{"report_id":"ddd51600-2001-4173-bf57-f60d3a98d214","version":6,"status":"done","tags":[],"date":"2023-09-23T19:47:55Z","url":{"schema":"http","addr":"www.upload.ee/download/15671913/b8d570247eec1d95da60/MadDuck.exe","fqdn":"www.upload.ee","domain":"upload.ee","tld":"ee"},"ip":{"addr":"51.91.30.159","port":0,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"final":{"url":{"schema":"https","addr":"www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error","fqdn":"www.upload.ee","domain":"upload.ee","tld":"ee"},"title":"UPLOAD.EE - MadDuck.exe - Download"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-26T21:50:43Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"default"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"serving.bepolite.eu","ip":{"addr":"212.47.222.20","port":0,"asn":3327,"as":"CITIC Telecom CPC Netherlands B.V.","country":"Estonia","country_code":"EE"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2017-01-29 19:42:29","last_seen":"2023-09-23 09:14:40","alert_count":0,"request_count":5,"received_data":2956,"sent_data":4059,"comment":"","tags":null,"fingerprints":null},{"fqdn":"static.bepolite.eu","ip":{"addr":"212.47.222.20","port":443,"asn":3327,"as":"CITIC Telecom CPC Netherlands B.V.","country":"Estonia","country_code":"EE"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2017-01-29 06:13:55","last_seen":"2023-09-23 09:14:40","alert_count":0,"request_count":7,"received_data":378549,"sent_data":9649,"comment":"","tags":null,"fingerprints":null},{"fqdn":"fonts.googleapis.com","ip":{"addr":"216.58.207.202","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":8877,"first_seen":"2013-06-10 22:14:26","last_seen":"2023-09-23 06:38:57","alert_count":0,"request_count":1,"received_data":1903,"sent_data":456,"comment":"","tags":null,"fingerprints":null},{"fqdn":"pogothere.xyz","ip":{"addr":"172.64.132.29","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"United States","country_code":"US"},"domain_registered":"2022-08-22","domain_rank":0,"first_seen":"2022-09-04 21:11:25","last_seen":"2023-09-23 08:45:39","alert_count":0,"request_count":4,"received_data":208969,"sent_data":1684,"comment":"","tags":null,"fingerprints":null},{"fqdn":"fonts.gstatic.com","ip":{"addr":"216.58.207.227","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-09-09 02:40:21","last_seen":"2023-09-23 07:01:55","alert_count":0,"request_count":3,"received_data":122267,"sent_data":1650,"comment":"","tags":null,"fingerprints":null},{"fqdn":"s.ocdn.ee","ip":{"addr":"172.67.72.48","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"United States","country_code":"US"},"domain_registered":"2013-11-11","domain_rank":0,"first_seen":"2017-01-30 06:52:21","last_seen":"2023-07-31 11:04:37","alert_count":0,"request_count":1,"received_data":1274,"sent_data":405,"comment":"","tags":null,"fingerprints":null},{"fqdn":"du0pud0sdlmzf.cloudfront.net","ip":{"addr":"143.204.42.211","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2008-04-25","domain_rank":0,"first_seen":"2023-08-24 12:49:59","last_seen":"2023-09-23 11:51:12","alert_count":0,"request_count":4,"received_data":120778,"sent_data":2397,"comment":"","tags":null,"fingerprints":null},{"fqdn":"gourgoldpieceso.com","ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"Colombia","country_code":"CO"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":4,"received_data":2359,"sent_data":2145,"comment":"","tags":null,"fingerprints":null},{"fqdn":"www.googletagmanager.com","ip":{"addr":"142.250.74.40","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2011-11-11","domain_rank":75,"first_seen":"2013-05-22 04:07:37","last_seen":"2023-09-23 07:48:37","alert_count":0,"request_count":2,"received_data":138769,"sent_data":875,"comment":"","tags":null,"fingerprints":null},{"fqdn":"idohethisisathllea.com","ip":{"addr":"54.230.111.91","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2023-08-27","domain_rank":0,"first_seen":"2023-09-13 21:57:38","last_seen":"2023-09-13 21:57:39","alert_count":0,"request_count":5,"received_data":6901,"sent_data":3768,"comment":"","tags":null,"fingerprints":null},{"fqdn":"accounts.google.com","ip":{"addr":"142.250.74.109","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"1997-09-15","domain_rank":81,"first_seen":"2016-03-20 13:44:49","last_seen":"2023-09-23 05:48:04","alert_count":0,"request_count":6,"received_data":10600,"sent_data":3683,"comment":"","tags":null,"fingerprints":null},{"fqdn":"www.upload.ee","ip":{"addr":"51.91.30.159","port":0,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"domain_registered":"2010-07-04","domain_rank":981196,"first_seen":"2012-05-24 10:39:37","last_seen":"2023-09-23 08:13:13","alert_count":0,"request_count":8,"received_data":45977,"sent_data":4060,"comment":"","tags":null,"fingerprints":null},{"fqdn":"ocsp.pki.goog","ip":{"addr":"142.250.74.131","port":0,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2016-06-13","domain_rank":175,"first_seen":"2018-07-01 08:43:07","last_seen":"2023-09-23 05:09:29","alert_count":0,"request_count":8,"received_data":5593,"sent_data":2664,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2023-09-23T19:47:35Z","timestamp":1695498455,"ip_dst":{"addr":"Client IP","port":57250,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"54.37.238.86","port":80,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"severity":"high","alert":"ET POLICY PE EXE or DLL Windows file download HTTP","source":"{\"timestamp\":\"2023-09-23T19:47:35.619281+0000\",\"flow_id\":1571641275198957,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"54.37.238.86\",\"src_port\":80,\"dest_ip\":\"10.70.215.38\",\"dest_port\":57250,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"exe.no.referer\",\"ET.http.binary\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2018959,\"rev\":4,\"signature\":\"ET POLICY PE EXE or DLL Windows file download HTTP\",\"category\":\"Potential Corporate Privacy Violation\",\"severity\":1,\"metadata\":{\"created_at\":[\"2014_08_19\"],\"former_category\":[\"POLICY\"],\"updated_at\":[\"2017_02_01\"]}},\"http\":{\"hostname\":\"20230924t001013_765.ltiapmyzmjxrvrts.info\",\"url\":\"/v4/20230924T001013_765.exe\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"application/octet-stream\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":5120},\"files\":[{\"filename\":\"/v4/20230924T001013_765.exe\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":5120,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":9,\"pkts_toclient\":8,\"bytes_toserver\":996,\"bytes_toclient\":5821,\"start\":\"2023-09-23T19:43:40.142829+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"www.upload.ee/files/15671913/sandbox%20eval%20code","fqdn":"www.upload.ee","domain":"upload.ee","tld":"ee"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"","is_inline":false,"md5":"23c336606ee3a6d444b305153fa0e2e2","sha1":"473a2111970ae2a94b373e656d20c4bd4184d703","sha256":"305375d5052f6a14434d2d338f852f0f4f04fb26495f88a5d62b6afde2e2cc60","sha512":"ab0470885483545a0306733fa3a067239e299e0b47d35f9769a763f65ba5e9d928ee364a66f9e577499ab0c452f34dc7a3a48a774ce3d09e56fd88d1989e84ba","ssdeep":"","tlshash":"bbc02b137750017d2f1016b0b9009003a1c923005eb78001f006001f2040eae88dc180","size":128,"data":"","first_seen":"2023-05-06T01:21:43Z","last_seen":"2026-05-20T09:03:07.554324Z","times_seen":76653,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.bepolite.eu/banners/90ac743b-5183-4800-8e6d-04f4da7f04db/index.html?click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttps%253A%252F%252Fomegalaen.ee%252F\u0026dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D\u0026f=https%3A%2F%2Fstatic.bepolite.eu%2Fbanners%2F90ac743b-5183-4800-8e6d-04f4da7f04db%2Findex.html\u0026clink=https%3A%2F%2Fomegalaen.ee%2F\u0026banner_id=01f29e526a8840cb8c6ba9cd7a9e949950dd7b0f4105441f8f6018cc3fcb090c\u0026bg=transparent\u0026w=1000\u0026h=400\u0026locale=Display%20Estonia-EST\u0026info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner","fqdn":"static.bepolite.eu","domain":"bepolite.eu","tld":"eu"},"ip":{"addr":"212.47.222.20","port":443,"asn":3327,"as":"CITIC Telecom CPC Netherlands B.V.","country":"Estonia","country_code":"EE"},"introduction_type":"scriptElement","is_inline":true,"md5":"26786713808e653714cec2e450fadec2","sha1":"3d682ec79ded283c2ed827b38af618eab3538c92","sha256":"4e876817b2855499711de42db3ed06bc98821923b669765a1ea29fa5ba5a85ea","sha512":"3f9c47e11b2a940e8bdf1a43eeb5670fd933d47ce745f9aaff0ce0015b0e1bf07ec8ba8ab879022a5394ea9ec6c5fd934f6837ca21fe0452bddc266fb7386071","ssdeep":"","tlshash":"59e07d1059c314a0a557785841bf20067174540b354cd9003e1cb1918f52d3901fcbd0","size":329,"data":"","first_seen":"2023-07-01T01:44:25Z","last_seen":"2024-08-21T05:55:39.351871Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"domTimer","is_inline":false,"md5":"0ce424e25004d65c138329db16be37d0","sha1":"30a265f5394e70b44ffeed0d2ddeb5da3d6ffd36","sha256":"b99de9977e876b087ee858284cd75558f0bdf9f7384a693ea2defde352f93883","sha512":"c1aa4bc00a9c27517c30f8c3b1e00d2e87c428e72c5c560325705473949cd9732dd4a3281e97a739cb8afee16211f6028c983dbd92a0298de37b3ee69387edf6","ssdeep":"","tlshash":"5bc00251cc6d605556d984f44948c540469011a6d1c0540504043a66462132a6457508","size":134,"data":"","first_seen":"2024-08-21T05:55:39.35308Z","last_seen":"2024-08-21T05:55:39.35308Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"domTimer","is_inline":false,"md5":"ee548509a3640e582c7380e4c1bd1e52","sha1":"bd33f8b07594b13be7d8d1f755e59681c15e49a6","sha256":"d2c1df9b4ea04c495db605b0c2a8855242128a9ac89b5c1ce1b4dcaecbca7ab7","sha512":"a3a658c9e38f254cd738a85d0d85ed71edfd3da9b6bd012d081d5a0f93df12634eb6e78675203818ad25976bd8c89dce63be64baf92d97f58c7237f7956518dd","ssdeep":"","tlshash":"6cb00411c534f5415404c4f0054011ccf05114f7cdf3413d141d153c151515f373f553","size":90,"data":"","first_seen":"2024-08-21T05:55:39.353992Z","last_seen":"2024-08-21T05:55:39.353992Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.bepolite.eu/banners/90ac743b-5183-4800-8e6d-04f4da7f04db/index.html?click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttps%253A%252F%252Fomegalaen.ee%252F\u0026dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D\u0026f=https%3A%2F%2Fstatic.bepolite.eu%2Fbanners%2F90ac743b-5183-4800-8e6d-04f4da7f04db%2Findex.html\u0026clink=https%3A%2F%2Fomegalaen.ee%2F\u0026banner_id=01f29e526a8840cb8c6ba9cd7a9e949950dd7b0f4105441f8f6018cc3fcb090c\u0026bg=transparent\u0026w=1000\u0026h=400\u0026locale=Display%20Estonia-EST\u0026info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner","fqdn":"static.bepolite.eu","domain":"bepolite.eu","tld":"eu"},"ip":{"addr":"212.47.222.20","port":443,"asn":3327,"as":"CITIC Telecom CPC Netherlands B.V.","country":"Estonia","country_code":"EE"},"introduction_type":"scriptElement","is_inline":true,"md5":"35a7a3a30876d27a274c3584ebac978e","sha1":"bad85c87f609fbd8b06946f38c2a7674f1c6bcdd","sha256":"10cde3f051ab9eefa8676bee667fd65705c5fcf1d0544f9acffe7caa224d14b9","sha512":"392ae43c4de51c1054e9b3aa8c513ac2f47138b7924aa31d4e4bf6f02b35ea98de4aeef34c872b8d73b908b047d85fc4711a398be2863e740afced37164b00e5","ssdeep":"192:6N44VNltIENlVk2Snqjb29R/nkNM7nkWDCYYWhF9fK6CCVi1MTKQbedpgzy6uri7:A44j4nGmKuhznsQKMy3u8qF35z","tlshash":"2792d9a8ba31f2b29bf355fd412f1509b27a946de40880d0718cc4f629b5e8641f7f7a","size":20411,"data":"","first_seen":"2023-03-14T03:14:07Z","last_seen":"2026-05-02T06:19:53.661991Z","times_seen":39,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error","fqdn":"www.upload.ee","domain":"upload.ee","tld":"ee"},"ip":{"addr":"51.91.30.159","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":true,"md5":"48e07e6b9e60fc36f21db6b71bf0b4b1","sha1":"fb4085cc0058779b28e5c366a2b92cf242399c2f","sha256":"3cbdc71216bd0aa119c93b4c5213941e9972e26ef16b3386c7c9cb32bcc60d64","sha512":"10187db826a6c668fff87f61e2468ecaf94b9a87475115b9718c9458f75281581aa84a3001fad9d5a1c48ba75a443d03da26fdf243fdc1e964770fb12b140178","ssdeep":"","tlshash":"ae60000030f00000c3c3003000c00030000003000cc00303000300c03000c00ccf0300","size":14,"data":"","first_seen":"2023-03-09T23:09:39Z","last_seen":"2026-05-15T03:10:01.480683Z","times_seen":3584,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.upload.ee/files/15671913/sandbox%20eval%20code","fqdn":"www.upload.ee","domain":"upload.ee","tld":"ee"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"","is_inline":false,"md5":"92b651082ce234f66bb544e678befda3","sha1":"14c21c55ddce43b6f677caadf51d4ab98c6a3df8","sha256":"25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded","sha512":"b4fcbc037e0a3d91db2a624921e96b878e9e18dd998ad5649d77d7d053faf28b09c8725a0542aef702310bf85f3037b70985c274db8acabd021efb171d41f361","ssdeep":"","tlshash":"69c02be3f74421ae2f1156f2b810e043a2c62b015ae7c402f00e003f2440fea4eee1e8","size":147,"data":"","first_seen":"2023-04-11T21:07:53Z","last_seen":"2026-05-20T09:12:39.897443Z","times_seen":892350,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.google-analytics.com/analytics.js","fqdn":"www.google-analytics.com","domain":"google-analytics.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"f24128d0c9cba7be2916c693427a3483","sha1":"1b6397d496ea896ebc2018b01b995cee4f166029","sha256":"58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8","sha512":"c4950733b44e258bbc817ce6396f002caec1e11a6413fd0038c9baef2d5f1d992b1fd0ec52515aba52faedb52c28b996a7fc063f28a0f45f3aab5e2f91bf5be5","ssdeep":"96:gr5xyIhZ6pQ/d/bTQcFeqZVxNnR36Hc9lDJlQC8dA9Sa5fLtUB5roNiEP:gr58IhZ6pg/bTXVx9t689fN8INtEONig","tlshash":"7ea1cd9b39e650310332bfe91bfaa559b22937605220c161be0c915b7399233d3e1bec","size":4691,"data":"","first_seen":"2023-04-11T21:07:53Z","last_seen":"2026-05-20T09:12:39.897981Z","times_seen":890681,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.bepolite.eu/scripts/saresponsive.js","fqdn":"static.bepolite.eu","domain":"bepolite.eu","tld":"eu"},"ip":{"addr":"212.47.222.20","port":443,"asn":3327,"as":"CITIC Telecom CPC Netherlands B.V.","country":"Estonia","country_code":"EE"},"introduction_type":"scriptElement","is_inline":false,"md5":"636b4ad7f97aa55c2242b396fe3e9f44","sha1":"b4d6aae9e6f3de7fb4478f9ee5e12a8141bb02ba","sha256":"54f7e44d9e8b65978b3753e157c4a3c9c338645fcc31429f6c49aca5e4bd1c62","sha512":"93a8b3d7ac4dc3e12cf97b66f376f6dbad42bd950abe820bd2e44b7cfb4e6cfa675748dcaff65d6b040a69d64a855b4e2a383f32b44ab8b6d71c55bf9902888b","ssdeep":"3072:y4J+03jL5TCOauTwDhFdnCVQNLa98HrHevC2eYCLaISE92oa:40zEOQR+iLa98Hr4reYCvSE9K","tlshash":"6c0418d57b8e381787a632a980ff014ef17dd2f6a1094875f09894a06db8a1d13b7f6c","size":176967,"data":"","first_seen":"2023-09-19T12:20:21Z","last_seen":"2023-10-02T07:31:20Z","times_seen":16,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error","fqdn":"www.upload.ee","domain":"upload.ee","tld":"ee"},"ip":{"addr":"51.91.30.159","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":true,"md5":"63fa78e3d4ae4b7fc4cf5126264cb75e","sha1":"65657518c61173b8205d4fb68aabfae6ae7270a0","sha256":"a31d904d1ab6191632f68d0b375b622e4699c6e840f99ce53699df5d9f77ef6a","sha512":"84a1432bf021cfe79ca89727eabd12fc350317b89e20986f12393d7b25df94e424ec561aafb41922db622d4cd2eb4af54d6ae0ddab57d0d3bbdb8c8a9d698034","ssdeep":"","tlshash":"4d90222820800200c20080303003220f80e8200b28800088000002800232030022388e","size":57,"data":"","first_seen":"2023-03-09T23:09:39Z","last_seen":"2026-05-15T03:10:01.483397Z","times_seen":3535,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error","fqdn":"www.upload.ee","domain":"upload.ee","tld":"ee"},"ip":{"addr":"51.91.30.159","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":true,"md5":"ba71a86056b5c9ef37b625aade54337e","sha1":"4769c2a07aa71c342dcb06dfa2950cff7ecae40f","sha256":"65d96ab8cd224643e09a693cdc8fa0b76eb9c6cfe0a4be8b797136ca83a305c0","sha512":"e115753c5b2d6cbecba098a1efc800f3b04e17610b6e509e81aa0bb637e4f7d74b1c9c79d89e7e4bf7204d7607a8ba490b44adf1719b6a20bb96e3819e55fdc4","ssdeep":"","tlshash":"d9c02b89210e0c7190f733808f3fbd01f4122364a4d05c33484e23058e20f27d358910","size":155,"data":"","first_seen":"2023-03-09T23:09:39Z","last_seen":"2026-03-28T13:29:03.445604Z","times_seen":3495,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"du0pud0sdlmzf.cloudfront.net/?dupud=997369","fqdn":"du0pud0sdlmzf.cloudfront.net","domain":"du0pud0sdlmzf.cloudfront.net","tld":"cloudfront.net"},"ip":{"addr":"143.204.42.211","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"505db1d2f15fe18c51deda7a6b7867d5","sha1":"977baab7e01f394ca07bdaa7fbb306479a038605","sha256":"7b35aa275ead173cbc331424b719d85201cc20fedd42d7da430161f115ca3cd3","sha512":"c87d9da3aa9f5ba434fcf59744cc27713e79a93c3882669eb84a136a1f7c8b5c35d14062a3916d899b44d2458282b0f9e36132f12e7020217010ca5576b709c2","ssdeep":"3072:WS9XPLAya82hrZ5LxjFYiUUFvVI4GmDz1HU3NZkUMs63S9XPLAya82hrZ5LxjFYn:WShLAyB2hrfVp103N+wKShLAyB2hrfVk","tlshash":"70743b89be523869836374b640ff124e723f4669b8084dd4b49ad4d16db8d0943bffac","size":362703,"data":"","first_seen":"2023-09-23T21:48:03Z","last_seen":"2023-09-23T21:48:03Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.bepolite.eu/banners/90ac743b-5183-4800-8e6d-04f4da7f04db/index.html?click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttps%253A%252F%252Fomegalaen.ee%252F\u0026dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D\u0026f=https%3A%2F%2Fstatic.bepolite.eu%2Fbanners%2F90ac743b-5183-4800-8e6d-04f4da7f04db%2Findex.html\u0026clink=https%3A%2F%2Fomegalaen.ee%2F\u0026banner_id=01f29e526a8840cb8c6ba9cd7a9e949950dd7b0f4105441f8f6018cc3fcb090c\u0026bg=transparent\u0026w=1000\u0026h=400\u0026locale=Display%20Estonia-EST\u0026info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner","fqdn":"static.bepolite.eu","domain":"bepolite.eu","tld":"eu"},"ip":{"addr":"212.47.222.20","port":443,"asn":3327,"as":"CITIC Telecom CPC Netherlands B.V.","country":"Estonia","country_code":"EE"},"introduction_type":"scriptElement","is_inline":true,"md5":"9f0acb0ef843ea1153964908060d50eb","sha1":"7dc8f655c4394ca488cd16d0d60dee7970433202","sha256":"da1b1dba110f3d97894949bedfc60fe7fec3659813c957f88e51d550bc95ad88","sha512":"48792d26b59601d5f45651a9d63bd96809c8f45812ed5d0fdc572d9d6b490ca197e5389a74943ad75a0556ab2595c9c6944fce9a683411028247e185646a9764","ssdeep":"","tlshash":"be61816ab240647441d392f2101f560ea13ef2b5d90cd09d3ad0dcea5eb289e017af3e","size":3177,"data":"","first_seen":"2023-03-08T09:20:25Z","last_seen":"2026-05-02T06:19:53.663749Z","times_seen":45,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.bepolite.eu/banners/90ac743b-5183-4800-8e6d-04f4da7f04db/index.html?click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttps%253A%252F%252Fomegalaen.ee%252F\u0026dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D\u0026f=https%3A%2F%2Fstatic.bepolite.eu%2Fbanners%2F90ac743b-5183-4800-8e6d-04f4da7f04db%2Findex.html\u0026clink=https%3A%2F%2Fomegalaen.ee%2F\u0026banner_id=01f29e526a8840cb8c6ba9cd7a9e949950dd7b0f4105441f8f6018cc3fcb090c\u0026bg=transparent\u0026w=1000\u0026h=400\u0026locale=Display%20Estonia-EST\u0026info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner","fqdn":"static.bepolite.eu","domain":"bepolite.eu","tld":"eu"},"ip":{"addr":"212.47.222.20","port":443,"asn":3327,"as":"CITIC Telecom CPC Netherlands B.V.","country":"Estonia","country_code":"EE"},"introduction_type":"scriptElement","is_inline":true,"md5":"e040928f89ea3bd59e40f4e2a6fb0176","sha1":"7159f0105ff6a81f1668418b5a78883532929bd8","sha256":"cfc5afa3cbf80ed8a39987d2f4cc9215f915cfde9c83e86d5ee4a874bd69a401","sha512":"ea62d5ce0920cd9e8a7d41c87229e83fbbdb452f84adb60754673ea3a62942d5ad6da618c0eb3c3ebf33e9063b61e3b748e0b352dddfecc2ba0dcf5b46bc7688","ssdeep":"96:dhVnTnmmywtDVRcJJkUyV5CE1wSJedBrlNVO6M8mFzQH4vSRfMtNVmCVOC3x8vII:1WwtDVRgN28W0betNVms8mivVBPPf","tlshash":"15f1b795b300197882d3e1e3619f5607f93a9465fc989c9d32a8d9e20cb0dda0177fb9","size":8147,"data":"","first_seen":"2023-03-08T09:20:25Z","last_seen":"2026-05-02T06:19:53.664798Z","times_seen":46,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"serving.bepolite.eu/script?space=50dd7b0f-4105-441f-8f60-18cc3fcb090c\u0026type=direct\u0026page_id=6274834\u0026screen_width=1280\u0026screen_height=1024\u0026os=Linux%20x86_64\u0026refurl=https%3A%2F%2Fwww.upload.ee%2Fdownload%2F15671913%2Fb8d570247eec1d95da60%2FMadDuck.exe\u0026pageurl=https%3A%2F%2Fwww.upload.ee%2Ffiles%2F15671913%2FMadDuck.exe.html%3Fmsg%3Dsess_error\u0026rnd=1695498457479","fqdn":"serving.bepolite.eu","domain":"bepolite.eu","tld":"eu"},"ip":{"addr":"212.47.222.20","port":0,"asn":3327,"as":"CITIC Telecom CPC Netherlands B.V.","country":"Estonia","country_code":"EE"},"introduction_type":"scriptElement","is_inline":false,"md5":"4976a2d25b7b4ab86be2d145fae7582c","sha1":"6f44622ee355387d5bc22dc10e2367c9f7328f0b","sha256":"93468777f4b5e173716ee36c8b0b16f7c04b0930c4559d18e45f64ea396f89d3","sha512":"7cc4ba75c75d0e7a70aca7fc88c07bb81a05c181e43c883cba96827c6abfbd7d36eb47ba9b3ee7fa3cf8fedf8c2da4e7ba439c3069ee9469daf2c4b3b218f9dd","ssdeep":"192:JMmEXVliCFC3C8CBCUYcWeTBuQVCHC9C6CPCnMaxqxH:CmEFICFC3C8CBCUvWUVCHC9C6CPCnMaa","tlshash":"00e1c8c1e70bb04285b074e712fda9cc824c6e7a9d82dc59600b5a6f7cd6a732b4262c","size":7068,"data":"","first_seen":"2023-09-23T21:48:03Z","last_seen":"2023-09-23T21:48:03Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.bepolite.eu/banners/90ac743b-5183-4800-8e6d-04f4da7f04db/index.html?click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttps%253A%252F%252Fomegalaen.ee%252F\u0026dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D\u0026f=https%3A%2F%2Fstatic.bepolite.eu%2Fbanners%2F90ac743b-5183-4800-8e6d-04f4da7f04db%2Findex.html\u0026clink=https%3A%2F%2Fomegalaen.ee%2F\u0026banner_id=01f29e526a8840cb8c6ba9cd7a9e949950dd7b0f4105441f8f6018cc3fcb090c\u0026bg=transparent\u0026w=1000\u0026h=400\u0026locale=Display%20Estonia-EST\u0026info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner","fqdn":"static.bepolite.eu","domain":"bepolite.eu","tld":"eu"},"ip":{"addr":"212.47.222.20","port":443,"asn":3327,"as":"CITIC Telecom CPC Netherlands B.V.","country":"Estonia","country_code":"EE"},"introduction_type":"scriptElement","is_inline":true,"md5":"3f1f2563525bd60c3546295955baa7a8","sha1":"9e56560285145b4012182c5f463e50bf5b9f2cc8","sha256":"5f4f80a6350fd7e6eaff214b3c5cdfb46b0b07123fdf398eb591248a3ee4a54b","sha512":"09cfb0c62e63fadab3053e7b6f2ef33988d1b8ee8186c46d95e5acafd3e315764d2884363c7a73e0d06c3e296ce41226e8561d4872dd960dc9437339d63d8e91","ssdeep":"","tlshash":"15515548f930e5b1426691d1a41f950ff33b95bdec1996cd2148dcf098b19870763f7a","size":2716,"data":"","first_seen":"2023-03-08T14:52:59Z","last_seen":"2026-05-02T06:19:53.677537Z","times_seen":13,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.bepolite.eu/banners/90ac743b-5183-4800-8e6d-04f4da7f04db/index.html?click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttps%253A%252F%252Fomegalaen.ee%252F\u0026dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D\u0026f=https%3A%2F%2Fstatic.bepolite.eu%2Fbanners%2F90ac743b-5183-4800-8e6d-04f4da7f04db%2Findex.html\u0026clink=https%3A%2F%2Fomegalaen.ee%2F\u0026banner_id=01f29e526a8840cb8c6ba9cd7a9e949950dd7b0f4105441f8f6018cc3fcb090c\u0026bg=transparent\u0026w=1000\u0026h=400\u0026locale=Display%20Estonia-EST\u0026info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner","fqdn":"static.bepolite.eu","domain":"bepolite.eu","tld":"eu"},"ip":{"addr":"212.47.222.20","port":443,"asn":3327,"as":"CITIC Telecom CPC Netherlands B.V.","country":"Estonia","country_code":"EE"},"introduction_type":"scriptElement","is_inline":true,"md5":"1f5aca98a7d0879f92c8ebb348493d21","sha1":"67ae22b1ccf1ea8b2c985513b39709d8d654dd86","sha256":"32ab0a5c85cabdb695704b5128a8fb7c9a8dfa3242cc36ceda6bb0650a45b35f","sha512":"054f994b8bc0d0edd9f7caa3836a1351374015ce5fa27eccc216d17a2e977dbad3c93a6ce99509dc4ff0c8aed6737717fc11da783eb73bcd40ba2c7be1b56f00","ssdeep":"96:iuVE3B826Nyr7OUbrynubNDZ66Wf7QzmdLmNBeL:CB8crNn369sz0iBeL","tlshash":"a2b1857f72a17a720a8254d6841f154aed3b68fbc00845e8fab5e8e35c7984212b9f34","size":5464,"data":"","first_seen":"2023-03-07T01:02:44Z","last_seen":"2026-05-02T06:19:53.685496Z","times_seen":76,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.bepolite.eu/banners/90ac743b-5183-4800-8e6d-04f4da7f04db/index.html?click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttps%253A%252F%252Fomegalaen.ee%252F\u0026dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D\u0026f=https%3A%2F%2Fstatic.bepolite.eu%2Fbanners%2F90ac743b-5183-4800-8e6d-04f4da7f04db%2Findex.html\u0026clink=https%3A%2F%2Fomegalaen.ee%2F\u0026banner_id=01f29e526a8840cb8c6ba9cd7a9e949950dd7b0f4105441f8f6018cc3fcb090c\u0026bg=transparent\u0026w=1000\u0026h=400\u0026locale=Display%20Estonia-EST\u0026info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner","fqdn":"static.bepolite.eu","domain":"bepolite.eu","tld":"eu"},"ip":{"addr":"212.47.222.20","port":443,"asn":3327,"as":"CITIC Telecom CPC Netherlands B.V.","country":"Estonia","country_code":"EE"},"introduction_type":"scriptElement","is_inline":true,"md5":"694518b79e345476d03082bf5f2694bf","sha1":"1caa4c483adb50d0e1ec94aed9db6c9ba9a88f06","sha256":"ef4565eb9e6b1d15cccfd52037ac6734876ee56d0d5146bd452ba422c3d15606","sha512":"738c7cb18a70207e742d186e6fbf3d48cba7038761b372e7d02b7dd96fa46b31a6ae46d4dd46115f184a410a561c8f7da3e528472bb52411bff28f0e13857c73","ssdeep":"192:RjDwGlzOknzDdfyDQ0boZ1APuZ5WBwD0y2kIP2ImGKVbApIC:FlzOknzDdTGuzWBwDb2H21HVM","tlshash":"6bf1b7a932103a3949db06fbe3af148739325023da04c96a749dcc90be7c8f15267eb5","size":7648,"data":"","first_seen":"2023-03-08T09:20:25Z","last_seen":"2026-05-02T06:19:53.678797Z","times_seen":17,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.bepolite.eu/banners/90ac743b-5183-4800-8e6d-04f4da7f04db/index.html?click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttps%253A%252F%252Fomegalaen.ee%252F\u0026dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D\u0026f=https%3A%2F%2Fstatic.bepolite.eu%2Fbanners%2F90ac743b-5183-4800-8e6d-04f4da7f04db%2Findex.html\u0026clink=https%3A%2F%2Fomegalaen.ee%2F\u0026banner_id=01f29e526a8840cb8c6ba9cd7a9e949950dd7b0f4105441f8f6018cc3fcb090c\u0026bg=transparent\u0026w=1000\u0026h=400\u0026locale=Display%20Estonia-EST\u0026info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner","fqdn":"static.bepolite.eu","domain":"bepolite.eu","tld":"eu"},"ip":{"addr":"212.47.222.20","port":443,"asn":3327,"as":"CITIC Telecom CPC Netherlands B.V.","country":"Estonia","country_code":"EE"},"introduction_type":"scriptElement","is_inline":true,"md5":"bb19134544bab9be9ffd63b7b0e43a82","sha1":"cd05e007caba4e939b5fa462e01b179c30880584","sha256":"e59bbde411089de457a90c89381a045d107bd054549a38741df97ff9626ee4f2","sha512":"d54a4f4c21c2ab36ce6e04ef1d380ddd09bc15bdf3f42a702f166af7226ddc9d0de0b2e62a123bb0aff77b127a84837389141ff5949bf4b87f026c3637821fc2","ssdeep":"","tlshash":"59c0120a62f971908c0f147c239711d41231477e1615202dd5d54e4b1fed087524b288","size":177,"data":"","first_seen":"2023-09-23T21:48:03Z","last_seen":"2024-08-21T05:55:39.364799Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=UA-6703115-1","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.74.40","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"1114cce2a24f7ab86c4b4d6f082a442b","sha1":"df95ee2e5438cb214d6c4f37f343ce8de4260703","sha256":"bf96b36c85a8406094519b3cd5831bf546343ec4ac3e33072b031b34b42f7090","sha512":"33dfc0494042d25bb75c98cb728c2c78154528401934ce39f34abf631304455c0ec2adb3c752d5e8b09be140e04cee61bd4cfda51d4ee9829525452ee4cd6bff","ssdeep":"3072:DbsvjQe7ChPyrsc0i4lWcAOSpI+yIaQ8Lr5h:jIsPLUcipI+yIa/H","tlshash":"58d309d9b3927126c3a3b4b8553f010bf17a6e91f84cdc94e246c9c02e7869a417bf6d","size":134314,"data":"","first_seen":"2023-09-23T21:48:03Z","last_seen":"2023-09-23T21:48:03Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-LT9YQX0N49\u0026l=dataLayer\u0026cx=c","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.74.40","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"06417a8644b55269eab07f9b225e4c27","sha1":"4ba09c7d4d1206c222c64c6c18a2b2cf0a5a0b23","sha256":"f437ed8f97202f98e9282e8377042e291f3fc0e7fbcd1906b7df6a751fcea58e","sha512":"740467bfa9dab3ed1e3b4d88dd0167642da39cabb8f2de21a7f5e26750e8f07a1606b841ff903111e81836a19d2d47683aca94f94dbc61e772b467514e73b71b","ssdeep":"3072:WHrj1KJllbPChIwFy1QLUnhWYNYREMLaFLeknNBiw6jOkrgUIq16a6JnWI+Rb:uf4bKhIwFy17n2UaknNBiwG7rX31D6Ja","tlshash":"2a3408d9b3c3706682a7f479503f014ba57b2ca6b44ccc98e189c9d02e78a99513bf7c","size":246853,"data":"","first_seen":"2023-09-23T21:48:03Z","last_seen":"2023-09-23T21:48:03Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"domTimer","is_inline":false,"md5":"1a74cbb40fa7318165676adc7f6d42e2","sha1":"a77077da44f266723653bdff6fceadb1db7f7a46","sha256":"056c33b48d5ab36d6d5e74abe74ea807122338fc4ad18f5c92c1d0a82823d048","sha512":"202f05e42e8b2019460736e994f1c3a1092c1076d160de1aff06f938d93e68e00d5b7434af7334bc1d166d74f0e7447ad5b76e6676af9a0e3e0193e12fdef436","ssdeep":"","tlshash":"5ab00411c534f5415404c4f0054011ccf05114f7cdf3413d141d153c151515f373f553","size":93,"data":"","first_seen":"2024-08-21T05:55:39.366236Z","last_seen":"2024-08-21T05:55:39.366236Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.bepolite.eu/banners/90ac743b-5183-4800-8e6d-04f4da7f04db/index.html?click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttps%253A%252F%252Fomegalaen.ee%252F\u0026dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D\u0026f=https%3A%2F%2Fstatic.bepolite.eu%2Fbanners%2F90ac743b-5183-4800-8e6d-04f4da7f04db%2Findex.html\u0026clink=https%3A%2F%2Fomegalaen.ee%2F\u0026banner_id=01f29e526a8840cb8c6ba9cd7a9e949950dd7b0f4105441f8f6018cc3fcb090c\u0026bg=transparent\u0026w=1000\u0026h=400\u0026locale=Display%20Estonia-EST\u0026info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner","fqdn":"static.bepolite.eu","domain":"bepolite.eu","tld":"eu"},"ip":{"addr":"212.47.222.20","port":443,"asn":3327,"as":"CITIC Telecom CPC Netherlands B.V.","country":"Estonia","country_code":"EE"},"introduction_type":"scriptElement","is_inline":true,"md5":"5eeecab1a83042cd499bdaa9cb9e9b31","sha1":"d9b972a9ae689d90d1d7822173c627dec073536f","sha256":"d3847f1322fcc1073fa357d2af85b07965a975ea42ac72f43fd52b7c8f782ab3","sha512":"e3c5d334b380870e461c0a704a2fce15d47a1bf46b47cc80003818e4ad0470be827f940925ec32d852356814ecd96e05ac1c7a2828e74119c7b48886918a3a48","ssdeep":"","tlshash":"af01f25cd1882b394d8f459ca38753821a3399f6b228365d869c1d709ffab95c28aac0","size":709,"data":"","first_seen":"2023-09-23T21:48:03Z","last_seen":"2024-08-21T05:55:39.3672Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error","fqdn":"www.upload.ee","domain":"upload.ee","tld":"ee"},"ip":{"addr":"51.91.30.159","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":true,"md5":"bada815b0add3317d69cbff824573d6b","sha1":"60ebc2061d3dbf196d418b6802aa0d971b7bc189","sha256":"f2fe3c2dc65244420df6fc8efd959211c4ef3d9f76e2a3c530b4a3163138d92b","sha512":"ebebfda077663be98ce77e2cd5423a0714b98afd3e733b59e81eb93b8fad64d788707761de91ed96d6cbe281cd96b11641a77532c41ae95a08944e1987070463","ssdeep":"","tlshash":"a43140f4ab7d64a498be210d633cf38fa46d60373c431c43ad5e55e41a71e2f0523a96","size":1636,"data":"","first_seen":"2023-03-09T23:09:39Z","last_seen":"2024-08-21T09:18:42.71122Z","times_seen":114,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pagead2.googlesyndication.com/pagead/js/adsbygoogle.js","fqdn":"pagead2.googlesyndication.com","domain":"googlesyndication.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"2e9e391ad98fbe1b2de0b7b4fa9ca904","sha1":"21d7771223e8286a06ad878af425094a40de32b5","sha256":"1468d954f25ab75355f3c0f42cd9c84efd64a67922c47d3b69bdb6d0eb399e69","sha512":"defa1ba5ce4193014a4657fe394734634087d66c9db8024778ea2c3a59be02e38e0077725c7d000ff7046bea23070594f8942446c6068b4032d329d0716532b0","ssdeep":"","tlshash":"f63197075511c5fa022195d6ea7a3e2e61337628523440a8f238f23b23770cbf3d1abd","size":1648,"data":"","first_seen":"2023-05-06T01:21:43Z","last_seen":"2026-05-20T09:03:07.561557Z","times_seen":74541,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"domTimer","is_inline":false,"md5":"27dcd08ff698799259de990a333151a5","sha1":"3c3a1975e612bcef24f5e0a52b929b38ab66907a","sha256":"1e049d0ac6853d748244edef9d337dadc20eb7fc076f7f610094f333b44e361b","sha512":"a0720b3144c3f992ad29bb2e8a5d5e76ebfb568de9fc846b6fbbbb2ad20aeb92b55dd2370d2435d282afd4af72b4a5c11bfedbda48d23100b222d27699f0311b","ssdeep":"","tlshash":"f7c00251cc6d605556d984f44948c540469011a6d1c0540504043a66462132a6457508","size":131,"data":"","first_seen":"2024-08-21T05:55:39.370079Z","last_seen":"2024-08-21T05:55:39.370079Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s.ocdn.ee/scripts/ads.js","fqdn":"s.ocdn.ee","domain":"ocdn.ee","tld":"ee"},"ip":{"addr":"172.67.72.48","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"a77d263791bc4b4a4358069d8e758043","sha1":"cff5d4b12aca7a4f2fa36cb2fe4353bce1610b70","sha256":"c462d25ec74cd4c8872337c9f34053be196bcaf9f40074a8003f95d95cea2b40","sha512":"ab3733a292b2cd68fe7002f5eeb79f4a1023d9807bb6350ca02615c82c9f60bd3e7e54c09ba4263bdbd95680b33b2937fd2bd8890614e4d467914dc23d64f2a1","ssdeep":"","tlshash":"31f059413091086943aa50b2652b12dda17aaade4717d22eb470a7eb663810e81c9b3c","size":502,"data":"","first_seen":"2023-07-01T01:44:25Z","last_seen":"2024-08-21T05:55:39.37112Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.upload.ee/js/js__file_upload.js","fqdn":"www.upload.ee","domain":"upload.ee","tld":"ee"},"ip":{"addr":"51.91.30.159","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":false,"md5":"617f6d5a2744bc8c02e3d2c67544bd68","sha1":"f57c068257c8bc85644d3be1e845c36506cd4625","sha256":"62a3bb4d9d2b5a55b6d821a75d7b155fac47def3c241e4f1215d17e022f02658","sha512":"9ff6156bbd9bfda93a5b39322b72b0f6caeca3e0acc0b66319f5d429bf7fb5fe4ec87cd3711618029fea339a7b1ea7b548d468fad7c4e91ba4e82b7f0f0cc890","ssdeep":"768:c1vyzvE5keq96s7jR29qxFJuuGBs98dSx1yU+9acoR13knV96Qx8VDJR:b+qP7jR29eFJuuGBs98dSx1yU+9at6VM","tlshash":"98c2f893778684a489da157e259e03ca7634c4536d0ea840fc6ccce8ae74f89907bf7d","size":27351,"data":"","first_seen":"2023-03-09T23:09:39Z","last_seen":"2023-10-14T14:45:24Z","times_seen":96,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.bepolite.eu/banners/90ac743b-5183-4800-8e6d-04f4da7f04db/index.html?click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttps%253A%252F%252Fomegalaen.ee%252F\u0026dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D\u0026f=https%3A%2F%2Fstatic.bepolite.eu%2Fbanners%2F90ac743b-5183-4800-8e6d-04f4da7f04db%2Findex.html\u0026clink=https%3A%2F%2Fomegalaen.ee%2F\u0026banner_id=01f29e526a8840cb8c6ba9cd7a9e949950dd7b0f4105441f8f6018cc3fcb090c\u0026bg=transparent\u0026w=1000\u0026h=400\u0026locale=Display%20Estonia-EST\u0026info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner","fqdn":"static.bepolite.eu","domain":"bepolite.eu","tld":"eu"},"ip":{"addr":"212.47.222.20","port":443,"asn":3327,"as":"CITIC Telecom CPC Netherlands B.V.","country":"Estonia","country_code":"EE"},"introduction_type":"scriptElement","is_inline":true,"md5":"60c378c8f8ca1a01b56e072863740d30","sha1":"56efc343e1bf6a51331c6930215a15fe9fd6598c","sha256":"62fdb0581c6c1711fe8278440d644672a01c7c57c8f0afe1a42367c3a1c80deb","sha512":"17eed5be4988fd64d2caf0174d4951c8cf61ce7bbeecf284b4b337724cd363f269c82c9428ad4d8511a1a2649f779f2841fae7b336d9dc9dcb136e32c64d68ba","ssdeep":"","tlshash":"e1118c3a7aee05364157e47c372f72c187b282db05009581784d8b6d0fe0a5a11b7bd8","size":1102,"data":"","first_seen":"2023-03-07T13:10:56Z","last_seen":"2024-08-21T05:55:39.37264Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":[{"md5":"f85a6ff0a82ccc58b641b7bc1abee7c6","sha1":"6010298d12c95280b8cc369e93ebc11f709aa810","sha256":"ec706808e0bacc7271640e8c5c9a01061686f85b0c4835af6676cd3ed34a4215","sha512":"7660b835bda307dda0cb643eec570a42f6db3ed083f021b3cd746e0a122ca0ed6d8c8d230539f5ad2e10f2c4a9b3cb6152a52d450681cc2ca06c1236786e3fd8","ssdeep":"","tlshash":"300120d66e46a10a437045eac1f2e84cc20e9239ab81d809c6d239479c05be71cc132d","size":749,"data":"","first_seen":"2024-08-21T05:55:39.37387Z","last_seen":"2024-08-21T05:55:39.37387Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"console":null},"http":[{"url":{"schema":"https","addr":"www.upload.ee/download/15671913/b8d570247eec1d95da60/MadDuck.exe","fqdn":"www.upload.ee","domain":"upload.ee","tld":"ee"},"ip":{"addr":"51.91.30.159","port":0,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2023-09-23T19:47:36.42398215Z","timestamp":1695498456424,"http_version":"","security_state":"secure","security_info":null,"request":{"raw":"GET /download/15671913/b8d570247eec1d95da60/MadDuck.exe HTTP/1.1\r\nHost: www.upload.ee\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx\r\nDate: Sat, 23 Sep 2023 19:47:36 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: 403\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nStrict-Transport-Security: max-age=31536000\r\nX-XSS-Protection: 1\r\nP3P: CP=\"CAO PSA OUR\"\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":403,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document, ASCII text, with very long lines (403), with no line terminators","md5":"28b8f18d977984cdbf383cdb5e085f33","sha1":"aeb57f64f0bed3fa07f7ae72b2857085af55a88d","sha256":"7577b723a14248ae599cadc877f917678a2929cd9acd512b434b71e0fe35c7d9","sha512":"8f371ce3eb6832ca4910c15b8c6fe49fa53463fe832ae5dae72c899a6ef0f4cebb0f3fff5a5241639a3883f14843b58d53a5434991f5bf8e51fd66072dd82f91","ssdeep":"","tlshash":"b6e061ae4c15d48fd69120f0a4f1f14864da912bf8648950f4d0047a93c4beddc527a5","first_seen":"2023-09-23T21:48:03Z","last_seen":"2023-09-23T21:48:03Z","times_seen":1,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.upload.ee/download/15671913/b8d570247eec1d95da60/MadDuck.exe","fqdn":"www.upload.ee","domain":"upload.ee","tld":"ee"},"ip":{"addr":"51.91.30.159","port":0,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2023-09-23T19:47:36.577473891Z","timestamp":1695498456577,"http_version":"","security_state":"secure","security_info":null,"request":{"raw":"GET /download/15671913/b8d570247eec1d95da60/MadDuck.exe HTTP/1.1\r\nHost: www.upload.ee\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx\r\nDate: Sat, 23 Sep 2023 19:47:36 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: 403\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nStrict-Transport-Security: max-age=31536000\r\nX-XSS-Protection: 1\r\nP3P: CP=\"CAO PSA OUR\"\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":403,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document, ASCII text, with very long lines (403), with no line terminators","md5":"28b8f18d977984cdbf383cdb5e085f33","sha1":"aeb57f64f0bed3fa07f7ae72b2857085af55a88d","sha256":"7577b723a14248ae599cadc877f917678a2929cd9acd512b434b71e0fe35c7d9","sha512":"8f371ce3eb6832ca4910c15b8c6fe49fa53463fe832ae5dae72c899a6ef0f4cebb0f3fff5a5241639a3883f14843b58d53a5434991f5bf8e51fd66072dd82f91","ssdeep":"","tlshash":"b6e061ae4c15d48fd69120f0a4f1f14864da912bf8648950f4d0047a93c4beddc527a5","first_seen":"2023-09-23T21:48:03Z","last_seen":"2023-09-23T21:48:03Z","times_seen":1,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error","fqdn":"www.upload.ee","domain":"upload.ee","tld":"ee"},"ip":{"addr":"51.91.30.159","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2023-09-23T19:47:36.899Z","timestamp":1695498456899,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.upload.ee","organization":""},"issuer":{"commonName":"RapidSSL Global TLS RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Thu, 02 Mar 2023 00:00:00 GMT","end":"Mon, 01 Apr 2024 23:59:59 GMT"},"fingerprint":{"sha1":"50:32:93:34:C8:04:2F:84:49:77:0D:C4:DD:CA:79:C9:CB:3E:C0:F4","sha256":"AB:0D:2D:02:34:6F:B5:08:58:FA:7A:F5:12:43:16:EF:56:12:7B:6F:99:CB:3F:AA:39:F3:0E:91:FE:43:FE:CF"}}},"request":{"raw":"GET /files/15671913/MadDuck.exe.html?msg=sess_error HTTP/1.1\r\nHost: www.upload.ee\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.upload.ee/download/15671913/b8d570247eec1d95da60/MadDuck.exe\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 23 Sep 2023 19:47:36 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: 8989\r\nConnection: keep-alive\r\nKeep-Alive: timeout=20\r\nExpires: Mon, 26 Jul 1997 05:00:00 GMT\r\nLast-Modified: Sat, 23 Sep 2023 22:47:36 +0300\r\nCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=31536000\r\nX-XSS-Protection: 1\r\nP3P: CP=\"CAO PSA OUR\"\r\nSet-Cookie: lng=eng; expires=Sat, 21-Oct-2023 19:47:36 GMT; path=/; domain=www.upload.ee; secure; httponly; SameSite=None\r\nContent-Encoding: gzip\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":8989,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- exported SGML document, ASCII text, with very long lines (4526)","md5":"c83c5fb247a099f68ba0ae7352d21dcc","sha1":"ba9d8b82757782e1d4b867bb9881d5605c44a302","sha256":"d431f54fbdd3a817c767688673a11edb5883260b17feb159492cef5bdd42871d","sha512":"f6abaebf41e76d57c315c404283453039af334a0478c9144f187ea61f7d8fa6490d4473964631230e873e6a95ce8921747dcf3fe63ae3161b34ddd7fb9227736","ssdeep":"384:zoJylIn7xpYwuu504YHeHYODRzhU3E8+UUKIz40qoxeK++3eBizEm+e:zoJCIn7XY20tsDRzh4E8+UUKIz40qoxh","tlshash":"b0923a71158ee82e8655a0d8e234fe9c99d774afc3800884f4bb68b7a5c5fa46c311f9","first_seen":"2023-09-23T21:48:03Z","last_seen":"2023-09-23T21:48:03Z","times_seen":1,"resource_available":false,"data":null}},"time_used":36,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":35,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"du0pud0sdlmzf.cloudfront.net/?dupud=997369","fqdn":"du0pud0sdlmzf.cloudfront.net","domain":"du0pud0sdlmzf.cloudfront.net","tld":"cloudfront.net"},"ip":{"addr":"143.204.42.211","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error","date":"2023-09-23T19:47:37.082Z","timestamp":1695498457082,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.cloudfront.net","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Thu, 08 Dec 2022 00:00:00 GMT","end":"Thu, 07 Dec 2023 23:59:59 GMT"},"fingerprint":{"sha1":"BA:0F:CD:B3:EA:19:B2:9D:99:9B:51:2D:16:33:6B:D0:3F:31:A2:AB","sha256":"0E:61:DC:91:28:A6:D0:1C:35:83:E4:6C:B8:71:E9:59:0C:A7:63:6F:3B:39:4E:60:B9:10:FD:B2:49:E9:04:65"}}},"request":{"raw":"GET /?dupud=997369 HTTP/1.1\r\nHost: du0pud0sdlmzf.cloudfront.net\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.upload.ee/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-length: 117777\r\ndate: Sat, 23 Sep 2023 19:45:20 GMT\r\naccess-control-allow-origin: *\r\ncache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform\r\ncontent-encoding: gzip\r\npragma: no-cache\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-C1\r\nx-amz-cf-id: 71Ezkj9orp8JBC-ySUXgQgWw5Fn3zrqR0Y-hl9h_qaPLRnJJ1ls7Tg==\r\nage: 137\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":117777,"size_decoded":0,"mime_type":"text/plain","magic":"Unicode text, UTF-8 text, with very long lines (15948)","md5":"505db1d2f15fe18c51deda7a6b7867d5","sha1":"977baab7e01f394ca07bdaa7fbb306479a038605","sha256":"7b35aa275ead173cbc331424b719d85201cc20fedd42d7da430161f115ca3cd3","sha512":"c87d9da3aa9f5ba434fcf59744cc27713e79a93c3882669eb84a136a1f7c8b5c35d14062a3916d899b44d2458282b0f9e36132f12e7020217010ca5576b709c2","ssdeep":"3072:WS9XPLAya82hrZ5LxjFYiUUFvVI4GmDz1HU3NZkUMs63S9XPLAya82hrZ5LxjFYn:WShLAyB2hrfVp103N+wKShLAyB2hrfVk","tlshash":"70743b89be523869836374b640ff124e723f4669b8084dd4b49ad4d16db8d0943bffac","first_seen":"2023-09-23T21:48:03Z","last_seen":"2023-09-23T21:48:03Z","times_seen":1,"resource_available":true,"data":null}},"time_used":88,"timings":{"blocked":-1,"dns":49,"connect":18,"send":0,"wait":3,"receive":5,"ssl":12},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.upload.ee/static/ubr__style.css","fqdn":"www.upload.ee","domain":"upload.ee","tld":"ee"},"ip":{"addr":"51.91.30.159","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error","date":"2023-09-23T19:47:37.054Z","timestamp":1695498457054,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.upload.ee","organization":""},"issuer":{"commonName":"RapidSSL Global TLS RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Thu, 02 Mar 2023 00:00:00 GMT","end":"Mon, 01 Apr 2024 23:59:59 GMT"},"fingerprint":{"sha1":"50:32:93:34:C8:04:2F:84:49:77:0D:C4:DD:CA:79:C9:CB:3E:C0:F4","sha256":"AB:0D:2D:02:34:6F:B5:08:58:FA:7A:F5:12:43:16:EF:56:12:7B:6F:99:CB:3F:AA:39:F3:0E:91:FE:43:FE:CF"}}},"request":{"raw":"GET /static/ubr__style.css HTTP/1.1\r\nHost: www.upload.ee\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error\r\nCookie: lng=eng\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 23 Sep 2023 19:47:37 GMT\r\nContent-Type: text/css\r\nLast-Modified: Fri, 04 Oct 2013 10:02:27 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=20\r\nETag: W/\"524e9233-25a0\"\r\nExpires: Sat, 30 Sep 2023 19:47:37 GMT\r\nCache-Control: max-age=604800\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2880,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (591), with CRLF line terminators","md5":"3ba04e290212b44bcca8f10a60a4e879","sha1":"a9b021c9019bdbb28250836039b2372a1b4d0f0f","sha256":"f618b1c7be10c3203620d44c6f323be5b61ac10e67588d96cb69988b3173c7d2","sha512":"e3bd31605e6fc62195a3b7372d23456ab192418758888b7eba73dd2c5f6cc145feab8ed478c0ddcf9e7660b0840ee6a91bf807ac5a90a323a5cc4c8978d7bc57","ssdeep":"192:82jAySjuE174K/B4kxWnInnHGYaN4OI56pYgp+:ejj2K/B4annc66pYgM","tlshash":"f012b672d29a202eb1afc0baf051fa9e3d54908bd4539775f96636b5cac10e53337708","first_seen":"2023-04-05T06:15:55Z","last_seen":"2023-10-14T14:45:24Z","times_seen":94,"resource_available":false,"data":null}},"time_used":415,"timings":{"blocked":189,"dns":0,"connect":28,"send":0,"wait":28,"receive":0,"ssl":163},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"ocsp.pki.goog/gts1c3","fqdn":"ocsp.pki.goog","domain":"pki.goog","tld":"goog"},"ip":{"addr":"142.250.74.131","port":0,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2023-09-23T19:47:37.296850678Z","timestamp":1695498457296,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST /gts1c3 HTTP/1.1\r\nHost: ocsp.pki.goog\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 83\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Type: application/ocsp-response\r\nDate: Sat, 23 Sep 2023 19:47:37 GMT\r\nCache-Control: public, max-age=14400\r\nServer: ocsp_responder\r\nContent-Length: 471\r\nX-XSS-Protection: 0\r\nX-Frame-Options: SAMEORIGIN\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":471,"size_decoded":0,"mime_type":"application/octet-stream","magic":"data","md5":"94111c3420bb2c6a13c84437834119c2","sha1":"a60b1aaa235c754b4f840e14e5c32f3bd1920d3b","sha256":"9f0636387ba07be147b51285a1e30b77ad2e4e77126f1c1082775fd981b32d78","sha512":"bd936c41c14165c866fc38aa1d2eef45f90737b3a84622fe87ac22b8f75e4ee8991428eb38e89cf2d5420772293095ef29cd5bffc4b72cb386a6b2110d5da338","ssdeep":"","tlshash":"9af0dcc93efe0aa1d619991d0ed6683430a1f5680f2a87a23e6d2644df0cb96620a128","first_seen":"2023-09-23T00:12:26Z","last_seen":"2023-09-23T22:51:58Z","times_seen":1132,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.upload.ee/js/js__file_upload.js","fqdn":"www.upload.ee","domain":"upload.ee","tld":"ee"},"ip":{"addr":"51.91.30.159","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error","date":"2023-09-23T19:47:37.073Z","timestamp":1695498457073,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.upload.ee","organization":""},"issuer":{"commonName":"RapidSSL Global TLS RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Thu, 02 Mar 2023 00:00:00 GMT","end":"Mon, 01 Apr 2024 23:59:59 GMT"},"fingerprint":{"sha1":"50:32:93:34:C8:04:2F:84:49:77:0D:C4:DD:CA:79:C9:CB:3E:C0:F4","sha256":"AB:0D:2D:02:34:6F:B5:08:58:FA:7A:F5:12:43:16:EF:56:12:7B:6F:99:CB:3F:AA:39:F3:0E:91:FE:43:FE:CF"}}},"request":{"raw":"GET /js/js__file_upload.js HTTP/1.1\r\nHost: www.upload.ee\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error\r\nCookie: lng=eng\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 23 Sep 2023 19:47:37 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 27351\r\nLast-Modified: Thu, 07 May 2020 19:13:28 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=20\r\nETag: \"5eb45dd8-6ad7\"\r\nExpires: Sat, 30 Sep 2023 19:47:37 GMT\r\nCache-Control: max-age=604800\r\nVary: Accept-Encoding\r\nAccept-Ranges: bytes\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":27351,"size_decoded":0,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text, with very long lines (1853)","md5":"617f6d5a2744bc8c02e3d2c67544bd68","sha1":"f57c068257c8bc85644d3be1e845c36506cd4625","sha256":"62a3bb4d9d2b5a55b6d821a75d7b155fac47def3c241e4f1215d17e022f02658","sha512":"9ff6156bbd9bfda93a5b39322b72b0f6caeca3e0acc0b66319f5d429bf7fb5fe4ec87cd3711618029fea339a7b1ea7b548d468fad7c4e91ba4e82b7f0f0cc890","ssdeep":"768:c1vyzvE5keq96s7jR29qxFJuuGBs98dSx1yU+9acoR13knV96Qx8VDJR:b+qP7jR29eFJuuGBs98dSx1yU+9at6VM","tlshash":"98c2f893778684a489da157e259e03ca7634c4536d0ea840fc6ccce8ae74f89907bf7d","first_seen":"2023-03-09T23:09:39Z","last_seen":"2023-10-14T14:45:24Z","times_seen":96,"resource_available":true,"data":null}},"time_used":457,"timings":{"blocked":170,"dns":0,"connect":34,"send":0,"wait":56,"receive":33,"ssl":161},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.upload.ee/images/arrow.gif","fqdn":"www.upload.ee","domain":"upload.ee","tld":"ee"},"ip":{"addr":"51.91.30.159","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error","date":"2023-09-23T19:47:37.079Z","timestamp":1695498457079,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.upload.ee","organization":""},"issuer":{"commonName":"RapidSSL Global TLS RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Thu, 02 Mar 2023 00:00:00 GMT","end":"Mon, 01 Apr 2024 23:59:59 GMT"},"fingerprint":{"sha1":"50:32:93:34:C8:04:2F:84:49:77:0D:C4:DD:CA:79:C9:CB:3E:C0:F4","sha256":"AB:0D:2D:02:34:6F:B5:08:58:FA:7A:F5:12:43:16:EF:56:12:7B:6F:99:CB:3F:AA:39:F3:0E:91:FE:43:FE:CF"}}},"request":{"raw":"GET /images/arrow.gif HTTP/1.1\r\nHost: www.upload.ee\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error\r\nCookie: lng=eng\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 23 Sep 2023 19:47:37 GMT\r\nContent-Type: image/gif\r\nContent-Length: 59\r\nLast-Modified: Sun, 14 Apr 2013 07:15:01 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=20\r\nETag: \"516a5775-3b\"\r\nExpires: Sat, 30 Sep 2023 19:47:37 GMT\r\nCache-Control: max-age=604800\r\nAccept-Ranges: bytes\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":59,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 6 x 9\\012- data","md5":"6675f814b94f13f91f1383707b250e36","sha1":"31452650e8fce2095613a2010799bdb7548bdd51","sha256":"061d01a0b85f948c6ec464870ecec4654c4bd2ff15cacda941bbbf16225ec411","sha512":"d232d7337ef45394ddeb09894a7aec31363ef026299bd047d49dc46975757da192136b03531ab7be451a4d28ce8e3250a9538f94c6ae38347537de00192e9c62","ssdeep":"","tlshash":"3fa0020295b4c144c80411761c58815056027226858e175736bc7722ec498a17152121","first_seen":"2023-04-30T19:35:34Z","last_seen":"2026-05-15T03:10:01.465295Z","times_seen":3578,"resource_available":false,"data":null}},"time_used":281,"timings":{"blocked":253,"dns":0,"connect":0,"send":0,"wait":28,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.upload.ee/images/dl_.png","fqdn":"www.upload.ee","domain":"upload.ee","tld":"ee"},"ip":{"addr":"51.91.30.159","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error","date":"2023-09-23T19:47:37.075Z","timestamp":1695498457075,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.upload.ee","organization":""},"issuer":{"commonName":"RapidSSL Global TLS RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Thu, 02 Mar 2023 00:00:00 GMT","end":"Mon, 01 Apr 2024 23:59:59 GMT"},"fingerprint":{"sha1":"50:32:93:34:C8:04:2F:84:49:77:0D:C4:DD:CA:79:C9:CB:3E:C0:F4","sha256":"AB:0D:2D:02:34:6F:B5:08:58:FA:7A:F5:12:43:16:EF:56:12:7B:6F:99:CB:3F:AA:39:F3:0E:91:FE:43:FE:CF"}}},"request":{"raw":"GET /images/dl_.png HTTP/1.1\r\nHost: www.upload.ee\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error\r\nCookie: lng=eng\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 23 Sep 2023 19:47:37 GMT\r\nContent-Type: image/png\r\nContent-Length: 1900\r\nLast-Modified: Thu, 01 Dec 2016 09:37:27 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=20\r\nETag: \"583fef57-76c\"\r\nExpires: Sat, 30 Sep 2023 19:47:37 GMT\r\nCache-Control: max-age=604800\r\nAccept-Ranges: bytes\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1900,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 154 x 32, 8-bit colormap, non-interlaced\\012- data","md5":"f3e8f284a4e98cdb91b6abfc142d94a4","sha1":"fa9e618c2f56bea752ddd7e45a372c5539dadda9","sha256":"2f13919383f54ca21e5b87f5644df8a875b99815c821dcbbabea352d854c6882","sha512":"e3d0865ac754c5956d7636635dd87df016e893a20c3292b0918b26305e4ebe3515a7498cff2e1902155de884b9fcfca8ec7a01d8a5ab5053b6ad62c914781144","ssdeep":"","tlshash":"6241398ffcfc75dc437e002a1a943806266692c471a4a7382b5108be2d4270f4224e66","first_seen":"2023-04-30T19:35:34Z","last_seen":"2026-05-15T03:10:01.474469Z","times_seen":3578,"resource_available":false,"data":null}},"time_used":571,"timings":{"blocked":257,"dns":0,"connect":33,"send":0,"wait":28,"receive":0,"ssl":159},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=UA-6703115-1","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.74.40","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error","date":"2023-09-23T19:47:37.080Z","timestamp":1695498457080,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"GTS CA 1C3","organization":"Google Trust Services LLC"},"validity":{"start":"Mon, 04 Sep 2023 08:17:06 GMT","end":"Mon, 27 Nov 2023 08:17:05 GMT"},"fingerprint":{"sha1":"00:ED:16:68:8D:DB:14:8B:43:01:81:CA:83:9A:AE:5B:24:AB:11:18","sha256":"A7:5A:4E:D4:52:12:7D:30:6C:86:1D:F0:95:AC:85:55:FE:12:AB:A0:E0:41:94:87:35:7A:8C:96:FE:D9:E6:F0"}}},"request":{"raw":"GET /gtag/js?id=UA-6703115-1 HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.upload.ee/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Cache-Control\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Sat, 23 Sep 2023 19:47:37 GMT\r\nexpires: Sat, 23 Sep 2023 19:47:37 GMT\r\ncache-control: private, max-age=900\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\nserver: Google Tag Manager\r\ncontent-length: 51717\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":51717,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"ASCII text, with very long lines (2213)","md5":"1114cce2a24f7ab86c4b4d6f082a442b","sha1":"df95ee2e5438cb214d6c4f37f343ce8de4260703","sha256":"bf96b36c85a8406094519b3cd5831bf546343ec4ac3e33072b031b34b42f7090","sha512":"33dfc0494042d25bb75c98cb728c2c78154528401934ce39f34abf631304455c0ec2adb3c752d5e8b09be140e04cee61bd4cfda51d4ee9829525452ee4cd6bff","ssdeep":"3072:DbsvjQe7ChPyrsc0i4lWcAOSpI+yIaQ8Lr5h:jIsPLUcipI+yIa/H","tlshash":"58d309d9b3927126c3a3b4b8553f010bf17a6e91f84cdc94e246c9c02e7869a417bf6d","first_seen":"2023-09-23T21:48:03Z","last_seen":"2023-09-23T21:48:03Z","times_seen":1,"resource_available":true,"data":null}},"time_used":702,"timings":{"blocked":280,"dns":16,"connect":10,"send":0,"wait":28,"receive":87,"ssl":273},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"ocsp.pki.goog/gts1c3","fqdn":"ocsp.pki.goog","domain":"pki.goog","tld":"goog"},"ip":{"addr":"142.250.74.131","port":0,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2023-09-23T19:47:37.565343955Z","timestamp":1695498457565,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST /gts1c3 HTTP/1.1\r\nHost: ocsp.pki.goog\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 83\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Type: application/ocsp-response\r\nDate: Sat, 23 Sep 2023 19:47:37 GMT\r\nCache-Control: public, max-age=14400\r\nServer: ocsp_responder\r\nContent-Length: 471\r\nX-XSS-Protection: 0\r\nX-Frame-Options: SAMEORIGIN\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":471,"size_decoded":0,"mime_type":"application/octet-stream","magic":"data","md5":"94111c3420bb2c6a13c84437834119c2","sha1":"a60b1aaa235c754b4f840e14e5c32f3bd1920d3b","sha256":"9f0636387ba07be147b51285a1e30b77ad2e4e77126f1c1082775fd981b32d78","sha512":"bd936c41c14165c866fc38aa1d2eef45f90737b3a84622fe87ac22b8f75e4ee8991428eb38e89cf2d5420772293095ef29cd5bffc4b72cb386a6b2110d5da338","ssdeep":"","tlshash":"9af0dcc93efe0aa1d619991d0ed6683430a1f5680f2a87a23e6d2644df0cb96620a128","first_seen":"2023-09-23T00:12:26Z","last_seen":"2023-09-23T22:51:58Z","times_seen":1132,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gourgoldpieceso.com/UW03WWJ+UlQqXzU5fi47PTtyGzMTPm4cOxcscRsRBTxiETQWJBEtCzVQDmBVYlsOfxI4CQpoRCIZVi0XIlAGfws/C1hkRCdQBndRZUMEbUxhS0JkU3cZRzgFbFwRKRYlAQpoVGhYA2BaZVgAbVtl","fqdn":"gourgoldpieceso.com","domain":"gourgoldpieceso.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"Colombia","country_code":"CO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error","date":"2023-09-23T19:47:37.520Z","timestamp":1695498457520,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gourgoldpieceso.com","organization":""},"issuer":{"commonName":"GTS CA 1P5","organization":"Google Trust Services LLC"},"validity":{"start":"Wed, 13 Sep 2023 06:21:57 GMT","end":"Tue, 12 Dec 2023 06:21:56 GMT"},"fingerprint":{"sha1":"2F:6C:A4:39:D1:55:B5:C3:E1:69:AB:2B:9A:94:A6:6C:EA:FB:0A:F9","sha256":"D6:98:E1:E4:C0:02:1D:9E:7C:57:DC:A2:52:E1:A1:4A:06:7B:A3:7F:DB:DA:36:2D:42:66:DF:9A:E5:1E:2E:80"}}},"request":{"raw":"GET /UW03WWJ+UlQqXzU5fi47PTtyGzMTPm4cOxcscRsRBTxiETQWJBEtCzVQDmBVYlsOfxI4CQpoRCIZVi0XIlAGfws/C1hkRCdQBndRZUMEbUxhS0JkU3cZRzgFbFwRKRYlAQpoVGhYA2BaZVgAbVtl HTTP/1.1\r\nHost: gourgoldpieceso.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.upload.ee/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 204 No Content\r\ndate: Sat, 23 Sep 2023 19:47:37 GMT\r\naccess-control-allow-origin: *\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=Z0EQNGmWPWAUIIxbTnczWq0WuYsX1jrsszVhN%2B3HSJpOhG6YedyiFKEyEjsM0tjUqEmfb0THA7vdMa0oV90B%2BMbrRkEpfoECLt%2FNvZy51hY2f3S1E8OJvhLPe7iVrrxuUQtvRDwr\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 80b54cee6b5ab50f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-20T09:12:38.992731Z","times_seen":15478837,"resource_available":true,"data":null}},"time_used":249,"timings":{"blocked":63,"dns":2,"connect":10,"send":0,"wait":119,"receive":0,"ssl":51},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gourgoldpieceso.com/MEl6MWofdhlCV2oBIFwLdTkrYCxyKB9dW3YcS0UQZgwwZzJoAFxFA1R0QwhdBHlCFxpZLUcAUhY6DlAeRTpHAExZJxxeVxY/RwBEAGdIH14WPEcATEQ5G1ZXAW8KRR5cdEsHUwV9QwleBX5PCF8","fqdn":"gourgoldpieceso.com","domain":"gourgoldpieceso.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"Colombia","country_code":"CO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error","date":"2023-09-23T19:47:37.615Z","timestamp":1695498457615,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gourgoldpieceso.com","organization":""},"issuer":{"commonName":"GTS CA 1P5","organization":"Google Trust Services LLC"},"validity":{"start":"Wed, 13 Sep 2023 06:21:57 GMT","end":"Tue, 12 Dec 2023 06:21:56 GMT"},"fingerprint":{"sha1":"2F:6C:A4:39:D1:55:B5:C3:E1:69:AB:2B:9A:94:A6:6C:EA:FB:0A:F9","sha256":"D6:98:E1:E4:C0:02:1D:9E:7C:57:DC:A2:52:E1:A1:4A:06:7B:A3:7F:DB:DA:36:2D:42:66:DF:9A:E5:1E:2E:80"}}},"request":{"raw":"GET /MEl6MWofdhlCV2oBIFwLdTkrYCxyKB9dW3YcS0UQZgwwZzJoAFxFA1R0QwhdBHlCFxpZLUcAUhY6DlAeRTpHAExZJxxeVxY/RwBEAGdIH14WPEcATEQ5G1ZXAW8KRR5cdEsHUwV9QwleBX5PCF8 HTTP/1.1\r\nHost: gourgoldpieceso.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.upload.ee/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 204 No Content\r\ndate: Sat, 23 Sep 2023 19:47:37 GMT\r\naccess-control-allow-origin: *\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=hC6xz0FSzHqVqvcPXUbHLv3xM5kKSVH3qUHEsq5hU7cCgVnzHRy1EB%2B29LfrWsM1EwY5EYfL9bTPOChEPsVxIEschOxK6Ct0nyslsP6%2BManbz7B7NDE%2BQX9CytMfHfWrs2JrPzGm\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 80b54cee9b85b50f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-20T09:12:38.992731Z","times_seen":15478837,"resource_available":true,"data":null}},"time_used":116,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":116,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"idohethisisathllea.com/bWVEOHMMBydVTAxYJh4GHwl5HUErQHZ+FxhVNE0XXRYgVB4XA2pbHwIQIF4BAgswFh0IEWEKNTg/E3IrOg4Jfzc5DnxeMSgpCQoXWz0CbhgPLTR8MC40dXQhOwMUUTI9IBUIRiQPEVIhLigjckIFNidsKgQmM24CCyYddDI6FTZiIjwiCm8XXjQ8YR0jNixhMhQwd3QbJCEKbEtbJnRpGiJWcHE3PlU+dAQGISdVFCswAUAdC1YCbiAEXDZbGC83AmBKFTMVDFZfJwp8Kgk3dm4CIlR1bTAqHXdpNSgzIgs1OyAHflZfIyd7ITk/dnYHOzAwQRIlKAd6CUA0PHQ2LzQBbxsXMwJyHQxWCm0hXzM1ciIaNAlSBB4tEVwfJS0ObSZeCTViIS8DHl9VBxYrVgNQDD50BwILPE41","fqdn":"idohethisisathllea.com","domain":"idohethisisathllea.com","tld":"com"},"ip":{"addr":"54.230.111.91","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error","date":"2023-09-23T19:47:37.601Z","timestamp":1695498457601,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"idohethisisathllea.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M02","organization":"Amazon"},"validity":{"start":"Wed, 13 Sep 2023 00:00:00 GMT","end":"Fri, 11 Oct 2024 23:59:59 GMT"},"fingerprint":{"sha1":"85:DD:DD:23:88:CB:8B:EE:0A:E8:28:AD:8D:6A:15:CA:6B:85:DA:DF","sha256":"33:65:00:BC:8B:CA:C9:F9:3E:94:7D:2C:67:29:B8:51:59:51:6D:A5:C6:8F:0C:3C:CB:BB:AD:1C:65:93:07:7A"}}},"request":{"raw":"GET /bWVEOHMMBydVTAxYJh4GHwl5HUErQHZ+FxhVNE0XXRYgVB4XA2pbHwIQIF4BAgswFh0IEWEKNTg/E3IrOg4Jfzc5DnxeMSgpCQoXWz0CbhgPLTR8MC40dXQhOwMUUTI9IBUIRiQPEVIhLigjckIFNidsKgQmM24CCyYddDI6FTZiIjwiCm8XXjQ8YR0jNixhMhQwd3QbJCEKbEtbJnRpGiJWcHE3PlU+dAQGISdVFCswAUAdC1YCbiAEXDZbGC83AmBKFTMVDFZfJwp8Kgk3dm4CIlR1bTAqHXdpNSgzIgs1OyAHflZfIyd7ITk/dnYHOzAwQRIlKAd6CUA0PHQ2LzQBbxsXMwJyHQxWCm0hXzM1ciIaNAlSBB4tEVwfJS0ObSZeCTViIS8DHl9VBxYrVgNQDD50BwILPE41 HTTP/1.1\r\nHost: idohethisisathllea.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.upload.ee/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/html\r\ncontent-length: 1170\r\ndate: Sat, 23 Sep 2023 19:47:37 GMT\r\nserver: openresty/1.17.8.2\r\ncache-control: no-store, no-cache, must-revalidate, no-transform\r\npragma: no-cache\r\np3p: CP=\"NID DSP ALL COR\"\r\ncontent-encoding: gzip\r\naccept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List\r\nx-cache: Miss from cloudfront\r\nvia: 1.1 8ac66e1d6983a0f44cf391b1ec3b1cce.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nx-amz-cf-id: Qcn-iCZPfSMOu-y-EvVBDyBzxWKtwYEnDx5IkKDaMFdypfrWcAhqLA==\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1170,"size_decoded":0,"mime_type":"text/html","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- exported SGML document, ASCII text, with very long lines (3013), with no line terminators","md5":"50500bc0063e93a820faf9d1e5968f50","sha1":"ac82557dce86d0e665c01d4630397bdd9f64a84e","sha256":"0e2d8f089c63d656e487bf14b7d6ddefd57c22af8e63eba07e5eff8c8a125c04","sha512":"08be21a918033c2a3d21b812f6fcd1b360cf979fd307626e3eb38bec28b492cbad01a8f40b5382b280c0775b7056f7cf12d147e99512413d6191d979b9a96399","ssdeep":"","tlshash":"7a510e8d34f36082c2f67065453bb59afa289aa0834cdb14863d96bcbd715e9631bf4c","first_seen":"2023-09-23T21:48:03Z","last_seen":"2023-09-23T21:48:03Z","times_seen":1,"resource_available":false,"data":null}},"time_used":154,"timings":{"blocked":20,"dns":4,"connect":1,"send":0,"wait":111,"receive":1,"ssl":12},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"idohethisisathllea.com/WnlmMnk7GwVfRjtEBBQMKBVbF0scXFR0HS9JFkcdagoCXhQgH0hRFTUMAlQLNRcSHBc/DUMAP2IvMGhJCRMjADYIFhV2EB9cVHQ8EhovUD4cOANVFSApJ1EVAgAwQDcwQFB6KG4XLGo0CDclUUwcACNBPBIaJFEDNS8sdCM1GiR3Eg8UDlwsMw0wfEsuOAR3KGoYHlkVCQMRBD4ZCjNoARg7PHM/LSMjYBAJLjRcLAIVHFE+CDwsXh5tMBFKDxtLM0ctEgETa0sQKwNqNy0jI2NNCEokXjcCCiRQMTI8P0orNCMOfw8PE1IHLAIRVWhLAD8DVT8xIw0fLyw4VGcOEi0OZzQgEitQDhctPAIvbTFUZA4bIQVzXzAKCVwJZzsTeTECKglwPTgqFQ","fqdn":"idohethisisathllea.com","domain":"idohethisisathllea.com","tld":"com"},"ip":{"addr":"54.230.111.91","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error","date":"2023-09-23T19:47:37.646Z","timestamp":1695498457646,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"idohethisisathllea.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M02","organization":"Amazon"},"validity":{"start":"Wed, 13 Sep 2023 00:00:00 GMT","end":"Fri, 11 Oct 2024 23:59:59 GMT"},"fingerprint":{"sha1":"85:DD:DD:23:88:CB:8B:EE:0A:E8:28:AD:8D:6A:15:CA:6B:85:DA:DF","sha256":"33:65:00:BC:8B:CA:C9:F9:3E:94:7D:2C:67:29:B8:51:59:51:6D:A5:C6:8F:0C:3C:CB:BB:AD:1C:65:93:07:7A"}}},"request":{"raw":"GET /WnlmMnk7GwVfRjtEBBQMKBVbF0scXFR0HS9JFkcdagoCXhQgH0hRFTUMAlQLNRcSHBc/DUMAP2IvMGhJCRMjADYIFhV2EB9cVHQ8EhovUD4cOANVFSApJ1EVAgAwQDcwQFB6KG4XLGo0CDclUUwcACNBPBIaJFEDNS8sdCM1GiR3Eg8UDlwsMw0wfEsuOAR3KGoYHlkVCQMRBD4ZCjNoARg7PHM/LSMjYBAJLjRcLAIVHFE+CDwsXh5tMBFKDxtLM0ctEgETa0sQKwNqNy0jI2NNCEokXjcCCiRQMTI8P0orNCMOfw8PE1IHLAIRVWhLAD8DVT8xIw0fLyw4VGcOEi0OZzQgEitQDhctPAIvbTFUZA4bIQVzXzAKCVwJZzsTeTECKglwPTgqFQ HTTP/1.1\r\nHost: idohethisisathllea.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.upload.ee/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/html\r\ncontent-length: 1156\r\ndate: Sat, 23 Sep 2023 19:47:37 GMT\r\nserver: openresty/1.17.8.2\r\ncache-control: no-store, no-cache, must-revalidate, no-transform\r\npragma: no-cache\r\np3p: CP=\"NID DSP ALL COR\"\r\ncontent-encoding: gzip\r\naccept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List\r\nx-cache: Miss from cloudfront\r\nvia: 1.1 8ac66e1d6983a0f44cf391b1ec3b1cce.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nx-amz-cf-id: RHud0jUqrBOcZjIG0ahrrgx-OE8fWyKuE9Xr-tCy82pSE_RQPQMtRQ==\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1156,"size_decoded":0,"mime_type":"text/html","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- exported SGML document, ASCII text, with very long lines (2998), with no line terminators","md5":"423c8d6735cf91a8a82a5dc9653b0d64","sha1":"1c12622e0e591e28a509fdac6b37ac9f63e329c8","sha256":"f55aa868250ec9f5a3ac9a5557c72429b050540c082387d4dfe2e2fae8a7f0db","sha512":"756b1fd15ab206aeb118c2a257e2470dfdf27bab2c7c673bbe96acde5d02689aad8eaf4643a177d892107bc02f810005a5e8d1b48969c8533e9d13705ebd7556","ssdeep":"","tlshash":"c851f08d34f36082c2f26054043bb99afa389a91834cdb54863c96bcbd715ea6357f4c","first_seen":"2023-09-23T21:48:03Z","last_seen":"2023-09-23T21:48:03Z","times_seen":1,"resource_available":false,"data":null}},"time_used":104,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":104,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"idohethisisathllea.com/UHViN0YxFwFaeTFIABEzIhlfEnQWUFBxIiVFEkIiYAYGWysqE0xUKj8ABlE0PxsWGSg1AUcFAGYUU3UrAUYjfhYnEg5jPmhAI1lzGiAPUxUzHjB5CTggEX8uJAEgYwc6LSNmMBRFM1ABOzRRdCFpATRaEzM2CAMENhk7eBY3I0cFBAEgUk8HOTMsb3UJJi9PfhEXM1Q+GCQ7WQQpMDRyLGU0LF8AByUzXHMXJAEPBGIvIXsRBjwBBhAKLCcDcQEjEgYQATM0YBERPilfcjU+J3k+ATcsWBMSDSVvdQYjI2EQCiwgZncGIwVlEGM7KGUREiU4XAwyOxUaCzcyFWV3BjQ0dBFiMzVUdhYXO2IIKCQjB3MWNjtgBBMdJlQSChQ7YSIkJCcHKgdGKxEsIxoMR3szBjEAEhk5VnwM","fqdn":"idohethisisathllea.com","domain":"idohethisisathllea.com","tld":"com"},"ip":{"addr":"54.230.111.91","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error","date":"2023-09-23T19:47:37.659Z","timestamp":1695498457659,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"idohethisisathllea.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M02","organization":"Amazon"},"validity":{"start":"Wed, 13 Sep 2023 00:00:00 GMT","end":"Fri, 11 Oct 2024 23:59:59 GMT"},"fingerprint":{"sha1":"85:DD:DD:23:88:CB:8B:EE:0A:E8:28:AD:8D:6A:15:CA:6B:85:DA:DF","sha256":"33:65:00:BC:8B:CA:C9:F9:3E:94:7D:2C:67:29:B8:51:59:51:6D:A5:C6:8F:0C:3C:CB:BB:AD:1C:65:93:07:7A"}}},"request":{"raw":"GET /UHViN0YxFwFaeTFIABEzIhlfEnQWUFBxIiVFEkIiYAYGWysqE0xUKj8ABlE0PxsWGSg1AUcFAGYUU3UrAUYjfhYnEg5jPmhAI1lzGiAPUxUzHjB5CTggEX8uJAEgYwc6LSNmMBRFM1ABOzRRdCFpATRaEzM2CAMENhk7eBY3I0cFBAEgUk8HOTMsb3UJJi9PfhEXM1Q+GCQ7WQQpMDRyLGU0LF8AByUzXHMXJAEPBGIvIXsRBjwBBhAKLCcDcQEjEgYQATM0YBERPilfcjU+J3k+ATcsWBMSDSVvdQYjI2EQCiwgZncGIwVlEGM7KGUREiU4XAwyOxUaCzcyFWV3BjQ0dBFiMzVUdhYXO2IIKCQjB3MWNjtgBBMdJlQSChQ7YSIkJCcHKgdGKxEsIxoMR3szBjEAEhk5VnwM HTTP/1.1\r\nHost: idohethisisathllea.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.upload.ee/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/html\r\ncontent-length: 1169\r\ndate: Sat, 23 Sep 2023 19:47:37 GMT\r\nserver: openresty/1.17.8.2\r\ncache-control: no-store, no-cache, must-revalidate, no-transform\r\npragma: no-cache\r\np3p: CP=\"NID DSP ALL COR\"\r\ncontent-encoding: gzip\r\naccept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List\r\nx-cache: Miss from cloudfront\r\nvia: 1.1 8ac66e1d6983a0f44cf391b1ec3b1cce.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nx-amz-cf-id: 3Vhq28qXrRt2IUigYXojM52Dl4KX2RHg3RnegXtqAZmqMPQUr2YMkA==\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1169,"size_decoded":0,"mime_type":"text/html","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- exported SGML document, ASCII text, with very long lines (3015), with no line terminators","md5":"aa15a4fd1bf3993398aaabb6a5d177fe","sha1":"2e41389f6f277dc1b837402fc96fe4833a51871b","sha256":"a6f79bda7e04df08e8b0b12c00d108545f9b7cac6e431aa951502d69068999ff","sha512":"06996087b857f346ba6280ef2543000e61a03c4d263f17a3bd235118b692e4658f896e783c4cf900cac28ba374ac18ee204a1aea93369bffa9f28bdca4caab4d","ssdeep":"","tlshash":"e851df8d34f3a082c2f27065052bb59afa285aa1834ccb18863d96bdbc715dd6367f4c","first_seen":"2023-09-23T21:48:03Z","last_seen":"2023-09-23T21:48:03Z","times_seen":1,"resource_available":false,"data":null}},"time_used":109,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":108,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gourgoldpieceso.com/UXpuSXB+RQ06TR8sPA8nPAkmEzgHCzkuFCIeOSEqEC0WMRFgHUg9GTVHV3BHZUtabwA4HlN4ViIODz0FIkdfbxk/HAF0VidHX2dDZVRdfV5hXBt0QXcOHigXbEtIOQQlFlN4RmhPWnBIZU9Zf0Jo","fqdn":"gourgoldpieceso.com","domain":"gourgoldpieceso.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"Colombia","country_code":"CO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error","date":"2023-09-23T19:47:37.654Z","timestamp":1695498457654,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gourgoldpieceso.com","organization":""},"issuer":{"commonName":"GTS CA 1P5","organization":"Google Trust Services LLC"},"validity":{"start":"Wed, 13 Sep 2023 06:21:57 GMT","end":"Tue, 12 Dec 2023 06:21:56 GMT"},"fingerprint":{"sha1":"2F:6C:A4:39:D1:55:B5:C3:E1:69:AB:2B:9A:94:A6:6C:EA:FB:0A:F9","sha256":"D6:98:E1:E4:C0:02:1D:9E:7C:57:DC:A2:52:E1:A1:4A:06:7B:A3:7F:DB:DA:36:2D:42:66:DF:9A:E5:1E:2E:80"}}},"request":{"raw":"GET /UXpuSXB+RQ06TR8sPA8nPAkmEzgHCzkuFCIeOSEqEC0WMRFgHUg9GTVHV3BHZUtabwA4HlN4ViIODz0FIkdfbxk/HAF0VidHX2dDZVRdfV5hXBt0QXcOHigXbEtIOQQlFlN4RmhPWnBIZU9Zf0Jo HTTP/1.1\r\nHost: gourgoldpieceso.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.upload.ee/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 204 No Content\r\ndate: Sat, 23 Sep 2023 19:47:37 GMT\r\naccess-control-allow-origin: *\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=VyuPwLd1KWspSephcmB2FKv4oaoSz0QvvJn7OWtXEC052Vh8H%2BG1zuZn4EQipAA8kiomtWRJrFjGmHKgAlNZzDR1%2BUTEQfihA3M9GxhNaH2GuokrtllfeX4L1y%2F65C%2BBOIK%2BvHS3\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 80b54ceecbbbb50f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-20T09:12:38.992731Z","times_seen":15478837,"resource_available":true,"data":null}},"time_used":117,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":117,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-LT9YQX0N49\u0026l=dataLayer\u0026cx=c","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.74.40","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error","date":"2023-09-23T19:47:37.969Z","timestamp":1695498457969,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"GTS CA 1C3","organization":"Google Trust Services LLC"},"validity":{"start":"Mon, 04 Sep 2023 08:17:06 GMT","end":"Mon, 27 Nov 2023 08:17:05 GMT"},"fingerprint":{"sha1":"00:ED:16:68:8D:DB:14:8B:43:01:81:CA:83:9A:AE:5B:24:AB:11:18","sha256":"A7:5A:4E:D4:52:12:7D:30:6C:86:1D:F0:95:AC:85:55:FE:12:AB:A0:E0:41:94:87:35:7A:8C:96:FE:D9:E6:F0"}}},"request":{"raw":"GET /gtag/js?id=G-LT9YQX0N49\u0026l=dataLayer\u0026cx=c HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.upload.ee/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Cache-Control\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Sat, 23 Sep 2023 19:47:37 GMT\r\nexpires: Sat, 23 Sep 2023 19:47:37 GMT\r\ncache-control: private, max-age=900\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\nserver: Google Tag Manager\r\ncontent-length: 85870\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":85870,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"ASCII text, with very long lines (3034)","md5":"06417a8644b55269eab07f9b225e4c27","sha1":"4ba09c7d4d1206c222c64c6c18a2b2cf0a5a0b23","sha256":"f437ed8f97202f98e9282e8377042e291f3fc0e7fbcd1906b7df6a751fcea58e","sha512":"740467bfa9dab3ed1e3b4d88dd0167642da39cabb8f2de21a7f5e26750e8f07a1606b841ff903111e81836a19d2d47683aca94f94dbc61e772b467514e73b71b","ssdeep":"3072:WHrj1KJllbPChIwFy1QLUnhWYNYREMLaFLeknNBiw6jOkrgUIq16a6JnWI+Rb:uf4bKhIwFy17n2UaknNBiwG7rX31D6Ja","tlshash":"2a3408d9b3c3706682a7f479503f014ba57b2ca6b44ccc98e189c9d02e78a99513bf7c","first_seen":"2023-09-23T21:48:03Z","last_seen":"2023-09-23T21:48:03Z","times_seen":1,"resource_available":true,"data":null}},"time_used":81,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":26,"receive":55,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.upload.ee/favicon.ico","fqdn":"www.upload.ee","domain":"upload.ee","tld":"ee"},"ip":{"addr":"51.91.30.159","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error","date":"2023-09-23T19:47:38.077Z","timestamp":1695498458077,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.upload.ee","organization":""},"issuer":{"commonName":"RapidSSL Global TLS RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Thu, 02 Mar 2023 00:00:00 GMT","end":"Mon, 01 Apr 2024 23:59:59 GMT"},"fingerprint":{"sha1":"50:32:93:34:C8:04:2F:84:49:77:0D:C4:DD:CA:79:C9:CB:3E:C0:F4","sha256":"AB:0D:2D:02:34:6F:B5:08:58:FA:7A:F5:12:43:16:EF:56:12:7B:6F:99:CB:3F:AA:39:F3:0E:91:FE:43:FE:CF"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: www.upload.ee\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error\r\nCookie: lng=eng\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 23 Sep 2023 19:47:37 GMT\r\nContent-Type: image/x-icon\r\nContent-Length: 1150\r\nLast-Modified: Tue, 16 Dec 2008 17:17:25 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=20\r\nETag: \"4947e2a5-47e\"\r\nExpires: Sat, 30 Sep 2023 19:47:37 GMT\r\nCache-Control: max-age=604800\r\nAccept-Ranges: bytes\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1150,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\\012- data","md5":"f299cf2e651c19e48d27900ced493ccb","sha1":"c2d1086d517d7a26292e0d7b32da7c55b166c23b","sha256":"115c8eb4840245f7aed0cb2a17fa7e91b86f79bb2f223a25af8cc533e1dedff1","sha512":"b46341bfbac50f48afcd2a4e34910901d722ce72f9f34f809916103e01d7ebc11bce15a28bf6449efd49ab9dfef1f84a94e3ad775cbe52d5822996674124b104","ssdeep":"","tlshash":"6921fea2f747de24d05a027081978e195686ee563199204b711c7d6e782e5504435237","first_seen":"2023-04-30T19:35:34Z","last_seen":"2026-05-15T03:10:01.47651Z","times_seen":3625,"resource_available":false,"data":null}},"time_used":31,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":30,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"ocsp.pki.goog/gts1c3","fqdn":"ocsp.pki.goog","domain":"pki.goog","tld":"goog"},"ip":{"addr":"142.250.74.131","port":0,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2023-09-23T19:47:38.126984064Z","timestamp":1695498458126,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST /gts1c3 HTTP/1.1\r\nHost: ocsp.pki.goog\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 83\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Type: application/ocsp-response\r\nDate: Sat, 23 Sep 2023 19:47:37 GMT\r\nCache-Control: public, max-age=14400\r\nServer: ocsp_responder\r\nContent-Length: 471\r\nX-XSS-Protection: 0\r\nX-Frame-Options: SAMEORIGIN\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":471,"size_decoded":0,"mime_type":"application/octet-stream","magic":"data","md5":"a1df14e0c62a34d1aeeb45ab94638130","sha1":"d3bdfb2c75f9fdc495b9662ae128e4992accc8d6","sha256":"e95646a781b21b7bebac7070f1b6e5d511fb2fa24d0b24e382ecc97736e3d92a","sha512":"657f260850253e9c5ba6ad867bc162b28527ef7c89efaae9fc2f48ff7d8d436ed831fbd73284b96417ea7255aabdb458dcdb5feb2a440a39a671bbf5015a4261","ssdeep":"","tlshash":"8ef0dc29a6f01e836d1b9e9e12fad6382920392d89a49584a4bcedd5072c37e1e5c12c","first_seen":"2023-09-23T00:02:14Z","last_seen":"2023-09-23T22:37:16Z","times_seen":327,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"ocsp.pki.goog/gts1c3","fqdn":"ocsp.pki.goog","domain":"pki.goog","tld":"goog"},"ip":{"addr":"142.250.74.131","port":0,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2023-09-23T19:47:38.150996204Z","timestamp":1695498458151,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST /gts1c3 HTTP/1.1\r\nHost: ocsp.pki.goog\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 83\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Type: application/ocsp-response\r\nDate: Sat, 23 Sep 2023 19:47:37 GMT\r\nCache-Control: public, max-age=14400\r\nServer: ocsp_responder\r\nContent-Length: 471\r\nX-XSS-Protection: 0\r\nX-Frame-Options: SAMEORIGIN\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":471,"size_decoded":0,"mime_type":"application/octet-stream","magic":"data","md5":"a1df14e0c62a34d1aeeb45ab94638130","sha1":"d3bdfb2c75f9fdc495b9662ae128e4992accc8d6","sha256":"e95646a781b21b7bebac7070f1b6e5d511fb2fa24d0b24e382ecc97736e3d92a","sha512":"657f260850253e9c5ba6ad867bc162b28527ef7c89efaae9fc2f48ff7d8d436ed831fbd73284b96417ea7255aabdb458dcdb5feb2a440a39a671bbf5015a4261","ssdeep":"","tlshash":"8ef0dc29a6f01e836d1b9e9e12fad6382920392d89a49584a4bcedd5072c37e1e5c12c","first_seen":"2023-09-23T00:02:14Z","last_seen":"2023-09-23T22:37:16Z","times_seen":327,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"idohethisisathllea.com/utx?cb=TU6XiFuBkxTs\u0026top=www.upload.ee\u0026tid=997369","fqdn":"idohethisisathllea.com","domain":"idohethisisathllea.com","tld":"com"},"ip":{"addr":"54.230.111.91","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error","date":"2023-09-23T19:47:38.085Z","timestamp":1695498458085,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"idohethisisathllea.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M02","organization":"Amazon"},"validity":{"start":"Wed, 13 Sep 2023 00:00:00 GMT","end":"Fri, 11 Oct 2024 23:59:59 GMT"},"fingerprint":{"sha1":"85:DD:DD:23:88:CB:8B:EE:0A:E8:28:AD:8D:6A:15:CA:6B:85:DA:DF","sha256":"33:65:00:BC:8B:CA:C9:F9:3E:94:7D:2C:67:29:B8:51:59:51:6D:A5:C6:8F:0C:3C:CB:BB:AD:1C:65:93:07:7A"}}},"request":{"raw":"GET /utx?cb=TU6XiFuBkxTs\u0026top=www.upload.ee\u0026tid=997369 HTTP/1.1\r\nHost: idohethisisathllea.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.upload.ee\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.upload.ee/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 204 No Content\r\ndate: Sat, 23 Sep 2023 19:47:37 GMT\r\nserver: openresty/1.17.8.2\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://www.upload.ee\r\ncache-control: no-store, no-cache, must-revalidate, no-transform\r\npragma: no-cache\r\np3p: CP=\"NID DSP ALL COR\"\r\nset-cookie: ut=x; Expires=Sat, 23 Sep 2023 19:48:37 GMT; Max-Age=60\r\naccept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List\r\nx-cache: Miss from cloudfront\r\nvia: 1.1 8ac66e1d6983a0f44cf391b1ec3b1cce.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nx-amz-cf-id: 7jgsBZWl5SjvpAlwqIiEES_MCL81Ex4nFPN1_9yfYoi0VDYNnB4-Hw==\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/xml","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-20T09:12:38.992731Z","times_seen":15478837,"resource_available":true,"data":null}},"time_used":102,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":102,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"idohethisisathllea.com/utx?cb=zmH2OcTbG8XK\u0026top=www.upload.ee\u0026tid=997414","fqdn":"idohethisisathllea.com","domain":"idohethisisathllea.com","tld":"com"},"ip":{"addr":"54.230.111.91","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error","date":"2023-09-23T19:47:38.095Z","timestamp":1695498458095,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"idohethisisathllea.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M02","organization":"Amazon"},"validity":{"start":"Wed, 13 Sep 2023 00:00:00 GMT","end":"Fri, 11 Oct 2024 23:59:59 GMT"},"fingerprint":{"sha1":"85:DD:DD:23:88:CB:8B:EE:0A:E8:28:AD:8D:6A:15:CA:6B:85:DA:DF","sha256":"33:65:00:BC:8B:CA:C9:F9:3E:94:7D:2C:67:29:B8:51:59:51:6D:A5:C6:8F:0C:3C:CB:BB:AD:1C:65:93:07:7A"}}},"request":{"raw":"GET /utx?cb=zmH2OcTbG8XK\u0026top=www.upload.ee\u0026tid=997414 HTTP/1.1\r\nHost: idohethisisathllea.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.upload.ee\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.upload.ee/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 204 No Content\r\ndate: Sat, 23 Sep 2023 19:47:37 GMT\r\nserver: openresty/1.17.8.2\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://www.upload.ee\r\ncache-control: no-store, no-cache, must-revalidate, no-transform\r\npragma: no-cache\r\np3p: CP=\"NID DSP ALL COR\"\r\nset-cookie: ut=x; Expires=Sat, 23 Sep 2023 19:48:37 GMT; Max-Age=60\r\naccept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List\r\nx-cache: Miss from cloudfront\r\nvia: 1.1 8ac66e1d6983a0f44cf391b1ec3b1cce.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nx-amz-cf-id: 9EvH-zWACLMvl2hFUW3opfHUj6a7XG5KBNlRRo3P_i5ObN84ypKe_A==\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/xml","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-20T09:12:38.992731Z","times_seen":15478837,"resource_available":true,"data":null}},"time_used":104,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":103,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"accounts.google.com/ServiceLogin?passive=true\u0026continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico\u0026uilel=3\u0026hl=en\u0026service=mail","fqdn":"accounts.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"142.250.74.109","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error","date":"2023-09-23T19:47:38.060Z","timestamp":1695498458060,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"accounts.google.com","organization":""},"issuer":{"commonName":"GTS CA 1C3","organization":"Google Trust Services LLC"},"validity":{"start":"Mon, 04 Sep 2023 08:23:30 GMT","end":"Mon, 27 Nov 2023 08:23:29 GMT"},"fingerprint":{"sha1":"2F:C1:71:0A:05:D9:0F:38:EF:D1:16:F7:50:AF:41:48:6B:F9:BA:B5","sha256":"C6:A3:7B:D9:4E:94:E5:29:23:63:E4:9C:48:F1:D8:15:E2:B1:78:67:BD:A4:D3:9B:52:7B:D5:90:90:A5:80:C2"}}},"request":{"raw":"GET /ServiceLogin?passive=true\u0026continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico\u0026uilel=3\u0026hl=en\u0026service=mail HTTP/1.1\r\nHost: accounts.google.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.upload.ee/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ncontent-type: application/binary\r\nset-cookie: __Host-GAPS=1:DmwLWdMULrNODhTcXQIbAAMc15psCw:YPL-eSyTx3sGzqTL; Expires=Mon, 22-Sep-2025 19:47:37 GMT; Path=/; Secure; HttpOnly; Priority=HIGH\r\ncache-control: no-cache, no-store, max-age=0, must-revalidate\r\npragma: no-cache\r\nexpires: Mon, 01 Jan 1990 00:00:00 GMT\r\ndate: Sat, 23 Sep 2023 19:47:37 GMT\r\nlocation: https://accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico\u0026hl=en\u0026passive=true\u0026service=mail\u0026uilel=3\u0026ifkv=AYZoVhfhpYrh52g8N8Zs_yOyn6d4uh99LIZre-G3sP5m4wA27UMPEi49Ze-iuMogc2UCK-jeLYHqnw\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version\r\ncontent-security-policy: script-src 'nonce-w9I8D9-ilbyCnPlw6nFg-w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: unsafe-none\r\npermissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*\r\nserver: ESF\r\ncontent-length: 0\r\nx-xss-protection: 0\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-20T09:12:38.992731Z","times_seen":15478837,"resource_available":true,"data":null}},"time_used":240,"timings":{"blocked":91,"dns":0,"connect":8,"send":0,"wait":48,"receive":1,"ssl":88},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"accounts.google.com/ServiceLogin?passive=true\u0026continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico\u0026uilel=3\u0026hl=en\u0026service=youtube","fqdn":"accounts.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"142.250.74.109","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error","date":"2023-09-23T19:47:38.063Z","timestamp":1695498458063,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"accounts.google.com","organization":""},"issuer":{"commonName":"GTS CA 1C3","organization":"Google Trust Services LLC"},"validity":{"start":"Mon, 04 Sep 2023 08:23:30 GMT","end":"Mon, 27 Nov 2023 08:23:29 GMT"},"fingerprint":{"sha1":"2F:C1:71:0A:05:D9:0F:38:EF:D1:16:F7:50:AF:41:48:6B:F9:BA:B5","sha256":"C6:A3:7B:D9:4E:94:E5:29:23:63:E4:9C:48:F1:D8:15:E2:B1:78:67:BD:A4:D3:9B:52:7B:D5:90:90:A5:80:C2"}}},"request":{"raw":"GET /ServiceLogin?passive=true\u0026continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico\u0026uilel=3\u0026hl=en\u0026service=youtube HTTP/1.1\r\nHost: accounts.google.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.upload.ee/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ncontent-type: application/binary\r\nset-cookie: __Host-GAPS=1:pojKBAIFMgFj6wFYogy8Qjwao59Cdg:YCDFTMb_XzSz-_iz; Expires=Mon, 22-Sep-2025 19:47:37 GMT; Path=/; Secure; HttpOnly; Priority=HIGH\r\ncache-control: no-cache, no-store, max-age=0, must-revalidate\r\npragma: no-cache\r\nexpires: Mon, 01 Jan 1990 00:00:00 GMT\r\ndate: Sat, 23 Sep 2023 19:47:37 GMT\r\nlocation: https://accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico\u0026hl=en\u0026passive=true\u0026service=youtube\u0026uilel=3\u0026ifkv=AYZoVher_bAnhpZxr3L3lllYUneiDBRzCvQkzXp2k1qf2mpEDKtWV02twGZ-l1etWoqV_qEytyP_GA\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\npermissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*\r\naccept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version\r\ncross-origin-opener-policy: unsafe-none\r\ncontent-security-policy: require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport, script-src 'nonce-1EpEZbmuFCZFSJXjftSm0g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist\r\nserver: ESF\r\ncontent-length: 0\r\nx-xss-protection: 0\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-20T09:12:38.992731Z","times_seen":15478837,"resource_available":true,"data":null}},"time_used":297,"timings":{"blocked":99,"dns":0,"connect":10,"send":0,"wait":83,"receive":5,"ssl":95},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"ocsp.pki.goog/gts1c3","fqdn":"ocsp.pki.goog","domain":"pki.goog","tld":"goog"},"ip":{"addr":"142.250.74.131","port":0,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2023-09-23T19:47:38.269239063Z","timestamp":1695498458269,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST /gts1c3 HTTP/1.1\r\nHost: ocsp.pki.goog\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 84\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Type: application/ocsp-response\r\nDate: Sat, 23 Sep 2023 19:47:38 GMT\r\nCache-Control: public, max-age=14400\r\nServer: ocsp_responder\r\nContent-Length: 472\r\nX-XSS-Protection: 0\r\nX-Frame-Options: SAMEORIGIN\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":472,"size_decoded":0,"mime_type":"application/octet-stream","magic":"data","md5":"8e0560c46747530b07f20c3704aecf0c","sha1":"30e8a5e5b62c28ed29ef6408f9044f2d8a911db5","sha256":"e5b8c6bd88bfb832b0b14cf3e17048b546cbf82d7de8d539f8fdad12794b3cb8","sha512":"639f5ed7498c25a719a3a97037432ef2207b9b7b1fe0aa7a2393ddca49e49d597d10f43848ed82bc7d42e6834459732d790d8f7036bc5c2081cbf10230888f4e","ssdeep":"","tlshash":"c1f054487ff439006601e5144efa795417d2379a2ddc80043cfcd3841f242e4370ca0c","first_seen":"2023-09-23T00:02:37Z","last_seen":"2023-09-23T22:51:18Z","times_seen":1203,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"du0pud0sdlmzf.cloudfront.net/UZWJXWkMGDTk8fBELM2d6XFVkbHpDCCQ1LRVfPiAPEQ05IjUjRCMgJ1hScTYiCwVqfCYLAWprZQQGNWd3QxYnNShYAyU3LhIDNT86C0QiO34IDS0zLwkDcmgFUExnf3FVSi9rckBRFX9xVQ4+NDYdR2VqO11UCGx3QFEVf3FVECF/cCRTZ2NtVUtyaHMCBz-QxLEBQEWhzVFJna3NUR2VqJQwQMjwsHUdlHHJUU3lqZRBfZg","fqdn":"du0pud0sdlmzf.cloudfront.net","domain":"du0pud0sdlmzf.cloudfront.net","tld":"cloudfront.net"},"ip":{"addr":"143.204.42.211","port":0,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2023-09-23T19:47:38.286802244Z","timestamp":1695498458286,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.cloudfront.net","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Thu, 08 Dec 2022 00:00:00 GMT","end":"Thu, 07 Dec 2023 23:59:59 GMT"},"fingerprint":{"sha1":"BA:0F:CD:B3:EA:19:B2:9D:99:9B:51:2D:16:33:6B:D0:3F:31:A2:AB","sha256":"0E:61:DC:91:28:A6:D0:1C:35:83:E4:6C:B8:71:E9:59:0C:A7:63:6F:3B:39:4E:60:B9:10:FD:B2:49:E9:04:65"}}},"request":{"raw":"GET /UZWJXWkMGDTk8fBELM2d6XFVkbHpDCCQ1LRVfPiAPEQ05IjUjRCMgJ1hScTYiCwVqfCYLAWprZQQGNWd3QxYnNShYAyU3LhIDNT86C0QiO34IDS0zLwkDcmgFUExnf3FVSi9rckBRFX9xVQ4+NDYdR2VqO11UCGx3QFEVf3FVECF/cCRTZ2NtVUtyaHMCBz-QxLEBQEWhzVFJna3NUR2VqJQwQMjwsHUdlHHJUU3lqZRBfZg HTTP/1.1\r\nHost: du0pud0sdlmzf.cloudfront.net\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://idohethisisathllea.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/2 200 OK\r\ncontent-length: 617\r\ndate: Sat, 23 Sep 2023 19:47:38 GMT\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31556926\r\ncontent-encoding: gzip\r\nx-cache: Miss from cloudfront\r\nvia: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-C1\r\nx-amz-cf-id: Rpid0SRWko29jT1lSMtkbUylG4Jid-fCica9IA_JMPLbGE9vfIsg6w==\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":617,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"ASCII text, with very long lines (873), with no line terminators","md5":"7a6bfd5449561fef83c9600357e8be37","sha1":"b015c6ba4fff9033a60f7f91153f4b71ea5c0bad","sha256":"d9113e822a136df0d759fb92fef105069dc99fc9d5ae048081ff2b8cf83b5043","sha512":"e49638b655eecf19e64362688c686e6ad48150037b4f47cf1a706093d43b5610ba92277940a8e97bff163dbab129f7995574c0a34bce7d1135301d3c3712cd0b","ssdeep":"","tlshash":"be116399908097760825a47f23f0d06993ccf18834aa5ba988060ff7970de0ec3a1508","first_seen":"2023-09-23T21:48:03Z","last_seen":"2023-09-23T21:48:03Z","times_seen":1,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"du0pud0sdlmzf.cloudfront.net/6a1BmQ3AIPwglTx85An5JUmdSckRNOhUsHhttBTAjXAQvD0QgGkA3Cg9tVmUcCj4BflYOPgV+QU0xAiFNX3YSMx8AbQcxHQYnByEVEj5ANhFWPQk5GQc8B2ZCLWVIc1VZYE47QVp1VQFVWWAKKh4eKENxQBNoUBxGX3VVAVVZYBQ1VVgRV3NJRWBPZkJbNw-MgGwR1VAVCW2FWc0FbYUNxQA05FCYWBChDcTZaYVdtQE0lW3I","fqdn":"du0pud0sdlmzf.cloudfront.net","domain":"du0pud0sdlmzf.cloudfront.net","tld":"cloudfront.net"},"ip":{"addr":"143.204.42.211","port":0,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2023-09-23T19:47:38.293840165Z","timestamp":1695498458293,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.cloudfront.net","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Thu, 08 Dec 2022 00:00:00 GMT","end":"Thu, 07 Dec 2023 23:59:59 GMT"},"fingerprint":{"sha1":"BA:0F:CD:B3:EA:19:B2:9D:99:9B:51:2D:16:33:6B:D0:3F:31:A2:AB","sha256":"0E:61:DC:91:28:A6:D0:1C:35:83:E4:6C:B8:71:E9:59:0C:A7:63:6F:3B:39:4E:60:B9:10:FD:B2:49:E9:04:65"}}},"request":{"raw":"GET /6a1BmQ3AIPwglTx85An5JUmdSckRNOhUsHhttBTAjXAQvD0QgGkA3Cg9tVmUcCj4BflYOPgV+QU0xAiFNX3YSMx8AbQcxHQYnByEVEj5ANhFWPQk5GQc8B2ZCLWVIc1VZYE47QVp1VQFVWWAKKh4eKENxQBNoUBxGX3VVAVVZYBQ1VVgRV3NJRWBPZkJbNw-MgGwR1VAVCW2FWc0FbYUNxQA05FCYWBChDcTZaYVdtQE0lW3I HTTP/1.1\r\nHost: du0pud0sdlmzf.cloudfront.net\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://idohethisisathllea.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/2 200 OK\r\ncontent-length: 581\r\ndate: Sat, 23 Sep 2023 19:47:38 GMT\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31556926\r\ncontent-encoding: gzip\r\nx-cache: Miss from cloudfront\r\nvia: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-C1\r\nx-amz-cf-id: FFYjdRf95LVhCSIT8O8I9_ZEuzKizryaLAC0tR4uYfXfgFsd_8YI3A==\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":581,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"ASCII text, with very long lines (806), with no line terminators","md5":"f441b30ab32005483b06a45b43bde0d3","sha1":"a13ee7d931febe257baa449b3b9c0305da639a07","sha256":"8d99292a933c1196951710a69f2b1d07e8b29132a30f4ec6ca215a7ede8026bb","sha512":"3813ee6e431db3b1bee65dfd5f42fa3f1ad9e8c04dd68de99bbe94ad33361cc6379080320b5eee7206b4d1bd00f0756fe33566bdbdc907fb4d9907d1abc8c1b0","ssdeep":"","tlshash":"4201c56652d08fb20c5574be13d0e02843dce0da24ba23ac44462fb7930ce0ec7a0608","first_seen":"2023-09-23T21:48:03Z","last_seen":"2023-09-23T21:48:03Z","times_seen":1,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"du0pud0sdlmzf.cloudfront.net/8VVZ0SjE2ORosDiE/EHcIbGFAeglzPAclXyVrNj96HQ4nJXMRNCc5FyEsEHcBczoVJFZocBEkUmhnUitVN2tAbEQ0axklSzw6GCsUZxBBZAFwZERiSWRnUXlzcGREJlg7IwxvA2UuTHxuY2JReXNwZEQ4R3BlNXsBbHhEYxRnZhMvUj45UXh3Z2ZFegFkZk-VvA2UwHThUMzkMbwMTZ0V7H2VwAXcA","fqdn":"du0pud0sdlmzf.cloudfront.net","domain":"du0pud0sdlmzf.cloudfront.net","tld":"cloudfront.net"},"ip":{"addr":"143.204.42.211","port":0,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2023-09-23T19:47:38.303047834Z","timestamp":1695498458303,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.cloudfront.net","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Thu, 08 Dec 2022 00:00:00 GMT","end":"Thu, 07 Dec 2023 23:59:59 GMT"},"fingerprint":{"sha1":"BA:0F:CD:B3:EA:19:B2:9D:99:9B:51:2D:16:33:6B:D0:3F:31:A2:AB","sha256":"0E:61:DC:91:28:A6:D0:1C:35:83:E4:6C:B8:71:E9:59:0C:A7:63:6F:3B:39:4E:60:B9:10:FD:B2:49:E9:04:65"}}},"request":{"raw":"GET /8VVZ0SjE2ORosDiE/EHcIbGFAeglzPAclXyVrNj96HQ4nJXMRNCc5FyEsEHcBczoVJFZocBEkUmhnUitVN2tAbEQ0axklSzw6GCsUZxBBZAFwZERiSWRnUXlzcGREJlg7IwxvA2UuTHxuY2JReXNwZEQ4R3BlNXsBbHhEYxRnZhMvUj45UXh3Z2ZFegFkZk-VvA2UwHThUMzkMbwMTZ0V7H2VwAXcA HTTP/1.1\r\nHost: du0pud0sdlmzf.cloudfront.net\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://idohethisisathllea.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/2 200 OK\r\ncontent-length: 197\r\ndate: Sat, 23 Sep 2023 19:47:38 GMT\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31556926\r\ncontent-encoding: gzip\r\nx-cache: Miss from cloudfront\r\nvia: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-C1\r\nx-amz-cf-id: cOdGscg5gtDOdT2-zuVQLBRuCelp3L3CrUJp46B2N1WSPbdCbIqmhA==\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":197,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"ASCII text, with no line terminators","md5":"e9f98a6efee1cbaea0bc7d3c750a69c9","sha1":"0e6b9fff114f6583c9e7ed38bcde8fd2d47b2bf4","sha256":"84c3e9093cad3d3f85572426a55606c2e214a08798202652f9e7b3a70df0197d","sha512":"f5bd5b7de977be7a9d7c0944cc89a3ed0a90066c178d3d50c2bf3c04f2b8b2ed9d6a05218df0d1489820a035ed369a68967e43ab1faade575cfc1705d624ca0d","ssdeep":"","tlshash":"77d02230870062e434261f5ba2b232a01a6566e813b1503e2433b3736f0f82ad7ea31c","first_seen":"2023-09-23T21:48:03Z","last_seen":"2023-09-23T21:48:03Z","times_seen":1,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico\u0026hl=en\u0026passive=true\u0026service=mail\u0026uilel=3\u0026ifkv=AYZoVhfhpYrh52g8N8Zs_yOyn6d4uh99LIZre-G3sP5m4wA27UMPEi49Ze-iuMogc2UCK-jeLYHqnw","fqdn":"accounts.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"142.250.74.109","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error","date":"2023-09-23T19:47:38.261Z","timestamp":1695498458261,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"accounts.google.com","organization":""},"issuer":{"commonName":"GTS CA 1C3","organization":"Google Trust Services LLC"},"validity":{"start":"Mon, 04 Sep 2023 08:23:30 GMT","end":"Mon, 27 Nov 2023 08:23:29 GMT"},"fingerprint":{"sha1":"2F:C1:71:0A:05:D9:0F:38:EF:D1:16:F7:50:AF:41:48:6B:F9:BA:B5","sha256":"C6:A3:7B:D9:4E:94:E5:29:23:63:E4:9C:48:F1:D8:15:E2:B1:78:67:BD:A4:D3:9B:52:7B:D5:90:90:A5:80:C2"}}},"request":{"raw":"GET /InteractiveLogin?continue=https://www.google.com/favicon.ico\u0026hl=en\u0026passive=true\u0026service=mail\u0026uilel=3\u0026ifkv=AYZoVhfhpYrh52g8N8Zs_yOyn6d4uh99LIZre-G3sP5m4wA27UMPEi49Ze-iuMogc2UCK-jeLYHqnw HTTP/1.1\r\nHost: accounts.google.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.upload.ee/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ncontent-type: text/html; charset=UTF-8\r\nset-cookie: __Host-GAPS=1:06MYDk_kvVF_FPRELih8OtI-cwrZtg:IjeAFNj4PG46fLdo;Path=/;Expires=Mon, 22-Sep-2025 19:47:38 GMT;Secure;HttpOnly;Priority=HIGH\r\nx-frame-options: DENY\r\ncache-control: no-cache, no-store, max-age=0, must-revalidate\r\npragma: no-cache\r\nexpires: Mon, 01 Jan 1990 00:00:00 GMT\r\ndate: Sat, 23 Sep 2023 19:47:38 GMT\r\nlocation: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico\u0026hl=en\u0026ifkv=AYZoVhemV0JmpLGHdvmrr2VoXiiRLO1WuMf1r-LrU1B-8cjtVUgpXNHNDwVvPAUGrN5KwHhzJrUQ\u0026passive=true\u0026service=mail\u0026uilel=3\u0026flowName=GlifWebSignIn\u0026flowEntry=ServiceLogin\u0026dsh=S2114743945%3A1695498458050990\u0026theme=glif\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncontent-security-policy: script-src 'nonce-WKVUq3TRSwqhJGh1KkNmaw' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport\r\ncross-origin-opener-policy-report-only: same-origin; report-to=\"coop_gse_qebhlk\"\r\nreport-to: {\"group\":\"coop_gse_qebhlk\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/gse_qebhlk\"}]}\r\ncontent-encoding: gzip\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\ncontent-length: 398\r\nserver: GSE\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":null,"data":{"size":398,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document, ASCII text, with very long lines (393)","md5":"82b27c61f99cbd5b8ec37203cc9fb630","sha1":"7153bec9e05e7131765979cd5a6bc3657f87357a","sha256":"86a3284b97ff3ea1e2cc6bbb343471bf42ad7d9ecf9072505d3857eb09464c2a","sha512":"a72db28b1404df2296fb5a7581d2577daf8e5c47a7ede497a52cc43e6a90333af3738916655176bd57bb5aef54bc893d34bfb270257e90add833b7b11cf01c71","ssdeep":"","tlshash":"7ef0c0ea5cda409e7493a8e5e428609c0474785d3ddaa998b1e3971405e5c1711062f3","first_seen":"2023-09-23T21:48:03Z","last_seen":"2023-09-23T21:48:03Z","times_seen":1,"resource_available":false,"data":null}},"time_used":57,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":57,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico\u0026hl=en\u0026passive=true\u0026service=youtube\u0026uilel=3\u0026ifkv=AYZoVher_bAnhpZxr3L3lllYUneiDBRzCvQkzXp2k1qf2mpEDKtWV02twGZ-l1etWoqV_qEytyP_GA","fqdn":"accounts.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"142.250.74.109","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error","date":"2023-09-23T19:47:38.339Z","timestamp":1695498458339,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"accounts.google.com","organization":""},"issuer":{"commonName":"GTS CA 1C3","organization":"Google Trust Services LLC"},"validity":{"start":"Mon, 04 Sep 2023 08:23:30 GMT","end":"Mon, 27 Nov 2023 08:23:29 GMT"},"fingerprint":{"sha1":"2F:C1:71:0A:05:D9:0F:38:EF:D1:16:F7:50:AF:41:48:6B:F9:BA:B5","sha256":"C6:A3:7B:D9:4E:94:E5:29:23:63:E4:9C:48:F1:D8:15:E2:B1:78:67:BD:A4:D3:9B:52:7B:D5:90:90:A5:80:C2"}}},"request":{"raw":"GET /InteractiveLogin?continue=https://www.youtube.com/favicon.ico\u0026hl=en\u0026passive=true\u0026service=youtube\u0026uilel=3\u0026ifkv=AYZoVher_bAnhpZxr3L3lllYUneiDBRzCvQkzXp2k1qf2mpEDKtWV02twGZ-l1etWoqV_qEytyP_GA HTTP/1.1\r\nHost: accounts.google.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.upload.ee/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ncontent-type: text/html; charset=UTF-8\r\nset-cookie: __Host-GAPS=1:q1dizW5Ci6FPI8MleVHeFdwYD3mT4A:gZQ0NxIvthofADzw;Path=/;Expires=Mon, 22-Sep-2025 19:47:38 GMT;Secure;HttpOnly;Priority=HIGH\r\nx-frame-options: DENY\r\ncache-control: no-cache, no-store, max-age=0, must-revalidate\r\npragma: no-cache\r\nexpires: Mon, 01 Jan 1990 00:00:00 GMT\r\ndate: Sat, 23 Sep 2023 19:47:38 GMT\r\nlocation: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico\u0026hl=en\u0026ifkv=AYZoVhdfjNjuu2iAIXBzr9FthCt5M6NSfUCI5IQq839DI5VRUwj0Ap5VVWl3cMiYiSnjK_oQoygh\u0026passive=true\u0026service=youtube\u0026uilel=3\u0026flowName=GlifWebSignIn\u0026flowEntry=ServiceLogin\u0026dsh=S-1929026816%3A1695498458204218\u0026theme=glif\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nreport-to: {\"group\":\"coop_gse_qebhlk\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/gse_qebhlk\"}]}\r\ncontent-security-policy: script-src 'nonce-4IAmQwAMzXRy69oMcJehmQ' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport\r\ncross-origin-opener-policy-report-only: same-origin; report-to=\"coop_gse_qebhlk\"\r\ncontent-encoding: gzip\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\ncontent-length: 407\r\nserver: GSE\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":null,"data":{"size":407,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document, ASCII text, with very long lines (398)","md5":"781b07f2a11e0e4720c7e09014c688a2","sha1":"8c3190e3998f63e072a2ba3fb173c3fc0806b2c1","sha256":"0e1c2290112f2cf4c0062ce938b8dd2484c8ae9e369755970f9dffba913916e7","sha512":"54a65110a4de232ff60ea52afea39f5e0b8f8d91c27837e3f5af7e10f26f305d0c216ab9f4d47a48a4e649c2f651d32c0421fe08e05f5160b29990cf43e09621","ssdeep":"","tlshash":"88f0c0eb489504ed489338fa9014609d94b8646d3ed2a8b9b5f2971540d8c2710123f3","first_seen":"2023-09-23T21:48:03Z","last_seen":"2023-09-23T21:48:03Z","times_seen":1,"resource_available":false,"data":null}},"time_used":186,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":185,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"serving.bepolite.eu/script?space=50dd7b0f-4105-441f-8f60-18cc3fcb090c\u0026type=direct\u0026page_id=6274834\u0026screen_width=1280\u0026screen_height=1024\u0026os=Linux%20x86_64\u0026refurl=https%3A%2F%2Fwww.upload.ee%2Fdownload%2F15671913%2Fb8d570247eec1d95da60%2FMadDuck.exe\u0026pageurl=https%3A%2F%2Fwww.upload.ee%2Ffiles%2F15671913%2FMadDuck.exe.html%3Fmsg%3Dsess_error\u0026rnd=1695498457479","fqdn":"serving.bepolite.eu","domain":"bepolite.eu","tld":"eu"},"ip":{"addr":"212.47.222.20","port":0,"asn":3327,"as":"CITIC Telecom CPC Netherlands B.V.","country":"Estonia","country_code":"EE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error","date":"2023-09-23T19:47:38.855Z","timestamp":1695498458855,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static.bepolite.eu","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Mon, 04 Sep 2023 21:06:47 GMT","end":"Sun, 03 Dec 2023 21:06:46 GMT"},"fingerprint":{"sha1":"B7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD","sha256":"E6:B8:D8:CD:C4:AF:99:B8:FE:AA:BC:4E:7A:2B:BA:32:A0:C0:A7:49:70:CE:35:CA:6C:01:D2:B9:1A:97:CD:30"}}},"request":{"raw":"GET /script?space=50dd7b0f-4105-441f-8f60-18cc3fcb090c\u0026type=direct\u0026page_id=6274834\u0026screen_width=1280\u0026screen_height=1024\u0026os=Linux%20x86_64\u0026refurl=https%3A%2F%2Fwww.upload.ee%2Fdownload%2F15671913%2Fb8d570247eec1d95da60%2FMadDuck.exe\u0026pageurl=https%3A%2F%2Fwww.upload.ee%2Ffiles%2F15671913%2FMadDuck.exe.html%3Fmsg%3Dsess_error\u0026rnd=1695498457479 HTTP/1.1\r\nHost: serving.bepolite.eu\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.upload.ee/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: private, must-revalidate, max-age=0\r\nvary: accept-encoding\r\ncontent-encoding: gzip\r\ncontent-type: text/plain;charset=ISO-8859-1\r\ndate: Sat, 23 Sep 2023 19:47:23 GMT\r\nset-cookie: bepolite_id=6d7a370753010be9248465ad1424dbed; Max-Age=7776000; Expires=Fri, 22-Dec-2023 19:47:23 GMT; SameSite=None; Secure\r\np3p: CP='BePolite does not have a P3P policy'\r\nx-varnish: 524682451\r\nage: 0\r\naccept-ranges: bytes\r\ncontent-length: 1720\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":1720,"size_decoded":0,"mime_type":"","magic":"ASCII text, with very long lines (528)","md5":"4976a2d25b7b4ab86be2d145fae7582c","sha1":"6f44622ee355387d5bc22dc10e2367c9f7328f0b","sha256":"93468777f4b5e173716ee36c8b0b16f7c04b0930c4559d18e45f64ea396f89d3","sha512":"7cc4ba75c75d0e7a70aca7fc88c07bb81a05c181e43c883cba96827c6abfbd7d36eb47ba9b3ee7fa3cf8fedf8c2da4e7ba439c3069ee9469daf2c4b3b218f9dd","ssdeep":"192:JMmEXVliCFC3C8CBCUYcWeTBuQVCHC9C6CPCnMaxqxH:CmEFICFC3C8CBCUvWUVCHC9C6CPCnMaa","tlshash":"00e1c8c1e70bb04285b074e712fda9cc824c6e7a9d82dc59600b5a6f7cd6a732b4262c","first_seen":"2023-09-23T21:48:03Z","last_seen":"2023-09-23T21:48:03Z","times_seen":1,"resource_available":true,"data":null}},"time_used":358,"timings":{"blocked":70,"dns":1,"connect":13,"send":0,"wait":216,"receive":1,"ssl":55},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.bepolite.eu/scripts/saresponsive.js","fqdn":"static.bepolite.eu","domain":"bepolite.eu","tld":"eu"},"ip":{"addr":"212.47.222.20","port":443,"asn":3327,"as":"CITIC Telecom CPC Netherlands B.V.","country":"Estonia","country_code":"EE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error","date":"2023-09-23T19:47:39.270Z","timestamp":1695498459270,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static.bepolite.eu","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Mon, 04 Sep 2023 21:06:47 GMT","end":"Sun, 03 Dec 2023 21:06:46 GMT"},"fingerprint":{"sha1":"B7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD","sha256":"E6:B8:D8:CD:C4:AF:99:B8:FE:AA:BC:4E:7A:2B:BA:32:A0:C0:A7:49:70:CE:35:CA:6C:01:D2:B9:1A:97:CD:30"}}},"request":{"raw":"GET /scripts/saresponsive.js HTTP/1.1\r\nHost: static.bepolite.eu\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.upload.ee/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\naccept-ranges: bytes\r\netag: \"3552162744\"\r\nlast-modified: Sun, 17 Sep 2023 21:45:34 GMT\r\ncontent-length: 176967\r\ndate: Sat, 23 Sep 2023 19:47:24 GMT\r\ncache-control: must-revalidate, private\r\nexpires: -1\r\np3p: CP='BePolite does not have a P3P policy'\r\nx-varnish: 522679719\r\nage: 0\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":176967,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (32077), with CRLF line terminators","md5":"636b4ad7f97aa55c2242b396fe3e9f44","sha1":"b4d6aae9e6f3de7fb4478f9ee5e12a8141bb02ba","sha256":"54f7e44d9e8b65978b3753e157c4a3c9c338645fcc31429f6c49aca5e4bd1c62","sha512":"93a8b3d7ac4dc3e12cf97b66f376f6dbad42bd950abe820bd2e44b7cfb4e6cfa675748dcaff65d6b040a69d64a855b4e2a383f32b44ab8b6d71c55bf9902888b","ssdeep":"3072:y4J+03jL5TCOauTwDhFdnCVQNLa98HrHevC2eYCLaISE92oa:40zEOQR+iLa98Hr4reYCvSE9K","tlshash":"6c0418d57b8e381787a632a980ff014ef17dd2f6a1094875f09894a06db8a1d13b7f6c","first_seen":"2023-09-19T12:20:21Z","last_seen":"2023-10-02T07:31:20Z","times_seen":16,"resource_available":true,"data":null}},"time_used":65,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":33,"receive":31,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.bepolite.eu/banners/90ac743b-5183-4800-8e6d-04f4da7f04db/index.html?click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttps%253A%252F%252Fomegalaen.ee%252F\u0026dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D\u0026f=https%3A%2F%2Fstatic.bepolite.eu%2Fbanners%2F90ac743b-5183-4800-8e6d-04f4da7f04db%2Findex.html\u0026clink=https%3A%2F%2Fomegalaen.ee%2F\u0026banner_id=01f29e526a8840cb8c6ba9cd7a9e949950dd7b0f4105441f8f6018cc3fcb090c\u0026bg=transparent\u0026w=1000\u0026h=400\u0026locale=Display%20Estonia-EST\u0026info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner","fqdn":"static.bepolite.eu","domain":"bepolite.eu","tld":"eu"},"ip":{"addr":"212.47.222.20","port":443,"asn":3327,"as":"CITIC Telecom CPC Netherlands B.V.","country":"Estonia","country_code":"EE"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error","date":"2023-09-23T19:47:39.468Z","timestamp":1695498459468,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static.bepolite.eu","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Mon, 04 Sep 2023 21:06:47 GMT","end":"Sun, 03 Dec 2023 21:06:46 GMT"},"fingerprint":{"sha1":"B7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD","sha256":"E6:B8:D8:CD:C4:AF:99:B8:FE:AA:BC:4E:7A:2B:BA:32:A0:C0:A7:49:70:CE:35:CA:6C:01:D2:B9:1A:97:CD:30"}}},"request":{"raw":"GET /banners/90ac743b-5183-4800-8e6d-04f4da7f04db/index.html?click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttps%253A%252F%252Fomegalaen.ee%252F\u0026dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D\u0026f=https%3A%2F%2Fstatic.bepolite.eu%2Fbanners%2F90ac743b-5183-4800-8e6d-04f4da7f04db%2Findex.html\u0026clink=https%3A%2F%2Fomegalaen.ee%2F\u0026banner_id=01f29e526a8840cb8c6ba9cd7a9e949950dd7b0f4105441f8f6018cc3fcb090c\u0026bg=transparent\u0026w=1000\u0026h=400\u0026locale=Display%20Estonia-EST\u0026info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner HTTP/1.1\r\nHost: static.bepolite.eu\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.upload.ee/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/html\r\naccept-ranges: bytes\r\netag: \"1848338666\"\r\nlast-modified: Tue, 05 Sep 2023 09:39:01 GMT\r\ncontent-length: 74030\r\ndate: Sat, 23 Sep 2023 19:47:24 GMT\r\ncache-control: must-revalidate, private\r\nexpires: -1\r\np3p: CP='BePolite does not have a P3P policy'\r\nx-varnish: 523289466\r\nage: 0\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":74030,"size_decoded":0,"mime_type":"text/html","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- exported SGML document, ASCII text, with very long lines (19258)","md5":"bf8dfa3a7bda8d31b88de81200b8b02b","sha1":"0b3678f38433c4b6273a632f509a08368dc5ad64","sha256":"6a2d03a0e8e0ecd7cf62fef4a959d23c812d7be45404f382f9d045b0d0a0e2fc","sha512":"312998870316518746759c0dc5433483cb45cc743eea5124680645e1d52175f917a1859984e7a3f936fb4b13c38837937817a09a7459b8c56bc1a71df76bd66e","ssdeep":"768:SgU44joUY5GUPSOBxmxmkCPP50x5z3eAlzvnPdTGGWBwDbgd+e:tU44joUY57xmx3CPP563pa1+e","tlshash":"a57308aa75203134c363c6fa828f690d7638c4a7d805489db19ddcd59f71ae803a7f7a","first_seen":"2023-09-23T21:48:03Z","last_seen":"2023-11-01T13:54:08Z","times_seen":2,"resource_available":false,"data":null}},"time_used":25,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":20,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"ocsp.pki.goog/gts1c3","fqdn":"ocsp.pki.goog","domain":"pki.goog","tld":"goog"},"ip":{"addr":"142.250.74.131","port":0,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2023-09-23T19:47:39.650590028Z","timestamp":1695498459650,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST /gts1c3 HTTP/1.1\r\nHost: ocsp.pki.goog\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 83\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Type: application/ocsp-response\r\nDate: Sat, 23 Sep 2023 19:47:39 GMT\r\nCache-Control: public, max-age=14400\r\nServer: ocsp_responder\r\nContent-Length: 471\r\nX-XSS-Protection: 0\r\nX-Frame-Options: SAMEORIGIN\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":471,"size_decoded":0,"mime_type":"application/octet-stream","magic":"data","md5":"8fe5097b12ddbaa7731f5c6d445db349","sha1":"b1d9718a7e3ead4ad6c08b3c888129ddf9ba52af","sha256":"3133a3d91f11eeb170b6a3149b7cceb04228b72a222187bcc374f1fbbdbf4bd3","sha512":"b21090b72700433fbec7da83701e4f344f483ddd4dfb6697cf017a78926f7c428f948e7587edf483d0b543163d98c3a558f350cc090c801e4745fd4b891b618a","ssdeep":"","tlshash":"92f0d41b7d340c426d1b5e994695c5183df1fe4f0f501052786ed3ca525c7a6112451c","first_seen":"2023-09-23T00:00:45Z","last_seen":"2023-09-23T22:51:18Z","times_seen":1825,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css?family=Open+Sans:700,regular|Inter:700","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"216.58.207.202","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://static.bepolite.eu/banners/90ac743b-5183-4800-8e6d-04f4da7f04db/index.html?click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttps%253A%252F%252Fomegalaen.ee%252F\u0026dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D\u0026f=https%3A%2F%2Fstatic.bepolite.eu%2Fbanners%2F90ac743b-5183-4800-8e6d-04f4da7f04db%2Findex.html\u0026clink=https%3A%2F%2Fomegalaen.ee%2F\u0026banner_id=01f29e526a8840cb8c6ba9cd7a9e949950dd7b0f4105441f8f6018cc3fcb090c\u0026bg=transparent\u0026w=1000\u0026h=400\u0026locale=Display%20Estonia-EST\u0026info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner","date":"2023-09-23T19:47:39.566Z","timestamp":1695498459566,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"GTS CA 1C3","organization":"Google Trust Services LLC"},"validity":{"start":"Mon, 04 Sep 2023 08:23:18 GMT","end":"Mon, 27 Nov 2023 08:23:17 GMT"},"fingerprint":{"sha1":"BE:40:3A:A6:DE:CC:A7:8B:75:43:68:F2:F9:56:63:71:49:61:06:49","sha256":"50:B5:3C:A1:44:85:22:C2:17:B4:50:A7:2F:8B:07:6F:40:E9:C2:CB:CE:75:4E:51:B5:09:C5:62:DB:34:F3:29"}}},"request":{"raw":"GET /css?family=Open+Sans:700,regular|Inter:700 HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static.bepolite.eu/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Sat, 23 Sep 2023 19:47:39 GMT\r\ndate: Sat, 23 Sep 2023 19:47:39 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1273,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"gzip compressed data, max compression\\012- data","md5":"b5463010a5876ad6dcb7ada88514569b","sha1":"12d6c1a0f8fcc4ad10f98ade464fec0c9aa11706","sha256":"0d0390415e7fd6b891ce7baec34971bca09e71161627307b8e8ca4cad97f89d0","sha512":"021c3b1f534fc1b38c333e721358dc82709512b29a9e58fe28d7132f601b1cd6ee31fb999d2411795f53ce49034aded87b39341959eadc471eaebdb63138252d","ssdeep":"","tlshash":"8c21e79ea838ccc1d4076fb042b4c63e79525a4e0f92d953c01ea748909c24d0625d9e","first_seen":"2023-09-23T21:48:03Z","last_seen":"2023-09-23T21:48:03Z","times_seen":1,"resource_available":false,"data":null}},"time_used":217,"timings":{"blocked":99,"dns":5,"connect":9,"send":0,"wait":21,"receive":0,"ssl":81},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.bepolite.eu/banners/90ac743b-5183-4800-8e6d-04f4da7f04db/char.svg","fqdn":"static.bepolite.eu","domain":"bepolite.eu","tld":"eu"},"ip":{"addr":"212.47.222.20","port":443,"asn":3327,"as":"CITIC Telecom CPC Netherlands B.V.","country":"Estonia","country_code":"EE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://static.bepolite.eu/banners/90ac743b-5183-4800-8e6d-04f4da7f04db/index.html?click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttps%253A%252F%252Fomegalaen.ee%252F\u0026dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D\u0026f=https%3A%2F%2Fstatic.bepolite.eu%2Fbanners%2F90ac743b-5183-4800-8e6d-04f4da7f04db%2Findex.html\u0026clink=https%3A%2F%2Fomegalaen.ee%2F\u0026banner_id=01f29e526a8840cb8c6ba9cd7a9e949950dd7b0f4105441f8f6018cc3fcb090c\u0026bg=transparent\u0026w=1000\u0026h=400\u0026locale=Display%20Estonia-EST\u0026info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner","date":"2023-09-23T19:47:39.800Z","timestamp":1695498459800,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static.bepolite.eu","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Mon, 04 Sep 2023 21:06:47 GMT","end":"Sun, 03 Dec 2023 21:06:46 GMT"},"fingerprint":{"sha1":"B7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD","sha256":"E6:B8:D8:CD:C4:AF:99:B8:FE:AA:BC:4E:7A:2B:BA:32:A0:C0:A7:49:70:CE:35:CA:6C:01:D2:B9:1A:97:CD:30"}}},"request":{"raw":"GET /banners/90ac743b-5183-4800-8e6d-04f4da7f04db/char.svg HTTP/1.1\r\nHost: static.bepolite.eu\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static.bepolite.eu/banners/90ac743b-5183-4800-8e6d-04f4da7f04db/index.html?click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttps%253A%252F%252Fomegalaen.ee%252F\u0026dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D\u0026f=https%3A%2F%2Fstatic.bepolite.eu%2Fbanners%2F90ac743b-5183-4800-8e6d-04f4da7f04db%2Findex.html\u0026clink=https%3A%2F%2Fomegalaen.ee%2F\u0026banner_id=01f29e526a8840cb8c6ba9cd7a9e949950dd7b0f4105441f8f6018cc3fcb090c\u0026bg=transparent\u0026w=1000\u0026h=400\u0026locale=Display%20Estonia-EST\u0026info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/svg+xml\r\naccept-ranges: bytes\r\netag: \"3892406339\"\r\nlast-modified: Tue, 05 Sep 2023 09:39:01 GMT\r\ncontent-length: 11856\r\ndate: Sat, 23 Sep 2023 19:47:24 GMT\r\ncache-control: must-revalidate, private\r\nexpires: -1\r\np3p: CP='BePolite does not have a P3P policy'\r\nx-varnish: 523264843\r\nage: 0\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":11856,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image\\012- HTML document, ASCII text, with very long lines (11856), with no line terminators","md5":"dc6c3ed3f12f3b937849ead538b8dcea","sha1":"f6663c701a70ce85f5ebb9550694f76540626aa9","sha256":"bb89e5bfb7a54cc14c000fe4c79e97675bbcf726026838b229777fb235bc7acf","sha512":"7a32f9c8350cf79f24f6abdb91db054e8dcaa9052217dc16a546b616aa2de355be9aaea33a3849052982ff2c5f087fa385ee8323c3bea64f3e14b4663a22cbff","ssdeep":"","tlshash":"","first_seen":"2023-07-01T01:44:25Z","last_seen":"2023-09-23T21:48:03Z","times_seen":1,"resource_available":false,"data":null}},"time_used":29,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":28,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"ocsp.pki.goog/gts1c3","fqdn":"ocsp.pki.goog","domain":"pki.goog","tld":"goog"},"ip":{"addr":"142.250.74.131","port":0,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2023-09-23T19:47:39.832297444Z","timestamp":1695498459832,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST /gts1c3 HTTP/1.1\r\nHost: ocsp.pki.goog\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 83\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Type: application/ocsp-response\r\nDate: Sat, 23 Sep 2023 19:47:39 GMT\r\nCache-Control: public, max-age=14400\r\nServer: ocsp_responder\r\nContent-Length: 471\r\nX-XSS-Protection: 0\r\nX-Frame-Options: SAMEORIGIN\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":471,"size_decoded":0,"mime_type":"application/octet-stream","magic":"data","md5":"23ee71f34a80feec27e23d99ecada83e","sha1":"62f4c8dcc03187e2bdcdfa76dc732d4eebde5cc1","sha256":"429bd03ec19810ed389955d166c98e62d9850e52160fbec3dd27da2cc30200fe","sha512":"f5b795c9980fc1b0b499b839ca74cc620451bed3e9c1be9608a5a0f9035bd0839811de0693044b1509455f7c933ae103c7b552852d3aa8420f4a110d6b473a76","ssdeep":"","tlshash":"f0f05c0d0f7a3a409423c11c89f53e342e0238ec268ac1623c7c0a88a3122fa0a684bc","first_seen":"2023-09-23T18:01:56Z","last_seen":"2023-09-24T23:02:22Z","times_seen":1986,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.bepolite.eu/banners/90ac743b-5183-4800-8e6d-04f4da7f04db/Omega_Laen_Vertical_White.svg","fqdn":"static.bepolite.eu","domain":"bepolite.eu","tld":"eu"},"ip":{"addr":"212.47.222.20","port":443,"asn":3327,"as":"CITIC Telecom CPC Netherlands B.V.","country":"Estonia","country_code":"EE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://static.bepolite.eu/banners/90ac743b-5183-4800-8e6d-04f4da7f04db/index.html?click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttps%253A%252F%252Fomegalaen.ee%252F\u0026dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D\u0026f=https%3A%2F%2Fstatic.bepolite.eu%2Fbanners%2F90ac743b-5183-4800-8e6d-04f4da7f04db%2Findex.html\u0026clink=https%3A%2F%2Fomegalaen.ee%2F\u0026banner_id=01f29e526a8840cb8c6ba9cd7a9e949950dd7b0f4105441f8f6018cc3fcb090c\u0026bg=transparent\u0026w=1000\u0026h=400\u0026locale=Display%20Estonia-EST\u0026info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner","date":"2023-09-23T19:47:39.803Z","timestamp":1695498459803,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static.bepolite.eu","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Mon, 04 Sep 2023 21:06:47 GMT","end":"Sun, 03 Dec 2023 21:06:46 GMT"},"fingerprint":{"sha1":"B7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD","sha256":"E6:B8:D8:CD:C4:AF:99:B8:FE:AA:BC:4E:7A:2B:BA:32:A0:C0:A7:49:70:CE:35:CA:6C:01:D2:B9:1A:97:CD:30"}}},"request":{"raw":"GET /banners/90ac743b-5183-4800-8e6d-04f4da7f04db/Omega_Laen_Vertical_White.svg HTTP/1.1\r\nHost: static.bepolite.eu\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static.bepolite.eu/banners/90ac743b-5183-4800-8e6d-04f4da7f04db/index.html?click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttps%253A%252F%252Fomegalaen.ee%252F\u0026dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D\u0026f=https%3A%2F%2Fstatic.bepolite.eu%2Fbanners%2F90ac743b-5183-4800-8e6d-04f4da7f04db%2Findex.html\u0026clink=https%3A%2F%2Fomegalaen.ee%2F\u0026banner_id=01f29e526a8840cb8c6ba9cd7a9e949950dd7b0f4105441f8f6018cc3fcb090c\u0026bg=transparent\u0026w=1000\u0026h=400\u0026locale=Display%20Estonia-EST\u0026info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/svg+xml\r\naccept-ranges: bytes\r\netag: \"1956378409\"\r\nlast-modified: Tue, 05 Sep 2023 09:39:01 GMT\r\ncontent-length: 2288\r\ndate: Sat, 23 Sep 2023 19:39:37 GMT\r\ncache-control: must-revalidate, private\r\nexpires: -1\r\np3p: CP='BePolite does not have a P3P policy'\r\nx-varnish: 522938898\r\nage: 0\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2288,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image\\012- XML 1.0 document text\\012- XML document text\\012- HTML document text\\012- exported SGML document, ASCII text, with CRLF line terminators","md5":"053652d336b24bdd3dd67ab6e6964196","sha1":"17f4bb55b930f590db157b2c76efe63dc46cf456","sha256":"c2ffb1ae9a4ad9e762ea71c86ec4c5b7a418fef992fdb1b24e2501ec84a2b489","sha512":"3a006cdbb11dcdeba4b74af9d02bd265e892e87ec49a73957af8e403ed7e78cffe8593e3d8e5084c5c020655e42c338c9a0dd99258c8f7d4191e349fe5986174","ssdeep":"","tlshash":"","first_seen":"2023-07-01T01:44:25Z","last_seen":"2023-11-01T13:54:08Z","times_seen":2,"resource_available":false,"data":null}},"time_used":29,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":29,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pogothere.xyz/asd100.bin","fqdn":"pogothere.xyz","domain":"pogothere.xyz","tld":"xyz"},"ip":{"addr":"172.64.132.29","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error","date":"2023-09-23T19:47:38.080Z","timestamp":1695498458080,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sni.cloudflaressl.com","organization":"Cloudflare, Inc."},"issuer":{"commonName":"Cloudflare Inc ECC CA-3","organization":"Cloudflare, Inc."},"validity":{"start":"Tue, 28 Feb 2023 00:00:00 GMT","end":"Tue, 27 Feb 2024 23:59:59 GMT"},"fingerprint":{"sha1":"17:F9:2D:6F:B5:5E:5F:37:A6:FB:BE:61:4F:97:64:33:85:5C:3A:FB","sha256":"09:91:FB:E4:53:65:EC:A7:C4:6B:EB:F6:E2:94:A5:09:45:6F:FC:DC:B1:B4:E4:67:80:61:7A:EE:7F:81:DD:45"}}},"request":{"raw":"GET /asd100.bin HTTP/1.1\r\nHost: pogothere.xyz\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.upload.ee/\r\nOrigin: https://www.upload.ee\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 23 Sep 2023 19:47:38 GMT\r\ncontent-type: binary/octet-stream\r\naccess-control-allow-origin: https://www.upload.ee\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET\r\naccess-control-allow-headers: X-Requested-With, content-type\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nage: 5236\r\nlast-modified: Sat, 23 Sep 2023 18:20:22 GMT\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=PC0lZRh3MvQvf7kOPwPWgbCssj0fVXR7N4dPnPZLcEZoo9fy3O8T2wp9nUp15N%2Ff7AMs6sIflkcNoUowBAsl51foH6i3XdHwvGqJB1de%2FPkwomERpSbqIj0m%2Fush%2Fsgt\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\ncf-ray: 80b54cf23f667792-LHR\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":103211,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"eb7c9a2df719d621f944eb6d0ca4ee0f","sha1":"80f8eb258b9bc882a760d24c401eb8cee6d37f0e","sha256":"1a0591c695dc4a63e50405e8877d14e054297c78cee7c04878e7a333f54a10af","sha512":"782d9a59f2b7aa82a31de492a7a704a538ec08c3887f7fa9a25cd6ed99d73bfe1b6e3285d0ad7f051485a3639e666b13f79db2c7e63a1d8f4e31ef96efb1bd3f","ssdeep":"24:2d/E1sHNwJKKz7PWIWEkAQSbjydB8SLby2:c/UsOJKWWJEkA9P684j","tlshash":"afa308597388ee3ddce69478c78fd98152a27047e20a40c47bdbae55870e422f4016b4","first_seen":"2023-09-23T21:48:03Z","last_seen":"2023-11-01T13:54:08Z","times_seen":2,"resource_available":false,"data":null}},"time_used":290,"timings":{"blocked":84,"dns":10,"connect":31,"send":0,"wait":100,"receive":0,"ssl":59},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"216.58.207.227","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://static.bepolite.eu/banners/90ac743b-5183-4800-8e6d-04f4da7f04db/index.html?click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttps%253A%252F%252Fomegalaen.ee%252F\u0026dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D\u0026f=https%3A%2F%2Fstatic.bepolite.eu%2Fbanners%2F90ac743b-5183-4800-8e6d-04f4da7f04db%2Findex.html\u0026clink=https%3A%2F%2Fomegalaen.ee%2F\u0026banner_id=01f29e526a8840cb8c6ba9cd7a9e949950dd7b0f4105441f8f6018cc3fcb090c\u0026bg=transparent\u0026w=1000\u0026h=400\u0026locale=Display%20Estonia-EST\u0026info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner","date":"2023-09-23T19:47:39.768Z","timestamp":1695498459768,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"GTS CA 1C3","organization":"Google Trust Services LLC"},"validity":{"start":"Mon, 04 Sep 2023 08:23:09 GMT","end":"Mon, 27 Nov 2023 08:23:08 GMT"},"fingerprint":{"sha1":"3D:35:56:30:C0:0F:0C:7F:20:BA:7D:A8:48:DB:24:1B:15:F5:48:27","sha256":"2D:71:20:8C:6F:80:7F:93:DE:F1:2D:E6:33:57:44:66:64:E6:66:99:96:53:79:81:69:DA:41:3F:A0:0A:B2:C4"}}},"request":{"raw":"GET /s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://static.bepolite.eu\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 48432\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Tue, 19 Sep 2023 09:00:39 GMT\r\nexpires: Wed, 18 Sep 2024 09:00:39 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Thu, 14 Sep 2023 00:40:31 GMT\r\ncontent-type: font/woff2\r\nage: 384420\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":48432,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48432, version 1.0\\012- data","md5":"e2d74c5e631bc53a7240bbfe4be99c8f","sha1":"eb513857bb01cc4f7249067fc7e969bef415fc90","sha256":"9b1b9d7cb74a9923d83f36f0026f421940b861fd6e1a51b8f79af45492ed4ed5","sha512":"ce26a692dbae0d0a5a0ccda9d5e10b0bd135d104428beddee0edaf7da6961f9dbf27bae19130cfd11564f2acfdc414559bb8c918cfe459d7a7fae44abb5fe1b8","ssdeep":"768:XB5SYCg36D2GCHVDsCemwehTeQoAcJT7T7R+CAJ+PK3ZDK/4zJ9KDsg48rmBk1jm:XB7u2GApMwhTHoA2T7RLPKJ+AzJ9KVxG","tlshash":"7923f26b7522b9c814766679fb8331e814e7386844f93e114236b3ac752adf7d3d8708","first_seen":"2023-09-15T00:42:09Z","last_seen":"2026-05-19T22:31:21.967696Z","times_seen":31992,"resource_available":false,"data":null}},"time_used":179,"timings":{"blocked":61,"dns":2,"connect":9,"send":0,"wait":35,"receive":24,"ssl":41},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/inter/v13/UcCO3FwrK3iLTeHuS_fvQtMwCp50KnMw2boKoduKmMEVuFuYAZ9hiA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"216.58.207.227","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://static.bepolite.eu/banners/90ac743b-5183-4800-8e6d-04f4da7f04db/index.html?click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttps%253A%252F%252Fomegalaen.ee%252F\u0026dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D\u0026f=https%3A%2F%2Fstatic.bepolite.eu%2Fbanners%2F90ac743b-5183-4800-8e6d-04f4da7f04db%2Findex.html\u0026clink=https%3A%2F%2Fomegalaen.ee%2F\u0026banner_id=01f29e526a8840cb8c6ba9cd7a9e949950dd7b0f4105441f8f6018cc3fcb090c\u0026bg=transparent\u0026w=1000\u0026h=400\u0026locale=Display%20Estonia-EST\u0026info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner","date":"2023-09-23T19:47:39.769Z","timestamp":1695498459769,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"GTS CA 1C3","organization":"Google Trust Services LLC"},"validity":{"start":"Mon, 04 Sep 2023 08:23:09 GMT","end":"Mon, 27 Nov 2023 08:23:08 GMT"},"fingerprint":{"sha1":"3D:35:56:30:C0:0F:0C:7F:20:BA:7D:A8:48:DB:24:1B:15:F5:48:27","sha256":"2D:71:20:8C:6F:80:7F:93:DE:F1:2D:E6:33:57:44:66:64:E6:66:99:96:53:79:81:69:DA:41:3F:A0:0A:B2:C4"}}},"request":{"raw":"GET /s/inter/v13/UcCO3FwrK3iLTeHuS_fvQtMwCp50KnMw2boKoduKmMEVuFuYAZ9hiA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://static.bepolite.eu\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 22904\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Tue, 19 Sep 2023 14:09:00 GMT\r\nexpires: Wed, 18 Sep 2024 14:09:00 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Wed, 13 Sep 2023 23:50:43 GMT\r\ncontent-type: font/woff2\r\nage: 365919\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":22904,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 22904, version 1.0\\012- data","md5":"2a4c97ec45ef9f6d47fb0e7cd47ae67c","sha1":"4b7c2b478c629a59e8a0abee34feba0654392c66","sha256":"7b43cb86a0e63bbb55376b4ea60d8cc9527a1421c367aa09962725e0c5140f5f","sha512":"749ce9fcc89b8d8a68be776243b81afeaa95ef709d1eaa6cb7810e7185ee189bba8ab03007502d4c0241ef81a9acdabff080a3ba83ae4e4d90ba7c399aeff9f2","ssdeep":"384:RbQOAHv52MrCSIw2T5tTxlWNSIdlcJUyILWutoIMd/fAWKZjj7Igiel:+P/rC4aTxTdUrLWutFMjKZjjQa","tlshash":"8da2d0a62a0f785a91a01ab93c4f84eecf5fad5222cb5ddec43036ba205d0d97f142c1","first_seen":"2023-09-23T21:48:03Z","last_seen":"2026-05-19T18:57:57.014739Z","times_seen":1528,"resource_available":false,"data":null}},"time_used":151,"timings":{"blocked":58,"dns":2,"connect":7,"send":0,"wait":34,"receive":1,"ssl":45},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.bepolite.eu/banners/90ac743b-5183-4800-8e6d-04f4da7f04db/bg_1000x400.jpg","fqdn":"static.bepolite.eu","domain":"bepolite.eu","tld":"eu"},"ip":{"addr":"212.47.222.20","port":443,"asn":3327,"as":"CITIC Telecom CPC Netherlands B.V.","country":"Estonia","country_code":"EE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://static.bepolite.eu/banners/90ac743b-5183-4800-8e6d-04f4da7f04db/index.html?click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttps%253A%252F%252Fomegalaen.ee%252F\u0026dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D\u0026f=https%3A%2F%2Fstatic.bepolite.eu%2Fbanners%2F90ac743b-5183-4800-8e6d-04f4da7f04db%2Findex.html\u0026clink=https%3A%2F%2Fomegalaen.ee%2F\u0026banner_id=01f29e526a8840cb8c6ba9cd7a9e949950dd7b0f4105441f8f6018cc3fcb090c\u0026bg=transparent\u0026w=1000\u0026h=400\u0026locale=Display%20Estonia-EST\u0026info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner","date":"2023-09-23T19:47:39.807Z","timestamp":1695498459807,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static.bepolite.eu","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Mon, 04 Sep 2023 21:06:47 GMT","end":"Sun, 03 Dec 2023 21:06:46 GMT"},"fingerprint":{"sha1":"B7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD","sha256":"E6:B8:D8:CD:C4:AF:99:B8:FE:AA:BC:4E:7A:2B:BA:32:A0:C0:A7:49:70:CE:35:CA:6C:01:D2:B9:1A:97:CD:30"}}},"request":{"raw":"GET /banners/90ac743b-5183-4800-8e6d-04f4da7f04db/bg_1000x400.jpg HTTP/1.1\r\nHost: static.bepolite.eu\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static.bepolite.eu/banners/90ac743b-5183-4800-8e6d-04f4da7f04db/index.html?click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttps%253A%252F%252Fomegalaen.ee%252F\u0026dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D\u0026f=https%3A%2F%2Fstatic.bepolite.eu%2Fbanners%2F90ac743b-5183-4800-8e6d-04f4da7f04db%2Findex.html\u0026clink=https%3A%2F%2Fomegalaen.ee%2F\u0026banner_id=01f29e526a8840cb8c6ba9cd7a9e949950dd7b0f4105441f8f6018cc3fcb090c\u0026bg=transparent\u0026w=1000\u0026h=400\u0026locale=Display%20Estonia-EST\u0026info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/jpeg\r\naccept-ranges: bytes\r\netag: \"1343496848\"\r\nlast-modified: Tue, 05 Sep 2023 09:39:01 GMT\r\ncontent-length: 108702\r\ndate: Sat, 23 Sep 2023 19:47:24 GMT\r\ncache-control: must-revalidate, private\r\nexpires: -1\r\np3p: CP='BePolite does not have a P3P policy'\r\nx-varnish: 524458677\r\nage: 0\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":108702,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1000x400, components 3\\012- data","md5":"f035c8d2acee30514370298cec419134","sha1":"20c2db7309634a6ab09d4eed83b16fef64ef5697","sha256":"e617333cb73e167526505fe1c592ced7c933bc6aa7db36102cd9fa503093f096","sha512":"c14358cbb8fa45dedf934ae47706025a40e94fbdf72812aff51a2db87bffa3d28a77191cd2f0a7d71b1a64616886f75bbf51a04ddb55f485173029e31f66ab86","ssdeep":"","tlshash":"","first_seen":"2023-09-23T21:48:03Z","last_seen":"2023-09-23T21:48:03Z","times_seen":1,"resource_available":false,"data":null}},"time_used":78,"timings":{"blocked":15,"dns":0,"connect":0,"send":0,"wait":31,"receive":32,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"216.58.207.227","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://static.bepolite.eu/banners/90ac743b-5183-4800-8e6d-04f4da7f04db/index.html?click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttps%253A%252F%252Fomegalaen.ee%252F\u0026dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D\u0026f=https%3A%2F%2Fstatic.bepolite.eu%2Fbanners%2F90ac743b-5183-4800-8e6d-04f4da7f04db%2Findex.html\u0026clink=https%3A%2F%2Fomegalaen.ee%2F\u0026banner_id=01f29e526a8840cb8c6ba9cd7a9e949950dd7b0f4105441f8f6018cc3fcb090c\u0026bg=transparent\u0026w=1000\u0026h=400\u0026locale=Display%20Estonia-EST\u0026info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner","date":"2023-09-23T19:47:39.768Z","timestamp":1695498459768,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"GTS CA 1C3","organization":"Google Trust Services LLC"},"validity":{"start":"Mon, 04 Sep 2023 08:23:09 GMT","end":"Mon, 27 Nov 2023 08:23:08 GMT"},"fingerprint":{"sha1":"3D:35:56:30:C0:0F:0C:7F:20:BA:7D:A8:48:DB:24:1B:15:F5:48:27","sha256":"2D:71:20:8C:6F:80:7F:93:DE:F1:2D:E6:33:57:44:66:64:E6:66:99:96:53:79:81:69:DA:41:3F:A0:0A:B2:C4"}}},"request":{"raw":"GET /s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://static.bepolite.eu\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 48432\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Tue, 19 Sep 2023 09:00:39 GMT\r\nexpires: Wed, 18 Sep 2024 09:00:39 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Thu, 14 Sep 2023 00:40:31 GMT\r\ncontent-type: font/woff2\r\nage: 384420\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":48432,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48432, version 1.0\\012- data","md5":"e2d74c5e631bc53a7240bbfe4be99c8f","sha1":"eb513857bb01cc4f7249067fc7e969bef415fc90","sha256":"9b1b9d7cb74a9923d83f36f0026f421940b861fd6e1a51b8f79af45492ed4ed5","sha512":"ce26a692dbae0d0a5a0ccda9d5e10b0bd135d104428beddee0edaf7da6961f9dbf27bae19130cfd11564f2acfdc414559bb8c918cfe459d7a7fae44abb5fe1b8","ssdeep":"768:XB5SYCg36D2GCHVDsCemwehTeQoAcJT7T7R+CAJ+PK3ZDK/4zJ9KDsg48rmBk1jm:XB7u2GApMwhTHoA2T7RLPKJ+AzJ9KVxG","tlshash":"7923f26b7522b9c814766679fb8331e814e7386844f93e114236b3ac752adf7d3d8708","first_seen":"2023-09-15T00:42:09Z","last_seen":"2026-05-19T22:31:21.967696Z","times_seen":31992,"resource_available":false,"data":null}},"time_used":179,"timings":{"blocked":61,"dns":2,"connect":9,"send":0,"wait":35,"receive":24,"ssl":41},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"ocsp.pki.goog/gts1c3","fqdn":"ocsp.pki.goog","domain":"pki.goog","tld":"goog"},"ip":{"addr":"142.250.74.131","port":0,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2023-09-23T19:47:39.931926467Z","timestamp":1695498459931,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST /gts1c3 HTTP/1.1\r\nHost: ocsp.pki.goog\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 83\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Type: application/ocsp-response\r\nDate: Sat, 23 Sep 2023 19:47:39 GMT\r\nCache-Control: public, max-age=14400\r\nServer: ocsp_responder\r\nContent-Length: 471\r\nX-XSS-Protection: 0\r\nX-Frame-Options: SAMEORIGIN\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":471,"size_decoded":0,"mime_type":"application/octet-stream","magic":"data","md5":"2a9cb3694beef11368f7284821163a4d","sha1":"32d723fad91ccd0c154e5d7e489266cfe596aa61","sha256":"08cd4f8a916cab4a520c51bd519209ebe87f4898f10d1f1c968bce537c4d3916","sha512":"2718540c09d5e85a60a1212b8fc9c1974477d561a5ea37b2283d25f9937b6b856757ed4d380cbe0cd3ad747fe25787fbeeb1bc930ccf7ce28d08f7a1455d4f65","ssdeep":"","tlshash":"37f05c000cfd8c42e90cfa8a0ff4a300bbf1788d21e403880a388ac482a02a39f6c168","first_seen":"2023-09-23T00:00:37Z","last_seen":"2023-09-23T22:51:58Z","times_seen":1904,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.bepolite.eu/files/close-gray.png","fqdn":"static.bepolite.eu","domain":"bepolite.eu","tld":"eu"},"ip":{"addr":"212.47.222.20","port":443,"asn":3327,"as":"CITIC Telecom CPC Netherlands B.V.","country":"Estonia","country_code":"EE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error","date":"2023-09-23T19:47:40.436Z","timestamp":1695498460436,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static.bepolite.eu","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Mon, 04 Sep 2023 21:06:47 GMT","end":"Sun, 03 Dec 2023 21:06:46 GMT"},"fingerprint":{"sha1":"B7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD","sha256":"E6:B8:D8:CD:C4:AF:99:B8:FE:AA:BC:4E:7A:2B:BA:32:A0:C0:A7:49:70:CE:35:CA:6C:01:D2:B9:1A:97:CD:30"}}},"request":{"raw":"GET /files/close-gray.png HTTP/1.1\r\nHost: static.bepolite.eu\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.upload.ee/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\naccept-ranges: bytes\r\netag: \"801691811\"\r\nlast-modified: Fri, 08 Apr 2022 18:07:56 GMT\r\ncontent-length: 1497\r\ndate: Sat, 23 Sep 2023 19:47:25 GMT\r\ncache-control: must-revalidate, private\r\nexpires: -1\r\np3p: CP='BePolite does not have a P3P policy'\r\nx-varnish: 521216068\r\nage: 0\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1497,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 35 x 35, 8-bit/color RGBA, non-interlaced\\012- data","md5":"41d9676ab94bece3f7a549b4769ddbe2","sha1":"521f14490fc57fea51e2e5bf00e2299dce51561b","sha256":"c2f89787bda82263fceb9ec11d398fa83a5f22abf248956df29bdee2987d2f34","sha512":"9988bd18d13f38d3bfe107d116c28f896b9965de6ca0949905f47901965a356d621c1ec4b1a573dfb0ed753ccc270015419b24729b767de2d5210a73b2c3daaf","ssdeep":"","tlshash":"5d31f7f3e40c4ba3d57313928a6a7184ada3d5f230014014fcc9a90c966cf0eeaee253","first_seen":"2023-04-30T19:35:34Z","last_seen":"2024-08-21T09:18:42.702606Z","times_seen":112,"resource_available":false,"data":null}},"time_used":15,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":15,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3JlPJ1VfLis6pbW1aO9OkxxUm1HDKtuVtvHK3LBSF3v1oIeY-_03kO4NJakXTWeUra5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g","fqdn":"serving.bepolite.eu","domain":"bepolite.eu","tld":"eu"},"ip":{"addr":"212.47.222.20","port":443,"asn":3327,"as":"CITIC Telecom CPC Netherlands B.V.","country":"Estonia","country_code":"EE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error","date":"2023-09-23T19:47:40.430Z","timestamp":1695498460430,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static.bepolite.eu","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Mon, 04 Sep 2023 21:06:47 GMT","end":"Sun, 03 Dec 2023 21:06:46 GMT"},"fingerprint":{"sha1":"B7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD","sha256":"E6:B8:D8:CD:C4:AF:99:B8:FE:AA:BC:4E:7A:2B:BA:32:A0:C0:A7:49:70:CE:35:CA:6C:01:D2:B9:1A:97:CD:30"}}},"request":{"raw":"GET /event?key=FYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3JlPJ1VfLis6pbW1aO9OkxxUm1HDKtuVtvHK3LBSF3v1oIeY-_03kO4NJakXTWeUra5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g HTTP/1.1\r\nHost: serving.bepolite.eu\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.upload.ee/\r\nCookie: bepolite_id=6d7a370753010be9248465ad1424dbed\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-length: 0\r\ndate: Sat, 23 Sep 2023 19:47:24 GMT\r\np3p: CP='BePolite does not have a P3P policy'\r\nx-varnish: 524458701\r\nage: 0\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-20T09:12:38.992731Z","times_seen":15478837,"resource_available":true,"data":null}},"time_used":42,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":42,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pogothere.xyz/asd100.bin","fqdn":"pogothere.xyz","domain":"pogothere.xyz","tld":"xyz"},"ip":{"addr":"172.64.132.29","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error","date":"2023-09-23T19:47:38.080Z","timestamp":1695498458080,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sni.cloudflaressl.com","organization":"Cloudflare, Inc."},"issuer":{"commonName":"Cloudflare Inc ECC CA-3","organization":"Cloudflare, Inc."},"validity":{"start":"Tue, 28 Feb 2023 00:00:00 GMT","end":"Tue, 27 Feb 2024 23:59:59 GMT"},"fingerprint":{"sha1":"17:F9:2D:6F:B5:5E:5F:37:A6:FB:BE:61:4F:97:64:33:85:5C:3A:FB","sha256":"09:91:FB:E4:53:65:EC:A7:C4:6B:EB:F6:E2:94:A5:09:45:6F:FC:DC:B1:B4:E4:67:80:61:7A:EE:7F:81:DD:45"}}},"request":{"raw":"GET /asd100.bin HTTP/1.1\r\nHost: pogothere.xyz\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.upload.ee/\r\nOrigin: https://www.upload.ee\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 23 Sep 2023 19:47:38 GMT\r\ncontent-type: binary/octet-stream\r\naccess-control-allow-origin: https://www.upload.ee\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET\r\naccess-control-allow-headers: X-Requested-With, content-type\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nage: 5236\r\nlast-modified: Sat, 23 Sep 2023 18:20:22 GMT\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=owkOJSYrzGICNkap2ULU6hvDZZCx0DFtRU72aRdXcsH4cHvyVsLt87ixoA4zl3i7jChSD8EC86jyNvjseGaqlmkJDya3JmpKODWPVYq543P10jWLXuIuI8nqwKVcKT7O\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\ncf-ray: 80b54cf21f357792-LHR\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":102400,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"4c6426ac7ef186464ecbb0d81cbfcb1e","sha1":"5a6918eebd9d635e8f632e3ef34e3792b1b5ec13","sha256":"f627ca4c2c322f15db26152df306bd4f983f0146409b81a4341b9b340c365a16","sha512":"5f6dbea410beee80292b16df6fcc767ae6baf058ab4c38fa6a4fc72b7828374af42bd6da094eada2ad006d1a0754f9ff7bdd94c0ef9540e6651729b74fb9ea46","ssdeep":"3::","tlshash":"9ca3000000000000c00000300000000000000000000000000000000000000000000000","first_seen":"2023-04-05T04:27:22Z","last_seen":"2026-03-16T07:24:59.73574Z","times_seen":12181,"resource_available":false,"data":null}},"time_used":290,"timings":{"blocked":84,"dns":10,"connect":31,"send":0,"wait":100,"receive":0,"ssl":59},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3JlPJ1VfLis6pbW1aO9OkxxUm1HDKtuVtvHK3LBSF3v1oIeY-_03kO4NJakXTWeUra5hY8OvOxWaQQS9P0iYfnPQFkqynusZJvi-LzBjp4mA","fqdn":"serving.bepolite.eu","domain":"bepolite.eu","tld":"eu"},"ip":{"addr":"212.47.222.20","port":443,"asn":3327,"as":"CITIC Telecom CPC Netherlands B.V.","country":"Estonia","country_code":"EE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error","date":"2023-09-23T19:47:41.952Z","timestamp":1695498461952,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static.bepolite.eu","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Mon, 04 Sep 2023 21:06:47 GMT","end":"Sun, 03 Dec 2023 21:06:46 GMT"},"fingerprint":{"sha1":"B7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD","sha256":"E6:B8:D8:CD:C4:AF:99:B8:FE:AA:BC:4E:7A:2B:BA:32:A0:C0:A7:49:70:CE:35:CA:6C:01:D2:B9:1A:97:CD:30"}}},"request":{"raw":"GET /event?key=FYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3JlPJ1VfLis6pbW1aO9OkxxUm1HDKtuVtvHK3LBSF3v1oIeY-_03kO4NJakXTWeUra5hY8OvOxWaQQS9P0iYfnPQFkqynusZJvi-LzBjp4mA HTTP/1.1\r\nHost: serving.bepolite.eu\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.upload.ee/\r\nCookie: bepolite_id=6d7a370753010be9248465ad1424dbed\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-length: 0\r\ndate: Sat, 23 Sep 2023 19:47:26 GMT\r\np3p: CP='BePolite does not have a P3P policy'\r\nx-varnish: 523578068\r\nage: 0\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-20T09:12:38.992731Z","times_seen":15478837,"resource_available":true,"data":null}},"time_used":57,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":57,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnPQFkqynusZJvi-LzBjp4mA","fqdn":"serving.bepolite.eu","domain":"bepolite.eu","tld":"eu"},"ip":{"addr":"212.47.222.20","port":443,"asn":3327,"as":"CITIC Telecom CPC Netherlands B.V.","country":"Estonia","country_code":"EE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error","date":"2023-09-23T19:47:41.962Z","timestamp":1695498461962,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static.bepolite.eu","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Mon, 04 Sep 2023 21:06:47 GMT","end":"Sun, 03 Dec 2023 21:06:46 GMT"},"fingerprint":{"sha1":"B7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD","sha256":"E6:B8:D8:CD:C4:AF:99:B8:FE:AA:BC:4E:7A:2B:BA:32:A0:C0:A7:49:70:CE:35:CA:6C:01:D2:B9:1A:97:CD:30"}}},"request":{"raw":"GET /event?key=FYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnPQFkqynusZJvi-LzBjp4mA HTTP/1.1\r\nHost: serving.bepolite.eu\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.upload.ee/\r\nCookie: bepolite_id=6d7a370753010be9248465ad1424dbed\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-length: 0\r\ndate: Sat, 23 Sep 2023 19:47:26 GMT\r\np3p: CP='BePolite does not have a P3P policy'\r\nx-varnish: 523786715\r\nage: 0\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-20T09:12:38.992731Z","times_seen":15478837,"resource_available":true,"data":null}},"time_used":53,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":53,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g","fqdn":"serving.bepolite.eu","domain":"bepolite.eu","tld":"eu"},"ip":{"addr":"212.47.222.20","port":443,"asn":3327,"as":"CITIC Telecom CPC Netherlands B.V.","country":"Estonia","country_code":"EE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error","date":"2023-09-23T19:47:40.453Z","timestamp":1695498460453,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static.bepolite.eu","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Mon, 04 Sep 2023 21:06:47 GMT","end":"Sun, 03 Dec 2023 21:06:46 GMT"},"fingerprint":{"sha1":"B7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD","sha256":"E6:B8:D8:CD:C4:AF:99:B8:FE:AA:BC:4E:7A:2B:BA:32:A0:C0:A7:49:70:CE:35:CA:6C:01:D2:B9:1A:97:CD:30"}}},"request":{"raw":"GET /event?key=FYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g HTTP/1.1\r\nHost: serving.bepolite.eu\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.upload.ee/\r\nCookie: bepolite_id=6d7a370753010be9248465ad1424dbed\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-length: 0\r\ndate: Sat, 23 Sep 2023 19:47:24 GMT\r\np3p: CP='BePolite does not have a P3P policy'\r\nx-varnish: 524361011\r\nage: 0\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-20T09:12:38.992731Z","times_seen":15478837,"resource_available":true,"data":null}},"time_used":62,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":54,"receive":8,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.bepolite.eu/banners/90ac743b-5183-4800-8e6d-04f4da7f04db/arrows.svg","fqdn":"static.bepolite.eu","domain":"bepolite.eu","tld":"eu"},"ip":{"addr":"212.47.222.20","port":443,"asn":3327,"as":"CITIC Telecom CPC Netherlands B.V.","country":"Estonia","country_code":"EE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://static.bepolite.eu/banners/90ac743b-5183-4800-8e6d-04f4da7f04db/index.html?click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttps%253A%252F%252Fomegalaen.ee%252F\u0026dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D\u0026f=https%3A%2F%2Fstatic.bepolite.eu%2Fbanners%2F90ac743b-5183-4800-8e6d-04f4da7f04db%2Findex.html\u0026clink=https%3A%2F%2Fomegalaen.ee%2F\u0026banner_id=01f29e526a8840cb8c6ba9cd7a9e949950dd7b0f4105441f8f6018cc3fcb090c\u0026bg=transparent\u0026w=1000\u0026h=400\u0026locale=Display%20Estonia-EST\u0026info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner","date":"2023-09-23T19:47:39.806Z","timestamp":1695498459806,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static.bepolite.eu","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Mon, 04 Sep 2023 21:06:47 GMT","end":"Sun, 03 Dec 2023 21:06:46 GMT"},"fingerprint":{"sha1":"B7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD","sha256":"E6:B8:D8:CD:C4:AF:99:B8:FE:AA:BC:4E:7A:2B:BA:32:A0:C0:A7:49:70:CE:35:CA:6C:01:D2:B9:1A:97:CD:30"}}},"request":{"raw":"GET /banners/90ac743b-5183-4800-8e6d-04f4da7f04db/arrows.svg HTTP/1.1\r\nHost: static.bepolite.eu\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static.bepolite.eu/banners/90ac743b-5183-4800-8e6d-04f4da7f04db/index.html?click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttps%253A%252F%252Fomegalaen.ee%252F\u0026dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D\u0026f=https%3A%2F%2Fstatic.bepolite.eu%2Fbanners%2F90ac743b-5183-4800-8e6d-04f4da7f04db%2Findex.html\u0026clink=https%3A%2F%2Fomegalaen.ee%2F\u0026banner_id=01f29e526a8840cb8c6ba9cd7a9e949950dd7b0f4105441f8f6018cc3fcb090c\u0026bg=transparent\u0026w=1000\u0026h=400\u0026locale=Display%20Estonia-EST\u0026info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/svg+xml\r\naccept-ranges: bytes\r\netag: \"4252441424\"\r\nlast-modified: Tue, 05 Sep 2023 09:39:01 GMT\r\ncontent-length: 811\r\ndate: Sat, 23 Sep 2023 19:47:04 GMT\r\ncache-control: must-revalidate, private\r\nexpires: -1\r\np3p: CP='BePolite does not have a P3P policy'\r\nx-varnish: 523092204\r\nage: 0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":811,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image\\012- XML document text\\012- HTML document, ASCII text, with very long lines (843), with no line terminators","md5":"7bd33541948f2c22822e66a34c541c4b","sha1":"f4872ffb542f4c30dc15fcd54c8c21de184b40f5","sha256":"d5a23a1b5287eda22529d7665e13a46a26322908ba69ed7d9edadd28c3fa96f0","sha512":"159d3ece7fe65ed83bde519e721fca5bbed8ac8eac9bef79cdff93968c6f602115c7af1767c668699de316adb3d4cd3873bba267396eff4bfbb3f7dc71664e69","ssdeep":"","tlshash":"","first_seen":"2023-09-23T21:48:03Z","last_seen":"2023-09-23T21:48:03Z","times_seen":1,"resource_available":false,"data":null}},"time_used":46,"timings":{"blocked":14,"dns":0,"connect":0,"send":0,"wait":16,"receive":16,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gourgoldpieceso.com/popunder.gif","fqdn":"gourgoldpieceso.com","domain":"gourgoldpieceso.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"Colombia","country_code":"CO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error","date":"2023-09-23T19:47:38.117Z","timestamp":1695498458117,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gourgoldpieceso.com","organization":""},"issuer":{"commonName":"GTS CA 1P5","organization":"Google Trust Services LLC"},"validity":{"start":"Wed, 13 Sep 2023 06:21:57 GMT","end":"Tue, 12 Dec 2023 06:21:56 GMT"},"fingerprint":{"sha1":"2F:6C:A4:39:D1:55:B5:C3:E1:69:AB:2B:9A:94:A6:6C:EA:FB:0A:F9","sha256":"D6:98:E1:E4:C0:02:1D:9E:7C:57:DC:A2:52:E1:A1:4A:06:7B:A3:7F:DB:DA:36:2D:42:66:DF:9A:E5:1E:2E:80"}}},"request":{"raw":"GET /popunder.gif HTTP/1.1\r\nHost: gourgoldpieceso.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.upload.ee/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 23 Sep 2023 19:47:37 GMT\r\ncontent-type: image/gif\r\naccess-control-allow-origin: *\r\npragma: public\r\ncache-control: public, max-age=604800, immutable\r\ncf-cache-status: HIT\r\nage: 12162\r\nlast-modified: Sat, 23 Sep 2023 16:24:55 GMT\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=Fla6xi1M2GD27pLo3CGEfvJ%2BsxUcIWeL0KodK1RGJVp0BIJxRO00BrIh2thxcXxpsxBIs0JGdggQ3A1u%2BsJeps7hwAsK0wDSyz61R9DIciuAWzNcglja0KY1k4d9MTCwAmKlDXFn\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\ncf-ray: 80b54cf1cf11b512-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":35,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1\\012- data","md5":"28d6814f309ea289f847c69cf91194c6","sha1":"0f4e929dd5bb2564f7ab9c76338e04e292a42ace","sha256":"8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015","sha512":"1d68b92e8d822fe82dc7563edd7b37f3418a02a89f1a9f0454cca664c2fc2565235e0d85540ff9be0b20175be3f5b7b4eae1175067465d5cca13486aab4c582c","ssdeep":"","tlshash":"be800003c280c002c2a2c0308e08ca802a8ab0a08a28030fb0ec3baafc2a2a20c00000","first_seen":"2023-04-05T07:36:27Z","last_seen":"2026-05-20T08:36:38.817791Z","times_seen":47867,"resource_available":true,"data":null}},"time_used":25,"timings":{"blocked":7,"dns":0,"connect":0,"send":0,"wait":18,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pogothere.xyz/","fqdn":"pogothere.xyz","domain":"pogothere.xyz","tld":"xyz"},"ip":{"addr":"172.64.132.29","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error","date":"2023-09-23T19:47:38.083Z","timestamp":1695498458083,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sni.cloudflaressl.com","organization":"Cloudflare, Inc."},"issuer":{"commonName":"Cloudflare Inc ECC CA-3","organization":"Cloudflare, Inc."},"validity":{"start":"Tue, 28 Feb 2023 00:00:00 GMT","end":"Tue, 27 Feb 2024 23:59:59 GMT"},"fingerprint":{"sha1":"17:F9:2D:6F:B5:5E:5F:37:A6:FB:BE:61:4F:97:64:33:85:5C:3A:FB","sha256":"09:91:FB:E4:53:65:EC:A7:C4:6B:EB:F6:E2:94:A5:09:45:6F:FC:DC:B1:B4:E4:67:80:61:7A:EE:7F:81:DD:45"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: pogothere.xyz\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.upload.ee/\r\nOrigin: https://www.upload.ee\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 23 Sep 2023 19:47:38 GMT\r\ncontent-type: text/plain\r\nset-cookie: csu=1009692590656639@1@1695498458; Max-Age=31104000; Secure; SameSite=None\r\naccess-control-allow-origin: https://www.upload.ee\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET\r\naccess-control-allow-headers: X-Requested-With, content-type\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=KgbNkHRcw0kGWZPd4u3%2BTChBMN4sq4zje2JP442Xt69TVkp72Ctz%2B5qiDlPlr9iDKVrJRrRS8I0xQx4%2B1LFI7OKv8IV6eU8Pl%2B%2B3voQQAEFmILwiCDAjEH1T2zxQdFgY\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 80b54cf22f497792-LHR\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":27,"size_decoded":0,"mime_type":"text/plain","magic":"ASCII text, with no line terminators","md5":"c6d64e8a337d6e148cf37b0c58c10e28","sha1":"1ffcdd8ce5cfc540bdb6b47d8135947161f6dc69","sha256":"9aa4bd64de0272a5287a6166fd42172769a11fb64b9f6e879310f00e1a820ea0","sha512":"7f50cb544a91c78abf034b6d465c44a1f7645474269bcb88a888c80480e56b4ed6ce15e3d449cce9d19393ea588ec6cd7f3a5e892ce3f062edb639af750d17c0","ssdeep":"","tlshash":"d48000e8303228330a8022088a3200b08880a0af002800a0220202b0003a320020e803","first_seen":"2023-09-23T21:48:03Z","last_seen":"2023-09-23T21:48:03Z","times_seen":1,"resource_available":false,"data":null}},"time_used":369,"timings":{"blocked":89,"dns":2,"connect":44,"send":0,"wait":177,"receive":0,"ssl":47},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pogothere.xyz/","fqdn":"pogothere.xyz","domain":"pogothere.xyz","tld":"xyz"},"ip":{"addr":"172.64.132.29","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error","date":"2023-09-23T19:47:38.093Z","timestamp":1695498458093,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sni.cloudflaressl.com","organization":"Cloudflare, Inc."},"issuer":{"commonName":"Cloudflare Inc ECC CA-3","organization":"Cloudflare, Inc."},"validity":{"start":"Tue, 28 Feb 2023 00:00:00 GMT","end":"Tue, 27 Feb 2024 23:59:59 GMT"},"fingerprint":{"sha1":"17:F9:2D:6F:B5:5E:5F:37:A6:FB:BE:61:4F:97:64:33:85:5C:3A:FB","sha256":"09:91:FB:E4:53:65:EC:A7:C4:6B:EB:F6:E2:94:A5:09:45:6F:FC:DC:B1:B4:E4:67:80:61:7A:EE:7F:81:DD:45"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: pogothere.xyz\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.upload.ee/\r\nOrigin: https://www.upload.ee\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 23 Sep 2023 19:47:38 GMT\r\ncontent-type: text/plain\r\nset-cookie: csu=958161715269030@1@1695498458; Max-Age=31104000; Secure; SameSite=None\r\naccess-control-allow-origin: https://www.upload.ee\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET\r\naccess-control-allow-headers: X-Requested-With, content-type\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=CviQ30WTn%2F7EYVNabWJA0pTEvPDHiYdcKr7%2F4MEXrTFfyDIUuJCbSBI16TRq1oZafaaYA%2BJQvrbM9sUGvLly11Xoa6qC%2BsCFQZCu5hu5oItHb4TT92j4fs7J3%2B9lIj9P\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 80b54cf21f307792-LHR\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":26,"size_decoded":0,"mime_type":"text/plain","magic":"ASCII text, with no line terminators","md5":"eada80cd984ead5a31d689922af75965","sha1":"af6fde03ffa568b477c297c4c32aa59b521bbb04","sha256":"33cd3f9cbca59e126157198e0d957105c44fd1f69b1fe59817bc741fa8f0af27","sha512":"8d82a3ced0f36a482680ec763839542a78e4bf11f05d49488662dd65ca2ec283d7b9d922438aa8adbf28f8d741cb02574bafe1119ff44070b70e7e5d0e84a20a","ssdeep":"","tlshash":"5c8000e230f00a020c8c200a32230cb00220a02f2a20802023880a08002e320000a003","first_seen":"2023-09-23T21:48:03Z","last_seen":"2023-09-23T21:48:03Z","times_seen":1,"resource_available":false,"data":null}},"time_used":344,"timings":{"blocked":69,"dns":11,"connect":32,"send":0,"wait":169,"receive":0,"ssl":56},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico\u0026hl=en\u0026ifkv=AYZoVhdfjNjuu2iAIXBzr9FthCt5M6NSfUCI5IQq839DI5VRUwj0Ap5VVWl3cMiYiSnjK_oQoygh\u0026passive=true\u0026service=youtube\u0026uilel=3\u0026flowName=GlifWebSignIn\u0026flowEntry=ServiceLogin\u0026dsh=S-1929026816%3A1695498458204218\u0026theme=glif","fqdn":"accounts.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"142.250.74.109","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error","date":"2023-09-23T19:47:38.509Z","timestamp":1695498458509,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google.com","organization":""},"issuer":{"commonName":"GTS CA 1C3","organization":"Google Trust Services LLC"},"validity":{"start":"Mon, 04 Sep 2023 08:17:06 GMT","end":"Mon, 27 Nov 2023 08:17:05 GMT"},"fingerprint":{"sha1":"BB:B9:27:FB:7D:F3:A7:1A:57:CC:23:F8:42:E9:10:BE:59:7E:1F:D4","sha256":"A9:F7:73:1B:19:78:99:25:CA:BE:6B:9D:6F:AC:88:C6:A5:E1:25:D5:09:C0:80:B7:A6:FD:7B:E8:67:A5:66:37"}}},"request":{"raw":"GET /v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico\u0026hl=en\u0026ifkv=AYZoVhdfjNjuu2iAIXBzr9FthCt5M6NSfUCI5IQq839DI5VRUwj0Ap5VVWl3cMiYiSnjK_oQoygh\u0026passive=true\u0026service=youtube\u0026uilel=3\u0026flowName=GlifWebSignIn\u0026flowEntry=ServiceLogin\u0026dsh=S-1929026816%3A1695498458204218\u0026theme=glif HTTP/1.1\r\nHost: accounts.google.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.upload.ee/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 403 Forbidden\r\ncontent-type: text/html; charset=utf-8\r\ncache-control: no-cache, no-store, max-age=0, must-revalidate\r\npragma: no-cache\r\nexpires: Mon, 01 Jan 1990 00:00:00 GMT\r\ndate: Sat, 23 Sep 2023 19:47:38 GMT\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-opener-policy-report-only: same-origin; report-to=\"AccountsSignInUi\"\r\naccept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version\r\npermissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*\r\nreport-to: {\"group\":\"AccountsSignInUi\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi\"}]}\r\ncontent-security-policy: script-src 'nonce-7ULxO-WgF10AAHnotxfNaQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-20T09:12:38.992731Z","times_seen":15478837,"resource_available":true,"data":null}},"time_used":34,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":34,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s.ocdn.ee/scripts/ads.js","fqdn":"s.ocdn.ee","domain":"ocdn.ee","tld":"ee"},"ip":{"addr":"172.67.72.48","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://static.bepolite.eu/banners/90ac743b-5183-4800-8e6d-04f4da7f04db/index.html?click_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3Dhttps%253A%252F%252Fomegalaen.ee%252F\u0026dynamic_url=https%3A%2F%2Fserving.bepolite.eu%2Fevent%3Fkey%3DFYFWuDany3hwv6rfuoAYF2DO36Cy1rSJ9HvbbDxuFt6JZ4hTeyqsU3e5fLf7frZ8IOQAvodW3VlKh_6qKJusBL8OWL-H4Zj63zhH8Zg2AW0mocP24xjRW3enNxSn81TGUGzIVKWn-kpD_RLDTKHNwH_ZJ-oN80VUQK--pGCjgTfzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DzAsldtloP15H-2-eBuRKANfyNR2ImI5kj3egSL0rDtGKjucy7Nkro6ZefTg8kTra5hY8OvOxWaQQS9P0iYfnngZXtFEp1ljuqs475VAp1Q%26clink%3D\u0026f=https%3A%2F%2Fstatic.bepolite.eu%2Fbanners%2F90ac743b-5183-4800-8e6d-04f4da7f04db%2Findex.html\u0026clink=https%3A%2F%2Fomegalaen.ee%2F\u0026banner_id=01f29e526a8840cb8c6ba9cd7a9e949950dd7b0f4105441f8f6018cc3fcb090c\u0026bg=transparent\u0026w=1000\u0026h=400\u0026locale=Display%20Estonia-EST\u0026info=https%3A%2F%2Fdigital.tv3.ee%2Fbepolite-id%2F%3Futm_src%3Dbanner","date":"2023-09-23T19:47:39.568Z","timestamp":1695498459568,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sni.cloudflaressl.com","organization":"Cloudflare, Inc."},"issuer":{"commonName":"Cloudflare Inc ECC CA-3","organization":"Cloudflare, Inc."},"validity":{"start":"Tue, 28 Feb 2023 00:00:00 GMT","end":"Tue, 27 Feb 2024 23:59:59 GMT"},"fingerprint":{"sha1":"3B:7A:83:10:43:05:3D:7B:69:D4:84:4A:8D:D5:0C:82:00:95:97:E4","sha256":"DD:BD:E8:7B:92:B2:4B:94:C8:59:85:BD:FE:34:F5:EC:A3:F2:A5:D5:1F:4B:28:C5:69:42:1E:C6:4A:81:DF:E0"}}},"request":{"raw":"GET /scripts/ads.js HTTP/1.1\r\nHost: s.ocdn.ee\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static.bepolite.eu/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 23 Sep 2023 19:47:39 GMT\r\ncontent-type: application/javascript\r\ncache-control: public, max-age=15552000\r\ncf-bgj: minify\r\ncf-polished: origSize=569\r\netag: W/\"b2b3cc89ce80d41:0\"\r\nlast-modified: Tue, 20 Nov 2018 12:42:46 GMT\r\nx-cacheable: YES\r\nx-xss-protection: 1; mode=block\r\ncf-cache-status: HIT\r\nage: 9782687\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=LrTMDGGOOZC4GQ2N%2BvYrhXwX6bbvbmrz5YZYgVFNWgUHDn3gwdje4cnlKTUouhKnOAjTn5%2FVvlb%2FPTOikKL04gllV7fLutLiKWuCkPwJSVwUYD52RVUTo9dq4A%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\ncf-ray: 80b54cfaea0cb51b-OSL\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":502,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (512), with no line terminators","md5":"378127e361bb204d03673d57c5692fef","sha1":"e9d8b368054d1aaffb9410263d1d9e4e12751628","sha256":"fbc90cbd893b4c2d98ec547728e504077636da3f92a4304fb108322242f4cef7","sha512":"522871acc888d2fa8a0aa17dbe3ee7609b9fc097c094ca2f36762750b56b72ab08b5cfe71cf79051a83e161cf5a3e3473371ee21c09f359eb80939715955b563","ssdeep":"","tlshash":"d7f0504030a15468036d54b6653b16aea17eaadf4717d32db870b7ef657820e81c973c","first_seen":"2023-07-01T01:48:36Z","last_seen":"2023-09-23T21:48:03Z","times_seen":1,"resource_available":false,"data":null}},"time_used":53,"timings":{"blocked":22,"dns":1,"connect":1,"send":0,"wait":9,"receive":0,"ssl":17},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico\u0026hl=en\u0026ifkv=AYZoVhemV0JmpLGHdvmrr2VoXiiRLO1WuMf1r-LrU1B-8cjtVUgpXNHNDwVvPAUGrN5KwHhzJrUQ\u0026passive=true\u0026service=mail\u0026uilel=3\u0026flowName=GlifWebSignIn\u0026flowEntry=ServiceLogin\u0026dsh=S2114743945%3A1695498458050990\u0026theme=glif","fqdn":"accounts.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"142.250.74.109","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.upload.ee/files/15671913/MadDuck.exe.html?msg=sess_error","date":"2023-09-23T19:47:38.502Z","timestamp":1695498458502,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google.com","organization":""},"issuer":{"commonName":"GTS CA 1C3","organization":"Google Trust Services LLC"},"validity":{"start":"Mon, 04 Sep 2023 08:17:06 GMT","end":"Mon, 27 Nov 2023 08:17:05 GMT"},"fingerprint":{"sha1":"BB:B9:27:FB:7D:F3:A7:1A:57:CC:23:F8:42:E9:10:BE:59:7E:1F:D4","sha256":"A9:F7:73:1B:19:78:99:25:CA:BE:6B:9D:6F:AC:88:C6:A5:E1:25:D5:09:C0:80:B7:A6:FD:7B:E8:67:A5:66:37"}}},"request":{"raw":"GET /v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico\u0026hl=en\u0026ifkv=AYZoVhemV0JmpLGHdvmrr2VoXiiRLO1WuMf1r-LrU1B-8cjtVUgpXNHNDwVvPAUGrN5KwHhzJrUQ\u0026passive=true\u0026service=mail\u0026uilel=3\u0026flowName=GlifWebSignIn\u0026flowEntry=ServiceLogin\u0026dsh=S2114743945%3A1695498458050990\u0026theme=glif HTTP/1.1\r\nHost: accounts.google.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.upload.ee/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 403 Forbidden\r\ncontent-type: text/html; charset=utf-8\r\ncache-control: no-cache, no-store, max-age=0, must-revalidate\r\npragma: no-cache\r\nexpires: Mon, 01 Jan 1990 00:00:00 GMT\r\ndate: Sat, 23 Sep 2023 19:47:38 GMT\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-opener-policy-report-only: same-origin; report-to=\"AccountsSignInUi\"\r\npermissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*\r\nreport-to: {\"group\":\"AccountsSignInUi\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi\"}]}\r\ncontent-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-VpQwUC4hlh5uD6hDb0BQGQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist\r\naccept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-20T09:12:38.992731Z","times_seen":15478837,"resource_available":true,"data":null}},"time_used":34,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":34,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}