302 Found 0 B URL GET HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP
Requested by https://www.upload.ee/files/15806824/________________________________________________.pdf.exe.html?msg=sess_error
Certificate IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
Fingerprint4A:5A:3C:9D:EC:4D:02:20:DE:B6:76:11:1C:40:B5:78:E9:AA:A6:0D
ValidityMon, 18 Sep 2023 08:25:15 GMT - Mon, 11 Dec 2023 08:25:14 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:fzYFWmSbR3MTYhZdf-Inyjb6K09xkQ:4jSMugoaAFbLg7SP; Expires=Mon, 13-Oct-2025 12:45:06 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 14 Oct 2023 12:45:06 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AVQVeyy5q02F8XRV9t2nRJPugmj1345P3_TO359JloHjxcEhcmj8kvna_uKdpsWUi3J9_NHMgi24
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy: unsafe-none
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'nonce-avditLSepPDaPnSt4iV3HA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
GET accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
302 Found 0 B URL GET HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP
Requested by https://www.upload.ee/files/15806824/________________________________________________.pdf.exe.html?msg=sess_error
Certificate IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
Fingerprint4A:5A:3C:9D:EC:4D:02:20:DE:B6:76:11:1C:40:B5:78:E9:AA:A6:0D
ValidityMon, 18 Sep 2023 08:25:15 GMT - Mon, 11 Dec 2023 08:25:14 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:I3aHdCEJpTZX69gBRJREcil5kPjn0Q:R8m9SMJCkWnsKtYS; Expires=Mon, 13-Oct-2025 12:45:06 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 14 Oct 2023 12:45:06 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AVQVeyy1iSS-8SsPL0cUhMPzsG2iHaghp6jJNHP1OIJCezaaIieAv4CVfm6JNp0P3yH1T_PGUBn1
strict-transport-security: max-age=31536000; includeSubDomains
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: unsafe-none
content-security-policy: script-src 'nonce-MuzfxCch9_qclXLGUiqkrA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport
cross-origin-resource-policy: cross-origin
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
607 B URL du0pud0sdlmzf.cloudfront.net/DTFIzMlQvPV1Uazg7Vw9tdWUABG1qOEBdOjxva0Q2ISd1fQUOdEdIMHFiFV41IjUOFDEiMQ4Dci02UQ9gaiZDXT9xO0pBPyUkR0AnLnRGU2khPUlbOCAzFgASeXwDF2Z8eksDZWlhcRdmfD5aXCE0dwECLHRkbARgaWFxF2Z8IEUXZw1jAwt6fHsWAGQrN1-BZO2lgdQBkfWIDA2R9dwECMiUgVlQ7NHcBdGV9Yx0CcjlvAg
IP
Certificate IssuerAmazon
Subject*.cloudfront.net
FingerprintBA:0F:CD:B3:EA:19:B2:9D:99:9B:51:2D:16:33:6B:D0:3F:31:A2:AB
ValidityThu, 08 Dec 2022 00:00:00 GMT - Thu, 07 Dec 2023 23:59:59 GMT
File type ASCII text, with very long lines (865), with no line terminators
Hash 535eac842ce1367c744b6ed6eb62a627
f8309051dfc2395d1761fb67e862b52b32a7396c
9afc5ca3a225276154b37e7908387731186a238003b7cfa8c0d9da013de3319c
GET /DTFIzMlQvPV1Uazg7Vw9tdWUABG1qOEBdOjxva0Q2ISd1fQUOdEdIMHFiFV41IjUOFDEiMQ4Dci02UQ9gaiZDXT9xO0pBPyUkR0AnLnRGU2khPUlbOCAzFgASeXwDF2Z8eksDZWlhcRdmfD5aXCE0dwECLHRkbARgaWFxF2Z8IEUXZw1jAwt6fHsWAGQrN1-BZO2lgdQBkfWIDA2R9dwECMiUgVlQ7NHcBdGV9Yx0CcjlvAg HTTP/1.1
Host: du0pud0sdlmzf.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://forgotingolstono.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 607
date: Sat, 14 Oct 2023 12:45:06 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 dbfaae0db03f11cf713bbcbdb25be4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: A4NwmWBwEJD-AgQ0JKF3BpVJfjXfY6SV2_NRLDsITjhizxlBq1ACYA==
X-Firefox-Spdy: h2
GET accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AVQVeyy5q02F8XRV9t2nRJPugmj1345P3_TO359JloHjxcEhcmj8kvna_uKdpsWUi3J9_NHMgi24
302 Found 402 B URL GET HTTP/2 accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AVQVeyy5q02F8XRV9t2nRJPugmj1345P3_TO359JloHjxcEhcmj8kvna_uKdpsWUi3J9_NHMgi24
IP
Requested by https://www.upload.ee/files/15806824/________________________________________________.pdf.exe.html?msg=sess_error
Certificate IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
Fingerprint4A:5A:3C:9D:EC:4D:02:20:DE:B6:76:11:1C:40:B5:78:E9:AA:A6:0D
ValidityMon, 18 Sep 2023 08:25:15 GMT - Mon, 11 Dec 2023 08:25:14 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (393)
Hash 68ac9fa6b926ba0998141cd78591efed
fd7c10b4c583f9bf3e730c6889abb8fb584fd706
47da1b000ed1c0e584aeee575015bd821b16a192cd3b412d7c7622402b880f29
GET /InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AVQVeyy5q02F8XRV9t2nRJPugmj1345P3_TO359JloHjxcEhcmj8kvna_uKdpsWUi3J9_NHMgi24 HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:ZSuFHrS6yKMJPPipaqx03CswhpK66Q:8S4e8KpLuCI4xJSe;Path=/;Expires=Mon, 13-Oct-2025 12:45:06 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 14 Oct 2023 12:45:06 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AVQVeyyjVcxSHfMtKIBIXodBhYI0La_JFI6OstKk9rKOZcBjnYRbrtqB3ky150goj7M8i5JlBXSc&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S2013448058%3A1697287506133814&theme=glif
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-b4SCxxHzJUJRGSUFp2-WhQ' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 402
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
GET accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AVQVeyy1iSS-8SsPL0cUhMPzsG2iHaghp6jJNHP1OIJCezaaIieAv4CVfm6JNp0P3yH1T_PGUBn1
302 Found 405 B URL GET HTTP/2 accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AVQVeyy1iSS-8SsPL0cUhMPzsG2iHaghp6jJNHP1OIJCezaaIieAv4CVfm6JNp0P3yH1T_PGUBn1
IP
Requested by https://www.upload.ee/files/15806824/________________________________________________.pdf.exe.html?msg=sess_error
Certificate IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
Fingerprint4A:5A:3C:9D:EC:4D:02:20:DE:B6:76:11:1C:40:B5:78:E9:AA:A6:0D
ValidityMon, 18 Sep 2023 08:25:15 GMT - Mon, 11 Dec 2023 08:25:14 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (397)
Hash 6289efc8af7c5bff3b8552578db9d2c6
0aedc20f6aaec4827943345e29bc0d825604d064
92680d167d50bc8eca0acf253b76bc8956489a7a8b7c3e3cda7961cc1e26c3ab
GET /InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AVQVeyy1iSS-8SsPL0cUhMPzsG2iHaghp6jJNHP1OIJCezaaIieAv4CVfm6JNp0P3yH1T_PGUBn1 HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:m9suuh-0LLJxpapvrTh-ajKwNkkQKA:wCdb4it7YCjUzk_z;Path=/;Expires=Mon, 13-Oct-2025 12:45:06 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 14 Oct 2023 12:45:06 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AVQVeyx6dnSLzTmEKZaXm0Jza2mJ3_pV0fmbdc0fDDOiGvtRPUzFV7zeSA30AaNwG63qB1De1UrB&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1980345350%3A1697287506141131&theme=glif
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-security-policy: script-src 'nonce-LH0KshytOoFrXaY_cQJa9g' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 405
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
574 B URL du0pud0sdlmzf.cloudfront.net/mUHltR0kzFgMhdiQQCXpwaU5Zdn12Ex4oJyBEJh8xHCAmIithTlphPSodUHdvPBgDIHR2HAMkdGFfDCMrbU1LMzk/ElAuMCMSBDE9IgoPYTwxRAAoMzkVASZsYj9YaXl1S11vMWFISHQLdUtdKyA+DBVie2ABVXEWZk1IdAt1S101P3VKLHZ5aVddbmxiSQ-oiKjsWSHUPYklcd3lhSVxie2AfBDUsNhYVYnsWSFx2Z2BfGHp4
IP
Certificate IssuerAmazon
Subject*.cloudfront.net
FingerprintBA:0F:CD:B3:EA:19:B2:9D:99:9B:51:2D:16:33:6B:D0:3F:31:A2:AB
ValidityThu, 08 Dec 2022 00:00:00 GMT - Thu, 07 Dec 2023 23:59:59 GMT
File type ASCII text, with very long lines (799), with no line terminators
Hash b245c0ce6daaf127efe51cb4b23f3829
bf74038af3644f409dccc4d58a10da3d4c77d181
e4706421e17e23f25bd9c408dbdcb07535e6f26b826b5ac2ef4e291e15dcf4ff
GET /mUHltR0kzFgMhdiQQCXpwaU5Zdn12Ex4oJyBEJh8xHCAmIithTlphPSodUHdvPBgDIHR2HAMkdGFfDCMrbU1LMzk/ElAuMCMSBDE9IgoPYTwxRAAoMzkVASZsYj9YaXl1S11vMWFISHQLdUtdKyA+DBVie2ABVXEWZk1IdAt1S101P3VKLHZ5aVddbmxiSQ-oiKjsWSHUPYklcd3lhSVxie2AfBDUsNhYVYnsWSFx2Z2BfGHp4 HTTP/1.1
Host: du0pud0sdlmzf.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://forgotingolstono.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 574
date: Sat, 14 Oct 2023 12:45:06 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 dbfaae0db03f11cf713bbcbdb25be4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: wnSmI0l3PHJfI--9HTncFIoWnSrSBSnOB9tIARt0_yKmtOgLGpv8rQ==
X-Firefox-Spdy: h2
191 B URL du0pud0sdlmzf.cloudfront.net/eVHp1N1g3FRtRZyATEQphbU1BB2ByEAZYNiRHHW8MPi1FDjsCMyd8fiAAEQpochYUWT9pXBBZO2lLU1Y8NkdBES01RxhYIj0WGVZ9ZjxAGWhxSEUfIGVLUAQacUhFWzE6Dw0SamQCTQEHYk5QBBpxSEVFLnFJNAZobVRFHn1mShJSOz8VUAUeZkpEB2hlSk-QSamQcHEU9MhUNEmoSS0QGdmRcAApp
IP
Certificate IssuerAmazon
Subject*.cloudfront.net
FingerprintBA:0F:CD:B3:EA:19:B2:9D:99:9B:51:2D:16:33:6B:D0:3F:31:A2:AB
ValidityThu, 08 Dec 2022 00:00:00 GMT - Thu, 07 Dec 2023 23:59:59 GMT
File type ASCII text, with no line terminators
Hash 933b0e3bdf79513fffbf7088a1c19843
6b501eba9c8cf38561e94aa4bde72936d6f4d927
4a0c931a9a7aaedde13a8b553af963d1313fb57cdf438afcf43ff702b4b5c4f4
GET /eVHp1N1g3FRtRZyATEQphbU1BB2ByEAZYNiRHHW8MPi1FDjsCMyd8fiAAEQpochYUWT9pXBBZO2lLU1Y8NkdBES01RxhYIj0WGVZ9ZjxAGWhxSEUfIGVLUAQacUhFWzE6Dw0SamQCTQEHYk5QBBpxSEVFLnFJNAZobVRFHn1mShJSOz8VUAUeZkpEB2hlSk-QSamQcHEU9MhUNEmoSS0QGdmRcAApp HTTP/1.1
Host: du0pud0sdlmzf.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://forgotingolstono.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 191
date: Sat, 14 Oct 2023 12:45:06 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 dbfaae0db03f11cf713bbcbdb25be4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: kbMZxwaturw5-2gvF_1-3gCUROZ6u278g64H3uesr03BnyBIh8qLTA==
X-Firefox-Spdy: h2
471 B IP
Hash a91da8e035e4b10b219053969ff4ab86
976b8deaf7501df2c923383087106a823e7a0859
008adc1696a4aa427606743795c5de301921946a3d2887c7a7817dcc6fc16ba5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 14 Oct 2023 12:45:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
GET blicatedlitytl.info/popunder.gif
200 OK 1.3 kB URL GET HTTP/3 blicatedlitytl.info/popunder.gif
IP
Requested by https://www.upload.ee/files/15806824/________________________________________________.pdf.exe.html?msg=sess_error
Certificate IssuerGoogle Trust Services LLC
Subjectblicatedlitytl.info
FingerprintC4:A3:7B:D1:18:B2:B1:F5:7E:A8:42:31:5C:03:85:97:D4:91:7B:EE
ValidityThu, 12 Oct 2023 08:51:17 GMT - Wed, 10 Jan 2024 08:51:16 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash ab49b5331a22d69b463850d9ee8d2b93
460c434e7bb150b3eb2b71b687d50a648bdc404d
994a1c7ce4ecd83ace3d0fe4834ad092b538dbf23e691a8a85f004feaec15401
GET /popunder.gif HTTP/1.1
Host: blicatedlitytl.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 14 Oct 2023 12:45:06 GMT
content-type: image/gif
access-control-allow-origin: *
pragma: public
cache-control: public, max-age=604800, immutable
cf-cache-status: HIT
age: 129435
last-modified: Fri, 13 Oct 2023 00:47:51 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yDu5lfyHmR3tRmfRmG6R8l5%2FlebGJ8v0sRUox1l6nu3DioP5jPJU%2F5B4k8iLFu7A5TooaVkg4pHa%2FG1EGI%2FDlEV28d9zBC%2FjYIgKcMl333sim%2BU%2FkzTshT8n2iIovMAGssDb1CB8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 815feae1aab20b31-OSL
alt-svc: h3=":443"; ma=86400
GET serving.bepolite.eu/script?space=50dd7b0f-4105-441f-8f60-18cc3fcb090c&type=direct&page_id=5957645&screen_width=1280&screen_height=1024&os=Linux%20x86_64&refurl=https%3A%2F%2Fwww.upload.ee%2Fdownload%2F15806824%2F3e00354f03e01db085e3%2F________________________________________________.pdf.exe&pageurl=https%3A%2F%2Fwww.upload.ee%2Ffiles%2F15806824%2F________________________________________________.pdf.exe.html%3Fmsg%3Dsess_error&rnd=1697287505936
1.4 kB URL GET serving.bepolite.eu/script?space=50dd7b0f-4105-441f-8f60-18cc3fcb090c&type=direct&page_id=5957645&screen_width=1280&screen_height=1024&os=Linux%20x86_64&refurl=https%3A%2F%2Fwww.upload.ee%2Fdownload%2F15806824%2F3e00354f03e01db085e3%2F________________________________________________.pdf.exe&pageurl=https%3A%2F%2Fwww.upload.ee%2Ffiles%2F15806824%2F________________________________________________.pdf.exe.html%3Fmsg%3Dsess_error&rnd=1697287505936
IP
ASN #3327 CITIC Telecom CPC Netherlands B.V.
Requested by https://www.upload.ee/files/15806824/________________________________________________.pdf.exe.html?msg=sess_error
Certificate IssuerLet's Encrypt
Subjectstatic.bepolite.eu
FingerprintB7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD
ValidityMon, 04 Sep 2023 21:06:47 GMT - Sun, 03 Dec 2023 21:06:46 GMT
File type ASCII text, with very long lines (394)
Hash d4076d40af1802ebd961294601eac743
2be74c232d6fefb56242e60b0ef86410842d5d0a
d064be1df55daa38e43e159bacf942bbe27637055ca87818ad9937d429272736
GET /script?space=50dd7b0f-4105-441f-8f60-18cc3fcb090c&type=direct&page_id=5957645&screen_width=1280&screen_height=1024&os=Linux%20x86_64&refurl=https%3A%2F%2Fwww.upload.ee%2Fdownload%2F15806824%2F3e00354f03e01db085e3%2F________________________________________________.pdf.exe&pageurl=https%3A%2F%2Fwww.upload.ee%2Ffiles%2F15806824%2F________________________________________________.pdf.exe.html%3Fmsg%3Dsess_error&rnd=1697287505936 HTTP/1.1
Host: serving.bepolite.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
cache-control: private, must-revalidate, max-age=0
vary: accept-encoding
content-encoding: gzip
content-type: text/plain;charset=ISO-8859-1
date: Sat, 14 Oct 2023 12:45:03 GMT
set-cookie: bepolite_id=da8a7788dcf65c9a7f323047af5ce75f; Max-Age=7776000; Expires=Fri, 12-Jan-2024 12:45:04 GMT; SameSite=None; Secure
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 771976392
age: 0
accept-ranges: bytes
content-length: 1447
X-Firefox-Spdy: h2
GET static.bepolite.eu/scripts/saresponsive.js
200 OK 177 kB URL GET HTTP/2 static.bepolite.eu/scripts/saresponsive.js
IP
ASN #3327 CITIC Telecom CPC Netherlands B.V.
Requested by https://www.upload.ee/files/15806824/________________________________________________.pdf.exe.html?msg=sess_error
Certificate IssuerLet's Encrypt
Subjectstatic.bepolite.eu
FingerprintB7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD
ValidityMon, 04 Sep 2023 21:06:47 GMT - Sun, 03 Dec 2023 21:06:46 GMT
File type ASCII text, with very long lines (32077), with CRLF line terminators
Size 177 kB (176966 bytes)
Hash 8b966d35075632aae6108d54928c2ae9
c76f1c7ab28ade483e7a852c049eeb5bddaf4e5e
da22da01f20d28d9171f8107e155ca01f9811d6abcd3b64dbeb832ec6c34578e
GET /scripts/saresponsive.js HTTP/1.1
Host: static.bepolite.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
accept-ranges: bytes
etag: "3434174309"
last-modified: Mon, 09 Oct 2023 23:05:33 GMT
content-length: 176966
date: Sat, 14 Oct 2023 12:45:04 GMT
cache-control: must-revalidate, private
expires: -1
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 771778901
age: 0
X-Firefox-Spdy: h2
471 B URL ocsp.r2m02.amazontrust.com/
IP
Hash 9fea3fbafccb29672734c4139285ce05
0e57b6bc927afac69190eb9097086f45e9426141
4e4a4aaa687773bdb3a1d84a1d2ecb19be426ce5bb97566d60e1d6a62d297075
POST / HTTP/1.1
Host: ocsp.r2m02.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Sat, 14 Oct 2023 12:45:07 GMT
Last-Modified: Sat, 14 Oct 2023 11:39:50 GMT
Server: ECAcc (ska/F7A3)
X-Cache: Miss from cloudfront
Via: 1.1 185768229530368be94556dcab1c486a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: s1Dr6dnkK5JzbbIdVe-hMt8_3H5MSasZu9X5Pw-P-6ED2RsynTLUxw==
Age: 3918
471 B URL ocsp.r2m02.amazontrust.com/
IP
Hash 9fea3fbafccb29672734c4139285ce05
0e57b6bc927afac69190eb9097086f45e9426141
4e4a4aaa687773bdb3a1d84a1d2ecb19be426ce5bb97566d60e1d6a62d297075
POST / HTTP/1.1
Host: ocsp.r2m02.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Sat, 14 Oct 2023 12:45:07 GMT
Last-Modified: Sat, 14 Oct 2023 11:27:17 GMT
Server: ECAcc (ska/F6AF)
X-Cache: Miss from cloudfront
Via: 1.1 501ad2910f631f0520a6d389d6f053e8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: E3jToGnvLmIwYoWB0laq6Vi3RuOGgHjDxRYSrklRgsA537bfCTbiSA==
Age: 4670
GET banner.hookusbookus.com/index_300x600.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF0_g7mBChKH4zGlMePdWxfB1uprKuIevvtYx6ed5WKOfMQGugJhxDG8etW06ERbP7lIxzR_X7O580NHQSMYgTO-6jaH6eg1jhpsDQ-VqrNZWG0g5dJVoua9ONo1LKAeBjQ2jsM-gWxoUwRiAGLFWz0Xzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3GkrPtl30bRttEg6xGYsRnFbaKN4yJEFlwh9HrIZUdSqf8rsm0xg-WHbjnoMbP7Vra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF0_g7mBChKH4zGlMePdWxfB1uprKuIevvtYx6ed5WKOfMQGugJhxDG8etW06ERbP7lIxzR_X7O580NHQSMYgTO-6jaH6eg1jhpsDQ-VqrNZWG0g5dJVoua9ONo1LKAeBjQ2jsM-gWxoUwRiAGLFWz0Xzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3GkrPtl30bRttEg6xGYsRnFbaKN4yJEFlwh9HrIZUdSqf8rsm0xg-WHbjnoMbP7Vra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_300x600.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=66baacca7d4948f283e04dc97ef2612850dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=300&h=600&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
200 OK 1.9 kB URL GET HTTP/2 banner.hookusbookus.com/index_300x600.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF0_g7mBChKH4zGlMePdWxfB1uprKuIevvtYx6ed5WKOfMQGugJhxDG8etW06ERbP7lIxzR_X7O580NHQSMYgTO-6jaH6eg1jhpsDQ-VqrNZWG0g5dJVoua9ONo1LKAeBjQ2jsM-gWxoUwRiAGLFWz0Xzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3GkrPtl30bRttEg6xGYsRnFbaKN4yJEFlwh9HrIZUdSqf8rsm0xg-WHbjnoMbP7Vra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF0_g7mBChKH4zGlMePdWxfB1uprKuIevvtYx6ed5WKOfMQGugJhxDG8etW06ERbP7lIxzR_X7O580NHQSMYgTO-6jaH6eg1jhpsDQ-VqrNZWG0g5dJVoua9ONo1LKAeBjQ2jsM-gWxoUwRiAGLFWz0Xzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3GkrPtl30bRttEg6xGYsRnFbaKN4yJEFlwh9HrIZUdSqf8rsm0xg-WHbjnoMbP7Vra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_300x600.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=66baacca7d4948f283e04dc97ef2612850dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=300&h=600&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
IP
Requested by https://www.upload.ee/files/15806824/________________________________________________.pdf.exe.html?msg=sess_error
Certificate IssuerAmazon
Subject*.hookusbookus.com
FingerprintCD:CD:3C:03:66:21:F8:A9:21:BC:F8:C8:3C:DC:88:0A:C5:19:F1:7A
ValiditySun, 07 May 2023 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT
File type gzip compressed data, from Unix\012- data
Hash 273086ce8c5683ccaeb002d5ced7f104
3f71e54c72be9dc0a37f0d9f0d14d906d505c883
7a08afd923a3ac3a29f93c8a19fca4b2314aa11ac17c64896121cf385f7a65f4
GET /index_300x600.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF0_g7mBChKH4zGlMePdWxfB1uprKuIevvtYx6ed5WKOfMQGugJhxDG8etW06ERbP7lIxzR_X7O580NHQSMYgTO-6jaH6eg1jhpsDQ-VqrNZWG0g5dJVoua9ONo1LKAeBjQ2jsM-gWxoUwRiAGLFWz0Xzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3GkrPtl30bRttEg6xGYsRnFbaKN4yJEFlwh9HrIZUdSqf8rsm0xg-WHbjnoMbP7Vra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF0_g7mBChKH4zGlMePdWxfB1uprKuIevvtYx6ed5WKOfMQGugJhxDG8etW06ERbP7lIxzR_X7O580NHQSMYgTO-6jaH6eg1jhpsDQ-VqrNZWG0g5dJVoua9ONo1LKAeBjQ2jsM-gWxoUwRiAGLFWz0Xzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3GkrPtl30bRttEg6xGYsRnFbaKN4yJEFlwh9HrIZUdSqf8rsm0xg-WHbjnoMbP7Vra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_300x600.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=66baacca7d4948f283e04dc97ef2612850dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=300&h=600&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 14 Oct 2023 12:45:07 GMT
content-type: text/html
server: nginx/1.15.12
last-modified: Tue, 24 Jan 2023 14:19:47 GMT
vary: Accept-Encoding
etag: W/"63cfe903-1761"
content-encoding: gzip
X-Firefox-Spdy: h2
GET banner.hookusbookus.com/config/config.js?v=1
200 OK 75 B URL GET HTTP/2 banner.hookusbookus.com/config/config.js?v=1
IP
Requested by https://banner.hookusbookus.com/index_300x600.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF0_g7mBChKH4zGlMePdWxfB1uprKuIevvtYx6ed5WKOfMQGugJhxDG8etW06ERbP7lIxzR_X7O580NHQSMYgTO-6jaH6eg1jhpsDQ-VqrNZWG0g5dJVoua9ONo1LKAeBjQ2jsM-gWxoUwRiAGLFWz0Xzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3GkrPtl30bRttEg6xGYsRnFbaKN4yJEFlwh9HrIZUdSqf8rsm0xg-WHbjnoMbP7Vra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF0_g7mBChKH4zGlMePdWxfB1uprKuIevvtYx6ed5WKOfMQGugJhxDG8etW06ERbP7lIxzR_X7O580NHQSMYgTO-6jaH6eg1jhpsDQ-VqrNZWG0g5dJVoua9ONo1LKAeBjQ2jsM-gWxoUwRiAGLFWz0Xzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3GkrPtl30bRttEg6xGYsRnFbaKN4yJEFlwh9HrIZUdSqf8rsm0xg-WHbjnoMbP7Vra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_300x600.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=66baacca7d4948f283e04dc97ef2612850dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=300&h=600&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerAmazon
Subject*.hookusbookus.com
FingerprintCD:CD:3C:03:66:21:F8:A9:21:BC:F8:C8:3C:DC:88:0A:C5:19:F1:7A
ValiditySun, 07 May 2023 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT
Hash ee16e21326dec006274a554647c4d759
8e4389c35e12ea6d1e4d7214c174fda343047865
5ccb649c18765165e7128191ea14ab53d8de87d6ad7eea29328b681d455d7a4f
GET /config/config.js?v=1 HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/index_300x600.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF0_g7mBChKH4zGlMePdWxfB1uprKuIevvtYx6ed5WKOfMQGugJhxDG8etW06ERbP7lIxzR_X7O580NHQSMYgTO-6jaH6eg1jhpsDQ-VqrNZWG0g5dJVoua9ONo1LKAeBjQ2jsM-gWxoUwRiAGLFWz0Xzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3GkrPtl30bRttEg6xGYsRnFbaKN4yJEFlwh9HrIZUdSqf8rsm0xg-WHbjnoMbP7Vra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF0_g7mBChKH4zGlMePdWxfB1uprKuIevvtYx6ed5WKOfMQGugJhxDG8etW06ERbP7lIxzR_X7O580NHQSMYgTO-6jaH6eg1jhpsDQ-VqrNZWG0g5dJVoua9ONo1LKAeBjQ2jsM-gWxoUwRiAGLFWz0Xzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3GkrPtl30bRttEg6xGYsRnFbaKN4yJEFlwh9HrIZUdSqf8rsm0xg-WHbjnoMbP7Vra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_300x600.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=66baacca7d4948f283e04dc97ef2612850dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=300&h=600&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 14 Oct 2023 12:45:07 GMT
content-type: application/javascript
content-length: 75
server: nginx/1.15.12
last-modified: Tue, 24 Jan 2023 14:19:47 GMT
etag: "63cfe903-4b"
accept-ranges: bytes
X-Firefox-Spdy: h2
GET banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF0_g7mBChKH4zGlMePdWxfB1uprKuIevvtYx6ed5WKOfMQGugJhxDG8etW06ERbP7lIxzR_X7O580NHQSMYgTO-6jaH6eg1jhpsDQ-VqrNZWG0g5dJVoua9ONo1LKAeBjQ2jsM-gWxoUwRiAGLFWz0Xzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF0_g7mBChKH4zGlMePdWxfB1uprKuIevvtYx6ed5WKOfMQGugJhxDG8etW06ERbP7lIxzR_X7O580NHQSMYgTO-6jaH6eg1jhpsDQ-VqrNZWG0g5dJVoua9ONo1LKAeBjQ2jsM-gWxoUwRiAGLFWz0Xzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=129c0d359bec46149fd9f0dec164740650dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
200 OK 34 kB URL GET HTTP/2 banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF0_g7mBChKH4zGlMePdWxfB1uprKuIevvtYx6ed5WKOfMQGugJhxDG8etW06ERbP7lIxzR_X7O580NHQSMYgTO-6jaH6eg1jhpsDQ-VqrNZWG0g5dJVoua9ONo1LKAeBjQ2jsM-gWxoUwRiAGLFWz0Xzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF0_g7mBChKH4zGlMePdWxfB1uprKuIevvtYx6ed5WKOfMQGugJhxDG8etW06ERbP7lIxzR_X7O580NHQSMYgTO-6jaH6eg1jhpsDQ-VqrNZWG0g5dJVoua9ONo1LKAeBjQ2jsM-gWxoUwRiAGLFWz0Xzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=129c0d359bec46149fd9f0dec164740650dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
IP
Requested by https://www.upload.ee/files/15806824/________________________________________________.pdf.exe.html?msg=sess_error
Certificate IssuerAmazon
Subject*.hookusbookus.com
FingerprintCD:CD:3C:03:66:21:F8:A9:21:BC:F8:C8:3C:DC:88:0A:C5:19:F1:7A
ValiditySun, 07 May 2023 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT
File type gzip compressed data, from Unix\012- data
Hash 7a8791d904ecdc6900ef7baf37f5cfb9
02a82923b042f279cc135be8ea866ce8f5ffade0
3cea4effb8b545cd80ebc0799ff835aee9d8dd055d613a9600cc3154230f3ee7
GET /index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF0_g7mBChKH4zGlMePdWxfB1uprKuIevvtYx6ed5WKOfMQGugJhxDG8etW06ERbP7lIxzR_X7O580NHQSMYgTO-6jaH6eg1jhpsDQ-VqrNZWG0g5dJVoua9ONo1LKAeBjQ2jsM-gWxoUwRiAGLFWz0Xzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF0_g7mBChKH4zGlMePdWxfB1uprKuIevvtYx6ed5WKOfMQGugJhxDG8etW06ERbP7lIxzR_X7O580NHQSMYgTO-6jaH6eg1jhpsDQ-VqrNZWG0g5dJVoua9ONo1LKAeBjQ2jsM-gWxoUwRiAGLFWz0Xzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=129c0d359bec46149fd9f0dec164740650dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 14 Oct 2023 12:45:07 GMT
content-type: text/html
server: nginx/1.15.12
last-modified: Tue, 24 Jan 2023 14:19:47 GMT
vary: Accept-Encoding
etag: W/"63cfe903-1781"
content-encoding: gzip
X-Firefox-Spdy: h2
GET pogothere.xyz/
200 OK 29 B IP
Requested by https://www.upload.ee/files/15806824/________________________________________________.pdf.exe.html?msg=sess_error
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint17:F9:2D:6F:B5:5E:5F:37:A6:FB:BE:61:4F:97:64:33:85:5C:3A:FB
ValidityTue, 28 Feb 2023 00:00:00 GMT - Tue, 27 Feb 2024 23:59:59 GMT
File type ASCII text, with no line terminators
Hash cee22c8e5a48e4c2c259486de8585ada
6c71cff185b6aefb758f7077c371049221d84d62
88f2de5d7e408cd97c1e3bab5f1be2cb43cc98e23430448bb3ce4da5c16fe287
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
Origin: https://www.upload.ee
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 14 Oct 2023 12:45:05 GMT
content-type: text/plain
set-cookie: csu=2190800103046914@1@1697287505; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://www.upload.ee
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FEN20x68gyRcDxy6pCLA%2BmEe0vb0fRIB%2BRGMSV5YcAzX9RY3QwO%2Bia8DIMkjuf9pNDbR%2F2RzjWQdoYt1TbI982YyovLt7AZI0Q36bN6AdVY6sNOjOJkD9MoPQNxol5%2BH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 815feadfb96b568a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET banner.hookusbookus.com/assets/css/index_1000x200.css
200 OK 1.1 kB URL GET HTTP/2 banner.hookusbookus.com/assets/css/index_1000x200.css
IP
Requested by https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF0_g7mBChKH4zGlMePdWxfB1uprKuIevvtYx6ed5WKOfMQGugJhxDG8etW06ERbP7lIxzR_X7O580NHQSMYgTO-6jaH6eg1jhpsDQ-VqrNZWG0g5dJVoua9ONo1LKAeBjQ2jsM-gWxoUwRiAGLFWz0Xzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF0_g7mBChKH4zGlMePdWxfB1uprKuIevvtYx6ed5WKOfMQGugJhxDG8etW06ERbP7lIxzR_X7O580NHQSMYgTO-6jaH6eg1jhpsDQ-VqrNZWG0g5dJVoua9ONo1LKAeBjQ2jsM-gWxoUwRiAGLFWz0Xzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=129c0d359bec46149fd9f0dec164740650dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerAmazon
Subject*.hookusbookus.com
FingerprintCD:CD:3C:03:66:21:F8:A9:21:BC:F8:C8:3C:DC:88:0A:C5:19:F1:7A
ValiditySun, 07 May 2023 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT
Hash 67ddcfb5d01d94b3bb85e8b2be771d9e
f73cdadc08a8ce4ce25b65ffb725a8169d56ed97
f519050dc3dbc3ef03af0cdb62960d8b4c9060f431a8feacdf015bacbd24e7ef
GET /assets/css/index_1000x200.css HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF0_g7mBChKH4zGlMePdWxfB1uprKuIevvtYx6ed5WKOfMQGugJhxDG8etW06ERbP7lIxzR_X7O580NHQSMYgTO-6jaH6eg1jhpsDQ-VqrNZWG0g5dJVoua9ONo1LKAeBjQ2jsM-gWxoUwRiAGLFWz0Xzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF0_g7mBChKH4zGlMePdWxfB1uprKuIevvtYx6ed5WKOfMQGugJhxDG8etW06ERbP7lIxzR_X7O580NHQSMYgTO-6jaH6eg1jhpsDQ-VqrNZWG0g5dJVoua9ONo1LKAeBjQ2jsM-gWxoUwRiAGLFWz0Xzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=129c0d359bec46149fd9f0dec164740650dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 14 Oct 2023 12:45:07 GMT
content-type: text/css
server: nginx/1.15.12
last-modified: Fri, 17 Dec 2021 08:13:58 GMT
vary: Accept-Encoding
etag: W/"61bc46c6-1301"
content-encoding: gzip
X-Firefox-Spdy: h2
GET banner.hookusbookus.com/assets/image/prices-bg-3.png
200 OK 2.4 kB URL GET HTTP/2 banner.hookusbookus.com/assets/image/prices-bg-3.png
IP
Requested by https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF0_g7mBChKH4zGlMePdWxfB1uprKuIevvtYx6ed5WKOfMQGugJhxDG8etW06ERbP7lIxzR_X7O580NHQSMYgTO-6jaH6eg1jhpsDQ-VqrNZWG0g5dJVoua9ONo1LKAeBjQ2jsM-gWxoUwRiAGLFWz0Xzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF0_g7mBChKH4zGlMePdWxfB1uprKuIevvtYx6ed5WKOfMQGugJhxDG8etW06ERbP7lIxzR_X7O580NHQSMYgTO-6jaH6eg1jhpsDQ-VqrNZWG0g5dJVoua9ONo1LKAeBjQ2jsM-gWxoUwRiAGLFWz0Xzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=129c0d359bec46149fd9f0dec164740650dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerAmazon
Subject*.hookusbookus.com
FingerprintCD:CD:3C:03:66:21:F8:A9:21:BC:F8:C8:3C:DC:88:0A:C5:19:F1:7A
ValiditySun, 07 May 2023 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT
File type PNG image data, 250 x 118, 8-bit/color RGBA, non-interlaced\012- data
Hash ef56eff9c1246b25c0088c156116ae05
21f5a8245443365c960a196d005277a3c5ef4709
be624625b85909d1b549672c0a13b167751f842e035c3156f1d5e4a1b677ce54
GET /assets/image/prices-bg-3.png HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/assets/css/index_1000x200.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 14 Oct 2023 12:45:07 GMT
content-type: image/png
content-length: 2442
server: nginx/1.15.12
last-modified: Thu, 22 Apr 2021 07:20:15 GMT
etag: "608123af-98a"
accept-ranges: bytes
X-Firefox-Spdy: h2
GET banner.hookusbookus.com/assets/fonts/greycliff-cf-regular.woff
200 OK 53 kB URL GET HTTP/2 banner.hookusbookus.com/assets/fonts/greycliff-cf-regular.woff
IP
Requested by https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF0_g7mBChKH4zGlMePdWxfB1uprKuIevvtYx6ed5WKOfMQGugJhxDG8etW06ERbP7lIxzR_X7O580NHQSMYgTO-6jaH6eg1jhpsDQ-VqrNZWG0g5dJVoua9ONo1LKAeBjQ2jsM-gWxoUwRiAGLFWz0Xzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF0_g7mBChKH4zGlMePdWxfB1uprKuIevvtYx6ed5WKOfMQGugJhxDG8etW06ERbP7lIxzR_X7O580NHQSMYgTO-6jaH6eg1jhpsDQ-VqrNZWG0g5dJVoua9ONo1LKAeBjQ2jsM-gWxoUwRiAGLFWz0Xzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=129c0d359bec46149fd9f0dec164740650dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerAmazon
Subject*.hookusbookus.com
FingerprintCD:CD:3C:03:66:21:F8:A9:21:BC:F8:C8:3C:DC:88:0A:C5:19:F1:7A
ValiditySun, 07 May 2023 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT
File type Web Open Font Format, TrueType, length 53104, version 1.500\012- data
Hash 4f5975fe17a8ca74963be0165ff6a443
4bca2ab6c3da2b6ae09602601adeac22e7a90381
5b8f98e0c93afef19bd64c3dea2a16d60dc1574e5a4a79b788ef03b9eb3c22df
GET /assets/fonts/greycliff-cf-regular.woff HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/assets/css/index_300x600.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 14 Oct 2023 12:45:07 GMT
content-type: font/woff
content-length: 53104
server: nginx/1.15.12
last-modified: Thu, 22 Apr 2021 07:20:15 GMT
etag: "608123af-cf70"
accept-ranges: bytes
X-Firefox-Spdy: h2
GET banner.hookusbookus.com/assets/fonts/greycliff-cf-bold.woff
200 OK 53 kB URL GET HTTP/2 banner.hookusbookus.com/assets/fonts/greycliff-cf-bold.woff
IP
Requested by https://banner.hookusbookus.com/index_300x600.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF0_g7mBChKH4zGlMePdWxfB1uprKuIevvtYx6ed5WKOfMQGugJhxDG8etW06ERbP7lIxzR_X7O580NHQSMYgTO-6jaH6eg1jhpsDQ-VqrNZWG0g5dJVoua9ONo1LKAeBjQ2jsM-gWxoUwRiAGLFWz0Xzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3GkrPtl30bRttEg6xGYsRnFbaKN4yJEFlwh9HrIZUdSqf8rsm0xg-WHbjnoMbP7Vra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF0_g7mBChKH4zGlMePdWxfB1uprKuIevvtYx6ed5WKOfMQGugJhxDG8etW06ERbP7lIxzR_X7O580NHQSMYgTO-6jaH6eg1jhpsDQ-VqrNZWG0g5dJVoua9ONo1LKAeBjQ2jsM-gWxoUwRiAGLFWz0Xzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3GkrPtl30bRttEg6xGYsRnFbaKN4yJEFlwh9HrIZUdSqf8rsm0xg-WHbjnoMbP7Vra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_300x600.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=66baacca7d4948f283e04dc97ef2612850dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=300&h=600&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerAmazon
Subject*.hookusbookus.com
FingerprintCD:CD:3C:03:66:21:F8:A9:21:BC:F8:C8:3C:DC:88:0A:C5:19:F1:7A
ValiditySun, 07 May 2023 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT
File type Web Open Font Format, TrueType, length 53208, version 1.500\012- data
Hash c03dece8ec0635406a35b888337dca8f
b72706815dccadd44dba1693ed8865b41782b14f
092416b2a5cbe9f6596ff7ee177db702262c64326231a3664a34a65c861601b1
GET /assets/fonts/greycliff-cf-bold.woff HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/assets/css/index_300x600.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 14 Oct 2023 12:45:07 GMT
content-type: font/woff
content-length: 53208
server: nginx/1.15.12
last-modified: Thu, 22 Apr 2021 07:20:15 GMT
etag: "608123af-cfd8"
accept-ranges: bytes
X-Firefox-Spdy: h2
GET banner.hookusbookus.com/assets/js/jquery.min.js
200 OK 84 kB URL GET HTTP/2 banner.hookusbookus.com/assets/js/jquery.min.js
IP
Requested by https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF0_g7mBChKH4zGlMePdWxfB1uprKuIevvtYx6ed5WKOfMQGugJhxDG8etW06ERbP7lIxzR_X7O580NHQSMYgTO-6jaH6eg1jhpsDQ-VqrNZWG0g5dJVoua9ONo1LKAeBjQ2jsM-gWxoUwRiAGLFWz0Xzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF0_g7mBChKH4zGlMePdWxfB1uprKuIevvtYx6ed5WKOfMQGugJhxDG8etW06ERbP7lIxzR_X7O580NHQSMYgTO-6jaH6eg1jhpsDQ-VqrNZWG0g5dJVoua9ONo1LKAeBjQ2jsM-gWxoUwRiAGLFWz0Xzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=129c0d359bec46149fd9f0dec164740650dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerAmazon
Subject*.hookusbookus.com
FingerprintCD:CD:3C:03:66:21:F8:A9:21:BC:F8:C8:3C:DC:88:0A:C5:19:F1:7A
ValiditySun, 07 May 2023 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT
File type gzip compressed data, from Unix\012- data
Hash 0916059107c0f58599101f895170bff8
46ec4413262e861f4ec1de96c6a677ff2734064d
7885bf57f3c92cab8c85714717e0eee788ca93008abaaee93ed3d0481825ca3b
GET /assets/js/jquery.min.js HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/index_300x600.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF0_g7mBChKH4zGlMePdWxfB1uprKuIevvtYx6ed5WKOfMQGugJhxDG8etW06ERbP7lIxzR_X7O580NHQSMYgTO-6jaH6eg1jhpsDQ-VqrNZWG0g5dJVoua9ONo1LKAeBjQ2jsM-gWxoUwRiAGLFWz0Xzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3GkrPtl30bRttEg6xGYsRnFbaKN4yJEFlwh9HrIZUdSqf8rsm0xg-WHbjnoMbP7Vra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF0_g7mBChKH4zGlMePdWxfB1uprKuIevvtYx6ed5WKOfMQGugJhxDG8etW06ERbP7lIxzR_X7O580NHQSMYgTO-6jaH6eg1jhpsDQ-VqrNZWG0g5dJVoua9ONo1LKAeBjQ2jsM-gWxoUwRiAGLFWz0Xzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3GkrPtl30bRttEg6xGYsRnFbaKN4yJEFlwh9HrIZUdSqf8rsm0xg-WHbjnoMbP7Vra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_300x600.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=66baacca7d4948f283e04dc97ef2612850dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=300&h=600&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 14 Oct 2023 12:45:07 GMT
content-type: application/javascript
server: nginx/1.15.12
last-modified: Thu, 22 Apr 2021 07:20:15 GMT
vary: Accept-Encoding
etag: W/"608123af-15d84"
content-encoding: gzip
X-Firefox-Spdy: h2
GET pogothere.xyz/asd100.bin
200 OK 181 kB IP
Requested by https://www.upload.ee/files/15806824/________________________________________________.pdf.exe.html?msg=sess_error
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint17:F9:2D:6F:B5:5E:5F:37:A6:FB:BE:61:4F:97:64:33:85:5C:3A:FB
ValidityTue, 28 Feb 2023 00:00:00 GMT - Tue, 27 Feb 2024 23:59:59 GMT
Size 181 kB (180956 bytes)
Hash c1ee3f08c34f6108ed7fd2d7cd0a70e2
22ecc2416a9fee70747a7378df20918fdf9db87c
ff433dbc389fb45df3102d6e2471a8a86316442b6aa3cd0c3abd15fb6f374558
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
Origin: https://www.upload.ee
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 14 Oct 2023 12:45:05 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://www.upload.ee
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 4697
last-modified: Sat, 14 Oct 2023 11:26:48 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KehKOrRQRmqCeJfAOWdZFevTZhhMHUEK5F3rHNk%2BwDC1ELM9DS8fRGzYDtjlwJQLKz%2FslV3oErpzGLouHuH4Rr71gbn%2B%2FxfbxI5iPLS3yH3X%2BR7hbPW0CnRQJqFJQynX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 815feadfc97e568a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET dskwugy0u6y9l.cloudfront.net/hotelliveeb/images/general/1/I3Qfj8e7MckxIXbz78mw.jpg
200 OK 56 kB URL GET HTTP/2 dskwugy0u6y9l.cloudfront.net/hotelliveeb/images/general/1/I3Qfj8e7MckxIXbz78mw.jpg
IP
Requested by https://banner.hookusbookus.com/index_300x600.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF0_g7mBChKH4zGlMePdWxfB1uprKuIevvtYx6ed5WKOfMQGugJhxDG8etW06ERbP7lIxzR_X7O580NHQSMYgTO-6jaH6eg1jhpsDQ-VqrNZWG0g5dJVoua9ONo1LKAeBjQ2jsM-gWxoUwRiAGLFWz0Xzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3GkrPtl30bRttEg6xGYsRnFbaKN4yJEFlwh9HrIZUdSqf8rsm0xg-WHbjnoMbP7Vra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF0_g7mBChKH4zGlMePdWxfB1uprKuIevvtYx6ed5WKOfMQGugJhxDG8etW06ERbP7lIxzR_X7O580NHQSMYgTO-6jaH6eg1jhpsDQ-VqrNZWG0g5dJVoua9ONo1LKAeBjQ2jsM-gWxoUwRiAGLFWz0Xzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3GkrPtl30bRttEg6xGYsRnFbaKN4yJEFlwh9HrIZUdSqf8rsm0xg-WHbjnoMbP7Vra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_300x600.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=66baacca7d4948f283e04dc97ef2612850dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=300&h=600&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerAmazon
Subject*.cloudfront.net
FingerprintBA:0F:CD:B3:EA:19:B2:9D:99:9B:51:2D:16:33:6B:D0:3F:31:A2:AB
ValidityThu, 08 Dec 2022 00:00:00 GMT - Thu, 07 Dec 2023 23:59:59 GMT
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x230, components 3\012- data
Hash cddd4b220dbfd2c4641572afbcc3bbf9
2bf3de058bcb45d5a133c9e768a4e8fcdb6ec6c8
54c4a1b842c44277f35ff895c7be82711edf0591dd660744d3e18c3a62f236ce
GET /hotelliveeb/images/general/1/I3Qfj8e7MckxIXbz78mw.jpg HTTP/1.1
Host: dskwugy0u6y9l.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/jpeg
content-length: 55749
date: Sat, 14 Oct 2023 04:58:10 GMT
last-modified: Mon, 20 Dec 2021 05:01:30 GMT
etag: "cddd4b220dbfd2c4641572afbcc3bbf9"
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 f46f7100ad6fc83a021f62212f945830.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: pnm8li5ltaoXFJtgn76cRLaDvbE04st2heXy9Z0bydBpJzdJtBZ_3w==
age: 28018
X-Firefox-Spdy: h2
GET serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF0_g7mBChKH4zGlMePdWxfB1uprKuIevvtYx6ed5WKOfMQGugJhxDG8etW06ERbP7lIxzR_X7O580NHQSMYgTO-6jaH6eg1jhpsDQ-VqrNZWG0g5dJVoua9ONo1LKAeBjQ2jsM-gWxoUwRiAGLFWz0Xzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnPQFkqynusZJvi-LzBjp4mA
200 OK 0 B URL GET HTTP/2 serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF0_g7mBChKH4zGlMePdWxfB1uprKuIevvtYx6ed5WKOfMQGugJhxDG8etW06ERbP7lIxzR_X7O580NHQSMYgTO-6jaH6eg1jhpsDQ-VqrNZWG0g5dJVoua9ONo1LKAeBjQ2jsM-gWxoUwRiAGLFWz0Xzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnPQFkqynusZJvi-LzBjp4mA
IP
ASN #3327 CITIC Telecom CPC Netherlands B.V.
Requested by https://www.upload.ee/files/15806824/________________________________________________.pdf.exe.html?msg=sess_error
Certificate IssuerLet's Encrypt
Subjectstatic.bepolite.eu
FingerprintB7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD
ValidityMon, 04 Sep 2023 21:06:47 GMT - Sun, 03 Dec 2023 21:06:46 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /event?key=FYFWuDany3hwv6rfuoAYF0_g7mBChKH4zGlMePdWxfB1uprKuIevvtYx6ed5WKOfMQGugJhxDG8etW06ERbP7lIxzR_X7O580NHQSMYgTO-6jaH6eg1jhpsDQ-VqrNZWG0g5dJVoua9ONo1LKAeBjQ2jsM-gWxoUwRiAGLFWz0Xzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnPQFkqynusZJvi-LzBjp4mA HTTP/1.1
Host: serving.bepolite.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Cookie: bepolite_id=da8a7788dcf65c9a7f323047af5ce75f
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 0
date: Sat, 14 Oct 2023 12:45:01 GMT
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 772756240
age: 0
accept-ranges: bytes
X-Firefox-Spdy: h2
GET dskwugy0u6y9l.cloudfront.net/hotelliveeb/images/general/1/9XFTBsexLSaW6Uk3nCoS.jpg
200 OK 59 kB URL GET HTTP/2 dskwugy0u6y9l.cloudfront.net/hotelliveeb/images/general/1/9XFTBsexLSaW6Uk3nCoS.jpg
IP
Requested by https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF0_g7mBChKH4zGlMePdWxfB1uprKuIevvtYx6ed5WKOfMQGugJhxDG8etW06ERbP7lIxzR_X7O580NHQSMYgTO-6jaH6eg1jhpsDQ-VqrNZWG0g5dJVoua9ONo1LKAeBjQ2jsM-gWxoUwRiAGLFWz0Xzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF0_g7mBChKH4zGlMePdWxfB1uprKuIevvtYx6ed5WKOfMQGugJhxDG8etW06ERbP7lIxzR_X7O580NHQSMYgTO-6jaH6eg1jhpsDQ-VqrNZWG0g5dJVoua9ONo1LKAeBjQ2jsM-gWxoUwRiAGLFWz0Xzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=129c0d359bec46149fd9f0dec164740650dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerAmazon
Subject*.cloudfront.net
FingerprintBA:0F:CD:B3:EA:19:B2:9D:99:9B:51:2D:16:33:6B:D0:3F:31:A2:AB
ValidityThu, 08 Dec 2022 00:00:00 GMT - Thu, 07 Dec 2023 23:59:59 GMT
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 346x198, components 3\012- data
Hash 2bc0042405de1b87297ef3b0e699e446
1c6098f9283395ff9ebf1f5710a61243a1998947
4848bddd5f564c6e0bf254cc2dd163d73618504f83a6c35e48a2938901d93a83
GET /hotelliveeb/images/general/1/9XFTBsexLSaW6Uk3nCoS.jpg HTTP/1.1
Host: dskwugy0u6y9l.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
content-length: 59129
date: Sat, 14 Oct 2023 04:29:29 GMT
last-modified: Mon, 20 Dec 2021 05:01:50 GMT
etag: "2bc0042405de1b87297ef3b0e699e446"
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 f46f7100ad6fc83a021f62212f945830.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: YwY3Ymt2AtBbyn00oxU4_s3B6kXy0kMrM7yO5bAmzl_L7pFmEGaYcw==
age: 29745
X-Firefox-Spdy: h2
GET dskwugy0u6y9l.cloudfront.net/hotelliveeb/images/general/1/oG5Bqap65444rLcqquQa.jpg
200 OK 65 kB URL GET HTTP/2 dskwugy0u6y9l.cloudfront.net/hotelliveeb/images/general/1/oG5Bqap65444rLcqquQa.jpg
IP
Requested by https://banner.hookusbookus.com/index_300x600.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF0_g7mBChKH4zGlMePdWxfB1uprKuIevvtYx6ed5WKOfMQGugJhxDG8etW06ERbP7lIxzR_X7O580NHQSMYgTO-6jaH6eg1jhpsDQ-VqrNZWG0g5dJVoua9ONo1LKAeBjQ2jsM-gWxoUwRiAGLFWz0Xzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3GkrPtl30bRttEg6xGYsRnFbaKN4yJEFlwh9HrIZUdSqf8rsm0xg-WHbjnoMbP7Vra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF0_g7mBChKH4zGlMePdWxfB1uprKuIevvtYx6ed5WKOfMQGugJhxDG8etW06ERbP7lIxzR_X7O580NHQSMYgTO-6jaH6eg1jhpsDQ-VqrNZWG0g5dJVoua9ONo1LKAeBjQ2jsM-gWxoUwRiAGLFWz0Xzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3GkrPtl30bRttEg6xGYsRnFbaKN4yJEFlwh9HrIZUdSqf8rsm0xg-WHbjnoMbP7Vra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_300x600.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=66baacca7d4948f283e04dc97ef2612850dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=300&h=600&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerAmazon
Subject*.cloudfront.net
FingerprintBA:0F:CD:B3:EA:19:B2:9D:99:9B:51:2D:16:33:6B:D0:3F:31:A2:AB
ValidityThu, 08 Dec 2022 00:00:00 GMT - Thu, 07 Dec 2023 23:59:59 GMT
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x230, components 3\012- data
Hash 49688fe10aabd3ce26a753fad3679808
35274032cba8b28f17220044efdbba33cbd91c76
83fb199373c46198bc088046e7607f4b3ea091c5713e5ddd0fc4f293b44b551c
GET /hotelliveeb/images/general/1/oG5Bqap65444rLcqquQa.jpg HTTP/1.1
Host: dskwugy0u6y9l.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
content-length: 64849
date: Sat, 14 Oct 2023 02:28:04 GMT
last-modified: Mon, 20 Dec 2021 05:01:31 GMT
etag: "49688fe10aabd3ce26a753fad3679808"
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 f46f7100ad6fc83a021f62212f945830.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: kytLX2_bjt942GRGrjWvRlz5-NMLVIN_4bi5PKTSYif4VIJ_L5dx1w==
age: 37030
X-Firefox-Spdy: h2
63 kB URL dskwugy0u6y9l.cloudfront.net/hotelliveeb/images/general/1/nPEAWYJLUSat8p4TwADQ.jpg
IP
Certificate IssuerAmazon
Subject*.cloudfront.net
FingerprintBA:0F:CD:B3:EA:19:B2:9D:99:9B:51:2D:16:33:6B:D0:3F:31:A2:AB
ValidityThu, 08 Dec 2022 00:00:00 GMT - Thu, 07 Dec 2023 23:59:59 GMT
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 346x198, components 3\012- data
Hash 9d39df13669f4b0a37f1ec935fcf07c1
bee556a5a2eb792bc07095365d7ce55e0f20c488
c4ae0112f49b2e7eec621163661ab594d1deab9e18f27dfe9c37f212d5292ebd
GET /hotelliveeb/images/general/1/nPEAWYJLUSat8p4TwADQ.jpg HTTP/1.1
Host: dskwugy0u6y9l.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
content-length: 62663
date: Fri, 13 Oct 2023 15:01:53 GMT
last-modified: Mon, 20 Dec 2021 05:01:37 GMT
etag: "9d39df13669f4b0a37f1ec935fcf07c1"
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 f46f7100ad6fc83a021f62212f945830.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 7qSsFM6H8du-czf7fgPHFkY2zIjcTEcKe9OxaCajOeETr5qZE3VPVQ==
age: 78207
X-Firefox-Spdy: h2
55 kB URL dskwugy0u6y9l.cloudfront.net/hotelliveeb/images/general/1/WvgxKP0SMkf1q8doIfVx.jpg
IP
Certificate IssuerAmazon
Subject*.cloudfront.net
FingerprintBA:0F:CD:B3:EA:19:B2:9D:99:9B:51:2D:16:33:6B:D0:3F:31:A2:AB
ValidityThu, 08 Dec 2022 00:00:00 GMT - Thu, 07 Dec 2023 23:59:59 GMT
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x230, components 3\012- data
Hash f78794f15a38b390907d0d2792bb5c46
a1f9f0df4a365570b950a8b3337fc7c637d5a3a3
143e196eb854308bbe9e4a937ab5878287c42325e5878cc8ae4d91d4c2c930a6
GET /hotelliveeb/images/general/1/WvgxKP0SMkf1q8doIfVx.jpg HTTP/1.1
Host: dskwugy0u6y9l.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
content-length: 55100
date: Sat, 14 Oct 2023 07:49:04 GMT
last-modified: Mon, 30 May 2022 08:30:07 GMT
etag: "f78794f15a38b390907d0d2792bb5c46"
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 f46f7100ad6fc83a021f62212f945830.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: UU9DC_SRi3PVOyBvCd1YPRoIHLwQgVUV_Mu_lfp-0fyBmDAgFPKZ0Q==
age: 17776
X-Firefox-Spdy: h2
GET static.bepolite.eu/files/close-gray.png
200 OK 1.5 kB URL GET HTTP/2 static.bepolite.eu/files/close-gray.png
IP
ASN #3327 CITIC Telecom CPC Netherlands B.V.
Requested by https://www.upload.ee/files/15806824/________________________________________________.pdf.exe.html?msg=sess_error
Certificate IssuerLet's Encrypt
Subjectstatic.bepolite.eu
FingerprintB7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD
ValidityMon, 04 Sep 2023 21:06:47 GMT - Sun, 03 Dec 2023 21:06:46 GMT
File type PNG image data, 35 x 35, 8-bit/color RGBA, non-interlaced\012- data
Hash 41d9676ab94bece3f7a549b4769ddbe2
521f14490fc57fea51e2e5bf00e2299dce51561b
c2f89787bda82263fceb9ec11d398fa83a5f22abf248956df29bdee2987d2f34
GET /files/close-gray.png HTTP/1.1
Host: static.bepolite.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/png
accept-ranges: bytes
etag: "732411054"
last-modified: Fri, 08 Apr 2022 18:07:56 GMT
content-length: 1497
date: Sat, 14 Oct 2023 12:45:00 GMT
cache-control: must-revalidate, private
expires: -1
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 773368714
age: 0
X-Firefox-Spdy: h2
GET banner-server.hookusbookus.com/package-feed?language=et_ee&utmSource=allmedia
200 OK 24 kB URL GET HTTP/2 banner-server.hookusbookus.com/package-feed?language=et_ee&utmSource=allmedia
IP
Requested by https://banner.hookusbookus.com/index_300x600.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF0_g7mBChKH4zGlMePdWxfB1uprKuIevvtYx6ed5WKOfMQGugJhxDG8etW06ERbP7lIxzR_X7O580NHQSMYgTO-6jaH6eg1jhpsDQ-VqrNZWG0g5dJVoua9ONo1LKAeBjQ2jsM-gWxoUwRiAGLFWz0Xzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3GkrPtl30bRttEg6xGYsRnFbaKN4yJEFlwh9HrIZUdSqf8rsm0xg-WHbjnoMbP7Vra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF0_g7mBChKH4zGlMePdWxfB1uprKuIevvtYx6ed5WKOfMQGugJhxDG8etW06ERbP7lIxzR_X7O580NHQSMYgTO-6jaH6eg1jhpsDQ-VqrNZWG0g5dJVoua9ONo1LKAeBjQ2jsM-gWxoUwRiAGLFWz0Xzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3GkrPtl30bRttEg6xGYsRnFbaKN4yJEFlwh9HrIZUdSqf8rsm0xg-WHbjnoMbP7Vra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_300x600.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=66baacca7d4948f283e04dc97ef2612850dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=300&h=600&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerAmazon
Subject*.hookusbookus.com
FingerprintCD:CD:3C:03:66:21:F8:A9:21:BC:F8:C8:3C:DC:88:0A:C5:19:F1:7A
ValiditySun, 07 May 2023 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /package-feed?language=et_ee&utmSource=allmedia HTTP/1.1
Host: banner-server.hookusbookus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://banner.hookusbookus.com
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 14 Oct 2023 12:45:07 GMT
content-type: application/json
access-control-allow-origin: https://banner.hookusbookus.com
access-control-allow-methods: POST, PUT, GET, PATCH, OPTIONS, DELETE
access-control-max-age: 3600
access-control-allow-headers: origin, authorization, accept, content-type, x-requested-with, Pragma, Cache-Control, If-Modified-Since, X-Auth-Token, X-Client-Certificate
access-control-allow-credentials: true
access-control-expose-headers: X-Auth-Token, Content-Disposition, Content-Length
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
x-frame-options: DENY
X-Firefox-Spdy: h2
GET accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AVQVeyyjVcxSHfMtKIBIXodBhYI0La_JFI6OstKk9rKOZcBjnYRbrtqB3ky150goj7M8i5JlBXSc&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S2013448058%3A1697287506133814&theme=glif
403 Forbidden 0 B URL GET HTTP/3 accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AVQVeyyjVcxSHfMtKIBIXodBhYI0La_JFI6OstKk9rKOZcBjnYRbrtqB3ky150goj7M8i5JlBXSc&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S2013448058%3A1697287506133814&theme=glif
IP
Requested by https://www.upload.ee/files/15806824/________________________________________________.pdf.exe.html?msg=sess_error
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint09:1E:68:9F:BD:40:4B:47:8D:AC:BE:FE:EF:35:D6:52:C1:A0:EC:9F
ValidityMon, 18 Sep 2023 08:19:26 GMT - Mon, 11 Dec 2023 08:19:25 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AVQVeyyjVcxSHfMtKIBIXodBhYI0La_JFI6OstKk9rKOZcBjnYRbrtqB3ky150goj7M8i5JlBXSc&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S2013448058%3A1697287506133814&theme=glif HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 14 Oct 2023 12:45:06 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-hVuSrqdQXxF6RcIBx8RtRw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF0_g7mBChKH4zGlMePdWxfB1uprKuIevvtYx6ed5WKOfMQGugJhxDG8etW06ERbP7lIxzR_X7O580NHQSMYgTO-6jaH6eg1jhpsDQ-VqrNZWG0g5dJVoua9ONo1LKAeBjQ2jsM-gWxoUwRiAGLFWz0Xzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g
200 OK 0 B URL GET HTTP/2 serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF0_g7mBChKH4zGlMePdWxfB1uprKuIevvtYx6ed5WKOfMQGugJhxDG8etW06ERbP7lIxzR_X7O580NHQSMYgTO-6jaH6eg1jhpsDQ-VqrNZWG0g5dJVoua9ONo1LKAeBjQ2jsM-gWxoUwRiAGLFWz0Xzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g
IP
ASN #3327 CITIC Telecom CPC Netherlands B.V.
Requested by https://www.upload.ee/files/15806824/________________________________________________.pdf.exe.html?msg=sess_error
Certificate IssuerLet's Encrypt
Subjectstatic.bepolite.eu
FingerprintB7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD
ValidityMon, 04 Sep 2023 21:06:47 GMT - Sun, 03 Dec 2023 21:06:46 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /event?key=FYFWuDany3hwv6rfuoAYF0_g7mBChKH4zGlMePdWxfB1uprKuIevvtYx6ed5WKOfMQGugJhxDG8etW06ERbP7lIxzR_X7O580NHQSMYgTO-6jaH6eg1jhpsDQ-VqrNZWG0g5dJVoua9ONo1LKAeBjQ2jsM-gWxoUwRiAGLFWz0Xzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g HTTP/1.1
Host: serving.bepolite.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Cookie: bepolite_id=da8a7788dcf65c9a7f323047af5ce75f
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-length: 0
date: Sat, 14 Oct 2023 12:45:00 GMT
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 772662375
age: 0
accept-ranges: bytes
X-Firefox-Spdy: h2
GET serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF0_g7mBChKH4zGlMePdWxfB1uprKuIevvtYx6ed5WKOfMQGugJhxDG8etW06ERbP7lIxzR_X7O580NHQSMYgTO-6jaH6eg1jhpsDQ-VqrNZWG0g5dJVoua9ONo1LKAeBjQ2jsM-gWxoUwRiAGLFWz0Xzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3GkrPtl30bRttEg6xGYsRnFbaKN4yJEFlwh9HrIZUdSqf8rsm0xg-WHbjnoMbP7Vra5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g
200 OK 0 B URL GET HTTP/2 serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF0_g7mBChKH4zGlMePdWxfB1uprKuIevvtYx6ed5WKOfMQGugJhxDG8etW06ERbP7lIxzR_X7O580NHQSMYgTO-6jaH6eg1jhpsDQ-VqrNZWG0g5dJVoua9ONo1LKAeBjQ2jsM-gWxoUwRiAGLFWz0Xzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3GkrPtl30bRttEg6xGYsRnFbaKN4yJEFlwh9HrIZUdSqf8rsm0xg-WHbjnoMbP7Vra5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g
IP
ASN #3327 CITIC Telecom CPC Netherlands B.V.
Requested by https://www.upload.ee/files/15806824/________________________________________________.pdf.exe.html?msg=sess_error
Certificate IssuerLet's Encrypt
Subjectstatic.bepolite.eu
FingerprintB7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD
ValidityMon, 04 Sep 2023 21:06:47 GMT - Sun, 03 Dec 2023 21:06:46 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /event?key=FYFWuDany3hwv6rfuoAYF0_g7mBChKH4zGlMePdWxfB1uprKuIevvtYx6ed5WKOfMQGugJhxDG8etW06ERbP7lIxzR_X7O580NHQSMYgTO-6jaH6eg1jhpsDQ-VqrNZWG0g5dJVoua9ONo1LKAeBjQ2jsM-gWxoUwRiAGLFWz0Xzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3GkrPtl30bRttEg6xGYsRnFbaKN4yJEFlwh9HrIZUdSqf8rsm0xg-WHbjnoMbP7Vra5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g HTTP/1.1
Host: serving.bepolite.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Cookie: bepolite_id=da8a7788dcf65c9a7f323047af5ce75f
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-length: 0
date: Sat, 14 Oct 2023 12:45:00 GMT
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 773531436
age: 0
accept-ranges: bytes
X-Firefox-Spdy: h2
GET banner-server.hookusbookus.com/package-feed?language=et_ee&utmSource=allmedia
200 OK 24 kB URL GET HTTP/2 banner-server.hookusbookus.com/package-feed?language=et_ee&utmSource=allmedia
IP
Requested by https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF0_g7mBChKH4zGlMePdWxfB1uprKuIevvtYx6ed5WKOfMQGugJhxDG8etW06ERbP7lIxzR_X7O580NHQSMYgTO-6jaH6eg1jhpsDQ-VqrNZWG0g5dJVoua9ONo1LKAeBjQ2jsM-gWxoUwRiAGLFWz0Xzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF0_g7mBChKH4zGlMePdWxfB1uprKuIevvtYx6ed5WKOfMQGugJhxDG8etW06ERbP7lIxzR_X7O580NHQSMYgTO-6jaH6eg1jhpsDQ-VqrNZWG0g5dJVoua9ONo1LKAeBjQ2jsM-gWxoUwRiAGLFWz0Xzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=129c0d359bec46149fd9f0dec164740650dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerAmazon
Subject*.hookusbookus.com
FingerprintCD:CD:3C:03:66:21:F8:A9:21:BC:F8:C8:3C:DC:88:0A:C5:19:F1:7A
ValiditySun, 07 May 2023 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /package-feed?language=et_ee&utmSource=allmedia HTTP/1.1
Host: banner-server.hookusbookus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://banner.hookusbookus.com
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 14 Oct 2023 12:45:07 GMT
content-type: application/json
access-control-allow-origin: https://banner.hookusbookus.com
access-control-allow-methods: POST, PUT, GET, PATCH, OPTIONS, DELETE
access-control-max-age: 3600
access-control-allow-headers: origin, authorization, accept, content-type, x-requested-with, Pragma, Cache-Control, If-Modified-Since, X-Auth-Token, X-Client-Certificate
access-control-allow-credentials: true
access-control-expose-headers: X-Auth-Token, Content-Disposition, Content-Length
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
x-frame-options: DENY
X-Firefox-Spdy: h2
GET banner.hookusbookus.com/assets/image/svg/hb-logo.svg
200 OK 15 kB URL GET HTTP/2 banner.hookusbookus.com/assets/image/svg/hb-logo.svg
IP
Requested by https://banner.hookusbookus.com/index_300x600.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF0_g7mBChKH4zGlMePdWxfB1uprKuIevvtYx6ed5WKOfMQGugJhxDG8etW06ERbP7lIxzR_X7O580NHQSMYgTO-6jaH6eg1jhpsDQ-VqrNZWG0g5dJVoua9ONo1LKAeBjQ2jsM-gWxoUwRiAGLFWz0Xzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3GkrPtl30bRttEg6xGYsRnFbaKN4yJEFlwh9HrIZUdSqf8rsm0xg-WHbjnoMbP7Vra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF0_g7mBChKH4zGlMePdWxfB1uprKuIevvtYx6ed5WKOfMQGugJhxDG8etW06ERbP7lIxzR_X7O580NHQSMYgTO-6jaH6eg1jhpsDQ-VqrNZWG0g5dJVoua9ONo1LKAeBjQ2jsM-gWxoUwRiAGLFWz0Xzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3GkrPtl30bRttEg6xGYsRnFbaKN4yJEFlwh9HrIZUdSqf8rsm0xg-WHbjnoMbP7Vra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_300x600.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=66baacca7d4948f283e04dc97ef2612850dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=300&h=600&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerAmazon
Subject*.hookusbookus.com
FingerprintCD:CD:3C:03:66:21:F8:A9:21:BC:F8:C8:3C:DC:88:0A:C5:19:F1:7A
ValiditySun, 07 May 2023 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (15333), with no line terminators
Hash bf6baf947f924bf8d67e947a025def06
9ac9fccb0351b41c1545714153ed5fa2c4bfef3a
64efdaebd020c39ec366f473c831cb51e8cd5d5b1afde13a9695d1f2dae4e60e
GET /assets/image/svg/hb-logo.svg HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/index_300x600.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF0_g7mBChKH4zGlMePdWxfB1uprKuIevvtYx6ed5WKOfMQGugJhxDG8etW06ERbP7lIxzR_X7O580NHQSMYgTO-6jaH6eg1jhpsDQ-VqrNZWG0g5dJVoua9ONo1LKAeBjQ2jsM-gWxoUwRiAGLFWz0Xzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3GkrPtl30bRttEg6xGYsRnFbaKN4yJEFlwh9HrIZUdSqf8rsm0xg-WHbjnoMbP7Vra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF0_g7mBChKH4zGlMePdWxfB1uprKuIevvtYx6ed5WKOfMQGugJhxDG8etW06ERbP7lIxzR_X7O580NHQSMYgTO-6jaH6eg1jhpsDQ-VqrNZWG0g5dJVoua9ONo1LKAeBjQ2jsM-gWxoUwRiAGLFWz0Xzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3GkrPtl30bRttEg6xGYsRnFbaKN4yJEFlwh9HrIZUdSqf8rsm0xg-WHbjnoMbP7Vra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_300x600.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=66baacca7d4948f283e04dc97ef2612850dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=300&h=600&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 14 Oct 2023 12:45:07 GMT
content-type: image/svg+xml
server: nginx/1.15.12
last-modified: Mon, 05 Jul 2021 19:56:59 GMT
vary: Accept-Encoding
etag: W/"60e3640b-3be5"
content-encoding: gzip
X-Firefox-Spdy: h2
GET banner.hookusbookus.com/assets/image/svg/hb-logo.svg
200 OK 15 kB URL GET HTTP/2 banner.hookusbookus.com/assets/image/svg/hb-logo.svg
IP
Requested by https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF0_g7mBChKH4zGlMePdWxfB1uprKuIevvtYx6ed5WKOfMQGugJhxDG8etW06ERbP7lIxzR_X7O580NHQSMYgTO-6jaH6eg1jhpsDQ-VqrNZWG0g5dJVoua9ONo1LKAeBjQ2jsM-gWxoUwRiAGLFWz0Xzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF0_g7mBChKH4zGlMePdWxfB1uprKuIevvtYx6ed5WKOfMQGugJhxDG8etW06ERbP7lIxzR_X7O580NHQSMYgTO-6jaH6eg1jhpsDQ-VqrNZWG0g5dJVoua9ONo1LKAeBjQ2jsM-gWxoUwRiAGLFWz0Xzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=129c0d359bec46149fd9f0dec164740650dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerAmazon
Subject*.hookusbookus.com
FingerprintCD:CD:3C:03:66:21:F8:A9:21:BC:F8:C8:3C:DC:88:0A:C5:19:F1:7A
ValiditySun, 07 May 2023 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (15333), with no line terminators
Hash bf6baf947f924bf8d67e947a025def06
9ac9fccb0351b41c1545714153ed5fa2c4bfef3a
64efdaebd020c39ec366f473c831cb51e8cd5d5b1afde13a9695d1f2dae4e60e
GET /assets/image/svg/hb-logo.svg HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/assets/css/index_1000x200.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 14 Oct 2023 12:45:07 GMT
content-type: image/svg+xml
server: nginx/1.15.12
last-modified: Mon, 05 Jul 2021 19:56:59 GMT
vary: Accept-Encoding
etag: W/"60e3640b-3be5"
content-encoding: gzip
X-Firefox-Spdy: h2
GET accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AVQVeyx6dnSLzTmEKZaXm0Jza2mJ3_pV0fmbdc0fDDOiGvtRPUzFV7zeSA30AaNwG63qB1De1UrB&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1980345350%3A1697287506141131&theme=glif
403 Forbidden 0 B URL GET HTTP/3 accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AVQVeyx6dnSLzTmEKZaXm0Jza2mJ3_pV0fmbdc0fDDOiGvtRPUzFV7zeSA30AaNwG63qB1De1UrB&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1980345350%3A1697287506141131&theme=glif
IP
Requested by https://www.upload.ee/files/15806824/________________________________________________.pdf.exe.html?msg=sess_error
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint09:1E:68:9F:BD:40:4B:47:8D:AC:BE:FE:EF:35:D6:52:C1:A0:EC:9F
ValidityMon, 18 Sep 2023 08:19:26 GMT - Mon, 11 Dec 2023 08:19:25 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AVQVeyx6dnSLzTmEKZaXm0Jza2mJ3_pV0fmbdc0fDDOiGvtRPUzFV7zeSA30AaNwG63qB1De1UrB&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1980345350%3A1697287506141131&theme=glif HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 14 Oct 2023 12:45:06 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: script-src 'nonce-6jF4PCyHhggjC048-2hfKQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET banner.hookusbookus.com/assets/css/index_300x600.css
200 OK 7.2 kB URL GET HTTP/2 banner.hookusbookus.com/assets/css/index_300x600.css
IP
Requested by https://banner.hookusbookus.com/index_300x600.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF0_g7mBChKH4zGlMePdWxfB1uprKuIevvtYx6ed5WKOfMQGugJhxDG8etW06ERbP7lIxzR_X7O580NHQSMYgTO-6jaH6eg1jhpsDQ-VqrNZWG0g5dJVoua9ONo1LKAeBjQ2jsM-gWxoUwRiAGLFWz0Xzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3GkrPtl30bRttEg6xGYsRnFbaKN4yJEFlwh9HrIZUdSqf8rsm0xg-WHbjnoMbP7Vra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF0_g7mBChKH4zGlMePdWxfB1uprKuIevvtYx6ed5WKOfMQGugJhxDG8etW06ERbP7lIxzR_X7O580NHQSMYgTO-6jaH6eg1jhpsDQ-VqrNZWG0g5dJVoua9ONo1LKAeBjQ2jsM-gWxoUwRiAGLFWz0Xzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3GkrPtl30bRttEg6xGYsRnFbaKN4yJEFlwh9HrIZUdSqf8rsm0xg-WHbjnoMbP7Vra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_300x600.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=66baacca7d4948f283e04dc97ef2612850dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=300&h=600&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerAmazon
Subject*.hookusbookus.com
FingerprintCD:CD:3C:03:66:21:F8:A9:21:BC:F8:C8:3C:DC:88:0A:C5:19:F1:7A
ValiditySun, 07 May 2023 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT
File type ASCII text, with very long lines (7402), with no line terminators
Hash ef4576b025213d57cd958c234d61a8a1
5dd8d741efe63291e503bb6bf23e603c810b9030
69478abb1501f6c8fb03f774621b5f0275d59f55b3fc4f24d95bade9e277efdb
GET /assets/css/index_300x600.css HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/index_300x600.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF0_g7mBChKH4zGlMePdWxfB1uprKuIevvtYx6ed5WKOfMQGugJhxDG8etW06ERbP7lIxzR_X7O580NHQSMYgTO-6jaH6eg1jhpsDQ-VqrNZWG0g5dJVoua9ONo1LKAeBjQ2jsM-gWxoUwRiAGLFWz0Xzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3GkrPtl30bRttEg6xGYsRnFbaKN4yJEFlwh9HrIZUdSqf8rsm0xg-WHbjnoMbP7Vra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF0_g7mBChKH4zGlMePdWxfB1uprKuIevvtYx6ed5WKOfMQGugJhxDG8etW06ERbP7lIxzR_X7O580NHQSMYgTO-6jaH6eg1jhpsDQ-VqrNZWG0g5dJVoua9ONo1LKAeBjQ2jsM-gWxoUwRiAGLFWz0Xzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3GkrPtl30bRttEg6xGYsRnFbaKN4yJEFlwh9HrIZUdSqf8rsm0xg-WHbjnoMbP7Vra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_300x600.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=66baacca7d4948f283e04dc97ef2612850dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=300&h=600&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 14 Oct 2023 12:45:07 GMT
content-type: text/css
server: nginx/1.15.12
last-modified: Mon, 05 Jul 2021 19:56:59 GMT
vary: Accept-Encoding
etag: W/"60e3640b-1c4f"
content-encoding: gzip
X-Firefox-Spdy: h2
GET dskwugy0u6y9l.cloudfront.net/hotelliveeb/images/general/1/uKEQ3VnYU3XSxSyNM64d.jpg
421 Misdirected Request 73 kB URL GET HTTP/2 dskwugy0u6y9l.cloudfront.net/hotelliveeb/images/general/1/uKEQ3VnYU3XSxSyNM64d.jpg
IP
Requested by https://banner.hookusbookus.com/index_1000x200.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF0_g7mBChKH4zGlMePdWxfB1uprKuIevvtYx6ed5WKOfMQGugJhxDG8etW06ERbP7lIxzR_X7O580NHQSMYgTO-6jaH6eg1jhpsDQ-VqrNZWG0g5dJVoua9ONo1LKAeBjQ2jsM-gWxoUwRiAGLFWz0Xzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF0_g7mBChKH4zGlMePdWxfB1uprKuIevvtYx6ed5WKOfMQGugJhxDG8etW06ERbP7lIxzR_X7O580NHQSMYgTO-6jaH6eg1jhpsDQ-VqrNZWG0g5dJVoua9ONo1LKAeBjQ2jsM-gWxoUwRiAGLFWz0Xzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3kGddYy3JUOC3TYr_NfxpuGOCFx5BdKmMEOl8Mei13VHe7MFOwF92tuBESJflajq3a5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_1000x200.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=129c0d359bec46149fd9f0dec164740650dd7b0f4105441f8f6018cc3fcb090c&bg=transparent&w=1000&h=200&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerAmazon
Subject*.cloudfront.net
FingerprintBA:0F:CD:B3:EA:19:B2:9D:99:9B:51:2D:16:33:6B:D0:3F:31:A2:AB
ValidityThu, 08 Dec 2022 00:00:00 GMT - Thu, 07 Dec 2023 23:59:59 GMT
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 346x198, components 3\012- data
Hash bf36e0bf265a935a340671b4d66f2e01
71eacdd355861fa4500b9961d4fcd24b81aa87e4
8e6b881322ec75b0070fe04c905f40284ddc3806fdb6253cce210d544c8a0c19
GET /hotelliveeb/images/general/1/uKEQ3VnYU3XSxSyNM64d.jpg HTTP/1.1
Host: dskwugy0u6y9l.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 421 Misdirected Request
server: CloudFront
date: Sat, 14 Oct 2023 12:45:07 GMT
content-type: text/html
content-length: 1003
x-cache: Error from cloudfront
via: 1.1 dbfaae0db03f11cf713bbcbdb25be4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Q4i9kKdracKnyWqPH5K8mH2Y42RRObDKLCFUWt4eoDgUH6OunJQH4g==
X-Firefox-Spdy: h2
GET banner.hookusbookus.com/assets/image/svg/hb-logo.svg
200 OK 15 kB URL GET HTTP/2 banner.hookusbookus.com/assets/image/svg/hb-logo.svg
IP
Requested by https://banner.hookusbookus.com/index_300x600.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF0_g7mBChKH4zGlMePdWxfB1uprKuIevvtYx6ed5WKOfMQGugJhxDG8etW06ERbP7lIxzR_X7O580NHQSMYgTO-6jaH6eg1jhpsDQ-VqrNZWG0g5dJVoua9ONo1LKAeBjQ2jsM-gWxoUwRiAGLFWz0Xzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3GkrPtl30bRttEg6xGYsRnFbaKN4yJEFlwh9HrIZUdSqf8rsm0xg-WHbjnoMbP7Vra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF0_g7mBChKH4zGlMePdWxfB1uprKuIevvtYx6ed5WKOfMQGugJhxDG8etW06ERbP7lIxzR_X7O580NHQSMYgTO-6jaH6eg1jhpsDQ-VqrNZWG0g5dJVoua9ONo1LKAeBjQ2jsM-gWxoUwRiAGLFWz0Xzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3GkrPtl30bRttEg6xGYsRnFbaKN4yJEFlwh9HrIZUdSqf8rsm0xg-WHbjnoMbP7Vra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_300x600.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=66baacca7d4948f283e04dc97ef2612850dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=300&h=600&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Certificate IssuerAmazon
Subject*.hookusbookus.com
FingerprintCD:CD:3C:03:66:21:F8:A9:21:BC:F8:C8:3C:DC:88:0A:C5:19:F1:7A
ValiditySun, 07 May 2023 00:00:00 GMT - Tue, 04 Jun 2024 23:59:59 GMT
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (15333), with no line terminators
Hash bf6baf947f924bf8d67e947a025def06
9ac9fccb0351b41c1545714153ed5fa2c4bfef3a
64efdaebd020c39ec366f473c831cb51e8cd5d5b1afde13a9695d1f2dae4e60e
GET /assets/image/svg/hb-logo.svg HTTP/1.1
Host: banner.hookusbookus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://banner.hookusbookus.com/index_300x600.html?language=et_ee&utmSource=allmedia&click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF0_g7mBChKH4zGlMePdWxfB1uprKuIevvtYx6ed5WKOfMQGugJhxDG8etW06ERbP7lIxzR_X7O580NHQSMYgTO-6jaH6eg1jhpsDQ-VqrNZWG0g5dJVoua9ONo1LKAeBjQ2jsM-gWxoUwRiAGLFWz0Xzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3GkrPtl30bRttEg6xGYsRnFbaKN4yJEFlwh9HrIZUdSqf8rsm0xg-WHbjnoMbP7Vra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttp%253A%252F%252Fsmartad.ee&dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF0_g7mBChKH4zGlMePdWxfB1uprKuIevvtYx6ed5WKOfMQGugJhxDG8etW06ERbP7lIxzR_X7O580NHQSMYgTO-6jaH6eg1jhpsDQ-VqrNZWG0g5dJVoua9ONo1LKAeBjQ2jsM-gWxoUwRiAGLFWz0Xzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3GkrPtl30bRttEg6xGYsRnFbaKN4yJEFlwh9HrIZUdSqf8rsm0xg-WHbjnoMbP7Vra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D&f=https%3A%2F%2Fbanner.hookusbookus.com%2Findex_300x600.html%3Flanguage%3Det_ee%26utmSource%3Dallmedia&clink=https%3A%2F%2Fsmartad.ee&banner_id=66baacca7d4948f283e04dc97ef2612850dd7b0f4105441f8f6018cc3fcb090c&bg=black&w=300&h=600&locale=Display%20Estonia-EST&info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 14 Oct 2023 12:45:07 GMT
content-type: image/svg+xml
server: nginx/1.15.12
last-modified: Mon, 05 Jul 2021 19:56:59 GMT
vary: Accept-Encoding
etag: W/"60e3640b-3be5"
content-encoding: gzip
X-Firefox-Spdy: h2
51.91.30.159
212.47.222.20
65.9.55.104
3.65.16.162
188.114.96.1
0.0.0.0