reconshell.com Open in urlscan Pro
18.158.98.109 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
Submission: On April 25 via api (April 25th 2022, 8:24:14 pm UTC) from US — Scanned from DE

Summary HTTP 166 Redirects Links 20 Behaviour Indicators

Summary

This website contacted 31 IPs in 5 countries across 26 domains to perform 166 HTTP transactions. The main IP is 18.158.98.109, located in Frankfurt am Main, Germany and belongs to AMAZON-02, US. The main domain is reconshell.com.
TLS certificate: Issued by R3 on April 24th 2022. Valid for: 3 months.

This is the only time reconshell.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
75	18.158.98.109 18.158.98.109	16509 (AMAZON-02) (AMAZON-02)
8	142.251.37.98 142.251.37.98	15169 (GOOGLE) (GOOGLE)
1	2a06:98c1:312... 2a06:98c1:3120::7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:802::200a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:813::2008	15169 (GOOGLE) (GOOGLE)
1	2a04:fa87:fff... 2a04:fa87:fffe::c000:4902	2635 (AUTOMATTIC) (AUTOMATTIC)
7	2a00:1450:400... 2a00:1450:4001:812::2003	15169 (GOOGLE) (GOOGLE)
4	148.251.1.246 148.251.1.246	24940 (HETZNER-AS) (HETZNER-AS)
1	2606:50c0:800... 2606:50c0:8002::154	54113 (FASTLY) (FASTLY)
1	2600:9000:214... 2600:9000:214f:ec00:2:cb38:840:93a1	16509 (AMAZON-02) (AMAZON-02)
3	2620:116:800d... 2620:116:800d:21:36a9:ecb:e518:b308	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:803::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82b::2001	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:802::200e	15169 (GOOGLE) (GOOGLE)
1	2600:9000:206... 2600:9000:206f:7400:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02)
10	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:810::2001	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:800::2004	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:809::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82a::200a	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:400f:801::2003	15169 (GOOGLE) (GOOGLE)
1	74.125.133.156 74.125.133.156	15169 (GOOGLE) (GOOGLE)
1 1	169.50.137.182 169.50.137.182	36351 (SOFTLAYER) (SOFTLAYER)
5	142.250.179.194 142.250.179.194	15169 (GOOGLE) (GOOGLE)
1	66.155.71.25 66.155.71.25	13768 (COGECO-PEER1) (COGECO-PEER1)
1 1	35.190.0.66 35.190.0.66	15169 (GOOGLE) (GOOGLE)
2 2	135.125.160.77 135.125.160.77	16276 (OVH) (OVH)
1 1	2a05:d018:d29... 2a05:d018:d29:3601:a361:57c8:93b7:1576	() ()
1	34.243.30.211 34.243.30.211	() ()
2	52.208.76.16 52.208.76.16	() ()
1 1	2a00:1450:400... 2a00:1450:4001:830::200e	() ()
2	2a00:1450:400... 2a00:1450:4001:17::a	() ()
1	2a00:1450:400... 2a00:1450:4001:82f::2006	() ()
1	152.195.15.58 152.195.15.58	() ()
166	31

75 18.158.98.109 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-158-98-109.eu-central-1.compute.amazonaws.com

reconshell.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 142.251.37.98 (United States)

ASN15169 (GOOGLE, US)
PTR: prg03s13-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a06:98c1:3120::7 (United States)

ASN13335 (CLOUDFLARENET, US)

go.ezodn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:802::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:813::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:fa87:fffe::c000:4902 (Ireland)

ASN2635 (AUTOMATTIC, US)

secure.gravatar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:812::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 148.251.1.246 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.246.1.251.148.clients.your-server.de

ad.a-ads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static.a-ads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:50c0:8002::154 (United States)

ASN54113 (FASTLY, US)

user-images.githubusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:214f:ec00:2:cb38:840:93a1 (United States)

ASN16509 (AMAZON-02, US)

go.ezoic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:116:800d:21:36a9:ecb:e518:b308 (United States)

ASN16509 (AMAZON-02, US)

secure.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:803::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

32c91d654afcf12d09422dfe84c59098.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:802::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:206f:7400:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:810::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:800::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:809::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:400f:801::2003 (Ireland)

ASN15169 (GOOGLE, US)

csi.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 74.125.133.156 (United States)

ASN15169 (GOOGLE, US)
PTR: wo-in-f156.1e100.net

bid.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 169.50.137.182 (United States) 1 redirects

ASN36351 (SOFTLAYER, US)
PTR: b6.89.32a9.ip4.static.sl-reverse.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 142.250.179.194 (United States)

ASN15169 (GOOGLE, US)
PTR: ams15s42-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 66.155.71.25 (Portsmouth, United Kingdom)

ASN13768 (COGECO-PEER1, CA)

pixel-sync.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.0.66 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 66.0.190.35.bc.googleusercontent.com

ads.travelaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 135.125.160.77 (France) 2 redirects

ASN16276 (OVH, FR)
PTR: ns3195934.ip-135-125-160.eu

c.eu1.dyntrk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d018:d29:3601:a361:57c8:93b7:1576 (None, ) 1 redirects

ASN- ()

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.243.30.211 (None, )

ASN- ()

ads.yieldmo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.208.76.16 (None, )

ASN- ()

unified.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::200e (None, ) 1 redirects

ASN- ()

gcdn.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:17::a (None, )

ASN- ()

r5---sn-4g5ednde.c.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::2006 (None, )

ASN- ()

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 152.195.15.58 (None, )

ASN- ()

cdn.bizibly.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
75	reconshell.com reconshell.com	913 KB
19	googlesyndication.com 32c91d654afcf12d09422dfe84c59098.safeframe.googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 96 tpc.googlesyndication.com — Cisco Umbrella Rank: 127 ade.googlesyndication.com Failed	95 KB
16	doubleclick.net securepubads.g.doubleclick.net — Cisco Umbrella Rank: 174 bid.g.doubleclick.net — Cisco Umbrella Rank: 473 cm.g.doubleclick.net — Cisco Umbrella Rank: 195 googleads.g.doubleclick.net googleads4.g.doubleclick.net Failed	192 KB
12	gstatic.com fonts.gstatic.com csi.gstatic.com	153 KB
5	google.com adservice.google.com — Cisco Umbrella Rank: 64 www.google.com — Cisco Umbrella Rank: 2	2 KB
4	2mdn.net 1 redirects gcdn.2mdn.net r5---sn-4g5ednde.c.2mdn.net s0.2mdn.net	2 KB
4	a-ads.com ad.a-ads.com — Cisco Umbrella Rank: 29976 static.a-ads.com — Cisco Umbrella Rank: 43443	843 KB
4	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 39 imasdk.googleapis.com — Cisco Umbrella Rank: 411	125 KB
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 35	20 KB
3	google.de adservice.google.de — Cisco Umbrella Rank: 9242	1 KB
3	quantserve.com secure.quantserve.com — Cisco Umbrella Rank: 892 pixel.quantserve.com — Cisco Umbrella Rank: 398 cms.quantserve.com — Cisco Umbrella Rank: 1043	11 KB
2	adsafeprotected.com unified.adsafeprotected.com pixel.adsafeprotected.com Failed	5 KB
2	dyntrk.com 2 redirects c.eu1.dyntrk.com — Cisco Umbrella Rank: 4815	1 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 58	105 KB
1	bizibly.com cdn.bizibly.com	345 B
1	yieldmo.com ads.yieldmo.com	35 B
1	yahoo.com 1 redirects pr-bh.ybp.yahoo.com ups.analytics.yahoo.com Failed	1 KB
1	travelaudience.com 1 redirects ads.travelaudience.com — Cisco Umbrella Rank: 20477	554 B
1	sitescout.com pixel-sync.sitescout.com — Cisco Umbrella Rank: 569	191 B
1	simpli.fi 1 redirects um.simpli.fi — Cisco Umbrella Rank: 765	715 B
1	quantcount.com rules.quantcount.com — Cisco Umbrella Rank: 833	429 B
1	ezoic.net go.ezoic.net — Cisco Umbrella Rank: 8162	2 KB
1	githubusercontent.com user-images.githubusercontent.com — Cisco Umbrella Rank: 11010
1	gravatar.com secure.gravatar.com — Cisco Umbrella Rank: 1620	1 KB
1	ezodn.com go.ezodn.com — Cisco Umbrella Rank: 7726	100 KB
0	atdmt.com Failed ad.atdmt.com Failed
166	26

	Domain	Requested by
75	reconshell.com	reconshell.com
10	pagead2.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com 32c91d654afcf12d09422dfe84c59098.safeframe.googlesyndication.com
8	securepubads.g.doubleclick.net	reconshell.com securepubads.g.doubleclick.net 32c91d654afcf12d09422dfe84c59098.safeframe.googlesyndication.com
7	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com 32c91d654afcf12d09422dfe84c59098.safeframe.googlesyndication.com imasdk.googleapis.com
7	fonts.gstatic.com	fonts.googleapis.com
5	cm.g.doubleclick.net	32c91d654afcf12d09422dfe84c59098.safeframe.googlesyndication.com
5	csi.gstatic.com	imasdk.googleapis.com
3	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
3	adservice.google.com	securepubads.g.doubleclick.net
3	adservice.google.de	securepubads.g.doubleclick.net
2	googleads.g.doubleclick.net
2	r5---sn-4g5ednde.c.2mdn.net
2	unified.adsafeprotected.com	imasdk.googleapis.com
2	c.eu1.dyntrk.com	2 redirects
2	imasdk.googleapis.com	32c91d654afcf12d09422dfe84c59098.safeframe.googlesyndication.com
2	www.google.com	tpc.googlesyndication.com 32c91d654afcf12d09422dfe84c59098.safeframe.googlesyndication.com
2	32c91d654afcf12d09422dfe84c59098.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	static.a-ads.com	ad.a-ads.com
2	ad.a-ads.com	reconshell.com
2	www.googletagmanager.com	reconshell.com
2	fonts.googleapis.com	reconshell.com 32c91d654afcf12d09422dfe84c59098.safeframe.googlesyndication.com
1	cdn.bizibly.com
1	s0.2mdn.net
1	gcdn.2mdn.net	1 redirects
1	ads.yieldmo.com	32c91d654afcf12d09422dfe84c59098.safeframe.googlesyndication.com
1	pr-bh.ybp.yahoo.com	1 redirects
1	ads.travelaudience.com	1 redirects
1	pixel-sync.sitescout.com	32c91d654afcf12d09422dfe84c59098.safeframe.googlesyndication.com
1	um.simpli.fi	1 redirects
1	cms.quantserve.com	32c91d654afcf12d09422dfe84c59098.safeframe.googlesyndication.com
1	bid.g.doubleclick.net	imasdk.googleapis.com
1	pixel.quantserve.com	reconshell.com
1	rules.quantcount.com	secure.quantserve.com
1	secure.quantserve.com	reconshell.com
1	go.ezoic.net	reconshell.com
1	user-images.githubusercontent.com	reconshell.com
1	secure.gravatar.com	reconshell.com
1	go.ezodn.com	reconshell.com
0	ups.analytics.yahoo.com Failed
0	ad.atdmt.com Failed
0	googleads4.g.doubleclick.net Failed
0	pixel.adsafeprotected.com Failed
0	ade.googlesyndication.com Failed
166	43

This site contains links to these domains. Also see Links.

Domain
silktide.com
facebook.com
twitter.com
t.me
cve.reconshell.com
share.reconshell.com
feeds.reconshell.com
crackmyhash.com
www.linkedin.com
github.com
www.exploit-db.com
www.facebook.com
pinterest.com
www.ezoic.com

Subject Issuer	Validity	Valid
reconshell.com R3	`2022-04-24` - `2022-07-23`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-04-11` - `2022-07-04`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-05` - `2022-07-04`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-04-11` - `2022-07-04`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-04-11` - `2022-07-04`	3 months	crt.sh
*.gravatar.com Sectigo RSA Domain Validation Secure Server CA	`2020-08-14` - `2022-11-16`	2 years	crt.sh
*.gstatic.com GTS CA 1C3	`2022-04-11` - `2022-07-04`	3 months	crt.sh
*.a-ads.com Sectigo ECC Domain Validation Secure Server CA	`2021-12-08` - `2023-01-08`	a year	crt.sh
*.github.com DigiCert TLS RSA SHA256 2020 CA1	`2022-04-07` - `2023-04-07`	a year	crt.sh
*.ezoic.net Amazon	`2022-01-16` - `2023-02-14`	a year	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2021-09-22` - `2022-09-21`	a year	crt.sh
*.google.de GTS CA 1C3	`2022-04-11` - `2022-07-04`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-04-11` - `2022-07-04`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-04-11` - `2022-07-04`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-04-11` - `2022-07-04`	3 months	crt.sh
*.sitescout.com GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1	`2021-12-15` - `2023-01-15`	a year	crt.sh
*.yieldmo.com Amazon	`2022-04-25` - `2023-05-24`	a year	crt.sh
wrapper-vast.adsafeprotected.com Amazon	`2021-11-18` - `2022-12-16`	a year	crt.sh
*.c.docs.google.com GTS CA 1C3	`2022-04-12` - `2022-06-21`	2 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-04-11` - `2022-07-04`	3 months	crt.sh
io.bizible.com DigiCert TLS RSA SHA256 2020 CA1	`2021-06-30` - `2022-07-05`	a year	crt.sh

This page contains 9 frames:

Primary Page: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
Frame ID: E230E04382AEF5B6CDD90B7337B74E78
Requests: 118 HTTP requests in this frame

Frame: https://ad.a-ads.com/1946581?size=728x90
Frame ID: BE65D641F6B9BC2D3AC99C925CA56DF7
Requests: 3 HTTP requests in this frame

Frame: https://ad.a-ads.com/1949226?size=728x90
Frame ID: 35E84EB11B37F740BD0FC97C34F64569
Requests: 3 HTTP requests in this frame

Frame: https://32c91d654afcf12d09422dfe84c59098.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: FBD9C1C8AD0FF7A8246CC4DCF4773C62
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 6B3EB09BDFE65AC90522213E10C3A5C2
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 842AA186EBD9BF78DC519FF639C1EE81
Requests: 2 HTTP requests in this frame

Frame: https://32c91d654afcf12d09422dfe84c59098.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 4A06EB9C87FEFBC5A484707E5CAF7CC5
Requests: 35 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 46CFC65ADFCCF1542C2BDF0E63A71E58
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html
Frame ID: 7522B167DE6FF98D87591C8A137A679C
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

CVE-2022-29072 Windows Privilege Escalation - Penetration Testing Tools, ML and Linux Tutorials

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

OWL Carousel (Widgets) Expand

Overall confidence: 100%
Detected patterns

owl\.carousel.*\.js

Osano (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cookieconsent\.min\.js

Quantcast Measure (Analytics) Expand

Overall confidence: 100%
Detected patterns

\.quantserve\.com/quant\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

166
Requests

93 %
HTTPS

66 %
IPv6

26
Domains

43
Subdomains

31
IPs

5
Countries

2569 kB
Transfer

6577 kB
Size

29
Cookies

20 Outgoing links

These are links going to different origins than the main page.

URL: http://silktide.com/cookieconsent
Title: Cookie Consent plugin for the EU cookie law

Search URL Search Domain Scan URL

URL: https://facebook.com/reconshell

Search URL Search Domain Scan URL

URL: https://twitter.com/reconshell

Search URL Search Domain Scan URL

URL: https://t.me/reconshell

Search URL Search Domain Scan URL

URL: https://cve.reconshell.com/
Title: CVE

Search URL Search Domain Scan URL

URL: https://share.reconshell.com/
Title: Share

Search URL Search Domain Scan URL

URL: https://feeds.reconshell.com/
Title: News

Search URL Search Domain Scan URL

URL: https://crackmyhash.com/
Title: CrackMyHash

Search URL Search Domain Scan URL

URL: https://cve.reconshell.com/cve/CVE-2022-29072
Title: CVE-2022-29072

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/in/kagancapar/
Title: Kağan Çapar

Search URL Search Domain Scan URL

URL: https://github.com/kagancapar/CVE-2022-29072#cve-2022-29072

Search URL Search Domain Scan URL

URL: https://www.exploit-db.com/exploits/47526
Title: https://www.exploit-db.com/exploits/47526

Search URL Search Domain Scan URL

URL: https://github.com/kagancapar/CVE-2022-29072#%C3%B6nemli-not

Search URL Search Domain Scan URL

URL: https://github.com/kagancapar/CVE-2022-29072#al%C4%B1nabilecek-%C3%B6nlem

Search URL Search Domain Scan URL

URL: https://github.com/kagancapar/CVE-2022-29072#sigma-kural%C4%B1

Search URL Search Domain Scan URL

URL: https://github.com/kagancapar/CVE-2022-29072
Title: Source from

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer.php?u=https%3A%2F%2Freconshell.com%2Fcve-2022-29072-windows-privilege-escalation%2F
Title: Share on Facebook

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?text=CVE-2022-29072+Windows+Privilege+Escalation&url=https%3A%2F%2Freconshell.com%2Fcve-2022-29072-windows-privilege-escalation%2F&via=reconshell
Title: Share on Twitter

Search URL Search Domain Scan URL

URL: https://pinterest.com/pin/create/button/?url=https%3A%2F%2Freconshell.com%2Fcve-2022-29072-windows-privilege-escalation%2F&media=https://reconshell.com/wp-content/uploads/2022/04/windows-0day-exploit.png&description=CVE-2022-29072+Windows+Privilege+Escalation
Title: Share on Pinterest

Search URL Search Domain Scan URL

URL: https://www.ezoic.com/what-is-ezoic/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 141

https://um.simpli.fi/gp_match?google_gid=CAESEBLKkrLQTWj_wjnR6B18dIc&google_cver=1&google_push=AYg5qPINrecWpHr_yIeoXFRAem41yVAwQnlF4z4PcQlp13AkeijUB64pTZoG9_8lMck8IDOSFLZIyKw1prZkBBxyYAF9LxGtwHyvZw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=C03414BBC46D4D59A9C88C5E49DBC6C7&google_push=AYg5qPINrecWpHr_yIeoXFRAem41yVAwQnlF4z4PcQlp13AkeijUB64pTZoG9_8lMck8IDOSFLZIyKw1prZkBBxyYAF9LxGtwHyvZw

Request Chain 143

https://ads.travelaudience.com/google_pixel?google_gid=CAESEAqcwAqljwat6kyMs7SvuDM&google_cver=1&google_push=AYg5qPIApZBW9-QOuZZxhbDbQiO9H43I1IHCxdfai7aRQb0QbIMagXbMdWh20kavMhpG6CUr0MA8l15n11FXGK4Z86Qwu86s2LF9 HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=OkuWLAh3SiW84Rq3qfrwIw2&google_push=AYg5qPIApZBW9-QOuZZxhbDbQiO9H43I1IHCxdfai7aRQb0QbIMagXbMdWh20kavMhpG6CUr0MA8l15n11FXGK4Z86Qwu86s2LF9

Request Chain 144

https://c.eu1.dyntrk.com/adx/ga/us.php?dynk=ga2ex&google_gid=CAESEO8cv8NpXpK3uqU0goxNxZg&google_cver=1&google_push=AYg5qPJt4aAswXvi8qYw5RCnPloi40Z7a_bPCZ5xFapshf5I5fNoX9gTLzCzKABPFJEI-VYXhHcJnUgJguWy8G06ZelNOW6Wrv2Ydw HTTP 302
https://c.eu1.dyntrk.com/adx/ga/us.php?dynk=ga2ex&google_gid=CAESEO8cv8NpXpK3uqU0goxNxZg&google_cver=1&google_push=AYg5qPJt4aAswXvi8qYw5RCnPloi40Z7a_bPCZ5xFapshf5I5fNoX9gTLzCzKABPFJEI-VYXhHcJnUgJguWy8G06ZelNOW6Wrv2Ydw&prevuid=&knw= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=dynadmic&google_push=AYg5qPJt4aAswXvi8qYw5RCnPloi40Z7a_bPCZ5xFapshf5I5fNoX9gTLzCzKABPFJEI-VYXhHcJnUgJguWy8G06ZelNOW6Wrv2Ydw&google_hm=

Request Chain 145

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEHk58u3wydFelBgHqZWp7Ws&google_cver=1&google_push=AYg5qPLPDfyaYJscSeDxVU6rfsNlBH8esX-XSxzHA9iTFcGXlKcFdfa6Z92hKz9K_Rf_BKfrJD2xYPKBMtxVfvDGEDFIm7KPjOlEEw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AYg5qPLPDfyaYJscSeDxVU6rfsNlBH8esX-XSxzHA9iTFcGXlKcFdfa6Z92hKz9K_Rf_BKfrJD2xYPKBMtxVfvDGEDFIm7KPjOlEEw&google_hm=ODIyODkwNDIyOTg4MDgxNTg4Mw%3D%3D

Request Chain 150

https://gcdn.2mdn.net/videoplayback/id/e1b0403f88f635aa/itag/343/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3790482112/sparams/id,itag,source,ctier,acao,ip,ipbits,expire/signature/2BE613DE2FC4A5AA3ECFB2A3CDA00789292219FD.387BFC21D2CF0600F527BFA7594BDBD1BCB105E6/key/ck2/file/file.mp4 HTTP 302
https://r5---sn-4g5ednde.c.2mdn.net/videoplayback/id/e1b0403f88f635aa/itag/343/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3790482112/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/33DB896396FEC70F48989B355429D1414AA862F7.53761EC526632302BB6FEAB37E40B3D3649ED256/key/cms1/cms_redirect/yes/mh/Ij/mip/2001:1b60:1010:3:1012:caad:6eed:1f9/mm/42/mn/sn-4g5ednde/ms/onc/mt/1650917933/mv/u/mvi/5/pl/29/file/file.mp4

Request Chain 169

https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOrkQEQupmXARjEpvuvASABMAE&v=APEucNWlcc4tmDtgANRc4ZPPO-WnfBvFmJ8J4CmtRm0aeFZFsxzOeRiATKdcp_phukS1SNi2WTfphDrumoT8fr5w2-nrVHqz7Q HTTP 302
https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true

166 HTTP transactions
11 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
reconshell.com/cve-2022-29072-windows-privilege-escalation/ 293 KB
44 KB 2376ms
2303ms Document
text/html 18.158.98.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software: nginx / PHP/7.4.29, PleskLin
Resource Hash: b409169eaf0e4a2a819d803de3c58c43b09e177d4aa8cb757cef6a5560749b21

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private, max-age=0, must-revalidate, no-cache, no-store
content-encoding: br
content-type: text/html; charset=UTF-8
date: Mon, 25 Apr 2022 20:24:05 GMT
display: pub_site_sol
expires: Sun, 24 Apr 2022 20:24:07 GMT
link: <https://reconshell.com/wp-json/>; rel="https://api.w.org/", <https://reconshell.com/wp-json/wp/v2/posts/8503>; rel="alternate"; type="application/json", <https://reconshell.com/?p=8503>; rel=shortlink
pagespeed: off
response: 200
server: nginx
vary: Accept-Encoding Accept-Encoding
x-ezoic-cdn: Bypass
x-middleton-display: pub_site_sol
x-middleton-response: 200
x-origin-cache-control
x-powered-by: PHP/7.4.29, PleskLin
x-sol: pub_site

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 83 KB
28 KB 164ms
86ms Script
text/javascript 142.251.37.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: reconshell.com
URL: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.37.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

prg03s13-in-f2.1e100.net

Software

sffe /

Resource Hash

fe02a25556ac05dbe05dff8ec58cf0e0aefc22efbe93a4025958666d5bfaf29c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 20:24:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28545
x-xss-protection: 0
server: sffe
etag: "1197 / 151 of 1000 / last-modified: 1650903517"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 25 Apr 2022 20:24:07 GMT

GET
H2 200 dall.js Show response
go.ezodn.com/hb/ 347 KB
100 KB 110ms
58ms Script
application/javascript 2a06:98c1:3120::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go.ezodn.com/hb/dall.js?b=adyoulike,amx,criteo,oftmedia,onemobile,onetag,pubmatic,pulsepoint,sharethrough,smilewanted,yahoossp,yieldmo&cb=195-0-37
Requested by: Host: reconshell.com
URL: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1f1aa39826afa4ac3c1a517a7d1ed5f262053dae433880655e7143fd0a1f405e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 20:24:07 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 07 Apr 2022 03:44:32 GMT
server: cloudflare
age: 1615175
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TaabsyCyMGT4D9a%2F4wPACBDnDlUsSV%2B6WJWKN%2F6LwDvDtBmwPC3dRb331cberiDblmZJab1H4o2Isf8uEDyrHkXq624d9FUxIOG6OUkzGcjdiRngL4%2BdVWVs6pPxqWPgndWpu3JsD06P3FQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 7019cce78afb904f-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 banger.js Show response
reconshell.com/porpoiseant/ 53 KB
12 KB 50ms
47ms Script
application/javascript 18.158.98.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reconshell.com/porpoiseant/banger.js?cb=195-0&bv=110&v=58&PageSpeed=off
Requested by: Host: reconshell.com
URL: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software: Apache/2.4.39 (Ubuntu) /
Resource Hash: f7aeef8cac418d768be803b21fc422756691d0f45dd969866d134b61489d1cf9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 20:24:08 GMT
content-encoding: br
server: Apache/2.4.39 (Ubuntu)
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
x-middleton-display: sol-js
cache-control: max-age=31536000, public
x-robots-tag: noindex

GET
H2 200 wp-emoji-release.min.js Show response
reconshell.com/wp-includes/js/ 18 KB
5 KB 559ms
555ms Script
application/javascript 18.158.98.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reconshell.com/wp-includes/js/wp-emoji-release.min.js?ver=5.9.3
Requested by: Host: reconshell.com
URL: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software: nginx / PleskLin
Resource Hash: def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 20:24:08 GMT
content-encoding: br
etag: "611fea74-4705-gzip"
response: 200
last-modified: Thu, 21 Apr 2022 14:05:40 GMT
server: nginx
display: staticcontent_sol
x-powered-by: PleskLin
x-origin-cache-control
x-ezoic-cdn: Bypass
content-type: application/javascript
x-middleton-display: staticcontent_sol
cache-control: private, max-age=2143666
x-middleton-response: 200
vary: Accept-Encoding, Origin,Accept-Encoding

GET
H2 200 core.css
reconshell.com/wp-content/plugins/pixwell-core/assets/ 35 KB
5 KB 565ms
563ms Stylesheet
text/css 18.158.98.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reconshell.com/wp-content/plugins/pixwell-core/assets/core.css?ver=7.0
Requested by: Host: reconshell.com
URL: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software: nginx / PleskLin
Resource Hash: bf7299d2d2190861f97423878c241772cbf52460f8d93f7d0594ddd6fb2f75ed

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 20:24:07 GMT
content-encoding: br
x-sol: orig
display: staticcontent_sol, orig_site_sol
x-powered-by: PleskLin
x-ezoic-cdn: Bypass
x-middleton-display: staticcontent_sol, orig_site_sol
x-middleton-response: 200
x-origin-cache-control
response: 200
last-modified: Thu, 21 Apr 2022 14:05:40 GMT
server: nginx
etag: "607a5d05-8bbc-gzip"
vary: Accept-Encoding, Origin,Accept-Encoding
content-type: text/css
cache-control: private, max-age=2592000

GET
H2 200 style.min.css
reconshell.com/wp-includes/css/dist/block-library/ 81 KB
10 KB 635ms
633ms Stylesheet
text/css 18.158.98.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reconshell.com/wp-includes/css/dist/block-library/style.min.css?ver=5.9.3
Requested by: Host: reconshell.com
URL: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software: nginx / PleskLin
Resource Hash: cdbdaa122823601390c7dcbdd1afde33c2f1a432b8c5ff025c6137ee99ba541a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 20:24:07 GMT
content-encoding: br
x-sol: orig
display: staticcontent_sol, orig_site_sol
x-powered-by: PleskLin
x-ezoic-cdn: Bypass
x-middleton-display: staticcontent_sol, orig_site_sol
x-middleton-response: 200
x-origin-cache-control
response: 200
last-modified: Thu, 21 Apr 2022 14:05:40 GMT
server: nginx
etag: "624d2e4c-145db-gzip"
vary: Accept-Encoding, Origin,Accept-Encoding
content-type: text/css
cache-control: private, max-age=169295

GET
H2 200 styles.css
reconshell.com/wp-content/plugins/contact-form-7/includes/css/ 3 KB
1009 B 386ms
384ms Stylesheet
text/css 18.158.98.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reconshell.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.5.6
Requested by: Host: reconshell.com
URL: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software: nginx / PleskLin
Resource Hash: e50f9ccd2d6582a58ba1879fa578e60d25fea4c5eedc07deafd14482b2403181

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 20:24:07 GMT
content-encoding: br
x-sol: orig
display: staticcontent_sol, orig_site_sol
x-powered-by: PleskLin
x-ezoic-cdn: Bypass
x-middleton-display: staticcontent_sol, orig_site_sol
x-middleton-response: 200
content-length: 849
x-origin-cache-control
response: 200
last-modified: Thu, 21 Apr 2022 14:05:40 GMT
server: nginx
etag: "62165ee9-aab-gzip"
vary: Accept-Encoding, Origin,Accept-Encoding
content-type: text/css
cache-control: private, max-age=528499

GET
H2 200 dashicons.min.css
reconshell.com/wp-includes/css/ 58 KB
34 KB 650ms
648ms Stylesheet
text/css 18.158.98.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reconshell.com/wp-includes/css/dashicons.min.css?ver=5.9.3
Requested by: Host: reconshell.com
URL: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software: nginx / PleskLin
Resource Hash: c21e5a2b32c47bc5f9d9efc97bc0e29fd081946d1d3ebffc5621cfafb1d3960e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 20:24:07 GMT
content-encoding: br
x-sol: orig
display: staticcontent_sol, orig_site_sol
x-powered-by: PleskLin
x-ezoic-cdn: Bypass
x-middleton-display: staticcontent_sol, orig_site_sol
x-middleton-response: 200
x-origin-cache-control
response: 200
last-modified: Thu, 21 Apr 2022 14:05:40 GMT
server: nginx
etag: "6077d93f-e688-gzip"
vary: Accept-Encoding, Origin,Accept-Encoding
content-type: text/css
cache-control: private, max-age=2592000

GET
H2 200 frontend.css
reconshell.com/wp-content/plugins/post-views-counter/css/ 289 B
244 B 415ms
413ms Stylesheet
text/css 18.158.98.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reconshell.com/wp-content/plugins/post-views-counter/css/frontend.css?ver=1.3.11
Requested by: Host: reconshell.com
URL: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software: nginx / PleskLin
Resource Hash: f46d96d805c7e9e467422dfe516c43edb4632c0273cea26722fee7ba885f869e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 20:24:07 GMT
content-encoding: br
x-sol: orig
display: staticcontent_sol, orig_site_sol
x-powered-by: PleskLin
x-ezoic-cdn: Bypass
x-middleton-display: staticcontent_sol, orig_site_sol
x-middleton-response: 200
content-length: 150
x-origin-cache-control
response: 200
last-modified: Thu, 21 Apr 2022 14:05:40 GMT
server: nginx
etag: "121-5d77ad0968613-gzip"
vary: Accept-Encoding, Origin,Accept-Encoding
content-type: text/css
x-accel-version: 0.01
cache-control: private, max-age=662087

GET
H2 200 form-basic.css
reconshell.com/wp-content/plugins/mailchimp-for-wp/assets/css/ 2 KB
536 B 412ms
411ms Stylesheet
text/css 18.158.98.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reconshell.com/wp-content/plugins/mailchimp-for-wp/assets/css/form-basic.css?ver=4.8.7
Requested by: Host: reconshell.com
URL: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software: nginx / PleskLin
Resource Hash: 874e5cb8757149fb23cff7ad37bdca20efbe22dc81ed2e24da4afc3d9928db72

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 20:24:07 GMT
content-encoding: br
x-sol: orig
display: staticcontent_sol, orig_site_sol
x-powered-by: PleskLin
x-ezoic-cdn: Bypass
x-middleton-display: staticcontent_sol, orig_site_sol
x-middleton-response: 200
content-length: 461
x-origin-cache-control
response: 200
last-modified: Thu, 21 Apr 2022 14:05:40 GMT
server: nginx
etag: "622042f1-692-gzip"
vary: Accept-Encoding, Origin,Accept-Encoding
content-type: text/css
cache-control: private, max-age=463679

GET
H2 200 main.css
reconshell.com/wp-content/themes/pixwell/assets/css/ 401 KB
51 KB 864ms
863ms Stylesheet
text/css 18.158.98.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reconshell.com/wp-content/themes/pixwell/assets/css/main.css?ver=7.0
Requested by: Host: reconshell.com
URL: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software: nginx / PleskLin
Resource Hash: 1a2607e7e1cf536e8bbf0c90c0165e4d6e00e55ce7d8df109c7c2267bec64ca3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 20:24:07 GMT
content-encoding: br
x-sol: orig
display: staticcontent_sol, orig_site_sol
x-powered-by: PleskLin
x-ezoic-cdn: Bypass
x-middleton-display: staticcontent_sol, orig_site_sol
x-middleton-response: 200
x-origin-cache-control
response: 200
last-modified: Thu, 21 Apr 2022 14:05:40 GMT
server: nginx
etag: "607a5c76-6454c-gzip"
vary: Accept-Encoding, Origin,Accept-Encoding
content-type: text/css
cache-control: private, max-age=2592000

GET
H2 200 style.css
reconshell.com/wp-content/themes/pixwell/ 448 B
306 B 396ms
395ms Stylesheet
text/css 18.158.98.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reconshell.com/wp-content/themes/pixwell/style.css?ver=7.0
Requested by: Host: reconshell.com
URL: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software: nginx / PleskLin
Resource Hash: 93bb2c7479294f878b3c23c97f7c5393d73af10322a88dd71059645ac6fd14f7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 20:24:07 GMT
content-encoding: br
x-sol: orig
display: staticcontent_sol, orig_site_sol
x-powered-by: PleskLin
x-ezoic-cdn: Bypass
x-middleton-display: staticcontent_sol, orig_site_sol
x-middleton-response: 200
content-length: 212
x-origin-cache-control
response: 200
last-modified: Thu, 21 Apr 2022 14:05:40 GMT
server: nginx
etag: "1c0-5c0231567d0ec-gzip"
vary: Accept-Encoding, Origin,Accept-Encoding
content-type: text/css
x-accel-version: 0.01
cache-control: private, max-age=2592000

GET
H2 200 css
fonts.googleapis.com/ 27 KB
2 KB 93ms
34ms Stylesheet
text/css 2a00:1450:4001:802::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans%3A300%2C400%2C600%2C700%2C800%2C300italic%2C400italic%2C600italic%2C700italic%2C800italic%7CTitillium+Web%3A600%2C700&font-display=swap&ver=1641491597

Requested by

Host: reconshell.com
URL: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ada063a1033c38aaf39ca6c461a4d11f8b14be0246bcde1a772751b18589ba4a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 25 Apr 2022 20:18:51 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 25 Apr 2022 20:24:07 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 25 Apr 2022 20:24:07 GMT

GET
H2 200 jquery.min.js Show response
reconshell.com/wp-includes/js/jquery/ 87 KB
30 KB 657ms
656ms Script
application/javascript 18.158.98.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reconshell.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
Requested by: Host: reconshell.com
URL: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software: nginx / PleskLin
Resource Hash: bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 20:24:07 GMT
content-encoding: br
etag: "611fea75-15db1-gzip"
response: 200
last-modified: Thu, 21 Apr 2022 14:05:40 GMT
server: nginx
display: staticcontent_sol
x-powered-by: PleskLin
x-origin-cache-control
x-ezoic-cdn: Bypass
content-type: application/javascript
x-middleton-display: staticcontent_sol
cache-control: private, max-age=2143665
x-middleton-response: 200
vary: Accept-Encoding, Origin,Accept-Encoding

GET
H2 200 jquery-migrate.min.js Show response
reconshell.com/wp-includes/js/jquery/ 11 KB
4 KB 396ms
395ms Script
application/javascript 18.158.98.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reconshell.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
Requested by: Host: reconshell.com
URL: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software: nginx / PleskLin
Resource Hash: 029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 20:24:07 GMT
content-encoding: br
x-origin-cache-control
display: staticcontent_sol
x-powered-by: PleskLin
x-ezoic-cdn: Bypass
x-middleton-display: staticcontent_sol
x-middleton-response: 200
content-length: 3998
response: 200
last-modified: Thu, 21 Apr 2022 14:05:40 GMT
server: nginx
etag: "5fb4e3fe-2bd8-gzip"
vary: Accept-Encoding, Origin,Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=2592000

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 98 KB
38 KB 93ms
37ms Script
application/javascript 2a00:1450:4001:813::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-186158772-1

Requested by

Host: reconshell.com
URL: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c340c6ee4270e8ba52d5e4f799886e056a1736dabf080e694c51ca046b5a25a8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 20:24:08 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38792
x-xss-protection: 0
last-modified: Mon, 25 Apr 2022 19:58:12 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 25 Apr 2022 20:24:08 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 180 KB
66 KB 126ms
69ms Script
application/javascript 2a00:1450:4001:813::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-V8R3B4G4T9

Requested by

Host: reconshell.com
URL: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c5abd30fec5b224bc851ecb45f0a55405a51000a6a9c5b6a71c36e76c2fb31b8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 20:24:08 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 67845
x-xss-protection: 0
expires: Mon, 25 Apr 2022 20:24:08 GMT

GET
H2 200 cookieconsent.min.js Show response
reconshell.com/ezoic/ 4 KB
2 KB 47ms
46ms Script
application/javascript 18.158.98.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reconshell.com/ezoic/cookieconsent.min.js
Requested by: Host: reconshell.com
URL: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software: Apache/2.4.39 (Ubuntu) /
Resource Hash: 10d4b728888654e0b85c706a9310b551087d3321fb8ebfff147d07b13fa73bf0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 20:24:07 GMT
content-encoding: br
last-modified: Thu, 21 Apr 2022 14:05:40 GMT
server: Apache/2.4.39 (Ubuntu)
etag: "11a4-5dd2a9adb9500-gzip"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000, public
accept-ranges: bytes
x-robots-tag: noindex
content-length: 1707
expires: Tue, 25 Apr 2023 20:24:07 GMT

GET
H2 200 logo-favicon-white.png
reconshell.com/wp-content/uploads/2021/08/ 1 KB
2 KB 466ms
463ms Image
image/png 18.158.98.109
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://reconshell.com/wp-content/uploads/2021/08/logo-favicon-white.png
Requested by: Host: reconshell.com
URL: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software: nginx / PleskLin
Resource Hash: e3c56335edee34422b6388701d70fdd8628590ce3065812f7b31ac847ac23184

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 20:24:08 GMT
content-encoding: br
x-origin-cache-control
display: staticcontent_sol
x-powered-by: PleskLin
x-ezoic-cdn: Bypass
x-middleton-display: staticcontent_sol
x-middleton-response: 200
content-length: 1512
response: 200
last-modified: Thu, 21 Apr 2022 14:05:40 GMT
server: nginx
etag: "611f9afe-5e4-gzip"
vary: Accept-Encoding, Origin,Accept-Encoding
content-type: image/png
cache-control: private, max-age=2145700

GET
H2 200 logo-6.png
reconshell.com/wp-content/uploads/2021/08/ 7 KB
7 KB 442ms
439ms Image
image/png 18.158.98.109
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://reconshell.com/wp-content/uploads/2021/08/logo-6.png
Requested by: Host: reconshell.com
URL: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software: nginx / PleskLin
Resource Hash: 934f8ad5b43c00dbead508fafad1104dd5c77ea9b8dc80d28545bbba94af703d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 20:24:08 GMT
content-encoding: br
etag: "611f9ae1-1d3b-gzip"
response: 200
last-modified: Thu, 21 Apr 2022 14:05:40 GMT
server: nginx
display: staticcontent_sol
x-powered-by: PleskLin
x-origin-cache-control
x-ezoic-cdn: Bypass
content-type: image/png
x-middleton-display: staticcontent_sol
cache-control: private, max-age=2145703
x-middleton-response: 200
vary: Accept-Encoding, Origin,Accept-Encoding

GET
H2 200 windows-0day-exploit.png
reconshell.com/wp-content/uploads/2022/04/ 62 KB
62 KB 703ms
700ms Image
image/png 18.158.98.109
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://reconshell.com/wp-content/uploads/2022/04/windows-0day-exploit.png
Requested by: Host: reconshell.com
URL: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software: nginx / PleskLin
Resource Hash: 4a41b86e3cd98cae95d895fb66339d2c97765588bd7d29eb77311822e8ab0e58

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 20:24:08 GMT
content-encoding: br
etag: "625f8ea5-f8ae-gzip"
response: 200
last-modified: Thu, 21 Apr 2022 14:05:40 GMT
server: nginx
display: staticcontent_sol
x-powered-by: PleskLin
x-origin-cache-control
x-ezoic-cdn: Bypass
content-type: image/png
x-middleton-display: staticcontent_sol
cache-control: private, max-age=48864
x-middleton-response: 200
vary: Accept-Encoding, Origin,Accept-Encoding

GET
H2 200 f4af3542f8fae0c95aaefac08a973081
secure.gravatar.com/avatar/ 1 KB
1 KB 77ms
21ms Image
image/jpeg 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.gravatar.com/avatar/f4af3542f8fae0c95aaefac08a973081?s=60&d=mm&r=g
Requested by: Host: reconshell.com
URL: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 5cbf31f01d7d1ce4853bcd6cc64dbfd103d412ec14d8bcc4ebca3b35dc3f3b74

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 25 Apr 2022 20:24:08 GMT
last-modified: Wed, 11 Jan 1984 08:00:00 GMT
server: nginx
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=300
content-disposition: inline; filename="f4af3542f8fae0c95aaefac08a973081.png"
accept-ranges: bytes
link: <https://www.gravatar.com/avatar/f4af3542f8fae0c95aaefac08a973081?s=60&d=mm&r=g>; rel="canonical"
content-length: 1186
expires: Mon, 25 Apr 2022 20:29:08 GMT

GET
H2 200 7zip-1024x576.jpg
reconshell.com/wp-content/uploads/2022/04/ 26 KB
7 KB 584ms
581ms Image
image/jpeg 18.158.98.109
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://reconshell.com/wp-content/uploads/2022/04/7zip-1024x576.jpg
Requested by: Host: reconshell.com
URL: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software: nginx / PleskLin
Resource Hash: c853ef21a0c6ce6434a7cd6a7677d17c2bb6d7824a191219144a8af0ff60d3a4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 20:24:08 GMT
content-encoding: br
etag: "625f8e2e-6931-gzip"
response: 200
last-modified: Thu, 21 Apr 2022 14:05:40 GMT
server: nginx
display: staticcontent_sol
x-powered-by: PleskLin
x-origin-cache-control
x-ezoic-cdn: Bypass
content-type: image/jpeg
x-middleton-display: staticcontent_sol
cache-control: private, max-age=48876
x-middleton-response: 200
vary: Accept-Encoding, Origin,Accept-Encoding

GET
H2 200 7z.png
reconshell.com/wp-content/uploads/2022/04/ 5 KB
5 KB 465ms
463ms Image
image/png 18.158.98.109
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://reconshell.com/wp-content/uploads/2022/04/7z.png
Requested by: Host: reconshell.com
URL: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software: nginx / PleskLin
Resource Hash: c388fe06aab51b439e07b30d2d83f581b8dd5eae476384d55f7356c5472b50e4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 20:24:08 GMT
content-encoding: br
etag: "625f8b52-15cd-gzip"
response: 200
last-modified: Thu, 21 Apr 2022 14:05:40 GMT
server: nginx
display: staticcontent_sol
x-powered-by: PleskLin
x-origin-cache-control
x-ezoic-cdn: Bypass
content-type: image/png
x-middleton-display: staticcontent_sol
cache-control: private, max-age=48949
x-middleton-response: 200
vary: Accept-Encoding, Origin,Accept-Encoding

GET
H2 200 7ss.png
reconshell.com/wp-content/uploads/2022/04/ 58 KB
57 KB 698ms
695ms Image
image/png 18.158.98.109
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://reconshell.com/wp-content/uploads/2022/04/7ss.png
Requested by: Host: reconshell.com
URL: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software: nginx / PleskLin
Resource Hash: ea095783d78273a9aa9bb016b3e8c7ffed36e115e93bf3bf409cebd4cec796ab

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 20:24:08 GMT
content-encoding: br
etag: "625f8b68-e68c-gzip"
response: 200
last-modified: Thu, 21 Apr 2022 14:05:40 GMT
server: nginx
display: staticcontent_sol
x-powered-by: PleskLin
x-origin-cache-control
x-ezoic-cdn: Bypass
content-type: image/png
x-middleton-display: staticcontent_sol
cache-control: private, max-age=48947
x-middleton-response: 200
vary: Accept-Encoding, Origin,Accept-Encoding

GET
H2 200 7zze.png
reconshell.com/wp-content/uploads/2022/04/ 17 KB
16 KB 570ms
568ms Image
image/png 18.158.98.109
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://reconshell.com/wp-content/uploads/2022/04/7zze.png
Requested by: Host: reconshell.com
URL: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software: nginx / PleskLin
Resource Hash: 157f489eaa248101e3b7268c3bbdc19b037c21034f76af44b3dc4caf71ac99ee

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 20:24:08 GMT
content-encoding: br
etag: "625f8b86-4488-gzip"
response: 200
last-modified: Thu, 21 Apr 2022 14:05:40 GMT
server: nginx
display: staticcontent_sol
x-powered-by: PleskLin
x-origin-cache-control
x-ezoic-cdn: Bypass
content-type: image/png
x-middleton-display: staticcontent_sol
cache-control: private, max-age=48944
x-middleton-response: 200
vary: Accept-Encoding, Origin,Accept-Encoding

GET
H2 200 imagesloaded.min.js Show response
reconshell.com/wp-includes/js/ 5 KB
2 KB 401ms
401ms Script
application/javascript 18.158.98.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reconshell.com/wp-includes/js/imagesloaded.min.js?ver=4.1.4
Requested by: Host: reconshell.com
URL: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software: nginx / PleskLin
Resource Hash: ff4bd34aa98a0214833619d3d751838db015722dfbbec15cd14dadc66cd67869

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 20:24:08 GMT
content-encoding: br
x-origin-cache-control
display: staticcontent_sol
x-powered-by: PleskLin
x-ezoic-cdn: Bypass
x-middleton-display: staticcontent_sol
x-middleton-response: 200
content-length: 1733
response: 200
last-modified: Thu, 21 Apr 2022 14:05:40 GMT
server: nginx
etag: "5ee520a7-15fd-gzip"
vary: Accept-Encoding, Origin,Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=2592000

GET
H2 200 jquery.mp.min.js Show response
reconshell.com/wp-content/plugins/pixwell-core/assets/ 20 KB
7 KB 517ms
517ms Script
application/javascript 18.158.98.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reconshell.com/wp-content/plugins/pixwell-core/assets/jquery.mp.min.js?ver=1.1.0
Requested by: Host: reconshell.com
URL: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software: nginx / PleskLin
Resource Hash: f22e1f643b9b97e06209d51252adb3d407265bf0c269d7392d318b4e1353c8fc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 20:24:08 GMT
content-encoding: br
etag: "607a5d05-4efd-gzip"
response: 200
last-modified: Thu, 21 Apr 2022 14:05:40 GMT
server: nginx
display: staticcontent_sol
x-powered-by: PleskLin
x-origin-cache-control
x-ezoic-cdn: Bypass
content-type: application/javascript
x-middleton-display: staticcontent_sol
cache-control: private, max-age=2592000
x-middleton-response: 200
vary: Accept-Encoding, Origin,Accept-Encoding

GET
H2 200 jquery.isotope.min.js Show response
reconshell.com/wp-content/plugins/pixwell-core/assets/ 34 KB
9 KB 556ms
553ms Script
application/javascript 18.158.98.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reconshell.com/wp-content/plugins/pixwell-core/assets/jquery.isotope.min.js?ver=3.0.6
Requested by: Host: reconshell.com
URL: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software: nginx / PleskLin
Resource Hash: 4f62b54a19795cb378378578ab458bc1c111ef3b9043a4143224d3ddf59fef04

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 20:24:08 GMT
content-encoding: br
etag: "607a5d05-88d7-gzip"
response: 200
last-modified: Thu, 21 Apr 2022 14:05:40 GMT
server: nginx
display: staticcontent_sol
x-powered-by: PleskLin
x-origin-cache-control
x-ezoic-cdn: Bypass
content-type: application/javascript
x-middleton-display: staticcontent_sol
cache-control: private, max-age=2592000
x-middleton-response: 200
vary: Accept-Encoding, Origin,Accept-Encoding

GET
H2 200 rbcookie.min.js Show response
reconshell.com/wp-content/plugins/pixwell-core/assets/ 4 KB
2 KB 421ms
417ms Script
application/javascript 18.158.98.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reconshell.com/wp-content/plugins/pixwell-core/assets/rbcookie.min.js?ver=1.0.3
Requested by: Host: reconshell.com
URL: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software: nginx / PleskLin
Resource Hash: 1d3d7c7d9529dd1ff829f9c0e3d1f1352d599b8ccfbd0ca1f1bbbe4a18e241e2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 20:24:08 GMT
content-encoding: br
x-origin-cache-control
display: staticcontent_sol
x-powered-by: PleskLin
x-ezoic-cdn: Bypass
x-middleton-display: staticcontent_sol
x-middleton-response: 200
content-length: 1552
response: 200
last-modified: Thu, 21 Apr 2022 14:05:40 GMT
server: nginx
etag: "607a5d05-fc2-gzip"
vary: Accept-Encoding, Origin,Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=2592000

GET
H2 200 core.js Show response
reconshell.com/wp-content/plugins/pixwell-core/assets/ 15 KB
3 KB 512ms
508ms Script
application/javascript 18.158.98.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reconshell.com/wp-content/plugins/pixwell-core/assets/core.js?ver=7.0
Requested by: Host: reconshell.com
URL: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software: nginx / PleskLin
Resource Hash: fa6a6fc48fd6aba0f0b7b890b526bd76982b94fd79eea7868eb67637da62992f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 20:24:08 GMT
content-encoding: br
x-origin-cache-control
display: staticcontent_sol
x-powered-by: PleskLin
x-ezoic-cdn: Bypass
x-middleton-display: staticcontent_sol
x-middleton-response: 200
content-length: 3042
response: 200
last-modified: Thu, 21 Apr 2022 14:05:40 GMT
server: nginx
etag: "607a5d05-3c51-gzip"
vary: Accept-Encoding, Origin,Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=2592000

GET
H2 200 regenerator-runtime.min.js Show response
reconshell.com/wp-includes/js/dist/vendor/ 6 KB
2 KB 446ms
442ms Script
application/javascript 18.158.98.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reconshell.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9
Requested by: Host: reconshell.com
URL: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software: nginx / PleskLin
Resource Hash: a3e64300797e8078baa41dbc49e2affc1d2bedd04a470f0c929ed7fac698fbcd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 20:24:08 GMT
content-encoding: br
x-origin-cache-control
display: staticcontent_sol
x-powered-by: PleskLin
x-ezoic-cdn: Bypass
x-middleton-display: staticcontent_sol
x-middleton-response: 200
content-length: 2334
response: 200
last-modified: Thu, 21 Apr 2022 14:05:40 GMT
server: nginx
etag: "621a501b-195e-gzip"
vary: Accept-Encoding, Origin,Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=502663

GET
H2 200 wp-polyfill.min.js Show response
reconshell.com/wp-includes/js/dist/vendor/ 19 KB
7 KB 561ms
557ms Script
application/javascript 18.158.98.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reconshell.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0
Requested by: Host: reconshell.com
URL: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software: nginx / PleskLin
Resource Hash: e20ddb9ed1fa044cb624f0253bb06b13c92ed9915063bd63a5806440c6b1ce7c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 20:24:08 GMT
content-encoding: br
etag: "621a501b-4b3d-gzip"
response: 200
last-modified: Thu, 21 Apr 2022 14:05:40 GMT
server: nginx
display: staticcontent_sol
x-powered-by: PleskLin
x-origin-cache-control
x-ezoic-cdn: Bypass
content-type: application/javascript
x-middleton-display: staticcontent_sol
cache-control: private, max-age=502663
x-middleton-response: 200
vary: Accept-Encoding, Origin,Accept-Encoding

GET
H2 200 index.js Show response
reconshell.com/wp-content/plugins/contact-form-7/includes/js/ 9 KB
3 KB 454ms
450ms Script
application/javascript 18.158.98.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reconshell.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.5.6
Requested by: Host: reconshell.com
URL: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software: nginx / PleskLin
Resource Hash: 679e44f9b4bbbc2ad0c4000c1413fd3a88627d83f1cba8ebdac26f81bc7edb78

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 20:24:08 GMT
content-encoding: br
x-origin-cache-control
display: staticcontent_sol
x-powered-by: PleskLin
x-ezoic-cdn: Bypass
x-middleton-display: staticcontent_sol
x-middleton-response: 200
content-length: 3056
response: 200
last-modified: Thu, 21 Apr 2022 14:05:40 GMT
server: nginx
etag: "62165ee9-25f8-gzip"
vary: Accept-Encoding, Origin,Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=528499

GET
H2 200 jquery.waypoints.min.js Show response
reconshell.com/wp-content/themes/pixwell/assets/js/ 9 KB
3 KB 485ms
481ms Script
application/javascript 18.158.98.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reconshell.com/wp-content/themes/pixwell/assets/js/jquery.waypoints.min.js?ver=3.1.1
Requested by: Host: reconshell.com
URL: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software: nginx / PleskLin
Resource Hash: 66e70ec2f6169104428ff479e397e5c515deca007d206097bda23a72b8467036

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 20:24:08 GMT
content-encoding: br
x-origin-cache-control
display: staticcontent_sol
x-powered-by: PleskLin
x-ezoic-cdn: Bypass
x-middleton-display: staticcontent_sol
x-middleton-response: 200
content-length: 2529
response: 200
last-modified: Thu, 21 Apr 2022 14:05:40 GMT
server: nginx
etag: "607a5c76-225f-gzip"
vary: Accept-Encoding, Origin,Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=2592000

GET
H2 200 owl.carousel.min.js Show response
reconshell.com/wp-content/themes/pixwell/assets/js/ 43 KB
11 KB 620ms
616ms Script
application/javascript 18.158.98.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reconshell.com/wp-content/themes/pixwell/assets/js/owl.carousel.min.js?ver=1.8.1
Requested by: Host: reconshell.com
URL: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software: nginx / PleskLin
Resource Hash: 0db80125881ba1f8798c8dccc4179650a745f6655369263e7199d6efab13c68a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 20:24:08 GMT
content-encoding: br
etag: "607a5c76-ad4e-gzip"
response: 200
last-modified: Thu, 21 Apr 2022 14:05:40 GMT
server: nginx
display: staticcontent_sol
x-powered-by: PleskLin
x-origin-cache-control
x-ezoic-cdn: Bypass
content-type: application/javascript
x-middleton-display: staticcontent_sol
cache-control: private, max-age=2592000
x-middleton-response: 200
vary: Accept-Encoding, Origin,Accept-Encoding

GET
H2 200 rbsticky.min.js Show response
reconshell.com/wp-content/themes/pixwell/assets/js/ 6 KB
1 KB 410ms
406ms Script
application/javascript 18.158.98.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reconshell.com/wp-content/themes/pixwell/assets/js/rbsticky.min.js?ver=1.0
Requested by: Host: reconshell.com
URL: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software: nginx / PleskLin
Resource Hash: 1b689ea107bff2003a22621ce7681945bc4f3da4a52bf63eb3ecb97d65b758e7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 20:24:08 GMT
content-encoding: br
x-origin-cache-control
display: staticcontent_sol
x-powered-by: PleskLin
x-ezoic-cdn: Bypass
x-middleton-display: staticcontent_sol
x-middleton-response: 200
content-length: 1446
response: 200
last-modified: Thu, 21 Apr 2022 14:05:40 GMT
server: nginx
etag: "607a5c76-18e6-gzip"
vary: Accept-Encoding, Origin,Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=2592000

GET
H2 200 jquery.tipsy.min.js Show response
reconshell.com/wp-content/themes/pixwell/assets/js/ 4 KB
2 KB 457ms
453ms Script
application/javascript 18.158.98.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reconshell.com/wp-content/themes/pixwell/assets/js/jquery.tipsy.min.js?ver=1.0
Requested by: Host: reconshell.com
URL: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software: nginx / PleskLin
Resource Hash: 2c74749a433528af31be3ae74183a8a942e421f1229197da67268b20a5d09cec

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 20:24:08 GMT
content-encoding: br
x-origin-cache-control
display: staticcontent_sol
x-powered-by: PleskLin
x-ezoic-cdn: Bypass
x-middleton-display: staticcontent_sol
x-middleton-response: 200
content-length: 1520
response: 200
last-modified: Thu, 21 Apr 2022 14:05:40 GMT
server: nginx
etag: "607a5c76-1128-gzip"
vary: Accept-Encoding, Origin,Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=2592000

GET
H2 200 jquery.ui.totop.min.js Show response
reconshell.com/wp-content/themes/pixwell/assets/js/ 5 KB
1 KB 455ms
451ms Script
application/javascript 18.158.98.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reconshell.com/wp-content/themes/pixwell/assets/js/jquery.ui.totop.min.js?ver=v1.2
Requested by: Host: reconshell.com
URL: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software: nginx / PleskLin
Resource Hash: df4f4f0c20c55fa9b59c139af518439f9a951939bb7c6fb1d365898165a57474

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 20:24:08 GMT
content-encoding: br
x-origin-cache-control
display: staticcontent_sol
x-powered-by: PleskLin
x-ezoic-cdn: Bypass
x-middleton-display: staticcontent_sol
x-middleton-response: 200
content-length: 1373
response: 200
last-modified: Thu, 21 Apr 2022 14:05:40 GMT
server: nginx
etag: "607a5c76-126d-gzip"
vary: Accept-Encoding, Origin,Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=2592000

GET
H2 200 global.js Show response
reconshell.com/wp-content/themes/pixwell/assets/js/ 75 KB
11 KB 720ms
716ms Script
application/javascript 18.158.98.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reconshell.com/wp-content/themes/pixwell/assets/js/global.js?ver=7.0
Requested by: Host: reconshell.com
URL: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software: nginx / PleskLin
Resource Hash: b6950a1c217863ef667ef71bb299f0b865b34eccfb60d42db4b8dfbd9e3a553f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 20:24:08 GMT
content-encoding: br
etag: "607a5c76-12bba-gzip"
response: 200
last-modified: Thu, 21 Apr 2022 14:05:40 GMT
server: nginx
display: staticcontent_sol
x-powered-by: PleskLin
x-origin-cache-control
x-ezoic-cdn: Bypass
content-type: application/javascript
x-middleton-display: staticcontent_sol
cache-control: private, max-age=2592000
x-middleton-response: 200
vary: Accept-Encoding, Origin,Accept-Encoding

GET
H2 200 comment-reply.min.js Show response
reconshell.com/wp-includes/js/ 3 KB
1 KB 476ms
473ms Script
application/javascript 18.158.98.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reconshell.com/wp-includes/js/comment-reply.min.js?ver=5.9.3
Requested by: Host: reconshell.com
URL: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software: nginx / PleskLin
Resource Hash: a10b9570a1c7858442b42f1cd48b69a191638269f37e4046607bf5fe188e38bf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 20:24:08 GMT
content-encoding: br
x-origin-cache-control
display: staticcontent_sol
x-powered-by: PleskLin
x-ezoic-cdn: Bypass
x-middleton-display: staticcontent_sol
x-middleton-response: 200
content-length: 1223
response: 200
last-modified: Thu, 21 Apr 2022 14:05:40 GMT
server: nginx
etag: "621a501b-ba3-gzip"
vary: Accept-Encoding, Origin,Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=502663

GET
H2 200 cmbv2.js Show response
reconshell.com/detroitchicago/ 58 KB
17 KB 53ms
50ms Script
application/javascript 18.158.98.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reconshell.com/detroitchicago/cmbv2.js?gcb=195-0&cb=04-1y02-5y06-12y07-1y0b-5y0d-14y13-3y17-4y1f-5y21-3y2d-2y36-23y55-1y59-21&cmbcb=48&sj=x04x02x06x07x0bx0dx13x17x1fx21x2dx36x55x59
Requested by: Host: reconshell.com
URL: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software: Apache/2.4.39 (Ubuntu) /
Resource Hash: ac0ee9d72c7115e1a64f4200ab4cb32c3edcd7270a3026f8362063aeff365529

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 20:24:08 GMT
content-encoding: br
server: Apache/2.4.39 (Ubuntu)
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
x-middleton-display: sol-js
cache-control: max-age=31536000, public
x-robots-tag: noindex

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v28/ 44 KB
44 KB 103ms
48ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v28/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans%3A300%2C400%2C600%2C700%2C800%2C300italic%2C400italic%2C600italic%2C700italic%2C800italic%7CTitillium+Web%3A600%2C700&font-display=swap&ver=1641491597

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

88915cdc03fc5b9a20aec966fe93ee38aa3fd76bfef296e41d305271b3541c96

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://reconshell.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:45:30 GMT
x-content-type-options: nosniff
age: 509918
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44656
x-xss-protection: 0
last-modified: Tue, 01 Mar 2022 22:03:03 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 19 Apr 2023 22:45:30 GMT

GET
H2 200 ruby-icon.woff
reconshell.com/wp-content/themes/pixwell/assets/fonts/ 70 KB
40 KB 713ms
712ms Font
application/font-woff 18.158.98.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reconshell.com/wp-content/themes/pixwell/assets/fonts/ruby-icon.woff
Requested by: Host: reconshell.com
URL: https://reconshell.com/wp-content/themes/pixwell/assets/css/main.css?ver=7.0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software: nginx / PleskLin
Resource Hash: 3e760a4564987aa0c693e3bbc09992ac2483dc6a8624beb1a2b08b9b8718df49

Request headers

Referer: https://reconshell.com/wp-content/themes/pixwell/assets/css/main.css?ver=7.0
Origin: https://reconshell.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 20:24:08 GMT
content-encoding: br
etag: "607a5c76-11648-gzip"
display: staticcontent_sol
x-powered-by: PleskLin
x-ezoic-cdn: Bypass
x-middleton-display: staticcontent_sol
x-middleton-response: 200
vary: Accept-Encoding, Origin,Accept-Encoding
response: 200
last-modified: Thu, 21 Apr 2022 14:05:40 GMT
server: nginx
x-origin-cache-control
access-control-max-age: 1728000
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/font-woff
access-control-allow-origin: https://reconshell.com
cache-control: private, max-age=2592000

GET
H2 200 NaPDcZTIAOhVxoMyOr9n_E7ffBzCGItzYw.woff2
fonts.gstatic.com/s/titilliumweb/v14/ 12 KB
12 KB 127ms
73ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/titilliumweb/v14/NaPDcZTIAOhVxoMyOr9n_E7ffBzCGItzYw.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dd870101ad4e95d687a2eb734707b0dd7c20808f76d7be77a71a5d13cf99401c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://reconshell.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Wed, 20 Apr 2022 19:49:39 GMT
x-content-type-options: nosniff
age: 434069
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12136
x-xss-protection: 0
last-modified: Wed, 26 Jan 2022 18:57:43 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 20 Apr 2023 19:49:39 GMT

GET
H2 200 NaPDcZTIAOhVxoMyOr9n_E7ffHjDGItzYw.woff2
fonts.gstatic.com/s/titilliumweb/v14/ 12 KB
12 KB 118ms
65ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/titilliumweb/v14/NaPDcZTIAOhVxoMyOr9n_E7ffHjDGItzYw.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d5c1172f24f4f49f780c65cf5be897527fd08f3662a2ba8db0cfe0057d92e367

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://reconshell.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Wed, 20 Apr 2022 19:47:24 GMT
x-content-type-options: nosniff
age: 434204
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11796
x-xss-protection: 0
last-modified: Wed, 26 Jan 2022 18:57:44 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 20 Apr 2023 19:47:24 GMT

GET
H/1.1 200
OK 1946581 Show response
ad.a-ads.com/ Frame BE65 6 KB
2 KB 108ms
35ms Document
text/html 148.251.1.246
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.a-ads.com/1946581?size=728x90

Requested by

Host: reconshell.com
URL: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

148.251.1.246 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.246.1.251.148.clients.your-server.de

Software

nginx / Phusion Passenger(R)

Resource Hash

d0218a3869f9c44deeb832939feff8fa980a22a94ba45bb0592b39a955ebdd91

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reconshell.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html;charset=utf-8
Date: Mon, 25 Apr 2022 20:24:08 GMT
Server: nginx
Status: 200 OK
Transfer-Encoding: chunked
Vary: Accept-Encoding Accept-Encoding
X-Content-Type-Options: nosniff
X-Original-Referer: https://reconshell.com/
X-Powered-By: Phusion Passenger(R)
X-XSS-Protection: 1; mode=block

GET
H2 200 NaPDcZTIAOhVxoMyOr9n_E7ffHjDGIVzY4SY.woff2
fonts.gstatic.com/s/titilliumweb/v14/ 7 KB
7 KB 86ms
71ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/titilliumweb/v14/NaPDcZTIAOhVxoMyOr9n_E7ffHjDGIVzY4SY.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8f8ebc7e5d94244c2499c5f4c10c4d28639ce2d6126e52de3e9842ce64977391

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://reconshell.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Wed, 20 Apr 2022 19:47:48 GMT
x-content-type-options: nosniff
age: 434180
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6660
x-xss-protection: 0
last-modified: Wed, 26 Jan 2022 18:57:47 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 20 Apr 2023 19:47:48 GMT

GET
H/1.1 200
OK 1949226 Show response
ad.a-ads.com/ Frame 35E8 6 KB
2 KB 99ms
36ms Document
text/html 148.251.1.246
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.a-ads.com/1949226?size=728x90

Requested by

Host: reconshell.com
URL: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

148.251.1.246 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.246.1.251.148.clients.your-server.de

Software

nginx / Phusion Passenger(R)

Resource Hash

cb4dc58b3eacddc6020adda14ed51dffdffca057c4e386cacd972ebea4406460

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reconshell.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html;charset=utf-8
Date: Mon, 25 Apr 2022 20:24:08 GMT
Server: nginx
Status: 200 OK
Transfer-Encoding: chunked
Vary: Accept-Encoding Accept-Encoding
X-Content-Type-Options: nosniff
X-Original-Referer: https://reconshell.com/
X-Powered-By: Phusion Passenger(R)
X-XSS-Protection: 1; mode=block

GET
DATA 200
OK truncated
/ 715 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5a3f1dd74233f605e511f1b5b244bedf85ac88ba264caf4d6401bc7ec2017dcd

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 380 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 717f6bb5f6cc69c444f54376a72dee0ca7968b2a12e7c9475247ec85c0e75a53

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 AII-280x210.png
reconshell.com/wp-content/uploads/2022/03/ 49 KB
49 KB 613ms
611ms Image
image/png 18.158.98.109
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://reconshell.com/wp-content/uploads/2022/03/AII-280x210.png
Requested by: Host: reconshell.com
URL: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software: nginx / PleskLin
Resource Hash: 76ded50ab81767db56c3513f9c5f92d0ba1069e80b194f6cc98f15db1e0cac00

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 20:24:08 GMT
content-encoding: br
etag: "62459596-c2a2-gzip"
response: 200
last-modified: Thu, 21 Apr 2022 14:05:40 GMT
server: nginx
display: staticcontent_sol
x-powered-by: PleskLin
x-origin-cache-control
x-ezoic-cdn: Bypass
content-type: image/png
x-middleton-display: staticcontent_sol
cache-control: private, max-age=219080
x-middleton-response: 200
vary: Accept-Encoding, Origin,Accept-Encoding

GET
H2 200 datas-280x210.jpg
reconshell.com/wp-content/uploads/2022/02/ 12 KB
10 KB 449ms
441ms Image
image/jpeg 18.158.98.109
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://reconshell.com/wp-content/uploads/2022/02/datas-280x210.jpg
Requested by: Host: reconshell.com
URL: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software: nginx / PleskLin
Resource Hash: 8490212550b5728effa79ddb689dbcb770773e5baf1a7209c0feb7e5ac253cff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 20:24:08 GMT
content-encoding: br
etag: "621c708b-313b-gzip"
response: 200
last-modified: Thu, 21 Apr 2022 14:05:40 GMT
server: nginx
display: staticcontent_sol
x-powered-by: PleskLin
x-origin-cache-control
x-ezoic-cdn: Bypass
content-type: image/jpeg
x-middleton-display: staticcontent_sol
cache-control: private, max-age=488726
x-middleton-response: 200
vary: Accept-Encoding, Origin,Accept-Encoding

GET
H2 200 Data-Science-blogs-280x210.jpg
reconshell.com/wp-content/uploads/2022/02/ 13 KB
13 KB 514ms
505ms Image
image/jpeg 18.158.98.109
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://reconshell.com/wp-content/uploads/2022/02/Data-Science-blogs-280x210.jpg
Requested by: Host: reconshell.com
URL: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software: nginx / PleskLin
Resource Hash: 19a698e437b8159d8b20718ea1166b8dcbdf25f799696e2b6611add29122bbf5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 20:24:08 GMT
content-encoding: br
etag: "62052293-3405-gzip"
response: 200
last-modified: Thu, 21 Apr 2022 14:05:40 GMT
server: nginx
display: staticcontent_sol
x-powered-by: PleskLin
x-origin-cache-control
x-ezoic-cdn: Bypass
content-type: image/jpeg
x-middleton-display: staticcontent_sol
cache-control: private, max-age=641455
x-middleton-response: 200
vary: Accept-Encoding, Origin,Accept-Encoding

GET
H2 200 dataSa-280x210.jpg
reconshell.com/wp-content/uploads/2022/01/ 7 KB
7 KB 404ms
394ms Image
image/jpeg 18.158.98.109
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://reconshell.com/wp-content/uploads/2022/01/dataSa-280x210.jpg
Requested by: Host: reconshell.com
URL: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software: nginx / PleskLin
Resource Hash: f6d7098cc23ce7d2fc22ab1a444d34a6d6120ed5b91ae39b17f19b8af0b16f5b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 20:24:08 GMT
content-encoding: br
etag: "61e01602-1ca6-gzip"
response: 200
last-modified: Thu, 21 Apr 2022 14:05:40 GMT
server: nginx
display: staticcontent_sol
x-powered-by: PleskLin
x-origin-cache-control
x-ezoic-cdn: Bypass
content-type: image/jpeg
x-middleton-display: staticcontent_sol
cache-control: private, max-age=884259
x-middleton-response: 200
vary: Accept-Encoding, Origin,Accept-Encoding

GET
H2 200 rexp1-280x210.png
reconshell.com/wp-content/uploads/2022/04/ 39 KB
39 KB 536ms
527ms Image
image/png 18.158.98.109
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://reconshell.com/wp-content/uploads/2022/04/rexp1-280x210.png
Requested by: Host: reconshell.com
URL: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software: nginx / PleskLin
Resource Hash: 65e7559bedd297bf28a3802e3c21b3fc68b127a24e42c1f0d53731ad04256999

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 20:24:08 GMT
content-encoding: br
etag: "6265270c-9a49-gzip"
response: 200
last-modified: Sun, 24 Apr 2022 10:31:40 GMT
server: nginx
display: staticcontent_sol
x-powered-by: PleskLin
x-origin-cache-control
x-ezoic-cdn: Bypass
content-type: image/png
x-middleton-display: staticcontent_sol
cache-control: private, max-age=12194
x-middleton-response: 200
vary: Accept-Encoding, Origin,Accept-Encoding

GET
H2 200 hry38-280x210.jpg
reconshell.com/wp-content/uploads/2022/04/ 19 KB
17 KB 595ms
586ms Image
image/jpeg 18.158.98.109
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://reconshell.com/wp-content/uploads/2022/04/hry38-280x210.jpg
Requested by: Host: reconshell.com
URL: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software: nginx / PleskLin
Resource Hash: d808df0573355b539b7fe9b474e3a1970a2f445a7badfc35fed6e4c445f1eed3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 20:24:08 GMT
content-encoding: br
etag: "6264a725-4af9-gzip"
response: 200
last-modified: Sun, 24 Apr 2022 01:25:57 GMT
server: nginx
display: staticcontent_sol
x-powered-by: PleskLin
x-origin-cache-control
x-ezoic-cdn: Bypass
content-type: image/jpeg
x-middleton-display: staticcontent_sol
cache-control: private, max-age=15469
x-middleton-response: 200
vary: Accept-Encoding, Origin,Accept-Encoding

GET
H2 200 Cell-phone-hacker-280x210.jpg
reconshell.com/wp-content/uploads/2022/04/ 17 KB
17 KB 569ms
558ms Image
image/jpeg 18.158.98.109
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://reconshell.com/wp-content/uploads/2022/04/Cell-phone-hacker-280x210.jpg
Requested by: Host: reconshell.com
URL: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software: nginx / PleskLin
Resource Hash: 7f5cbf8bf2aea544a7292c1499abc2f9d24ec5833c623432c70fbbff83869f2a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 20:24:08 GMT
content-encoding: br
etag: "6263e2e1-45ac-gzip"
response: 200
last-modified: Sat, 23 Apr 2022 11:28:33 GMT
server: nginx
display: staticcontent_sol
x-powered-by: PleskLin
x-origin-cache-control
x-ezoic-cdn: Bypass
content-type: image/jpeg
x-middleton-display: staticcontent_sol
cache-control: private, max-age=20493
x-middleton-response: 200
vary: Accept-Encoding, Origin,Accept-Encoding

GET
H2 200 cyber-attack-280x210.jpg
reconshell.com/wp-content/uploads/2022/04/ 15 KB
15 KB 542ms
531ms Image
image/jpeg 18.158.98.109
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://reconshell.com/wp-content/uploads/2022/04/cyber-attack-280x210.jpg
Requested by: Host: reconshell.com
URL: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software: nginx / PleskLin
Resource Hash: 857cef0730b71a96c4d709e3746f4c9b89257e0d52c2b7173c27320ca21ae431

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 20:24:08 GMT
content-encoding: br
etag: "626246c0-3b67-gzip"
response: 200
last-modified: Fri, 22 Apr 2022 06:10:08 GMT
server: nginx
display: staticcontent_sol
x-powered-by: PleskLin
x-origin-cache-control
x-ezoic-cdn: Bypass
content-type: image/jpeg
x-middleton-display: staticcontent_sol
cache-control: private, max-age=31044
x-middleton-response: 200
vary: Accept-Encoding, Origin,Accept-Encoding

GET
H2 200 K3S-280x210.jpg
reconshell.com/wp-content/uploads/2022/04/ 18 KB
18 KB 540ms
530ms Image
image/jpeg 18.158.98.109
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://reconshell.com/wp-content/uploads/2022/04/K3S-280x210.jpg
Requested by: Host: reconshell.com
URL: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software: nginx / PleskLin
Resource Hash: eb137fe4995fe18086e573e4bb2a6f6df4aa97a1ea1d4bd6c1e6b0870661bfea

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 20:24:08 GMT
content-encoding: br
etag: "6256b923-46d8-gzip"
response: 200
last-modified: Thu, 21 Apr 2022 14:05:40 GMT
server: nginx
display: staticcontent_sol
x-powered-by: PleskLin
x-origin-cache-control
x-ezoic-cdn: Bypass
content-type: image/jpeg
x-middleton-display: staticcontent_sol
cache-control: private, max-age=106759
x-middleton-response: 200
vary: Accept-Encoding, Origin,Accept-Encoding

GET
H2 200 lin-280x210.png
reconshell.com/wp-content/uploads/2022/04/ 4 KB
4 KB 427ms
417ms Image
image/png 18.158.98.109
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://reconshell.com/wp-content/uploads/2022/04/lin-280x210.png
Requested by: Host: reconshell.com
URL: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software: nginx / PleskLin
Resource Hash: cae6c83f8af5a66d333d4add8e5e5af0e7f0b5197bd71aad6accf381725055f8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 20:24:08 GMT
content-encoding: br
etag: "62502ee6-11d0-gzip"
response: 200
last-modified: Thu, 21 Apr 2022 14:05:40 GMT
server: nginx
display: staticcontent_sol
x-powered-by: PleskLin
x-origin-cache-control
x-ezoic-cdn: Bypass
content-type: image/png
x-middleton-display: staticcontent_sol
cache-control: private, max-age=149619
x-middleton-response: 200
vary: Accept-Encoding, Origin,Accept-Encoding

GET
H2 200 DevSecOps-280x210.jpg
reconshell.com/wp-content/uploads/2022/03/ 6 KB
6 KB 408ms
399ms Image
image/jpeg 18.158.98.109
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://reconshell.com/wp-content/uploads/2022/03/DevSecOps-280x210.jpg
Requested by: Host: reconshell.com
URL: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software: nginx / PleskLin
Resource Hash: a8f513050a95d1151232673a979f9efa3488898eb29a4bf86f109df6a8032cda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 20:24:08 GMT
content-encoding: br
etag: "62321af8-1956-gzip"
response: 200
last-modified: Thu, 21 Apr 2022 14:05:40 GMT
server: nginx
display: staticcontent_sol
x-powered-by: PleskLin
x-origin-cache-control
x-ezoic-cdn: Bypass
content-type: image/jpeg
x-middleton-display: staticcontent_sol
cache-control: private, max-age=346737
x-middleton-response: 200
vary: Accept-Encoding, Origin,Accept-Encoding

GET
H2 200 Linux-System-Administrator-280x210.jpg
reconshell.com/wp-content/uploads/2022/03/ 18 KB
18 KB 595ms
585ms Image
image/jpeg 18.158.98.109
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://reconshell.com/wp-content/uploads/2022/03/Linux-System-Administrator-280x210.jpg
Requested by: Host: reconshell.com
URL: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software: nginx / PleskLin
Resource Hash: a193e4ba678007362732ecd297c2631f4f976265db4342dd40b321d306bf1d41

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 20:24:08 GMT
content-encoding: br
etag: "622dd5e5-48b3-gzip"
response: 200
last-modified: Thu, 21 Apr 2022 14:05:40 GMT
server: nginx
display: staticcontent_sol
x-powered-by: PleskLin
x-origin-cache-control
x-ezoic-cdn: Bypass
content-type: image/jpeg
x-middleton-display: staticcontent_sol
cache-control: private, max-age=374720
x-middleton-response: 200
vary: Accept-Encoding, Origin,Accept-Encoding

GET
H2 200 dfirbg-280x210.png
reconshell.com/wp-content/uploads/2022/04/ 29 KB
28 KB 531ms
522ms Image
image/png 18.158.98.109
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://reconshell.com/wp-content/uploads/2022/04/dfirbg-280x210.png
Requested by: Host: reconshell.com
URL: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software: nginx / PleskLin
Resource Hash: 5c149d9130b9ec651cea3a55d5b9648f7de28feb21f8e4192bede97facd35ec4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 20:24:08 GMT
content-encoding: br
etag: "6246f263-722f-gzip"
response: 200
last-modified: Thu, 21 Apr 2022 14:05:40 GMT
server: nginx
display: staticcontent_sol
x-powered-by: PleskLin
x-origin-cache-control
x-ezoic-cdn: Bypass
content-type: image/png
x-middleton-display: staticcontent_sol
cache-control: private, max-age=210151
x-middleton-response: 200
vary: Accept-Encoding, Origin,Accept-Encoding

GET
H2 200 USB-280x210.jpg
reconshell.com/wp-content/uploads/2022/03/ 8 KB
8 KB 478ms
470ms Image
image/jpeg 18.158.98.109
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://reconshell.com/wp-content/uploads/2022/03/USB-280x210.jpg
Requested by: Host: reconshell.com
URL: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software: nginx / PleskLin
Resource Hash: f38bc1cb57e20f2cc607331f3fa7d66ee19d04351ff24878f1f744bc3a9fa4aa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 20:24:08 GMT
content-encoding: br
etag: "6241ce96-20cf-gzip"
response: 200
last-modified: Thu, 21 Apr 2022 14:05:40 GMT
server: nginx
display: staticcontent_sol
x-powered-by: PleskLin
x-origin-cache-control
x-ezoic-cdn: Bypass
content-type: image/jpeg
x-middleton-display: staticcontent_sol
cache-control: private, max-age=243835
x-middleton-response: 200
vary: Accept-Encoding, Origin,Accept-Encoding

GET
H2 200 cyber-vs-forensics-280x210.jpg
reconshell.com/wp-content/uploads/2022/02/ 8 KB
8 KB 502ms
495ms Image
image/jpeg 18.158.98.109
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://reconshell.com/wp-content/uploads/2022/02/cyber-vs-forensics-280x210.jpg
Requested by: Host: reconshell.com
URL: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software: nginx / PleskLin
Resource Hash: e7fd169c147e09ce0f525b6f460e78f7cc4e146d137ad29a45e984e149c15c9b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 20:24:08 GMT
content-encoding: br
etag: "62074f9a-1ec4-gzip"
response: 200
last-modified: Thu, 21 Apr 2022 14:05:40 GMT
server: nginx
display: staticcontent_sol
x-powered-by: PleskLin
x-origin-cache-control
x-ezoic-cdn: Bypass
content-type: image/jpeg
x-middleton-display: staticcontent_sol
cache-control: private, max-age=627195
x-middleton-response: 200
vary: Accept-Encoding, Origin,Accept-Encoding

GET
H2 200 digital-cyber-hacker-280x210.jpg
reconshell.com/wp-content/uploads/2022/01/ 14 KB
14 KB 536ms
530ms Image
image/jpeg 18.158.98.109
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://reconshell.com/wp-content/uploads/2022/01/digital-cyber-hacker-280x210.jpg
Requested by: Host: reconshell.com
URL: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software: nginx / PleskLin
Resource Hash: 3c4aae878744bbd508c37872977d41f19257df4143d24568cd18768d79f830e8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 20:24:08 GMT
content-encoding: br
etag: "61e7e348-3793-gzip"
response: 200
last-modified: Thu, 21 Apr 2022 14:05:40 GMT
server: nginx
display: staticcontent_sol
x-powered-by: PleskLin
x-origin-cache-control
x-ezoic-cdn: Bypass
content-type: image/jpeg
x-middleton-display: staticcontent_sol
cache-control: private, max-age=833129
x-middleton-response: 200
vary: Accept-Encoding, Origin,Accept-Encoding

GET
H2 200 db-280x210.jpg
reconshell.com/wp-content/uploads/2022/03/ 21 KB
11 KB 543ms
537ms Image
image/jpeg 18.158.98.109
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://reconshell.com/wp-content/uploads/2022/03/db-280x210.jpg
Requested by: Host: reconshell.com
URL: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software: nginx / PleskLin
Resource Hash: ebbd142be52020554c4152d3afe6b96f9abafc3818cf6d1c0e92ed1953eaf419

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 20:24:08 GMT
content-encoding: br
etag: "62431cf9-555d-gzip"
response: 200
last-modified: Thu, 21 Apr 2022 14:05:40 GMT
server: nginx
display: staticcontent_sol
x-powered-by: PleskLin
x-origin-cache-control
x-ezoic-cdn: Bypass
content-type: image/jpeg
x-middleton-display: staticcontent_sol
cache-control: private, max-age=235275
x-middleton-response: 200
vary: Accept-Encoding, Origin,Accept-Encoding

GET
H2 200 sync-280x210.png
reconshell.com/wp-content/uploads/2022/02/ 29 KB
29 KB 544ms
539ms Image
image/png 18.158.98.109
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://reconshell.com/wp-content/uploads/2022/02/sync-280x210.png
Requested by: Host: reconshell.com
URL: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software: nginx / PleskLin
Resource Hash: 085cdc1f2df7c4187173a9935541255451bdb74f151cce5cf3efdb890485b8d1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 20:24:08 GMT
content-encoding: br
etag: "620f8dcd-74b5-gzip"
response: 200
last-modified: Thu, 21 Apr 2022 14:05:40 GMT
server: nginx
display: staticcontent_sol
x-powered-by: PleskLin
x-origin-cache-control
x-ezoic-cdn: Bypass
content-type: image/png
x-middleton-display: staticcontent_sol
cache-control: private, max-age=573174
x-middleton-response: 200
vary: Accept-Encoding, Origin,Accept-Encoding

GET
H2 200 features_of_sql_server-280x210.png
reconshell.com/wp-content/uploads/2022/01/ 21 KB
20 KB 513ms
508ms Image
image/png 18.158.98.109
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://reconshell.com/wp-content/uploads/2022/01/features_of_sql_server-280x210.png
Requested by: Host: reconshell.com
URL: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software: nginx / PleskLin
Resource Hash: 085408db92dd613f93e500d19078baa9d574a60c2498d0d00cd7cb969431f165

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 20:24:08 GMT
content-encoding: br
etag: "61ed3073-5264-gzip"
response: 200
last-modified: Thu, 21 Apr 2022 14:05:40 GMT
server: nginx
display: staticcontent_sol
x-powered-by: PleskLin
x-origin-cache-control
x-ezoic-cdn: Bypass
content-type: image/png
x-middleton-display: staticcontent_sol
cache-control: private, max-age=798386
x-middleton-response: 200
vary: Accept-Encoding, Origin,Accept-Encoding

GET
H2 200 sql-server-280x210.png
reconshell.com/wp-content/uploads/2022/01/ 36 KB
36 KB 568ms
564ms Image
image/png 18.158.98.109
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://reconshell.com/wp-content/uploads/2022/01/sql-server-280x210.png
Requested by: Host: reconshell.com
URL: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software: nginx / PleskLin
Resource Hash: 4bdb0b865fb578e2da7756812af59729ef9585d53ffb640ec61047834a43d16a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 20:24:08 GMT
content-encoding: br
etag: "61d0342e-8ffe-gzip"
response: 200
last-modified: Thu, 21 Apr 2022 14:05:40 GMT
server: nginx
display: staticcontent_sol
x-powered-by: PleskLin
x-origin-cache-control
x-ezoic-cdn: Bypass
content-type: image/png
x-middleton-display: staticcontent_sol
cache-control: private, max-age=988345
x-middleton-response: 200
vary: Accept-Encoding, Origin,Accept-Encoding

GET
H2 200 mys-280x210.png
reconshell.com/wp-content/uploads/2021/12/ 10 KB
10 KB 396ms
392ms Image
image/png 18.158.98.109
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://reconshell.com/wp-content/uploads/2021/12/mys-280x210.png
Requested by: Host: reconshell.com
URL: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software: nginx / PleskLin
Resource Hash: 9d84d7f58ab322c3998440d26ea49679d613ddf54be53425fdb85c19a7869a82

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 20:24:08 GMT
content-encoding: br
etag: "61c3561d-2940-gzip"
response: 200
last-modified: Thu, 21 Apr 2022 14:05:40 GMT
server: nginx
display: staticcontent_sol
x-powered-by: PleskLin
x-origin-cache-control
x-ezoic-cdn: Bypass
content-type: image/png
x-middleton-display: staticcontent_sol
cache-control: private, max-age=1072673
x-middleton-response: 200
vary: Accept-Encoding, Origin,Accept-Encoding

GET
H2 200 pubads_impl_2022042101.js Show response
securepubads.g.doubleclick.net/gpt/ 362 KB
123 KB 30ms
28ms Script
text/javascript 142.251.37.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022042101.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.37.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

prg03s13-in-f2.1e100.net

Software

sffe /

Resource Hash

baa7346a51ac22b01b0f63ef8be8a7b0946a67fbe68ccf2c8a783a769bad8870

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 19:32:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3112
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 126124
x-xss-protection: 0
last-modified: Thu, 21 Apr 2022 08:41:17 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 25 Apr 2023 19:32:16 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 96 B
109 B 103ms
44ms XHR
application/json 142.251.37.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=reconshell.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.37.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

prg03s13-in-f2.1e100.net

Software

cafe /

Resource Hash

6bdeca446f4587e4072046d6f6982d99c5d60f2288932d7e47ebd440071cc856

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 25 Apr 2022 20:24:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 84
x-xss-protection: 0
expires: Mon, 25 Apr 2022 20:24:08 GMT

GET
H2 206 163654035-d40ca72a-7dbc-425f-ade2-3820cfababb2.mp4
user-images.githubusercontent.com/33525376/ 223 KB
0 137ms
41ms Media
video/mp4 2606:50c0:8002::154
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://user-images.githubusercontent.com/33525376/163654035-d40ca72a-7dbc-425f-ade2-3820cfababb2.mp4

Requested by

Host: reconshell.com
URL: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:50c0:8002::154 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

GitHub Cloud /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; sandbox;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://reconshell.com/
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Range: bytes=0-

Response headers

x-fastly-request-id: cad052cf43d5fe1b730582da3c888e40bc9f2b65
date: Mon, 25 Apr 2022 20:24:08 GMT
via: 1.1 varnish
x-content-type-options: nosniff
age: 839227
x-cache: HIT
Content-Range: bytes 0-912683/912684
Content-Length: 912684
x-served-by: cache-ams21046-AMS
last-modified: Sat, 16 Apr 2022 00:10:31 GMT
server: GitHub Cloud
x-timer: S1650918249.689140,VS0,VE0
etag: "c489bcdef63a958f73b125f2213e7a34"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: video/mp4
cache-control: max-age=2592000
content-security-policy: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; sandbox;
accept-ranges: bytes
timing-allow-origin: https://github.com
x-cache-hits: 0

GET
DATA 200
OK truncated
/ 547 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: eb14baeac955bb11e33cd7fd3fd2f698cf20db1b450325f45ea843b6cdc82366

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 552 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 62f3f809487194fcc55a3ebd88811a604ae496027bb425d4ebd15d9ae1921945

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 177 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d692a67352a3dfa80010c86a62761cfff05c0b1086618106a8576cc45a6a8115

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 351 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 145287b36883dd3061ca7aa9229a8fa9ace2cccd50e0382b4b6201f3916b57c5

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 242 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1f4513a435d6a3047d20a50c1e7d4263de42146c74be227f774b5e82e6357e75

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2
fonts.gstatic.com/s/opensans/v28/ 47 KB
47 KB 30ms
30ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v28/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f57a038a716263766ff4d7f7d8a6ea13b22701ae6fc91e8b1b52fd8784844d23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://reconshell.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:46:00 GMT
x-content-type-options: nosniff
age: 509888
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47836
x-xss-protection: 0
last-modified: Tue, 01 Mar 2022 22:01:28 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 19 Apr 2023 22:46:00 GMT

GET
H2 200 ezoic.png
go.ezoic.net/utilcave_com/img/ 1 KB
2 KB 77ms
25ms Image
image/png 2600:9000:214f:ec00:2:cb38:840:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://go.ezoic.net/utilcave_com/img/ezoic.png
Requested by: Host: reconshell.com
URL: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:ec00:2:cb38:840:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: e1a156c3daa4ae0c41f21ef266131ca5a34d56695e3d860b232da142ef031234

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 07:27:28 GMT
via: 1.1 80d90c7955dda88e3912960ead8e99d6.cloudfront.net (CloudFront)
x-sol: middleton
age: 46600
x-cache: Hit from cloudfront
x-middleton-display: staticcontent_sol
content-length: 1181
x-amz-cf-id: LG6wM6XopoS_KbhXFIfyX8cTc4mAv1JZ9Vg5y10sTcPtuk7RfsAM4Q==
last-modified: Thu, 14 Apr 2022 18:12:37 GMT
server: nginx
etag: "49d-5d9576f862e00-gzip-gzip"
vary: Accept-Encoding,Accept-Encoding
content-type: image/png
cache-control: max-age=604800
x-amz-cf-pop: FRA53-C1
display: staticcontent_sol
expires: Mon, 02 May 2022 07:27:28 GMT

GET
H2 200 imp.gif Show response
reconshell.com/detroitchicago/ 43 B
180 B 33ms
33ms XHR
image/gif 18.158.98.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reconshell.com/detroitchicago/imp.gif?e=%7B%22ad_cache_level%22%3A1%2C%22ad_count_adjustment%22%3A2%2C%22ad_lazyload_version%22%3A-1%2C%22ad_load_version%22%3A1%2C%22ad_location_ids%22%3A%225%2C34%2C1%2C0%2C22%2C21%2C3%2C700%2C37%2C35%2C30%2C4%2C95%22%2C%22ad_transform_level%22%3A0%2C%22adx_ad_count%22%3A12%2C%22bidder_method%22%3A1%2C%22bidder_version%22%3A3%2C%22city%22%3A%22%22%2C%22country%22%3A%22DE%22%2C%22days_since_last_visit%22%3A-1%2C%22display_ad_count%22%3A11%2C%22domain_id%22%3A302486%2C%22ds_adsize_opt_id%22%3A-1%2C%22engaged_time_visit%22%3A0%2C%22ezcache_level%22%3A0%2C%22ezcache_skip_code%22%3A0%2C%22form_factor_id%22%3A1%2C%22framework_id%22%3A1%2C%22has_bad_image%22%3A0%2C%22has_bad_words%22%3A0%2C%22iab_category%22%3A%22%22%2C%22is_from_recommended_pages%22%3Afalse%2C%22is_return_visitor%22%3Afalse%2C%22is_sitespeed%22%3A0%2C%22last_page_load%22%3A%22%22%2C%22last_pageview_id%22%3A%22%22%2C%22lt_cache_level%22%3A0%2C%22max_ads%22%3A14%2C%22metro_code%22%3A0%2C%22optimization_version%22%3A1%2C%22page_ad_positions%22%3A%221100%2C1111%2C1113%2C1119%2C1130%2C1131%2C1132%2C1133%2C1134%2C1137%2C1139%2C1140%2C1141%22%2C%22page_view_count%22%3A0%2C%22page_view_id%22%3A%2261d0797f-cc10-4bcc-61e1-ae6f11eed71b%22%2C%22position_selection_id%22%3A39%2C%22postal_code%22%3A%22%22%2C%22pv_event_count%22%3A0%2C%22response_size_orig%22%3A195046%2C%22response_time_orig%22%3A1664%2C%22serverid%22%3A%2254.93.208.146%3A24901%22%2C%22state%22%3A%22%22%2C%22sub_page_ad_positions%22%3A%221100%2C1111%2C1113%2C1119%2C1130%2C1131%2C1132%2C1133%2C1134%2C1137%2C1139%2C1140%2C1141%22%2C%22t_epoch%22%3A1650918245%2C%22template_id%22%3A134%2C%22time_on_site_visit%22%3A0%2C%22url%22%3A%22https%3A%2F%2Freconshell.com%2Fcve-2022-29072-windows-privilege-escalation%2F%22%2C%22user_id%22%3A0%2C%22weather_precipitation%22%3A0%2C%22weather_summary%22%3A%22%22%2C%22weather_temperature%22%3A0%2C%22word_count%22%3A1250%2C%22worst_bad_word_level%22%3A0%7D
Requested by: Host: reconshell.com
URL: https://reconshell.com/detroitchicago/cmbv2.js?gcb=195-0&cb=04-1y02-5y06-12y07-1y0b-5y0d-14y13-3y17-4y1f-5y21-3y2d-2y36-23y55-1y59-21&cmbcb=48&sj=x04x02x06x07x0bx0dx13x17x1fx21x2dx36x55x59
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 20:24:06 GMT
content-encoding: br
vary: Accept-Encoding, Accept-Encoding
content-type: image/gif
x-middleton-display: imp_sol
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Sun, 24 Apr 2022 20:24:06 GMT

GET
H2 200 quant.js Show response
secure.quantserve.com/ 24 KB
10 KB 83ms
29ms Script
application/javascript 2620:116:800d:21:36a9:ecb:e518:b308
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: reconshell.com
URL: https://reconshell.com/detroitchicago/cmbv2.js?gcb=195-0&cb=04-1y02-5y06-12y07-1y0b-5y0d-14y13-3y17-4y1f-5y21-3y2d-2y36-23y55-1y59-21&cmbcb=48&sj=x04x02x06x07x0bx0dx13x17x1fx21x2dx36x55x59
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:116:800d:21:36a9:ecb:e518:b308 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 8d6580af877387b05d9ffac3ebeacfe25a7728c77adef6d9b32fd72ccbe21468

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 20:24:08 GMT
content-encoding: gzip
etag: "u2JtyZzqnTXwzBUswy2r+w=="
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
expires: Mon, 02 May 2022 20:24:08 GMT

GET
DATA 200
OK truncated
/ 42 B
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c90cff659645a312a28804965f3dbc34061338f7234ff5d6ddb2c57e9eadec15

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Content-Type: image/webp

GET
H2 200 cmbdv2.js Show response
reconshell.com/detroitchicago/ 46 KB
11 KB 31ms
31ms Script
application/javascript 18.158.98.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reconshell.com/detroitchicago/cmbdv2.js?gcb=195-0&cb=03-5y0c-5y18-4y37-23y5a-21&cmbcb=48&sj=x03x0cx18x37x5a
Requested by: Host: reconshell.com
URL: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software: Apache/2.4.39 (Ubuntu) /
Resource Hash: 23bbfc0dcf5c4669b456ae354075f2648e6a64b2ab9a9d3bae060905bb1d045b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 20:24:08 GMT
content-encoding: br
server: Apache/2.4.39 (Ubuntu)
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
x-middleton-display: sol-js
cache-control: max-age=31536000, public
x-robots-tag: noindex

GET
H2 200 nmash.js
reconshell.com/porpoiseant/ 24 KB
6 KB 28ms
27ms Other
application/javascript 18.158.98.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reconshell.com/porpoiseant/nmash.js?v=110
Requested by: Host: reconshell.com
URL: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software: Apache/2.4.39 (Ubuntu) /
Resource Hash: ffb648200f12e9e83c7a7d94892271c74f23b39d6f77b9df5e21c96166a41ecb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 20:24:08 GMT
content-encoding: br
last-modified: Thu, 21 Apr 2022 14:05:40 GMT
server: Apache/2.4.39 (Ubuntu)
etag: "6003-5dd2a9adb9500;5dd2a9adb9500-gzip"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000, public
accept-ranges: bytes
x-robots-tag: noindex

GET
H/1.1 200
OK 728x90
static.a-ads.com/a-ads-banners/376835/ Frame BE65 419 KB
419 KB 147ms
60ms Image
image/gif 148.251.1.246
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.a-ads.com/a-ads-banners/376835/728x90?region=eu-central-1
Requested by: Host: ad.a-ads.com
URL: https://ad.a-ads.com/1946581?size=728x90
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 148.251.1.246 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.246.1.251.148.clients.your-server.de
Software: nginx /
Resource Hash: 2096b5ee1e9275866db3873339b8592a41646d6d734a29cc036934411a749395

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad.a-ads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date: Mon, 25 Apr 2022 20:24:08 GMT
Last-Modified: Thu, 07 Apr 2022 13:13:20 GMT
Server: nginx
x-amz-request-id: 4TB8F72ZYJVEGJYA
ETag: "a31c6f52d9458f0ee5cbb29359982913"
Content-Type: image/gif
Cache-Control: max-age=315360000
x-amz-replication-status: COMPLETED
Content-Length: 428799
Connection: keep-alive
Accept-Ranges: bytes
x-amz-version-id: PgCPsAu5gkqB.FPndxGrIj1NflTpU3EM
x-amz-id-2: KxN5GoGUSYR7/sqRdhi6Vtu5iod3fRZ5CJx9nTp0zpWnCOfKSesQqkwExnme1AnA086nQZEcyhs=
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK 728x90
static.a-ads.com/a-ads-banners/376835/ Frame 35E8 419 KB
419 KB 146ms
60ms Image
image/gif 148.251.1.246
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.a-ads.com/a-ads-banners/376835/728x90?region=eu-central-1
Requested by: Host: ad.a-ads.com
URL: https://ad.a-ads.com/1949226?size=728x90
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 148.251.1.246 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.246.1.251.148.clients.your-server.de
Software: nginx /
Resource Hash: 2096b5ee1e9275866db3873339b8592a41646d6d734a29cc036934411a749395

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad.a-ads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date: Mon, 25 Apr 2022 20:24:08 GMT
Last-Modified: Thu, 07 Apr 2022 13:13:20 GMT
Server: nginx
x-amz-request-id: 4TB8F72ZYJVEGJYA
ETag: "a31c6f52d9458f0ee5cbb29359982913"
Content-Type: image/gif
Cache-Control: max-age=315360000
x-amz-replication-status: COMPLETED
Content-Length: 428799
Connection: keep-alive
Accept-Ranges: bytes
x-amz-version-id: PgCPsAu5gkqB.FPndxGrIj1NflTpU3EM
x-amz-id-2: KxN5GoGUSYR7/sqRdhi6Vtu5iod3fRZ5CJx9nTp0zpWnCOfKSesQqkwExnme1AnA086nQZEcyhs=
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 86ms
34ms Script
application/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=reconshell.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022042101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 25 Apr 2022 20:24:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 87ms
34ms Script
application/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=reconshell.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022042101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 25 Apr 2022 20:24:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 456 B
272 B 467ms
466ms XHR
text/plain 142.251.37.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1866888642384033&correlator=535132008556857&eid=31067190%2C31064226&output=ldjh&gdfp_req=1&vrg=2022042101&ptt=17&impl=fifs&iu_parts=1254144%3A22642776669%2Creconshell_com-box-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=336x280&ifi=1&adks=4255985864&sfv=1-0-38&ecs=20220425&fsapi=false&prev_scp=a%3D%257C5%257C%26iid1%3D2088702467252282%26eid%3D2088702467252282%26t%3D134%26d%3D302486%26t1%3D134%26pvc%3D0%26ap%3D1137%26sap%3D1137%26as%3Drevenue%26plat%3D1%26bra%3Dmod40-c%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D2%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26tap%3Dreconshell_com-box-2-2088702467252282%26eb_br%3D26dfa00588543c52511429ade391f561%26eba%3D1%26ebss%3D10061%26bv%3D2%26bvm%3D0%26bvr%3D6%26shp%3D1%26ftsn%3D3%26acptad%3D1%26br1%3D550%26br2%3D280%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D157%2C168%2C0%2C67%2C0%2C168%2C20%2C192%2C192%2C209%2C143%2C0%2C901%2C182%2C901%2C902%2C903%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C919%2C1794%2C2339&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1650918248790&lmt=1650918248&dlt=1650918247527&idt=1234&biw=1600&bih=1200&adxs=632&adys=955&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&url=https%3A%2F%2Freconshell.com%2Fcve-2022-29072-windows-privilege-escalation%2F&frm=20&vis=1&scr_x=0&scr_y=0&psz=1600x280&msz=336x280&fws=4&ohw=1600&ga_vid=2010751779.1650918249&ga_sid=1650918249&ga_hid=1303298778&ga_fc=false&btvi=0&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022042101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.37.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

prg03s13-in-f2.1e100.net

Software

cafe /

Resource Hash

2edba786b211ff44f5c3ddda205f032e4288a70fd8e4994e01598f753df94bff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 20:24:09 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 242
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://reconshell.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
32c91d654afcf12d09422dfe84c59098.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame FBD9 6 KB
4 KB 128ms
33ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://32c91d654afcf12d09422dfe84c59098.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022042101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reconshell.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 25 Apr 2022 20:24:08 GMT
expires: Tue, 25 Apr 2023 20:24:08 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 76ms
23ms Script
text/javascript 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-186158772-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
server: Golfe2
age: 417
date: Mon, 25 Apr 2022 20:17:11 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Mon, 25 Apr 2022 22:17:11 GMT

POST
H2 204 collect
www.google-analytics.com/g/ 0
170 B 72ms
30ms Ping
text/plain 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-V8R3B4G4T9&gtm=2oe4k0&_p=1303298778&_z=ccd.NbB&cid=2010751779.1650918249&gdid=dZTNiMT&ul=en-us&sr=1600x1200&_s=1&sid=1650918248&sct=1&seg=0&dl=https%3A%2F%2Freconshell.com%2Fcve-2022-29072-windows-privilege-escalation%2F&dt=CVE-2022-29072%20Windows%20Privilege%20Escalation%20-%20Penetration%20Testing%20Tools%2C%20ML%20and%20Linux%20Tutorials&en=page_view&_fv=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-V8R3B4G4T9
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 25 Apr 2022 20:24:08 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://reconshell.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame BE65 305 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 95347f5a02237a0ff92fc87be7ad78f0fb44eebc125ffb61edc17da98a6d23d7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 35E8 305 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 95347f5a02237a0ff92fc87be7ad78f0fb44eebc125ffb61edc17da98a6d23d7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 470 B
282 B 422ms
421ms XHR
text/plain 142.251.37.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1866888642384033&correlator=1302672484051873&eid=31067190%2C31064226&output=ldjh&gdfp_req=1&vrg=2022042101&ptt=17&impl=fifs&iu_parts=1254144%3A22642776669%2Creconshell_com-medrectangle-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ifi=2&adks=2403869125&sfv=1-0-38&ecs=20220425&fsapi=false&prev_scp=a%3D%257C1%257C%26iid1%3D792369869285689%26eid%3D792369869285689%26t%3D134%26d%3D302486%26t1%3D134%26pvc%3D0%26ap%3D1100%26sap%3D1100%26as%3Drevenue%26plat%3D1%26bra%3Dmod40-c%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D0%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D5%26al%3D1005%26compid%3D0%26tap%3Dreconshell_com-medrectangle-2-792369869285689%26eb_br%3D6ac330e431a70c7d8ce9fb95aee95c72%26eba%3D1%26ebss%3D10061%26bv%3D15%26bvm%3D0%26bvr%3D5%26shp%3D1%26ftsn%3D3%26br1%3D750%26br2%3D350%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D77%2C14%2C0%2C192%2C0%2C193%2C192%2C20%2C71%2C201%2C192%2C31%2C902%2C903%2C901%2C902%2C903%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%2C29%2C760%2C761%2C815%2C816%2C817%2C818%2C899%2C919%2C1794%2C2339&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1650918248835&lmt=1650918248&dlt=1650918247527&idt=1234&biw=1600&bih=1200&adxs=-9&adys=-9&ucis=2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&url=https%3A%2F%2Freconshell.com%2Fcve-2022-29072-windows-privilege-escalation%2F&frm=20&vis=1&scr_x=0&scr_y=0&psz=0x-1&msz=0x-1&fws=2&ohw=0&ga_vid=2010751779.1650918249&ga_sid=1650918249&ga_hid=1303298778&ga_fc=true&btvi=-1&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022042101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.37.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

prg03s13-in-f2.1e100.net

Software

cafe /

Resource Hash

f388a81240f63080fc1190be45391be19043253a8aabababe75f6a52857dd358

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 20:24:09 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 252
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://reconshell.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 rules-p-31iz6hfFutd16.js Show response
rules.quantcount.com/ 3 B
429 B 70ms
23ms Script
application/javascript 2600:9000:206f:7400:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-31iz6hfFutd16.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:7400:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 02:45:27 GMT
via: 1.1 980059f199bdd603b925d049efedf130.cloudfront.net (CloudFront)
age: 63522
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 3
last-modified: Sat, 04 Mar 2017 19:50:24 GMT
server: AmazonS3
etag: "8a80554c91d9fca8acb82f023de02f11"
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=86400
x-amz-cf-pop: FRA56-C1
accept-ranges: bytes
x-amz-cf-id: 08TNcK8TVSHM8W_DfcqV0NfmmONHmk-W88eGDeTaJf5S9x_CYWbT7w==

POST
H3 200 collect Show response
www.google-analytics.com/j/ 1 B
21 B 77ms
30ms XHR
text/plain 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&aip=1&a=1303298778&t=pageview&_s=1&dl=https%3A%2F%2Freconshell.com%2Fcve-2022-29072-windows-privilege-escalation%2F&ul=en-us&de=UTF-8&dt=CVE-2022-29072%20Windows%20Privilege%20Escalation%20-%20Penetration%20Testing%20Tools%2C%20ML%20and%20Linux%20Tutorials&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YCDACUABBAAAAC~&jid=1601517476&gjid=895386551&cid=2010751779.1650918249&tid=UA-186158772-1&_gid=996690135.1650918249&_r=1&gtm=2ou4k0&did=dZTNiMT&gdid=dZTNiMT&z=1983669036

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://reconshell.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 25 Apr 2022 20:24:09 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://reconshell.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pixel;r=999993268;labels=Domain.reconshell_com%2CDomainId.302486;rf=0;a=p-31iz6hfFutd16;url=https%3A%2F%2Freconshell.com%2Fcve-2022-29072-windows-privilege-escalation%2F;uht=2;fpan=1;fpa=P0-1330917...
pixel.quantserve.com/ 35 B
371 B 28ms
27ms Image
image/gif 2620:116:800d:21:36a9:ecb:e518:b308
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=999993268;labels=Domain.reconshell_com%2CDomainId.302486;rf=0;a=p-31iz6hfFutd16;url=https%3A%2F%2Freconshell.com%2Fcve-2022-29072-windows-privilege-escalation%2F;uht=2;fpan=1;fpa=P0-1330917840-1650918248965;pbc=;ns=0;ce=1;qjs=1;qv=a98acd33-20220316110313;cm=;gdpr=0;ref=;d=reconshell.com;je=0;sr=1600x1200x24;dst=0;et=1650918248965;tzo=0;ogl=locale.en_US%2Ctype.article%2Ctitle.CVE-2022-29072%20Windows%20Privilege%20Escalation%20-%20Penetration%20Testing%20Tools%252C%20ML%20and%20%2Cdescription.7-Zip%20through%2021%252E07%20on%20Windows%20allows%20privilege%20escalation%20and%20command%20execution%2Curl.https%3A%2F%2Freconshell%252Ecom%2Fcve-2022-29072-windows-privilege-escalation%2F%2Csite_name.Penetration%20Testing%20Tools%252C%20ML%20and%20Linux%20Tutorials%2Cupdated_time.2022-04-20T04%3A46%3A42%2B00%3A00%2Cimage.https%3A%2F%2Freconshell%252Ecom%2Fwp-content%2Fuploads%2F2022%2F04%2Fwindows-0day-exploit%252Epng%2Cimage%3Asecure_url.https%3A%2F%2Freconshell%252Ecom%2Fwp-content%2Fuploads%2F2022%2F04%2Fwindows-0day-exploit%252Epng%2Cimage%3Awidth.728%2Cimage%3Aheight.380%2Cimage%3Aalt.Windows%2Cimage%3Atype.image%2Fpng%2Ctitle.CVE-2022-29072%20Windows%20Privilege%20Escalation%2Curl.https%3A%2F%2Freconshell%252Ecom%2Fcve-2022-29072-windows-privilege-escalation%2F%2Csite_name.Penetration%20Testing%20Tools%252C%20ML%20and%20Linux%20Tutorials%2Cimage.https%3A%2F%2Freconshell%252Ecom%2Fwp-content%2Fuploads%2F2022%2F04%2Fwindows-0day-exploit%252Epng

Requested by

Host: reconshell.com
URL: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:36a9:ecb:e518:b308 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 25 Apr 2022 20:24:08 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 houston.js Show response
reconshell.com/detroitchicago/ 4 KB
1 KB 38ms
38ms Script
application/javascript 18.158.98.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reconshell.com/detroitchicago/houston.js?gcb=0&cb=17
Requested by: Host: reconshell.com
URL: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software: Apache/2.4.39 (Ubuntu) /
Resource Hash: 559539863676ce8b7493956a42958ab940d9b1fe8587e23d56832a56d8369dc3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 20:24:09 GMT
content-encoding: br
server: Apache/2.4.39 (Ubuntu)
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
x-middleton-display: sol-js
cache-control: max-age=31536000, public
x-robots-tag: noindex
content-length: 1394

GET
H2 200 ls-bg.jpg
reconshell.com/wp-content/uploads/2019/08/ 23 KB
23 KB 500ms
500ms Image
image/jpeg 18.158.98.109
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://reconshell.com/wp-content/uploads/2019/08/ls-bg.jpg
Requested by: Host: reconshell.com
URL: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software: nginx / PleskLin
Resource Hash: 6b375bb55d944a10eb9cb9d9ec182ff5886ed6b5ab7a82bec6bdeac6ae08eb3f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 20:24:09 GMT
content-encoding: br
etag: "604f7abc-5b55-gzip"
response: 200
last-modified: Thu, 21 Apr 2022 14:05:40 GMT
server: nginx
display: staticcontent_sol
x-powered-by: PleskLin
x-origin-cache-control
x-ezoic-cdn: Bypass
content-type: image/jpeg
x-middleton-display: staticcontent_sol
cache-control: private, max-age=2592000
x-middleton-response: 200
vary: Accept-Encoding, Origin,Accept-Encoding

GET
H2 200 fe-150x150.png
reconshell.com/wp-content/uploads/2022/04/ 7 KB
7 KB 386ms
385ms Image
image/png 18.158.98.109
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://reconshell.com/wp-content/uploads/2022/04/fe-150x150.png
Requested by: Host: reconshell.com
URL: https://reconshell.com/wp-includes/js/imagesloaded.min.js?ver=4.1.4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software: nginx / PleskLin
Resource Hash: 305b6cc3ea622fae286d30271ec700152bbd07220372ce8c29f747b102790e41

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 20:24:09 GMT
content-encoding: br
etag: "625e45ee-1d02-gzip"
response: 200
last-modified: Thu, 21 Apr 2022 14:05:40 GMT
server: nginx
display: staticcontent_sol
x-powered-by: PleskLin
x-origin-cache-control
x-ezoic-cdn: Bypass
content-type: image/png
x-middleton-display: staticcontent_sol
cache-control: private, max-age=57279
x-middleton-response: 200
vary: Accept-Encoding, Origin,Accept-Encoding

GET
H2 200 gitc-150x150.png
reconshell.com/wp-content/uploads/2022/04/ 7 KB
7 KB 384ms
383ms Image
image/png 18.158.98.109
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://reconshell.com/wp-content/uploads/2022/04/gitc-150x150.png
Requested by: Host: reconshell.com
URL: https://reconshell.com/wp-includes/js/imagesloaded.min.js?ver=4.1.4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software: nginx / PleskLin
Resource Hash: c470506c196b2993cd90a86c2baea953089fe2ad4bf530c5741c019218672791

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 20:24:09 GMT
content-encoding: br
etag: "62600b53-1d38-gzip"
response: 200
last-modified: Thu, 21 Apr 2022 14:05:40 GMT
server: nginx
display: staticcontent_sol
x-powered-by: PleskLin
x-origin-cache-control
x-ezoic-cdn: Bypass
content-type: image/png
x-middleton-display: staticcontent_sol
cache-control: private, max-age=45672
x-middleton-response: 200
vary: Accept-Encoding, Origin,Accept-Encoding

GET
H2 200 greenoaks.gif Show response
reconshell.com/detroitchicago/ 0
133 B 24ms
23ms XHR
text/plain 18.158.98.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reconshell.com/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI2MWQwNzk3Zi1jYzEwLTRiY2MtNjFlMS1hZTZmMTFlZWQ3MWIiLCJkb21haW5faWQiOiIzMDI0ODYiLCJ0X2Vwb2NoIjoxNjUwOTE4MjQ1LCJkYXRhIjpbeyJuYW1lIjoiZGV2aWNlX3dpZHRoIiwidmFsIjoiMTYwMCJ9LHsibmFtZSI6ImRldmljZV9oZWlnaHQiLCJ2YWwiOiIxMjAwIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiNjFkMDc5N2YtY2MxMC00YmNjLTYxZTEtYWU2ZjExZWVkNzFiIiwiZG9tYWluX2lkIjoiMzAyNDg2IiwidF9lcG9jaCI6MTY1MDkxODI0NSwiZGF0YSI6W3sibmFtZSI6InRfbG9jYWxfZGF0ZSIsInZhbCI6IjIwMjItMDQtMjUifSx7Im5hbWUiOiJ0X2xvY2FsX2hvdXIiLCJ2YWwiOiIyMCJ9LHsibmFtZSI6InRfbG9jYWxfZGF5X29mX3dlZWsiLCJ2YWwiOiIxIn0seyJuYW1lIjoidF9sb2NhbF90aW1lem9uZSIsInZhbCI6IjAifV19LHsidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI2MWQwNzk3Zi1jYzEwLTRiY2MtNjFlMS1hZTZmMTFlZWQ3MWIiLCJkb21haW5faWQiOiIzMDI0ODYiLCJ0X2Vwb2NoIjoxNjUwOTE4MjQ1LCJkYXRhIjpbeyJuYW1lIjoibGFuZ3VhZ2VfdGFnIiwidmFsIjoiZW4tVVMifV19LHsidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI2MWQwNzk3Zi1jYzEwLTRiY2MtNjFlMS1hZTZmMTFlZWQ3MWIiLCJkb21haW5faWQiOiIzMDI0ODYiLCJ0X2Vwb2NoIjoxNjUwOTE4MjQ1LCJkYXRhIjpbeyJuYW1lIjoibGFuZ3VhZ2VfcHJpbWFyeV9zdWJ0YWciLCJ2YWwiOiJlbiJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6IjYxZDA3OTdmLWNjMTAtNGJjYy02MWUxLWFlNmYxMWVlZDcxYiIsImRvbWFpbl9pZCI6IjMwMjQ4NiIsInRfZXBvY2giOjE2NTA5MTgyNDUsImRhdGEiOlt7Im5hbWUiOiJ0aW1lcl9maXJzdF9hZF9yZXF1ZXN0IiwidmFsIjoiMTc1MCJ9XX1d
Requested by: Host: reconshell.com
URL: https://reconshell.com/detroitchicago/cmbv2.js?gcb=195-0&cb=04-1y02-5y06-12y07-1y0b-5y0d-14y13-3y17-4y1f-5y21-3y2d-2y36-23y55-1y59-21&cmbcb=48&sj=x04x02x06x07x0bx0dx13x17x1fx21x2dx36x55x59
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-middleton-display: ezp_sol
date: Mon, 25 Apr 2022 20:24:06 GMT
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
expires: Sun, 24 Apr 2022 20:24:06 GMT
content-length: 0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8

GET
H2 200 dark-bottom.css
reconshell.com/ezoic/styles/ 3 KB
792 B 25ms
25ms Stylesheet
text/css 18.158.98.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reconshell.com/ezoic/styles/dark-bottom.css
Requested by: Host: reconshell.com
URL: https://reconshell.com/ezoic/cookieconsent.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software: Apache/2.4.39 (Ubuntu) /
Resource Hash: 94edf973e9deb80b5eccf17f8f3108eafe15209fe25fe417e8f8962a4d8f48b3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 20:24:09 GMT
content-encoding: br
last-modified: Thu, 21 Apr 2022 14:05:40 GMT
server: Apache/2.4.39 (Ubuntu)
etag: "bd7-5dd2a9adb9500-gzip"
vary: Accept-Encoding, Accept-Encoding
content-type: text/css
cache-control: max-age=31536000, public
accept-ranges: bytes
x-robots-tag: noindex
content-length: 725

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
11 KB 87ms
36ms XHR
application/json 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022042101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022042101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c68993b61355cfab70a3f59a0b5e1ce890cddcd38672429785ad6d3865fa0808

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 25 Apr 2022 20:24:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10520
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 212ms
159ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022042101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 20:24:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 25 Apr 2022 20:24:10 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 6B3E 13 KB
5 KB 71ms
23ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reconshell.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 2512
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 25 Apr 2022 19:42:18 GMT
expires: Tue, 25 Apr 2023 19:42:18 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 842A 783 B
1 KB 83ms
32ms Document
text/html 2a00:1450:4001:800::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

75502d0c549d46c50b19d2417027715be64114690ea3ae9e0b8e5c98eaf241fa

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-kAh+azZjCC1VvZFbZZojIQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reconshell.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-kAh+azZjCC1VvZFbZZojIQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 25 Apr 2022 20:24:10 GMT
expires: Mon, 25 Apr 2022 20:24:10 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 OahgkAIwXXEnVYtSx7hLRSdqNDK1Dt0IuJMW5_z-SnY.js Show response
pagead2.googlesyndication.com/bg/ Frame 6B3E 35 KB
13 KB 65ms
21ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/OahgkAIwXXEnVYtSx7hLRSdqNDK1Dt0IuJMW5_z-SnY.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

39a8609002305d7127558b52c7b84b45276a3432b50edd08b89316e7fcfe4a76

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 05:46:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 52665
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13787
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 11:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 25 Apr 2023 05:46:25 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 842A 0
0 93ms
62ms Image
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022042101&jk=1866888642384033&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 6B3E 0
9 B 23ms
22ms Image
text/plain 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?ktOpmA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 20:24:10 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 90ms
90ms Image
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2022042101&jk=1866888642384033&bg=!cnGlcTXNAAYXWUUuN1k7ACkAdvg8Wg_gbucdWaOgCC7HpmZWdhhWsxj-zlg1kp32meDqJN4g8_WnagIAAABZUgAAAAFoAQcKADDmM4h0kQgaW9Lq38WerEPijAy_vw824xzdCLSabsNP4hpFzT3CZ5qDIMhMHfrFWWOZApY_09J9nGQISIBIygqGHs4wG90s6sd3zjwJJuU9h7xh4ljqO32s3cxI6OtyE6XptDznQ3jzsODtf0yfoXg3YnINez3ht6r-yD2DP_8cHMlVz6zX_Iebolo7BXGoQETfe_BfImfF32dmxtOMdCvP8Zn-4HcKifxpRWIx7Ke7mYWN3Koz0Fj2o5rMzBDG_SJPCbf0IOih3EcYsB0E4XMO_qvVTIXqRZQr3lCDRal0gbTTW_Nfs5jt_1imRzMfzPW4Ki1RRK304Q6u5n08jjVoX2w0-9p2fe2ZYtbrht0XPjVk6gy3A-es2eIYq81aBG5eoODPmwGVxr00C8gOlzSol-PZGDvx3XamhO4vuAUMrRvyi9H7NpRcFsciJOikMkfh-1BWUHTTZMCNeS_NH9G5PcbSrSfmSrtP5rJZgQy1iLXC9Y0inKNDqjjnC6YuywUthbwCoF6kYmj0ZTXl0hnS18INCvBlVcAybmr6kp_q2rrta-cegie5wuYr6mRBYpGJ1LEOjLLyzO3wfbCAdkks8w_eGlSkcRQOgNxD2PLrIgF0BzWTQCQyMksnLlriQqVYUGtLD9LyQP4LzacvpaZIFVUC_e5Fm-DxtFZs-b01PbDHylQ8HlIdKgHAuBkfgJLfautsQavHhdW0g1pnOnzFDizFYLbsFBP4Da3y0r_pQA1aKwRBBEnCbOtVQGibwFNOaFfFDGbH3jKfReNsoJavYF-DhMKjpcFREOYritTtXyBJ-rDgJ7Pr7zi5pglHEa2pgQbGjnqW-XsIOVHEPT9xKYrpdlVqivX2FRPkTBfiYRWFwZH5GwIztWTKnexWru8O9_FdTsNJ_keIkDRILiH8k9rfuUphHAKLtAqEQJ-3ZZJYC5vlJVkm8g
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

GET
H2 200 vpp.gif
reconshell.com/detroitchicago/ 43 B
116 B 24ms
23ms Image
image/gif 18.158.98.109
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://reconshell.com/detroitchicago/vpp.gif?e=%5B%7B%22url%22%3A%22https%3A%2F%2Freconshell.com%2Fcve-2022-29072-windows-privilege-escalation%2F%22%2C%22pageview_id%22%3A%2261d0797f-cc10-4bcc-61e1-ae6f11eed71b%22%2C%22template_id%22%3A134%2C%22player_name%22%3A%22unknown%22%2C%22domain_id%22%3A302486%2C%22media_src%22%3A%22https%3A%2F%2Fuser-images.githubusercontent.com%2F33525376%2F163654035-d40ca72a-7dbc-425f-ade2-3820cfababb2.mp4%22%7D%5D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 20:24:09 GMT
content-encoding: br
vary: Accept-Encoding, Accept-Encoding
content-type: image/gif
x-middleton-display: imp_sol
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Sun, 24 Apr 2022 20:24:09 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 75ms
31ms Script
application/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=reconshell.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022042101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 25 Apr 2022 20:24:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 76ms
31ms Script
application/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=reconshell.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022042101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 25 Apr 2022 20:24:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 71 KB
23 KB 491ms
490ms XHR
text/plain 142.251.37.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1866888642384033&correlator=3786617730745554&eid=31067190%2C31064226%2C44714449&output=ldjh&gdfp_req=1&vrg=2022042101&ptt=17&impl=fifs&iu_parts=1254144%3A22642776669%2Creconshell_com-box-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=336x280&ifi=3&adks=4255985864&sfv=1-0-38&ecs=20220425&ris=4&rcs=1&fsapi=false&prev_scp=a%3D%257C5%257C%26iid1%3D2088702467252282%26eid%3D2088702467252282%26t%3D134%26d%3D302486%26t1%3D134%26pvc%3D0%26ap%3D1137%26sap%3D1137%26as%3Drevenue%26plat%3D1%26bra%3Dmod40-c%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D2%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26tap%3Dreconshell_com-box-2-2088702467252282%26eb_br%3Dc16fac08e79a971524b1c6834f5caad3%26eba%3D1%26ebss%3D10061%26bv%3D2%26bvm%3D0%26bvr%3D6%26shp%3D1%26ftsn%3D3%26acptad%3D1%26br1%3D280%26br2%3D280%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D157%2C168%2C0%2C67%2C0%2C168%2C20%2C192%2C192%2C209%2C143%2C0%2C901%2C182%2C901%2C902%2C903%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C919%2C1794%2C2339%2C20%2C2310%2C2526%2C2527%2C2764%2C2765%26lb%3D550%26reqt%3D1650918252334&eri=1&sc=1&cookie=ID%3D83032e3e89826c3e-222b044e83cd00fe%3AT%3D1650918248%3AS%3DALNI_MZ5OsLePQ_sphnBaWXEWVEs_sUY7Q&abxe=1&dt=1650918252338&lmt=1650918252&dlt=1650918247527&idt=1234&biw=1600&bih=1200&adxs=632&adys=955&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&url=https%3A%2F%2Freconshell.com%2Fcve-2022-29072-windows-privilege-escalation%2F&frm=20&vis=1&scr_x=0&scr_y=0&psz=1600x280&msz=336x280&fws=4&ohw=1600&psts=AGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=2010751779.1650918249&ga_sid=1650918249&ga_hid=1303298778&ga_fc=true&btvi=0&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022042101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.37.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

prg03s13-in-f2.1e100.net

Software

cafe /

Resource Hash

6245502596f1d958873d04e792f2b32451d6d057a41afe357043f2f13674b1ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 20:24:12 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23407
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://reconshell.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 447 B
272 B 518ms
518ms XHR
text/plain 142.251.37.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1866888642384033&correlator=1785973520532641&eid=31067190%2C31064226%2C44714449&output=ldjh&gdfp_req=1&vrg=2022042101&ptt=17&impl=fifs&iu_parts=1254144%3A22642776669%2Creconshell_com-medrectangle-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ifi=4&adks=2403869125&sfv=1-0-38&ecs=20220425&ris=4&rcs=1&fsapi=false&prev_scp=a%3D%257C1%257C%26iid1%3D792369869285689%26eid%3D792369869285689%26t%3D134%26d%3D302486%26t1%3D134%26pvc%3D0%26ap%3D1100%26sap%3D1100%26as%3Drevenue%26plat%3D1%26bra%3Dmod40-c%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D0%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D5%26al%3D1005%26compid%3D0%26tap%3Dreconshell_com-medrectangle-2-792369869285689%26eb_br%3D76163170a8636ae5b88417f095893e08%26eba%3D1%26ebss%3D10061%26bv%3D15%26bvm%3D0%26bvr%3D5%26shp%3D1%26ftsn%3D3%26br1%3D400%26br2%3D350%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D77%2C14%2C0%2C192%2C0%2C193%2C192%2C20%2C71%2C201%2C192%2C31%2C902%2C903%2C901%2C902%2C903%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%2C29%2C760%2C761%2C815%2C816%2C817%2C818%2C899%2C919%2C1794%2C2339%2C2310%2C2765%26lb%3D750%26reqt%3D1650918252342&eri=1&sc=1&cookie=ID%3D83032e3e89826c3e-222b044e83cd00fe%3AT%3D1650918248%3AS%3DALNI_MZ5OsLePQ_sphnBaWXEWVEs_sUY7Q&abxe=1&dt=1650918252347&lmt=1650918252&dlt=1650918247527&idt=1234&biw=1600&bih=1200&adxs=436&adys=1110&ucis=2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&url=https%3A%2F%2Freconshell.com%2Fcve-2022-29072-windows-privilege-escalation%2F&frm=20&vis=1&scr_x=0&scr_y=0&psz=728x-1&msz=728x-1&fws=516&ohw=1600&psts=AGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=2010751779.1650918249&ga_sid=1650918249&ga_hid=1303298778&ga_fc=true&btvi=0&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022042101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.37.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

prg03s13-in-f2.1e100.net

Software

cafe /

Resource Hash

8f20a055f7ad437b5288b970c9c44846e518230caf815001b9a080579bba518b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 20:24:12 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 241
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://reconshell.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 container.html Show response
32c91d654afcf12d09422dfe84c59098.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 4A06 6 KB
3 KB 70ms
23ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://32c91d654afcf12d09422dfe84c59098.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022042101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reconshell.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 25 Apr 2022 20:24:08 GMT
expires: Tue, 25 Apr 2023 20:24:08 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 greenoaks.gif Show response
reconshell.com/detroitchicago/ 0
76 B 39ms
38ms XHR
text/plain 18.158.98.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reconshell.com/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI2MWQwNzk3Zi1jYzEwLTRiY2MtNjFlMS1hZTZmMTFlZWQ3MWIiLCJkb21haW5faWQiOiIzMDI0ODYiLCJ0X2Vwb2NoIjoxNjUwOTE4MjQ1LCJkYXRhIjpbeyJuYW1lIjoibmF2aWdhdGlvbl90eXBlIiwidmFsIjoiMCJ9LHsibmFtZSI6InJlZGlyZWN0X2NvdW50IiwidmFsIjoiMCJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6IjYxZDA3OTdmLWNjMTAtNGJjYy02MWUxLWFlNmYxMWVlZDcxYiIsImRvbWFpbl9pZCI6IjMwMjQ4NiIsInRfZXBvY2giOjE2NTA5MTgyNDUsImRhdGEiOlt7Im5hbWUiOiJwZXJmX2lzX3RyYWNrZWQiLCJ2YWwiOiIxIn0seyJuYW1lIjoicGVyZl9uYXZfdG9fY29ubmVjdCIsInZhbCI6Ijc0In0seyJuYW1lIjoicGVyZl9jb25uZWN0X3RvX3Jlc3Bfc3RhcnQiLCJ2YWwiOiIyMzc3In0seyJuYW1lIjoicGVyZl9yZXNwX3RpbWUiLCJ2YWwiOiI0OCJ9LHsibmFtZSI6InBlcmZfaW50ZXJhY3RpdmUiLCJ2YWwiOiIxNjE3In0seyJuYW1lIjoicGVyZl9jb250ZW50bG9hZGVkIiwidmFsIjoiMTYyNyJ9LHsibmFtZSI6InBlcmZfY29tcGxldGUiLCJ2YWwiOiIyMTYzIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiNjFkMDc5N2YtY2MxMC00YmNjLTYxZTEtYWU2ZjExZWVkNzFiIiwiZG9tYWluX2lkIjoiMzAyNDg2IiwidF9lcG9jaCI6MTY1MDkxODI0NSwiZGF0YSI6W3sibmFtZSI6ImZpcnN0X3BhaW50IiwidmFsIjoiMzQxNSJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6IjYxZDA3OTdmLWNjMTAtNGJjYy02MWUxLWFlNmYxMWVlZDcxYiIsImRvbWFpbl9pZCI6IjMwMjQ4NiIsInRfZXBvY2giOjE2NTA5MTgyNDUsImRhdGEiOlt7Im5hbWUiOiJmaXJzdF9jb250ZW50ZnVsX3BhaW50IiwidmFsIjoiMzQxNSJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6IjYxZDA3OTdmLWNjMTAtNGJjYy02MWUxLWFlNmYxMWVlZDcxYiIsImRvbWFpbl9pZCI6IjMwMjQ4NiIsInRfZXBvY2giOjE2NTA5MTgyNDUsImRhdGEiOlt7Im5hbWUiOiJjb25uZWN0aW9uX2VmZmVjdGl2ZV90eXBlIiwidmFsIjoiNGcifV19XQ==
Requested by: Host: reconshell.com
URL: https://reconshell.com/detroitchicago/cmbv2.js?gcb=195-0&cb=04-1y02-5y06-12y07-1y0b-5y0d-14y13-3y17-4y1f-5y21-3y2d-2y36-23y55-1y59-21&cmbcb=48&sj=x04x02x06x07x0bx0dx13x17x1fx21x2dx36x55x59
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-middleton-display: ezp_sol
date: Mon, 25 Apr 2022 20:24:10 GMT
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
expires: Sun, 24 Apr 2022 20:24:10 GMT
content-length: 0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8

GET
H2 200 greenoaks.gif Show response
reconshell.com/detroitchicago/ 0
64 B 39ms
38ms XHR
text/plain 18.158.98.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reconshell.com/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI2MWQwNzk3Zi1jYzEwLTRiY2MtNjFlMS1hZTZmMTFlZWQ3MWIiLCJkb21haW5faWQiOiIzMDI0ODYiLCJ0X2Vwb2NoIjoxNjUwOTE4MjQ1LCJkYXRhIjpbeyJuYW1lIjoiY29ubmVjdGlvbl9kb3dubGluayIsInZhbCI6IjEwIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiNjFkMDc5N2YtY2MxMC00YmNjLTYxZTEtYWU2ZjExZWVkNzFiIiwiZG9tYWluX2lkIjoiMzAyNDg2IiwidF9lcG9jaCI6MTY1MDkxODI0NSwiZGF0YSI6W3sibmFtZSI6ImNvbm5lY3Rpb25fcnR0IiwidmFsIjoiMCJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6IjYxZDA3OTdmLWNjMTAtNGJjYy02MWUxLWFlNmYxMWVlZDcxYiIsImRvbWFpbl9pZCI6IjMwMjQ4NiIsInRfZXBvY2giOjE2NTA5MTgyNDUsImRhdGEiOlt7Im5hbWUiOiJ0aW1lcl9maXJzdF9hZF9sb2FkIiwidmFsIjoiNTMxOCJ9XX1d
Requested by: Host: reconshell.com
URL: https://reconshell.com/detroitchicago/cmbv2.js?gcb=195-0&cb=04-1y02-5y06-12y07-1y0b-5y0d-14y13-3y17-4y1f-5y21-3y2d-2y36-23y55-1y59-21&cmbcb=48&sj=x04x02x06x07x0bx0dx13x17x1fx21x2dx36x55x59
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-middleton-display: ezp_sol
date: Mon, 25 Apr 2022 20:24:12 GMT
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
expires: Sun, 24 Apr 2022 20:24:12 GMT
content-length: 0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8

GET
H2 200 army.gif Show response
reconshell.com/porpoiseant/ 0
64 B 40ms
39ms XHR
text/plain 18.158.98.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reconshell.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjA4ODcwMjQ2NzI1MjI4MiIsImRvbWFpbl9pZCI6IjMwMjQ4NiIsInVuaXQiOiJkaXYtZ3B0LWFkLXJlY29uc2hlbGxfY29tLWJveC0yLTAiLCJ0X2Vwb2NoIjoxNjUwOTE4MjQ1LCJhZF9wb3NpdGlvbiI6MTEzNywiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiI2MWQwNzk3Zi1jYzEwLTRiY2MtNjFlMS1hZTZmMTFlZWQ3MWIiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NTkxLCJkYXRhIjpbeyJuYW1lIjoicmVmcmVzaF9jb3VudCIsInZhbCI6IjIifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjIwODg3MDI0NjcyNTIyODIiLCJkb21haW5faWQiOiIzMDI0ODYiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZWNvbnNoZWxsX2NvbS1ib3gtMi0wIiwidF9lcG9jaCI6MTY1MDkxODI0NSwiYWRfcG9zaXRpb24iOjExMzcsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiNjFkMDc5N2YtY2MxMC00YmNjLTYxZTEtYWU2ZjExZWVkNzFiIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDU5MSwiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9iaWRfaGFzaCIsInZhbCI6ImMxNmZhYzA4ZTc5YTk3MTUyNGIxYzY4MzRmNWNhYWQzIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIyMDg4NzAyNDY3MjUyMjgyIiwiZG9tYWluX2lkIjoiMzAyNDg2IiwidW5pdCI6ImRpdi1ncHQtYWQtcmVjb25zaGVsbF9jb20tYm94LTItMCIsInRfZXBvY2giOjE2NTA5MTgyNDUsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLjAwMjgsImFkX3Bvc2l0aW9uIjoxMTM3LCJhZF9zaXplIjoiIiwiYmlkX2Zsb29yX2ZpbGxlZCI6MC4wMDI4LCJiaWRfZmxvb3JfcHJldiI6MC4wMDU1LCJzdGF0X3NvdXJjZV9pZCI6MzUsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiI2MWQwNzk3Zi1jYzEwLTRiY2MtNjFlMS1hZTZmMTFlZWQ3MWIiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NTkxLCJkYXRhIjpbeyJuYW1lIjoibG9hZGVkIiwidmFsIjoiMSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjA4ODcwMjQ2NzI1MjI4MiIsImRvbWFpbl9pZCI6IjMwMjQ4NiIsInVuaXQiOiJkaXYtZ3B0LWFkLXJlY29uc2hlbGxfY29tLWJveC0yLTAiLCJ0X2Vwb2NoIjoxNjUwOTE4MjQ1LCJhZF9wb3NpdGlvbiI6MTEzNywiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiI2MWQwNzk3Zi1jYzEwLTRiY2MtNjFlMS1hZTZmMTFlZWQ3MWIiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NTkxLCJkYXRhIjpbeyJuYW1lIjoiY3JlYXRpdmVfaWQiLCJ2YWwiOiIxMzgzMTAwMzQ1OTEifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjIwODg3MDI0NjcyNTIyODIiLCJkb21haW5faWQiOiIzMDI0ODYiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZWNvbnNoZWxsX2NvbS1ib3gtMi0wIiwidF9lcG9jaCI6MTY1MDkxODI0NSwiYWRfcG9zaXRpb24iOjExMzcsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiNjFkMDc5N2YtY2MxMC00YmNjLTYxZTEtYWU2ZjExZWVkNzFiIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDU5MSwiZGF0YSI6W3sibmFtZSI6ImxpbmVpdGVtX2lkIiwidmFsIjoiMjg2ODcyNzQifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by: Host: reconshell.com
URL: https://reconshell.com/detroitchicago/cmbv2.js?gcb=195-0&cb=04-1y02-5y06-12y07-1y0b-5y0d-14y13-3y17-4y1f-5y21-3y2d-2y36-23y55-1y59-21&cmbcb=48&sj=x04x02x06x07x0bx0dx13x17x1fx21x2dx36x55x59
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-middleton-display: ezp_sol
date: Mon, 25 Apr 2022 20:24:11 GMT
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
expires: Sun, 24 Apr 2022 20:24:11 GMT
content-length: 0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8

GET
H2 200 army.gif Show response
reconshell.com/porpoiseant/ 0
64 B 40ms
39ms XHR
text/plain 18.158.98.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reconshell.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjA4ODcwMjQ2NzI1MjI4MiIsImRvbWFpbl9pZCI6IjMwMjQ4NiIsInVuaXQiOiJkaXYtZ3B0LWFkLXJlY29uc2hlbGxfY29tLWJveC0yLTAiLCJ0X2Vwb2NoIjoxNjUwOTE4MjQ1LCJhZF9wb3NpdGlvbiI6MTEzNywiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiI2MWQwNzk3Zi1jYzEwLTRiY2MtNjFlMS1hZTZmMTFlZWQ3MWIiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NTkxLCJkYXRhIjpbeyJuYW1lIjoidF9sb2NhbF9kYXRlIiwidmFsIjoiMjAyMi0wNC0yNSJ9LHsibmFtZSI6InRfbG9jYWxfaG91ciIsInZhbCI6IjIwIn0seyJuYW1lIjoidF9sb2NhbF9kYXlfb2Zfd2VlayIsInZhbCI6IjEifSx7Im5hbWUiOiJ0X2xvY2FsX3RpbWV6b25lIiwidmFsIjoiMCJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
Requested by: Host: reconshell.com
URL: https://reconshell.com/detroitchicago/cmbv2.js?gcb=195-0&cb=04-1y02-5y06-12y07-1y0b-5y0d-14y13-3y17-4y1f-5y21-3y2d-2y36-23y55-1y59-21&cmbcb=48&sj=x04x02x06x07x0bx0dx13x17x1fx21x2dx36x55x59
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-middleton-display: ezp_sol
date: Mon, 25 Apr 2022 20:24:08 GMT
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
expires: Sun, 24 Apr 2022 20:24:08 GMT
content-length: 0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8

GET
H2 200 army.gif Show response
reconshell.com/porpoiseant/ 0
18 B 38ms
38ms XHR
text/plain 18.158.98.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reconshell.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiMjA4ODcwMjQ2NzI1MjI4MiIsImRvbWFpbl9pZCI6IjMwMjQ4NiIsInVuaXQiOiJkaXYtZ3B0LWFkLXJlY29uc2hlbGxfY29tLWJveC0yLTAiLCJ0X2Vwb2NoIjoxNjUwOTE4MjQ1LCJhdWN0aW9uX2Vwb2NoIjoxNjUwOTE4MjUzLCJhZF9wb3NpdGlvbiI6MTEzNywiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjYxZDA3OTdmLWNjMTAtNGJjYy02MWUxLWFlNmYxMWVlZDcxYiIsImJpZF9mbG9vcl9pbml0aWFsIjo1NTAsImJpZF9mbG9vcl9wcmV2Ijo1NTAsImJpZF9mbG9vcl9maWxsZWQiOjI4MCwiYXVjdGlvbl9jb3VudCI6MiwicmVmcmVzaF9hZF9jb3VudCI6MCwiYXVjdGlvbl9kdXJhdGlvbiI6NTEwLCJtdWx0aV9hZF91bml0IjowLCJtdWx0aV9hZF9jb3VudCI6MCwibmV0d29ya19jb2RlIjoxMjU0MTQ0LCJkYXRhIjpbeyJuYW1lIjoiIiwidmFsIjoiIn1dLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0fV0=
Requested by: Host: reconshell.com
URL: https://reconshell.com/detroitchicago/cmbv2.js?gcb=195-0&cb=04-1y02-5y06-12y07-1y0b-5y0d-14y13-3y17-4y1f-5y21-3y2d-2y36-23y55-1y59-21&cmbcb=48&sj=x04x02x06x07x0bx0dx13x17x1fx21x2dx36x55x59
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-middleton-display: ezp_sol
date: Mon, 25 Apr 2022 20:24:10 GMT
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
expires: Sun, 24 Apr 2022 20:24:10 GMT
content-length: 0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220421/r20110914/ Frame 4A06 19 KB
8 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220421/r20110914/abg_lite_fy2019.js

Requested by

Host: 32c91d654afcf12d09422dfe84c59098.safeframe.googlesyndication.com
URL: https://32c91d654afcf12d09422dfe84c59098.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a7d5c1bfe43c8beefab2fa059f4fcaa029fcbbace9a672aae1dfe1ffb7d6976c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://32c91d654afcf12d09422dfe84c59098.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 20:18:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 359
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8002
x-xss-protection: 0
server: cafe
etag: 5332015062585099865
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 09 May 2022 20:18:13 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 4A06 8 KB
714 B 79ms
32ms Stylesheet
text/css 2a00:1450:4001:802::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Requested by

Host: 32c91d654afcf12d09422dfe84c59098.safeframe.googlesyndication.com
URL: https://32c91d654afcf12d09422dfe84c59098.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

32bc7c1c64fd1b755d48d6025b86b7e7a28ad35d1f420cf85cdc1123aa7dfcd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://32c91d654afcf12d09422dfe84c59098.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 25 Apr 2022 19:54:00 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 25 Apr 2022 20:24:12 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 25 Apr 2022 20:24:12 GMT

GET
H2 200 outstream.min.css
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20220418_RC00/ Frame 4A06 14 KB
3 KB 80ms
24ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20220418_RC00/outstream.min.css

Requested by

Host: 32c91d654afcf12d09422dfe84c59098.safeframe.googlesyndication.com
URL: https://32c91d654afcf12d09422dfe84c59098.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

48ca4c570f2d58d8ff837e1c8f7d73e418a485ae23b2c9322f2f351d71d93aa7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://32c91d654afcf12d09422dfe84c59098.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 13:05:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 26303
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2798
x-xss-protection: 0
last-modified: Mon, 18 Apr 2022 10:38:44 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 25 Apr 2023 13:05:50 GMT

GET
H2 200 outstream.min.js Show response
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20220418_RC00/ Frame 4A06 347 KB
119 KB 81ms
25ms Script
text/javascript 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20220418_RC00/outstream.min.js

Requested by

Host: 32c91d654afcf12d09422dfe84c59098.safeframe.googlesyndication.com
URL: https://32c91d654afcf12d09422dfe84c59098.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6ee816398ac59bd1a1fddcb80037e7fd618f481fe467ad65e73afb4daff29095

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://32c91d654afcf12d09422dfe84c59098.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 13:05:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 26303
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 122225
x-xss-protection: 0
last-modified: Mon, 18 Apr 2022 10:38:44 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 25 Apr 2023 13:05:50 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220421/r20110914/client/ Frame 4A06 15 KB
6 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220421/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 32c91d654afcf12d09422dfe84c59098.safeframe.googlesyndication.com
URL: https://32c91d654afcf12d09422dfe84c59098.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4a29964e922a0ddad04e2feb2b4496f1019838b0cd9754da5bc95f6e20a14e98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://32c91d654afcf12d09422dfe84c59098.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 20:14:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 554
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6409
x-xss-protection: 0
server: cafe
etag: 15284592792851369840
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 09 May 2022 20:14:58 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 4A06 0
0 79ms
31ms Image
text/html 2a00:1450:4001:800::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRM98bDNMwKOqcqyxCptISYU6Zaya8W6gS6FVM58PdXBMriAotmbILbirASVduJlDx5LBigBqT86SnIt7CfH2h0H_3ZLw
Requested by: Host: 32c91d654afcf12d09422dfe84c59098.safeframe.googlesyndication.com
URL: https://32c91d654afcf12d09422dfe84c59098.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:800::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://32c91d654afcf12d09422dfe84c59098.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

POST
H2 204 csi
csi.gstatic.com/ Frame 4A06 0
327 B 174ms
59ms Ping
image/gif 2a00:1450:400f:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=1~l2f63ore&c=6439675079120&slotId=3219837539560&qqid=CLj089-FsPcCFRfiuwgdcHkKUg&fb=outstream-lima&sei=44729911%2C44730425%2C44730426%2C420706098&nsei=44714510%2C72811302%2C75259405%2C75259407%2C75259408%2C318491509%2C447279544&bi=outstream
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20220418_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400f:801::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://32c91d654afcf12d09422dfe84c59098.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 25 Apr 2022 20:24:13 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 4A06 15 KB
15 KB 71ms
24ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://32c91d654afcf12d09422dfe84c59098.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 20:07:55 GMT
x-content-type-options: nosniff
age: 519378
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15828
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:28 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 19 Apr 2023 20:07:55 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 4A06 15 KB
15 KB 66ms
23ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://32c91d654afcf12d09422dfe84c59098.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 18:59:49 GMT
x-content-type-options: nosniff
age: 523464
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:19 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 19 Apr 2023 18:59:49 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4A06 0
20 B 55ms
55ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=osv-info&clickstring=C4fbgbANnYriOGZfE7_UP8PKpkAWt27jzaL6-0PeLDpXsivXRDBABIPT5xiVglYKAgJQHoAHe_KCDA8gBBakCoVjXSzz1sT6oAwHIA5sEqgT3AU_QT6ZV2e7Kq70h0qZuvWOAUNaXc-n-L_n8xm3dF7EuMBM2Ja_Z3zddoqlLBZJ_YP-jXLi8amRQWS7BZuOJpC3UMueXzq1UyjunFi4EeaeNxg6QshlZAbRc6cYwAnB0A81Ckp4JjHBTdnNOFFwRqi96sUEUmqps8xVN6TjNGsQt3wXzg6jflRzYfRie7AIo9k9LRQLNZO5ciz5lMw0ge5GTt9wteh6H8NltbTeoM-QkPicvN3kgt0-Q1ZtQgRzOi9ODEpAsjszb5hxHLd8BLROR9ZwVL3FNKWyNmHljtskf4JXzu0zVFUgkbye08-6X36Tg5rDCC-rABKDWjKC6A-AEA5AGAaAGToAHioPffKgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIICQiA4YAQEAEYHYAKA5gLAcgLAYAMAbAT5PfmDtATANgTDYgUY9gUAdAVAfgWAYAXAQ&eventType=clickstring&clientTime=1650918253090&ai=C4fbgbANnYriOGZfE7_UP8PKpkAWt27jzaL6-0PeLDpXsivXRDBABIPT5xiVglYKAgJQHoAHe_KCDA8gBBakCoVjXSzz1sT6oAwHIA5sEqgT3AU_QT6ZV2e7Kq70h0qZuvWOAUNaXc-n-L_n8xm3dF7EuMBM2Ja_Z3zddoqlLBZJ_YP-jXLi8amRQWS7BZuOJpC3UMueXzq1UyjunFi4EeaeNxg6QshlZAbRc6cYwAnB0A81Ckp4JjHBTdnNOFFwRqi96sUEUmqps8xVN6TjNGsQt3wXzg6jflRzYfRie7AIo9k9LRQLNZO5ciz5lMw0ge5GTt9wteh6H8NltbTeoM-QkPicvN3kgt0-Q1ZtQgRzOi9ODEpAsjszb5hxHLd8BLROR9ZwVL3FNKWyNmHljtskf4JXzu0zVFUgkbye08-6X36Tg5rDCC-rABKDWjKC6A-AEA5AGAaAGToAHioPffKgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIICQiA4YAQEAEYHYAKA5gLAcgLAYAMAbAT5PfmDtATANgTDYgUY9gUAdAVAfgWAYAXAQ

Requested by

Host: 32c91d654afcf12d09422dfe84c59098.safeframe.googlesyndication.com
URL: https://32c91d654afcf12d09422dfe84c59098.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://32c91d654afcf12d09422dfe84c59098.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 25 Apr 2022 20:24:13 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 vast Show response
bid.g.doubleclick.net/dbm/ Frame 4A06 23 KB
15 KB 116ms
53ms XHR
text/xml 74.125.133.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/dbm/vast?dbm_c=AKAmf-DsTpj8PIMJ2B6wuyYZem1ie2p75tVt6A5FY8aiKcRIWOzEWQa8x0OFx9kg65Hjadanoco4kyKp1K8xDCUNVk44g-Warw&dbm_d=AKAmf-AYxGUDdCdiXCcuaDC1q2FagXxZJNR5Q4Q8cABE3vJaRB7kBI7Uvck0a86u81wbTQq97OrjG3Q_lqmzEPKdmmxVvLJi6HYy_JV6nTV0nBfhx0KWj8xs0Mtn2SajC-UrfiAfgOr4pTd4tcBIht-aJrR-934hKLeKlUVa1-oSwliQv7x_lTUy72hxxB_OWJVtoZJdUNiJ6DQKi-n0IiQM1MDRcJLPuJEUf2EFWKQsvpWzoiFL9UE2Ru5DSnZ5YF2_k8glpXQyaHH5IDIUzj1E8bYlQKFlkEC1Y7_oe5SRG51atl_vFZyDP79IFMb5kEyvvRwhf0lwqu32oH5I0o5FWQIeQDsrkcwxZsJAnQLk89ilbMyADHTi9sksMVp27gVVbJPnnTax06OxbXs9Z2CMkuJhlKlDPN7-qdlEce4aiFgBK9nxdICzxMlv2fAtJES6WXEfkvb9PbeEg7p0V9FyLfQJZSrTXsnPeHjQmJA6-0_ZJ6MML6xwwvaAHq3PSLggK3r1vWVDPBvdn95LhSbIVVyipKx11J_L9YsoJ3wJKh0jCwHUd370zqY2ERH2uwGlZ9NWn9Acs36OHN5mWvFuwsNVAwj7QElZo55tUlx6VRGoK02wqVQX4KRmnFgLRokK5Yqy3N0WxHojPNXAy3G_q9ylmF6keAAzIl10y9wRr5M_duAZXT2m1i8c4YPdxUkOp7rRg5CFWYSjT71sieUvDgTZtiZytVQcmLkQATAqnIAooRTUrDQf1OxyUm_uDrU8La3M3QD5w2RsL9LVNv8-xpnm17munMOV56Hnq15vfPZEqL9NUKO1YSS5D0MciTcciM00OCWEprtPsRjN95PjOE8EP6HJlx93lU7koNKxrI_u_7ZqASfW-K4JXGfgPmUVTe7HG5tn4I8hT5P8-bt2IAW7dO7C6YtxYzPPRR2wJ-GGPjKPmVVv_McICOqC9zGdIS5b0UI7_-83k_gDozwB0jIQGQWqWPH1Du95EemAG-EEaAhnsFOnqk7UDT_A5iyUpjy4k8r81KK_SoMGLMcnoWJIoco07X5BcMj1K1czG2pPOgZcMXci9bZ2vInxAKQnYhBx-yh0G6rLOx-CBVPOlZ7elvlfazXhsIZdshiHak10Mr3e4r2C8PbDFf_qL6aWQJhfbMXbZSLGUJetS2MA-7_pI7V_bKQucI19XXe7bjqtOezOIj2bPtJCGWqc7shYlTpehzhvS-HF2bVf8wy8nJ2H1WXQTCZM0e_5mCBQJeJivTrmEzeCLWS48UwbOH71NBT-OlxEsZyePSuSOyoo7WlQ40O-Nyw_CotUZDjJUfHrz7P0rBitUtP07hWOz5xJ_R80oVeXK-LEkpMvqeoO6w9ovOQxDiKOsg2zwsqTCdnQ6zoQDdA3wsnEDgqZrFiIorTOB77Bw9QYbjjdHiEt6z-KsU-xkfgCg2J_W4Bofa7qxQJ_zEgq-Pui3TMn2wLHc6WfYyTWZHFYCY8jrJeJD8m8AV4ovwh0tPLpYldWdgx0PP5AKKbWJpccYmrJIvm9kDwJaKfeX-2FdkvkE8BcjBhwYk8u53igs5nJv-WcVpQBYmxMo9mGrQo9uIJtiwxKDEGawsRQEzLQbF7P_36i8Ew8D94P6YlC97-Ad_XodKyrATt84KtagmbjiVMGyMrzGL6yhln-bvLzxou8ThWdTDktcwaWQH9PA1nxKkd_ov6KgFRtlcs4goL5Jgi3FnOMWYjf6UivHqNzqlk7GKgDnH0yKI9a-I6s3RyZZZsJHU99YY2ZH5PSDeApaxIevpgaBBllczYBaldgCXIlEhhD_KtapONgKncZ5GBBDbm0lf120SXcM_FeVDfJScix3pXY2MIV1a46F-Yjz1FPsKYjxguPtr6t2x75r726TE8JM7loFwKFr8vr4hZe7RahCJYlCAYKopbvqaCltaRNtyBc2-TvnTJrmUbyxxvWVWIgx5JnM8vLu479bXpuglrQ7SFMQ140ApbwaCanypI3U-7ALbsU3f2CakQTUcoiKdGIVpllcoAzozTpX-GvJzcYoT1_XR6-eCJm6A9WKraHHMXKefGF2v5bb6YUPAiCKa14d9SzQf9Q7L_RMqX0rTFMnibZlNH7BqyKbGnodHrp5NOSbeuqNbZctof3Mt1Oqep5eUe9cst-xgzY7guQ18y2U4JwTzGv2tiwyJDmKz8V5YW-89ffGCMtH57gOTt-abuKnnsKEqfYJKvTDr7KFWKUhGZRecImFXuS3ibWYKWqO7THpiYQOhimdSAcKvL6iijFRc7koAA94_uNig1-0MBGcVf9SgBLIstRhbk68vfZwmINvo357UW_dPetCcBV8f8OoOGMkuqIZz7DvDT_DvkWG2MqR1uSpIWdwpvZnnprDPD5cLvfqtt13-Oo87l89AdwbZrhfGVZ8ECzq7SsAoMWI35xxp1Z-Q_xvV6P1s8uZ9B80zXGAGCh8LwKZ__P0rARxA4jYM0D3PrXLdEAT7gM890CsDc2JHMkXSRh9RcNU4HKo2HCz4l9HZ2Odcfn30R3iZy6giXqy1wEwlDBWZT0r8dcDbFmyWV49ke94xlboZAJeNeWdiOC6oI3kYbSCyZLOMADwdK9Y27kBwMWqnyyw9HC-1B4TyKnf48LPmUkrjSEyXz9nSjftXBfvTgEAG9y1vs8YRr_cWvZhyrGDAbgpujhknq2gX7Gyi7196589jea70r9EyRtzCx1JiZgk94tzC917H-unq-cFUlhOJ4GerYEVpGN9oF30ybOvaMlhlYNhWWwXGDvaLu0ufIqACGmaLmy1Sr44y6GNS3fc7DvaWjYAwVp04t5dl-l_ltI-TC0O5Y92ee6WLaOaRGzEI26Gd0HR-xoXZbiTOHV0Q4EmgzAYO4TBSAmIb0I96SMh_vNq7O39SY1qpJBvhp5_jiFEsLCug52mfDbNO6cNpO8WMJLjMRrXL-3C836KbDQ4PqfSHwou8iKxpCNh5k4OCNSYb_ajOKeOc2YM14Mo84PHI2u0QB-abAD_fgcYK7LipUp4CZ5HhA4HWuLKqTyTQqLVp9MbR6E9Qs3kn__X-EHXNicteVY_aa3UUJW-wUETuEUYOVarXHLcYSHeNnxo0artig9KMbsJAJ8O4Z9-QPOcQe_Jk_KRTxtQHbWFOJ0WB-5YRxRkokSvlaWQubq3_mLRa6lOalu494&cid=CAASJeRoLJKqWUc715Wp31qUmCfq6xIjWv_kY_ztqhql_jjFtdrirxU&sdkv=h.0.0.0&osd=2&frm=2&vis=1&sdr=1

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20220418_RC00/outstream.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.133.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wo-in-f156.1e100.net

Software

cafe /

Resource Hash

856c2c9a424ef35c3790a0a0dc982ea444555ba96d592ab27f52bc9a284fc773

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://32c91d654afcf12d09422dfe84c59098.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 20:24:13 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14824
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://32c91d654afcf12d09422dfe84c59098.safeframe.googlesyndication.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 4A06 0
0 64ms
63ms Fetch
text/html 142.251.37.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C9Rg7bANnYriOGZfE7_UP8PKpkAWt27jzaL6-0PeLDpXsivXRDBABIPT5xiVglYKAgJQHoAHe_KCDA8gBBakCoVjXSzz1sT6oAwGqBPQBT9BPplXZ7sqrvSHSpm69Y4BQ1pdz6f4v-fzGbd0XsS4wEzYlr9nfN12iqUsFkn9g_6NcuLxqZFBZLsFm44mkLdQy55fOrVTKO6cWLgR5p43GDpCyGVkBtFzpxjACcHQDzUKSngmMcFN2c04UXBGqL3qxQRSaqmzzFU3pOM0axC3fBfODqN-VHNh9GJ7sAij2T0tFAs1k7lyLPmUzDSB7kZO33C16Hofw2W1tN6gz5CQ-Jy83eSC3T5DVw1ED4V0BnRHvEsnebj70jZgJQ95CqQzJJqBhbketZaSAj8Qz9aVfX-WVVGiTjwDz2i3lwo8gEx22EsAEoNaMoLoD4AQDiAWwl-HPKpIFBggDEAEYAZIFBggbEAEYAZIFBggdEAQYAZIFBggdEAEYAZIFBggeEAEYAZAGAaAGToAHioPffKgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcA8gcLEPGazwEYxKb7rwHSCAkIgOGAEBABGB2ACgPICwGwE-T35g7IE6Dm_wjQEwDYEw2IFGPYFAHQFQGAFwGyFx4KHAgAEhRwdWItNjM5Njg0NDc0MjQ5NzIwOBi-yQc&sigh=iMNDmMgXaBw&uach_m=[UACH]&cid=CAQSPACNIrLMUbmTbyj2mnsCYdqgARM5vKNlqWrMe63Pl_fPvoV3Ci8NFNfWzKCTwHSqIeFCzovviWN96XNvQw&vt=10
Requested by: Host: 32c91d654afcf12d09422dfe84c59098.safeframe.googlesyndication.com
URL: https://32c91d654afcf12d09422dfe84c59098.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.251.37.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: prg03s13-in-f2.1e100.net
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://32c91d654afcf12d09422dfe84c59098.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 46CF 1 KB
749 B 21ms
21ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 32c91d654afcf12d09422dfe84c59098.safeframe.googlesyndication.com
URL: https://32c91d654afcf12d09422dfe84c59098.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://32c91d654afcf12d09422dfe84c59098.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 25081
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: gzip
content-length: 724
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 25 Apr 2022 13:26:12 GMT
etag: 48472445140208031
expires: Tue, 26 Apr 2022 13:26:12 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 4A06 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 94b3ef0b8c59431d81809e785c08a3933804d66ae63c22b9697c8129622ac636

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 dpixel
cms.quantserve.com/ Frame 46CF 35 B
363 B 26ms
24ms Image
image/gif 2620:116:800d:21:36a9:ecb:e518:b308
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEAFVsfkE4Qb_9bfMI6ZrD8I&google_cver=1&google_push=AYg5qPKzcraxnXxOzq6bTD6RmdwBIpexX1xR7AyMHHiUkPQQFQin8zBSgDVnz0S0vJLETWrJUPyAmL4--lD6Eby-rznx3rvQwBsmeg

Requested by

Host: 32c91d654afcf12d09422dfe84c59098.safeframe.googlesyndication.com
URL: https://32c91d654afcf12d09422dfe84c59098.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:36a9:ecb:e518:b308 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 25 Apr 2022 20:24:13 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 46CF
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEBLKkrLQTWj_wjnR6B18dIc&google_cver=1&google_push=AYg5qPINrecWpHr_yIeoXFRAem41yVAwQnlF4z4PcQlp13AkeijUB64pTZoG9_8lMck8IDOSFLZIyKw1prZkBBxyYAF9LxGtwHyvZw
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=C03414BBC46D4D59A9C88C5E49DBC6C7&google_push=AYg5qPINrecWpHr_yIeoXFRAem41yVAwQnlF4z4PcQlp13AkeijUB64pTZoG9_8lMck8IDOSFLZIyKw1prZkBBx...

170 B
329 B

53ms
52ms

Image
image/png

142.250.179.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=C03414BBC46D4D59A9C88C5E49DBC6C7&google_push=AYg5qPINrecWpHr_yIeoXFRAem41yVAwQnlF4z4PcQlp13AkeijUB64pTZoG9_8lMck8IDOSFLZIyKw1prZkBBxyYAF9LxGtwHyvZw

Protocol

Server

142.250.179.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s42-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 25 Apr 2022 20:24:13 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Mon, 25 Apr 2022 20:24:13 GMT
x-content-type-options: nosniff
server: nginx
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=C03414BBC46D4D59A9C88C5E49DBC6C7&google_push=AYg5qPINrecWpHr_yIeoXFRAem41yVAwQnlF4z4PcQlp13AkeijUB64pTZoG9_8lMck8IDOSFLZIyKw1prZkBBxyYAF9LxGtwHyvZw
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 138
expires: Sun, 24 Apr 2022 20:24:13 GMT

GET
H2 204 pixelSync
pixel-sync.sitescout.com/dmp/ Frame 46CF 0
191 B 139ms
37ms Image
text/plain 66.155.71.25
COGECO-PEER1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-sync.sitescout.com/dmp/pixelSync?nid=8&google_gid=CAESEMOfoatioaqHxovJMWsREr8&google_cver=1&google_push=AYg5qPI4fO53ZZES0gvBYkbzpvRhNpu24JiiAz5hz8iJcbv-oe5j_05ggFOeD7S6EHi5qePKemBjWtXo5XB3sDF688sGdjJUHB6L_Q
Requested by: Host: 32c91d654afcf12d09422dfe84c59098.safeframe.googlesyndication.com
URL: https://32c91d654afcf12d09422dfe84c59098.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 66.155.71.25 Portsmouth, United Kingdom, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software: AC1.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 25 Apr 2022 20:24:12 GMT
cache-control: max-age=0,no-cache,no-store
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 46CF
Redirect Chain

https://ads.travelaudience.com/google_pixel?google_gid=CAESEAqcwAqljwat6kyMs7SvuDM&google_cver=1&google_push=AYg5qPIApZBW9-QOuZZxhbDbQiO9H43I1IHCxdfai7aRQb0QbIMagXbMdWh20kavMhpG6CUr0MA8l15n11FXGK4Z...
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=OkuWLAh3SiW84Rq3qfrwIw2&google_push=AYg5qPIApZBW9-QOuZZxhbDbQiO9H43I1IHCxdfai7aRQb0QbIMagXbMdWh20kavMhpG6CUr0MA8l15n11FXGK4Z86Qwu86s2LF9

170 B
232 B

53ms
53ms

Image
image/png

142.250.179.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=OkuWLAh3SiW84Rq3qfrwIw2&google_push=AYg5qPIApZBW9-QOuZZxhbDbQiO9H43I1IHCxdfai7aRQb0QbIMagXbMdWh20kavMhpG6CUr0MA8l15n11FXGK4Z86Qwu86s2LF9

Protocol

Server

142.250.179.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s42-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 25 Apr 2022 20:24:13 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Mon, 25 Apr 2022 20:24:13 GMT
via: 1.1 google
x-engine-version: 0.0.0
server: nginx/1.15.12
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
location: https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=OkuWLAh3SiW84Rq3qfrwIw2&google_push=AYg5qPIApZBW9-QOuZZxhbDbQiO9H43I1IHCxdfai7aRQb0QbIMagXbMdWh20kavMhpG6CUr0MA8l15n11FXGK4Z86Qwu86s2LF9
x-host: tde-deliveryengine-production-6ff4b889bb-tpw5q
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 46CF
Redirect Chain

https://c.eu1.dyntrk.com/adx/ga/us.php?dynk=ga2ex&google_gid=CAESEO8cv8NpXpK3uqU0goxNxZg&google_cver=1&google_push=AYg5qPJt4aAswXvi8qYw5RCnPloi40Z7a_bPCZ5xFapshf5I5fNoX9gTLzCzKABPFJEI-VYXhHcJnUgJgu...
https://c.eu1.dyntrk.com/adx/ga/us.php?dynk=ga2ex&google_gid=CAESEO8cv8NpXpK3uqU0goxNxZg&google_cver=1&google_push=AYg5qPJt4aAswXvi8qYw5RCnPloi40Z7a_bPCZ5xFapshf5I5fNoX9gTLzCzKABPFJEI-VYXhHcJnUgJgu...
https://cm.g.doubleclick.net/pixel?google_nid=dynadmic&google_push=AYg5qPJt4aAswXvi8qYw5RCnPloi40Z7a_bPCZ5xFapshf5I5fNoX9gTLzCzKABPFJEI-VYXhHcJnUgJguWy8G06ZelNOW6Wrv2Ydw&google_hm=

170 B
188 B

98ms
36ms

Image
image/png

142.250.179.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=dynadmic&google_push=AYg5qPJt4aAswXvi8qYw5RCnPloi40Z7a_bPCZ5xFapshf5I5fNoX9gTLzCzKABPFJEI-VYXhHcJnUgJguWy8G06ZelNOW6Wrv2Ydw&google_hm=

Protocol

Server

142.250.179.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s42-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 25 Apr 2022 20:24:13 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Mon, 25 Apr 2022 20:24:13 GMT
server: nginx
access-control-allow-origin: *
transfer-encoding: chunked
access-control-allow-methods: POST, GET, OPTIONS
p3p: CP="NOI DEV OUR BUS UNI"
location: https://cm.g.doubleclick.net/pixel?google_nid=dynadmic&google_push=AYg5qPJt4aAswXvi8qYw5RCnPloi40Z7a_bPCZ5xFapshf5I5fNoX9gTLzCzKABPFJEI-VYXhHcJnUgJguWy8G06ZelNOW6Wrv2Ydw&google_hm=
cache-control: no-cache
content-type: text/html; charset=UTF-8
access-control-allow-headers: Origin
keep-alive: timeout=10

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 46CF
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEHk58u3wydFelBgHqZWp7Ws&google_cver=1&google_push=AYg5qPLPDfyaYJscSeDxVU6rfsNlBH8esX-XSxzHA9iTFcGXlKcFdfa6Z92hKz9K_Rf_BKfrJD2xYPKBMtxVfvDGEDFIm7K...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AYg5qPLPDfyaYJscSeDxVU6rfsNlBH8esX-XSxzHA9iTFcGXlKcFdfa6Z92hKz9K_Rf_BKfrJD2xYPKBMtxVfvDGEDFIm7KPjOlEEw&google_hm=ODIyODkwNDIyOTg4MDgx...

170 B
188 B

53ms
53ms

Image
image/png

142.250.179.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AYg5qPLPDfyaYJscSeDxVU6rfsNlBH8esX-XSxzHA9iTFcGXlKcFdfa6Z92hKz9K_Rf_BKfrJD2xYPKBMtxVfvDGEDFIm7KPjOlEEw&google_hm=ODIyODkwNDIyOTg4MDgxNTg4Mw%3D%3D

Protocol

Server

142.250.179.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s42-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 25 Apr 2022 20:24:13 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Mon, 25 Apr 2022 20:24:13 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AYg5qPLPDfyaYJscSeDxVU6rfsNlBH8esX-XSxzHA9iTFcGXlKcFdfa6Z92hKz9K_Rf_BKfrJD2xYPKBMtxVfvDGEDFIm7KPjOlEEw&google_hm=ODIyODkwNDIyOTg4MDgxNTg4Mw%3D%3D
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff

GET
H2 204 exptsync
ads.yieldmo.com/ Frame 46CF 0
35 B 245ms
46ms Image
text/plain 34.243.30.211

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.yieldmo.com/exptsync?google_gid=CAESEHIFMWKeDPMhtwjN-oPAKJ4&google_cver=1&google_push=AYg5qPIz-RzoiRagL1LoetGeIEV4TWmAal1cN7EWDwlcn-5ALuCNs3WYLBV97sC1ITzjMam8j3hmaPTw5X0GQIv2quHwUZ7YzvbQeQ
Requested by: Host: 32c91d654afcf12d09422dfe84c59098.safeframe.googlesyndication.com
URL: https://32c91d654afcf12d09422dfe84c59098.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.243.30.211 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 20:24:13 GMT

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 46CF 0
232 B 115ms
34ms Image
text/html 142.250.179.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Jv-O8DbezfriTHq4NnJrnF_keUYFo_-F6f3lLOQuDHxmpgWeBKCUpZmRbl5tiNYZYLyvOU

Requested by

Host: 32c91d654afcf12d09422dfe84c59098.safeframe.googlesyndication.com
URL: https://32c91d654afcf12d09422dfe84c59098.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.179.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s42-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 20:24:13 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H/1.1 200
OK 56197230 Show response
unified.adsafeprotected.com/v2/781835/ Frame 4A06 17 KB
4 KB 258ms
81ms XHR
text/xml 52.208.76.16

General

Check archive.org

Show headers Download Go to

Full URL: https://unified.adsafeprotected.com/v2/781835/56197230?mon=56197231&omidPartner=[OMIDPARTNER]&apiframeworks=[APIFRAMEWORKS]&bundleId=[BUNDLEID]&originalVast=https://ad.doubleclick.net/ddm/pfadx/N7442.1972103DOUBLECLICKBIDMANAG/B26114365.308820107%3Bsz%3D0x0%3BAUCTIONID%3DABAjH0grluwmpyt36lv_jAaCVjx4%3BEXCHANGEID%3D1%3BSELLERID%3D1369154537705%3Bord%3D%5Btimestamp%5D%3Bdc_lat%3D%3Bdc_rdid%3D%3Btag_for_child_directed_treatment%3D%3Btfua%3D%3Bdcmt%3Dtext/xml%3Bdc_sdkv%3Dh.0.0.0%3Bdc_osd%3D2%3Bdc_frm%3D2%3Bdc_sdr%3D1%3Bdc_ref%3Dhttps://reconshell.com/cve-2022-29072-windows-privilege-escalation/%3Bdc_ves%3DdGltZXN0YW1wOiAxNjUwOTE4MjUzMjAwCg%3Bdc_cid%3D167538474%3Bdc_adid%3D501739062%3Bdc_vpaid%3D0%3B
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20220418_RC00/outstream.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.208.76.16 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 028023a5d302d71122cbeeb570365bb62dedbf175009871c9c17583c1150d53e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://32c91d654afcf12d09422dfe84c59098.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date: Mon, 25 Apr 2022 20:24:13 GMT
Content-Encoding: gzip
Vary: Origin
Content-Type: text/xml; charset=UTF-8
Access-Control-Allow-Origin: https://32c91d654afcf12d09422dfe84c59098.safeframe.googlesyndication.com
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 4098

GET
H3 200 HdsydzJK.js
tpc.googlesyndication.com/sodar/ Frame 4A06 41 KB
15 KB 23ms
23ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/HdsydzJK.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20220418_RC00/outstream.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://32c91d654afcf12d09422dfe84c59098.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Wed, 20 Apr 2022 08:37:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 474412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15407
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 20 Apr 2023 08:37:21 GMT

HEAD
H/1.1

200
OK

file.mp4
r5---sn-4g5ednde.c.2mdn.net/videoplayback/id/e1b0403f88f635aa/itag/343/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3790482112/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,m... Frame 4A06
Redirect Chain

https://gcdn.2mdn.net/videoplayback/id/e1b0403f88f635aa/itag/343/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3790482112/sparams/id,itag,source,ctier,acao,ip,ipbits,expire/sig...
https://r5---sn-4g5ednde.c.2mdn.net/videoplayback/id/e1b0403f88f635aa/itag/343/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3790482112/sparams/acao,ctier,expire,id,ip,ipbits,i...

0
0

125ms
21ms

Fetch
video/mp4

2a00:1450:4001:17::a

General

Check archive.org

Show headers Download Go to

Full URL

https://r5---sn-4g5ednde.c.2mdn.net/videoplayback/id/e1b0403f88f635aa/itag/343/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3790482112/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/33DB896396FEC70F48989B355429D1414AA862F7.53761EC526632302BB6FEAB37E40B3D3649ED256/key/cms1/cms_redirect/yes/mh/Ij/mip/2001:1b60:1010:3:1012:caad:6eed:1f9/mm/42/mn/sn-4g5ednde/ms/onc/mt/1650917933/mv/u/mvi/5/pl/29/file/file.mp4

Protocol

HTTP/1.1

Server

2a00:1450:4001:17::a -, , ASN (),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://32c91d654afcf12d09422dfe84c59098.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date: Mon, 25 Apr 2022 20:24:14 GMT
X-Content-Type-Options: nosniff
Connection: close
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-Length: 2214392
Last-Modified: Mon, 28 Feb 2022 07:41:50 GMT
Server: gvs 1.0
Vary: Origin
Content-Type: video/mp4
Access-Control-Allow-Origin: null
Access-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
Cache-Control: private, max-age=86400
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Timing-Allow-Origin: null
Expires: Mon, 25 Apr 2022 20:24:14 GMT

Redirect headers

date: Mon, 25 Apr 2022 20:24:13 GMT
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 667
x-xss-protection: 0
pragma: no-cache
server: ClientMapServer
location: https://r5---sn-4g5ednde.c.2mdn.net/videoplayback/id/e1b0403f88f635aa/itag/343/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3790482112/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/33DB896396FEC70F48989B355429D1414AA862F7.53761EC526632302BB6FEAB37E40B3D3649ED256/key/cms1/cms_redirect/yes/mh/Ij/mip/2001:1b60:1010:3:1012:caad:6eed:1f9/mm/42/mn/sn-4g5ednde/ms/onc/mt/1650917933/mv/u/mvi/5/pl/29/file/file.mp4
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://32c91d654afcf12d09422dfe84c59098.safeframe.googlesyndication.com
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: https://32c91d654afcf12d09422dfe84c59098.safeframe.googlesyndication.com
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 csi
csi.gstatic.com/ Frame 4A06 0
17 B 159ms
58ms Ping
image/gif 2a00:1450:400f:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=2~l2f63orn&c=6439675079120&slotId=3219837539560&qqid=CLj089-FsPcCFRfiuwgdcHkKUg&fb=outstream-lima&gpm_i=9&gpm_c=9&gpm_a=9&smb=1000&br=907&mt=video%2Fmp4&vs=640x360&ulv=1&cll=0&vmfc=13&vhc=0&msm=1&aits=18%2C22%2C37%2C59%2C342%2C343%2C344%2C345%2C346%2C347%2C692%2C0&webm=0&vp9=0&vamt=video%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4&hvmf=false&vms=1&bit=343&vsrc=doubleclick_dmm&ape=1&met.4=videopreviewvisible.w7
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20220418_RC00/outstream.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400f:801::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://32c91d654afcf12d09422dfe84c59098.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 25 Apr 2022 20:24:13 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 integrator.js
adservice.google.de/adsid/ 107 B
122 B 31ms
30ms Script
application/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=reconshell.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022042101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 25 Apr 2022 20:24:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js
adservice.google.com/adsid/ 107 B
122 B 30ms
29ms Script
application/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=reconshell.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022042101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 25 Apr 2022 20:24:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET ads
securepubads.g.doubleclick.net/gampad/ 0
0

GET
H3 200 H0ZEmIz7.html
tpc.googlesyndication.com/sodar/ Frame 7522 23 KB
9 KB 23ms
22ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/HdsydzJK.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://32c91d654afcf12d09422dfe84c59098.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 474402
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8727
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 20 Apr 2022 08:37:31 GMT
expires: Thu, 20 Apr 2023 08:37:31 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 LE6A1jkwhzHIveaC2PWdXlafu4EKGxRoxiYl273qJjE.js
pagead2.googlesyndication.com/bg/ Frame 7522 35 KB
13 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/LE6A1jkwhzHIveaC2PWdXlafu4EKGxRoxiYl273qJjE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Wed, 20 Apr 2022 20:02:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 433303
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13647
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 11:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 20 Apr 2023 20:02:30 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7522 0
20 B 59ms
58ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=34&t=2&li=v_h.0.0.0&bgai=Bi5rTbQNnYozPC5K4bfeTorgIAAAAADgB4AQC&bg=!KyilKGzNAAYXWUUuN1k7ACkAdvg8Wh4uqdqnQQA7Np-ewR6C-r4JrWoIRvEAtNzu37GgebQFLzRODAIAAABJUgAAAAJoAQeZAvP9u7RtC8p5fXaQ5ls4Iid88kdSY__ICzGKsuqvKcoAIDmArLlXHC66CmGbNrhgzDoyLw2mw08v9DY27bye-0ShPb7475QfQ3e38m5Lgx0UYlqk2rKF8Kz0hrZ2-hr4KYrHYUtmumhjFAjcp7sWyQqisXRwpKo1q34jeTTlxZHrJBXH-z4GkdW2Vr91U-HbNazikd4qQL0qOVkmeSR4pv8Txz90c2KSVpQyuzbCvbjDe_dG_ZJx6-zX6kSfVApI3iTFdfW7aomFFN9-brAa8GhAUhxToO6jd5IzLpwzyNZYg3YPFqyCH_ekBld4UvDGB3Pk0lLl3Gs07y4VigXbXzCDF5bq1jSkh7eTTpLkFhCjL0LmOejUtnOaMPnPrGHNds9Bc4c_JtDKcBL-k71m9rEHIA0nKVsv2PpK9dAEdqFNbmfej-NroI8KfxZklaNbdJCoKK7OT8y_ce-p7x9N6Tw5i06RnBrveW_aSVkpHX2fA7HZ4l6N3kn3KkdsY6Zvs7qvD4IFHlTwOLFlvjO_uT8usk69rbRgYO08JK0jzkRMFHcgy4ONznN5b0E7i8vPb9yOPHvm-mvVnJkmun6j6FZCocQSGpnG51G49zWAwIvkMt-Qu_Vv-NoK3_IP2KLjjmWl592GrMRQcNNCqd2VlFTJ-k0FSYG6ZPvvK9slQcgaXJLDq1jYgU7_J2Bm222mnlkDLVMIu1_kqMqLLZT3XMrfpEX-ifrvFx5P9jxvd5KAkU4VSRAa_wUJSeZaslUG4BHYgEEBjiZlT7K_btpMAZw_-K_ejdepnH4qoBZpEP_EX8Dqu2dQOdySnat4N2XzVx8HveLnBaS6RWwlueSdcY_Mv71pIfZS9OBGz_JOKGCy9asmpVquDySm8RNAVHxP__u8TAZlSweSBZ-xFZPloXbRh370ED1tc1p150MnniwjUslazAJK5RqLL0jQBEGYcCmRX3biufKkgj0k7dqiDyKrxWja8GN1Huq2wthIWqhk313Y6g

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 25 Apr 2022 20:24:14 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 206 file.mp4
r5---sn-4g5ednde.c.2mdn.net/videoplayback/id/e1b0403f88f635aa/itag/343/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3790482112/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,m... Frame 4A06 1 MB
0 46ms
22ms Media
video/mp4 2a00:1450:4001:17::a

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:17::a -, , ASN (),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://32c91d654afcf12d09422dfe84c59098.safeframe.googlesyndication.com/
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Range: bytes=0-

Response headers

date: Mon, 25 Apr 2022 20:24:14 GMT
x-content-type-options: nosniff
Content-Range: bytes 0-2214391/2214392
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-Length: 2214392
expires: Mon, 25 Apr 2022 20:24:14 GMT
last-modified: Mon, 28 Feb 2022 07:41:50 GMT
server: gvs 1.0
vary: Origin
content-type: video/mp4
access-control-allow-origin: https://32c91d654afcf12d09422dfe84c59098.safeframe.googlesyndication.com
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: private, max-age=86400
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: https://32c91d654afcf12d09422dfe84c59098.safeframe.googlesyndication.com
client-protocol: quic

POST
H3 204 csi
csi.gstatic.com/ Frame 4A06 0
17 B 58ms
58ms Ping
image/gif 2a00:1450:400f:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=3~l2f63p2y&c=6439675079120&slotId=3219837539560&qqid=CLj089-FsPcCFRfiuwgdcHkKUg&fb=outstream-lima&gpm_i=9&gpm_c=9&gpm_a=9&smb=1000&br=907&mt=video%2Fmp4&vs=640x360&ple=1&umsem=0&event_name=unmeasurable_asset&resource_name=https%253A%252F%252Funified.adsafeprotected.com%252Fv2%252F781835%252F56197230%253Fmon%253D56197231%2526omidPartner%253D%255BOMIDPARTNER%255D%2526apiframeworks%253D%255BAPIFRAMEWORKS%255D%2526bundleId%253D%255BBUNDLEID%255D%2526originalVast%253Dhttps%253A%252F%252Fad.doubleclick.net%252Fddm%252Fpfadx%252FN7442.1972103DOUBLECLICKBIDMANAG%252FB26114365.308820107%25253Bsz%25253D0x0%25253BAUCTIONID%25253DABAjH0grluwmpyt36lv_jAaCVjx4%25253BEXCHANGEID%25253D1%25253BSELLERID%25253D1369154537705%25253Bord%25253D%25255Btimestamp%25255D%25253Bdc_lat%25253D%25253Bdc_rdid%25253D%25253Btag_for_child_directed_treatment%25253D%25253Btfua%25253D%25253Bdcmt%25253Dtext%252Fxml%25253Bdc_sdkv%25253Dh.0.0.0%25253Bdc_osd%25253D2%25253Bdc_frm%25253D2%25253Bdc_sdr%25253D1%25253Bdc_ref%25253Dhttps%253A%252F%252Freconshell.com%252Fcve-2022-29072-windows-privilege-escalation%252F%25253Bdc_ves%25253DdGltZXN0YW1wOiAxNjUwOTE4MjUzMjAwCg%25253Bdc_cid%25253D167538474%25253Bdc_adid%25253D501739062%25253Bdc_vpaid%25253D0%25253B&encoded_body_size=0&transfer_size=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20220418_RC00/outstream.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400f:801::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://32c91d654afcf12d09422dfe84c59098.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 25 Apr 2022 20:24:14 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 csi
csi.gstatic.com/ Frame 4A06 0
17 B 59ms
59ms Ping
image/gif 2a00:1450:400f:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=4~l2f63pi6&c=6439675079120&slotId=3219837539560&qqid=CLj089-FsPcCFRfiuwgdcHkKUg&fb=outstream-lima&gpm_i=9&gpm_c=9&gpm_a=9&smb=1000&br=907&mt=video%2Fmp4&vs=640x360&event_name=unmeasurable_asset&resource_name=https%253A%252F%252Fgcdn.2mdn.net%252Fvideoplayback%252Fid%252Fe1b0403f88f635aa%252Fitag%252F343%252Fsource%252Fdoubleclick_dmm%252Fctier%252FL%252Facao%252Fyes%252Fip%252F0.0.0.0%252Fipbits%252F0%252Fexpire%252F3790482112%252Fsparams%252Fid%252Citag%252Csource%252Cctier%252Cacao%252Cip%252Cipbits%252Cexpire%252Fsignature%252F2BE613DE2FC4A5AA3ECFB2A3CDA00789292219FD.387BFC21D2CF0600F527BFA7594BDBD1BCB105E6%252Fkey%252Fck2%252Ffile%252Ffile.mp4&encoded_body_size=0&transfer_size=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20220418_RC00/outstream.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400f:801::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://32c91d654afcf12d09422dfe84c59098.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 25 Apr 2022 20:24:14 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET dc_oe=ChMIzLmj4IWw9wIVElwbCh33iQiHEAAYACCq3vFPQhMIuPTz34Ww9wIVF-K7CB1weQpS;met=1;acvw=sv%3D925%26v%3D20220418%26cb%3Dout%26e%3D0%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D0,0,0,0%26tos%3D0,0,0,0,0%26mtos%...
ade.googlesyndication.com/ddm/activity/ Frame 4A06 0
0

GET
H2 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame 4A06 42 B
108 B 87ms
36ms Image
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=C4fbgbANnYriOGZfE7_UP8PKpkAWt27jzaL6-0PeLDpXsivXRDBABIPT5xiVglYKAgJQHoAHe_KCDA8gBBakCoVjXSzz1sT6oAwHIA5sEqgT3AU_QT6ZV2e7Kq70h0qZuvWOAUNaXc-n-L_n8xm3dF7EuMBM2Ja_Z3zddoqlLBZJ_YP-jXLi8amRQWS7BZuOJpC3UMueXzq1UyjunFi4EeaeNxg6QshlZAbRc6cYwAnB0A81Ckp4JjHBTdnNOFFwRqi96sUEUmqps8xVN6TjNGsQt3wXzg6jflRzYfRie7AIo9k9LRQLNZO5ciz5lMw0ge5GTt9wteh6H8NltbTeoM-QkPicvN3kgt0-Q1ZtQgRzOi9ODEpAsjszb5hxHLd8BLROR9ZwVL3FNKWyNmHljtskf4JXzu0zVFUgkbye08-6X36Tg5rDCC-rABKDWjKC6A-AEA5AGAaAGToAHioPffKgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIICQiA4YAQEAEYHYAKA5gLAcgLAYAMAbAT5PfmDtATANgTDYgUY9gUAdAVAfgWAYAXAQ&sigh=coYvSQ0Yw-w&label=part2viewed&ad_mt=4&acvw=sv%3D925%26v%3D20220418%26cb%3Dout%26e%3D0%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D0,0,0,0%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D0%26pst%3D-1%26dur%3D16042%26vmtime%3D4%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D18%26i0%3D18%26ic%3D0%26cs%3D18%26c%3D0%26mc%3D0%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D-1%26ces%26avms%3Dnio%26qi%3D490227087%26psm%3D1%26psv%3D0%26psfv%3D0%26psa%3D0%26pngs%3D9,14,15s%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1%26ssb%3D0,0,0,0,0,0,0,0,0,0,0&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0%26t%3D1650918254116

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://32c91d654afcf12d09422dfe84c59098.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 25 Apr 2022 20:24:14 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dot.gif
s0.2mdn.net/ Frame 4A06 43 B
583 B 87ms
21ms Image
image/gif 2a00:1450:4001:82f::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dot.gif

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://32c91d654afcf12d09422dfe84c59098.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 16:38:00 GMT
x-content-type-options: nosniff
age: 13574
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43
x-xss-protection: 0
last-modified: Sun, 01 Feb 2009 08:00:00 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 26 Apr 2022 16:38:00 GMT

GET
H/1.1 200
OK pixel.png
unified.adsafeprotected.com/ Frame 4A06 35 B
174 B 47ms
45ms Image
image/gif 52.208.76.16

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://unified.adsafeprotected.com/pixel.png?eyJ0eXBlIjoiU0VDT05EQVJZX0lNUFJFU1NJT04iLCJwdWJsaXNoZXJVdWlkIjoiYTVkYjAyYjAtMmI3OC00OWEzLTg0ZmYtMDA1NTlkNjk3Y2I5Iiwic2l0ZVV1aWQiOiJhZmRkZWY1ZC1jMjA0LTQwYTktYjRmYi05NjVhMTQ1ZDA2OTYiLCJiaWRSZXF1ZXN0Ijp7InNpdGUiOnsicGFnZSI6Imh0dHBzOi8vMzJjOTFkNjU0YWZjZjEyZDA5NDIyZGZlODRjNTkwOTguc2FmZWZyYW1lLmdvb2dsZXN5bmRpY2F0aW9uLmNvbS8ifX0sImN1c3RvbSI6eyJjdXN0b20xIjoiIiwiY3VzdG9tMiI6IjIuMCIsImN1c3RvbTMiOiIyLjAiLCJjdXN0b203IjoiNzgxODM1IiwiY3VzdG9tOCI6IjU2MTk3MjMwIiwieHNpZCI6IjBkZGNkNDExLWU0ODctNDhhYS1iZDYyLTAxMTk3NGVmMjVlNSJ9LCJoZWFkZXJzIjp7ImhlYWRlcjExIjoiRENNIiwiaGVhZGVyMTIiOiJhZC5kb3VibGVjbGljay5uZXQiLCJoZWFkZXIzIjoiW09NSURQQVJUTkVSXSIsImhlYWRlcjQiOiJbQVBJRlJBTUVXT1JLU10iLCJoZWFkZXI1IjoiW0JVTkRMRUlEXSIsImhlYWRlcjgiOiJpYXNvIiwiaGVhZGVyOSI6IiJ9LCJjYiI6IjE2NTA5MTgyNTM0NjY0NjM3MDAiLCJhZER1cmF0aW9uIjotMSwiaWFzU2luZ2xldGFnIjp0cnVlLCJpYXNTaW5nbGV0YWdPdXRjb21lIjoiT1VUQ09NRV9BIn0=&advEntityId=781835&pubEntityId=56197230&key1=ROKU_ADS_APP_ID&key2=$APP_STOREURL
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.208.76.16 -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://32c91d654afcf12d09422dfe84c59098.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date: Mon, 25 Apr 2022 20:24:14 GMT
Connection: keep-alive
Content-Length: 35
Vary: Origin
Content-Type: image/gif

GET skeleton.gif
pixel.adsafeprotected.com/rfw/st/781835/56197231/ Frame 4A06 0
0

GET view
googleads4.g.doubleclick.net/pcs/ Frame 4A06 0
0

GET img;adv=11002245653149;ec=11002245685555;adv.a=5809340;c.a=26114365;s.a=4497788;p.a=308820107;a.a=501739062;cache=1413993057;
ad.atdmt.com/i/ Frame 4A06 0
0

GET
H2 200 i
cdn.bizibly.com/ Frame 4A06 43 B
345 B 93ms
23ms Image
image/gif 152.195.15.58

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.bizibly.com/i?v=5809340&a=501739062&c=167538474&s=4497788&p=308820107&m=0&n=1413993057
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.195.15.58 -, , ASN (),
Reverse DNS
Software: ECS (frb/674C) /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://32c91d654afcf12d09422dfe84c59098.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 25 Apr 2022 20:24:14 GMT
last-modified: Thu, 21 Apr 2022 23:59:15 GMT
server: ECS (frb/674C)
age: 332699
x-cache: HIT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
cache-control: no-cache, no-store
accept-ranges: bytes
content-type: Image/GIF
content-length: 43
expires: -1

GET

sync
ups.analytics.yahoo.com/ups/58269/ Frame 4A06
Redirect Chain

https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOrkQEQupmXARjEpvuvASABMAE&v=APEucNWlcc4tmDtgANRc4ZPPO-WnfBvFmJ8J4CmtRm0aeFZFsxzOeRiATKdcp_phukS1SNi2WTfphDrumoT8fr5w2-nrVHqz7Q
https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true

0
0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4A06 0
20 B 55ms
53ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=video_impression_ping

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://32c91d654afcf12d09422dfe84c59098.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 25 Apr 2022 20:24:14 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET dc_oe=ChMIzLmj4IWw9wIVElwbCh33iQiHEAAYACCq3vFPQhMIuPTz34Ww9wIVF-K7CB1weQpS;met=1;acvw=sv%3D925%26v%3D20220418%26cb%3Dout%26e%3D15%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D0,0,0,0%26tos%3D0,0,0,0,0%26mtos...
ade.googlesyndication.com/ddm/activity/ Frame 4A06 0
0

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 4A06 42 B
64 B 58ms
57ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstPCIiBRLBL8_AHy_3wWS39xMxRjamOVU2beudwTcT34xtoQin9JSJ9YotuITGb_vKp41CLVSxYX0SuQEf9Tav-C8vb6lDqps_bmECkl3oBXNo_mzpqfQ&sai=AMfl-YSe-C9II6kJiGsTVGhHM2jMtb0OzTTfD5btc4l5goEhZ31VAWoeUD6zivwfFmi6iO-OCODMhfvx-UvgpHaJ6-XxVnb23iz7OQmCXdjJlaZ21Fo_lBReuB6K9MTh&sig=Cg0ArKJSzCpSi6IzC31FEAE&cid=CAASJeRoLJKqWUc715Wp31qUmCfq6xIjWv_kY_ztqhql_jjFtdrirxU&id=lidarv&acvw=sv%3D925%26v%3D20220418%26cb%3Dout%26e%3D15%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D0,0,0,0%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D0%26pst%3D-1%26dur%3D16042%26vmtime%3D4%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D18%26ic%3D18%26cs%3D18%26c%3D0%26mc%3D0%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D-1%26ces%26avms%3Dnio%26qi%3D490227087%26psm%3D1%26psv%3D0%26psfv%3D0%26psa%3D0%26pngs%3D9,14,15%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1%26ssb%3D0,0,0,0,0,0,0,0,0,0,0&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0%26t%3D1650918254116&avm=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://32c91d654afcf12d09422dfe84c59098.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 25 Apr 2022 20:24:14 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame 4A06 42 B
176 B 38ms
34ms Image
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=C4fbgbANnYriOGZfE7_UP8PKpkAWt27jzaL6-0PeLDpXsivXRDBABIPT5xiVglYKAgJQHoAHe_KCDA8gBBakCoVjXSzz1sT6oAwHIA5sEqgT3AU_QT6ZV2e7Kq70h0qZuvWOAUNaXc-n-L_n8xm3dF7EuMBM2Ja_Z3zddoqlLBZJ_YP-jXLi8amRQWS7BZuOJpC3UMueXzq1UyjunFi4EeaeNxg6QshlZAbRc6cYwAnB0A81Ckp4JjHBTdnNOFFwRqi96sUEUmqps8xVN6TjNGsQt3wXzg6jflRzYfRie7AIo9k9LRQLNZO5ciz5lMw0ge5GTt9wteh6H8NltbTeoM-QkPicvN3kgt0-Q1ZtQgRzOi9ODEpAsjszb5hxHLd8BLROR9ZwVL3FNKWyNmHljtskf4JXzu0zVFUgkbye08-6X36Tg5rDCC-rABKDWjKC6A-AEA5AGAaAGToAHioPffKgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIICQiA4YAQEAEYHYAKA5gLAcgLAYAMAbAT5PfmDtATANgTDYgUY9gUAdAVAfgWAYAXAQ&sigh=coYvSQ0Yw-w&label=vast_creativeview&ad_mt=4&acvw=sv%3D925%26v%3D20220418%26cb%3Dout%26e%3D19%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D0,0,0,0%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26at%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D0%26pst%3D-1%26dur%3D16042%26vmtime%3D4%26is%3D18%26i0%3D18%26cs%3D18%26c%3D0%26mc%3D0%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D-1%26ces%26avms%3Dnio%26qi%3D490227087%26psm%3D1%26psv%3D0%26psfv%3D0%26psa%3D0%26pngs%3D9,14,15s%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1%26ssb%3D0,0,0,0,0,0,0,0,0,0,0&gv=atos%3D0,0,0,0,0%26avt%3D0%26ss%3D0%26t%3D1650918254116

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://32c91d654afcf12d09422dfe84c59098.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 25 Apr 2022 20:24:14 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 csi
csi.gstatic.com/ Frame 4A06 0
17 B 59ms
58ms Ping
image/gif 2a00:1450:400f:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=5~l2f63pi6&c=6439675079120&slotId=3219837539560&qqid=CLj089-FsPcCFRfiuwgdcHkKUg&fb=outstream-lima&gpm_i=9&gpm_c=9&gpm_a=9&smb=1000&br=907&mt=video%2Fmp4&vs=640x360&dm=16000&event_name=first_play&asset_bytes=214618&video_bytes=0&cached_data_bytes=0&js_cached=false&css_cached=false&num_assets=13&num_assets_cached=0&num_assets_cache_validated=0&num_assets_unmeasurable=2&video_played_seconds=0.00&video_muted=true&video_seconds_loaded=0.00&met.4=ff.1dm~videopreviewstarted.1do
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20220418_RC00/outstream.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400f:801::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://32c91d654afcf12d09422dfe84c59098.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 25 Apr 2022 20:24:14 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 army.gif
reconshell.com/porpoiseant/ 0
18 B 24ms
23ms XHR
text/plain 18.158.98.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reconshell.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjA4ODcwMjQ2NzI1MjI4MiIsImRvbWFpbl9pZCI6IjMwMjQ4NiIsInVuaXQiOiJkaXYtZ3B0LWFkLXJlY29uc2hlbGxfY29tLWJveC0yLTAiLCJ0X2Vwb2NoIjoxNjUwOTE4MjQ1LCJyZXZlbnVlIjowLCJlc3RfcmV2ZW51ZSI6MCwiYWRfcG9zaXRpb24iOjExMzcsImFkX3NpemUiOiIiLCJiaWRfZmxvb3JfZmlsbGVkIjowLCJiaWRfZmxvb3JfcHJldiI6MCwic3RhdF9zb3VyY2VfaWQiOjAsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiI2MWQwNzk3Zi1jYzEwLTRiY2MtNjFlMS1hZTZmMTFlZWQ3MWIiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NTkxLCJkYXRhIjpbeyJuYW1lIjoidmlld2VkIiwidmFsIjoiMSJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
Requested by: Host: reconshell.com
URL: https://reconshell.com/detroitchicago/cmbv2.js?gcb=195-0&cb=04-1y02-5y06-12y07-1y0b-5y0d-14y13-3y17-4y1f-5y21-3y2d-2y36-23y55-1y59-21&cmbcb=48&sj=x04x02x06x07x0bx0dx13x17x1fx21x2dx36x55x59
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-middleton-display: ezp_sol
date: Mon, 25 Apr 2022 20:24:12 GMT
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
expires: Sun, 24 Apr 2022 20:24:12 GMT
content-length: 0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1866888642384033&correlator=818304189749550&eid=31067190%2C31064226%2C44714449&output=ldjh&gdfp_req=1&vrg=2022042101&ptt=17&impl=fifs&iu_parts=1254144%3A22642776669%2Creconshell_com-medrectangle-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ifi=5&adks=2403869125&sfv=1-0-38&ecs=20220425&ris=2&rcs=2&fsapi=false&prev_scp=a%3D%257C1%257C%26iid1%3D792369869285689%26eid%3D792369869285689%26t%3D134%26d%3D302486%26t1%3D134%26pvc%3D0%26ap%3D1100%26sap%3D1100%26as%3Drevenue%26plat%3D1%26bra%3Dmod40-c%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D0%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D5%26al%3D1005%26compid%3D0%26tap%3Dreconshell_com-medrectangle-2-792369869285689%26eb_br%3D8de2c8ca79e8623e3cb37120a35ebaa2%26eba%3D1%26ebss%3D10061%26bv%3D15%26bvm%3D0%26bvr%3D5%26shp%3D1%26ftsn%3D3%26br1%3D240%26br2%3D350%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D77%2C14%2C0%2C192%2C0%2C193%2C192%2C20%2C71%2C201%2C192%2C31%2C902%2C903%2C901%2C902%2C903%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%2C29%2C760%2C761%2C815%2C816%2C817%2C818%2C899%2C919%2C1794%2C2339%2C2310%2C2765%2C20%2C2310%2C2526%2C2527%2C2763%2C2764%2C2765%26lb%3D400%26reqt%3D1650918252872&eri=1&sc=1&cookie=ID%3D83032e3e89826c3e%3AT%3D1650918248%3AS%3DALNI_MagmdebGhJdNS6Z3h7V4cnyDbmGkA&abxe=1&dt=1650918253876&lmt=1650918253&dlt=1650918247527&idt=1234&biw=1600&bih=1200&adxs=436&adys=1110&ucis=2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&url=https%3A%2F%2Freconshell.com%2Fcve-2022-29072-windows-privilege-escalation%2F&frm=20&vis=1&scr_x=0&scr_y=0&psz=728x-1&msz=728x-1&fws=516&ohw=1600&ga_vid=2010751779.1650918249&ga_sid=1650918249&ga_hid=1303298778&ga_fc=true&btvi=0&nvt=1

Domain: ade.googlesyndication.com
URL: https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIzLmj4IWw9wIVElwbCh33iQiHEAAYACCq3vFPQhMIuPTz34Ww9wIVF-K7CB1weQpS;met=1;acvw=sv%3D925%26v%3D20220418%26cb%3Dout%26e%3D0%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D0,0,0,0%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D0%26pst%3D-1%26dur%3D16042%26vmtime%3D4%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D18%26i0%3D18%26ic%3D0%26cs%3D18%26c%3D0%26mc%3D0%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D-1%26ces%26avms%3Dnio%26qi%3D490227087%26psm%3D1%26psv%3D0%26psfv%3D0%26psa%3D0%26pngs%3D9,14,15s%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1%26ssb%3D0,0,0,0,0,0,0,0,0,0,0;gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0%26t%3D1650918254116;dc_rfl=[URL_SIGNALS];ecn1=1;etm1=0;eid1=11;

Domain: pixel.adsafeprotected.com
URL: https://pixel.adsafeprotected.com/rfw/st/781835/56197231/skeleton.gif?xmtp=v&xmapp=0&xsId=0ddcd411-e487-48aa-bd62-011974ef25e5&mon=56197231

Domain: googleads4.g.doubleclick.net
URL: https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstjMwQbwixSy2SSMlPmAQcdoFPkrvQrCUlJMNIHfTIlOlBW-53aLj7wFiaSXBex97V_AuuZo4CYaqdGH9w4oO7q-4xmX4VDtiEh9PydUjgdcTuUYkK9-_MsKNrLTq25hX3pmdoiA_jKGBApL2aZP9Lu9e128AOK20ROZwKpp8vtda5YtEscivfhnQnvelhXf065VyiMZcY2Oc4YQ38TOpDGtwj9cVzb-yZx4gzWt21gvLbuX6glbLlMahbSwmIK46sdEV6LXqFtw1glX6n5bfQj9nSm5DDTMQHtxwIOozagHXv6VrNAoNoMh2mT-oRh1GL7rTb7JonTXBc_sTF67BESFWwMLemw4ADEhos_d-9SrNNKJ3gJJYUNr6hXCgLAQ8SzZHoW87rXmG5rYr3j7g18BbICaMUPcbbZ9l_DifjdciId9irHwBygnXD5VaRGMsCvN30tVd23UOeMtgIF5KRJiqxdSxUHl07N5GPvoofzbESCmwQZfL7nQDYxUUIz17hCCNiVPiIL_fGaqsNDtwR7InSUIrNTW4-6QqlIa3ZZlML_sm5AIfuijjYEO1MTuLf7DJy4StYjLzb4JsGxTqf-N8qlhOxRhK66aq6D_F-RRqZsAgB0UTlUO7uS_HRDQUykRxc7qY_5eKtPT5OtcbF_4lhjFA6H6THRsE3yISbXg80fjf0YNKIllkTrrbke5yeZTRkLRnCP01tpaogCfc86vwww-XOiho1xoiysMJuOYJhGZWHx3fe1eJtjbmjClmBQV113n2QHENzm5o3RL_RNYavqGZHNQflPXS6yqNJ_CwCS8Ol9II6rXqOMnf05UzSaxOVha6shxAlQ9C94URVAJMSVw6aZFUtS7U-FSOL-jujPtLYnvqdmq-FJfSFujplHxXobggVImOunlQrAImQJ3ntBGjw_XqqfRyDJmuZ5O6fJtiG2d1DNN9aqp5e15IbYeFil_nHIamH1Kgv6AUf-yo4JKirDATrnb9ZTOSEFenTH0CMR6fN16TX_A4WlVNtWAzyvGOnKP-Ii9JiIDq0808c5O8ymWK0JmeaI2uCTfngkQkYZDhjDoq6lGtySkTpwDip-YcMqG55v2KjnfKJ6SuNexcj7tV0paTqyU6nUapc3bjgoX_bbpMhKtunJr9lwOQco2dKF-_geczZS2rSXgbX0u0DRmobDEOMaJqazHf-OCNQc_7-Sy1hmbidqKyKLSgUEkWeB0l71&sai=AMfl-YRrp_czl05xjv3B-wZ_JZf9Jm8OqAmyMnZWavBpJhQYxBVOEhROr8qBojgeQcM6oUFfFPUqjSLBxiFtdvdnarlxvx2SHO_fd8uE8u6QD675L-OmDm8EBScmXDPjrswf0OebnC4QagpWn5KzqKELeSoNR2HtX6JWMaxJCyLW5uWvFpK-bfuoQYy5ZiGmg_dyfgNYXnurXDZiRcJ6VlMoB_vKFtcWuv4gHTpRdsuFo5zAC4Cz&sig=Cg0ArKJSzC1FmABSbxeiEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&adurl=

Domain: ad.atdmt.com
URL: https://ad.atdmt.com/i/img;adv=11002245653149;ec=11002245685555;adv.a=5809340;c.a=26114365;s.a=4497788;p.a=308820107;a.a=501739062;cache=1413993057;

Domain: ups.analytics.yahoo.com
URL: https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true

Domain: ade.googlesyndication.com
URL: https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIzLmj4IWw9wIVElwbCh33iQiHEAAYACCq3vFPQhMIuPTz34Ww9wIVF-K7CB1weQpS;met=1;acvw=sv%3D925%26v%3D20220418%26cb%3Dout%26e%3D15%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D0,0,0,0%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D0%26pst%3D-1%26dur%3D16042%26vmtime%3D4%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D18%26ic%3D18%26cs%3D18%26c%3D0%26mc%3D0%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D-1%26ces%26avms%3Dnio%26qi%3D490227087%26psm%3D1%26psv%3D0%26psfv%3D0%26psa%3D0%26pngs%3D9,14,15%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1%26ssb%3D0,0,0,0,0,0,0,0,0,0,0;gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0%26t%3D1650918254116;ecn1=1;etm1=0;eid1=200101;

Verdicts & Comments Add Verdict or Comment

238 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

29 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
reconshell.com/	1970-01-20 02:36:44	Name: pvc_visits[0] Value: 1651004645b8503
.reconshell.com/	1970-01-20 02:35:20	Name: ezoadgid_302486 Value: -1
.reconshell.com/	1970-01-20 02:35:25	Name: ezoref_302486 Value:
.reconshell.com/	1970-01-20 11:20:54	Name: ezosuibasgeneris-1 Value: 114a8821-2e3e-46d1-59f3-6bffb230c41d
.reconshell.com/	1970-01-20 02:35:25	Name: ezoab_302486 Value: mod40-c
.reconshell.com/	1970-01-20 02:38:11	Name: active_template::302486 Value: pub_site.1650918245
.reconshell.com/	1970-01-20 02:35:20	Name: ezopvc_302486 Value: 1
.reconshell.com/	1970-01-20 02:36:44	Name: ezepvv Value: 1279
.reconshell.com/	1970-01-20 02:35:20	Name: ezovid_302486 Value: 490516731
.reconshell.com/	1970-01-20 02:35:20	Name: lp_302486 Value: https://reconshell.com/cve-2022-29072-windows-privilege-escalation/
.reconshell.com/	1970-01-20 02:38:11	Name: ezovuuidtime_302486 Value: 1650918247
.reconshell.com/	1970-01-20 02:35:20	Name: ezovuuid_302486 Value: a1865f64-16de-49d0-493d-cdae2e55abaf
.reconshell.com/	1970-01-20 20:06:30	Name: _ga_V8R3B4G4T9 Value: GS1.1.1650918248.1.0.1650918248.0
.reconshell.com/	1970-01-20 20:06:30	Name: _ga Value: GA1.2.2010751779.1650918249
.reconshell.com/	1970-01-20 02:36:44	Name: _gid Value: GA1.2.996690135.1650918249
.reconshell.com/	1970-01-20 02:35:18	Name: _gat_gtag_UA_186158772_1 Value: 1
.quantserve.com/	1970-01-20 12:05:32	Name: mc Value: 62670368-efbee-94f80-2e86d
.reconshell.com/	1970-01-20 11:59:47	Name: __qca Value: P0-1330917840-1650918248965
reconshell.com/	1970-01-22 15:54:30	Name: ezds Value: ffid%3D1%2Cw%3D1600%2Ch%3D1200
reconshell.com/	1970-01-22 15:54:30	Name: ezohw Value: w%3D1600%2Ch%3D1200
reconshell.com/	1970-01-20 11:20:54	Name: ezux_lpl_302486 Value: 1650918249737\|61d0797f-cc10-4bcc-61e1-ae6f11eed71b\|false
.reconshell.com/	1970-01-20 11:56:54	Name: __gads Value: ID=83032e3e89826c3e:T=1650918248:S=ALNI_MagmdebGhJdNS6Z3h7V4cnyDbmGkA
reconshell.com/	1969-12-31 23:59:59	Name: ezouspvv Value: 280
reconshell.com/	1969-12-31 23:59:59	Name: ezouspva Value: 1
reconshell.com/	1969-12-31 23:59:59	Name: ezouspvh Value: 280
.doubleclick.net/	1970-01-20 11:56:54	Name: IDE Value: AHWqTUm93P7t8KNNxCWFMSIdDZvzjlx6Muht3pPEw-4URXGNw4SsLzMPTR3Wx4GP4-M
.quantserve.com/	1970-01-20 04:44:54	Name: d Value: EEMBCQH-JYEA
.simpli.fi/	1970-01-20 11:22:20	Name: suid Value: C03414BBC46D4D59A9C88C5E49DBC6C7
.travelaudience.com/	1970-01-20 12:04:06	Name: _tracker Value: %7B%22UUID%22%3A%223A4B962C-0877-4A25-BCE1-1AB7A9FAF023%22%7D

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://ad.atdmt.com/i/img;adv=11002245653149;ec=11002245685555;adv.a=5809340;c.a=26114365;s.a=4497788;p.a=308820107;a.a=501739062;cache=1413993057; Message: Failed to load resource: net::ERR_BLOCKED_BY_RESPONSE.NotSameOrigin

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

32c91d654afcf12d09422dfe84c59098.safeframe.googlesyndication.com
ad.a-ads.com
ad.atdmt.com
ade.googlesyndication.com
ads.travelaudience.com
ads.yieldmo.com
adservice.google.com
adservice.google.de
bid.g.doubleclick.net
c.eu1.dyntrk.com
cdn.bizibly.com
cm.g.doubleclick.net
cms.quantserve.com
csi.gstatic.com
fonts.googleapis.com
fonts.gstatic.com
gcdn.2mdn.net
go.ezodn.com
go.ezoic.net
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
imasdk.googleapis.com
pagead2.googlesyndication.com
pixel-sync.sitescout.com
pixel.adsafeprotected.com
pixel.quantserve.com
pr-bh.ybp.yahoo.com
r5---sn-4g5ednde.c.2mdn.net
reconshell.com
rules.quantcount.com
s0.2mdn.net
secure.gravatar.com
secure.quantserve.com
securepubads.g.doubleclick.net
static.a-ads.com
tpc.googlesyndication.com
um.simpli.fi
unified.adsafeprotected.com
ups.analytics.yahoo.com
user-images.githubusercontent.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
ad.atdmt.com
ade.googlesyndication.com
googleads4.g.doubleclick.net
pixel.adsafeprotected.com
securepubads.g.doubleclick.net
ups.analytics.yahoo.com
135.125.160.77
142.250.179.194
142.251.37.98
148.251.1.246
152.195.15.58
169.50.137.182
18.158.98.109
2600:9000:206f:7400:6:44e3:f8c0:93a1
2600:9000:214f:ec00:2:cb38:840:93a1
2606:50c0:8002::154
2620:116:800d:21:36a9:ecb:e518:b308
2a00:1450:4001:17::a
2a00:1450:4001:800::2004
2a00:1450:4001:802::200a
2a00:1450:4001:802::200e
2a00:1450:4001:803::2002
2a00:1450:4001:809::2002
2a00:1450:4001:810::2001
2a00:1450:4001:812::2003
2a00:1450:4001:813::2008
2a00:1450:4001:82a::200a
2a00:1450:4001:82b::2001
2a00:1450:4001:82b::2002
2a00:1450:4001:82f::2002
2a00:1450:4001:82f::2006
2a00:1450:4001:830::200e
2a00:1450:400f:801::2003
2a04:fa87:fffe::c000:4902
2a05:d018:d29:3601:a361:57c8:93b7:1576
2a06:98c1:3120::7
34.243.30.211
35.190.0.66
52.208.76.16
66.155.71.25
74.125.133.156
028023a5d302d71122cbeeb570365bb62dedbf175009871c9c17583c1150d53e
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
085408db92dd613f93e500d19078baa9d574a60c2498d0d00cd7cb969431f165
085cdc1f2df7c4187173a9935541255451bdb74f151cce5cf3efdb890485b8d1
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0db80125881ba1f8798c8dccc4179650a745f6655369263e7199d6efab13c68a
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
10d4b728888654e0b85c706a9310b551087d3321fb8ebfff147d07b13fa73bf0
145287b36883dd3061ca7aa9229a8fa9ace2cccd50e0382b4b6201f3916b57c5
157f489eaa248101e3b7268c3bbdc19b037c21034f76af44b3dc4caf71ac99ee
19a698e437b8159d8b20718ea1166b8dcbdf25f799696e2b6611add29122bbf5
1a2607e7e1cf536e8bbf0c90c0165e4d6e00e55ce7d8df109c7c2267bec64ca3
1b689ea107bff2003a22621ce7681945bc4f3da4a52bf63eb3ecb97d65b758e7
1d3d7c7d9529dd1ff829f9c0e3d1f1352d599b8ccfbd0ca1f1bbbe4a18e241e2
1f1aa39826afa4ac3c1a517a7d1ed5f262053dae433880655e7143fd0a1f405e
1f4513a435d6a3047d20a50c1e7d4263de42146c74be227f774b5e82e6357e75
2096b5ee1e9275866db3873339b8592a41646d6d734a29cc036934411a749395
23bbfc0dcf5c4669b456ae354075f2648e6a64b2ab9a9d3bae060905bb1d045b
2c74749a433528af31be3ae74183a8a942e421f1229197da67268b20a5d09cec
2edba786b211ff44f5c3ddda205f032e4288a70fd8e4994e01598f753df94bff
305b6cc3ea622fae286d30271ec700152bbd07220372ce8c29f747b102790e41
32bc7c1c64fd1b755d48d6025b86b7e7a28ad35d1f420cf85cdc1123aa7dfcd7
39a8609002305d7127558b52c7b84b45276a3432b50edd08b89316e7fcfe4a76
3c4aae878744bbd508c37872977d41f19257df4143d24568cd18768d79f830e8
3e760a4564987aa0c693e3bbc09992ac2483dc6a8624beb1a2b08b9b8718df49
48ca4c570f2d58d8ff837e1c8f7d73e418a485ae23b2c9322f2f351d71d93aa7
4a29964e922a0ddad04e2feb2b4496f1019838b0cd9754da5bc95f6e20a14e98
4a41b86e3cd98cae95d895fb66339d2c97765588bd7d29eb77311822e8ab0e58
4bdb0b865fb578e2da7756812af59729ef9585d53ffb640ec61047834a43d16a
4f62b54a19795cb378378578ab458bc1c111ef3b9043a4143224d3ddf59fef04
559539863676ce8b7493956a42958ab940d9b1fe8587e23d56832a56d8369dc3
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5a3f1dd74233f605e511f1b5b244bedf85ac88ba264caf4d6401bc7ec2017dcd
5c149d9130b9ec651cea3a55d5b9648f7de28feb21f8e4192bede97facd35ec4
5cbf31f01d7d1ce4853bcd6cc64dbfd103d412ec14d8bcc4ebca3b35dc3f3b74
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6245502596f1d958873d04e792f2b32451d6d057a41afe357043f2f13674b1ba
62f3f809487194fcc55a3ebd88811a604ae496027bb425d4ebd15d9ae1921945
65e7559bedd297bf28a3802e3c21b3fc68b127a24e42c1f0d53731ad04256999
66e70ec2f6169104428ff479e397e5c515deca007d206097bda23a72b8467036
679e44f9b4bbbc2ad0c4000c1413fd3a88627d83f1cba8ebdac26f81bc7edb78
6b375bb55d944a10eb9cb9d9ec182ff5886ed6b5ab7a82bec6bdeac6ae08eb3f
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6bdeca446f4587e4072046d6f6982d99c5d60f2288932d7e47ebd440071cc856
6ee816398ac59bd1a1fddcb80037e7fd618f481fe467ad65e73afb4daff29095
717f6bb5f6cc69c444f54376a72dee0ca7968b2a12e7c9475247ec85c0e75a53
75502d0c549d46c50b19d2417027715be64114690ea3ae9e0b8e5c98eaf241fa
76ded50ab81767db56c3513f9c5f92d0ba1069e80b194f6cc98f15db1e0cac00
7f5cbf8bf2aea544a7292c1499abc2f9d24ec5833c623432c70fbbff83869f2a
8490212550b5728effa79ddb689dbcb770773e5baf1a7209c0feb7e5ac253cff
856c2c9a424ef35c3790a0a0dc982ea444555ba96d592ab27f52bc9a284fc773
857cef0730b71a96c4d709e3746f4c9b89257e0d52c2b7173c27320ca21ae431
874e5cb8757149fb23cff7ad37bdca20efbe22dc81ed2e24da4afc3d9928db72
88915cdc03fc5b9a20aec966fe93ee38aa3fd76bfef296e41d305271b3541c96
8d6580af877387b05d9ffac3ebeacfe25a7728c77adef6d9b32fd72ccbe21468
8f20a055f7ad437b5288b970c9c44846e518230caf815001b9a080579bba518b
8f8ebc7e5d94244c2499c5f4c10c4d28639ce2d6126e52de3e9842ce64977391
934f8ad5b43c00dbead508fafad1104dd5c77ea9b8dc80d28545bbba94af703d
93bb2c7479294f878b3c23c97f7c5393d73af10322a88dd71059645ac6fd14f7
94b3ef0b8c59431d81809e785c08a3933804d66ae63c22b9697c8129622ac636
94edf973e9deb80b5eccf17f8f3108eafe15209fe25fe417e8f8962a4d8f48b3
95347f5a02237a0ff92fc87be7ad78f0fb44eebc125ffb61edc17da98a6d23d7
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9d84d7f58ab322c3998440d26ea49679d613ddf54be53425fdb85c19a7869a82
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a10b9570a1c7858442b42f1cd48b69a191638269f37e4046607bf5fe188e38bf
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a193e4ba678007362732ecd297c2631f4f976265db4342dd40b321d306bf1d41
a3e64300797e8078baa41dbc49e2affc1d2bedd04a470f0c929ed7fac698fbcd
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a7d5c1bfe43c8beefab2fa059f4fcaa029fcbbace9a672aae1dfe1ffb7d6976c
a8f513050a95d1151232673a979f9efa3488898eb29a4bf86f109df6a8032cda
ac0ee9d72c7115e1a64f4200ab4cb32c3edcd7270a3026f8362063aeff365529
ada063a1033c38aaf39ca6c461a4d11f8b14be0246bcde1a772751b18589ba4a
b409169eaf0e4a2a819d803de3c58c43b09e177d4aa8cb757cef6a5560749b21
b6950a1c217863ef667ef71bb299f0b865b34eccfb60d42db4b8dfbd9e3a553f
baa7346a51ac22b01b0f63ef8be8a7b0946a67fbe68ccf2c8a783a769bad8870
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
bf7299d2d2190861f97423878c241772cbf52460f8d93f7d0594ddd6fb2f75ed
c21e5a2b32c47bc5f9d9efc97bc0e29fd081946d1d3ebffc5621cfafb1d3960e
c340c6ee4270e8ba52d5e4f799886e056a1736dabf080e694c51ca046b5a25a8
c388fe06aab51b439e07b30d2d83f581b8dd5eae476384d55f7356c5472b50e4
c470506c196b2993cd90a86c2baea953089fe2ad4bf530c5741c019218672791
c5abd30fec5b224bc851ecb45f0a55405a51000a6a9c5b6a71c36e76c2fb31b8
c68993b61355cfab70a3f59a0b5e1ce890cddcd38672429785ad6d3865fa0808
c853ef21a0c6ce6434a7cd6a7677d17c2bb6d7824a191219144a8af0ff60d3a4
c90cff659645a312a28804965f3dbc34061338f7234ff5d6ddb2c57e9eadec15
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cae6c83f8af5a66d333d4add8e5e5af0e7f0b5197bd71aad6accf381725055f8
cb4dc58b3eacddc6020adda14ed51dffdffca057c4e386cacd972ebea4406460
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
cdbdaa122823601390c7dcbdd1afde33c2f1a432b8c5ff025c6137ee99ba541a
d0218a3869f9c44deeb832939feff8fa980a22a94ba45bb0592b39a955ebdd91
d5c1172f24f4f49f780c65cf5be897527fd08f3662a2ba8db0cfe0057d92e367
d692a67352a3dfa80010c86a62761cfff05c0b1086618106a8576cc45a6a8115
d808df0573355b539b7fe9b474e3a1970a2f445a7badfc35fed6e4c445f1eed3
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dd870101ad4e95d687a2eb734707b0dd7c20808f76d7be77a71a5d13cf99401c
def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7
df4f4f0c20c55fa9b59c139af518439f9a951939bb7c6fb1d365898165a57474
e1a156c3daa4ae0c41f21ef266131ca5a34d56695e3d860b232da142ef031234
e20ddb9ed1fa044cb624f0253bb06b13c92ed9915063bd63a5806440c6b1ce7c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3c56335edee34422b6388701d70fdd8628590ce3065812f7b31ac847ac23184
e50f9ccd2d6582a58ba1879fa578e60d25fea4c5eedc07deafd14482b2403181
e7fd169c147e09ce0f525b6f460e78f7cc4e146d137ad29a45e984e149c15c9b
ea095783d78273a9aa9bb016b3e8c7ffed36e115e93bf3bf409cebd4cec796ab
eb137fe4995fe18086e573e4bb2a6f6df4aa97a1ea1d4bd6c1e6b0870661bfea
eb14baeac955bb11e33cd7fd3fd2f698cf20db1b450325f45ea843b6cdc82366
ebbd142be52020554c4152d3afe6b96f9abafc3818cf6d1c0e92ed1953eaf419
f22e1f643b9b97e06209d51252adb3d407265bf0c269d7392d318b4e1353c8fc
f388a81240f63080fc1190be45391be19043253a8aabababe75f6a52857dd358
f38bc1cb57e20f2cc607331f3fa7d66ee19d04351ff24878f1f744bc3a9fa4aa
f46d96d805c7e9e467422dfe516c43edb4632c0273cea26722fee7ba885f869e
f57a038a716263766ff4d7f7d8a6ea13b22701ae6fc91e8b1b52fd8784844d23
f6d7098cc23ce7d2fc22ab1a444d34a6d6120ed5b91ae39b17f19b8af0b16f5b
f7aeef8cac418d768be803b21fc422756691d0f45dd969866d134b61489d1cf9
fa6a6fc48fd6aba0f0b7b890b526bd76982b94fd79eea7868eb67637da62992f
fe02a25556ac05dbe05dff8ec58cf0e0aefc22efbe93a4025958666d5bfaf29c
ff4bd34aa98a0214833619d3d751838db015722dfbbec15cd14dadc66cd67869
ffb648200f12e9e83c7a7d94892271c74f23b39d6f77b9df5e21c96166a41ecb

reconshell.com Open in urlscan Pro 18.158.98.109 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

166 Requests

93 %HTTPS

66 %IPv6

26 Domains

43 Subdomains

31 IPs

5 Countries

2569 kBTransfer

6577 kBSize

29 Cookies

20 Outgoing links

Redirected requests

166 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 11 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

reconshell.com Open in urlscan Pro
18.158.98.109 Public Scan

Screenshot
Live screenshot

Full Image

166
Requests

93 %
HTTPS

66 %
IPv6

26
Domains

43
Subdomains

31
IPs

5
Countries

2569 kB
Transfer

6577 kB
Size

29
Cookies

166 HTTP transactions
11 data transactions