securityonline.info Open in urlscan Pro
3.126.196.163 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escala...
Submission: On September 17 via api (September 17th 2020, 1:29:19 pm UTC) from DE

Summary HTTP 336 Redirects Links 18 Behaviour Indicators

Summary

This website contacted 38 IPs in 8 countries across 25 domains to perform 336 HTTP transactions. The main IP is 3.126.196.163, located in Frankfurt am Main, Germany and belongs to AMAZON-02, US. The main domain is securityonline.info.
TLS certificate: Issued by Let's Encrypt Authority X3 on August 30th 2020. Valid for: 3 months.

This is the only time securityonline.info was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
83	3.126.196.163 3.126.196.163	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:803::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:81b::2008	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:819::200a	15169 (GOOGLE) (GOOGLE)
9	2606:4700:303... 2606:4700:3031::681c:a6f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
19	2a00:1450:400... 2a00:1450:4001:820::2002	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6812:e134	13335 (CLOUDFLAR...) (CLOUDFLARENET)
87	172.217.23.130 172.217.23.130	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:81d::2008	15169 (GOOGLE) (GOOGLE)
14	2a00:1450:400... 2a00:1450:4001:81c::2003	15169 (GOOGLE) (GOOGLE)
1 2	2a02:2638::1c 2a02:2638::1c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	178.250.0.157 178.250.0.157	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	178.250.2.131 178.250.2.131	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
13	54.194.107.225 54.194.107.225	16509 (AMAZON-02) (AMAZON-02)
2	216.52.2.30 216.52.2.30	29791 (VOXEL-DOT...) (VOXEL-DOT-NET)
1	185.64.189.112 185.64.189.112	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1	185.33.221.13 185.33.221.13	29990 (ASN-APPNEX) (ASN-APPNEX)
1	2a00:1450:400... 2a00:1450:4001:81a::200e	15169 (GOOGLE) (GOOGLE)
5 15	2a00:1450:400... 2a00:1450:4001:825::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:817::200e	15169 (GOOGLE) (GOOGLE)
1	2a03:2880:f01... 2a03:2880:f01c:800e:face:b00c:0:2	32934 (FACEBOOK) (FACEBOOK)
1	23.210.248.189 23.210.248.189	16625 (AKAMAI-AS) (AKAMAI-AS)
2	2a00:1450:400... 2a00:1450:4001:801::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:81b::2001	15169 (GOOGLE) (GOOGLE)
29	2a00:1450:400... 2a00:1450:4001:801::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:803::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c0c::9c	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:819::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:81b::200e	15169 (GOOGLE) (GOOGLE)
2	2a02:2638::3 2a02:2638::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	95.100.196.250 95.100.196.250	16625 (AKAMAI-AS) (AKAMAI-AS)
30	2a00:1450:400... 2a00:1450:4001:818::2001	15169 (GOOGLE) (GOOGLE)
1	2600:9000:20e... 2600:9000:20e8:1000:2:cb38:840:93a1	16509 (AMAZON-02) (AMAZON-02)
5	2a00:1450:400... 2a00:1450:4001:802::200a	15169 (GOOGLE) (GOOGLE)
2	2620:116:800d... 2620:116:800d:21:f916:5049:f87f:108e	16509 (AMAZON-02) (AMAZON-02)
1 3	23.37.53.17 23.37.53.17	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2600:9000:20e... 2600:9000:20e8:5e00:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02)
336	38

83 3.126.196.163 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com

securityonline.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
g.ezoic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:803::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81b::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:819::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2606:4700:3031::681c:a6f (United States)

ASN13335 (CLOUDFLARENET, US)

cdn-0.securityonline.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 2a00:1450:4001:820::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:e134 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.onesignal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

87 172.217.23.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s18-in-f130.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:81d::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ssl.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:81c::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638::1c (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.0.157 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.2.131 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
PTR: bidder.am5.vip.prod.criteo.com

bidder.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 54.194.107.225 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-194-107-225.eu-west-1.compute.amazonaws.com

g2.gumgum.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.52.2.30 (United States)

ASN29791 (VOXEL-DOT-NET, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.189.112 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

hbopenbid.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.33.221.13 (Netherlands)

ASN29990 (ASN-APPNEX, US)
PTR: 729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:1450:4001:825::2004 (Frankfurt am Main, Germany) 5 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:817::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cse.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f01c:800e:face:b00c:0:2 (Ireland)

ASN32934 (FACEBOOK, US)

graph.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.210.248.189 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-210-248-189.deploy.static.akamaitechnologies.com

api.pinterest.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:801::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.nl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

f9acac6977ae19cfb3ec4a26c5f19535.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

29 2a00:1450:4001:801::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:803::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0c::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:819::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

clients1.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 95.100.196.250 (Ascension Island)

ASN16625 (AKAMAI-AS, US)
PTR: a95-100-196-250.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

30 2a00:1450:4001:818::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:20e8:1000:2:cb38:840:93a1 (United States)

ASN16509 (AMAZON-02, US)

go.ezoic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:802::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:116:800d:21:f916:5049:f87f:108e (United States)

ASN16509 (AMAZON-02, US)

secure.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.37.53.17 (Netherlands) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-37-53-17.deploy.static.akamaitechnologies.com

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:20e8:5e00:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
94	doubleclick.net securepubads.g.doubleclick.net googleads.g.doubleclick.net stats.g.doubleclick.net	278 KB
83	securityonline.info securityonline.info cdn-0.securityonline.info	452 KB
43	googlesyndication.com pagead2.googlesyndication.com f9acac6977ae19cfb3ec4a26c5f19535.safeframe.googlesyndication.com tpc.googlesyndication.com	343 KB
30	ampproject.org cdn.ampproject.org	641 KB
20	google.com 5 redirects adservice.google.com www.google.com cse.google.com clients1.google.com	169 KB
14	gstatic.com fonts.gstatic.com	186 KB
13	gumgum.com g2.gumgum.com	11 KB
10	ezoic.net g.ezoic.net go.ezoic.net	2 KB
7	googleapis.com fonts.googleapis.com	6 KB
5	google-analytics.com ssl.google-analytics.com www.google-analytics.com	36 KB
4	criteo.com 1 redirects gum.criteo.com mug.criteo.com bidder.criteo.com	1 KB
3	scorecardresearch.com 1 redirects sb.scorecardresearch.com	3 KB
2	quantserve.com secure.quantserve.com pixel.quantserve.com	8 KB
2	criteo.net static.criteo.net	48 KB
2	pubmatic.com hbopenbid.pubmatic.com ads.pubmatic.com	118 B
2	lijit.com ap.lijit.com	725 B
1	quantcount.com rules.quantcount.com	348 B
1	google.de www.google.de	106 B
1	googletagservices.com www.googletagservices.com	28 KB
1	google.nl adservice.google.nl	890 B
1	pinterest.com api.pinterest.com	436 B
1	facebook.com graph.facebook.com	638 B
1	adnxs.com ib.adnxs.com	1 KB
1	onesignal.com cdn.onesignal.com	3 KB
1	googletagmanager.com www.googletagmanager.com	35 KB
336	25

	Domain	Requested by
87	securepubads.g.doubleclick.net	securityonline.info securepubads.g.doubleclick.net
74	securityonline.info	securityonline.info cdn-0.securityonline.info
30	cdn.ampproject.org	securepubads.g.doubleclick.net
29	tpc.googlesyndication.com	securepubads.g.doubleclick.net pagead2.googlesyndication.com tpc.googlesyndication.com securityonline.info cdn.ampproject.org
15	www.google.com	5 redirects www.google.com securityonline.info
14	fonts.gstatic.com	fonts.googleapis.com
13	g2.gumgum.com	securityonline.info
12	pagead2.googlesyndication.com	securityonline.info pagead2.googlesyndication.com
9	g.ezoic.net	securityonline.info
9	cdn-0.securityonline.info	securityonline.info
7	fonts.googleapis.com	securityonline.info securepubads.g.doubleclick.net
6	googleads.g.doubleclick.net	pagead2.googlesyndication.com securityonline.info
3	sb.scorecardresearch.com	1 redirects go.ezoic.net
3	ssl.google-analytics.com	securityonline.info
2	static.criteo.net	securityonline.info static.criteo.net
2	f9acac6977ae19cfb3ec4a26c5f19535.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	cse.google.com	securityonline.info www.google.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	ap.lijit.com	securityonline.info
2	gum.criteo.com	1 redirects static.criteo.net
2	adservice.google.com	securityonline.info securepubads.g.doubleclick.net
1	pixel.quantserve.com
1	rules.quantcount.com	secure.quantserve.com
1	secure.quantserve.com	go.ezoic.net
1	go.ezoic.net	securityonline.info
1	ads.pubmatic.com	securityonline.info
1	clients1.google.com	securityonline.info
1	www.google.de	securityonline.info
1	stats.g.doubleclick.net	www.google-analytics.com
1	www.googletagservices.com	pagead2.googlesyndication.com
1	adservice.google.nl	securepubads.g.doubleclick.net
1	api.pinterest.com	cdn-0.securityonline.info
1	graph.facebook.com	cdn-0.securityonline.info
1	ib.adnxs.com	securityonline.info
1	hbopenbid.pubmatic.com	securityonline.info
1	bidder.criteo.com	securityonline.info
1	mug.criteo.com	securityonline.info
1	cdn.onesignal.com	securityonline.info
1	www.googletagmanager.com	securityonline.info
336	39

This site contains links to these domains. Also see Links.

Domain
silktide.com
foxglovesecurity.com
github.com
www.facebook.com
www.twitter.com
www.youtube.com
www.paypal.com
meterpreter.org
www.ezoic.com
g.ezoic.net

Subject Issuer	Validity	Valid
securityonline.info Let's Encrypt Authority X3	`2020-08-30` - `2020-11-28`	3 months	crt.sh
*.google.com GTS CA 1O1	`2020-08-26` - `2020-11-18`	3 months	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-09-03` - `2020-11-26`	3 months	crt.sh
upload.video.google.com GTS CA 1O1	`2020-08-26` - `2020-11-18`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-07-18` - `2021-07-18`	a year	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2020-08-26` - `2020-11-18`	3 months	crt.sh
ezoic.net Let's Encrypt Authority X3	`2020-07-27` - `2020-10-25`	3 months	crt.sh
*.gstatic.com GTS CA 1O1	`2020-08-26` - `2020-11-18`	3 months	crt.sh
*.criteo.com DigiCert ECC Secure Server CA	`2020-09-04` - `2020-12-03`	3 months	crt.sh
*.gumgum.com Amazon	`2020-07-03` - `2021-08-03`	a year	crt.sh
*.lijit.com Go Daddy Secure Certificate Authority - G2	`2020-03-11` - `2021-05-10`	a year	crt.sh
*.pubmatic.com Sectigo RSA Organization Validation Secure Server CA	`2019-02-22` - `2021-02-21`	2 years	crt.sh
*.adnxs.com DigiCert ECC Secure Server CA	`2019-01-23` - `2021-03-08`	2 years	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2020-07-21` - `2020-10-12`	3 months	crt.sh
*.pinterest.com DigiCert SHA2 High Assurance Server CA	`2020-07-16` - `2021-08-04`	a year	crt.sh
*.google.nl GTS CA 1O1	`2020-08-26` - `2020-11-18`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1O1	`2020-08-26` - `2020-11-18`	3 months	crt.sh
www.google.de GTS CA 1O1	`2020-08-26` - `2020-11-18`	3 months	crt.sh
*.criteo.net DigiCert ECC Secure Server CA	`2020-09-04` - `2020-12-03`	3 months	crt.sh
misc-sni.google.com GTS CA 1O1	`2020-08-26` - `2020-11-18`	3 months	crt.sh
www.google.com GTS CA 1O1	`2020-08-26` - `2020-11-18`	3 months	crt.sh
*.ezoic.net Amazon	`2020-03-15` - `2021-04-15`	a year	crt.sh
*.quantserve.com DigiCert SHA2 High Assurance Server CA	`2019-10-04` - `2020-10-07`	a year	crt.sh
sb.scorecardresearch.com DigiCert Secure Site ECC CA-1	`2020-07-17` - `2021-06-02`	a year	crt.sh

This page contains 14 frames:

Primary Page: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Frame ID: 073E1708C097547C5B221CBFF061AC63
Requests: 242 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20200914/r20190131/zrt_lookup.html
Frame ID: E5112557FD9BA1354D42434690288CD9
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6396844742497208&output=html&adk=1812271804&adf=3025194257&lmt=1600349339&plaf=1%3A2%2C2%3A2%2C3%3A2%2C4%3A2%2C5%3A2&plat=1%3A32904%2C2%3A16810120%2C8%3A128%2C9%3A32904%2C10%3A32%2C11%3A32%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C27%3A128%2C30%3A1081472%2C32%3A32%2C40%3A32&guci=1.2.0.0.2.2.0.0&format=0x0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&ea=0&flash=0&pra=5&wgl=1&dt=1600349339200&bpp=19&bdt=848&idt=536&shv=r20200914&cbv=r20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=2310825640605&frm=20&pv=2&ga_vid=1551435357.1600349339&ga_sid=1600349339&ga_hid=1476984913&ga_fc=1&ga_wpids=UA-124345349-20&iag=0&icsg=4436732086452226&dssz=103&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066706&oid=3&pvsid=788064621681489&pem=156&rx=0&eae=2&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8192&bc=31&ifi=0&uci=a!0&fsb=1&dtd=559
Frame ID: D858AE9BF6DFEE6E6445D0A9111A8AA0
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/210/runner.html
Frame ID: A36A7BBDC360694ED24334F42F7CEE0C
Requests: 1 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?topUrl=securityonline.info
Frame ID: 23B2C28F369C89583912C56BC534782A
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: 23A7D316D204080F63BE76B04F11D2A8
Requests: 1 HTTP requests in this frame

Frame: https://ap.lijit.com/beacon?informer=8711458
Frame ID: AE18E169EAF781DCDFA3EFE72E22EFE0
Requests: 1 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js
Frame ID: 62BB0EAE16501338BAC92B4D67DDF2F5
Requests: 18 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js
Frame ID: CB275DA40ED9C3064A1A219CF099FE0A
Requests: 17 HTTP requests in this frame

Frame: https://f9acac6977ae19cfb3ec4a26c5f19535.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Frame ID: 1ADCF95C9FEA002EFB98A764872BD0A9
Requests: 1 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js
Frame ID: F02ABB6C572AD61369AEDB31FB395322
Requests: 17 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js
Frame ID: 2B9AA371AB54542FED82F2C531C2CF50
Requests: 16 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js
Frame ID: F078631189B7147BBB61D40C41300FB2
Requests: 17 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js
Frame ID: 45F196D7763A1338BD1183CB0C54713E
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

336
Requests

100 %
HTTPS

70 %
IPv6

25
Domains

39
Subdomains

38
IPs

8
Countries

2251 kB
Transfer

6302 kB
Size

30
Cookies

18 Outgoing links

These are links going to different origins than the main page.

URL: http://silktide.com/cookieconsent
Title: Cookie Consent plugin for the EU cookie law

Search URL Search Domain Scan URL

URL: https://foxglovesecurity.com/2016/01/16/hot-potato/
Title: here

Search URL Search Domain Scan URL

URL: https://github.com/foxglovesec/Potato
Title: executable file

Search URL Search Domain Scan URL

URL: https://github.com/Kevin-Robertson/Tater
Title: Tater

Search URL Search Domain Scan URL

URL: https://www.facebook.com/DdoS-109131310571187/

Search URL Search Domain Scan URL

URL: https://www.twitter.com/the_yellow_fall

Search URL Search Domain Scan URL

URL: https://www.youtube.com/c/penetrationtestingwithddos

Search URL Search Domain Scan URL

URL: https://github.com/FreelancePentester

Search URL Search Domain Scan URL

URL: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=freelance%2epentester%40yahoo%2ecom&lc=GB&currency_code=USD&bn=PP%2dDonationsBF%3abtn_donateCC_LG_global%2egif%3aNonHosted

Search URL Search Domain Scan URL

URL: https://meterpreter.org/category/vulnerability/feed/

Search URL Search Domain Scan URL

URL: https://meterpreter.org/
Title: Suggested Reading

Search URL Search Domain Scan URL

URL: https://meterpreter.org/researcher-publishes-microsoft-exchange-rce-vulnerability-poc/
Title: Researcher publishes Microsoft Exchange RCE Vulnerability PoC

Search URL Search Domain Scan URL

URL: https://meterpreter.org/cve-2020-2040-pan-os-buffer-overflow-vulnerability-alert/
Title: CVE-2020-2040: PAN-OS Buffer Overflow Vulnerability Alert

Search URL Search Domain Scan URL

URL: https://meterpreter.org/microsoft-suddenly-cancels-family-calendar-features-in-outlook-desktop-apps/
Title: Microsoft suddenly cancels family calendar features in Outlook desktop apps

Search URL Search Domain Scan URL

URL: https://meterpreter.org/cve-2020-11974-cve-2020-13922-apache-dolphinscheduler-critical-vulnerabilities-alert/
Title: CVE-2020-11974, CVE-2020-13922: Apache DolphinScheduler Critical Vulnerabilities Alert

Search URL Search Domain Scan URL

URL: https://meterpreter.org/microsoft-september-patch-fixes-129-security-vulnerabilities/
Title: Microsoft September Patch fixes 129 security vulnerabilities

Search URL Search Domain Scan URL

URL: https://www.ezoic.com/what-is-ezoic/

Search URL Search Domain Scan URL

URL: https://g.ezoic.net/privacy/securityonline.info
Title: Read more

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 38

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fsecurityonline.info%2F&domain=securityonline.info&cw=1 HTTP 302
https://mug.criteo.com/sid?cpp=K3sAdHx0a1dPaHlvOW9FQ01scGdGenZIVENXcXBOcGQyS1ZabFpFOTQ3YzFBcVBnK2RERDNZRjJZMnF1am1NdTlkUzB0NGgrRmQ1M2FKUTk0cGxVVkhvN2pvWXpGQWF0T1YvL3l6TzdwcmhyWng5bExiY2lrNDA2WTRCdEFJKzRCc3VkZ1o4bmh4T1NFQVhmclFZNis3bVJINnNnNE5nWTNsNjg1T0VXbUt1OUdHK2dtUCthUDVrYnJOY1NaQnp1SW5hbmIzeHJjcFhBaVVmOU1WTjZyd3kxUExhbzFrREhjb2dBcGpaSFloZGgrWmFzPXw&cppv=2

Request Chain 67

https://www.google.com/cse/cse.js?cx=000577952335514451944:olq_fi17mqa HTTP 302
https://cse.google.com/cse/cse.js?cx=000577952335514451944:olq_fi17mqa

Request Chain 220

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 222

https://sb.scorecardresearch.com/b?c1=2&c2=20015427&ns__t=1600349345402&ns_c=UTF-8&cv=3.5&c8=Hot%20Potato%20%E2%80%93%20Windows%20Privilege%20Escalation%2CHot%20Potato%20%E2%80%93%20Windows%207%2C8%2C10%2C%20Server%202008%2C%20Server%202012%20Privilege%20Escalation%20in%20Metasploit%20%26%20PowerShell&c7=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&c9= HTTP 302
https://sb.scorecardresearch.com/b2?c1=2&c2=20015427&ns__t=1600349345402&ns_c=UTF-8&cv=3.5&c8=Hot%20Potato%20%E2%80%93%20Windows%20Privilege%20Escalation%2CHot%20Potato%20%E2%80%93%20Windows%207%2C8%2C10%2C%20Server%202008%2C%20Server%202012%20Privilege%20Escalation%20in%20Metasploit%20%26%20PowerShell&c7=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&c9=&cs_ak_ss=1

Request Chain 291

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 329

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 333

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

336 HTTP transactions
11 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/ 183 KB
31 KB 2407ms
2339ms Document
text/html 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-126-196-163.eu-central-1.compute.amazonaws.com

Software

nginx/1.16.0 /

Resource Hash

16267ab79593c55ec1604e99c9092dacb40076e7fd2d363c2cbe7b937a39ade8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:method: GET
:authority: securityonline.info
:scheme: https
:path: /hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-encoding: br
content-type: text/html; charset=UTF-8
date: Thu, 17 Sep 2020 13:28:56 GMT
display: pub_site_sol
expires: Wed, 16 Sep 2020 13:28:56 GMT
pagespeed: off
response: 200
server: nginx/1.16.0
set-cookie: ezoadgid_124533=-1; Path=/; Domain=securityonline.info; Expires=Thu, 17 Sep 2020 13:58:56 UTC ezoref_124533=; Path=/; Domain=securityonline.info; Expires=Thu, 17 Sep 2020 15:28:56 UTC ezoab_124533=mod1; Path=/; Domain=securityonline.info; Expires=Thu, 17 Sep 2020 15:28:56 UTC active_template::124533=pub_site.1600349336; Path=/; Domain=securityonline.info; Expires=Sat, 19 Sep 2020 13:28:56 UTC ezopvc_124533=1; Path=/; Domain=securityonline.info; Expires=Thu, 17 Sep 2020 13:58:56 UTC ezepvv=0; Path=/; Domain=securityonline.info; Expires=Fri, 18 Sep 2020 13:28:56 UTC lp_124533=https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/; Path=/; Domain=securityonline.info; Expires=Thu, 17 Sep 2020 15:28:56 UTC ezovid_124533=725564363; Path=/; Domain=securityonline.info; Expires=Thu, 17 Sep 2020 13:58:56 UTC ezovuuidtime_124533=1600349336; Path=/; Domain=securityonline.info; Expires=Sat, 19 Sep 2020 13:28:56 UTC ezovuuid_124533=0cf799a9-d734-4f41-77cc-667f1d3eb960; Path=/; Domain=securityonline.info; Expires=Thu, 17 Sep 2020 13:58:56 UTC ezCMPCCS=true; Path=/; Domain=securityonline.info; Expires=Fri, 17 Sep 2021 13:28:56 GMT
strict-transport-security: max-age=31536000
vary: Accept-Encoding Accept-Encoding
x-middleton-display: pub_site_sol
x-middleton-response: 200
x-sol: pub_site

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 109 B
316 B 16ms
15ms Script
application/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=securityonline.info

Requested by

Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 17 Sep 2020 13:28:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H2 200 dall3202test.js Show response
securityonline.info/porpoiseant/ 331 KB
96 KB 48ms
47ms Script
application/javascript 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://securityonline.info/porpoiseant/dall3202test.js?cb=191-2
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 8f8e1755c04df0faa3a3ee693bfe9e0bd973cda9a7642cc593919924a60d5d25

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:28:58 GMT
content-encoding: br
last-modified: Fri, 11 Sep 2020 19:55:52 GMT
server: nginx/1.16.0
etag: "52cd7-5af0f126c2200;5af78a36e0079-gzip"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=31536000, public
accept-ranges: bytes

GET
H2 200 boise.js Show response
securityonline.info/detroitchicago/ 983 B
465 B 24ms
24ms Script
application/javascript 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://securityonline.info/detroitchicago/boise.js?gcb=191-2&cb=1
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 41eb9054d5d5527274926b32631be8eb22dd6254f15a4d9d14cfe2688ea4f538

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:28:58 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
status: 200
x-middleton-display: sol-js
cache-control: max-age=31536000, public
content-length: 426

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 88 KB
35 KB 33ms
31ms Script
application/javascript 2a00:1450:4001:81b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-63315582-2

Requested by

Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

3f41c335d1ea66204e95a35975c76fdd618401bb440acbf816eef25a4b037c32

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:28:58 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35658
x-xss-protection: 0
last-modified: Thu, 17 Sep 2020 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 17 Sep 2020 13:28:58 GMT

GET
H2 200 css
fonts.googleapis.com/ 10 KB
908 B 18ms
15ms Stylesheet
text/css 2a00:1450:4001:819::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Ubuntu:400,400italic,300italic,300,700&subset=latin,latin-ext

Requested by

Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

52df8a245d91ed0c010c160750e959934e80caf88d6f0e96c26f5354c88781e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 17 Sep 2020 13:28:58 GMT
server: ESF
date: Thu, 17 Sep 2020 13:28:58 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 17 Sep 2020 13:28:58 GMT

GET
H2 200 br0pk.css
cdn-0.securityonline.info/wp-content/cache/wpfc-minified/2y1t9d76/ 155 KB
25 KB 54ms
22ms Stylesheet
text/css 2606:4700:3031::681c:a6f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-0.securityonline.info/wp-content/cache/wpfc-minified/2y1t9d76/br0pk.css?ff=1&wps=true
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::681c:a6f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d69a25e21a7f5a43376d8f91b3e2f5aed453da3b2a5bb45b80b13bce87361d79

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:28:58 GMT
content-encoding: br
cf-cache-status: HIT
x-sol: orig
age: 1423785
cf-polished: origSize=158369
status: 200
x-middleton-display: staticcontent_sol, orig_site_sol
x-middleton-response: 200
cf-request-id: 053dda132b0000bebf6e199200000001
pragma: public
response: 200
last-modified: Fri, 28 Aug 2020 00:49:20 GMT
server: cloudflare
etag: W/"5f0c3b34-2693c-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding,Origin
content-type: text/css
expires: Thu, 01 Oct 2020 01:59:13 GMT
cache-control: public, max-age=31536000
cf-ray: 5d432c651e90bebf-FRA
display: staticcontent_sol, orig_site_sol
cf-bgj: minify

GET
H2 200 br0pk.css
cdn-0.securityonline.info/wp-content/cache/wpfc-minified/7z76zcfw/ 57 KB
12 KB 59ms
27ms Stylesheet
text/css 2606:4700:3031::681c:a6f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-0.securityonline.info/wp-content/cache/wpfc-minified/7z76zcfw/br0pk.css?ff=1&wps=true
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::681c:a6f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b7bd6ba996aaa9583f93316051574f62058bf393715778a58dc3c86079f3a321

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:28:58 GMT
content-encoding: br
cf-cache-status: HIT
x-sol: orig
age: 29221
status: 200
x-middleton-display: staticcontent_sol, orig_site_sol
x-middleton-response: 200
cf-request-id: 053dda132b0000bebf6e19a200000001
pragma: public
response: 200
last-modified: Thu, 17 Sep 2020 01:52:36 GMT
server: cloudflare
etag: W/"5f0c3b34-e3ec-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding,Origin
content-type: text/css
expires: Sat, 17 Oct 2020 05:21:57 GMT
cache-control: public, max-age=31536000
cf-ray: 5d432c651e91bebf-FRA
display: staticcontent_sol, orig_site_sol
cf-bgj: minify

GET
H2 200 3u80x.js Show response
cdn-0.securityonline.info/wp-content/cache/wpfc-minified/kl22a9fh/ 142 KB
50 KB 61ms
30ms Script
application/javascript 2606:4700:3031::681c:a6f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-0.securityonline.info/wp-content/cache/wpfc-minified/kl22a9fh/3u80x.js
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::681c:a6f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4bee892d451bec22710e7342576780de52825fd4a6d256b0e1f0c7ec1e26c3fc

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:28:58 GMT
content-encoding: br
cf-cache-status: HIT
age: 3135097
cf-polished: origSize=145463
status: 200
x-middleton-display: staticcontent_sol, staticcontent_sol
x-middleton-response: 200
cf-request-id: 053dda132b0000bebf6e19b200000001
pragma: public
response: 200
last-modified: Wed, 12 Aug 2020 04:24:29 GMT
server: cloudflare
etag: W/"5f336efd-23837-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding,Origin
content-type: application/javascript
expires: Fri, 11 Sep 2020 06:37:21 GMT
cache-control: public, max-age=31536000
cf-ray: 5d432c651e92bebf-FRA
display: staticcontent_sol, staticcontent_sol
cf-bgj: minify

GET
H2 200 cookieconsent.min.js Show response
securityonline.info/ezoic/ 4 KB
2 KB 28ms
27ms Script
application/javascript 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://securityonline.info/ezoic/cookieconsent.min.js
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 10d4b728888654e0b85c706a9310b551087d3321fb8ebfff147d07b13fa73bf0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:28:58 GMT
content-encoding: br
last-modified: Fri, 11 Sep 2020 19:55:52 GMT
server: nginx/1.16.0
etag: "11a4-5af0f126c2200-gzip"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=31536000, public
accept-ranges: bytes
content-length: 1707
expires: Fri, 17 Sep 2021 13:28:58 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 130 KB
45 KB 31ms
22ms Script
text/javascript 2a00:1450:4001:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

44448f8722571f32047ab0f1ae0b60ee77e270a84db9fd08564874c18ba38200

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:28:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 45922
x-xss-protection: 0
server: cafe
etag: 4663029478138947517
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 17 Sep 2020 13:28:58 GMT

GET
H2 200 google_cse_v2.js Show response
cdn-0.securityonline.info/wp-content/plugins/wp-google-search/assets/js/ 333 B
406 B 56ms
29ms Script
application/javascript 2606:4700:3031::681c:a6f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-0.securityonline.info/wp-content/plugins/wp-google-search/assets/js/google_cse_v2.js?ver=1
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::681c:a6f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 699d4828c42481ca941e4faf8ffa28d0e08f30044d54b41af5a8d9bde16dcddd

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:28:58 GMT
content-encoding: br
cf-cache-status: HIT
age: 2448459
cf-polished: origSize=468
status: 200
x-middleton-display: staticcontent_sol, staticcontent_sol
x-middleton-response: 200
cf-request-id: 053dda132b0000bebf6e19c200000001
pragma: public
response: 200
last-modified: Sat, 15 Aug 2020 17:47:05 GMT
server: cloudflare
etag: W/"5eb2816f-1d4-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding,Origin
content-type: application/javascript
expires: Sat, 19 Sep 2020 05:21:19 GMT
cache-control: public, max-age=31536000
cf-ray: 5d432c651e94bebf-FRA
display: staticcontent_sol, staticcontent_sol
cf-bgj: minify

GET
H2 200 jQuerySharrre.min.js Show response
cdn-0.securityonline.info/wp-content/plugins/hueman-addons/addons/assets/front/js/ 11 KB
3 KB 57ms
29ms Script
application/javascript 2606:4700:3031::681c:a6f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-0.securityonline.info/wp-content/plugins/hueman-addons/addons/assets/front/js/jQuerySharrre.min.js?ver=5.5.1
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::681c:a6f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7d1574315d35ea396b52383c5d5c2e94bafe1e22c5af2711a54a067f42a0c7f9

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:28:58 GMT
content-encoding: br
cf-cache-status: HIT
age: 1319698
status: 200
x-middleton-display: staticcontent_sol, staticcontent_sol
x-middleton-response: 200
cf-request-id: 053dda132b0000bebf6e19d200000001
pragma: public
response: 200
last-modified: Fri, 28 Aug 2020 09:37:21 GMT
server: cloudflare
etag: W/"5f48d051-2dc7-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding,Origin
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 5d432c651e95bebf-FRA
display: staticcontent_sol, staticcontent_sol
expires: Fri, 02 Oct 2020 06:54:00 GMT

GET
H2 200 underscore.min.js Show response
cdn-0.securityonline.info/wp-includes/js/ 16 KB
6 KB 58ms
31ms Script
application/javascript 2606:4700:3031::681c:a6f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-0.securityonline.info/wp-includes/js/underscore.min.js?ver=1.8.3
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::681c:a6f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7b5fc275c98a58b1073a713920cefa54fab60ad9d85a67cf6907aaf8fbb3c474

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:28:58 GMT
content-encoding: br
cf-cache-status: HIT
age: 518292
status: 200
x-middleton-display: staticcontent_sol, staticcontent_sol
x-middleton-response: 200
cf-request-id: 053dda132b0000bebf6e19f200000001
pragma: public
response: 200
last-modified: Fri, 11 Sep 2020 10:11:30 GMT
server: cloudflare
etag: W/"5e854a87-3f1a-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding,Origin
content-type: application/javascript
cache-control: max-age=2592000, public, must-revalidate, proxy-revalidate
cf-ray: 5d432c651eacbebf-FRA
display: staticcontent_sol, staticcontent_sol
expires: Sun, 11 Oct 2020 13:30:46 GMT

GET
H2 200 scripts.min.js Show response
cdn-0.securityonline.info/wp-content/themes/hueman/assets/front/js/ 75 KB
20 KB 23ms
15ms Script
application/javascript 2606:4700:3031::681c:a6f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-0.securityonline.info/wp-content/themes/hueman/assets/front/js/scripts.min.js?ver=3.6.3
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::681c:a6f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0d6e69a0aef977e4aa5bc1336d91092c5ee481cf495663807880b3641a0cdf37

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:28:58 GMT
content-encoding: br
cf-cache-status: HIT
age: 7943
status: 200
x-middleton-display: staticcontent_sol, staticcontent_sol
x-middleton-response: 200
cf-request-id: 053dda139d0000bebf6e1a2200000001
pragma: public
response: 200
last-modified: Thu, 17 Sep 2020 10:47:31 GMT
server: cloudflare
etag: W/"5f633ec3-12a61-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding,Origin
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 5d432c65cf1dbebf-FRA
display: staticcontent_sol, staticcontent_sol
expires: Sat, 17 Oct 2020 11:16:35 GMT

GET
H2 200 comment-reply.min.js Show response
cdn-0.securityonline.info/wp-includes/js/ 3 KB
1 KB 62ms
35ms Script
application/javascript 2606:4700:3031::681c:a6f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-0.securityonline.info/wp-includes/js/comment-reply.min.js?ver=5.5.1
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::681c:a6f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d06df4184ba84e09a4be6a6ed101d1c3adefea0eaa833ddecf2f2251f6af33a3

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:28:58 GMT
content-encoding: br
cf-cache-status: HIT
age: 960814
status: 200
x-middleton-display: staticcontent_sol, staticcontent_sol
x-middleton-response: 200
cf-request-id: 053dda132b0000bebf6e19e200000001
pragma: public
response: 200
last-modified: Sun, 06 Sep 2020 08:09:22 GMT
server: cloudflare
etag: W/"5f4f23bf-b2d-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding,Origin
content-type: application/javascript
cache-control: max-age=2592000, public, must-revalidate, proxy-revalidate
cf-ray: 5d432c651e96bebf-FRA
display: staticcontent_sol, staticcontent_sol
expires: Tue, 06 Oct 2020 10:35:24 GMT

GET
H2 200 wp-embed.min.js Show response
cdn-0.securityonline.info/wp-includes/js/ 1 KB
821 B 57ms
30ms Script
application/javascript 2606:4700:3031::681c:a6f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-0.securityonline.info/wp-includes/js/wp-embed.min.js?ver=5.5.1
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::681c:a6f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6ebcda7a3a41ef97f0b4071160ceb1020e540fdc0f790079a5c2ef01ab654fe0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:28:58 GMT
content-encoding: br
cf-cache-status: HIT
age: 1319698
status: 200
x-middleton-display: staticcontent_sol, staticcontent_sol
x-middleton-response: 200
cf-request-id: 053dda132b0000bebf6e1a0200000001
pragma: public
response: 200
last-modified: Fri, 28 Aug 2020 00:49:20 GMT
server: cloudflare
etag: W/"5e854a87-59a-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding,Origin
content-type: application/javascript
cache-control: max-age=2592000, public, must-revalidate, proxy-revalidate
cf-ray: 5d432c651eadbebf-FRA
display: staticcontent_sol, staticcontent_sol
expires: Fri, 02 Oct 2020 06:54:00 GMT

GET
H2 200 OneSignalSDK.js Show response
cdn.onesignal.com/sdks/ 8 KB
3 KB 41ms
15ms Script
application/javascript 2606:4700::6812:e134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js?ver=5.5.1
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6812:e134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 96e3623b4080d2a019664c7f4e55cb1536a45fb84c3b34aeaede4c04b4bae373

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:28:58 GMT
content-encoding: gzip
cf-cache-status: HIT
server: cloudflare
age: 996
etag: W/"f9d3ce9829dac0f7e3861df96a993d72"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: public, max-age=259200
cf-ray: 5d432c65eab0646d-FRA
cf-request-id: 053dda13af0000646dbfa3f200000001
expires: Sun, 20 Sep 2020 13:28:58 GMT

GET
H2 200 houston.js Show response
securityonline.info/detroitchicago/ 3 KB
957 B 31ms
23ms Script
application/javascript 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://securityonline.info/detroitchicago/houston.js?gcb=2&cb=16
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 6dc4e0ef60d1c3d76dd0440547f199428d58ad2272a9b313fae25b40a1fa5b0d

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:28:58 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
status: 200
x-middleton-display: sol-js
cache-control: max-age=31536000, public
content-length: 925

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 53 KB
18 KB 63ms
56ms Script
text/javascript 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

sffe /

Resource Hash

900511ec61dfbaee57b233f89b46ff3928cfdd407e8e3dcda1e3a37057e000d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:28:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "635 / 592 of 1000 / last-modified: 1600341137"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17847
x-xss-protection: 0
expires: Thu, 17 Sep 2020 13:28:58 GMT

GET
H2 200 tulsa.js Show response
securityonline.info/detroitchicago/ 9 KB
3 KB 31ms
24ms Script
application/javascript 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://securityonline.info/detroitchicago/tulsa.js?gcb=191-2&cb=2
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: a61307b63d4884dbc257c672318c63eba9c3ff9d5d1f7e52978c878c6739d7e9

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:28:58 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
status: 200
x-middleton-display: sol-js
cache-control: max-age=31536000, public
content-length: 2680

GET
H2 200 banger.js Show response
securityonline.info/porpoiseant/ 49 KB
10 KB 38ms
31ms Script
application/javascript 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://securityonline.info/porpoiseant/banger.js?cb=191-2&bv=86&v=35&PageSpeed=off
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: d92e00448bdef158e41118a2e82393fe48215c01db1c20ed9df4ee6faaaafcb4

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Thu, 17 Sep 2020 13:28:58 GMT
content-encoding: br
server: nginx/1.16.0
cache-control: max-age=31536000, public
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript

GET
H2 200 memphis.js Show response
securityonline.info/detroitchicago/ 5 KB
1 KB 29ms
23ms Script
application/javascript 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://securityonline.info/detroitchicago/memphis.js?gcb=191-2&cb=1
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 1ca10f8a06498f5c3104fbf34cf163e62be492b1a214470ec765215b20a166aa

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:28:58 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
status: 200
x-middleton-display: sol-js
cache-control: max-age=31536000, public
content-length: 1454

GET
H2 200 minneapolis.js Show response
securityonline.info/detroitchicago/ 845 B
451 B 30ms
24ms Script
application/javascript 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://securityonline.info/detroitchicago/minneapolis.js?gcb=191-2&cb=1
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: aa475af0fb05e1b76590fbc8eb5b49d3c1e772a8efbde59c9991e07972f1223e

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:28:58 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
status: 200
x-middleton-display: sol-js
cache-control: max-age=31536000, public
content-length: 419

GET
H2 200 raleigh.js Show response
securityonline.info/detroitchicago/ 2 KB
751 B 31ms
25ms Script
application/javascript 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://securityonline.info/detroitchicago/raleigh.js?gcb=191-2&cb=1
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 0fadd83464640fea2e28bf01fdd092956772ff393ab5399a496d1caec4170cb4

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:28:58 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
status: 200
x-middleton-display: sol-js
cache-control: max-age=31536000, public
content-length: 720

GET
H2 200 tampa.js Show response
securityonline.info/detroitchicago/ 754 B
437 B 26ms
23ms Script
application/javascript 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://securityonline.info/detroitchicago/tampa.js?gcb=191-2&cb=1
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: a2bd6d03b5ca4077052ad35975e64c93f8d790133a8ba0eea95d20fb5beb0b09

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:28:58 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
status: 200
x-middleton-display: sol-js
cache-control: max-age=31536000, public
content-length: 405

GET
H2 200 rochester.js Show response
securityonline.info/detroitchicago/ 2 KB
783 B 27ms
25ms Script
application/javascript 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://securityonline.info/detroitchicago/rochester.js?cb=191-2&v=9
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 777cc56d4fcbc36f7a94abab1b63d6c20cf73def1bc63f02aa2313b0aa609ada

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:28:58 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
status: 200
x-middleton-display: sol-js
cache-control: max-age=31536000, public
content-length: 751

GET
H2 200 ga.js Show response
ssl.google-analytics.com/ 45 KB
17 KB 30ms
6ms Script
text/javascript 2a00:1450:4001:81d::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ssl.google-analytics.com/ga.js

Requested by

Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 09 Sep 2020 01:50:37 GMT
server: Golfe2
age: 3902
date: Thu, 17 Sep 2020 12:23:56 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17168
expires: Thu, 17 Sep 2020 14:23:56 GMT

GET
H2 200 ezosuigeneris.js Show response
g.ezoic.net/ 555 B
561 B 81ms
28ms Script
text/javascript 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezoic.net/ezosuigeneris.js
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: a2fec0b64f22b60282df0074c7c514dbd4ac4e033f246e492a3593c1855c532b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:28:58 GMT
content-encoding: br
last-modified: Thu, 17 Sep 2020 01:52:37 GMT
server: nginx/1.16.0
etag: 94f612e54078b17980816c7a53e6584e
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
status: 200
cache-control: max-age=999999, private
content-length: 275
expires: Mon, 29 Apr 2020 21:44:55 GMT

GET
H2 200 dayton.js Show response
securityonline.info/detroitchicago/ 13 KB
5 KB 28ms
25ms Script
application/javascript 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://securityonline.info/detroitchicago/dayton.js?gcb=2&cb=3
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 545881e36f9fe4d4d387c90f876f32df9c0cb800545fe5bb0496a58f6dc53b86

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:28:58 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
status: 200
x-middleton-display: sol-js
cache-control: max-age=31536000, public

GET
H2 200 l.svg
securityonline.info/utilcave_com/ 965 B
628 B 41ms
39ms Image
image/svg+xml 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/utilcave_com/l.svg
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 9cc19c02d87c3360d404c6dcf6e7982304f5e54abda4209de7a3bc44d3c54883

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:28:58 GMT
content-encoding: br
last-modified: Thu, 17 Sep 2020 04:34:23 GMT
server: nginx/1.16.0
display: staticcontent_sol, staticcontent_sol
etag: "3c5-5ac9ecc7b5bc0-gzip-gzip"
vary: Accept-Encoding, Accept-Encoding,Origin
content-type: image/svg+xml
status: 200
x-middleton-display: staticcontent_sol, staticcontent_sol
cache-control: max-age=604800
x-sol: middleton
content-length: 422
expires: Thu, 24 Sep 2020 13:28:58 GMT

GET
H2 200 4iCv6KVjbNBYlgoCxCvjsGyNPYZvgw.woff2
fonts.gstatic.com/s/ubuntu/v15/ 14 KB
14 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ubuntu/v15/4iCv6KVjbNBYlgoCxCvjsGyNPYZvgw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Ubuntu:400,400italic,300italic,300,700&subset=latin,latin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

251e8e864140d9a7ceacce3371ff692595dd0a455ad000de4041d8a313618bd7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://securityonline.info
Referer: https://fonts.googleapis.com/css?family=Ubuntu:400,400italic,300italic,300,700&subset=latin,latin-ext
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 10 Sep 2020 17:25:02 GMT
x-content-type-options: nosniff
last-modified: Thu, 10 Sep 2020 17:03:11 GMT
server: sffe
age: 590636
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14096
x-xss-protection: 0
expires: Fri, 10 Sep 2021 17:25:02 GMT

GET
H2 200 4iCv6KVjbNBYlgoC1CzjsGyNPYZvgw.woff2
fonts.gstatic.com/s/ubuntu/v15/ 13 KB
13 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ubuntu/v15/4iCv6KVjbNBYlgoC1CzjsGyNPYZvgw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Ubuntu:400,400italic,300italic,300,700&subset=latin,latin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

12deb5082d9a265422916da8c3f6b1db8636ff8a5a72e0cad6cdf62f1ef5fc93

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://securityonline.info
Referer: https://fonts.googleapis.com/css?family=Ubuntu:400,400italic,300italic,300,700&subset=latin,latin-ext
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 10 Sep 2020 17:40:39 GMT
x-content-type-options: nosniff
last-modified: Thu, 10 Sep 2020 17:02:49 GMT
server: sffe
age: 589699
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13588
x-xss-protection: 0
expires: Fri, 10 Sep 2021 17:40:39 GMT

GET
H2 200 fa-solid-900.woff2
securityonline.info/wp-content/themes/hueman/assets/front/webfonts/ 74 KB
75 KB 559ms
559ms Font
font/woff2 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://securityonline.info/wp-content/themes/hueman/assets/front/webfonts/fa-solid-900.woff2?v=5.12.1

Requested by

Host: cdn-0.securityonline.info
URL: https://cdn-0.securityonline.info/wp-content/cache/wpfc-minified/7z76zcfw/br0pk.css?ff=1&wps=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-126-196-163.eu-central-1.compute.amazonaws.com

Software

nginx/1.16.0 /

Resource Hash

2c3097237d60f42e800ebe4009c9af144bb19e5581e1c0501c7b259eee7e210c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Origin: https://securityonline.info
Referer: https://cdn-0.securityonline.info/wp-content/cache/wpfc-minified/7z76zcfw/br0pk.css?ff=1&wps=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:28:59 GMT
content-encoding: br
vary: Accept-Encoding, Origin,Accept-Encoding
display: staticcontent_sol, staticcontent_sol
status: 200
x-middleton-display: staticcontent_sol, staticcontent_sol
strict-transport-security: max-age=31536000
response: 200
last-modified: Thu, 17 Sep 2020 10:47:31 GMT
server: nginx/1.16.0
etag: "5f633ec3-12958-gzip"
access-control-max-age: 1728000
access-control-allow-methods: POST, GET, OPTIONS
content-type: font/woff2
access-control-allow-origin: https://securityonline.info
x-middleton-response: 200
cache-control: public, max-age=2592000

GET
H2 200 4iCp6KVjbNBYlgoKejZftVyPN4FNgYUJ.woff2
fonts.gstatic.com/s/ubuntu/v15/ 14 KB
15 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ubuntu/v15/4iCp6KVjbNBYlgoKejZftVyPN4FNgYUJ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Ubuntu:400,400italic,300italic,300,700&subset=latin,latin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ac248ab7da608a3a61f44032c9fcf1e3d0f2d74ffd6ca2e12031666038f10685

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://securityonline.info
Referer: https://fonts.googleapis.com/css?family=Ubuntu:400,400italic,300italic,300,700&subset=latin,latin-ext
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 10 Sep 2020 17:42:08 GMT
x-content-type-options: nosniff
last-modified: Thu, 10 Sep 2020 17:04:01 GMT
server: sffe
age: 589610
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14736
x-xss-protection: 0
expires: Fri, 10 Sep 2021 17:42:08 GMT

GET
H2 200 4iCs6KVjbNBYlgoKfw72nU6AFw.woff2
fonts.gstatic.com/s/ubuntu/v15/ 13 KB
14 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ubuntu/v15/4iCs6KVjbNBYlgoKfw72nU6AFw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Ubuntu:400,400italic,300italic,300,700&subset=latin,latin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

943a150e9577247cc5e8e493065795ca77a35485b4169f33a4d6f570c209b010

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://securityonline.info
Referer: https://fonts.googleapis.com/css?family=Ubuntu:400,400italic,300italic,300,700&subset=latin,latin-ext
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 10 Sep 2020 17:27:11 GMT
x-content-type-options: nosniff
last-modified: Thu, 10 Sep 2020 17:03:01 GMT
server: sffe
age: 590507
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13720
x-xss-protection: 0
expires: Fri, 10 Sep 2021 17:27:11 GMT

GET
DATA 200
OK truncated
/ 42 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 fa-brands-400.woff2
securityonline.info/wp-content/themes/hueman/assets/front/webfonts/ 75 KB
75 KB 570ms
569ms Font
font/woff2 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://securityonline.info/wp-content/themes/hueman/assets/front/webfonts/fa-brands-400.woff2?v=5.12.1

Requested by

Host: cdn-0.securityonline.info
URL: https://cdn-0.securityonline.info/wp-content/cache/wpfc-minified/7z76zcfw/br0pk.css?ff=1&wps=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-126-196-163.eu-central-1.compute.amazonaws.com

Software

nginx/1.16.0 /

Resource Hash

089630244600f33230010f5e04c67419ec642c5228540adb42e3fe92c631e6bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Origin: https://securityonline.info
Referer: https://cdn-0.securityonline.info/wp-content/cache/wpfc-minified/7z76zcfw/br0pk.css?ff=1&wps=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:28:59 GMT
content-encoding: br
vary: Accept-Encoding, Origin,Accept-Encoding
display: staticcontent_sol, staticcontent_sol
status: 200
x-middleton-display: staticcontent_sol, staticcontent_sol
strict-transport-security: max-age=31536000
response: 200
last-modified: Thu, 17 Sep 2020 10:47:31 GMT
server: nginx/1.16.0
etag: "5f633ec3-12b04-gzip"
access-control-max-age: 1728000
access-control-allow-methods: POST, GET, OPTIONS
content-type: font/woff2
access-control-allow-origin: https://securityonline.info
x-middleton-response: 200
cache-control: public, max-age=2592000

GET
DATA 200
OK truncated
/ 69 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8f5102fffc97f20212ac285df3292a8b9c3e486e4620e289c6a59c2db288c8a5

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2

200

sid Show response
mug.criteo.com/
Redirect Chain

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fsecurityonline.info%2F&domain=securityonline.info&cw=1
https://mug.criteo.com/sid?cpp=K3sAdHx0a1dPaHlvOW9FQ01scGdGenZIVENXcXBOcGQyS1ZabFpFOTQ3YzFBcVBnK2RERDNZRjJZMnF1am1NdTlkUzB0NGgrRmQ1M2FKUTk0cGxVVkhvN2pvWXpGQWF0T1YvL3l6TzdwcmhyWng5bExiY2lrNDA2WTRCdE...

339 B
632 B

170ms
40ms

XHR
application/json

178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=K3sAdHx0a1dPaHlvOW9FQ01scGdGenZIVENXcXBOcGQyS1ZabFpFOTQ3YzFBcVBnK2RERDNZRjJZMnF1am1NdTlkUzB0NGgrRmQ1M2FKUTk0cGxVVkhvN2pvWXpGQWF0T1YvL3l6TzdwcmhyWng5bExiY2lrNDA2WTRCdEFJKzRCc3VkZ1o4bmh4T1NFQVhmclFZNis3bVJINnNnNE5nWTNsNjg1T0VXbUt1OUdHK2dtUCthUDVrYnJOY1NaQnp1SW5hbmIzeHJjcFhBaVVmOU1WTjZyd3kxUExhbzFrREhjb2dBcGpaSFloZGgrWmFzPXw&cppv=2

Requested by

Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

1811147234841b18ce6690f69ac772739532d900e97c6bc1f2294ed41b56f7a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
date: Thu, 17 Sep 2020 13:28:58 GMT
status: 200
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1134
content-length: 339
expires: 0

Redirect headers

pragma: no-cache
strict-transport-security: max-age=31536000
status: 302
date: Thu, 17 Sep 2020 13:28:58 GMT
location: https://mug.criteo.com/sid?cpp=K3sAdHx0a1dPaHlvOW9FQ01scGdGenZIVENXcXBOcGQyS1ZabFpFOTQ3YzFBcVBnK2RERDNZRjJZMnF1am1NdTlkUzB0NGgrRmQ1M2FKUTk0cGxVVkhvN2pvWXpGQWF0T1YvL3l6TzdwcmhyWng5bExiY2lrNDA2WTRCdEFJKzRCc3VkZ1o4bmh4T1NFQVhmclFZNis3bVJINnNnNE5nWTNsNjg1T0VXbUt1OUdHK2dtUCthUDVrYnJOY1NaQnp1SW5hbmIzeHJjcFhBaVVmOU1WTjZyd3kxUExhbzFrREhjb2dBcGpaSFloZGgrWmFzPXw&cppv=2
access-control-allow-methods: GET
content-type: text/html; charset=utf-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1015
content-length: 482
expires: 0

POST
H2 204 cdb Show response
bidder.criteo.com/ 0
149 B 51ms
18ms XHR
text/plain 178.250.2.131
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://bidder.criteo.com/cdb?profileId=207&av=31&wv=3.20.0&cb=32500653208
Requested by: Host: securityonline.info
URL: https://securityonline.info/porpoiseant/dall3202test.js?cb=191-2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: bidder.am5.vip.prod.criteo.com
Software: Finatra /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Thu, 17 Sep 2020 13:28:58 GMT
access-control-allow-credentials: true
server: Finatra
access-control-allow-origin: https://securityonline.info
timing-allow-origin: *
vary: Origin

GET
H2 200 imp Show response
g2.gumgum.com/hbid/ 384 B
899 B 164ms
77ms XHR
application/json 54.194.107.225
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/hbid/imp?si=20829&pi=3&gdprApplies=0&schain=1.0%2C1!ezoic.com%2Cef52af3eb8f11ec9f82a203957c8975d%2C1%2C%2C%2C&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&ce=true&dpr=1&jcsi=%257B%2522t%2522%253A0%252C%2522rq%2522%253A8%257D&ogu=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&ns=9421
Requested by: Host: securityonline.info
URL: https://securityonline.info/porpoiseant/dall3202test.js?cb=191-2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.194.107.225 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-194-107-225.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 05ed06bbae1a1994c3e8c9cc4dc2d09caf4a42e943f0bc472d54f990ee6ac7c5

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 17 Sep 2020 13:28:58 GMT
content-encoding: gzip
content-type: application/json;charset=UTF-8
server: nginx
status: 200
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://securityonline.info
cache-control: private, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
expires: 0

GET
H2 200 imp Show response
g2.gumgum.com/hbid/ 384 B
899 B 164ms
77ms XHR
application/json 54.194.107.225
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/hbid/imp?si=20829&pi=3&gdprApplies=0&schain=1.0%2C1!ezoic.com%2Cef52af3eb8f11ec9f82a203957c8975d%2C1%2C%2C%2C&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&ce=true&dpr=1&jcsi=%257B%2522t%2522%253A0%252C%2522rq%2522%253A8%257D&ogu=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&ns=9421
Requested by: Host: securityonline.info
URL: https://securityonline.info/porpoiseant/dall3202test.js?cb=191-2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.194.107.225 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-194-107-225.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 043d285912c05df102752c6b3927486714d18b60300aef91b5c93ab1d807c34f

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 17 Sep 2020 13:28:58 GMT
content-encoding: gzip
content-type: application/json;charset=UTF-8
server: nginx
status: 200
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://securityonline.info
cache-control: private, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
expires: 0

GET
H2 200 imp Show response
g2.gumgum.com/hbid/ 384 B
898 B 164ms
78ms XHR
application/json 54.194.107.225
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/hbid/imp?si=20829&pi=3&gdprApplies=0&schain=1.0%2C1!ezoic.com%2Cef52af3eb8f11ec9f82a203957c8975d%2C1%2C%2C%2C&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&ce=true&dpr=1&jcsi=%257B%2522t%2522%253A0%252C%2522rq%2522%253A8%257D&ogu=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&ns=9421
Requested by: Host: securityonline.info
URL: https://securityonline.info/porpoiseant/dall3202test.js?cb=191-2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.194.107.225 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-194-107-225.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 29c499dce6d4b0c568435f27d2fd6b370b576b97dd7ded180e35866265f8da8a

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 17 Sep 2020 13:28:58 GMT
content-encoding: gzip
content-type: application/json;charset=UTF-8
server: nginx
status: 200
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://securityonline.info
cache-control: private, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
expires: 0

GET
H2 200 imp Show response
g2.gumgum.com/hbid/ 384 B
898 B 164ms
79ms XHR
application/json 54.194.107.225
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/hbid/imp?si=20829&pi=3&gdprApplies=0&schain=1.0%2C1!ezoic.com%2Cef52af3eb8f11ec9f82a203957c8975d%2C1%2C%2C%2C&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&ce=true&dpr=1&jcsi=%257B%2522t%2522%253A0%252C%2522rq%2522%253A8%257D&ogu=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&ns=9421
Requested by: Host: securityonline.info
URL: https://securityonline.info/porpoiseant/dall3202test.js?cb=191-2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.194.107.225 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-194-107-225.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: b739ba1b23bab8b4b439d6b6ca915740bf435e16a683d927003a649bbdd08fb0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 17 Sep 2020 13:28:58 GMT
content-encoding: gzip
content-type: application/json;charset=UTF-8
server: nginx
status: 200
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://securityonline.info
cache-control: private, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
expires: 0

GET
H2 200 imp Show response
g2.gumgum.com/hbid/ 384 B
898 B 180ms
95ms XHR
application/json 54.194.107.225
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/hbid/imp?si=20891&pi=3&gdprApplies=0&schain=1.0%2C1!ezoic.com%2Cef52af3eb8f11ec9f82a203957c8975d%2C1%2C%2C%2C&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&ce=true&dpr=1&jcsi=%257B%2522t%2522%253A0%252C%2522rq%2522%253A8%257D&ogu=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&ns=9421
Requested by: Host: securityonline.info
URL: https://securityonline.info/porpoiseant/dall3202test.js?cb=191-2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.194.107.225 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-194-107-225.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e57abdea2c767b9ea1100b259d0ef397180bb6b7bd55b4335c3c281f90db905c

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 17 Sep 2020 13:28:58 GMT
content-encoding: gzip
content-type: application/json;charset=UTF-8
server: nginx
status: 200
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://securityonline.info
cache-control: private, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
expires: 0

GET
H2 200 imp Show response
g2.gumgum.com/hbid/ 384 B
897 B 168ms
83ms XHR
application/json 54.194.107.225
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/hbid/imp?si=20887&pi=3&gdprApplies=0&schain=1.0%2C1!ezoic.com%2Cef52af3eb8f11ec9f82a203957c8975d%2C1%2C%2C%2C&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&ce=true&dpr=1&jcsi=%257B%2522t%2522%253A0%252C%2522rq%2522%253A8%257D&ogu=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&ns=9421
Requested by: Host: securityonline.info
URL: https://securityonline.info/porpoiseant/dall3202test.js?cb=191-2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.194.107.225 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-194-107-225.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 27c1fd08e756878ae7dcf87b8e5c726f3e6ac9d2111189f21d4a5ef9832f8ccf

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 17 Sep 2020 13:28:58 GMT
content-encoding: gzip
content-type: application/json;charset=UTF-8
server: nginx
status: 200
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://securityonline.info
cache-control: private, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
expires: 0

GET
H2 200 imp Show response
g2.gumgum.com/hbid/ 384 B
898 B 166ms
82ms XHR
application/json 54.194.107.225
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/hbid/imp?si=20849&pi=3&gdprApplies=0&schain=1.0%2C1!ezoic.com%2Cef52af3eb8f11ec9f82a203957c8975d%2C1%2C%2C%2C&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&ce=true&dpr=1&jcsi=%257B%2522t%2522%253A0%252C%2522rq%2522%253A8%257D&ogu=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&ns=9421
Requested by: Host: securityonline.info
URL: https://securityonline.info/porpoiseant/dall3202test.js?cb=191-2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.194.107.225 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-194-107-225.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 62b6cfeaca4303139fb2a03cb6d936ab7a2064e6d628f2fce6cb1211f89a24e3

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 17 Sep 2020 13:28:58 GMT
content-encoding: gzip
content-type: application/json;charset=UTF-8
server: nginx
status: 200
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://securityonline.info
cache-control: private, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
expires: 0

GET
H2 200 imp Show response
g2.gumgum.com/hbid/ 384 B
898 B 164ms
80ms XHR
application/json 54.194.107.225
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/hbid/imp?si=20849&pi=3&gdprApplies=0&schain=1.0%2C1!ezoic.com%2Cef52af3eb8f11ec9f82a203957c8975d%2C1%2C%2C%2C&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&ce=true&dpr=1&jcsi=%257B%2522t%2522%253A0%252C%2522rq%2522%253A8%257D&ogu=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&ns=9421
Requested by: Host: securityonline.info
URL: https://securityonline.info/porpoiseant/dall3202test.js?cb=191-2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.194.107.225 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-194-107-225.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 6a0fc1656ae24c80194965a9666d9b784bd2f9e31f9b19ab65cbff9c8a1eba52

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 17 Sep 2020 13:28:58 GMT
content-encoding: gzip
content-type: application/json;charset=UTF-8
server: nginx
status: 200
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://securityonline.info
cache-control: private, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
expires: 0

GET
H2 200 imp Show response
g2.gumgum.com/hbid/ 384 B
899 B 161ms
78ms XHR
application/json 54.194.107.225
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/hbid/imp?si=20849&pi=3&gdprApplies=0&schain=1.0%2C1!ezoic.com%2Cef52af3eb8f11ec9f82a203957c8975d%2C1%2C%2C%2C&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&ce=true&dpr=1&jcsi=%257B%2522t%2522%253A0%252C%2522rq%2522%253A8%257D&ogu=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&ns=9421
Requested by: Host: securityonline.info
URL: https://securityonline.info/porpoiseant/dall3202test.js?cb=191-2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.194.107.225 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-194-107-225.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: a5c7a576a26b14b71d7f65a6a46d0995244d8a9effdb4a59dad0bf5b0cbe3844

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 17 Sep 2020 13:28:58 GMT
content-encoding: gzip
content-type: application/json;charset=UTF-8
server: nginx
status: 200
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://securityonline.info
cache-control: private, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
expires: 0

GET
H2 200 imp Show response
g2.gumgum.com/hbid/ 384 B
897 B 172ms
88ms XHR
application/json 54.194.107.225
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/hbid/imp?si=20898&pi=3&gdprApplies=0&schain=1.0%2C1!ezoic.com%2Cef52af3eb8f11ec9f82a203957c8975d%2C1%2C%2C%2C&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&ce=true&dpr=1&jcsi=%257B%2522t%2522%253A0%252C%2522rq%2522%253A8%257D&ogu=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&ns=9421
Requested by: Host: securityonline.info
URL: https://securityonline.info/porpoiseant/dall3202test.js?cb=191-2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.194.107.225 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-194-107-225.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: d810cf8137b87c4e914e8652025c23da8e59c985c5f8cce44184aab1f3aa57b0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 17 Sep 2020 13:28:58 GMT
content-encoding: gzip
content-type: application/json;charset=UTF-8
server: nginx
status: 200
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://securityonline.info
cache-control: private, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
expires: 0

GET
H2 200 imp Show response
g2.gumgum.com/hbid/ 384 B
897 B 166ms
82ms XHR
application/json 54.194.107.225
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/hbid/imp?si=16891&pi=3&gdprApplies=0&schain=1.0%2C1!ezoic.com%2Cef52af3eb8f11ec9f82a203957c8975d%2C1%2C%2C%2C&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&ce=true&dpr=1&jcsi=%257B%2522t%2522%253A0%252C%2522rq%2522%253A8%257D&ogu=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&ns=9421
Requested by: Host: securityonline.info
URL: https://securityonline.info/porpoiseant/dall3202test.js?cb=191-2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.194.107.225 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-194-107-225.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 2f8c350716075fef240209dc695de9b28f9e20898f65bfe8661ad519a64f8d2e

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 17 Sep 2020 13:28:58 GMT
content-encoding: gzip
content-type: application/json;charset=UTF-8
server: nginx
status: 200
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://securityonline.info
cache-control: private, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
expires: 0

GET
H2 200 imp Show response
g2.gumgum.com/hbid/ 384 B
898 B 164ms
81ms XHR
application/json 54.194.107.225
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/hbid/imp?si=20849&pi=3&gdprApplies=0&schain=1.0%2C1!ezoic.com%2Cef52af3eb8f11ec9f82a203957c8975d%2C1%2C%2C%2C&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&ce=true&dpr=1&jcsi=%257B%2522t%2522%253A0%252C%2522rq%2522%253A8%257D&ogu=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&ns=9421
Requested by: Host: securityonline.info
URL: https://securityonline.info/porpoiseant/dall3202test.js?cb=191-2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.194.107.225 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-194-107-225.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 8cc3107567451ef72986b25387f8b8a3f8a488a601e7e50e57160c1226057295

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 17 Sep 2020 13:28:58 GMT
content-encoding: gzip
content-type: application/json;charset=UTF-8
server: nginx
status: 200
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://securityonline.info
cache-control: private, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
expires: 0

GET
H2 200 imp Show response
g2.gumgum.com/hbid/ 384 B
898 B 162ms
80ms XHR
application/json 54.194.107.225
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/hbid/imp?si=20904&pi=3&gdprApplies=0&schain=1.0%2C1!ezoic.com%2Cef52af3eb8f11ec9f82a203957c8975d%2C1%2C%2C%2C&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&ce=true&dpr=1&jcsi=%257B%2522t%2522%253A0%252C%2522rq%2522%253A8%257D&ogu=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&ns=9421
Requested by: Host: securityonline.info
URL: https://securityonline.info/porpoiseant/dall3202test.js?cb=191-2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.194.107.225 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-194-107-225.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 2e7bb1169462a9c1ed218539afc1154f16675470c6a8eb85dcbd516013ddbc23

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 17 Sep 2020 13:28:58 GMT
content-encoding: gzip
content-type: application/json;charset=UTF-8
server: nginx
status: 200
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://securityonline.info
cache-control: private, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
expires: 0

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ 46 B
725 B 157ms
116ms XHR
application/json 216.52.2.30
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_3.20.0
Requested by: Host: securityonline.info
URL: https://securityonline.info/porpoiseant/dall3202test.js?cb=191-2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.30 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx /
Resource Hash: e563aa5d7d66b815752f76db3e41b741a3809b3ef01487d8491788c4a9e56597

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Date: Thu, 17 Sep 2020 13:28:58 GMT
Content-Encoding: gzip
Server: nginx
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: https://securityonline.info
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap6ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 62

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
118 B 175ms
136ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: securityonline.info
URL: https://securityonline.info/porpoiseant/dall3202test.js?cb=191-2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Thu, 17 Sep 2020 13:28:58 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-origin: https://securityonline.info

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 1 KB
1 KB 160ms
121ms XHR
application/json 185.33.221.13
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: securityonline.info
URL: https://securityonline.info/porpoiseant/dall3202test.js?cb=191-2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.13 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

f7eeb01f12706854f87fa06b75b55b87df8300a20b47ed398813895a8ef104d6

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Date: Thu, 17 Sep 2020 13:28:58 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 185.212.171.67; 185.212.171.67; 729.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.59:80
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 48939a1a-4f80-4a39-bdf3-47fe835fd4ee
Server: nginx/1.17.9
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://securityonline.info
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 anaheim.js Show response
securityonline.info/detroitchicago/ 665 B
369 B 30ms
23ms Script
application/javascript 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://securityonline.info/detroitchicago/anaheim.js?gcb=2&cb=1
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: c090c938bbe4c0ed91065ff339cc4799f3758b9c1df20af104ac749ec285f97e

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:28:58 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
status: 200
x-middleton-display: sol-js
cache-control: max-age=31536000, public
content-length: 337

GET
H2 200 ezosuigenerisc.js Show response
g.ezoic.net/ 0
54 B 35ms
28ms Script
text/html 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezoic.net/ezosuigenerisc.js?nogen=1
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Thu, 17 Sep 2020 13:28:58 GMT
cache-control: max-age=300, private
server: nginx/1.16.0
content-length: 0
vary: Accept-Encoding, Accept-Encoding
content-type: text/html; charset=utf-8

GET
H3-Q050 200 __utm.gif
ssl.google-analytics.com/r/ 35 B
56 B 58ms
26ms Image
image/gif 2a00:1450:4001:81d::2008
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=446638944&utmhn=securityonline.info&utme=8(template*t*rid*bra)9(pub_site*134*0*mod1)11(3!2)&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Hot%20Potato%20%E2%80%93%20Windows%20Privilege%20Escalation%2CHot%20Potato%20%E2%80%93%20Windows%207%2C8%2C10%2C%20Server%202008%2C%20Server%202012%20Privilege%20Escalation%20in%20Metasploit%20%26%20PowerShell&utmhid=1476984913&utmr=-&utmp=%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&utmht=1600349338830&utmac=UA-124345349-20&utmcc=__utma%3D264774413.1551435357.1600349339.1600349339.1600349339.1%3B%2B__utmz%3D264774413.1600349339.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=1921097979&utmredir=1&utmmt=1&utmu=qTAgAAAAAAAAAAAAAAAAAABE~

Requested by

Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81d::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Sep 2020 13:28:58 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 __utm.gif
ssl.google-analytics.com/r/ 35 B
386 B 54ms
22ms Image
image/gif 2a00:1450:4001:81d::2008
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=2&utmn=850194487&utmhn=securityonline.info&utme=8(template*domain)9(pub_site*securityonline.info)&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Hot%20Potato%20%E2%80%93%20Windows%20Privilege%20Escalation%2CHot%20Potato%20%E2%80%93%20Windows%207%2C8%2C10%2C%20Server%202008%2C%20Server%202012%20Privilege%20Escalation%20in%20Metasploit%20%26%20PowerShell&utmhid=1476984913&utmr=-&utmp=%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&utmht=1600349338838&utmac=UA-38339005-1&utmcc=__utma%3D264774413.1551435357.1600349339.1600349339.1600349339.1%3B%2B__utmz%3D264774413.1600349339.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=864932791&utmredir=1&utmmt=1&utmu=qTAgAAAAAAAAAAAAAAAAAABE~

Requested by

Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81d::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Sep 2020 13:28:58 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 imp.gif
securityonline.info/detroitchicago/ 43 B
127 B 47ms
29ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/detroitchicago/imp.gif?e=%7B%22ad_cache_level%22%3A2%2C%22ad_count_adjustment%22%3A0%2C%22ad_lazyload_version%22%3A6%2C%22ad_location_ids%22%3A%220%2C0%2C0%2C0%2C21%2C2%2C34%2C34%2C34%2C34%2C5%2C37%2C704%2C4%22%2C%22ad_transform_level%22%3A0%2C%22adx_ad_count%22%3A14%2C%22bidder_method%22%3A0%2C%22bidder_version%22%3A3%2C%22city%22%3A%22Amsterdam%22%2C%22country%22%3A%22NL%22%2C%22days_since_last_visit%22%3A-1%2C%22display_ad_count%22%3A7%2C%22domain_id%22%3A124533%2C%22domain_test_group%22%3A20200410%2C%22ds_adsize_opt_id%22%3A-1%2C%22engaged_time_visit%22%3A0%2C%22ezcache_level%22%3A0%2C%22forensiq_score%22%3A-1%2C%22form_factor_id%22%3A1%2C%22framework_id%22%3A1%2C%22has_bad_image%22%3A0%2C%22has_bad_words%22%3A0%2C%22iab_category%22%3A%22%22%2C%22iab_category_0%22%3A%22596%22%2C%22iab_category_1%22%3A%22618%22%2C%22is_from_recommended_pages%22%3Afalse%2C%22is_return_visitor%22%3Afalse%2C%22is_sitespeed%22%3A1%2C%22last_page_load%22%3A%22%22%2C%22last_pageview_id%22%3A%22%22%2C%22lt_cache_level%22%3A0%2C%22max_ads%22%3A7%2C%22metro_code%22%3A0%2C%22optimization_version%22%3A0%2C%22page_ad_positions%22%3A%221100%2C1102%2C1102%2C1102%2C1102%2C1103%2C1104%2C1105%2C1107%2C1107%2C1107%2C1107%2C1110%2C1112%22%2C%22page_view_count%22%3A0%2C%22page_view_id%22%3A%22f7219c6d-0363-47c6-7cf3-3c082f71621a%22%2C%22position_selection_id%22%3A39%2C%22postal_code%22%3A%221101%22%2C%22pv_event_count%22%3A0%2C%22response_time_orig%22%3A364%2C%22serverid%22%3A%2254.93.230.251%3A17730%22%2C%22state%22%3A%22NH%22%2C%22sub_page_ad_positions%22%3A%221100%2C1102%2C1102%2C1102%2C1102%2C1103%2C1104%2C1105%2C1107%2C1107%2C1107%2C1107%2C1110%2C1112%22%2C%22t_epoch%22%3A1600349336%2C%22template_id%22%3A134%2C%22time_on_site_visit%22%3A0%2C%22url%22%3A%22https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F%22%2C%22user_id%22%3A0%2C%22word_count%22%3A758%2C%22worst_bad_word_level%22%3A0%7D
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:28:58 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: imp_sol
cache-control: no-cache, no-store, must-revalidate, max-age=0
content-length: 47

GET
DATA 200
OK truncated
/ 42 B
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c90cff659645a312a28804965f3dbc34061338f7234ff5d6ddb2c57e9eadec15

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/webp

GET
H2 200 greenoaks.gif
securityonline.info/detroitchicago/ 43 B
155 B 31ms
29ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiJmNzIxOWM2ZC0wMzYzLTQ3YzYtN2NmMy0zYzA4MmY3MTYyMWEiLCJkb21haW5faWQiOiIxMjQ1MzMiLCJ0X2Vwb2NoIjoxNjAwMzQ5MzM2LCJkYXRhIjpbeyJuYW1lIjoidW5pdmVyc2FsX3VzZXJfaWQiLCJ2YWwiOiI5NGY2MTJlNTQwNzhiMTc5ODA4MTZjN2E1M2U2NTg0ZSJ9XX1d
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:28:58 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:28:58 UTC

GET
H3-Q050 200 pubads_impl_2020091501.js Show response
securepubads.g.doubleclick.net/gpt/ 263 KB
92 KB 100ms
99ms Script
text/javascript 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

sffe /

Resource Hash

ddf938119baaea8aab1fea95405f5a270d92869f8a9fe6f96b2c4e8861a9cf67

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:28:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 08:49:18 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 94409
x-xss-protection: 0
expires: Thu, 17 Sep 2020 13:28:58 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 45 KB
18 KB 97ms
0ms Script
text/javascript 2a00:1450:4001:81a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-63315582-2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

60863e86aa7743d1ac841da7f473a05cd57fba81d661cef658e385437f80d5ef

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 09 Sep 2020 01:50:37 GMT
server: Golfe2
age: 798
date: Thu, 17 Sep 2020 13:15:40 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18650
expires: Thu, 17 Sep 2020 15:15:40 GMT

GET
H2 200 nmash.js
securityonline.info/porpoiseant/ 22 KB
5 KB 93ms
10ms Other
application/javascript 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://securityonline.info/porpoiseant/nmash.js?v=86
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 23c35871bd433283c634753bf3cc4db2d86aabe41b910b8fae020c6f35698756

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:28:58 GMT
content-encoding: br
last-modified: Fri, 11 Sep 2020 19:55:52 GMT
server: nginx/1.16.0
etag: "564c-5af0f126c2200;5af789f141b14-gzip"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=31536000, public
accept-ranges: bytes

GET
DATA 200
OK truncated
/ 69 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a32dc6a792384a0cfe0314a40991c6fee68809b10dab275863b851dddb2b59d6

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2

200

cse.js Show response
cse.google.com/cse/
Redirect Chain

https://www.google.com/cse/cse.js?cx=000577952335514451944:olq_fi17mqa
https://cse.google.com/cse/cse.js?cx=000577952335514451944:olq_fi17mqa

10 KB
4 KB

58ms
37ms

Script
text/javascript

2a00:1450:4001:817::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cse.google.com/cse/cse.js?cx=000577952335514451944:olq_fi17mqa

Requested by

Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gws /

Resource Hash

aa9ebdb733f04db5903710f0692d91cada19b2a0d97da21e0f56c5421585d9a1

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:28:59 GMT
content-encoding: br
server: gws
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
status: 200
cache-control: private
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3449
x-xss-protection: 0
expires: Thu, 17 Sep 2020 13:28:59 GMT

Redirect headers

date: Thu, 17 Sep 2020 13:28:59 GMT
x-content-type-options: nosniff
server: sffe
status: 302
content-type: text/html; charset=UTF-8
location: https://cse.google.com/cse/cse.js?cx=000577952335514451944:olq_fi17mqa
cache-control: private
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 267
x-xss-protection: 0

GET
H2 200 recommended_pages.js Show response
securityonline.info/utilcave_com/apps/js/ 16 KB
3 KB 122ms
52ms Script
application/javascript 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://securityonline.info/utilcave_com/apps/js/recommended_pages.js?cb=7
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 5b2b8d431ffc12e91090b624fc573a8ef4d18a8c68abc862fe1b1f40b17be72a

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:28:59 GMT
content-encoding: br
last-modified: Thu, 17 Sep 2020 04:34:16 GMT
server: nginx/1.16.0
display: staticcontent_sol, staticcontent_sol
etag: "41b3-5ac9ecc7b5bc0-gzip-gzip"
vary: Accept-Encoding, Accept-Encoding,Origin
content-type: application/javascript
status: 200
x-middleton-display: staticcontent_sol, staticcontent_sol
cache-control: public, max-age=2592000
x-sol: middleton
content-length: 3324

GET
H2 200 greenoaks.gif
securityonline.info/detroitchicago/ 43 B
100 B 120ms
51ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiJmNzIxOWM2ZC0wMzYzLTQ3YzYtN2NmMy0zYzA4MmY3MTYyMWEiLCJkb21haW5faWQiOiIxMjQ1MzMiLCJ0X2Vwb2NoIjoxNjAwMzQ5MzM2LCJkYXRhIjpbeyJuYW1lIjoiZXh0X3VzZXJfaGFzaCIsInZhbCI6Ik5UIn1dfV0=
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:28:59 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:28:58 UTC

GET
H2 200 anchorfix.js Show response
securityonline.info/ezoic/ 879 B
451 B 109ms
51ms Script
application/javascript 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://securityonline.info/ezoic/anchorfix.js?cb=191-2
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 15f0626dd31e3e991a1c21d6304f2e370b92b3c91650de3d7ed8a38f1159a457

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:28:59 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=31536000
content-length: 383
expires: Fri, 17 Sep 2021 13:28:59 GMT

GET
H2 200 edmonton.webp Show response
securityonline.info/detroitchicago/ 14 KB
4 KB 66ms
51ms Script
application/javascript 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://securityonline.info/detroitchicago/edmonton.webp?a=a&cb=191-2&shcb=34
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 997e1fbf8331c9f3af1ff0ace8c73754cbfce4c143c785b7bc44dbcead23576e

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Thu, 17 Sep 2020 13:28:59 GMT
content-encoding: br
server: nginx/1.16.0
cache-control: max-age=31536000
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript

GET
H2 200 jellyfish.webp Show response
securityonline.info/porpoiseant/ 58 KB
11 KB 152ms
65ms Script
application/javascript 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://securityonline.info/porpoiseant/jellyfish.webp?a=a&cb=191-2&shcb=34
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 0001e893552b1e9805eaf2cfe9b6867ddb916e2213083d8d1513aa3e2ee2dd78

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Thu, 17 Sep 2020 13:28:59 GMT
content-encoding: br
server: nginx/1.16.0
cache-control: max-age=31536000
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript

GET
H2 200 / Show response
graph.facebook.com/ 250 B
638 B 78ms
47ms Script
text/javascript 2a03:2880:f01c:800e:face:b00c:0:2
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://graph.facebook.com/?id=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&callback=jQuery11240876355642594864_1600349338506&_=1600349338507

Requested by

Host: cdn-0.securityonline.info
URL: https://cdn-0.securityonline.info/wp-content/cache/wpfc-minified/kl22a9fh/3u80x.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:800e:face:b00c:0:2 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

884bc9ee355e5de6e7a9cda65153b419ca4cc20e79170ae26532a3b08d4f8895

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
content-encoding: br
www-authenticate: OAuth "Facebook Platform" "invalid_request" "(#2) Service temporarily unavailable"
status: 200
x-fb-rev: 1002680883
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 192
pragma: no-cache
x-fb-debug: wiRAcN2bgvVAgULxOXJ0tkpwleIgOQ0H+QdrFELMvd7w4c+0JrCOvk85+ureqisc4xvoMWn4Oy+MK/AEeTJShQ==
x-fb-trace-id: Dl9YHDbVeiJ
date: Thu, 17 Sep 2020 13:28:59 GMT
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
x-fb-request-id: Aik8pjmZmUv4TTuqJEIq-Be
cache-control: no-store
facebook-api-version: v3.1
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 count.json Show response
api.pinterest.com/v1/urls/ 191 B
436 B 268ms
131ms Script
application/javascript 23.210.248.189
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://api.pinterest.com/v1/urls/count.json?url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&callback=jQuery11240876355642594864_1600349338508&_=1600349338509

Requested by

Host: cdn-0.securityonline.info
URL: https://cdn-0.securityonline.info/wp-content/cache/wpfc-minified/kl22a9fh/3u80x.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.210.248.189 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-210-248-189.deploy.static.akamaitechnologies.com

Software

Resource Hash

b4044f9274e239d667efb6f456e1549389af5aa51c9f9638ca0d666e9d4402f1

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:28:59 GMT
x-content-type-options: nosniff
x-cdn: akamai
age: 0
status: 200
content-type: application/javascript
access-control-allow-origin: *
cache-control: private
x-envoy-upstream-service-time: 1
content-length: 191
x-pinterest-rid: 8973734832903164
expires: Thu, 17 Sep 2020 13:43:59 GMT

GET
H3-Q050 200 show_ads_impl_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20200914/r20190131/ 228 KB
86 KB 59ms
40ms Script
text/javascript 2a00:1450:4001:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20200914/r20190131/show_ads_impl_fy2019.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:820::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

57b34a23487339f53b201f781b1ef81f58cdf77033f9551c44efe8a21b49867c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:28:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 87685
x-xss-protection: 0
server: cafe
etag: 9656598585391825739
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Thu, 17 Sep 2020 13:28:59 GMT

GET
H2 200 zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20200914/r20190131/ Frame E511 0
0 8ms
6ms Document
text/html 2a00:1450:4001:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20200914/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20200914/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/

Response headers

status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
vary: Accept-Encoding
date: Wed, 16 Sep 2020 22:09:22 GMT
expires: Wed, 30 Sep 2020 22:09:22 GMT
content-type: text/html; charset=UTF-8
etag: 17942277541989656716
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4728
x-xss-protection: 0
age: 55177
cache-control: public, max-age=1209600
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 show_ads.js Show response
pagead2.googlesyndication.com/pagead/ 92 KB
33 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/show_ads.js

Requested by

Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:820::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ac4505a3ec35c5418aa4bb8d44be7302793b1c24917517d2c7c8017af59360ee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:28:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 33385
x-xss-protection: 0
server: cafe
etag: 2109666083148958802
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 17 Sep 2020 13:28:59 GMT

GET
H2 200 integrator.js Show response
adservice.google.nl/adsid/ 109 B
890 B 52ms
15ms Script
application/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.nl/adsid/integrator.js?domain=securityonline.info

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 17 Sep 2020 13:28:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.com/adsid/ 109 B
868 B 43ms
21ms Script
application/javascript 2a00:1450:4001:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=securityonline.info

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:820::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 17 Sep 2020 13:28:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 442 B
710 B 710ms
702ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=788064621681489&correlator=1582180902033983&output=ldjh&impl=fif&eid=21067118%2C21067408%2C21067482%2C21066706&vrg=2020091501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-box-3&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&prev_scp=iid8%3D745965%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1104%26sap%3D1104%26a%3D%257C124%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D5%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D2%26al%3D1002%26compid%3D0%26tap%3Dsecurityonline_info-box-3-745965%26eb_br%3Df0459c7057d45e6fbbed62c0762b551e%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D28%26bvm%3D2%26bvr%3D5%26shp%3D1%26br1%3D4800%26br2%3D2400%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D74%26deal1%3D25%2C26&cookie_enabled=1&bc=31&abxe=1&lmt=1600349339&dt=1600349339541&dlt=1600349338352&idt=1014&frm=20&biw=1600&bih=1200&oid=3&adxs=141&adys=513&adks=1835722818&ucis=1&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,FF0000|color_text,,000000|color_url,,FF0000&ifi=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=105&icsg=4436732086452226&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=880x99&msz=882x92&ga_vid=1551435357.1600349339&ga_sid=1600349339&ga_hid=1476984913&ga_fc=true&ga_wpids=UA-124345349-20&fws=4&ohw=882&btvi=0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

d2e32de902aecfcdc2fd76ed867cde23a78f089399f2d61065d7c0ce296e8348

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:00 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 228
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
f9acac6977ae19cfb3ec4a26c5f19535.safeframe.googlesyndication.com/safeframe/1-0-37/html/ 0
0 71ms
15ms Other
text/html 2a00:1450:4001:81b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://f9acac6977ae19cfb3ec4a26c5f19535.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H2 200 container.html
tpc.googlesyndication.com/safeframe/1-0-37/html/ 0
0 41ms
8ms Other
text/html 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 451 B
295 B 1822ms
1822ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=788064621681489&correlator=1582180902033983&output=ldjh&impl=fif&eid=21067118%2C21067408%2C21067482%2C21066706&vrg=2020091501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-medrectangle-3&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&prev_scp=iid8%3D714815%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1112%26sap%3D1112%26a%3D%257C2%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D4%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D21%26al%3D1021%26compid%3D0%26tap%3Dsecurityonline_info-medrectangle-3-714815%26eb_br%3D6dbaa2f5e27e83e2fcd15988d9095988%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D1%26bvm%3D2%26bvr%3D6%26shp%3D1%26br1%3D1600%26br2%3D800%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D39%26deal1%3D21%2C22%2C23%2C24%2C25%2C26&cookie_enabled=1&bc=31&abxe=1&lmt=1600349339&dt=1600349339573&dlt=1600349338352&idt=1014&frm=20&biw=1600&bih=1200&oid=3&adxs=140&adys=852&adks=2766934257&ucis=2&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,37a5d7|color_text,,000000|color_url,,F0F0F0&ifi=2&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=105&icsg=4436732086452226&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=880x97&msz=880x90&ga_vid=1551435357.1600349339&ga_sid=1600349339&ga_hid=1476984913&ga_fc=true&ga_wpids=UA-124345349-20&fws=0&ohw=0&btvi=0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

b62defac5cb1b2151f3961ef1aca9358589ebc7e3d2bb6d37669413c0a845d3a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:01 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 238
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 445 B
263 B 2103ms
2102ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=788064621681489&correlator=1582180902033983&output=ldjh&impl=fif&eid=21067118%2C21067408%2C21067482%2C21066706&vrg=2020091501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-leader-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&prev_scp=iid8%3D707965%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1103%26sap%3D1103%26a%3D%257C5%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D11%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D37%26al%3D1037%26compid%3D0%26tap%3Dsecurityonline_info-leader-1-707965%26eb_br%3Deeb0e32289ff31f9ddef18331038e5e9%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D0%26bvm%3D2%26bvr%3D7%26shp%3D1%26br1%3D900%26br2%3D450%26ezoic%3D1%26nmau%3D0%26mau%3D0%26deal1%3D21%2C22%2C23%2C24%2C25%2C26&cookie_enabled=1&bc=31&abxe=1&lmt=1600349339&dt=1600349339584&dlt=1600349338352&idt=1014&frm=20&biw=1600&bih=1200&oid=3&adxs=140&adys=1087&adks=4103646004&ucis=3&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,20929A|color_text,,000000|color_url,,F0F0F0&ifi=3&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=105&icsg=4436732086452226&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=880x97&msz=880x90&ga_vid=1551435357.1600349339&ga_sid=1600349339&ga_hid=1476984913&ga_fc=true&ga_wpids=UA-124345349-20&fws=0&ohw=0&btvi=0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

92e1703c262a388810c4626541f77d649060ae04cb54d731d87b3ac97a6875a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:01 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 230
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 443 B
287 B 2566ms
2564ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=788064621681489&correlator=1582180902033983&output=ldjh&impl=fif&eid=21067118%2C21067408%2C21067482%2C21066706&vrg=2020091501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&prev_scp=iid7%3D690415%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1107%26sap%3D1107%26a%3D%257C6%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D0%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dsecurityonline_info-box-1-690415%26eb_br%3D5f2b94bb26a5aa9b1a00e66d30cfd5ec%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D14%26bvm%3D0%26bvr%3D4%26shp%3D3%26acptad%3D1%26br1%3D500%26br2%3D260%26ezoic%3D1%26nmau%3D4%26mau%3D0%26stl%3D37%26deal1%3D21%2C22%2C23%2C24%2C25%2C26&cookie_enabled=1&bc=31&abxe=1&lmt=1600349339&dt=1600349339593&dlt=1600349338352&idt=1014&frm=20&biw=1600&bih=1200&oid=3&adxs=1181&adys=645&adks=3972398835&ucis=4&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,858585|color_text,,000000|color_url,,F0F0F0&ifi=4&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=105&icsg=4436732086452226&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x271&msz=302x264&ga_vid=1551435357.1600349339&ga_sid=1600349339&ga_hid=1476984913&ga_fc=true&ga_wpids=UA-124345349-20&fws=4&ohw=302&btvi=0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

3ca09ddb7c53c06322f051413a20c772e8d7e95aee7c400c5f29ec19d51a2409

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:02 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 231
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 443 B
268 B 2824ms
2821ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=788064621681489&correlator=1582180902033983&output=ldjh&impl=fif&eid=21067118%2C21067408%2C21067482%2C21066706&vrg=2020091501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&prev_scp=iid7%3D690415%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1107%26sap%3D1107%26a%3D%257C5%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D1%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dsecurityonline_info-box-1-690415%26eb_br%3D5f2b94bb26a5aa9b1a00e66d30cfd5ec%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D14%26bvm%3D0%26bvr%3D4%26shp%3D3%26acptad%3D1%26br1%3D500%26br2%3D260%26ezoic%3D1%26nmau%3D4%26mau%3D1%26stl%3D77%26deal1%3D21%2C22%2C23%2C24%2C25%2C26&cookie_enabled=1&bc=31&abxe=1&lmt=1600349339&dt=1600349339603&dlt=1600349338352&idt=1014&frm=20&biw=1600&bih=1200&oid=3&adxs=1181&adys=918&adks=77239893&ucis=5&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,20929A|color_text,,000000|color_url,,F0F0F0&ifi=5&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=105&icsg=4436732086452226&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x271&msz=302x264&ga_vid=1551435357.1600349339&ga_sid=1600349339&ga_hid=1476984913&ga_fc=true&ga_wpids=UA-124345349-20&fws=4&ohw=302&btvi=0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

60768bd8aa673caed4fea1c57e2d35ea8673c289ac057531ec86c7560049c110

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:02 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 234
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 449 B
271 B 3059ms
3058ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=788064621681489&correlator=1582180902033983&output=ldjh&impl=fif&eid=21067118%2C21067408%2C21067482%2C21066706&vrg=2020091501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&prev_scp=iid7%3D690415%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1107%26sap%3D1107%26a%3D%257C1%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D2%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dsecurityonline_info-box-1-690415%26eb_br%3D5f2b94bb26a5aa9b1a00e66d30cfd5ec%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D14%26bvm%3D0%26bvr%3D4%26shp%3D3%26acptad%3D1%26br1%3D500%26br2%3D260%26ezoic%3D1%26nmau%3D4%26mau%3D2%26stl%3D25%26deal1%3D21%2C22%2C23%2C24%2C25%2C26&cookie_enabled=1&bc=31&abxe=1&lmt=1600349339&dt=1600349339624&dlt=1600349338352&idt=1014&frm=20&biw=1600&bih=1200&oid=3&adxs=1181&adys=1191&adks=4209624997&ucis=6&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,1a0dab|color_text,,545454|color_url,,006621&ifi=6&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=105&icsg=4436732086452226&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x271&msz=302x264&ga_vid=1551435357.1600349339&ga_sid=1600349339&ga_hid=1476984913&ga_fc=true&ga_wpids=UA-124345349-20&fws=4&ohw=302&btvi=0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

9c5ec933d150dd490e65fd9c25bf211606f76671d329c23f3158637bdd0c1b9f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:02 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 237
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 443 B
288 B 3604ms
3603ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=788064621681489&correlator=1582180902033983&output=ldjh&impl=fif&eid=21067118%2C21067408%2C21067482%2C21066706&vrg=2020091501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&prev_scp=iid7%3D690415%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1107%26sap%3D1107%26a%3D%257C251%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D3%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dsecurityonline_info-box-1-690415%26eb_br%3D5f2b94bb26a5aa9b1a00e66d30cfd5ec%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D14%26bvm%3D0%26bvr%3D4%26shp%3D3%26acptad%3D1%26br1%3D500%26br2%3D260%26ezoic%3D1%26nmau%3D4%26mau%3D3%26stl%3D77%26deal1%3D21%2C22%2C23%2C24%2C25%2C26&cookie_enabled=1&bc=31&abxe=1&lmt=1600349339&dt=1600349339641&dlt=1600349338352&idt=1014&frm=20&biw=1600&bih=1200&oid=3&adxs=1181&adys=1464&adks=857680164&ucis=7&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,0C9C11|color_text,,000000|color_url,,0C9C11&ifi=7&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=105&icsg=4436732086452226&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x271&msz=302x264&ga_vid=1551435357.1600349339&ga_sid=1600349339&ga_hid=1476984913&ga_fc=true&ga_wpids=UA-124345349-20&fws=4&ohw=302&btvi=1&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

f9ac4829b4c6ed9f639b26ea680e1b0393f73e4ea707fed35e7fcb89dfc86df1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:03 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 232
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 455 B
270 B 3970ms
3970ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=788064621681489&correlator=1582180902033983&output=ldjh&impl=fif&eid=21067118%2C21067408%2C21067482%2C21066706&vrg=2020091501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-large-billboard-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&prev_scp=iid8%3D713415%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C1%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D6%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1034%26compid%3D0%26tap%3Dsecurityonline_info-large-billboard-2-713415%26eb_br%3D736e09a0771285737509ab8954c475a7%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D19%26bvm%3D0%26bvr%3D9%26shp%3D3%26br1%3D1200%26br2%3D600%26ezoic%3D1%26nmau%3D4%26mau%3D0%26stl%3D27%26deal1%3D21%2C22%2C23%2C24%2C25%2C26&cookie_enabled=1&bc=31&abxe=1&lmt=1600349339&dt=1600349339647&dlt=1600349338352&idt=1014&frm=20&biw=1600&bih=1200&oid=3&adxs=1181&adys=2225&adks=3088204122&ucis=8&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,1a0dab|color_text,,545454|color_url,,006621&ifi=8&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=105&icsg=4436732086452226&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x271&msz=302x264&ga_vid=1551435357.1600349339&ga_sid=1600349339&ga_hid=1476984913&ga_fc=true&ga_wpids=UA-124345349-20&fws=4&ohw=302&btvi=2&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

908fcb7160dc78b110056e471ceae9ab69b26b78f0338d53eb1b97b61e66f40d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:03 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 236
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 455 B
267 B 4243ms
4242ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=788064621681489&correlator=1582180902033983&output=ldjh&impl=fif&eid=21067118%2C21067408%2C21067482%2C21066706&vrg=2020091501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-large-billboard-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&prev_scp=iid8%3D713415%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C5%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D7%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1034%26compid%3D0%26tap%3Dsecurityonline_info-large-billboard-2-713415%26eb_br%3D736e09a0771285737509ab8954c475a7%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D19%26bvm%3D0%26bvr%3D9%26shp%3D3%26br1%3D1200%26br2%3D600%26ezoic%3D1%26nmau%3D4%26mau%3D1%26stl%3D26%26deal1%3D21%2C22%2C23%2C24%2C25%2C26&cookie_enabled=1&bc=31&abxe=1&lmt=1600349339&dt=1600349339656&dlt=1600349338352&idt=1014&frm=20&biw=1600&bih=1200&oid=3&adxs=1181&adys=2498&adks=4008027628&ucis=9&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,20929A|color_text,,000000|color_url,,F0F0F0&ifi=9&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=105&icsg=4436732086452226&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x271&msz=302x264&ga_vid=1551435357.1600349339&ga_sid=1600349339&ga_hid=1476984913&ga_fc=true&ga_wpids=UA-124345349-20&fws=4&ohw=302&btvi=3&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

90afef414b761fdb4139da85785f4bc959ce593743ca90009ec2f9c446bce918

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:03 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 237
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 455 B
269 B 4529ms
4528ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=788064621681489&correlator=1582180902033983&output=ldjh&impl=fif&eid=21067118%2C21067408%2C21067482%2C21066706&vrg=2020091501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-large-billboard-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&prev_scp=iid8%3D713415%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C6%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D8%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1034%26compid%3D0%26tap%3Dsecurityonline_info-large-billboard-2-713415%26eb_br%3D736e09a0771285737509ab8954c475a7%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D19%26bvm%3D0%26bvr%3D9%26shp%3D3%26br1%3D1200%26br2%3D600%26ezoic%3D1%26nmau%3D4%26mau%3D2%26stl%3D32%26deal1%3D21%2C22%2C23%2C24%2C25%2C26&cookie_enabled=1&bc=31&abxe=1&lmt=1600349339&dt=1600349339662&dlt=1600349338352&idt=1014&frm=20&biw=1600&bih=1200&oid=3&adxs=1181&adys=2771&adks=1594893794&ucis=a&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,858585|color_text,,000000|color_url,,F0F0F0&ifi=10&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=105&icsg=4436732086452226&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x271&msz=302x264&ga_vid=1551435357.1600349339&ga_sid=1600349339&ga_hid=1476984913&ga_fc=true&ga_wpids=UA-124345349-20&fws=4&ohw=302&btvi=4&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

ca5d0075939678fc2bd8d89febd2b9bcc951ba39fb1dd38951dab5760c9ec705

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:04 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 235
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 461 B
278 B 4897ms
4896ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=788064621681489&correlator=1582180902033983&output=ldjh&impl=fif&eid=21067118%2C21067408%2C21067482%2C21066706&vrg=2020091501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-large-billboard-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&prev_scp=iid8%3D713415%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C3%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D9%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1034%26compid%3D0%26tap%3Dsecurityonline_info-large-billboard-2-713415%26eb_br%3D736e09a0771285737509ab8954c475a7%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D19%26bvm%3D0%26bvr%3D9%26shp%3D3%26br1%3D1200%26br2%3D600%26ezoic%3D1%26nmau%3D4%26mau%3D3%26stl%3D23%26deal1%3D21%2C22%2C23%2C24%2C25%2C26&cookie_enabled=1&bc=31&abxe=1&lmt=1600349339&dt=1600349339668&dlt=1600349338352&idt=1014&frm=20&biw=1600&bih=1200&oid=3&adxs=1181&adys=3044&adks=3075149205&ucis=b&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,0000FF|color_text,,000000|color_url,,828282&ifi=11&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=105&icsg=4436732086452226&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x271&msz=302x264&ga_vid=1551435357.1600349339&ga_sid=1600349339&ga_hid=1476984913&ga_fc=true&ga_wpids=UA-124345349-20&fws=4&ohw=302&btvi=5&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

d0c2e19bdc74b4c9f66e83cbb2cdf78e85fddea7765d54ecc8ea4fdbdf7c6fbe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:04 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 244
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 451 B
265 B 5210ms
5210ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=788064621681489&correlator=1582180902033983&output=ldjh&impl=fif&eid=21067118%2C21067408%2C21067482%2C21066706&vrg=2020091501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-medrectangle-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=970x90&prev_scp=iid7%3D686265%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1100%26sap%3D1100%26a%3D%257C3%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D10%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D5%26al%3D1005%26compid%3D0%26tap%3Dsecurityonline_info-medrectangle-2-686265%26eb_br%3Dd81e229576f8cb8a43ff5c6a8e596727%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D15%26bvm%3D0%26bvr%3D5%26shp%3D1%26br1%3D1500%26br2%3D750%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D64%26deal1%3D21%2C22%2C23%2C24%2C25%2C26&cookie_enabled=1&bc=31&abxe=1&lmt=1600349339&dt=1600349339675&dlt=1600349338352&idt=1014&frm=20&biw=1600&bih=1200&oid=3&adxs=315&adys=1102&adks=3873167905&ucis=c&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,0000FF|color_text,,000000|color_url,,828282&ifi=12&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=105&icsg=4436732086452226&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=970x-1&msz=970x-1&ga_vid=1551435357.1600349339&ga_sid=1600349339&ga_hid=1476984913&ga_fc=true&ga_wpids=UA-124345349-20&fws=512&ohw=0&btvi=0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

1dc62e83153659eb4b10af92e2199804db8829e0a3001ad30be516f186508a1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:04 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 235
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 greenoaks.gif
securityonline.info/detroitchicago/ 43 B
100 B 23ms
23ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiJmNzIxOWM2ZC0wMzYzLTQ3YzYtN2NmMy0zYzA4MmY3MTYyMWEiLCJkb21haW5faWQiOiIxMjQ1MzMiLCJ0X2Vwb2NoIjoxNjAwMzQ5MzM2LCJkYXRhIjpbeyJuYW1lIjoiZGV2aWNlX3dpZHRoIiwidmFsIjoiMTYwMCJ9LHsibmFtZSI6ImRldmljZV9oZWlnaHQiLCJ2YWwiOiIxMjAwIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiZjcyMTljNmQtMDM2My00N2M2LTdjZjMtM2MwODJmNzE2MjFhIiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidF9lcG9jaCI6MTYwMDM0OTMzNiwiZGF0YSI6W3sibmFtZSI6InRfbG9jYWxfZGF0ZSIsInZhbCI6IjIwMjAtMDktMTcifSx7Im5hbWUiOiJ0X2xvY2FsX2hvdXIiLCJ2YWwiOiIxNSJ9LHsibmFtZSI6InRfbG9jYWxfZGF5X29mX3dlZWsiLCJ2YWwiOiI0In0seyJuYW1lIjoidF9sb2NhbF90aW1lem9uZSIsInZhbCI6Ii0xMjAifV19LHsidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiJmNzIxOWM2ZC0wMzYzLTQ3YzYtN2NmMy0zYzA4MmY3MTYyMWEiLCJkb21haW5faWQiOiIxMjQ1MzMiLCJ0X2Vwb2NoIjoxNjAwMzQ5MzM2LCJkYXRhIjpbeyJuYW1lIjoibGFuZ3VhZ2VfdGFnIiwidmFsIjoiZW4tVVMifV19LHsidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiJmNzIxOWM2ZC0wMzYzLTQ3YzYtN2NmMy0zYzA4MmY3MTYyMWEiLCJkb21haW5faWQiOiIxMjQ1MzMiLCJ0X2Vwb2NoIjoxNjAwMzQ5MzM2LCJkYXRhIjpbeyJuYW1lIjoibGFuZ3VhZ2VfcHJpbWFyeV9zdWJ0YWciLCJ2YWwiOiJlbiJ9XX1d
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:28:59 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:28:59 UTC

POST
H2 200 app-ajax Show response
securityonline.info/ezoic/ 3 KB
1 KB 33ms
33ms XHR
text/html 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://securityonline.info/ezoic/app-ajax
Requested by: Host: securityonline.info
URL: https://securityonline.info/utilcave_com/apps/js/recommended_pages.js?cb=7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 3d0893147bcc14b3cd37ac8850276e33bb6c7c3f09443fec506a6273742e7b50

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Thu, 17 Sep 2020 13:28:59 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: text/html; charset=utf-8
status: 200
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 782
expires: Wed, 16 Sep 2020 13:28:59 GMT

POST
H3-Q050 200 collect Show response
www.google-analytics.com/j/ 2 B
69 B 15ms
14ms XHR
text/plain 2a00:1450:4001:803::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j86&a=1476984913&t=pageview&_s=1&dl=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&ul=en-us&de=UTF-8&dt=Hot%20Potato%20%E2%80%93%20Windows%20Privilege%20Escalation%2CHot%20Potato%20%E2%80%93%20Windows%207%2C8%2C10%2C%20Server%202008%2C%20Server%202012%20Privilege%20Escalation%20in%20Metasploit%20%26%20PowerShell&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_utma=264774413.1551435357.1600349339.1600349339.1600349339.1&_utmz=264774413.1600349339.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)&_utmht=1600349339702&_u=IQBCAUABAAAAAC~&jid=735877375&gjid=783846897&cid=1551435357.1600349339&tid=UA-63315582-2&_gid=2113851868.1600349340&_r=1&gtm=2ou990&z=724420246

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 17 Sep 2020 13:28:59 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
status: 200
content-type: text/plain
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads
googleads.g.doubleclick.net/pagead/ Frame D858 0
0 52ms
51ms Document
text/html 2a00:1450:4001:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6396844742497208&output=html&adk=1812271804&adf=3025194257&lmt=1600349339&plaf=1%3A2%2C2%3A2%2C3%3A2%2C4%3A2%2C5%3A2&plat=1%3A32904%2C2%3A16810120%2C8%3A128%2C9%3A32904%2C10%3A32%2C11%3A32%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C27%3A128%2C30%3A1081472%2C32%3A32%2C40%3A32&guci=1.2.0.0.2.2.0.0&format=0x0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&ea=0&flash=0&pra=5&wgl=1&dt=1600349339200&bpp=19&bdt=848&idt=536&shv=r20200914&cbv=r20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=2310825640605&frm=20&pv=2&ga_vid=1551435357.1600349339&ga_sid=1600349339&ga_hid=1476984913&ga_fc=1&ga_wpids=UA-124345349-20&iag=0&icsg=4436732086452226&dssz=103&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066706&oid=3&pvsid=788064621681489&pem=156&rx=0&eae=2&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8192&bc=31&ifi=0&uci=a!0&fsb=1&dtd=559

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200914/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:820::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-6396844742497208&output=html&adk=1812271804&adf=3025194257&lmt=1600349339&plaf=1%3A2%2C2%3A2%2C3%3A2%2C4%3A2%2C5%3A2&plat=1%3A32904%2C2%3A16810120%2C8%3A128%2C9%3A32904%2C10%3A32%2C11%3A32%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C27%3A128%2C30%3A1081472%2C32%3A32%2C40%3A32&guci=1.2.0.0.2.2.0.0&format=0x0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&ea=0&flash=0&pra=5&wgl=1&dt=1600349339200&bpp=19&bdt=848&idt=536&shv=r20200914&cbv=r20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=2310825640605&frm=20&pv=2&ga_vid=1551435357.1600349339&ga_sid=1600349339&ga_hid=1476984913&ga_fc=1&ga_wpids=UA-124345349-20&iag=0&icsg=4436732086452226&dssz=103&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066706&oid=3&pvsid=788064621681489&pem=156&rx=0&eae=2&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8192&bc=31&ifi=0&uci=a!0&fsb=1&dtd=559
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/

Response headers

status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Thu, 17 Sep 2020 13:28:59 GMT
server: cafe
content-length: 34
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 17-Sep-2020 13:43:59 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
expires: Thu, 17 Sep 2020 13:28:59 GMT
cache-control: private

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 72 KB
28 KB 69ms
43ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200914/r20190131/show_ads_impl_fy2019.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fef134a7880b8d72bac16738b34fe1ed9a72da52f702537b22486826cd3b5888

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:28:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1600083386116863"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 27476
x-xss-protection: 0
expires: Thu, 17 Sep 2020 13:28:59 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
89 B 15ms
14ms XHR
text/plain 2a00:1450:400c:c0c::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j86&tid=UA-63315582-2&cid=1551435357.1600349339&jid=735877375&gjid=783846897&_gid=2113851868.1600349340&_u=IQBCAUAAAAAAAC~&z=146265884

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Thu, 17 Sep 2020 13:28:59 GMT
status: 200
content-type: text/plain
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 cse_element__en.js Show response
www.google.com/cse/static/element/26b8d00a7c7a0812/ 260 KB
86 KB 15ms
9ms Script
text/javascript 2a00:1450:4001:825::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/element/26b8d00a7c7a0812/cse_element__en.js?usqp=CAI%3D

Requested by

Host: www.google.com
URL: https://www.google.com/cse/cse.js?cx=000577952335514451944:olq_fi17mqa

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:825::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

77a59cb277854c7e55d027b3cc11095a241d8107ff7be5b345403453a3d16be1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 11:31:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 06 Jul 2020 13:27:13 GMT
server: sffe
age: 93458
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 88400
x-xss-protection: 0
expires: Thu, 16 Sep 2021 11:31:21 GMT

GET
H3-Q050 200 default+en.css
www.google.com/cse/static/element/26b8d00a7c7a0812/ 40 KB
9 KB 10ms
7ms Stylesheet
text/css 2a00:1450:4001:825::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/element/26b8d00a7c7a0812/default+en.css

Requested by

Host: www.google.com
URL: https://www.google.com/cse/cse.js?cx=000577952335514451944:olq_fi17mqa

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:825::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8b2484fa9a9b136b9eb56c1d2b3bfdacd1c8970acf325585235aa35b16fc010a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 09:23:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 06 Jul 2020 13:27:13 GMT
server: sffe
age: 101112
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8947
x-xss-protection: 0
expires: Thu, 16 Sep 2021 09:23:47 GMT

GET
H3-Q050 200 default.css
www.google.com/cse/static/style/look/v4/ 4 KB
1 KB 10ms
8ms Stylesheet
text/css 2a00:1450:4001:825::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/style/look/v4/default.css

Requested by

Host: www.google.com
URL: https://www.google.com/cse/cse.js?cx=000577952335514451944:olq_fi17mqa

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:825::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dcec22bbcb68119d6c7d6d5e088fb82183a9826d0c9e3403f1386fd837f06a89

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 12:54:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 17 Jun 2020 00:00:00 GMT
server: sffe
age: 2068
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: public, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1345
x-xss-protection: 0
expires: Thu, 17 Sep 2020 13:44:31 GMT

GET
H3-Q050 200 ga-audiences
www.google.com/ads/ 42 B
102 B 28ms
21ms Image
image/gif 2a00:1450:4001:825::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j86&tid=UA-63315582-2&cid=1551435357.1600349339&jid=735877375&_u=IQBCAUAAAAAAAC~&z=2002785954

Requested by

Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:825::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Sep 2020 13:28:59 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
106 B 48ms
32ms Image
image/gif 2a00:1450:4001:819::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j86&tid=UA-63315582-2&cid=1551435357.1600349339&jid=735877375&_u=IQBCAUAAAAAAAC~&z=2002785954

Requested by

Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Sep 2020 13:28:59 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 async-ads.js Show response
cse.google.com/adsense/search/ 182 KB
63 KB 64ms
50ms Script
text/javascript 2a00:1450:4001:817::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cse.google.com/adsense/search/async-ads.js

Requested by

Host: www.google.com
URL: https://www.google.com/cse/static/element/26b8d00a7c7a0812/cse_element__en.js?usqp=CAI%3D

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4a174035b7e056ba95ce0d2482f4c90543fdaefe59abe84ab9fd1520a9232a73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:28:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "6036822451453041332"
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
status: 200
cache-control: private, max-age=3600
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
expires: Thu, 17 Sep 2020 13:28:59 GMT

GET
H3-Q050 200 clear.png
www.google.com/cse/static/css/v2/ 1018 B
1 KB 7ms
7ms Image
image/png 2a00:1450:4001:825::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/cse/static/css/v2/clear.png

Requested by

Host: www.google.com
URL: https://www.google.com/cse/static/element/26b8d00a7c7a0812/default+en.css

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:825::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

329d1a750114920332eadc55c129957d9dbe5a1b25745e2f7e0ed4fad75e04cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/cse/static/element/26b8d00a7c7a0812/default+en.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 14 Sep 2020 09:03:54 GMT
x-content-type-options: nosniff
last-modified: Mon, 25 May 2020 08:30:00 GMT
server: sffe
age: 275105
content-type: image/png
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1018
x-xss-protection: 0
expires: Tue, 14 Sep 2021 09:03:54 GMT

GET
H3-Q050 200 branding.png
www.google.com/cse/static/images/1x/en/ 1 KB
2 KB 13ms
6ms Image
image/png 2a00:1450:4001:825::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/cse/static/images/1x/en/branding.png

Requested by

Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:825::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

331b2b1241f1f2a53744bdca867c5b76954d9431970e91f490f64c707fc24a16

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 14 Sep 2020 09:06:25 GMT
x-content-type-options: nosniff
last-modified: Mon, 25 May 2020 08:30:00 GMT
server: sffe
age: 274954
content-type: image/png
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1372
x-xss-protection: 0
expires: Tue, 14 Sep 2021 09:06:25 GMT

GET
H2 204 generate_204
clients1.google.com/ 0
222 B 49ms
12ms Image
text/plain 2a00:1450:4001:81b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://clients1.google.com/generate_204
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:81b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 204
date: Thu, 17 Sep 2020 13:28:59 GMT
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H2 200 dark-bottom.css
securityonline.info/ezoic/styles/ 3 KB
832 B 24ms
24ms Stylesheet
text/css 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://securityonline.info/ezoic/styles/dark-bottom.css
Requested by: Host: securityonline.info
URL: https://securityonline.info/ezoic/cookieconsent.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 94edf973e9deb80b5eccf17f8f3108eafe15209fe25fe417e8f8962a4d8f48b3

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:28:59 GMT
content-encoding: br
last-modified: Fri, 11 Sep 2020 19:55:52 GMT
server: nginx/1.16.0
etag: "bd7-5af0f126c2200-gzip"
vary: Accept-Encoding, Accept-Encoding
content-type: text/css
status: 200
cache-control: max-age=31536000, public
accept-ranges: bytes
content-length: 725

GET
H2 200 greenoaks.gif
securityonline.info/detroitchicago/ 43 B
100 B 23ms
22ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiJmNzIxOWM2ZC0wMzYzLTQ3YzYtN2NmMy0zYzA4MmY3MTYyMWEiLCJkb21haW5faWQiOiIxMjQ1MzMiLCJ0X2Vwb2NoIjoxNjAwMzQ5MzM2LCJkYXRhIjpbeyJuYW1lIjoibmF2aWdhdGlvbl90eXBlIiwidmFsIjoiMCJ9LHsibmFtZSI6InJlZGlyZWN0X2NvdW50IiwidmFsIjoiMCJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6ImY3MjE5YzZkLTAzNjMtNDdjNi03Y2YzLTNjMDgyZjcxNjIxYSIsImRvbWFpbl9pZCI6IjEyNDUzMyIsInRfZXBvY2giOjE2MDAzNDkzMzYsImRhdGEiOlt7Im5hbWUiOiJwZXJmX2lzX3RyYWNrZWQiLCJ2YWwiOiIxIn0seyJuYW1lIjoicGVyZl9uYXZfdG9fY29ubmVjdCIsInZhbCI6IjY4In0seyJuYW1lIjoicGVyZl9jb25uZWN0X3RvX3Jlc3Bfc3RhcnQiLCJ2YWwiOiIyNDA3In0seyJuYW1lIjoicGVyZl9yZXNwX3RpbWUiLCJ2YWwiOiI0MyJ9LHsibmFtZSI6InBlcmZfaW50ZXJhY3RpdmUiLCJ2YWwiOiI1ODMifSx7Im5hbWUiOiJwZXJmX2NvbnRlbnRsb2FkZWQiLCJ2YWwiOiI4NDQifSx7Im5hbWUiOiJwZXJmX2NvbXBsZXRlIiwidmFsIjoiMTU3NCJ9XX1d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:28:59 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:28:57 UTC

GET
H2 200 greenoaks.gif
securityonline.info/detroitchicago/ 43 B
77 B 24ms
23ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiJmNzIxOWM2ZC0wMzYzLTQ3YzYtN2NmMy0zYzA4MmY3MTYyMWEiLCJkb21haW5faWQiOiIxMjQ1MzMiLCJ0X2Vwb2NoIjoxNjAwMzQ5MzM2LCJkYXRhIjpbeyJuYW1lIjoiZmlyc3RfcGFpbnQiLCJ2YWwiOiIyNzI2In1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiZjcyMTljNmQtMDM2My00N2M2LTdjZjMtM2MwODJmNzE2MjFhIiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidF9lcG9jaCI6MTYwMDM0OTMzNiwiZGF0YSI6W3sibmFtZSI6ImZpcnN0X2NvbnRlbnRmdWxfcGFpbnQiLCJ2YWwiOiIyNzI2In1dfV0=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:28:59 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:28:59 UTC

GET
H2 200 greenoaks.gif
securityonline.info/detroitchicago/ 43 B
77 B 23ms
22ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiJmNzIxOWM2ZC0wMzYzLTQ3YzYtN2NmMy0zYzA4MmY3MTYyMWEiLCJkb21haW5faWQiOiIxMjQ1MzMiLCJ0X2Vwb2NoIjoxNjAwMzQ5MzM2LCJkYXRhIjpbeyJuYW1lIjoiY29ubmVjdGlvbl9lZmZlY3RpdmVfdHlwZSIsInZhbCI6IjRnIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiZjcyMTljNmQtMDM2My00N2M2LTdjZjMtM2MwODJmNzE2MjFhIiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidF9lcG9jaCI6MTYwMDM0OTMzNiwiZGF0YSI6W3sibmFtZSI6ImNvbm5lY3Rpb25fZG93bmxpbmsiLCJ2YWwiOiI5LjIifV19LHsidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiJmNzIxOWM2ZC0wMzYzLTQ3YzYtN2NmMy0zYzA4MmY3MTYyMWEiLCJkb21haW5faWQiOiIxMjQ1MzMiLCJ0X2Vwb2NoIjoxNjAwMzQ5MzM2LCJkYXRhIjpbeyJuYW1lIjoiY29ubmVjdGlvbl9ydHQiLCJ2YWwiOiIwIn1dfV0=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:28:59 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:28:59 UTC

GET
H3-Q050 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 8 KB
7 KB 40ms
25ms XHR
application/json 2a00:1450:4001:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20200914&st=env

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200914/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:820::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c98dff7a32f7f23d30894ed54d3a90434f85e05d328fd672ff706e54861338a4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 17 Sep 2020 13:28:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 6398
x-xss-protection: 0

GET
H3-Q050 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 14 KB
6 KB 65ms
45ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200914/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08f50e9e70388c99977ca13b6af3a49f8f48c83e79230d51ea72a56c0735bd0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1591403518460474"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5540
x-xss-protection: 0
expires: Thu, 17 Sep 2020 13:29:00 GMT

GET
H3-Q050 200 runner.html
tpc.googlesyndication.com/sodar/sodar2/210/ Frame A36A 0
0 8ms
6ms Document
text/html 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/210/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/210/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/

Response headers

status: 200
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
content-length: 4590
date: Thu, 17 Sep 2020 12:28:39 GMT
expires: Fri, 17 Sep 2021 12:28:39 GMT
last-modified: Wed, 26 Feb 2020 19:47:50 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 3621
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 greenoaks.gif
securityonline.info/detroitchicago/ 43 B
123 B 22ms
22ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiJmNzIxOWM2ZC0wMzYzLTQ3YzYtN2NmMy0zYzA4MmY3MTYyMWEiLCJkb21haW5faWQiOiIxMjQ1MzMiLCJ0X2Vwb2NoIjoxNjAwMzQ5MzM2LCJkYXRhIjpbeyJuYW1lIjoidGltZXJfZmlyc3RfYWRfcmVxdWVzdCIsInZhbCI6IjE5MTcifV19XQ==
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:00 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:29:00 UTC

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
142 B 39ms
39ms Image
image/gif 2a00:1450:4001:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=210&t=2&li=gda_r20200914&jk=788064621681489&bg=!rq2lrbVYDniLwwblxt8CAAAAblIAAAATCgDseYfeqiTIapZFAeZMPt1CmwHY9x1OdqAZCkxjID5eiho-s3-7faCyVrfKBuR38rGheUFbNvNPRCxzW3ATEBlhYUwCelMHN9_HgE5g0pQXElzZkpsr62PUjBTDfdJUi4lxr-0QRusM1WX-_Kjjl61ndDO-hz-ZTmHll7xyTxf3S2ik5uQFHuacJ_U4TUse1v6Jx9WcYXmPAm8z_ffooaMj2REt_vy9R60a-4I3yWTlpni6r80dlgTYe-_Au8mW-BOKh1Vqmqk9pWysMviYTnopYgPzOKifMl1bgrIbh2AVmyF6KuJNoM2KLfqerTqZAazUdl4IxHiyJ7xAQ39JCyZtAk9wl_cvb51Z6-uxPygiB9oT9W42wIPSQNDZZu8YoBBU07lg2idjXNUJa_g4dbRvp-dbluF0mBfaMFvlL4JOMLVkY0dagtdIx1lrvjKt_fz1lxXzmwjjX7BwjkygETUAPvHAt5W4fxhBhPAjPxrlioGGYJrOCf9xsYr9epiw_N1CTXYnVDN3ihEvzGffn5HnLPC_6w_vPGcAz8rJbLzcfjPKaTl5O_iqyxQ3wJQEG6WgC_biA9ltDLmTCbRB_kllXGLDScOUyXnKUAwGMTsZZGaeJX9zzYqq6VOzbClZS69XUG805Z5SURSqSVk-vsGexcbU3hv9OukrgcUQVECMzcPC8V4CxMwiM2jDugBq7RJwDDuMj4LY2xVFO8uFzLJwAHLpRXh1PudkZ9TH9bx4epaydYNjZx6FCy7t-gINZtiSz1VAEfZAl76cFB9j5h6WMyPjvJNrUUjwYRyRW9QXFXD1MQ4OfFiXejlHSCnYgVDKZYYUAdmFtIrXE-e7fRmDHMAGMT3RV_YA8bs-nEmrHMTV-oxeGUeJH_6xPw

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:820::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Sep 2020 13:29:00 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 204
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ 74 KB
24 KB 56ms
17ms Script
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Requested by: Host: securityonline.info
URL: https://securityonline.info/porpoiseant/dall3202test.js?cb=191-2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: f72423823b8aca3ed7719ec83f569fa6936c398c486a48206226f817f60f0542

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:01 GMT
content-encoding: gzip
last-modified: Wed, 16 Sep 2020 13:47:51 GMT
server: nginx
etag: W/"5f621787-1265e"
status: 200
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
timing-allow-origin: *
expires: Fri, 18 Sep 2020 13:29:01 GMT

GET
H2 200 syncframe
gum.criteo.com/ Frame 23B2 0
0 50ms
18ms Document
text/html 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?topUrl=securityonline.info

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:method: GET
:authority: gum.criteo.com
:scheme: https
:path: /syncframe?topUrl=securityonline.info
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/

Response headers

status: 200
cache-control: private, max-age=0
content-type: text/html; charset=utf-8
strict-transport-security: max-age=31536000
server-processing-duration-in-ticks: 451
date: Thu, 17 Sep 2020 13:29:00 GMT
content-length: 0

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ 74 KB
24 KB 61ms
29ms XHR
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Requested by: Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: f72423823b8aca3ed7719ec83f569fa6936c398c486a48206226f817f60f0542

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:01 GMT
content-encoding: gzip
last-modified: Wed, 16 Sep 2020 13:47:51 GMT
server: nginx
etag: W/"5f621787-1265e"
status: 200
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
timing-allow-origin: *
expires: Fri, 18 Sep 2020 13:29:01 GMT

GET
H/1.1 200
OK showad.js
ads.pubmatic.com/AdServer/js/ Frame 23A7 0
0 55ms
18ms Document
text/html 95.100.196.250
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: securityonline.info
URL: https://securityonline.info/porpoiseant/dall3202test.js?cb=191-2
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 95.100.196.250 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a95-100-196-250.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash

Request headers

Host: ads.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/

Response headers

Last-Modified: Sat, 01 Aug 2020 14:58:34 GMT
ETag: "13006b6-94fd-5abd223c2ac92"
Server: Apache/2.2.15 (CentOS)
Accept-Ranges: bytes
Content-Encoding: gzip
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 13837
Content-Type: text/html; charset=UTF-8
Cache-Control: public, max-age=110730
Expires: Fri, 18 Sep 2020 20:14:32 GMT
Date: Thu, 17 Sep 2020 13:29:02 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1 204
No Content beacon
ap.lijit.com/ Frame AE18 0
0 16ms
15ms Document
text/plain 216.52.2.30
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/beacon?informer=8711458
Requested by: Host: securityonline.info
URL: https://securityonline.info/porpoiseant/dall3202test.js?cb=191-2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.30 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx / raptor
Resource Hash

Request headers

Host: ap.lijit.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/

Response headers

Server: nginx
Date: Thu, 17 Sep 2020 13:29:02 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Pragma: no-cache
Expires: Fri, 20 Mar 2009 00:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
X-Powered-By: raptor
X-Sovrn-Pod: ad_ap6ams1

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 432 B
254 B 538ms
488ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=788064621681489&correlator=1184160348750408&output=ldjh&impl=fif&adsid=NT&eid=21067118%2C21067408%2C21067482%2C21066706&vrg=2020091501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=3&rcs=1&prev_scp=iid7%3D690415%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1107%26sap%3D1107%26a%3D%257C1%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D2%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dsecurityonline_info-box-1-690415%26eb_br%3D57914c3716312cb7e954090f0717ea25%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D14%26bvm%3D0%26bvr%3D4%26shp%3D3%26acptad%3D1%26br1%3D260%26br2%3D260%26ezoic%3D1%26nmau%3D4%26mau%3D2%26stl%3D25%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%26lb%3D500%26reqt%3D1600349342871&eri=1&cookie=ID%3Da67a92c6823d45d4-22a9823eddb80060%3AT%3D1600349339%3AS%3DALNI_MY2CbeRy0S0oH8YvXrfoFfKnpQs5A&bc=31&abxe=1&lmt=1600349342&dt=1600349342888&dlt=1600349338352&idt=1014&frm=20&biw=1600&bih=1200&oid=3&adxs=1181&adys=1223&adks=4209624997&ucis=d&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,1a0dab|color_text,,545454|color_url,,006621&ifi=14&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=107&icsg=4236129463697410&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x271&msz=302x264&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1551435357.1600349339&ga_sid=1600349339&ga_hid=1476984913&ga_wpids=UA-124345349-20&fws=4&ohw=302&btvi=6&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

3f27a80e87085be8dbe099b987c3a69a244fd3b477f2d1bd7201c76efc4b1579

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:03 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 225
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 426 B
249 B 391ms
383ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=788064621681489&correlator=205272167466138&output=ldjh&impl=fif&adsid=NT&eid=21067118%2C21067408%2C21067482%2C21066706&vrg=2020091501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=3&rcs=1&prev_scp=iid7%3D690415%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1107%26sap%3D1107%26a%3D%257C5%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D1%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dsecurityonline_info-box-1-690415%26eb_br%3D57914c3716312cb7e954090f0717ea25%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D14%26bvm%3D0%26bvr%3D4%26shp%3D3%26acptad%3D1%26br1%3D260%26br2%3D260%26ezoic%3D1%26nmau%3D4%26mau%3D1%26stl%3D77%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%26lb%3D500%26reqt%3D1600349342900&eri=1&cookie=ID%3Da67a92c6823d45d4-22a9823eddb80060%3AT%3D1600349339%3AS%3DALNI_MY2CbeRy0S0oH8YvXrfoFfKnpQs5A&bc=31&abxe=1&lmt=1600349342&dt=1600349342915&dlt=1600349338352&idt=1014&frm=20&biw=1600&bih=1200&oid=3&adxs=1181&adys=950&adks=77239893&ucis=e&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,20929A|color_text,,000000|color_url,,F0F0F0&ifi=15&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=107&icsg=4236129463697410&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x271&msz=302x264&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1551435357.1600349339&ga_sid=1600349339&ga_hid=1476984913&ga_wpids=UA-124345349-20&fws=4&ohw=302&btvi=0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

5b46e5fd078d2da07e234e8aa46e42cecc42da68cca0b627e56b7762216b3d80

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:03 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 217
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 426 B
246 B 386ms
384ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=788064621681489&correlator=1047763951350498&output=ldjh&impl=fif&adsid=NT&eid=21067118%2C21067408%2C21067482%2C21066706&vrg=2020091501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=3&rcs=1&prev_scp=iid7%3D690415%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1107%26sap%3D1107%26a%3D%257C6%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D0%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dsecurityonline_info-box-1-690415%26eb_br%3D57914c3716312cb7e954090f0717ea25%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D14%26bvm%3D0%26bvr%3D4%26shp%3D3%26acptad%3D1%26br1%3D260%26br2%3D260%26ezoic%3D1%26nmau%3D4%26mau%3D0%26stl%3D37%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%26lb%3D500%26reqt%3D1600349342969&eri=1&cookie=ID%3Da67a92c6823d45d4-22a9823eddb80060%3AT%3D1600349339%3AS%3DALNI_MY2CbeRy0S0oH8YvXrfoFfKnpQs5A&bc=31&abxe=1&lmt=1600349342&dt=1600349342975&dlt=1600349338352&idt=1014&frm=20&biw=1600&bih=1200&oid=3&adxs=1181&adys=677&adks=3972398835&ucis=f&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,858585|color_text,,000000|color_url,,F0F0F0&ifi=16&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=107&icsg=4236129463697410&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x271&msz=302x264&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1551435357.1600349339&ga_sid=1600349339&ga_hid=1476984913&ga_wpids=UA-124345349-20&fws=4&ohw=302&btvi=0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

72502f23b81cd8c4a23fd7e961bf78879759dc5d6503a834472591fcf9828862

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:03 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 217
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 428 B
246 B 462ms
462ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=788064621681489&correlator=195376525593228&output=ldjh&impl=fif&adsid=NT&eid=21067118%2C21067408%2C21067482%2C21066706&vrg=2020091501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-leader-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ris=3&rcs=1&prev_scp=iid8%3D707965%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1103%26sap%3D1103%26a%3D%257C5%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D11%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D37%26al%3D1037%26compid%3D0%26tap%3Dsecurityonline_info-leader-1-707965%26eb_br%3D5f2b94bb26a5aa9b1a00e66d30cfd5ec%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D0%26bvm%3D2%26bvr%3D7%26shp%3D1%26br1%3D500%26br2%3D450%26ezoic%3D1%26nmau%3D0%26mau%3D0%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26lb%3D900%26reqt%3D1600349342981&eri=1&cookie=ID%3Da67a92c6823d45d4-22a9823eddb80060%3AT%3D1600349339%3AS%3DALNI_MY2CbeRy0S0oH8YvXrfoFfKnpQs5A&bc=31&abxe=1&lmt=1600349342&dt=1600349342985&dlt=1600349338352&idt=1014&frm=20&biw=1600&bih=1200&oid=3&adxs=140&adys=1087&adks=4103646004&ucis=g&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,20929A|color_text,,000000|color_url,,F0F0F0&ifi=17&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=107&icsg=4236129463697410&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=880x97&msz=880x90&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1551435357.1600349339&ga_sid=1600349339&ga_hid=1476984913&ga_wpids=UA-124345349-20&fws=0&ohw=0&btvi=0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

0f9a72d6076d42bdca6ec968c622e415275974f739c9430e59afb1004d90cad7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:03 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 217
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 434 B
257 B 397ms
397ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=788064621681489&correlator=3273665480720139&output=ldjh&impl=fif&adsid=NT&eid=21067118%2C21067408%2C21067482%2C21066706&vrg=2020091501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-medrectangle-3&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ris=3&rcs=1&prev_scp=iid8%3D714815%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1112%26sap%3D1112%26a%3D%257C2%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D4%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D21%26al%3D1021%26compid%3D0%26tap%3Dsecurityonline_info-medrectangle-3-714815%26eb_br%3D5297de5240aa45da173a0792747e0d26%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D1%26bvm%3D2%26bvr%3D6%26shp%3D1%26br1%3D850%26br2%3D800%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D39%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26lb%3D1600%26reqt%3D1600349342992&eri=1&cookie=ID%3Da67a92c6823d45d4-22a9823eddb80060%3AT%3D1600349339%3AS%3DALNI_MY2CbeRy0S0oH8YvXrfoFfKnpQs5A&bc=31&abxe=1&lmt=1600349342&dt=1600349342994&dlt=1600349338352&idt=1014&frm=20&biw=1600&bih=1200&oid=3&adxs=140&adys=852&adks=2766934257&ucis=h&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,37a5d7|color_text,,000000|color_url,,F0F0F0&ifi=18&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=107&icsg=4236129463697410&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=880x97&msz=880x90&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1551435357.1600349339&ga_sid=1600349339&ga_hid=1476984913&ga_wpids=UA-124345349-20&fws=0&ohw=0&btvi=0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

54a310b2e7adf9559ed858404382b6cd9d17ab961b6157933299ea6441e1c201

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:03 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 225
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 425 B
248 B 495ms
494ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=788064621681489&correlator=4403542201477122&output=ldjh&impl=fif&adsid=NT&eid=21067118%2C21067408%2C21067482%2C21066706&vrg=2020091501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-box-3&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ris=3&rcs=1&prev_scp=iid8%3D745965%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1104%26sap%3D1104%26a%3D%257C124%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D5%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D2%26al%3D1002%26compid%3D0%26tap%3Dsecurityonline_info-box-3-745965%26eb_br%3Def3231a19d034bff92faf99318a47a5f%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D28%26bvm%3D2%26bvr%3D5%26shp%3D1%26br1%3D2900%26br2%3D2400%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D74%26deal1%3D25%2C26%2C23%2C24%26lb%3D4800%26reqt%3D1600349342999&eri=1&cookie=ID%3Da67a92c6823d45d4-22a9823eddb80060%3AT%3D1600349339%3AS%3DALNI_MY2CbeRy0S0oH8YvXrfoFfKnpQs5A&bc=31&abxe=1&lmt=1600349343&dt=1600349343001&dlt=1600349338352&idt=1014&frm=20&biw=1600&bih=1200&oid=3&adxs=141&adys=513&adks=1835722818&ucis=i&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,FF0000|color_text,,000000|color_url,,FF0000&ifi=19&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=107&icsg=4236129463697410&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=880x99&msz=882x92&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1551435357.1600349339&ga_sid=1600349339&ga_hid=1476984913&ga_wpids=UA-124345349-20&fws=4&ohw=882&btvi=0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

9fa37f055fb4ea942c9a68f223a420a24d47d3f8bf32c2a6eab817f71ead3186

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:03 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 216
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 432 B
334 B 414ms
413ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=788064621681489&correlator=3389980334684772&output=ldjh&impl=fif&adsid=NT&eid=21067118%2C21067408%2C21067482%2C21066706&vrg=2020091501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=4&rcs=1&prev_scp=iid7%3D690415%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1107%26sap%3D1107%26a%3D%257C251%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D3%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dsecurityonline_info-box-1-690415%26eb_br%3D57914c3716312cb7e954090f0717ea25%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D14%26bvm%3D0%26bvr%3D4%26shp%3D3%26acptad%3D1%26br1%3D260%26br2%3D260%26ezoic%3D1%26nmau%3D4%26mau%3D3%26stl%3D77%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%26lb%3D500%26reqt%3D1600349343255&eri=1&cookie=ID%3Dff8f047b2a6bd488-221a2adadcb800c1%3AT%3D1600349339%3AS%3DALNI_MZCccn2NLssIXvqR1zVPPGEVhuIDA&bc=31&abxe=1&lmt=1600349343&dt=1600349343258&dlt=1600349338352&idt=1014&frm=20&biw=1600&bih=1200&oid=3&adxs=1181&adys=1496&adks=857680164&ucis=j&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,0C9C11|color_text,,000000|color_url,,0C9C11&ifi=20&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=107&icsg=4236129463697410&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x271&msz=302x264&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1551435357.1600349339&ga_sid=1600349339&ga_hid=1476984913&ga_wpids=UA-124345349-20&fws=4&ohw=302&btvi=7&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

34ddef7263cc9dd40fabb34a807865b80000eecbffe8af2a774bec2845485cdf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:03 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 225
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 318 B
164 B 237ms
236ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=788064621681489&correlator=1780140555144102&output=ldjh&impl=fif&adsid=NT&eid=21067118%2C21067408%2C21067482%2C21066706&vrg=2020091501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=2&prev_scp=iid7%3D690415%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1107%26sap%3D1107%26a%3D%257C1%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D2%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dsecurityonline_info-box-1-690415%26eb_br%3Daf063c244089b52ec5a0423a258f1f8e%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D14%26bvm%3D0%26bvr%3D4%26shp%3D3%26acptad%3D1%26br1%3D140%26br2%3D260%26ezoic%3D1%26nmau%3D4%26mau%3D2%26stl%3D25%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%2C17%2C20%26lb%3D260%26reqt%3D1600349343453&eri=1&cookie=ID%3Da67a92c6823d45d4%3AT%3D1600349339%3AS%3DALNI_MZKgT7FM68CtKh5R0MH4VpNRhBtLw&bc=31&abxe=1&lmt=1600349343&dt=1600349343456&dlt=1600349338352&idt=1014&frm=20&biw=1600&bih=1200&oid=3&adxs=1181&adys=1223&adks=4209624997&ucis=k&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,1a0dab|color_text,,545454|color_url,,006621&ifi=21&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=107&icsg=4236129463697410&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x271&msz=302x264&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1551435357.1600349339&ga_sid=1600349339&ga_hid=1476984913&ga_wpids=UA-124345349-20&fws=4&ohw=302&btvi=8&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

bb80992e70db9670a2aa4660fb332daca15db38b94fe2c2969cd773e47ed1c0f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:03 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 324 B
172 B 275ms
275ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=788064621681489&correlator=1553475850418793&output=ldjh&impl=fif&adsid=NT&eid=21067118%2C21067408%2C21067482%2C21066706&vrg=2020091501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=2&prev_scp=iid7%3D690415%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1107%26sap%3D1107%26a%3D%257C5%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D1%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dsecurityonline_info-box-1-690415%26eb_br%3Daf063c244089b52ec5a0423a258f1f8e%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D14%26bvm%3D0%26bvr%3D4%26shp%3D3%26acptad%3D1%26br1%3D140%26br2%3D260%26ezoic%3D1%26nmau%3D4%26mau%3D1%26stl%3D77%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%2C17%2C20%26lb%3D260%26reqt%3D1600349343470&eri=1&cookie=ID%3Da67a92c6823d45d4%3AT%3D1600349339%3AS%3DALNI_MZKgT7FM68CtKh5R0MH4VpNRhBtLw&bc=31&abxe=1&lmt=1600349343&dt=1600349343472&dlt=1600349338352&idt=1014&frm=20&biw=1600&bih=1200&oid=3&adxs=1181&adys=950&adks=77239893&ucis=l&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,20929A|color_text,,000000|color_url,,F0F0F0&ifi=22&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=107&icsg=4236129463697410&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x271&msz=302x264&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1551435357.1600349339&ga_sid=1600349339&ga_hid=1476984913&ga_wpids=UA-124345349-20&fws=4&ohw=302&btvi=0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

e75cebaa47c6e2dca209246049e0985176c1db81cb3eac468800527846a4663c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:03 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 138
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 318 B
161 B 230ms
230ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=788064621681489&correlator=2839547726724143&output=ldjh&impl=fif&adsid=NT&eid=21067118%2C21067408%2C21067482%2C21066706&vrg=2020091501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=2&prev_scp=iid7%3D690415%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1107%26sap%3D1107%26a%3D%257C6%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D0%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dsecurityonline_info-box-1-690415%26eb_br%3Daf063c244089b52ec5a0423a258f1f8e%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D14%26bvm%3D0%26bvr%3D4%26shp%3D3%26acptad%3D1%26br1%3D140%26br2%3D260%26ezoic%3D1%26nmau%3D4%26mau%3D0%26stl%3D37%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%2C17%2C20%26lb%3D260%26reqt%3D1600349343486&eri=1&cookie=ID%3Da67a92c6823d45d4%3AT%3D1600349339%3AS%3DALNI_MZKgT7FM68CtKh5R0MH4VpNRhBtLw&bc=31&abxe=1&lmt=1600349343&dt=1600349343488&dlt=1600349338352&idt=1014&frm=20&biw=1600&bih=1200&oid=3&adxs=1181&adys=677&adks=3972398835&ucis=m&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,858585|color_text,,000000|color_url,,F0F0F0&ifi=23&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=107&icsg=4236129463697410&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x271&msz=302x264&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1551435357.1600349339&ga_sid=1600349339&ga_hid=1476984913&ga_wpids=UA-124345349-20&fws=4&ohw=302&btvi=0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

eb71c0f46f5a1f69a291df1779749e190addb1e9220ecb43b20b2f9ad7e41cd5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:03 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 320 B
163 B 244ms
244ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=788064621681489&correlator=4235110060501426&output=ldjh&impl=fif&adsid=NT&eid=21067118%2C21067408%2C21067482%2C21066706&vrg=2020091501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-leader-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ris=1&rcs=2&prev_scp=iid8%3D707965%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1103%26sap%3D1103%26a%3D%257C5%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D11%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D37%26al%3D1037%26compid%3D0%26tap%3Dsecurityonline_info-leader-1-707965%26eb_br%3D90c3c48d0172916d27c102ea4aa9d49c%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D0%26bvm%3D2%26bvr%3D7%26shp%3D1%26br1%3D300%26br2%3D450%26ezoic%3D1%26nmau%3D0%26mau%3D0%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26lb%3D500%26reqt%3D1600349343503&eri=1&cookie=ID%3Da67a92c6823d45d4%3AT%3D1600349339%3AS%3DALNI_MZKgT7FM68CtKh5R0MH4VpNRhBtLw&bc=31&abxe=1&lmt=1600349343&dt=1600349343505&dlt=1600349338352&idt=1014&frm=20&biw=1600&bih=1200&oid=3&adxs=140&adys=1087&adks=4103646004&ucis=n&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,20929A|color_text,,000000|color_url,,F0F0F0&ifi=24&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=107&icsg=4236129463697410&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=880x97&msz=880x90&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1551435357.1600349339&ga_sid=1600349339&ga_hid=1476984913&ga_wpids=UA-124345349-20&fws=0&ohw=0&btvi=0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

86d0b2339eba318a412e50b31e1ac4cf239989e58daa258d08cf4965aab68183

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:03 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 130
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 326 B
173 B 256ms
256ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=788064621681489&correlator=4357709082800519&output=ldjh&impl=fif&adsid=NT&eid=21067118%2C21067408%2C21067482%2C21066706&vrg=2020091501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-medrectangle-3&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ris=1&rcs=2&prev_scp=iid8%3D714815%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1112%26sap%3D1112%26a%3D%257C2%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D4%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D21%26al%3D1021%26compid%3D0%26tap%3Dsecurityonline_info-medrectangle-3-714815%26eb_br%3D26dfa00588543c52511429ade391f561%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D1%26bvm%3D2%26bvr%3D6%26shp%3D1%26br1%3D550%26br2%3D800%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D39%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26lb%3D850%26reqt%3D1600349343509&eri=1&cookie=ID%3Da67a92c6823d45d4%3AT%3D1600349339%3AS%3DALNI_MZKgT7FM68CtKh5R0MH4VpNRhBtLw&bc=31&abxe=1&lmt=1600349343&dt=1600349343511&dlt=1600349338352&idt=1014&frm=20&biw=1600&bih=1200&oid=3&adxs=140&adys=852&adks=2766934257&ucis=o&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,37a5d7|color_text,,000000|color_url,,F0F0F0&ifi=25&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=107&icsg=4236129463697410&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=880x97&msz=880x90&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1551435357.1600349339&ga_sid=1600349339&ga_hid=1476984913&ga_wpids=UA-124345349-20&fws=0&ohw=0&btvi=0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

e1d97d6a6dbe97df5128ce79c1e2fc3a208642188066cf390ecfb50dad56f957

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:03 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 140
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 317 B
160 B 296ms
296ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=788064621681489&correlator=1394838120271548&output=ldjh&impl=fif&adsid=NT&eid=21067118%2C21067408%2C21067482%2C21066706&vrg=2020091501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-box-3&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ris=1&rcs=2&prev_scp=iid8%3D745965%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1104%26sap%3D1104%26a%3D%257C124%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D5%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D2%26al%3D1002%26compid%3D0%26tap%3Dsecurityonline_info-box-3-745965%26eb_br%3D12a3b3570adcf20fd41a00445219acaa%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D28%26bvm%3D2%26bvr%3D5%26shp%3D1%26br1%3D2000%26br2%3D2400%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D74%26deal1%3D25%2C26%2C23%2C24%2C22%2C23%2C24%26lb%3D2900%26reqt%3D1600349343520&eri=1&cookie=ID%3Da67a92c6823d45d4%3AT%3D1600349339%3AS%3DALNI_MZKgT7FM68CtKh5R0MH4VpNRhBtLw&bc=31&abxe=1&lmt=1600349343&dt=1600349343522&dlt=1600349338352&idt=1014&frm=20&biw=1600&bih=1200&oid=3&adxs=141&adys=513&adks=1835722818&ucis=p&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,FF0000|color_text,,000000|color_url,,FF0000&ifi=26&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=107&icsg=4236129463697410&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=880x99&msz=882x92&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1551435357.1600349339&ga_sid=1600349339&ga_hid=1476984913&ga_wpids=UA-124345349-20&fws=4&ohw=882&btvi=0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

e8ced189e709f1ae60f5e9f1b35416f624d07d1c2458cd49b0e0a5765c0dd417

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:03 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 130
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 438 B
256 B 449ms
449ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=788064621681489&correlator=1747463404990517&output=ldjh&impl=fif&adsid=NT&eid=21067118%2C21067408%2C21067482%2C21066706&vrg=2020091501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-large-billboard-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=4&rcs=1&prev_scp=iid8%3D713415%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C1%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D6%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1034%26compid%3D0%26tap%3Dsecurityonline_info-large-billboard-2-713415%26eb_br%3D45a351e981f435b4c20fafca8a5d741c%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D19%26bvm%3D0%26bvr%3D9%26shp%3D3%26br1%3D600%26br2%3D600%26ezoic%3D1%26nmau%3D4%26mau%3D0%26stl%3D27%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26lb%3D1200%26reqt%3D1600349343636&eri=1&cookie=ID%3Dd94f6cb5601a0488-22d3be3fddb80039%3AT%3D1600349339%3AS%3DALNI_MZ-c9wbsNpL6KXfHcbsr5sNrWtJzw&bc=31&abxe=1&lmt=1600349343&dt=1600349343639&dlt=1600349338352&idt=1014&frm=20&biw=1600&bih=1200&oid=3&adxs=1181&adys=2257&adks=3088204122&ucis=q&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,1a0dab|color_text,,545454|color_url,,006621&ifi=27&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=107&icsg=4236129463697410&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x271&msz=302x264&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1551435357.1600349339&ga_sid=1600349339&ga_hid=1476984913&ga_wpids=UA-124345349-20&fws=4&ohw=302&btvi=9&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

a5765df0fd136d61feb281506ff93bdea4828b1869a570c9dfbee7cbe262fba3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:04 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 223
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 318 B
183 B 266ms
265ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=788064621681489&correlator=1719959963706392&output=ldjh&impl=fif&adsid=NT&eid=21067118%2C21067408%2C21067482%2C21066706&vrg=2020091501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=2&prev_scp=iid7%3D690415%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1107%26sap%3D1107%26a%3D%257C251%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D3%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dsecurityonline_info-box-1-690415%26eb_br%3Daf063c244089b52ec5a0423a258f1f8e%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D14%26bvm%3D0%26bvr%3D4%26shp%3D3%26acptad%3D1%26br1%3D140%26br2%3D260%26ezoic%3D1%26nmau%3D4%26mau%3D3%26stl%3D77%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%2C17%2C20%26lb%3D260%26reqt%3D1600349343770&eri=1&cookie=ID%3Dff8f047b2a6bd488%3AT%3D1600349339%3AS%3DALNI_MZwuoL-GCmV95JuVJwI4An05KD4Ow&bc=31&abxe=1&lmt=1600349343&dt=1600349343774&dlt=1600349338352&idt=1014&frm=20&biw=1600&bih=1200&oid=3&adxs=1181&adys=1496&adks=857680164&ucis=r&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,0C9C11|color_text,,000000|color_url,,0C9C11&ifi=28&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=107&icsg=4236129463697410&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x271&msz=302x264&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1551435357.1600349339&ga_sid=1600349339&ga_hid=1476984913&ga_wpids=UA-124345349-20&fws=4&ohw=302&btvi=10&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

00b41263d09e516672387a37def0e3ca5e8d5519a6d0504521096b660576ad74

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:04 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 438 B
253 B 406ms
405ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=788064621681489&correlator=3821470572308541&output=ldjh&impl=fif&adsid=NT&eid=21067118%2C21067408%2C21067482%2C21066706&vrg=2020091501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-large-billboard-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=4&rcs=1&prev_scp=iid8%3D713415%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C5%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D7%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1034%26compid%3D0%26tap%3Dsecurityonline_info-large-billboard-2-713415%26eb_br%3D45a351e981f435b4c20fafca8a5d741c%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D19%26bvm%3D0%26bvr%3D9%26shp%3D3%26br1%3D600%26br2%3D600%26ezoic%3D1%26nmau%3D4%26mau%3D1%26stl%3D26%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26lb%3D1200%26reqt%3D1600349343920&eri=1&cookie=ID%3Df6a1e6958c0f5444-222c8422ddb800a6%3AT%3D1600349339%3AS%3DALNI_MaUv4hlVAR_-a_vi81Fqi4nzZTBPg&bc=31&abxe=1&lmt=1600349343&dt=1600349343922&dlt=1600349338352&idt=1014&frm=20&biw=1600&bih=1200&oid=3&adxs=1181&adys=2530&adks=4008027628&ucis=s&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,20929A|color_text,,000000|color_url,,F0F0F0&ifi=29&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=107&icsg=4236129463697410&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x271&msz=302x264&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1551435357.1600349339&ga_sid=1600349339&ga_hid=1476984913&ga_wpids=UA-124345349-20&fws=4&ohw=302&btvi=11&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

b7988f041b3939181fe71875f7b684a09b1c42da3379a25447362a0f779c3d55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:04 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 223
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 426 B
247 B 465ms
464ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=788064621681489&correlator=2481672473085891&output=ldjh&impl=fif&adsid=NT&eid=21067118%2C21067408%2C21067482%2C21066706&vrg=2020091501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=3&prev_scp=iid7%3D690415%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1107%26sap%3D1107%26a%3D%257C1%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D4%26at%3Dmbf%26adr%3D399%26ezosn%3D2%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dsecurityonline_info-box-1-690415%26eb_br%3D947f1d5169cc7d0f997560e34838fb04%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D14%26bvm%3D0%26bvr%3D4%26shp%3D3%26acptad%3D1%26br1%3D42%26br2%3D260%26ezoic%3D1%26nmau%3D4%26mau%3D2%26stl%3D25%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%2C17%2C20%2C17%2C19%2C20%26lb%3D140%26reqt%3D1600349343970&eri=1&cookie=ID%3Df6a1e6958c0f5444-222c8422ddb800a6%3AT%3D1600349339%3AS%3DALNI_MaUv4hlVAR_-a_vi81Fqi4nzZTBPg&bc=31&abxe=1&lmt=1600349343&dt=1600349343973&dlt=1600349338352&idt=1014&frm=20&biw=1600&bih=1200&oid=3&adxs=1181&adys=1223&adks=4209624997&ucis=t&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,1a0dab|color_text,,545454|color_url,,006621&ifi=30&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=107&icsg=4236129463697410&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x271&msz=302x264&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1551435357.1600349339&ga_sid=1600349339&ga_hid=1476984913&ga_wpids=UA-124345349-20&fws=4&ohw=302&btvi=12&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

1eec85e6f867f4e9222943b88ce703476e2ae79fa2e6cb4c0d3f568ae2ef657c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:04 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 217
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 426 B
252 B 326ms
326ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=788064621681489&correlator=1834365703094291&output=ldjh&impl=fif&adsid=NT&eid=21067118%2C21067408%2C21067482%2C21066706&vrg=2020091501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=3&prev_scp=iid7%3D690415%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1107%26sap%3D1107%26a%3D%257C5%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D4%26at%3Dmbf%26adr%3D399%26ezosn%3D1%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dsecurityonline_info-box-1-690415%26eb_br%3D947f1d5169cc7d0f997560e34838fb04%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D14%26bvm%3D0%26bvr%3D4%26shp%3D3%26acptad%3D1%26br1%3D42%26br2%3D260%26ezoic%3D1%26nmau%3D4%26mau%3D1%26stl%3D77%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%2C17%2C20%2C17%2C19%2C20%26lb%3D140%26reqt%3D1600349343986&eri=1&cookie=ID%3Df6a1e6958c0f5444-222c8422ddb800a6%3AT%3D1600349339%3AS%3DALNI_MaUv4hlVAR_-a_vi81Fqi4nzZTBPg&bc=31&abxe=1&lmt=1600349343&dt=1600349343990&dlt=1600349338352&idt=1014&frm=20&biw=1600&bih=1200&oid=3&adxs=1181&adys=950&adks=77239893&ucis=u&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,20929A|color_text,,000000|color_url,,F0F0F0&ifi=31&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=107&icsg=4236129463697410&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x271&msz=302x264&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1551435357.1600349339&ga_sid=1600349339&ga_hid=1476984913&ga_wpids=UA-124345349-20&fws=4&ohw=302&btvi=0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

7d86f3908700df2c00095c3de5724452c2f5e588df2ea4e427cc83f43eb96abc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:04 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 219
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 426 B
249 B 567ms
567ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=788064621681489&correlator=2648163433826632&output=ldjh&impl=fif&adsid=NT&eid=21067118%2C21067408%2C21067482%2C21066706&vrg=2020091501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=3&prev_scp=iid7%3D690415%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1107%26sap%3D1107%26a%3D%257C6%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D4%26at%3Dmbf%26adr%3D399%26ezosn%3D0%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dsecurityonline_info-box-1-690415%26eb_br%3D947f1d5169cc7d0f997560e34838fb04%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D14%26bvm%3D0%26bvr%3D4%26shp%3D3%26acptad%3D1%26br1%3D42%26br2%3D260%26ezoic%3D1%26nmau%3D4%26mau%3D0%26stl%3D37%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%2C17%2C20%2C17%2C19%2C20%26lb%3D140%26reqt%3D1600349344003&eri=1&cookie=ID%3Df6a1e6958c0f5444-222c8422ddb800a6%3AT%3D1600349339%3AS%3DALNI_MaUv4hlVAR_-a_vi81Fqi4nzZTBPg&bc=31&abxe=1&lmt=1600349344&dt=1600349344005&dlt=1600349338352&idt=1014&frm=20&biw=1600&bih=1200&oid=3&adxs=1181&adys=677&adks=3972398835&ucis=v&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,858585|color_text,,000000|color_url,,F0F0F0&ifi=32&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=107&icsg=4236129463697410&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x271&msz=302x264&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1551435357.1600349339&ga_sid=1600349339&ga_hid=1476984913&ga_wpids=UA-124345349-20&fws=4&ohw=302&btvi=0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

0f6e8d8006ea1ddb553fb843f2e4684a295d0a5224804a0255d9e6c1d64acf79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:04 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 219
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 428 B
247 B 467ms
467ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=788064621681489&correlator=1490371582171428&output=ldjh&impl=fif&adsid=NT&eid=21067118%2C21067408%2C21067482%2C21066706&vrg=2020091501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-leader-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ris=1&rcs=3&prev_scp=iid8%3D707965%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1103%26sap%3D1103%26a%3D%257C5%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D4%26at%3Dmbf%26adr%3D399%26ezosn%3D11%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D37%26al%3D1037%26compid%3D0%26tap%3Dsecurityonline_info-leader-1-707965%26eb_br%3D43aa1607a0c08c74b14a9039e7b909b4%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D0%26bvm%3D2%26bvr%3D7%26shp%3D1%26br1%3D220%26br2%3D450%26ezoic%3D1%26nmau%3D0%26mau%3D0%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%26lb%3D300%26reqt%3D1600349344020&eri=1&cookie=ID%3Df6a1e6958c0f5444-222c8422ddb800a6%3AT%3D1600349339%3AS%3DALNI_MaUv4hlVAR_-a_vi81Fqi4nzZTBPg&bc=31&abxe=1&lmt=1600349344&dt=1600349344022&dlt=1600349338352&idt=1014&frm=20&biw=1600&bih=1200&oid=3&adxs=140&adys=1087&adks=4103646004&ucis=w&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,20929A|color_text,,000000|color_url,,F0F0F0&ifi=33&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=107&icsg=4236129463697410&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=880x97&msz=880x90&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1551435357.1600349339&ga_sid=1600349339&ga_hid=1476984913&ga_wpids=UA-124345349-20&fws=0&ohw=0&btvi=0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

30c8155f669d210323059d33ab35b46dd7dc1dfb002937e8639559818a451f5e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:04 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 217
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 440 B
262 B 530ms
530ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=788064621681489&correlator=3296020349858812&output=ldjh&impl=fif&adsid=NT&eid=21067118%2C21067408%2C21067482%2C21066706&vrg=2020091501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-medrectangle-3&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ris=1&rcs=3&prev_scp=iid8%3D714815%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1112%26sap%3D1112%26a%3D%257C2%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D4%26at%3Dmbf%26adr%3D399%26ezosn%3D4%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D21%26al%3D1021%26compid%3D0%26tap%3Dsecurityonline_info-medrectangle-3-714815%26eb_br%3D76163170a8636ae5b88417f095893e08%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D1%26bvm%3D2%26bvr%3D6%26shp%3D1%26br1%3D400%26br2%3D800%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D39%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26lb%3D550%26reqt%3D1600349344025&eri=1&cookie=ID%3Df6a1e6958c0f5444-222c8422ddb800a6%3AT%3D1600349339%3AS%3DALNI_MaUv4hlVAR_-a_vi81Fqi4nzZTBPg&bc=31&abxe=1&lmt=1600349344&dt=1600349344027&dlt=1600349338352&idt=1014&frm=20&biw=1600&bih=1200&oid=3&adxs=140&adys=852&adks=2766934257&ucis=x&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,37a5d7|color_text,,000000|color_url,,F0F0F0&ifi=34&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=107&icsg=4236129463697410&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=880x97&msz=880x90&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1551435357.1600349339&ga_sid=1600349339&ga_hid=1476984913&ga_wpids=UA-124345349-20&fws=0&ohw=0&btvi=0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

f597adb40b6dfc2be8a03751f5eb44163c97bbd52eb1789af49d4f0b58ab38fc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:04 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 232
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 425 B
246 B 677ms
676ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=788064621681489&correlator=3954231952961999&output=ldjh&impl=fif&adsid=NT&eid=21067118%2C21067408%2C21067482%2C21066706&vrg=2020091501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-box-3&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ris=1&rcs=3&prev_scp=iid8%3D745965%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1104%26sap%3D1104%26a%3D%257C124%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D4%26at%3Dmbf%26adr%3D399%26ezosn%3D5%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D2%26al%3D1002%26compid%3D0%26tap%3Dsecurityonline_info-box-3-745965%26eb_br%3D6dbaa2f5e27e83e2fcd15988d9095988%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D28%26bvm%3D2%26bvr%3D5%26shp%3D1%26br1%3D1600%26br2%3D2400%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D74%26deal1%3D25%2C26%2C23%2C24%2C22%2C23%2C24%2C21%2C22%2C23%2C24%26lb%3D2000%26reqt%3D1600349344036&eri=1&cookie=ID%3Df6a1e6958c0f5444-222c8422ddb800a6%3AT%3D1600349339%3AS%3DALNI_MaUv4hlVAR_-a_vi81Fqi4nzZTBPg&bc=31&abxe=1&lmt=1600349344&dt=1600349344039&dlt=1600349338352&idt=1014&frm=20&biw=1600&bih=1200&oid=3&adxs=141&adys=513&adks=1835722818&ucis=y&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,FF0000|color_text,,000000|color_url,,FF0000&ifi=35&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=107&icsg=4236129463697410&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=880x99&msz=882x92&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1551435357.1600349339&ga_sid=1600349339&ga_hid=1476984913&ga_wpids=UA-124345349-20&fws=4&ohw=882&btvi=0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

a0b598d86fe0c2e62c5dc4a56ee45fd9978a903d51405554953b74a1612f7446

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:04 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 216
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
0 38ms
38ms Fetch
image/gif 2a00:1450:4001:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=gfp_cw_status&domain=securityonline.info&host=securityonline.info&success=1

Requested by

Host: securityonline.info
URL: https://securityonline.info/detroitchicago/tulsa.js?gcb=191-2&cb=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Sep 2020 13:29:04 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 204
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 330 B
169 B 177ms
177ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=788064621681489&correlator=785768910879739&output=ldjh&impl=fif&adsid=NT&eid=21067118%2C21067408%2C21067482%2C21066706&vrg=2020091501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-large-billboard-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=2&prev_scp=iid8%3D713415%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C1%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D6%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1034%26compid%3D0%26tap%3Dsecurityonline_info-large-billboard-2-713415%26eb_br%3D6e85b37de1b1ffc2593baa5d6e4b02fc%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D19%26bvm%3D0%26bvr%3D9%26shp%3D3%26br1%3D450%26br2%3D600%26ezoic%3D1%26nmau%3D4%26mau%3D0%26stl%3D27%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26lb%3D600%26reqt%3D1600349344153&eri=1&cookie=ID%3Dd94f6cb5601a0488%3AT%3D1600349339%3AS%3DALNI_MaFRsd8Y8krtsW-spPPPgMU5Pd_1A&bc=31&abxe=1&lmt=1600349344&dt=1600349344155&dlt=1600349338352&idt=1014&frm=20&biw=1600&bih=1200&oid=3&adxs=1181&adys=2257&adks=3088204122&ucis=z&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,1a0dab|color_text,,545454|color_url,,006621&ifi=36&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=107&icsg=4236129463697410&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x271&msz=302x264&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1551435357.1600349339&ga_sid=1600349339&ga_hid=1476984913&ga_wpids=UA-124345349-20&fws=4&ohw=302&btvi=13&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

74e2a6bc47d860be768dd3b9fbe29f00b49c574f71be938ce4b28917ec3d8980

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:04 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 136
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 445 B
273 B 356ms
356ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=788064621681489&correlator=2286452119844195&output=ldjh&impl=fif&adsid=NT&eid=21067118%2C21067408%2C21067482%2C21066706&vrg=2020091501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-large-billboard-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=5&rcs=1&prev_scp=iid8%3D713415%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C6%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D8%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1034%26compid%3D0%26tap%3Dsecurityonline_info-large-billboard-2-713415%26eb_br%3D45a351e981f435b4c20fafca8a5d741c%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D19%26bvm%3D0%26bvr%3D9%26shp%3D3%26br1%3D600%26br2%3D600%26ezoic%3D1%26nmau%3D4%26mau%3D2%26stl%3D32%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26lb%3D1200%26reqt%3D1600349344203&eri=1&cookie=ID%3Dac768cc71f614ccc-22c6a914ddb800ae%3AT%3D1600349339%3AS%3DALNI_MabDkTTy9tbrqOWB4dzrxHY6i2CEQ&bc=31&abxe=1&lmt=1600349344&dt=1600349344205&dlt=1600349338352&idt=1014&frm=20&biw=1600&bih=1200&oid=3&adxs=1181&adys=2803&adks=1594893794&ucis=10&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,858585|color_text,,000000|color_url,,F0F0F0&ifi=37&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=107&icsg=4236129463697410&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x271&msz=302x264&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1551435357.1600349339&ga_sid=1600349339&ga_hid=1476984913&ga_wpids=UA-124345349-20&fws=4&ohw=302&btvi=14&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

83ede2da0acdef6df84879e99fbf599b5407d35337bfd10970bc7f38e8fb83e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:04 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 239
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 427 B
253 B 326ms
325ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=788064621681489&correlator=2560261367394315&output=ldjh&impl=fif&adsid=NT&eid=21067118%2C21067408%2C21067482%2C21066706&vrg=2020091501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=3&prev_scp=iid7%3D690415%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1107%26sap%3D1107%26a%3D%257C251%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D4%26at%3Dmbf%26adr%3D399%26ezosn%3D3%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dsecurityonline_info-box-1-690415%26eb_br%3D947f1d5169cc7d0f997560e34838fb04%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D14%26bvm%3D0%26bvr%3D4%26shp%3D3%26acptad%3D1%26br1%3D42%26br2%3D260%26ezoic%3D1%26nmau%3D4%26mau%3D3%26stl%3D77%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%2C17%2C20%2C17%2C19%2C20%26lb%3D140%26reqt%3D1600349344286&eri=1&cookie=ID%3Dac768cc71f614ccc-22c6a914ddb800ae%3AT%3D1600349339%3AS%3DALNI_MabDkTTy9tbrqOWB4dzrxHY6i2CEQ&bc=31&abxe=1&lmt=1600349344&dt=1600349344288&dlt=1600349338352&idt=1014&frm=20&biw=1600&bih=1200&oid=3&adxs=1181&adys=1496&adks=857680164&ucis=11&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,0C9C11|color_text,,000000|color_url,,0C9C11&ifi=38&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=107&icsg=4236129463697410&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x271&msz=302x264&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1551435357.1600349339&ga_sid=1600349339&ga_hid=1476984913&ga_wpids=UA-124345349-20&fws=4&ohw=302&btvi=15&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

69c996cd5e97b7b07aa5a7f13959c14d4d0b64554ff95f01b3dd395e504cbf57

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:04 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 223
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 337 B
177 B 233ms
232ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=788064621681489&correlator=3143938218518053&output=ldjh&impl=fif&adsid=NT&eid=21067118%2C21067408%2C21067482%2C21066706&vrg=2020091501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-large-billboard-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=2&prev_scp=iid8%3D713415%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C5%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D7%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1034%26compid%3D0%26tap%3Dsecurityonline_info-large-billboard-2-713415%26eb_br%3D6e85b37de1b1ffc2593baa5d6e4b02fc%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D19%26bvm%3D0%26bvr%3D9%26shp%3D3%26br1%3D450%26br2%3D600%26ezoic%3D1%26nmau%3D4%26mau%3D1%26stl%3D26%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26lb%3D600%26reqt%3D1600349344436&eri=1&cookie=ID%3Df6a1e6958c0f5444%3AT%3D1600349339%3AS%3DALNI_Ma8OLpxzT97v00odWJscVXg23HKJg&bc=31&abxe=1&lmt=1600349344&dt=1600349344439&dlt=1600349338352&idt=1014&frm=20&biw=1600&bih=1200&oid=3&adxs=1181&adys=2530&adks=4008027628&ucis=12&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,20929A|color_text,,000000|color_url,,F0F0F0&ifi=39&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=107&icsg=4236129463697410&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x271&msz=302x264&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1551435357.1600349339&ga_sid=1600349339&ga_hid=1476984913&ga_wpids=UA-124345349-20&fws=4&ohw=302&btvi=16&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

3920912a895730ad382ca483cb5d0660daec21c548fe3e5d08de06bb7f14a53d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:04 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 144
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 53 KB
12 KB 327ms
325ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=788064621681489&correlator=2081464752964159&output=ldjh&impl=fif&adsid=NT&eid=21067118%2C21067408%2C21067482%2C21066706&vrg=2020091501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=4&prev_scp=iid7%3D690415%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1107%26sap%3D1107%26a%3D%257C1%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D5%26at%3Dmbf%26adr%3D399%26ezosn%3D2%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dsecurityonline_info-box-1-690415%26eb_br%3D9c3e4ee8eae7f1433cb2fe69b1326605%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D14%26bvm%3D0%26bvr%3D4%26shp%3D3%26acptad%3D1%26br1%3D4%26br2%3D260%26ezoic%3D1%26nmau%3D4%26mau%3D2%26stl%3D25%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%2C17%2C20%2C17%2C19%2C20%2C17%2C18%2C19%2C20%26lb%3D42%26reqt%3D1600349344486&eri=1&cookie=ID%3Df6a1e6958c0f5444%3AT%3D1600349339%3AS%3DALNI_Ma8OLpxzT97v00odWJscVXg23HKJg&bc=31&abxe=1&lmt=1600349344&dt=1600349344488&dlt=1600349338352&idt=1014&frm=20&biw=1600&bih=1200&oid=3&adxs=1181&adys=1223&adks=4209624997&ucis=13&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,1a0dab|color_text,,545454|color_url,,006621&ifi=40&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=107&icsg=4236129463697410&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x271&msz=302x264&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1551435357.1600349339&ga_sid=1600349339&ga_hid=1476984913&ga_wpids=UA-124345349-20&fws=4&ohw=302&btvi=17&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

7efb77fa31d4f0639bf78693129c814560409f835d429effdbdc4abdf7224aef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:04 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11995
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 80 KB
27 KB 464ms
464ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=788064621681489&correlator=4291611997497774&output=ldjh&impl=fif&adsid=NT&eid=21067118%2C21067408%2C21067482%2C21066706&vrg=2020091501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=4&prev_scp=iid7%3D690415%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1107%26sap%3D1107%26a%3D%257C5%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D5%26at%3Dmbf%26adr%3D399%26ezosn%3D1%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dsecurityonline_info-box-1-690415%26eb_br%3D9c3e4ee8eae7f1433cb2fe69b1326605%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D14%26bvm%3D0%26bvr%3D4%26shp%3D3%26acptad%3D1%26br1%3D4%26br2%3D260%26ezoic%3D1%26nmau%3D4%26mau%3D1%26stl%3D77%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%2C17%2C20%2C17%2C19%2C20%2C17%2C18%2C19%2C20%26lb%3D42%26reqt%3D1600349344503&eri=1&cookie=ID%3Df6a1e6958c0f5444%3AT%3D1600349339%3AS%3DALNI_Ma8OLpxzT97v00odWJscVXg23HKJg&bc=31&abxe=1&lmt=1600349344&dt=1600349344506&dlt=1600349338352&idt=1014&frm=20&biw=1600&bih=1200&oid=3&adxs=1181&adys=950&adks=77239893&ucis=14&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,20929A|color_text,,000000|color_url,,F0F0F0&ifi=41&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=107&icsg=4236129463697410&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x271&msz=302x264&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1551435357.1600349339&ga_sid=1600349339&ga_hid=1476984913&ga_wpids=UA-124345349-20&fws=4&ohw=302&btvi=0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

0f03971bddcdd815bf89ead6fec3702b26aa7d0361e6109b3139f1a4e86b9c28

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1630999715218985246/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1630999715218985246/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CNDpy_Gl8OsCFT3BEQgdmrAIRw&gqi=&layout=/sadbundle/%24csp%253Der3%24/1630999715218985246/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1630999715218985246/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1630999715218985246/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CNDpy_Gl8OsCFT3BEQgdmrAIRw&gqi=&layout=/sadbundle/%24csp%253Der3%24/1630999715218985246/index.html
content-encoding: br
x-content-type-options: nosniff
google-creative-id: -1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26527
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
date: Thu, 17 Sep 2020 13:29:04 GMT
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 321 B
160 B 288ms
287ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=788064621681489&correlator=1377407803538975&output=ldjh&impl=fif&adsid=NT&eid=21067118%2C21067408%2C21067482%2C21066706&vrg=2020091501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-leader-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ris=1&rcs=4&prev_scp=iid8%3D707965%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1103%26sap%3D1103%26a%3D%257C5%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D5%26at%3Dmbf%26adr%3D399%26ezosn%3D11%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D37%26al%3D1037%26compid%3D0%26tap%3Dsecurityonline_info-leader-1-707965%26eb_br%3D9ae587f95e95c876b7b76fd4c72a3838%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D0%26bvm%3D2%26bvr%3D7%26shp%3D1%26br1%3D180%26br2%3D450%26ezoic%3D1%26nmau%3D0%26mau%3D0%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%2C20%26lb%3D220%26reqt%3D1600349344536&eri=1&cookie=ID%3Df6a1e6958c0f5444%3AT%3D1600349339%3AS%3DALNI_Ma8OLpxzT97v00odWJscVXg23HKJg&bc=31&abxe=1&lmt=1600349344&dt=1600349344539&dlt=1600349338352&idt=1014&frm=20&biw=1600&bih=1200&oid=3&adxs=140&adys=1087&adks=4103646004&ucis=15&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,20929A|color_text,,000000|color_url,,F0F0F0&ifi=42&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=107&icsg=4236129463697410&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=880x97&msz=880x90&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1551435357.1600349339&ga_sid=1600349339&ga_hid=1476984913&ga_wpids=UA-124345349-20&fws=0&ohw=0&btvi=0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

718b16b1a4b2f031416fce43324283ed713bd43a4fa0aab40f099b590e8d53d6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:04 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 333 B
180 B 737ms
737ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=788064621681489&correlator=488390918945003&output=ldjh&impl=fif&adsid=NT&eid=21067118%2C21067408%2C21067482%2C21066706&vrg=2020091501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-medrectangle-3&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ris=1&rcs=4&prev_scp=iid8%3D714815%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1112%26sap%3D1112%26a%3D%257C2%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D5%26at%3Dmbf%26adr%3D399%26ezosn%3D4%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D21%26al%3D1021%26compid%3D0%26tap%3Dsecurityonline_info-medrectangle-3-714815%26eb_br%3D9e0a1ce5b2455cb9b48d5df4c6bf4053%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D1%26bvm%3D2%26bvr%3D6%26shp%3D1%26br1%3D350%26br2%3D800%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D39%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26lb%3D400%26reqt%3D1600349344570&eri=1&cookie=ID%3Dac768cc71f614ccc%3AT%3D1600349339%3AS%3DALNI_MY0AyalwNmzVGg6jvU7QHecZr7ZYw&bc=31&abxe=1&lmt=1600349344&dt=1600349344573&dlt=1600349338352&idt=1014&frm=20&biw=1600&bih=1200&oid=3&adxs=140&adys=852&adks=2766934257&ucis=16&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,37a5d7|color_text,,000000|color_url,,F0F0F0&ifi=43&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=107&icsg=4236129463697410&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=880x97&msz=880x90&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1551435357.1600349339&ga_sid=1600349339&ga_hid=1476984913&ga_wpids=UA-124345349-20&fws=0&ohw=0&btvi=0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

cc36b43380bb432c4bf7072bed0563f023a99360140d28bb1cd0f1a04e0e72f4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:05 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 147
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 331 B
184 B 313ms
313ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=788064621681489&correlator=3272918701723233&output=ldjh&impl=fif&adsid=NT&eid=21067118%2C21067408%2C21067482%2C21066706&vrg=2020091501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-large-billboard-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=5&rcs=1&prev_scp=iid8%3D713415%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C3%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D9%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1034%26compid%3D0%26tap%3Dsecurityonline_info-large-billboard-2-713415%26eb_br%3D45a351e981f435b4c20fafca8a5d741c%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D19%26bvm%3D0%26bvr%3D9%26shp%3D3%26br1%3D600%26br2%3D600%26ezoic%3D1%26nmau%3D4%26mau%3D3%26stl%3D23%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26lb%3D1200%26reqt%3D1600349344586&eri=1&cookie=ID%3Df6a1e6958c0f5444%3AT%3D1600349339%3AS%3DALNI_Ma8OLpxzT97v00odWJscVXg23HKJg&bc=31&abxe=1&lmt=1600349344&dt=1600349344588&dlt=1600349338352&idt=1014&frm=20&biw=1600&bih=1200&oid=3&adxs=1181&adys=3076&adks=3075149205&ucis=17&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,0000FF|color_text,,000000|color_url,,828282&ifi=44&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=107&icsg=4236129463697410&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x271&msz=302x264&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1551435357.1600349339&ga_sid=1600349339&ga_hid=1476984913&ga_wpids=UA-124345349-20&fws=4&ohw=302&btvi=18&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

fd2184b90a781b497f7b7453769b35f21fc1f43c838719bf034842e402fd574e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:04 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 138
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 45 KB
11 KB 388ms
388ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=788064621681489&correlator=588227326937741&output=ldjh&impl=fif&adsid=NT&eid=21067118%2C21067408%2C21067482%2C21066706&vrg=2020091501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=4&prev_scp=iid7%3D690415%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1107%26sap%3D1107%26a%3D%257C6%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D5%26at%3Dmbf%26adr%3D399%26ezosn%3D0%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dsecurityonline_info-box-1-690415%26eb_br%3D9c3e4ee8eae7f1433cb2fe69b1326605%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D14%26bvm%3D0%26bvr%3D4%26shp%3D3%26acptad%3D1%26br1%3D4%26br2%3D260%26ezoic%3D1%26nmau%3D4%26mau%3D0%26stl%3D37%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%2C17%2C20%2C17%2C19%2C20%2C17%2C18%2C19%2C20%26lb%3D42%26reqt%3D1600349344592&eri=1&cookie=ID%3Df6a1e6958c0f5444%3AT%3D1600349339%3AS%3DALNI_Ma8OLpxzT97v00odWJscVXg23HKJg&bc=31&abxe=1&lmt=1600349344&dt=1600349344594&dlt=1600349338352&idt=1014&frm=20&biw=1600&bih=1200&oid=3&adxs=1181&adys=677&adks=3972398835&ucis=18&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,858585|color_text,,000000|color_url,,F0F0F0&ifi=45&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=107&icsg=4236129463697410&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x271&msz=302x264&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1551435357.1600349339&ga_sid=1600349339&ga_hid=1476984913&ga_wpids=UA-124345349-20&fws=4&ohw=302&btvi=0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

b0795974bad7a0e903ee6da82d2269e01d97508a93bf6052028e318116baabe7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:04 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11019
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 331 B
167 B 1445ms
1444ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=788064621681489&correlator=2466915462639973&output=ldjh&impl=fif&adsid=NT&eid=21067118%2C21067408%2C21067482%2C21066706&vrg=2020091501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-large-billboard-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=3&prev_scp=iid8%3D713415%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C1%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D4%26at%3Dmbf%26adr%3D399%26ezosn%3D6%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1034%26compid%3D0%26tap%3Dsecurityonline_info-large-billboard-2-713415%26eb_br%3Dc16fac08e79a971524b1c6834f5caad3%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D19%26bvm%3D0%26bvr%3D9%26shp%3D3%26br1%3D280%26br2%3D600%26ezoic%3D1%26nmau%3D4%26mau%3D0%26stl%3D27%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%26lb%3D450%26reqt%3D1600349344670&eri=1&cookie=ID%3Dac768cc71f614ccc%3AT%3D1600349339%3AS%3DALNI_MY0AyalwNmzVGg6jvU7QHecZr7ZYw&bc=31&abxe=1&lmt=1600349344&dt=1600349344673&dlt=1600349338352&idt=1014&frm=20&biw=1600&bih=1200&oid=3&adxs=1181&adys=2257&adks=3088204122&ucis=19&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,1a0dab|color_text,,545454|color_url,,006621&ifi=46&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=107&icsg=4236129463697410&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x271&msz=302x264&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1551435357.1600349339&ga_sid=1600349339&ga_hid=1476984913&ga_wpids=UA-124345349-20&fws=4&ohw=302&btvi=19&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

433ae9d2590e64a0d8e67befa4bc3f107d30b8c1ee0937c970fee47c98aa7d69

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:06 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 138
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 331 B
166 B 358ms
358ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=788064621681489&correlator=3253744180824554&output=ldjh&impl=fif&adsid=NT&eid=21067118%2C21067408%2C21067482%2C21066706&vrg=2020091501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-large-billboard-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=2&prev_scp=iid8%3D713415%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C6%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D8%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1034%26compid%3D0%26tap%3Dsecurityonline_info-large-billboard-2-713415%26eb_br%3D6e85b37de1b1ffc2593baa5d6e4b02fc%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D19%26bvm%3D0%26bvr%3D9%26shp%3D3%26br1%3D450%26br2%3D600%26ezoic%3D1%26nmau%3D4%26mau%3D2%26stl%3D32%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26lb%3D600%26reqt%3D1600349344722&eri=1&cookie=ID%3Df6a1e6958c0f5444%3AT%3D1600349339%3AS%3DALNI_Ma8OLpxzT97v00odWJscVXg23HKJg&bc=31&abxe=1&lmt=1600349344&dt=1600349344724&dlt=1600349338352&idt=1014&frm=20&biw=1600&bih=1200&oid=3&adxs=1181&adys=2803&adks=1594893794&ucis=1a&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,858585|color_text,,000000|color_url,,F0F0F0&ifi=47&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=107&icsg=4236129463697410&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x271&msz=302x264&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1551435357.1600349339&ga_sid=1600349339&ga_hid=1476984913&ga_wpids=UA-124345349-20&fws=4&ohw=302&btvi=20&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

f4318580c08e089a57c757f55fb4ccaa582e9e8893da14d34e53238f7e24d49e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:05 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 137
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 324 B
300 B 249ms
249ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=788064621681489&correlator=4145148237856070&output=ldjh&impl=fif&adsid=NT&eid=21067118%2C21067408%2C21067482%2C21066706&vrg=2020091501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-box-3&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ris=1&rcs=4&prev_scp=iid8%3D745965%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1104%26sap%3D1104%26a%3D%257C124%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D5%26at%3Dmbf%26adr%3D399%26ezosn%3D5%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D2%26al%3D1002%26compid%3D0%26tap%3Dsecurityonline_info-box-3-745965%26eb_br%3D04b5efc3207e2390972f099a6a3c4757%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D28%26bvm%3D2%26bvr%3D5%26shp%3D1%26br1%3D1400%26br2%3D2400%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D74%26deal1%3D25%2C26%2C23%2C24%2C22%2C23%2C24%2C21%2C22%2C23%2C24%2C21%2C22%2C23%2C24%26lb%3D1600%26reqt%3D1600349344736&eri=1&cookie=ID%3Df6a1e6958c0f5444%3AT%3D1600349339%3AS%3DALNI_Ma8OLpxzT97v00odWJscVXg23HKJg&bc=31&abxe=1&lmt=1600349344&dt=1600349344739&dlt=1600349338352&idt=1014&frm=20&biw=1600&bih=1200&oid=3&adxs=141&adys=513&adks=1835722818&ucis=1b&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,FF0000|color_text,,000000|color_url,,FF0000&ifi=48&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=107&icsg=4236129463697410&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=880x99&msz=882x92&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1551435357.1600349339&ga_sid=1600349339&ga_hid=1476984913&ga_wpids=UA-124345349-20&fws=4&ohw=882&btvi=0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

02d8f6fd229e7038357d2c7f30f3cd933ff97e2d59563231364f7b42708b0f6b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:04 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 137
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 46 KB
11 KB 466ms
466ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=788064621681489&correlator=3709958810643380&output=ldjh&impl=fif&adsid=NT&eid=21067118%2C21067408%2C21067482%2C21066706&vrg=2020091501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=4&prev_scp=iid7%3D690415%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1107%26sap%3D1107%26a%3D%257C251%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D5%26at%3Dmbf%26adr%3D399%26ezosn%3D3%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dsecurityonline_info-box-1-690415%26eb_br%3D9c3e4ee8eae7f1433cb2fe69b1326605%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D14%26bvm%3D0%26bvr%3D4%26shp%3D3%26acptad%3D1%26br1%3D4%26br2%3D260%26ezoic%3D1%26nmau%3D4%26mau%3D3%26stl%3D77%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%2C17%2C20%2C17%2C19%2C20%2C17%2C18%2C19%2C20%26lb%3D42%26reqt%3D1600349344803&eri=1&cookie=ID%3Df6a1e6958c0f5444%3AT%3D1600349339%3AS%3DALNI_Ma8OLpxzT97v00odWJscVXg23HKJg&bc=31&abxe=1&lmt=1600349344&dt=1600349344805&dlt=1600349338352&idt=1014&frm=20&biw=1600&bih=1200&oid=3&adxs=1181&adys=1496&adks=857680164&ucis=1c&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,0C9C11|color_text,,000000|color_url,,0C9C11&ifi=49&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=107&icsg=4236129463697410&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x271&msz=302x264&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1551435357.1600349339&ga_sid=1600349339&ga_hid=1476984913&ga_wpids=UA-124345349-20&fws=4&ohw=302&btvi=21&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

37e5670a4f112c9686c9058052e344c440096933a31fa916680d8e6833164c5e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:05 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11601
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/012009010507000/ Frame 62BB 206 KB
57 KB 30ms
5ms Script
text/javascript 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

12a24c1feb4b8e8e3872a9fedee80fcce55a6f59b14607d640fcf4f3054ec43e

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 17141
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 57296
x-xss-protection: 0
server: sffe
date: Thu, 17 Sep 2020 08:43:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "9e379dcbf00ec980"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 17 Sep 2021 08:43:23 GMT

GET
H2 200 amp-ad-exit-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame 62BB 16 KB
6 KB 48ms
24ms Script
text/javascript 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-ad-exit-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d337aa4ea0cace6bd743ef8c3b5d1d20e6e676bb4a650c7335a7383635529f31

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 109115
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5755
x-xss-protection: 0
server: sffe
date: Wed, 16 Sep 2020 07:10:29 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "c8394c73e5080432"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Sep 2021 07:10:29 GMT

GET
H2 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame 62BB 95 KB
29 KB 47ms
23ms Script
text/javascript 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-analytics-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

76a8c8ef4cde9cbd17bbaecf11ee316fab4e55cc661093e4b2d80a4e1ff52897

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 17192
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29275
x-xss-protection: 0
server: sffe
date: Thu, 17 Sep 2020 08:42:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "56557b91d9fb04b1"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 17 Sep 2021 08:42:32 GMT

GET
H2 200 amp-fit-text-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame 62BB 4 KB
2 KB 45ms
21ms Script
text/javascript 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-fit-text-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6fca0b40781598023aed9b45225711771eafce8f14392a49d6ed57d567255002

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 109037
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1795
x-xss-protection: 0
server: sffe
date: Wed, 16 Sep 2020 07:11:47 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "b0cc102b09e8903d"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Sep 2021 07:11:47 GMT

GET
H2 200 amp-form-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame 62BB 47 KB
14 KB 37ms
13ms Script
text/javascript 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-form-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

21cb9221d772cfd0d3de7240fe5c07ee1c06b9bd945111a2e0491ae243eb0b41

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 109024
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14591
x-xss-protection: 0
server: sffe
date: Wed, 16 Sep 2020 07:12:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "4ca25f57e218a94a"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Sep 2021 07:12:00 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 62BB 7 KB
821 B 16ms
15ms Stylesheet
text/css 2a00:1450:4001:819::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d0cbfb1ab0f94123834567e32df7ec74a1c210793f797368d41a4b4c2732d4a0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 17 Sep 2020 12:57:59 GMT
server: ESF
date: Thu, 17 Sep 2020 13:29:04 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 17 Sep 2020 13:29:04 GMT

GET
H2 200 2076313506083323656
tpc.googlesyndication.com/simgad/2691126725077084152/ Frame 62BB 34 KB
34 KB 7ms
7ms Image
image/jpeg 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/2691126725077084152/2076313506083323656

Requested by

Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6adf216069233fd43e602d51678a3da39c0d6031602632018a286e52986f07b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 22:16:02 GMT
x-content-type-options: nosniff
age: 54782
x-dns-prefetch-control: off
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34347
x-xss-protection: 0
last-modified: Tue, 30 Jun 2020 21:43:22 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Sep 2021 22:16:02 GMT

GET
H2 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/2728880709648373916/ Frame 62BB 3 KB
3 KB 6ms
6ms Image
image/png 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/2728880709648373916/downsize_200k_v1?w=300&h=300

Requested by

Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

48879327b3535e06a37995c1f39ef7cceb47fad6c4f45c92f032253648f23abd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 14 Sep 2020 12:28:13 GMT
x-content-type-options: nosniff
age: 262851
x-dns-prefetch-control: off
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2933
x-xss-protection: 0
last-modified: Fri, 02 Nov 2018 19:16:19 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 14 Sep 2021 12:28:13 GMT

GET
DATA 200
OK truncated
/ Frame 62BB 221 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 613603afe8c5203c59d7f9df1cbac87109df7ffdf245fd20becfa6bd95b92155

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 62BB 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e23f4847ac9205351df0e7c4d473f86c4fbf399c90a348ec8f06e02290eb8b77

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 62BB 2 KB
3 KB 9ms
7ms Image
image/png 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 17 Sep 2020 11:08:58 GMT
x-content-type-options: nosniff
server: cafe
age: 8406
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Fri, 18 Sep 2020 11:08:58 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 62BB 295 B
511 B 9ms
6ms Image
image/png 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 16 Sep 2020 21:26:58 GMT
x-content-type-options: nosniff
server: cafe
age: 57726
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Thu, 17 Sep 2020 21:26:58 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 62BB 0
0 15ms
13ms Image
text/html 2a00:1450:4001:825::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaT_ZlY928-u9DFUIG0GqBCBK12ea2MTtAY6gV3BOm4qgW6qsbAiMa6yniRtX_QlF9JZZsrr8n0zn1q2hbbZG40H8x6G0w
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:825::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 62BB 0
0 58ms
56ms Image
text/html 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CwVOtoGRjX_SiIcepgQfMr73QAp_W6IVfpNGgiaUMv-EeEAEg9PnGJWCRhJOF_BegAdOb7-YDyAEJ4AIAqAMByAMKqgS2Ak_QK3lNwbqvEYltQ50Tc1muiDdWbfAkT6K9GuBri-tlEBhp7BvWmmYMwntlBm8igQGmg2IANb5JSLa2zEcZpG4TcN_TwBaGMRjTg68QlaomeCfqLSqFiPjsvsndqJB6wf2CGWR66UkpvJrHayxma-SsgObmNdX7BwVdrGxx6IXFux6dL56UyZJwTSMbt60jTJvWrEWKQZgJRcRczCCKtapgiXsZV035bQnlaPARHwkJ1ZjXRbKOkJjmqnSNF8ViPm2u60J2N2YlBk2tXRw4czamUs4iBa3ty2mNSrL3__X_nWCM1zmjQzdoOSrusCHlC0LjdBv4bA9Cq2axME_rqcm8wvMhjLda3MeQC0iVTHaxJ29ulJhaUI86NgjZ_4ANmoz4Ykr_4tV2Gm1KjQJQMdBTvt7JTQfABLzv5qiFA-AEAZIFBAgEGAGSBQQIBRgEoAYugAfP2NY3qAeOzhuoB9XJG6gHk9gbqAe6BqgH8NkbqAfy2RuoB6a-G6gH7NUb2AcA8gcEELvjBNIICQiA4YAQEAEYHfIIG2FkeC1zdWJzeW4tNDc3NjA2MzE1ODI0MjU4OIAKA8gLAbIMFHB1Yi02Mzk2ODQ0NzQyNDk3MjA42BMCiBQB&sigh=H-m54uQXBu4&template_id=484&tpd=AGWhJmujOynEPqyjLztOSRfwWc8Nxkkv5DwmSsYLPCnvTJXJ9Q
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 172.217.23.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s18-in-f130.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H2 200 28687274 Show response
g.ezoic.net/dac/ 0
93 B 79ms
24ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezoic.net/dac/28687274
Requested by: Host: securityonline.info
URL: https://securityonline.info/porpoiseant/banger.js?cb=191-2&bv=86&v=35&PageSpeed=off
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:04 GMT
server: nginx/1.16.0
status: 200
vary: Accept-Encoding
content-type: text/plain
access-control-allow-origin: *
cache-control: max-age=3600, public
content-length: 0

GET
H2 200 greenoaks.gif
securityonline.info/detroitchicago/ 43 B
77 B 33ms
29ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiJmNzIxOWM2ZC0wMzYzLTQ3YzYtN2NmMy0zYzA4MmY3MTYyMWEiLCJkb21haW5faWQiOiIxMjQ1MzMiLCJ0X2Vwb2NoIjoxNjAwMzQ5MzM2LCJkYXRhIjpbeyJuYW1lIjoidGltZXJfZmlyc3RfYWRfbG9hZCIsInZhbCI6IjY0ODQifV19XQ==
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:04 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:29:04 UTC

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
77 B 33ms
30ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjkwNDE1IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1ib3gtMS0wXzIiLCJ0X2Vwb2NoIjoxNjAwMzQ5MzM2LCJhZF9wb3NpdGlvbiI6MTEwNywiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6Ik5MIiwicGFnZXZpZXdfaWQiOiJmNzIxOWM2ZC0wMzYzLTQ3YzYtN2NmMy0zYzA4MmY3MTYyMWEiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjAsImNyZWF0aXZlX2lkIjowLCJkYXRhIjpbeyJuYW1lIjoicmVmcmVzaF9jb3VudCIsInZhbCI6IjUifV19LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjkwNDE1IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1ib3gtMS0wXzIiLCJ0X2Vwb2NoIjoxNjAwMzQ5MzM2LCJhZF9wb3NpdGlvbiI6MTEwNywiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6Ik5MIiwicGFnZXZpZXdfaWQiOiJmNzIxOWM2ZC0wMzYzLTQ3YzYtN2NmMy0zYzA4MmY3MTYyMWEiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjAsImNyZWF0aXZlX2lkIjowLCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX2JpZF9oYXNoIiwidmFsIjoiOWMzZTRlZThlYWU3ZjE0MzNjYjJmZTY5YjEzMjY2MDUifV19LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjkwNDE1IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1ib3gtMS0wXzIiLCJ0X2Vwb2NoIjoxNjAwMzQ5MzM2LCJyZXZlbnVlIjowLCJlc3RfcmV2ZW51ZSI6MC4wMDAwNCwiYWRfcG9zaXRpb24iOjExMDcsImFkX3NpemUiOiIiLCJiaWRfZmxvb3JfZmlsbGVkIjowLjAwMDA0LCJiaWRfZmxvb3JfcHJldiI6MC4wMDA0Miwic3RhdF9zb3VyY2VfaWQiOjM1LCJjb3VudHJ5X2NvZGUiOiJOTCIsInBhZ2V2aWV3X2lkIjoiZjcyMTljNmQtMDM2My00N2M2LTdjZjMtM2MwODJmNzE2MjFhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjowLCJjcmVhdGl2ZV9pZCI6MCwiZGF0YSI6W3sibmFtZSI6ImxvYWRlZCIsInZhbCI6IjEifV19LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjkwNDE1IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1ib3gtMS0wXzIiLCJ0X2Vwb2NoIjoxNjAwMzQ5MzM2LCJhZF9wb3NpdGlvbiI6MTEwNywiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6Ik5MIiwicGFnZXZpZXdfaWQiOiJmNzIxOWM2ZC0wMzYzLTQ3YzYtN2NmMy0zYzA4MmY3MTYyMWEiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjAsImNyZWF0aXZlX2lkIjowLCJkYXRhIjpbeyJuYW1lIjoiY3JlYXRpdmVfaWQiLCJ2YWwiOiIxMzgzMTAwNDM1MTcifV19LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjkwNDE1IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1ib3gtMS0wXzIiLCJ0X2Vwb2NoIjoxNjAwMzQ5MzM2LCJhZF9wb3NpdGlvbiI6MTEwNywiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6Ik5MIiwicGFnZXZpZXdfaWQiOiJmNzIxOWM2ZC0wMzYzLTQ3YzYtN2NmMy0zYzA4MmY3MTYyMWEiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjAsImNyZWF0aXZlX2lkIjowLCJkYXRhIjpbeyJuYW1lIjoibGluZWl0ZW1faWQiLCJ2YWwiOiIyODY4NzI3NCJ9XX1d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:04 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:29:04 UTC

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
123 B 32ms
29ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjkwNDE1IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1ib3gtMS0wXzIiLCJ0X2Vwb2NoIjoxNjAwMzQ5MzM2LCJhZF9wb3NpdGlvbiI6MTEwNywiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6Ik5MIiwicGFnZXZpZXdfaWQiOiJmNzIxOWM2ZC0wMzYzLTQ3YzYtN2NmMy0zYzA4MmY3MTYyMWEiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjAsImNyZWF0aXZlX2lkIjowLCJkYXRhIjpbeyJuYW1lIjoidF9sb2NhbF9kYXRlIiwidmFsIjoiMjAyMC0wOS0xNyJ9LHsibmFtZSI6InRfbG9jYWxfaG91ciIsInZhbCI6IjE1In0seyJuYW1lIjoidF9sb2NhbF9kYXlfb2Zfd2VlayIsInZhbCI6IjQifSx7Im5hbWUiOiJ0X2xvY2FsX3RpbWV6b25lIiwidmFsIjoiLTEyMCJ9XX1d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:04 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:29:04 UTC

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
77 B 33ms
30ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiNjkwNDE1IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1ib3gtMS0wXzIiLCJ0X2Vwb2NoIjoxNjAwMzQ5MzM2LCJhdWN0aW9uX2Vwb2NoIjoxNjAwMzQ5MzQ1LCJhZF9wb3NpdGlvbiI6MTEwNywiY291bnRyeV9jb2RlIjoiTkwiLCJwYWdldmlld19pZCI6ImY3MjE5YzZkLTAzNjMtNDdjNi03Y2YzLTNjMDgyZjcxNjIxYSIsImJpZF9mbG9vcl9pbml0aWFsIjo1MDAsImJpZF9mbG9vcl9wcmV2Ijo0MiwiYmlkX2Zsb29yX2ZpbGxlZCI6NCwiYXVjdGlvbl9jb3VudCI6NSwicmVmcmVzaF9hZF9jb3VudCI6MCwiYXVjdGlvbl9kdXJhdGlvbiI6MzUxLCJtdWx0aV9hZF91bml0IjoyLCJtdWx0aV9hZF9jb3VudCI6NCwiZGF0YSI6W3sibmFtZSI6IiIsInZhbCI6IiJ9XX1d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:04 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:29:04 UTC

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ Frame 62BB 11 KB
11 KB 10ms
7ms Font
font/woff2 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0d9fd7ccabde9b202de45ee6b65878ce9594975d8e8810b0878d3f3fa3637d0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://securityonline.info
Referer: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 14 Sep 2020 11:04:15 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:58 GMT
server: sffe
age: 267889
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11020
x-xss-protection: 0
expires: Tue, 14 Sep 2021 11:04:15 GMT

GET
H2 200 KFOlCnqEu92Fr1MmSU5fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ Frame 62BB 11 KB
11 KB 9ms
6ms Font
font/woff2 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmSU5fBBc4AMP6lQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

92606bd38901e67d069f2ef883715b6e5ae07d72ae3bead3ad92346528374afc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://securityonline.info
Referer: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 14 Sep 2020 11:04:01 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:52 GMT
server: sffe
age: 267903
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11180
x-xss-protection: 0
expires: Tue, 14 Sep 2021 11:04:01 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 435 B
261 B 856ms
855ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=788064621681489&correlator=386575532987599&output=ldjh&impl=fif&adsid=NT&eid=21067118%2C21067408%2C21067482%2C21066706&vrg=2020091501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-medrectangle-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=970x90&ris=5&rcs=1&prev_scp=iid7%3D686265%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1100%26sap%3D1100%26a%3D%257C3%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D10%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D5%26al%3D1005%26compid%3D0%26tap%3Dsecurityonline_info-medrectangle-2-686265%26eb_br%3D6ac330e431a70c7d8ce9fb95aee95c72%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D15%26bvm%3D0%26bvr%3D5%26shp%3D1%26br1%3D750%26br2%3D750%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D64%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26lb%3D1500%26reqt%3D1600349344904&eri=1&cookie=ID%3D3dbea847c283d219-22f59342ddb8003a%3AT%3D1600349339%3AS%3DALNI_MaGiBsHYDfKRDxWvKfV3rJxXeNeNA&bc=31&abxe=1&lmt=1600349344&dt=1600349344908&dlt=1600349338352&idt=1014&frm=20&biw=1600&bih=1200&oid=3&adxs=315&adys=1102&adks=3873167905&ucis=1d&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,0000FF|color_text,,000000|color_url,,828282&ifi=50&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=106&icsg=4236129463697410&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=970x-1&msz=970x-1&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1551435357.1600349339&ga_sid=1600349339&ga_hid=1476984913&ga_wpids=UA-124345349-20&fws=512&ohw=0&btvi=0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

fe03d849f4abb0aa69e67b2c3d6c415ca97bffe6c3088652270808c877e6739b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:05 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 228
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 audins.js Show response
go.ezoic.net/detroitchicago/ 821 B
1 KB 48ms
12ms Script
application/javascript 2600:9000:20e8:1000:2:cb38:840:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://go.ezoic.net/detroitchicago/audins.js?cb=191-2
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20e8:1000:2:cb38:840:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: d98f76f0461187c365efd671a87749384de00b589e87fb30c0486a892769c412

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 08 Sep 2020 03:15:53 GMT
via: 1.1 1d9f9231888e03b204a8691cc95e7c61.cloudfront.net (CloudFront)
last-modified: Fri, 28 Aug 2020 00:49:20 GMT
server: nginx/1.16.0
age: 814391
etag: "335-5ade56c524400;5aeb0a89dfb5f-gzip"
vary: Accept-Encoding,Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
status: 200
cache-control: max-age=31536000, public
x-amz-cf-pop: TXL52-C1
accept-ranges: bytes
content-length: 821
x-amz-cf-id: XA_fXcLQSln93-PzGXGhd2tFuFGjyAqFmaaszDI-qDAFKG5zgujV8A==

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 439 B
259 B 401ms
400ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=788064621681489&correlator=2919089018495892&output=ldjh&impl=fif&adsid=NT&eid=21067118%2C21067408%2C21067482%2C21066706&vrg=2020091501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-large-billboard-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=3&prev_scp=iid8%3D713415%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C5%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D4%26at%3Dmbf%26adr%3D399%26ezosn%3D7%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1034%26compid%3D0%26tap%3Dsecurityonline_info-large-billboard-2-713415%26eb_br%3Dc16fac08e79a971524b1c6834f5caad3%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D19%26bvm%3D0%26bvr%3D9%26shp%3D3%26br1%3D280%26br2%3D600%26ezoic%3D1%26nmau%3D4%26mau%3D1%26stl%3D26%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%26lb%3D450%26reqt%3D1600349344953&eri=1&cookie=ID%3D3dbea847c283d219-22f59342ddb8003a%3AT%3D1600349339%3AS%3DALNI_MaGiBsHYDfKRDxWvKfV3rJxXeNeNA&bc=31&abxe=1&lmt=1600349344&dt=1600349344955&dlt=1600349338352&idt=1014&frm=20&biw=1600&bih=1200&oid=3&adxs=1181&adys=2530&adks=4008027628&ucis=1e&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,20929A|color_text,,000000|color_url,,F0F0F0&ifi=51&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=107&icsg=3433718972678146&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x271&msz=302x264&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1551435357.1600349339&ga_sid=1600349339&ga_hid=1476984913&ga_wpids=UA-124345349-20&fws=4&ohw=302&btvi=22&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

3d1836ea49febe32e40d166e2ebb19b0474cdb58ac5f82fddcd5a5bd7c1b17fa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:05 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 226
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
77 B 25ms
23ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzE0ODE1IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1tZWRyZWN0YW5nbGUtMy0wIiwidF9lcG9jaCI6MTYwMDM0OTMzNiwiYWRfcG9zaXRpb24iOjExMTIsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJOTCIsInBhZ2V2aWV3X2lkIjoiZjcyMTljNmQtMDM2My00N2M2LTdjZjMtM2MwODJmNzE2MjFhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjowLCJjcmVhdGl2ZV9pZCI6MCwiZGF0YSI6W3sibmFtZSI6IndvcmRzX2JlZm9yZSIsInZhbCI6IjE1MiJ9XX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI3MDc5NjUiLCJkb21haW5faWQiOiIxMjQ1MzMiLCJ1bml0IjoiZGl2LWdwdC1hZC1zZWN1cml0eW9ubGluZV9pbmZvLWxlYWRlci0xLTAiLCJ0X2Vwb2NoIjoxNjAwMzQ5MzM2LCJhZF9wb3NpdGlvbiI6MTEwMywiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6Ik5MIiwicGFnZXZpZXdfaWQiOiJmNzIxOWM2ZC0wMzYzLTQ3YzYtN2NmMy0zYzA4MmY3MTYyMWEiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjAsImNyZWF0aXZlX2lkIjowLCJkYXRhIjpbeyJuYW1lIjoid29yZHNfYmVmb3JlIiwidmFsIjoiMTg4In1dfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6Ijc0NTk2NSIsImRvbWFpbl9pZCI6IjEyNDUzMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXNlY3VyaXR5b25saW5lX2luZm8tYm94LTMtMCIsInRfZXBvY2giOjE2MDAzNDkzMzYsImFkX3Bvc2l0aW9uIjoxMTA0LCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiTkwiLCJwYWdldmlld19pZCI6ImY3MjE5YzZkLTAzNjMtNDdjNi03Y2YzLTNjMDgyZjcxNjIxYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6MCwiY3JlYXRpdmVfaWQiOjAsImRhdGEiOlt7Im5hbWUiOiJ3b3Jkc19iZWZvcmUiLCJ2YWwiOiI4MyJ9XX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI2ODYyNjUiLCJkb21haW5faWQiOiIxMjQ1MzMiLCJ1bml0IjoiZGl2LWdwdC1hZC1zZWN1cml0eW9ubGluZV9pbmZvLW1lZHJlY3RhbmdsZS0yLTAiLCJ0X2Vwb2NoIjoxNjAwMzQ5MzM2LCJhZF9wb3NpdGlvbiI6MTEwMCwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6Ik5MIiwicGFnZXZpZXdfaWQiOiJmNzIxOWM2ZC0wMzYzLTQ3YzYtN2NmMy0zYzA4MmY3MTYyMWEiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjAsImNyZWF0aXZlX2lkIjowLCJkYXRhIjpbeyJuYW1lIjoid29yZHNfYmVmb3JlIiwidmFsIjoiMTg5In1dfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjcxNTI2NSIsImRvbWFpbl9pZCI6IjEyNDUzMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXNlY3VyaXR5b25saW5lX2luZm8tbWVkcmVjdGFuZ2xlLTEtMCIsInRfZXBvY2giOjE2MDAzNDkzMzYsImFkX3Bvc2l0aW9uIjoxMTEwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiTkwiLCJwYWdldmlld19pZCI6ImY3MjE5YzZkLTAzNjMtNDdjNi03Y2YzLTNjMDgyZjcxNjIxYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6MCwiY3JlYXRpdmVfaWQiOjAsImRhdGEiOlt7Im5hbWUiOiJ3b3Jkc19iZWZvcmUiLCJ2YWwiOiI2ODgifV19XQ==
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:05 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:29:05 UTC

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
123 B 24ms
22ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzQ4MjY1IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1sYXJnZS1tb2JpbGUtYmFubmVyLTEtMCIsInRfZXBvY2giOjE2MDAzNDkzMzYsImFkX3Bvc2l0aW9uIjoxMTA1LCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiTkwiLCJwYWdldmlld19pZCI6ImY3MjE5YzZkLTAzNjMtNDdjNi03Y2YzLTNjMDgyZjcxNjIxYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6MCwiY3JlYXRpdmVfaWQiOjAsImRhdGEiOlt7Im5hbWUiOiJ3b3Jkc19iZWZvcmUiLCJ2YWwiOiI2NjcifV19LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjkwNDE1IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1ib3gtMS0wIiwidF9lcG9jaCI6MTYwMDM0OTMzNiwiYWRfcG9zaXRpb24iOjExMDcsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJOTCIsInBhZ2V2aWV3X2lkIjoiZjcyMTljNmQtMDM2My00N2M2LTdjZjMtM2MwODJmNzE2MjFhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjowLCJjcmVhdGl2ZV9pZCI6MCwiZGF0YSI6W3sibmFtZSI6IndvcmRzX2JlZm9yZSIsInZhbCI6Ijg3In1dfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjY5MDQxNSIsImRvbWFpbl9pZCI6IjEyNDUzMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXNlY3VyaXR5b25saW5lX2luZm8tYm94LTEtMF8xIiwidF9lcG9jaCI6MTYwMDM0OTMzNiwiYWRfcG9zaXRpb24iOjExMDcsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJOTCIsInBhZ2V2aWV3X2lkIjoiZjcyMTljNmQtMDM2My00N2M2LTdjZjMtM2MwODJmNzE2MjFhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjowLCJjcmVhdGl2ZV9pZCI6MCwiZGF0YSI6W3sibmFtZSI6IndvcmRzX2JlZm9yZSIsInZhbCI6IjE1MiJ9XX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI2OTA0MTUiLCJkb21haW5faWQiOiIxMjQ1MzMiLCJ1bml0IjoiZGl2LWdwdC1hZC1zZWN1cml0eW9ubGluZV9pbmZvLWJveC0xLTBfMiIsInRfZXBvY2giOjE2MDAzNDkzMzYsImFkX3Bvc2l0aW9uIjoxMTA3LCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiTkwiLCJwYWdldmlld19pZCI6ImY3MjE5YzZkLTAzNjMtNDdjNi03Y2YzLTNjMDgyZjcxNjIxYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6MCwiY3JlYXRpdmVfaWQiOjAsImRhdGEiOlt7Im5hbWUiOiJ3b3Jkc19iZWZvcmUiLCJ2YWwiOiIyODAifV19LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjkwNDE1IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1ib3gtMS0wXzMiLCJ0X2Vwb2NoIjoxNjAwMzQ5MzM2LCJhZF9wb3NpdGlvbiI6MTEwNywiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6Ik5MIiwicGFnZXZpZXdfaWQiOiJmNzIxOWM2ZC0wMzYzLTQ3YzYtN2NmMy0zYzA4MmY3MTYyMWEiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjAsImNyZWF0aXZlX2lkIjowLCJkYXRhIjpbeyJuYW1lIjoid29yZHNfYmVmb3JlIiwidmFsIjoiMzM0In1dfV0=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:05 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:29:05 UTC

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
77 B 26ms
24ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzEzNDE1IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1sYXJnZS1iaWxsYm9hcmQtMi0wIiwidF9lcG9jaCI6MTYwMDM0OTMzNiwiYWRfcG9zaXRpb24iOjExMDIsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJOTCIsInBhZ2V2aWV3X2lkIjoiZjcyMTljNmQtMDM2My00N2M2LTdjZjMtM2MwODJmNzE2MjFhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjowLCJjcmVhdGl2ZV9pZCI6MCwiZGF0YSI6W3sibmFtZSI6IndvcmRzX2JlZm9yZSIsInZhbCI6IjQxNyJ9XX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI3MTM0MTUiLCJkb21haW5faWQiOiIxMjQ1MzMiLCJ1bml0IjoiZGl2LWdwdC1hZC1zZWN1cml0eW9ubGluZV9pbmZvLWxhcmdlLWJpbGxib2FyZC0yLTBfMSIsInRfZXBvY2giOjE2MDAzNDkzMzYsImFkX3Bvc2l0aW9uIjoxMTAyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiTkwiLCJwYWdldmlld19pZCI6ImY3MjE5YzZkLTAzNjMtNDdjNi03Y2YzLTNjMDgyZjcxNjIxYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6MCwiY3JlYXRpdmVfaWQiOjAsImRhdGEiOlt7Im5hbWUiOiJ3b3Jkc19iZWZvcmUiLCJ2YWwiOiI0MTcifV19LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzEzNDE1IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1sYXJnZS1iaWxsYm9hcmQtMi0wXzIiLCJ0X2Vwb2NoIjoxNjAwMzQ5MzM2LCJhZF9wb3NpdGlvbiI6MTEwMiwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6Ik5MIiwicGFnZXZpZXdfaWQiOiJmNzIxOWM2ZC0wMzYzLTQ3YzYtN2NmMy0zYzA4MmY3MTYyMWEiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjAsImNyZWF0aXZlX2lkIjowLCJkYXRhIjpbeyJuYW1lIjoid29yZHNfYmVmb3JlIiwidmFsIjoiNDE3In1dfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjcxMzQxNSIsImRvbWFpbl9pZCI6IjEyNDUzMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXNlY3VyaXR5b25saW5lX2luZm8tbGFyZ2UtYmlsbGJvYXJkLTItMF8zIiwidF9lcG9jaCI6MTYwMDM0OTMzNiwiYWRfcG9zaXRpb24iOjExMDIsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJOTCIsInBhZ2V2aWV3X2lkIjoiZjcyMTljNmQtMDM2My00N2M2LTdjZjMtM2MwODJmNzE2MjFhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjowLCJjcmVhdGl2ZV9pZCI6MCwiZGF0YSI6W3sibmFtZSI6IndvcmRzX2JlZm9yZSIsInZhbCI6IjQxNyJ9XX1d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:05 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:29:04 UTC

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
77 B 25ms
23ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzE0ODE1IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1tZWRyZWN0YW5nbGUtMy0wIiwidF9lcG9jaCI6MTYwMDM0OTMzNiwiYWRfcG9zaXRpb24iOjExMTIsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJOTCIsInBhZ2V2aWV3X2lkIjoiZjcyMTljNmQtMDM2My00N2M2LTdjZjMtM2MwODJmNzE2MjFhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjowLCJjcmVhdGl2ZV9pZCI6MCwiZGF0YSI6W3sibmFtZSI6InBvc194IiwidmFsIjoiMTQwIn0seyJuYW1lIjoicG9zX3kiLCJ2YWwiOiI4NTIifSx7Im5hbWUiOiJpc19mbG9hdGluZyIsInZhbCI6ImZhbHNlIn1dfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjcwNzk2NSIsImRvbWFpbl9pZCI6IjEyNDUzMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXNlY3VyaXR5b25saW5lX2luZm8tbGVhZGVyLTEtMCIsInRfZXBvY2giOjE2MDAzNDkzMzYsImFkX3Bvc2l0aW9uIjoxMTAzLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiTkwiLCJwYWdldmlld19pZCI6ImY3MjE5YzZkLTAzNjMtNDdjNi03Y2YzLTNjMDgyZjcxNjIxYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6MCwiY3JlYXRpdmVfaWQiOjAsImRhdGEiOlt7Im5hbWUiOiJwb3NfeCIsInZhbCI6IjE0MCJ9LHsibmFtZSI6InBvc195IiwidmFsIjoiMTA4NyJ9LHsibmFtZSI6ImlzX2Zsb2F0aW5nIiwidmFsIjoiZmFsc2UifV19LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzQ1OTY1IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1ib3gtMy0wIiwidF9lcG9jaCI6MTYwMDM0OTMzNiwiYWRfcG9zaXRpb24iOjExMDQsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJOTCIsInBhZ2V2aWV3X2lkIjoiZjcyMTljNmQtMDM2My00N2M2LTdjZjMtM2MwODJmNzE2MjFhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjowLCJjcmVhdGl2ZV9pZCI6MCwiZGF0YSI6W3sibmFtZSI6InBvc194IiwidmFsIjoiMTQwIn0seyJuYW1lIjoicG9zX3kiLCJ2YWwiOiI1MTIifSx7Im5hbWUiOiJpc19mbG9hdGluZyIsInZhbCI6ImZhbHNlIn1dfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjY4NjI2NSIsImRvbWFpbl9pZCI6IjEyNDUzMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXNlY3VyaXR5b25saW5lX2luZm8tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MDAzNDkzMzYsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiTkwiLCJwYWdldmlld19pZCI6ImY3MjE5YzZkLTAzNjMtNDdjNi03Y2YzLTNjMDgyZjcxNjIxYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6MCwiY3JlYXRpdmVfaWQiOjAsImRhdGEiOlt7Im5hbWUiOiJwb3NfeCIsInZhbCI6IjAifSx7Im5hbWUiOiJwb3NfeSIsInZhbCI6IjEwOTQifSx7Im5hbWUiOiJpc19mbG9hdGluZyIsInZhbCI6InRydWUifV19LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzE1MjY1IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1tZWRyZWN0YW5nbGUtMS0wIiwidF9lcG9jaCI6MTYwMDM0OTMzNiwiYWRfcG9zaXRpb24iOjExMTAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJOTCIsInBhZ2V2aWV3X2lkIjoiZjcyMTljNmQtMDM2My00N2M2LTdjZjMtM2MwODJmNzE2MjFhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjowLCJjcmVhdGl2ZV9pZCI6MCwiZGF0YSI6W3sibmFtZSI6InBvc194IiwidmFsIjoiMTk5In0seyJuYW1lIjoicG9zX3kiLCJ2YWwiOiIxMTQ5NCJ9LHsibmFtZSI6ImlzX2Zsb2F0aW5nIiwidmFsIjoiZmFsc2UifV19XQ==
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:05 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:29:04 UTC

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
77 B 26ms
24ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzQ4MjY1IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1sYXJnZS1tb2JpbGUtYmFubmVyLTEtMCIsInRfZXBvY2giOjE2MDAzNDkzMzYsImFkX3Bvc2l0aW9uIjoxMTA1LCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiTkwiLCJwYWdldmlld19pZCI6ImY3MjE5YzZkLTAzNjMtNDdjNi03Y2YzLTNjMDgyZjcxNjIxYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6MCwiY3JlYXRpdmVfaWQiOjAsImRhdGEiOlt7Im5hbWUiOiJwb3NfeCIsInZhbCI6IjE0MCJ9LHsibmFtZSI6InBvc195IiwidmFsIjoiMTEyMDQifSx7Im5hbWUiOiJpc19mbG9hdGluZyIsInZhbCI6ImZhbHNlIn1dfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjY5MDQxNSIsImRvbWFpbl9pZCI6IjEyNDUzMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXNlY3VyaXR5b25saW5lX2luZm8tYm94LTEtMCIsInRfZXBvY2giOjE2MDAzNDkzMzYsImFkX3Bvc2l0aW9uIjoxMTA3LCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiTkwiLCJwYWdldmlld19pZCI6ImY3MjE5YzZkLTAzNjMtNDdjNi03Y2YzLTNjMDgyZjcxNjIxYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6MCwiY3JlYXRpdmVfaWQiOjAsImRhdGEiOlt7Im5hbWUiOiJwb3NfeCIsInZhbCI6IjExODAifSx7Im5hbWUiOiJwb3NfeSIsInZhbCI6IjY3NiJ9LHsibmFtZSI6ImlzX2Zsb2F0aW5nIiwidmFsIjoiZmFsc2UifV19LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjkwNDE1IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1ib3gtMS0wXzEiLCJ0X2Vwb2NoIjoxNjAwMzQ5MzM2LCJhZF9wb3NpdGlvbiI6MTEwNywiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6Ik5MIiwicGFnZXZpZXdfaWQiOiJmNzIxOWM2ZC0wMzYzLTQ3YzYtN2NmMy0zYzA4MmY3MTYyMWEiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjAsImNyZWF0aXZlX2lkIjowLCJkYXRhIjpbeyJuYW1lIjoicG9zX3giLCJ2YWwiOiIxMTgwIn0seyJuYW1lIjoicG9zX3kiLCJ2YWwiOiI5NDkifSx7Im5hbWUiOiJpc19mbG9hdGluZyIsInZhbCI6ImZhbHNlIn1dfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjY5MDQxNSIsImRvbWFpbl9pZCI6IjEyNDUzMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXNlY3VyaXR5b25saW5lX2luZm8tYm94LTEtMF8yIiwidF9lcG9jaCI6MTYwMDM0OTMzNiwiYWRfcG9zaXRpb24iOjExMDcsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJOTCIsInBhZ2V2aWV3X2lkIjoiZjcyMTljNmQtMDM2My00N2M2LTdjZjMtM2MwODJmNzE2MjFhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjowLCJjcmVhdGl2ZV9pZCI6MCwiZGF0YSI6W3sibmFtZSI6InBvc194IiwidmFsIjoiMTE4MCJ9LHsibmFtZSI6InBvc195IiwidmFsIjoiMTIyMiJ9LHsibmFtZSI6ImlzX2Zsb2F0aW5nIiwidmFsIjoiZmFsc2UifV19LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjkwNDE1IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1ib3gtMS0wXzMiLCJ0X2Vwb2NoIjoxNjAwMzQ5MzM2LCJhZF9wb3NpdGlvbiI6MTEwNywiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6Ik5MIiwicGFnZXZpZXdfaWQiOiJmNzIxOWM2ZC0wMzYzLTQ3YzYtN2NmMy0zYzA4MmY3MTYyMWEiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjAsImNyZWF0aXZlX2lkIjowLCJkYXRhIjpbeyJuYW1lIjoicG9zX3giLCJ2YWwiOiIxMTgwIn0seyJuYW1lIjoicG9zX3kiLCJ2YWwiOiIxNDk1In0seyJuYW1lIjoiaXNfZmxvYXRpbmciLCJ2YWwiOiJmYWxzZSJ9XX1d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:05 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:29:04 UTC

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
77 B 36ms
35ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzEzNDE1IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1sYXJnZS1iaWxsYm9hcmQtMi0wIiwidF9lcG9jaCI6MTYwMDM0OTMzNiwiYWRfcG9zaXRpb24iOjExMDIsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJOTCIsInBhZ2V2aWV3X2lkIjoiZjcyMTljNmQtMDM2My00N2M2LTdjZjMtM2MwODJmNzE2MjFhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjowLCJjcmVhdGl2ZV9pZCI6MCwiZGF0YSI6W3sibmFtZSI6InBvc194IiwidmFsIjoiMTE4MCJ9LHsibmFtZSI6InBvc195IiwidmFsIjoiMjI1NiJ9LHsibmFtZSI6ImlzX2Zsb2F0aW5nIiwidmFsIjoiZmFsc2UifV19LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzEzNDE1IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1sYXJnZS1iaWxsYm9hcmQtMi0wXzEiLCJ0X2Vwb2NoIjoxNjAwMzQ5MzM2LCJhZF9wb3NpdGlvbiI6MTEwMiwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6Ik5MIiwicGFnZXZpZXdfaWQiOiJmNzIxOWM2ZC0wMzYzLTQ3YzYtN2NmMy0zYzA4MmY3MTYyMWEiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjAsImNyZWF0aXZlX2lkIjowLCJkYXRhIjpbeyJuYW1lIjoicG9zX3giLCJ2YWwiOiIxMTgwIn0seyJuYW1lIjoicG9zX3kiLCJ2YWwiOiIyNTI5In0seyJuYW1lIjoiaXNfZmxvYXRpbmciLCJ2YWwiOiJmYWxzZSJ9XX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI3MTM0MTUiLCJkb21haW5faWQiOiIxMjQ1MzMiLCJ1bml0IjoiZGl2LWdwdC1hZC1zZWN1cml0eW9ubGluZV9pbmZvLWxhcmdlLWJpbGxib2FyZC0yLTBfMiIsInRfZXBvY2giOjE2MDAzNDkzMzYsImFkX3Bvc2l0aW9uIjoxMTAyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiTkwiLCJwYWdldmlld19pZCI6ImY3MjE5YzZkLTAzNjMtNDdjNi03Y2YzLTNjMDgyZjcxNjIxYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6MCwiY3JlYXRpdmVfaWQiOjAsImRhdGEiOlt7Im5hbWUiOiJwb3NfeCIsInZhbCI6IjExODAifSx7Im5hbWUiOiJwb3NfeSIsInZhbCI6IjI4MDIifSx7Im5hbWUiOiJpc19mbG9hdGluZyIsInZhbCI6ImZhbHNlIn1dfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjcxMzQxNSIsImRvbWFpbl9pZCI6IjEyNDUzMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXNlY3VyaXR5b25saW5lX2luZm8tbGFyZ2UtYmlsbGJvYXJkLTItMF8zIiwidF9lcG9jaCI6MTYwMDM0OTMzNiwiYWRfcG9zaXRpb24iOjExMDIsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJOTCIsInBhZ2V2aWV3X2lkIjoiZjcyMTljNmQtMDM2My00N2M2LTdjZjMtM2MwODJmNzE2MjFhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjowLCJjcmVhdGl2ZV9pZCI6MCwiZGF0YSI6W3sibmFtZSI6InBvc194IiwidmFsIjoiMTE4MCJ9LHsibmFtZSI6InBvc195IiwidmFsIjoiMzA3NSJ9LHsibmFtZSI6ImlzX2Zsb2F0aW5nIiwidmFsIjoiZmFsc2UifV19XQ==
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:05 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:29:04 UTC

GET
H3-Q050 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/012009010507000/ Frame CB27 206 KB
56 KB 33ms
13ms Script
text/javascript 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

12a24c1feb4b8e8e3872a9fedee80fcce55a6f59b14607d640fcf4f3054ec43e

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 17142
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 57296
x-xss-protection: 0
server: sffe
date: Thu, 17 Sep 2020 08:43:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "9e379dcbf00ec980"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 17 Sep 2021 08:43:23 GMT

GET
H3-Q050 200 amp-ad-exit-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame CB27 16 KB
6 KB 56ms
38ms Script
text/javascript 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-ad-exit-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d337aa4ea0cace6bd743ef8c3b5d1d20e6e676bb4a650c7335a7383635529f31

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 109116
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5755
x-xss-protection: 0
server: sffe
date: Wed, 16 Sep 2020 07:10:29 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "c8394c73e5080432"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Sep 2021 07:10:29 GMT

GET
H3-Q050 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame CB27 95 KB
29 KB 55ms
37ms Script
text/javascript 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-analytics-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

76a8c8ef4cde9cbd17bbaecf11ee316fab4e55cc661093e4b2d80a4e1ff52897

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 17193
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29275
x-xss-protection: 0
server: sffe
date: Thu, 17 Sep 2020 08:42:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "56557b91d9fb04b1"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 17 Sep 2021 08:42:32 GMT

GET
H3-Q050 200 amp-fit-text-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame CB27 4 KB
3 KB 28ms
11ms Script
text/javascript 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-fit-text-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6fca0b40781598023aed9b45225711771eafce8f14392a49d6ed57d567255002

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 109038
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1795
x-xss-protection: 0
server: sffe
date: Wed, 16 Sep 2020 07:11:47 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "b0cc102b09e8903d"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Sep 2021 07:11:47 GMT

GET
H3-Q050 200 amp-form-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame CB27 47 KB
14 KB 29ms
12ms Script
text/javascript 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-form-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

21cb9221d772cfd0d3de7240fe5c07ee1c06b9bd945111a2e0491ae243eb0b41

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 109025
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14591
x-xss-protection: 0
server: sffe
date: Wed, 16 Sep 2020 07:12:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "4ca25f57e218a94a"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Sep 2021 07:12:00 GMT

GET
H3-Q050 200 css
fonts.googleapis.com/ Frame CB27 6 KB
771 B 56ms
38ms Stylesheet
text/css 2a00:1450:4001:802::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=PT+Sans:400|Roboto:400,500&lang=en

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

3e1ae4f0845696c643075361861c35a5165d33996cae3b77da7793f59c9ddf0f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 17 Sep 2020 13:23:06 GMT
server: ESF
date: Thu, 17 Sep 2020 13:29:05 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 17 Sep 2020 13:29:05 GMT

GET
H3-Q050 200 css
fonts.googleapis.com/ Frame CB27 6 KB
1 KB 56ms
38ms Stylesheet
text/css 2a00:1450:4001:802::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=PT+Sans:400|Roboto:400,500&text=

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

3e1ae4f0845696c643075361861c35a5165d33996cae3b77da7793f59c9ddf0f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 17 Sep 2020 12:29:10 GMT
server: ESF
date: Thu, 17 Sep 2020 13:29:05 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 17 Sep 2020 13:29:05 GMT

GET
H3-Q050 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame CB27 2 KB
3 KB 7ms
6ms Image
image/png 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 17 Sep 2020 11:08:58 GMT
x-content-type-options: nosniff
server: cafe
age: 8407
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Fri, 18 Sep 2020 11:08:58 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame CB27 295 B
388 B 7ms
6ms Image
image/png 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 16 Sep 2020 21:26:58 GMT
x-content-type-options: nosniff
server: cafe
age: 57727
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Thu, 17 Sep 2020 21:26:58 GMT

GET
DATA 200
OK truncated
/ Frame CB27 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c5aec935a67d71e501afe3e5cd8ab343546ea375cce5aa2a92ab3ae5a1a41280

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame CB27 0
0 58ms
57ms Image
text/html 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CDN2MoGRjX8bHJ4qzgAeRzYzgBMKHpJZfs5DXjKELv-EeEAEg9PnGJWCRhJOF_BegAaXTvdgCyAEGqQJH9TfkCL-1PuACAKgDAcgDCqoEuwJP0CTCosUt6jH2kiNskmMEZuIeq8jyoXrfOqI6DzAidsiUTNGeMjKSR3jUnh7zrrTVGvcbC2vZyse_3DwYJKCXrU94MtsH-v9MVCGWzPHwrO-3A5iExW8CfcmWoF_pKjGvp5zoOBu0Cs2-ZejRFsC7YUTBDRsV33SCJBWsJ5wBrcoZTjgmIDAQa7UfZGzbxJ5Z_Xix4SxUJ3moq_BHx_jQAzxNyFqVwBL1Da6Vn_mxel8iEK4n7MFeTynDFsyE69e5LLW3bAB8U5w0u5kEh6nB_4_JOQ8UGAYH79Fc7YC9Rtq8TLA1AUMSwSZh34AMa9PVwTrCtwok9Mxg8PfKXPK0N7GfrzcnxPF9vuWSDupJXC1cPCAx8wP6Fj6c80vKhCdWIjMwpVEmqst59hmAt2Rd01hbE0EYHj_99KfABMS85pz8AuAEAZIFBAgEGAGSBQQIBRgEoAY3gAfDrMKnAagHjs4bqAfVyRuoB5PYG6gHugaoB_DZG6gH8tkbqAemvhuoB-zVG9gHAfIHBBDu8ArSCAkIgOGAEBABGB3yCBthZHgtc3Vic3luLTQ3NzYwNjMxNTgyNDI1ODiACgPICwGyDBRwdWItNjM5Njg0NDc0MjQ5NzIwONgTCogUAQ&sigh=Z5eRzn1mza8&template_id=492&tpd=AGWhJmunq9JNtxWpRSvSIOynNKu6WDbepaUzW_Z9el8jxHZ6MA
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 172.217.23.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s18-in-f130.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H2 200 container.html
f9acac6977ae19cfb3ec4a26c5f19535.safeframe.googlesyndication.com/safeframe/1-0-37/html/ Frame 1ADC 0
0 8ms
7ms Document
text/html 2a00:1450:4001:81b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://f9acac6977ae19cfb3ec4a26c5f19535.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: f9acac6977ae19cfb3ec4a26c5f19535.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-37/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/

Response headers

status: 200
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
timing-allow-origin: *
content-length: 2973
date: Thu, 17 Sep 2020 13:28:59 GMT
expires: Fri, 17 Sep 2021 13:28:59 GMT
last-modified: Thu, 21 Nov 2019 16:01:11 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 6
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 28687274 Show response
g.ezoic.net/dac/ 0
40 B 76ms
70ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezoic.net/dac/28687274
Requested by: Host: securityonline.info
URL: https://securityonline.info/porpoiseant/banger.js?cb=191-2&bv=86&v=35&PageSpeed=off
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:05 GMT
server: nginx/1.16.0
status: 200
vary: Accept-Encoding
content-type: text/plain
access-control-allow-origin: *
cache-control: max-age=3600, public
content-length: 0

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
77 B 28ms
22ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjkwNDE1IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1ib3gtMS0wIiwidF9lcG9jaCI6MTYwMDM0OTMzNiwiYWRfcG9zaXRpb24iOjExMDcsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJOTCIsInBhZ2V2aWV3X2lkIjoiZjcyMTljNmQtMDM2My00N2M2LTdjZjMtM2MwODJmNzE2MjFhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDUwNywiZGF0YSI6W3sibmFtZSI6InJlZnJlc2hfY291bnQiLCJ2YWwiOiI1In1dfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjY5MDQxNSIsImRvbWFpbl9pZCI6IjEyNDUzMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXNlY3VyaXR5b25saW5lX2luZm8tYm94LTEtMCIsInRfZXBvY2giOjE2MDAzNDkzMzYsImFkX3Bvc2l0aW9uIjoxMTA3LCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiTkwiLCJwYWdldmlld19pZCI6ImY3MjE5YzZkLTAzNjMtNDdjNi03Y2YzLTNjMDgyZjcxNjIxYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1MDcsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfYmlkX2hhc2giLCJ2YWwiOiI5YzNlNGVlOGVhZTdmMTQzM2NiMmZlNjliMTMyNjYwNSJ9XX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI2OTA0MTUiLCJkb21haW5faWQiOiIxMjQ1MzMiLCJ1bml0IjoiZGl2LWdwdC1hZC1zZWN1cml0eW9ubGluZV9pbmZvLWJveC0xLTAiLCJ0X2Vwb2NoIjoxNjAwMzQ5MzM2LCJyZXZlbnVlIjowLCJlc3RfcmV2ZW51ZSI6MC4wMDAwNCwiYWRfcG9zaXRpb24iOjExMDcsImFkX3NpemUiOiIiLCJiaWRfZmxvb3JfZmlsbGVkIjowLjAwMDA0LCJiaWRfZmxvb3JfcHJldiI6MC4wMDA0Miwic3RhdF9zb3VyY2VfaWQiOjM1LCJjb3VudHJ5X2NvZGUiOiJOTCIsInBhZ2V2aWV3X2lkIjoiZjcyMTljNmQtMDM2My00N2M2LTdjZjMtM2MwODJmNzE2MjFhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDUwNywiZGF0YSI6W3sibmFtZSI6ImxvYWRlZCIsInZhbCI6IjEifV19LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjkwNDE1IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1ib3gtMS0wIiwidF9lcG9jaCI6MTYwMDM0OTMzNiwiYWRfcG9zaXRpb24iOjExMDcsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJOTCIsInBhZ2V2aWV3X2lkIjoiZjcyMTljNmQtMDM2My00N2M2LTdjZjMtM2MwODJmNzE2MjFhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDUwNywiZGF0YSI6W3sibmFtZSI6ImNyZWF0aXZlX2lkIiwidmFsIjoiMTM4MzEwMDM0NTA3In1dfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjY5MDQxNSIsImRvbWFpbl9pZCI6IjEyNDUzMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXNlY3VyaXR5b25saW5lX2luZm8tYm94LTEtMCIsInRfZXBvY2giOjE2MDAzNDkzMzYsImFkX3Bvc2l0aW9uIjoxMTA3LCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiTkwiLCJwYWdldmlld19pZCI6ImY3MjE5YzZkLTAzNjMtNDdjNi03Y2YzLTNjMDgyZjcxNjIxYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1MDcsImRhdGEiOlt7Im5hbWUiOiJsaW5laXRlbV9pZCIsInZhbCI6IjI4Njg3Mjc0In1dfV0=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:05 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:29:05 UTC

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
77 B 28ms
23ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjkwNDE1IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1ib3gtMS0wIiwidF9lcG9jaCI6MTYwMDM0OTMzNiwiYWRfcG9zaXRpb24iOjExMDcsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJOTCIsInBhZ2V2aWV3X2lkIjoiZjcyMTljNmQtMDM2My00N2M2LTdjZjMtM2MwODJmNzE2MjFhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDUwNywiZGF0YSI6W3sibmFtZSI6InRfbG9jYWxfZGF0ZSIsInZhbCI6IjIwMjAtMDktMTcifSx7Im5hbWUiOiJ0X2xvY2FsX2hvdXIiLCJ2YWwiOiIxNSJ9LHsibmFtZSI6InRfbG9jYWxfZGF5X29mX3dlZWsiLCJ2YWwiOiI0In0seyJuYW1lIjoidF9sb2NhbF90aW1lem9uZSIsInZhbCI6Ii0xMjAifV19XQ==
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:05 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:29:05 UTC

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
77 B 28ms
23ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiNjkwNDE1IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1ib3gtMS0wIiwidF9lcG9jaCI6MTYwMDM0OTMzNiwiYXVjdGlvbl9lcG9jaCI6MTYwMDM0OTM0NSwiYWRfcG9zaXRpb24iOjExMDcsImNvdW50cnlfY29kZSI6Ik5MIiwicGFnZXZpZXdfaWQiOiJmNzIxOWM2ZC0wMzYzLTQ3YzYtN2NmMy0zYzA4MmY3MTYyMWEiLCJiaWRfZmxvb3JfaW5pdGlhbCI6NTAwLCJiaWRfZmxvb3JfcHJldiI6NDIsImJpZF9mbG9vcl9maWxsZWQiOjQsImF1Y3Rpb25fY291bnQiOjUsInJlZnJlc2hfYWRfY291bnQiOjAsImF1Y3Rpb25fZHVyYXRpb24iOjQwOSwibXVsdGlfYWRfdW5pdCI6MCwibXVsdGlfYWRfY291bnQiOjQsImRhdGEiOlt7Im5hbWUiOiIiLCJ2YWwiOiIifV19XQ==
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:05 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:29:05 UTC

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 429 B
250 B 581ms
580ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=788064621681489&correlator=3807555926804367&output=ldjh&impl=fif&adsid=NT&eid=21067118%2C21067408%2C21067482%2C21066706&vrg=2020091501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-leader-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ris=1&rcs=5&prev_scp=iid8%3D707965%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1103%26sap%3D1103%26a%3D%257C5%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D6%26at%3Dmbf%26adr%3D399%26ezosn%3D11%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D37%26al%3D1037%26compid%3D0%26tap%3Dsecurityonline_info-leader-1-707965%26eb_br%3D3530fcb6bcc13dc3c1712eaef7d92700%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D0%26bvm%3D2%26bvr%3D7%26shp%3D1%26br1%3D160%26br2%3D450%26ezoic%3D1%26nmau%3D0%26mau%3D0%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%2C20%2C20%26lb%3D180%26reqt%3D1600349345097&eri=1&cookie=ID%3D3dbea847c283d219-22f59342ddb8003a%3AT%3D1600349339%3AS%3DALNI_MaGiBsHYDfKRDxWvKfV3rJxXeNeNA&bc=31&abxe=1&lmt=1600349345&dt=1600349345099&dlt=1600349338352&idt=1014&frm=20&biw=1600&bih=1200&oid=3&adxs=140&adys=1087&adks=4103646004&ucis=1f&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,20929A|color_text,,000000|color_url,,F0F0F0&ifi=52&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=105&icsg=3433718972678146&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=880x97&msz=880x90&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1551435357.1600349339&ga_sid=1600349339&ga_hid=1476984913&ga_wpids=UA-124345349-20&fws=0&ohw=0&btvi=0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

f44de08a06b45b0ca210d5d030bec895b4ad062c31d5be153b2e86cd37189c21

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:05 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 218
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v20/ Frame CB27 11 KB
11 KB 66ms
11ms Font
font/woff2 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=PT+Sans:400|Roboto:400,500&lang=en

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://securityonline.info
Referer: https://fonts.googleapis.com/css?family=PT+Sans:400|Roboto:400,500&lang=en
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 14 Sep 2020 11:04:11 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:50 GMT
server: sffe
age: 267894
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11016
x-xss-protection: 0
expires: Tue, 14 Sep 2021 11:04:11 GMT

GET
H3-Q050 200 jizaRExUiTo99u79D0KExcOPIDU.woff2
fonts.gstatic.com/s/ptsans/v12/ Frame CB27 11 KB
11 KB 16ms
10ms Font
font/woff2 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ptsans/v12/jizaRExUiTo99u79D0KExcOPIDU.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=PT+Sans:400|Roboto:400,500&lang=en

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9ae1e27e08b4bbc15557c0f5bbd97b4009eb86c85da9fb2be4c4085a5289182f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://securityonline.info
Referer: https://fonts.googleapis.com/css?family=PT+Sans:400|Roboto:400,500&lang=en
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 15 Sep 2020 18:23:43 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:11 GMT
server: sffe
age: 155122
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11380
x-xss-protection: 0
expires: Wed, 15 Sep 2021 18:23:43 GMT

GET
H2 200 28687274 Show response
g.ezoic.net/dac/ 0
17 B 26ms
24ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezoic.net/dac/28687274
Requested by: Host: securityonline.info
URL: https://securityonline.info/porpoiseant/banger.js?cb=191-2&bv=86&v=35&PageSpeed=off
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:05 GMT
server: nginx/1.16.0
status: 200
vary: Accept-Encoding
content-type: text/plain
access-control-allow-origin: *
cache-control: max-age=3600, public
content-length: 0

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
77 B 27ms
25ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjkwNDE1IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1ib3gtMS0wXzEiLCJ0X2Vwb2NoIjoxNjAwMzQ5MzM2LCJhZF9wb3NpdGlvbiI6MTEwNywiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6Ik5MIiwicGFnZXZpZXdfaWQiOiJmNzIxOWM2ZC0wMzYzLTQ3YzYtN2NmMy0zYzA4MmY3MTYyMWEiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NTA3LCJkYXRhIjpbeyJuYW1lIjoicmVmcmVzaF9jb3VudCIsInZhbCI6IjUifV19LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjkwNDE1IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1ib3gtMS0wXzEiLCJ0X2Vwb2NoIjoxNjAwMzQ5MzM2LCJhZF9wb3NpdGlvbiI6MTEwNywiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6Ik5MIiwicGFnZXZpZXdfaWQiOiJmNzIxOWM2ZC0wMzYzLTQ3YzYtN2NmMy0zYzA4MmY3MTYyMWEiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NTA3LCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX2JpZF9oYXNoIiwidmFsIjoiOWMzZTRlZThlYWU3ZjE0MzNjYjJmZTY5YjEzMjY2MDUifV19LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjkwNDE1IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1ib3gtMS0wXzEiLCJ0X2Vwb2NoIjoxNjAwMzQ5MzM2LCJyZXZlbnVlIjowLCJlc3RfcmV2ZW51ZSI6MC4wMDAwNCwiYWRfcG9zaXRpb24iOjExMDcsImFkX3NpemUiOiIiLCJiaWRfZmxvb3JfZmlsbGVkIjowLjAwMDA0LCJiaWRfZmxvb3JfcHJldiI6MC4wMDA0Miwic3RhdF9zb3VyY2VfaWQiOjM1LCJjb3VudHJ5X2NvZGUiOiJOTCIsInBhZ2V2aWV3X2lkIjoiZjcyMTljNmQtMDM2My00N2M2LTdjZjMtM2MwODJmNzE2MjFhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDUwNywiZGF0YSI6W3sibmFtZSI6ImxvYWRlZCIsInZhbCI6IjEifV19LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjkwNDE1IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1ib3gtMS0wXzEiLCJ0X2Vwb2NoIjoxNjAwMzQ5MzM2LCJhZF9wb3NpdGlvbiI6MTEwNywiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6Ik5MIiwicGFnZXZpZXdfaWQiOiJmNzIxOWM2ZC0wMzYzLTQ3YzYtN2NmMy0zYzA4MmY3MTYyMWEiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NTA3LCJkYXRhIjpbeyJuYW1lIjoiY3JlYXRpdmVfaWQiLCJ2YWwiOiIxMzgzMTAwNDM1MTcifV19LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjkwNDE1IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1ib3gtMS0wXzEiLCJ0X2Vwb2NoIjoxNjAwMzQ5MzM2LCJhZF9wb3NpdGlvbiI6MTEwNywiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6Ik5MIiwicGFnZXZpZXdfaWQiOiJmNzIxOWM2ZC0wMzYzLTQ3YzYtN2NmMy0zYzA4MmY3MTYyMWEiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NTA3LCJkYXRhIjpbeyJuYW1lIjoibGluZWl0ZW1faWQiLCJ2YWwiOiIyODY4NzI3NCJ9XX1d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:05 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:29:05 UTC

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
77 B 26ms
25ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjkwNDE1IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1ib3gtMS0wXzEiLCJ0X2Vwb2NoIjoxNjAwMzQ5MzM2LCJhZF9wb3NpdGlvbiI6MTEwNywiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6Ik5MIiwicGFnZXZpZXdfaWQiOiJmNzIxOWM2ZC0wMzYzLTQ3YzYtN2NmMy0zYzA4MmY3MTYyMWEiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NTA3LCJkYXRhIjpbeyJuYW1lIjoidF9sb2NhbF9kYXRlIiwidmFsIjoiMjAyMC0wOS0xNyJ9LHsibmFtZSI6InRfbG9jYWxfaG91ciIsInZhbCI6IjE1In0seyJuYW1lIjoidF9sb2NhbF9kYXlfb2Zfd2VlayIsInZhbCI6IjQifSx7Im5hbWUiOiJ0X2xvY2FsX3RpbWV6b25lIiwidmFsIjoiLTEyMCJ9XX1d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:05 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:29:04 UTC

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
77 B 26ms
25ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiNjkwNDE1IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1ib3gtMS0wXzEiLCJ0X2Vwb2NoIjoxNjAwMzQ5MzM2LCJhdWN0aW9uX2Vwb2NoIjoxNjAwMzQ5MzQ1LCJhZF9wb3NpdGlvbiI6MTEwNywiY291bnRyeV9jb2RlIjoiTkwiLCJwYWdldmlld19pZCI6ImY3MjE5YzZkLTAzNjMtNDdjNi03Y2YzLTNjMDgyZjcxNjIxYSIsImJpZF9mbG9vcl9pbml0aWFsIjo1MDAsImJpZF9mbG9vcl9wcmV2Ijo0MiwiYmlkX2Zsb29yX2ZpbGxlZCI6NCwiYXVjdGlvbl9jb3VudCI6NSwicmVmcmVzaF9hZF9jb3VudCI6MCwiYXVjdGlvbl9kdXJhdGlvbiI6NTY0LCJtdWx0aV9hZF91bml0IjoxLCJtdWx0aV9hZF9jb3VudCI6NCwiZGF0YSI6W3sibmFtZSI6IiIsInZhbCI6IiJ9XX1d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:05 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:29:04 UTC

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 439 B
254 B 458ms
458ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=788064621681489&correlator=913616234781499&output=ldjh&impl=fif&adsid=NT&eid=21067118%2C21067408%2C21067482%2C21066706&vrg=2020091501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-large-billboard-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=2&prev_scp=iid8%3D713415%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C3%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D9%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1034%26compid%3D0%26tap%3Dsecurityonline_info-large-billboard-2-713415%26eb_br%3D6e85b37de1b1ffc2593baa5d6e4b02fc%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D19%26bvm%3D0%26bvr%3D9%26shp%3D3%26br1%3D450%26br2%3D600%26ezoic%3D1%26nmau%3D4%26mau%3D3%26stl%3D23%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26lb%3D600%26reqt%3D1600349345209&eri=1&cookie=ID%3D3dbea847c283d219-22f59342ddb8003a%3AT%3D1600349339%3AS%3DALNI_MaGiBsHYDfKRDxWvKfV3rJxXeNeNA&bc=31&abxe=1&lmt=1600349345&dt=1600349345211&dlt=1600349338352&idt=1014&frm=20&biw=1600&bih=1200&oid=3&adxs=1181&adys=3076&adks=3075149205&ucis=1g&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,0000FF|color_text,,000000|color_url,,828282&ifi=53&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=105&icsg=3433718972678146&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x271&msz=302x264&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1551435357.1600349339&ga_sid=1600349339&ga_hid=1476984913&ga_wpids=UA-124345349-20&fws=4&ohw=302&btvi=23&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

1a94c6f409438a0f6069a8299820cf3978dc05499b844eab2aa3ee62c3a5d39e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:05 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 225
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 quant.js Show response
secure.quantserve.com/ 22 KB
8 KB 50ms
8ms Script
application/javascript 2620:116:800d:21:f916:5049:f87f:108e
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: go.ezoic.net
URL: https://go.ezoic.net/detroitchicago/audins.js?cb=191-2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:116:800d:21:f916:5049:f87f:108e , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 8130c2c72afad9d94581ef93aaa00524093103c47c71fce52f606d5ff693c3ce

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:05 GMT
content-encoding: gzip
etag: "KhcnJMdjWpfMUgm9eIIqRQ=="
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: private, max-age=604800
accept-ranges: bytes
expires: Thu, 24 Sep 2020 13:29:05 GMT

GET
H/1.1 200
OK beacon.js Show response
sb.scorecardresearch.com/ 1 KB
1 KB 138ms
53ms Script
application/x-javascript 23.37.53.17
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://sb.scorecardresearch.com/beacon.js
Requested by: Host: go.ezoic.net
URL: https://go.ezoic.net/detroitchicago/audins.js?cb=191-2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.37.53.17 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-53-17.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 17 Sep 2020 13:29:05 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: private, no-transform, max-age=86400
Connection: keep-alive
Content-Length: 884
Expires: Fri, 18 Sep 2020 13:29:05 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 439 B
255 B 394ms
393ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=788064621681489&correlator=2610374888136338&output=ldjh&impl=fif&adsid=NT&eid=21067118%2C21067408%2C21067482%2C21066706&vrg=2020091501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-large-billboard-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=3&prev_scp=iid8%3D713415%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C6%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D4%26at%3Dmbf%26adr%3D399%26ezosn%3D8%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1034%26compid%3D0%26tap%3Dsecurityonline_info-large-billboard-2-713415%26eb_br%3Dc16fac08e79a971524b1c6834f5caad3%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D19%26bvm%3D0%26bvr%3D9%26shp%3D3%26br1%3D280%26br2%3D600%26ezoic%3D1%26nmau%3D4%26mau%3D2%26stl%3D32%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%26lb%3D450%26reqt%3D1600349345322&eri=1&cookie=ID%3D3dbea847c283d219-22f59342ddb8003a%3AT%3D1600349339%3AS%3DALNI_MaGiBsHYDfKRDxWvKfV3rJxXeNeNA&bc=31&abxe=1&lmt=1600349345&dt=1600349345323&dlt=1600349338352&idt=1014&frm=20&biw=1600&bih=1200&oid=3&adxs=1181&adys=2803&adks=1594893794&ucis=1h&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,858585|color_text,,000000|color_url,,F0F0F0&ifi=54&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=106&icsg=3433718972678146&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x271&msz=302x264&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1551435357.1600349339&ga_sid=1600349339&ga_hid=1476984913&ga_wpids=UA-124345349-20&fws=4&ohw=302&btvi=24&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

707fbab17c093107c5044cd36059273b8f15a07a12862b54c69bcb231b96629f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:05 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 226
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 432 B
255 B 378ms
377ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=788064621681489&correlator=745796659178489&output=ldjh&impl=fif&adsid=NT&eid=21067118%2C21067408%2C21067482%2C21066706&vrg=2020091501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-box-3&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ris=1&rcs=5&prev_scp=iid8%3D745965%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1104%26sap%3D1104%26a%3D%257C124%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D6%26at%3Dmbf%26adr%3D399%26ezosn%3D5%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D2%26al%3D1002%26compid%3D0%26tap%3Dsecurityonline_info-box-3-745965%26eb_br%3Dbfa042bdb1583c959161b7823290dc1f%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D28%26bvm%3D2%26bvr%3D5%26shp%3D1%26br1%3D1300%26br2%3D2400%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D74%26deal1%3D25%2C26%2C23%2C24%2C22%2C23%2C24%2C21%2C22%2C23%2C24%2C21%2C22%2C23%2C24%2C21%2C22%2C23%2C24%26lb%3D1400%26reqt%3D1600349345327&eri=1&cookie=ID%3D3dbea847c283d219-22f59342ddb8003a%3AT%3D1600349339%3AS%3DALNI_MaGiBsHYDfKRDxWvKfV3rJxXeNeNA&bc=31&abxe=1&lmt=1600349345&dt=1600349345329&dlt=1600349338352&idt=1014&frm=20&biw=1600&bih=1200&oid=3&adxs=141&adys=513&adks=1835722818&ucis=1i&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,FF0000|color_text,,000000|color_url,,FF0000&ifi=55&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=106&icsg=3433718972678146&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=880x99&msz=882x92&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1551435357.1600349339&ga_sid=1600349339&ga_hid=1476984913&ga_wpids=UA-124345349-20&fws=4&ohw=882&btvi=0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

973d85ce955b1803a52396efd5c15e44b7d678753b40bc61af91438aaf8d5d9e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:05 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 226
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 62BB 2 KB
3 KB 25ms
25ms Image
image/png 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 17 Sep 2020 11:08:58 GMT
x-content-type-options: nosniff
server: cafe
age: 8407
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Fri, 18 Sep 2020 11:08:58 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 62BB 295 B
583 B 25ms
25ms Image
image/png 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 16 Sep 2020 21:26:58 GMT
x-content-type-options: nosniff
server: cafe
age: 57727
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Thu, 17 Sep 2020 21:26:58 GMT

GET
H3-Q050

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame CB27
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
0

17ms
16ms

Image
text/html

2a00:1450:4001:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:820::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Redirect headers

date: Thu, 17 Sep 2020 13:29:05 GMT
x-content-type-options: nosniff
server: safe
status: 302
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 246
x-xss-protection: 0

GET
H2 200 rules-p-31iz6hfFutd16.js Show response
rules.quantcount.com/ 3 B
348 B 43ms
13ms Script
application/x-javascript 2600:9000:20e8:5e00:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-31iz6hfFutd16.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20e8:5e00:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 15:11:53 GMT
via: 1.1 f23d0814f3a7efcdd4936fa69b3d072b.cloudfront.net (CloudFront)
last-modified: Sat, 04 Mar 2017 19:50:24 GMT
server: AmazonS3
age: 80233
etag: "8a80554c91d9fca8acb82f023de02f11"
x-cache: Hit from cloudfront
content-type: application/x-javascript
status: 200
cache-control: max-age=86400
x-amz-cf-pop: TXL52-C1
accept-ranges: bytes
content-length: 3
x-amz-cf-id: _lGutoBknqIf-vWceTurzsqaWNxqODdoYs4Crn100KPKabJ-lu7obg==

GET
H/1.1

204
No Content

b2
sb.scorecardresearch.com/
Redirect Chain

https://sb.scorecardresearch.com/b?c1=2&c2=20015427&ns__t=1600349345402&ns_c=UTF-8&cv=3.5&c8=Hot%20Potato%20%E2%80%93%20Windows%20Privilege%20Escalation%2CHot%20Potato%20%E2%80%93%20Windows%207%2C8...
https://sb.scorecardresearch.com/b2?c1=2&c2=20015427&ns__t=1600349345402&ns_c=UTF-8&cv=3.5&c8=Hot%20Potato%20%E2%80%93%20Windows%20Privilege%20Escalation%2CHot%20Potato%20%E2%80%93%20Windows%207%2C...

0
528 B

38ms
38ms

Image
text/plain

23.37.53.17
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/b2?c1=2&c2=20015427&ns__t=1600349345402&ns_c=UTF-8&cv=3.5&c8=Hot%20Potato%20%E2%80%93%20Windows%20Privilege%20Escalation%2CHot%20Potato%20%E2%80%93%20Windows%207%2C8%2C10%2C%20Server%202008%2C%20Server%202012%20Privilege%20Escalation%20in%20Metasploit%20%26%20PowerShell&c7=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&c9=&cs_ak_ss=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.37.53.17 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-53-17.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 17 Sep 2020 13:29:05 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Mon, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://sb.scorecardresearch.com/b2?c1=2&c2=20015427&ns__t=1600349345402&ns_c=UTF-8&cv=3.5&c8=Hot%20Potato%20%E2%80%93%20Windows%20Privilege%20Escalation%2CHot%20Potato%20%E2%80%93%20Windows%207%2C8%2C10%2C%20Server%202008%2C%20Server%202012%20Privilege%20Escalation%20in%20Metasploit%20%26%20PowerShell&c7=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&c9=&cs_ak_ss=1
Pragma: no-cache
Date: Thu, 17 Sep 2020 13:29:05 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 327 B
172 B 420ms
419ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=788064621681489&correlator=790411125280277&output=ldjh&impl=fif&adsid=NT&eid=21067118%2C21067408%2C21067482%2C21066706&vrg=2020091501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-medrectangle-3&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ris=1&rcs=5&prev_scp=iid8%3D714815%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1112%26sap%3D1112%26a%3D%257C2%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D6%26at%3Dmbf%26adr%3D399%26ezosn%3D4%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D21%26al%3D1021%26compid%3D0%26tap%3Dsecurityonline_info-medrectangle-3-714815%26eb_br%3D90c3c48d0172916d27c102ea4aa9d49c%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D1%26bvm%3D2%26bvr%3D6%26shp%3D1%26br1%3D300%26br2%3D800%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D39%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%26lb%3D350%26reqt%3D1600349345404&eri=1&cookie=ID%3D3dbea847c283d219%3AT%3D1600349339%3AS%3DALNI_MYDh0yBkO6EZHTGwdkK8Gt30kGiZA&bc=31&abxe=1&lmt=1600349345&dt=1600349345407&dlt=1600349338352&idt=1014&frm=20&biw=1600&bih=1200&oid=3&adxs=140&adys=852&adks=2766934257&ucis=1j&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,37a5d7|color_text,,000000|color_url,,F0F0F0&ifi=56&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=107&icsg=3433718972678146&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=880x97&msz=880x90&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1551435357.1600349339&ga_sid=1600349339&ga_hid=1476984913&ga_wpids=UA-124345349-20&fws=0&ohw=0&btvi=0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

ca08a5c41250b1d4f1e4de44ff2cfcd19e1b600fdddd3fdc2035f94164674255

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:05 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 139
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame CB27 2 KB
3 KB 6ms
6ms Image
image/png 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 17 Sep 2020 11:08:58 GMT
x-content-type-options: nosniff
server: cafe
age: 8407
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Fri, 18 Sep 2020 11:08:58 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame CB27 295 B
319 B 7ms
6ms Image
image/png 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 16 Sep 2020 21:26:58 GMT
x-content-type-options: nosniff
server: cafe
age: 57727
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Thu, 17 Sep 2020 21:26:58 GMT

GET
H2 200 pixel;r=1640413566;labels=Domain.securityonline_info%2CDomainId.124533;rf=0;a=p-31iz6hfFutd16;url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellho...
pixel.quantserve.com/ 35 B
210 B 9ms
9ms Image
image/gif 2620:116:800d:21:f916:5049:f87f:108e
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=1640413566;labels=Domain.securityonline_info%2CDomainId.124533;rf=0;a=p-31iz6hfFutd16;url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F;fpan=1;fpa=P0-1003123305-1600349345437;ns=0;ce=1;qjs=1;qv=35f667c6-20200713111428;cm=;gdpr=0;ref=;d=securityonline.info;je=0;sr=1600x1200x24;enc=n;dst=1;et=1600349345437;tzo=-120;ogl=locale.en_US%2Ctype.article%2Ctitle.Hot%20Potato%20%E2%80%93%20Windows%20Privilege%20Escalation%252CHot%20Potato%20%E2%80%93%20Windows%207%252C8%252C10%252C%20Server%2020%2Cdescription.Hot%20Potato%20%E2%80%93%20Windows%207%252C8%252C10%252C%20Server%202008%252C%20Server%202012%20Privilege%20Escalation%20in%20Me%2Curl.https%3A%2F%2Fsecurityonline%252Einfo%2Fhot-potato-windows-privilege-escalation-metasploit-p%2Csite_name.Penetration%20Testing%2Cimage.https%3A%2F%2Fsecurityonline%252Einfo%2Fwp-content%2Fuploads%2F2017%2F04%2F7-4%252Epng%2Cimage%3Awidth.726%2Cimage%3Aheight.205

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:f916:5049:f87f:108e , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Sep 2020 13:29:05 GMT
strict-transport-security: max-age=86400
content-type: image/gif
status: 200
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 331 B
166 B 255ms
255ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=788064621681489&correlator=4240982386242774&output=ldjh&impl=fif&adsid=NT&eid=21067118%2C21067408%2C21067482%2C21066706&vrg=2020091501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-large-billboard-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=4&prev_scp=iid8%3D713415%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C5%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D5%26at%3Dmbf%26adr%3D399%26ezosn%3D7%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1034%26compid%3D0%26tap%3Dsecurityonline_info-large-billboard-2-713415%26eb_br%3D3530fcb6bcc13dc3c1712eaef7d92700%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D19%26bvm%3D0%26bvr%3D9%26shp%3D3%26br1%3D160%26br2%3D600%26ezoic%3D1%26nmau%3D4%26mau%3D1%26stl%3D26%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%2C17%2C20%26lb%3D280%26reqt%3D1600349345470&eri=1&cookie=ID%3D3dbea847c283d219%3AT%3D1600349339%3AS%3DALNI_MYDh0yBkO6EZHTGwdkK8Gt30kGiZA&bc=31&abxe=1&lmt=1600349345&dt=1600349345472&dlt=1600349338352&idt=1014&frm=20&biw=1600&bih=1200&oid=3&adxs=1181&adys=2530&adks=4008027628&ucis=1k&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,20929A|color_text,,000000|color_url,,F0F0F0&ifi=57&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=107&icsg=3433718972678146&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x271&msz=302x264&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1551435357.1600349339&ga_sid=1600349339&ga_hid=1476984913&ga_wpids=UA-124345349-20&fws=4&ohw=302&btvi=25&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

3192b5c7695152e3d7434e6dd255cf1da7110d1ccb7058125b52e6197c73b15c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:05 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 137
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 321 B
160 B 298ms
297ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=788064621681489&correlator=1982401895351168&output=ldjh&impl=fif&adsid=NT&eid=21067118%2C21067408%2C21067482%2C21066706&vrg=2020091501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-leader-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ris=1&rcs=6&prev_scp=iid8%3D707965%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1103%26sap%3D1103%26a%3D%257C5%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D7%26at%3Dmbf%26adr%3D399%26ezosn%3D11%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D37%26al%3D1037%26compid%3D0%26tap%3Dsecurityonline_info-leader-1-707965%26eb_br%3Daf063c244089b52ec5a0423a258f1f8e%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D0%26bvm%3D2%26bvr%3D7%26shp%3D1%26br1%3D140%26br2%3D450%26ezoic%3D1%26nmau%3D0%26mau%3D0%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%2C20%2C20%2C17%2C20%26lb%3D160%26reqt%3D1600349345703&eri=1&cookie=ID%3D3dbea847c283d219%3AT%3D1600349339%3AS%3DALNI_MYDh0yBkO6EZHTGwdkK8Gt30kGiZA&bc=31&abxe=1&lmt=1600349345&dt=1600349345705&dlt=1600349338352&idt=1014&frm=20&biw=1600&bih=1200&oid=3&adxs=140&adys=1087&adks=4103646004&ucis=1l&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,20929A|color_text,,000000|color_url,,F0F0F0&ifi=58&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=107&icsg=3433718972678146&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=880x97&msz=880x90&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1551435357.1600349339&ga_sid=1600349339&ga_hid=1476984913&ga_wpids=UA-124345349-20&fws=0&ohw=0&btvi=0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

0135a4e6c49b5c9ca8726d3479bc9686a42f40bab4a2ea733dd272140c327844

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:05 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 331 B
167 B 455ms
454ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=788064621681489&correlator=2922211188677956&output=ldjh&impl=fif&adsid=NT&eid=21067118%2C21067408%2C21067482%2C21066706&vrg=2020091501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-large-billboard-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=3&prev_scp=iid8%3D713415%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C3%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D4%26at%3Dmbf%26adr%3D399%26ezosn%3D9%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1034%26compid%3D0%26tap%3Dsecurityonline_info-large-billboard-2-713415%26eb_br%3Dc16fac08e79a971524b1c6834f5caad3%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D19%26bvm%3D0%26bvr%3D9%26shp%3D3%26br1%3D280%26br2%3D600%26ezoic%3D1%26nmau%3D4%26mau%3D3%26stl%3D23%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%26lb%3D450%26reqt%3D1600349345720&eri=1&cookie=ID%3D3dbea847c283d219%3AT%3D1600349339%3AS%3DALNI_MYDh0yBkO6EZHTGwdkK8Gt30kGiZA&bc=31&abxe=1&lmt=1600349345&dt=1600349345722&dlt=1600349338352&idt=1014&frm=20&biw=1600&bih=1200&oid=3&adxs=1181&adys=3076&adks=3075149205&ucis=1m&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,0000FF|color_text,,000000|color_url,,828282&ifi=59&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=107&icsg=3433718972678146&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x271&msz=302x264&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1551435357.1600349339&ga_sid=1600349339&ga_hid=1476984913&ga_wpids=UA-124345349-20&fws=4&ohw=302&btvi=26&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

1928489835602af2928b55d854ab5d4981aa9056d2fcbf32f33d2fd066d4be0a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:06 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 138
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 327 B
192 B 285ms
284ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=788064621681489&correlator=4416726843251768&output=ldjh&impl=fif&adsid=NT&eid=21067118%2C21067408%2C21067482%2C21066706&vrg=2020091501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-medrectangle-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=970x90&ris=1&rcs=2&prev_scp=iid7%3D686265%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1100%26sap%3D1100%26a%3D%257C3%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D10%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D5%26al%3D1005%26compid%3D0%26tap%3Dsecurityonline_info-medrectangle-2-686265%26eb_br%3D6e85b37de1b1ffc2593baa5d6e4b02fc%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D15%26bvm%3D0%26bvr%3D5%26shp%3D1%26br1%3D450%26br2%3D750%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D64%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26lb%3D750%26reqt%3D1600349345770&eri=1&cookie=ID%3D3dbea847c283d219%3AT%3D1600349339%3AS%3DALNI_MYDh0yBkO6EZHTGwdkK8Gt30kGiZA&bc=31&abxe=1&lmt=1600349345&dt=1600349345772&dlt=1600349338352&idt=1014&frm=20&biw=1600&bih=1200&oid=3&adxs=315&adys=1102&adks=3873167905&ucis=1n&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,0000FF|color_text,,000000|color_url,,828282&ifi=60&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=107&icsg=3433718972678146&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=970x-1&msz=970x-1&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1551435357.1600349339&ga_sid=1600349339&ga_hid=1476984913&ga_wpids=UA-124345349-20&fws=512&ohw=0&btvi=0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

0250776c6a37be308ddc5233a2cd0786d683865c5abd57c0b80b54d513f9706a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:06 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 140
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 331 B
166 B 284ms
283ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=788064621681489&correlator=60162525442997&output=ldjh&impl=fif&adsid=NT&eid=21067118%2C21067408%2C21067482%2C21066706&vrg=2020091501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-large-billboard-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=4&prev_scp=iid8%3D713415%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C6%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D5%26at%3Dmbf%26adr%3D399%26ezosn%3D8%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1034%26compid%3D0%26tap%3Dsecurityonline_info-large-billboard-2-713415%26eb_br%3D3530fcb6bcc13dc3c1712eaef7d92700%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D19%26bvm%3D0%26bvr%3D9%26shp%3D3%26br1%3D160%26br2%3D600%26ezoic%3D1%26nmau%3D4%26mau%3D2%26stl%3D32%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%2C17%2C20%26lb%3D280%26reqt%3D1600349345836&eri=1&cookie=ID%3D3dbea847c283d219%3AT%3D1600349339%3AS%3DALNI_MYDh0yBkO6EZHTGwdkK8Gt30kGiZA&bc=31&abxe=1&lmt=1600349345&dt=1600349345841&dlt=1600349338352&idt=1014&frm=20&biw=1600&bih=1200&oid=3&adxs=1181&adys=2803&adks=1594893794&ucis=1o&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,858585|color_text,,000000|color_url,,F0F0F0&ifi=61&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=107&icsg=3433718972678146&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x271&msz=302x264&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1551435357.1600349339&ga_sid=1600349339&ga_hid=1476984913&ga_wpids=UA-124345349-20&fws=4&ohw=302&btvi=27&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

682133472eb41d447ac1b250338f07c01858b273750ee0579a878b4e4b6fc13a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:06 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 137
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 58 KB
12 KB 299ms
298ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=788064621681489&correlator=717989355580538&output=ldjh&impl=fif&adsid=NT&eid=21067118%2C21067408%2C21067482%2C21066706&vrg=2020091501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-box-3&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ris=1&rcs=6&prev_scp=iid8%3D745965%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1104%26sap%3D1104%26a%3D%257C124%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D7%26at%3Dbf%26adr%3D399%26ezosn%3D5%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D2%26al%3D1002%26compid%3D0%26tap%3Dsecurityonline_info-box-3-745965%26eb_br%3Dzero%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D28%26bvm%3D2%26bvr%3D5%26shp%3D1%26br1%3D0%26br2%3D2400%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D74%26deal1%3D25%2C26%2C23%2C24%2C22%2C23%2C24%2C21%2C22%2C23%2C24%2C21%2C22%2C23%2C24%2C21%2C22%2C23%2C24%2C17%2C18%2C19%2C20%2C21%2C22%2C23%2C24%26lb%3D1300%26reqt%3D1600349345846%26ss38%3D1%26ss9%3D1&eri=1&cookie=ID%3D3dbea847c283d219%3AT%3D1600349339%3AS%3DALNI_MYDh0yBkO6EZHTGwdkK8Gt30kGiZA&bc=31&abxe=1&lmt=1600349345&dt=1600349345848&dlt=1600349338352&idt=1014&frm=20&biw=1600&bih=1200&oid=3&adxs=141&adys=513&adks=1835722818&ucis=1p&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,FF0000|color_text,,000000|color_url,,FF0000&ifi=62&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=107&icsg=3433718972678146&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=880x99&msz=882x92&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1551435357.1600349339&ga_sid=1600349339&ga_hid=1476984913&ga_wpids=UA-124345349-20&fws=4&ohw=882&btvi=0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

58ccb96179b382440aad4d8ad88b74c651757866d4cca0ef6eab0d725f8f8899

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:06 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12177
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 327 B
169 B 249ms
248ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=788064621681489&correlator=584953084771378&output=ldjh&impl=fif&adsid=NT&eid=21067118%2C21067408%2C21067482%2C21066706&vrg=2020091501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-medrectangle-3&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ris=1&rcs=6&prev_scp=iid8%3D714815%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1112%26sap%3D1112%26a%3D%257C2%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D7%26at%3Dmbf%26adr%3D399%26ezosn%3D4%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D21%26al%3D1021%26compid%3D0%26tap%3Dsecurityonline_info-medrectangle-3-714815%26eb_br%3Dc16fac08e79a971524b1c6834f5caad3%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D1%26bvm%3D2%26bvr%3D6%26shp%3D1%26br1%3D280%26br2%3D800%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D39%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%2C20%26lb%3D300%26reqt%3D1600349345920&eri=1&cookie=ID%3D3dbea847c283d219%3AT%3D1600349339%3AS%3DALNI_MYDh0yBkO6EZHTGwdkK8Gt30kGiZA&bc=31&abxe=1&lmt=1600349345&dt=1600349345922&dlt=1600349338352&idt=1014&frm=20&biw=1600&bih=1200&oid=3&adxs=140&adys=852&adks=2766934257&ucis=1q&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,37a5d7|color_text,,000000|color_url,,F0F0F0&ifi=63&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=107&icsg=3433718972678146&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=880x97&msz=880x90&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1551435357.1600349339&ga_sid=1600349339&ga_hid=1476984913&ga_wpids=UA-124345349-20&fws=0&ohw=0&btvi=0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

22f22105b574e70e269aee5f3b15abe3785d317b49dc5237bee3be77c63f7024

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:06 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 140
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 331 B
167 B 218ms
218ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=788064621681489&correlator=1761559943854933&output=ldjh&impl=fif&adsid=NT&eid=21067118%2C21067408%2C21067482%2C21066706&vrg=2020091501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-large-billboard-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=5&prev_scp=iid8%3D713415%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C5%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D6%26at%3Dmbf%26adr%3D399%26ezosn%3D7%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1034%26compid%3D0%26tap%3Dsecurityonline_info-large-billboard-2-713415%26eb_br%3D527e52c10635ac8136a4c84094ee49a8%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D19%26bvm%3D0%26bvr%3D9%26shp%3D3%26br1%3D70%26br2%3D600%26ezoic%3D1%26nmau%3D4%26mau%3D1%26stl%3D26%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%2C17%2C20%2C17%2C19%2C20%26lb%3D160%26reqt%3D1600349345986&eri=1&cookie=ID%3D3dbea847c283d219%3AT%3D1600349339%3AS%3DALNI_MYDh0yBkO6EZHTGwdkK8Gt30kGiZA&bc=31&abxe=1&lmt=1600349345&dt=1600349345988&dlt=1600349338352&idt=1014&frm=20&biw=1600&bih=1200&oid=3&adxs=1181&adys=2530&adks=4008027628&ucis=1r&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,20929A|color_text,,000000|color_url,,F0F0F0&ifi=64&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=107&icsg=3433718972678146&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x271&msz=302x264&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1551435357.1600349339&ga_sid=1600349339&ga_hid=1476984913&ga_wpids=UA-124345349-20&fws=4&ohw=302&btvi=28&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

8ecf6a9589d0fe6caaf699741fbef6fc3f0b05a10a7d3fd702592e1a57674f8d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:06 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 138
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 337 B
178 B 314ms
313ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=788064621681489&correlator=3674867680183692&output=ldjh&impl=fif&adsid=NT&eid=21067118%2C21067408%2C21067482%2C21066706&vrg=2020091501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-large-billboard-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=4&prev_scp=iid8%3D713415%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C1%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D5%26at%3Dmbf%26adr%3D399%26ezosn%3D6%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1034%26compid%3D0%26tap%3Dsecurityonline_info-large-billboard-2-713415%26eb_br%3D3530fcb6bcc13dc3c1712eaef7d92700%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D19%26bvm%3D0%26bvr%3D9%26shp%3D3%26br1%3D160%26br2%3D600%26ezoic%3D1%26nmau%3D4%26mau%3D0%26stl%3D27%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%2C17%2C20%26lb%3D280%26reqt%3D1600349346136&eri=1&cookie=ID%3D3dbea847c283d219%3AT%3D1600349339%3AS%3DALNI_MYDh0yBkO6EZHTGwdkK8Gt30kGiZA&bc=31&abxe=1&lmt=1600349346&dt=1600349346139&dlt=1600349338352&idt=1014&frm=20&biw=1600&bih=1200&oid=3&adxs=1181&adys=2257&adks=3088204122&ucis=1s&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,1a0dab|color_text,,545454|color_url,,006621&ifi=65&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=107&icsg=3433718972678146&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x271&msz=302x264&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1551435357.1600349339&ga_sid=1600349339&ga_hid=1476984913&ga_wpids=UA-124345349-20&fws=4&ohw=302&btvi=29&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

b1f8339b0891cce6ec8d29e8d325f6907a97565da86882baea22fc225f43911d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:06 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 145
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/012009010507000/ Frame F02A 206 KB
56 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

12a24c1feb4b8e8e3872a9fedee80fcce55a6f59b14607d640fcf4f3054ec43e

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 17143
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 57296
x-xss-protection: 0
server: sffe
date: Thu, 17 Sep 2020 08:43:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "9e379dcbf00ec980"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 17 Sep 2021 08:43:23 GMT

GET
H3-Q050 200 amp-ad-exit-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame F02A 16 KB
6 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-ad-exit-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d337aa4ea0cace6bd743ef8c3b5d1d20e6e676bb4a650c7335a7383635529f31

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 109117
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5755
x-xss-protection: 0
server: sffe
date: Wed, 16 Sep 2020 07:10:29 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "c8394c73e5080432"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Sep 2021 07:10:29 GMT

GET
H3-Q050 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame F02A 95 KB
29 KB 11ms
10ms Script
text/javascript 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-analytics-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

76a8c8ef4cde9cbd17bbaecf11ee316fab4e55cc661093e4b2d80a4e1ff52897

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 17194
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29275
x-xss-protection: 0
server: sffe
date: Thu, 17 Sep 2020 08:42:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "56557b91d9fb04b1"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 17 Sep 2021 08:42:32 GMT

GET
H3-Q050 200 amp-fit-text-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame F02A 4 KB
2 KB 12ms
11ms Script
text/javascript 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-fit-text-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6fca0b40781598023aed9b45225711771eafce8f14392a49d6ed57d567255002

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 109039
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1795
x-xss-protection: 0
server: sffe
date: Wed, 16 Sep 2020 07:11:47 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "b0cc102b09e8903d"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Sep 2021 07:11:47 GMT

GET
H3-Q050 200 amp-form-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame F02A 47 KB
14 KB 12ms
11ms Script
text/javascript 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-form-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

21cb9221d772cfd0d3de7240fe5c07ee1c06b9bd945111a2e0491ae243eb0b41

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 109026
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14591
x-xss-protection: 0
server: sffe
date: Wed, 16 Sep 2020 07:12:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "4ca25f57e218a94a"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Sep 2021 07:12:00 GMT

GET
H3-Q050 200 css
fonts.googleapis.com/ Frame F02A 4 KB
693 B 16ms
16ms Stylesheet
text/css 2a00:1450:4001:802::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

02fec5849f8ab7bceb4450d167f382e9079bd3a5d0f33a00942869641811ab3a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 17 Sep 2020 13:07:07 GMT
server: ESF
date: Thu, 17 Sep 2020 13:29:06 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 17 Sep 2020 13:29:06 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame F02A 295 B
324 B 7ms
7ms Image
image/png 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 16 Sep 2020 21:26:58 GMT
x-content-type-options: nosniff
server: cafe
age: 57728
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Thu, 17 Sep 2020 21:26:58 GMT

GET
H3-Q050 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/16955503103052890963/ Frame F02A 33 KB
33 KB 10ms
10ms Image
image/png 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/16955503103052890963/downsize_200k_v1

Requested by

Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c649cac7898b1c98031d305971583fc3cae1f3f0b9b4b413d74c3e9a56b2dcb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 14 Sep 2020 09:14:57 GMT
x-content-type-options: nosniff
age: 274449
x-dns-prefetch-control: off
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33932
x-xss-protection: 0
last-modified: Fri, 15 Nov 2019 17:59:25 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 14 Sep 2021 09:14:57 GMT

GET
DATA 200
OK truncated
/ Frame F02A 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1321a915eb8436a7ead71b2ecc7cc60bbd7bcbf708770bf9cfa9c14c8dd2c6e5

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 200 en_bl.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame F02A 2 KB
3 KB 9ms
9ms Image
image/png 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en_bl.png

Requested by

Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e1a3c83144fa5752c8668ca056742ec9e6d6dfe5cfb75a97a9e53d1150068f91

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 17 Sep 2020 02:38:27 GMT
x-content-type-options: nosniff
server: cafe
age: 39039
etag: 11660698925711390587
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2471
x-xss-protection: 0
expires: Fri, 18 Sep 2020 02:38:27 GMT

GET
H3-Q050 204 l
www.google.com/ads/measurement/ Frame F02A 0
0 15ms
14ms Image
text/html 2a00:1450:4001:825::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQwe7hZAZKQyv7KKyFoFwnB8gytXXwJ-eiPc_MANmKHFIXYu_Z9QtCDls73soKgqt6QvtMOAbtO_2ka2tz-OLVUQjHm4Q
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:825::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame F02A 0
0 58ms
58ms Image
text/html 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CyWZDoWRjX_KJN9z5-gaM85GwAe_mnYZfzN2RoosL-4fqwuMYEAEg9PnGJWCRhJOF_BegAf_bisgDyAEB4AIAqAMBqgS1Ak_QX_O2Ll7Rqtb-aqCUuXCHvWDpWKnQmSw3HEn85Tn--0MF7Efx-EzdWm3jD3YGQJVqROvuVf1jBpE2Zo3tj0GZO9gaCm5x9B60bu-KsIPn0YWx8kPEy0OyrqodkieUqBG-kQ14wfx34KaeqTlsAY_5-_tg94oWNZS4WNOtNHx2LXuwTFizKsKFrAxzBEtu2iD7TPE_eVRx8SZ81B60U4F4kwuRVIQo-UshVxspXrmm0xipfU4O-hedT_-3O0rSUChvUJDDqszCbcseKhfRsC5cyi2271u2nxInJPUZ6MuM5vqNbu8B5OFVd5X1Kcoakb2636Jw8kY807-D6QCJwoJXK8y_2g8y3RXxDYkr9oZgMt6GTwjpTwHkj_0Mg2Sn8qTukcS78KT3TAz6VkzanpJ6n8sOesAEkrr91ucC4AQBkgUECAQYAZIFBAgFGASSBQQIBRgYkgUFCAUYqAGAB4bznAmoB47OG6gH1ckbqAeT2BuoB7oGqAfw2RuoB_LZG6gHpr4bqAfs1RvYBwHyBwQQhJUh0ggJCIDhgBAQARgd8ggbYWR4LXN1YnN5bi00Nzc2MDYzMTU4MjQyNTg4gAoDyAsBsgwUcHViLTYzOTY4NDQ3NDI0OTcyMDjYEwyYFgE&sigh=Z-4jrMIrJpY&template_id=5001&tpd=AGWhJmvzBH2D2uvkPYr6GaMRo8VG16qPfT_byW4j2KsOCpAp9w
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 172.217.23.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s18-in-f130.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H2 200 71614394 Show response
g.ezoic.net/dac/ 0
40 B 32ms
22ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezoic.net/dac/71614394
Requested by: Host: securityonline.info
URL: https://securityonline.info/porpoiseant/banger.js?cb=191-2&bv=86&v=35&PageSpeed=off
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:06 GMT
server: nginx/1.16.0
status: 200
vary: Accept-Encoding
content-type: text/plain
access-control-allow-origin: *
cache-control: max-age=3600, public
content-length: 0

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
77 B 32ms
22ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzQ1OTY1IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1ib3gtMy0wIiwidF9lcG9jaCI6MTYwMDM0OTMzNiwiYWRfcG9zaXRpb24iOjExMDQsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJOTCIsInBhZ2V2aWV3X2lkIjoiZjcyMTljNmQtMDM2My00N2M2LTdjZjMtM2MwODJmNzE2MjFhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo3MTYxNDM5NCwiY3JlYXRpdmVfaWQiOjEzODMxMDA0MzgyMCwiZGF0YSI6W3sibmFtZSI6InJlZnJlc2hfY291bnQiLCJ2YWwiOiI3In1dfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6Ijc0NTk2NSIsImRvbWFpbl9pZCI6IjEyNDUzMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXNlY3VyaXR5b25saW5lX2luZm8tYm94LTMtMCIsInRfZXBvY2giOjE2MDAzNDkzMzYsImFkX3Bvc2l0aW9uIjoxMTA0LCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiTkwiLCJwYWdldmlld19pZCI6ImY3MjE5YzZkLTAzNjMtNDdjNi03Y2YzLTNjMDgyZjcxNjIxYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NzE2MTQzOTQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM4MjAsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfYmlkX2hhc2giLCJ2YWwiOiJ6ZXJvIn1dfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6Ijc0NTk2NSIsImRvbWFpbl9pZCI6IjEyNDUzMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXNlY3VyaXR5b25saW5lX2luZm8tYm94LTMtMCIsInRfZXBvY2giOjE2MDAzNDkzMzYsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLjAwMDAwMiwiYWRfcG9zaXRpb24iOjExMDQsImFkX3NpemUiOiIiLCJiaWRfZmxvb3JfZmlsbGVkIjowLjAwMDAwMiwiYmlkX2Zsb29yX3ByZXYiOjAuMDEzLCJzdGF0X3NvdXJjZV9pZCI6MzUsImNvdW50cnlfY29kZSI6Ik5MIiwicGFnZXZpZXdfaWQiOiJmNzIxOWM2ZC0wMzYzLTQ3YzYtN2NmMy0zYzA4MmY3MTYyMWEiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjcxNjE0Mzk0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDQzODIwLCJkYXRhIjpbeyJuYW1lIjoibG9hZGVkIiwidmFsIjoiMSJ9XX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI3NDU5NjUiLCJkb21haW5faWQiOiIxMjQ1MzMiLCJ1bml0IjoiZGl2LWdwdC1hZC1zZWN1cml0eW9ubGluZV9pbmZvLWJveC0zLTAiLCJ0X2Vwb2NoIjoxNjAwMzQ5MzM2LCJhZF9wb3NpdGlvbiI6MTEwNCwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6Ik5MIiwicGFnZXZpZXdfaWQiOiJmNzIxOWM2ZC0wMzYzLTQ3YzYtN2NmMy0zYzA4MmY3MTYyMWEiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjcxNjE0Mzk0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDQzODIwLCJkYXRhIjpbeyJuYW1lIjoiY3JlYXRpdmVfaWQiLCJ2YWwiOiIxMzgzMTAwNDM4MjAifV19LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzQ1OTY1IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1ib3gtMy0wIiwidF9lcG9jaCI6MTYwMDM0OTMzNiwiYWRfcG9zaXRpb24iOjExMDQsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJOTCIsInBhZ2V2aWV3X2lkIjoiZjcyMTljNmQtMDM2My00N2M2LTdjZjMtM2MwODJmNzE2MjFhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo3MTYxNDM5NCwiY3JlYXRpdmVfaWQiOjEzODMxMDA0MzgyMCwiZGF0YSI6W3sibmFtZSI6ImxpbmVpdGVtX2lkIiwidmFsIjoiNzE2MTQzOTQifV19XQ==
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:06 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:29:06 UTC

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
123 B 31ms
21ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzQ1OTY1IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1ib3gtMy0wIiwidF9lcG9jaCI6MTYwMDM0OTMzNiwiYWRfcG9zaXRpb24iOjExMDQsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJOTCIsInBhZ2V2aWV3X2lkIjoiZjcyMTljNmQtMDM2My00N2M2LTdjZjMtM2MwODJmNzE2MjFhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo3MTYxNDM5NCwiY3JlYXRpdmVfaWQiOjEzODMxMDA0MzgyMCwiZGF0YSI6W3sibmFtZSI6InRfbG9jYWxfZGF0ZSIsInZhbCI6IjIwMjAtMDktMTcifSx7Im5hbWUiOiJ0X2xvY2FsX2hvdXIiLCJ2YWwiOiIxNSJ9LHsibmFtZSI6InRfbG9jYWxfZGF5X29mX3dlZWsiLCJ2YWwiOiI0In0seyJuYW1lIjoidF9sb2NhbF90aW1lem9uZSIsInZhbCI6Ii0xMjAifV19XQ==
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:06 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:29:06 UTC

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
77 B 32ms
22ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiNzQ1OTY1IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1ib3gtMy0wIiwidF9lcG9jaCI6MTYwMDM0OTMzNiwiYXVjdGlvbl9lcG9jaCI6MTYwMDM0OTM0NiwiYWRfcG9zaXRpb24iOjExMDQsImNvdW50cnlfY29kZSI6Ik5MIiwicGFnZXZpZXdfaWQiOiJmNzIxOWM2ZC0wMzYzLTQ3YzYtN2NmMy0zYzA4MmY3MTYyMWEiLCJiaWRfZmxvb3JfaW5pdGlhbCI6NDgwMCwiYmlkX2Zsb29yX3ByZXYiOjEzMDAsImJpZF9mbG9vcl9maWxsZWQiOjAsImF1Y3Rpb25fY291bnQiOjcsInJlZnJlc2hfYWRfY291bnQiOjAsImF1Y3Rpb25fZHVyYXRpb24iOjMxMiwibXVsdGlfYWRfdW5pdCI6MCwibXVsdGlfYWRfY291bnQiOjAsImRhdGEiOlt7Im5hbWUiOiIiLCJ2YWwiOiIifV19XQ==
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:06 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:29:06 UTC

GET
H3-Q050 200 4UaGrENHsxJlGDuGo1OIlL3Owp5eKQtG.woff2
fonts.gstatic.com/s/googlesans/v16/ Frame F02A 14 KB
14 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v16/4UaGrENHsxJlGDuGo1OIlL3Owp5eKQtG.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f199a20f1fee7dec152b3591272f9715b536ed88b4c36194488fd5a734caf707

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://securityonline.info
Referer: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 14 Sep 2020 11:04:23 GMT
x-content-type-options: nosniff
last-modified: Wed, 04 Dec 2019 18:44:26 GMT
server: sffe
age: 267883
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14608
x-xss-protection: 0
expires: Tue, 14 Sep 2021 11:04:23 GMT

GET
H3-Q050 200 4UabrENHsxJlGDuGo1OIlLU94YtzCwZsPF4o.woff2
fonts.gstatic.com/s/googlesans/v16/ Frame F02A 14 KB
15 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v16/4UabrENHsxJlGDuGo1OIlLU94YtzCwZsPF4o.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1daab0f66666bc3a1d05d70de979a80680d985cc924e233fab61eef2d03bafe2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://securityonline.info
Referer: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 14 Sep 2020 11:04:14 GMT
x-content-type-options: nosniff
last-modified: Wed, 04 Dec 2019 18:44:18 GMT
server: sffe
age: 267892
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14816
x-xss-protection: 0
expires: Tue, 14 Sep 2021 11:04:14 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 321 B
160 B 309ms
308ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=788064621681489&correlator=2810190211842749&output=ldjh&impl=fif&adsid=NT&eid=21067118%2C21067408%2C21067482%2C21066706&vrg=2020091501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-leader-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ris=1&rcs=7&prev_scp=iid8%3D707965%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1103%26sap%3D1103%26a%3D%257C5%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D8%26at%3Dmbf%26adr%3D399%26ezosn%3D11%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D37%26al%3D1037%26compid%3D0%26tap%3Dsecurityonline_info-leader-1-707965%26eb_br%3D58ef7bddb438af5e257c4377f32c243a%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D0%26bvm%3D2%26bvr%3D7%26shp%3D1%26br1%3D120%26br2%3D450%26ezoic%3D1%26nmau%3D0%26mau%3D0%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%2C20%2C20%2C17%2C20%2C17%2C20%26lb%3D140%26reqt%3D1600349346231&eri=1&cookie=ID%3D3dbea847c283d219%3AT%3D1600349339%3AS%3DALNI_MYDh0yBkO6EZHTGwdkK8Gt30kGiZA&bc=31&abxe=1&lmt=1600349346&dt=1600349346233&dlt=1600349338352&idt=1014&frm=20&biw=1600&bih=1200&oid=3&adxs=140&adys=1087&adks=4103646004&ucis=1t&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,20929A|color_text,,000000|color_url,,F0F0F0&ifi=66&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=106&icsg=3433718972678146&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=880x97&msz=880x90&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1551435357.1600349339&ga_sid=1600349339&ga_hid=1476984913&ga_wpids=UA-124345349-20&fws=0&ohw=0&btvi=0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

1ec2f86fa7553d9097b26d1542ff1858ced6eadfd08fcd21e8ab82bd764c8541

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:06 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 331 B
166 B 195ms
195ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=788064621681489&correlator=4046700374640505&output=ldjh&impl=fif&adsid=NT&eid=21067118%2C21067408%2C21067482%2C21066706&vrg=2020091501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-large-billboard-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=4&prev_scp=iid8%3D713415%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C3%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D5%26at%3Dmbf%26adr%3D399%26ezosn%3D9%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1034%26compid%3D0%26tap%3Dsecurityonline_info-large-billboard-2-713415%26eb_br%3D3530fcb6bcc13dc3c1712eaef7d92700%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D19%26bvm%3D0%26bvr%3D9%26shp%3D3%26br1%3D160%26br2%3D600%26ezoic%3D1%26nmau%3D4%26mau%3D3%26stl%3D23%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%2C17%2C20%26lb%3D280%26reqt%3D1600349346259&eri=1&cookie=ID%3D3dbea847c283d219%3AT%3D1600349339%3AS%3DALNI_MYDh0yBkO6EZHTGwdkK8Gt30kGiZA&bc=31&abxe=1&lmt=1600349346&dt=1600349346261&dlt=1600349338352&idt=1014&frm=20&biw=1600&bih=1200&oid=3&adxs=1181&adys=3076&adks=3075149205&ucis=1u&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,0000FF|color_text,,000000|color_url,,828282&ifi=67&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=106&icsg=3433718972678146&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x271&msz=302x264&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1551435357.1600349339&ga_sid=1600349339&ga_hid=1476984913&ga_wpids=UA-124345349-20&fws=4&ohw=302&btvi=30&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

d9658f7fae78cff248c1b299c364196332bcacb39782b051afff4b8c40d0f944

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:06 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 137
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
77 B 23ms
23ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjkwNDE1IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1ib3gtMS0wXzEiLCJ0X2Vwb2NoIjoxNjAwMzQ5MzM2LCJyZXZlbnVlIjowLCJlc3RfcmV2ZW51ZSI6MCwiYWRfcG9zaXRpb24iOjExMDcsImFkX3NpemUiOiIiLCJiaWRfZmxvb3JfZmlsbGVkIjowLCJiaWRfZmxvb3JfcHJldiI6MCwic3RhdF9zb3VyY2VfaWQiOjAsImNvdW50cnlfY29kZSI6Ik5MIiwicGFnZXZpZXdfaWQiOiJmNzIxOWM2ZC0wMzYzLTQ3YzYtN2NmMy0zYzA4MmY3MTYyMWEiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NTA3LCJkYXRhIjpbeyJuYW1lIjoidmlld2VkIiwidmFsIjoiMSJ9XX1d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:06 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:29:05 UTC

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 327 B
173 B 271ms
271ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=788064621681489&correlator=2385732008736165&output=ldjh&impl=fif&adsid=NT&eid=21067118%2C21067408%2C21067482%2C21066706&vrg=2020091501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-medrectangle-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=970x90&ris=1&rcs=3&prev_scp=iid7%3D686265%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1100%26sap%3D1100%26a%3D%257C3%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D4%26at%3Dmbf%26adr%3D399%26ezosn%3D10%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D5%26al%3D1005%26compid%3D0%26tap%3Dsecurityonline_info-medrectangle-2-686265%26eb_br%3D9ae587f95e95c876b7b76fd4c72a3838%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D15%26bvm%3D0%26bvr%3D5%26shp%3D1%26br1%3D180%26br2%3D750%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D64%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%26lb%3D450%26reqt%3D1600349346286&eri=1&cookie=ID%3D3dbea847c283d219%3AT%3D1600349339%3AS%3DALNI_MYDh0yBkO6EZHTGwdkK8Gt30kGiZA&bc=31&abxe=1&lmt=1600349346&dt=1600349346289&dlt=1600349338352&idt=1014&frm=20&biw=1600&bih=1200&oid=3&adxs=315&adys=1102&adks=3873167905&ucis=1v&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,0000FF|color_text,,000000|color_url,,828282&ifi=68&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=106&icsg=3433718972678146&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=970x-1&msz=970x-1&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1551435357.1600349339&ga_sid=1600349339&ga_hid=1476984913&ga_wpids=UA-124345349-20&fws=512&ohw=0&btvi=0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

dec02506637d6dbed46c7235314d23bdbca5052c74f02f0262edc5b9d4bebf86

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:06 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 141
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 en_bl.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame F02A 2 KB
2 KB 6ms
6ms Image
image/png 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en_bl.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e1a3c83144fa5752c8668ca056742ec9e6d6dfe5cfb75a97a9e53d1150068f91

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 17 Sep 2020 02:38:27 GMT
x-content-type-options: nosniff
server: cafe
age: 39039
etag: 11660698925711390587
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2471
x-xss-protection: 0
expires: Fri, 18 Sep 2020 02:38:27 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame F02A 295 B
319 B 6ms
6ms Image
image/png 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 16 Sep 2020 21:26:58 GMT
x-content-type-options: nosniff
server: cafe
age: 57728
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Thu, 17 Sep 2020 21:26:58 GMT

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
77 B 23ms
23ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjkwNDE1IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1ib3gtMS0wXzIiLCJ0X2Vwb2NoIjoxNjAwMzQ5MzM2LCJhZF9wb3NpdGlvbiI6MTEwNywiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6Ik5MIiwicGFnZXZpZXdfaWQiOiJmNzIxOWM2ZC0wMzYzLTQ3YzYtN2NmMy0zYzA4MmY3MTYyMWEiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NTA3LCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX3NpemUiLCJ2YWwiOiJbMzAwLDI1MF0ifV19LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjkwNDE1IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1ib3gtMS0wXzIiLCJ0X2Vwb2NoIjoxNjAwMzQ5MzM2LCJhZF9wb3NpdGlvbiI6MTEwNywiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6Ik5MIiwicGFnZXZpZXdfaWQiOiJmNzIxOWM2ZC0wMzYzLTQ3YzYtN2NmMy0zYzA4MmY3MTYyMWEiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NTA3LCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX2ZsdWlkIiwidmFsIjoiZmFsc2UifV19XQ==
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:06 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:29:06 UTC

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 463 B
617 B 313ms
312ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=788064621681489&correlator=698778694155798&output=ldjh&impl=fif&adsid=NT&eid=21067118%2C21067408%2C21067482%2C21066706&vrg=2020091501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-large-billboard-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=5&prev_scp=iid8%3D713415%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C6%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D6%26at%3Dmbf%26adr%3D399%26ezosn%3D8%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1034%26compid%3D0%26tap%3Dsecurityonline_info-large-billboard-2-713415%26eb_br%3D527e52c10635ac8136a4c84094ee49a8%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D19%26bvm%3D0%26bvr%3D9%26shp%3D3%26br1%3D70%26br2%3D600%26ezoic%3D1%26nmau%3D4%26mau%3D2%26stl%3D32%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%2C17%2C20%2C17%2C19%2C20%26lb%3D160%26reqt%3D1600349346354&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1600349346&dt=1600349346356&dlt=1600349338352&idt=1014&frm=20&biw=1600&bih=1200&oid=3&adxs=1181&adys=2803&adks=1594893794&ucis=1w&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,858585|color_text,,000000|color_url,,F0F0F0&ifi=69&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=106&icsg=3433718972678146&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x271&msz=302x264&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1551435357.1600349339&ga_sid=1600349339&ga_hid=1476984913&ga_wpids=UA-124345349-20&fws=4&ohw=302&btvi=31&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

cfa4d715d627eed77ee66f6821c0d8712a80212971ebec8c910569bd411f6a13

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:06 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 249
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 59 KB
12 KB 473ms
472ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=788064621681489&correlator=1250309613497535&output=ldjh&impl=fif&adsid=NT&eid=21067118%2C21067408%2C21067482%2C21066706&vrg=2020091501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-medrectangle-3&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ris=1&rcs=7&prev_scp=iid8%3D714815%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1112%26sap%3D1112%26a%3D%257C2%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D8%26at%3Dbf%26adr%3D399%26ezosn%3D4%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D21%26al%3D1021%26compid%3D0%26tap%3Dsecurityonline_info-medrectangle-3-714815%26eb_br%3Dzero%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D1%26bvm%3D2%26bvr%3D6%26shp%3D1%26br1%3D0%26br2%3D800%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D39%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%2C20%2C17%2C18%2C19%2C20%26lb%3D280%26reqt%3D1600349346443%26ss38%3D1%26ss9%3D1&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1600349346&dt=1600349346445&dlt=1600349338352&idt=1014&frm=20&biw=1600&bih=1200&oid=3&adxs=140&adys=852&adks=2766934257&ucis=1x&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,37a5d7|color_text,,000000|color_url,,F0F0F0&ifi=70&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=106&icsg=3433718972678146&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=880x97&msz=880x90&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1551435357.1600349339&ga_sid=1600349339&ga_hid=1476984913&ga_wpids=UA-124345349-20&fws=0&ohw=0&btvi=0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

2c74b7d02ee88ee4dbc5ce723a3c32dcbbd42e7da2794dad585457c325dc25e6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:06 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12310
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 activeview
pagead2.googlesyndication.com/pcs/ Frame CB27 42 B
199 B 82ms
82ms Image
image/gif 2a00:1450:4001:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvW_S5PtvzUJ9GPxnoNcLC6wcQAJuDEYvDoFmU0a0CPo7yts4Ma40DlibDdKq80CNFiEb7ULPyPBu4ZC9t5B5_nbJ88T-jBmkv9c8i0JIwiBrH0uVsBBJv5wo6asw&sai=AMfl-YQo1uZhWuZUlhlQ3HqEcHNGO2U18zdMM9yVu9T2nJp_FV1g9HjmudUpw_LTY7pWsbNXM1O0H8RrU-D_TiuFCBO0mnSNRgrMtKOLYhsLGuIRa4MinZHNFhksMrsQ&sig=Cg0ArKJSzA9ayprkzKGfEAE&cid=CAASF-RoHwtoP4_1tpnljoxVgj8Hy_3jDKgO&id=ampim&o=1181,677&d=300,250&ss=1600,1200&bs=1600,1200&mcvt=1010&mtos=0,0,1010,1010,1010&tos=0,0,1010,0,0&tfs=161&tls=1171&g=100&h=100&tt=1172&r=v&avms=ampa&adk=3972398835

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:820::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Sep 2020 13:29:06 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
77 B 22ms
22ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjkwNDE1IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1ib3gtMS0wIiwidF9lcG9jaCI6MTYwMDM0OTMzNiwicmV2ZW51ZSI6MCwiZXN0X3JldmVudWUiOjAsImFkX3Bvc2l0aW9uIjoxMTA3LCJhZF9zaXplIjoiIiwiYmlkX2Zsb29yX2ZpbGxlZCI6MCwiYmlkX2Zsb29yX3ByZXYiOjAsInN0YXRfc291cmNlX2lkIjowLCJjb3VudHJ5X2NvZGUiOiJOTCIsInBhZ2V2aWV3X2lkIjoiZjcyMTljNmQtMDM2My00N2M2LTdjZjMtM2MwODJmNzE2MjFhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDUwNywiZGF0YSI6W3sibmFtZSI6InZpZXdlZCIsInZhbCI6IjEifV19XQ==
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:06 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:29:06 UTC

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 46 KB
12 KB 295ms
295ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=788064621681489&correlator=2073561499054452&output=ldjh&impl=fif&adsid=NT&eid=21067118%2C21067408%2C21067482%2C21066706&vrg=2020091501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-large-billboard-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=6&prev_scp=iid8%3D713415%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C5%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D7%26at%3Dmbf%26adr%3D399%26ezosn%3D7%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1034%26compid%3D0%26tap%3Dsecurityonline_info-large-billboard-2-713415%26eb_br%3Dbf9a045b836005b6c23b7b0749249612%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D19%26bvm%3D0%26bvr%3D9%26shp%3D3%26br1%3D26%26br2%3D600%26ezoic%3D1%26nmau%3D4%26mau%3D1%26stl%3D26%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%2C17%2C20%2C17%2C19%2C20%2C17%2C19%2C20%26lb%3D70%26reqt%3D1600349346503&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1600349346&dt=1600349346505&dlt=1600349338352&idt=1014&frm=20&biw=1600&bih=1200&oid=3&adxs=1181&adys=2530&adks=4008027628&ucis=1y&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,20929A|color_text,,000000|color_url,,F0F0F0&ifi=71&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=106&icsg=3433718972678146&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x271&msz=302x264&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1551435357.1600349339&ga_sid=1600349339&ga_hid=1476984913&ga_wpids=UA-124345349-20&fws=4&ohw=302&btvi=32&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

4e1f6c3ab12aefc129572486bd2b726fde5be23ae25f997ff76ad75b01bf8986

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:06 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11542
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
77 B 23ms
22ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjkwNDE1IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1ib3gtMS0wIiwidF9lcG9jaCI6MTYwMDM0OTMzNiwiYWRfcG9zaXRpb24iOjExMDcsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJOTCIsInBhZ2V2aWV3X2lkIjoiZjcyMTljNmQtMDM2My00N2M2LTdjZjMtM2MwODJmNzE2MjFhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDUwNywiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9zaXplIiwidmFsIjoiWzMwMCwyNTBdIn1dfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjY5MDQxNSIsImRvbWFpbl9pZCI6IjEyNDUzMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXNlY3VyaXR5b25saW5lX2luZm8tYm94LTEtMCIsInRfZXBvY2giOjE2MDAzNDkzMzYsImFkX3Bvc2l0aW9uIjoxMTA3LCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiTkwiLCJwYWdldmlld19pZCI6ImY3MjE5YzZkLTAzNjMtNDdjNi03Y2YzLTNjMDgyZjcxNjIxYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1MDcsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfZmx1aWQiLCJ2YWwiOiJmYWxzZSJ9XX1d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:06 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:29:06 UTC

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
77 B 23ms
23ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjkwNDE1IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1ib3gtMS0wXzEiLCJ0X2Vwb2NoIjoxNjAwMzQ5MzM2LCJhZF9wb3NpdGlvbiI6MTEwNywiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6Ik5MIiwicGFnZXZpZXdfaWQiOiJmNzIxOWM2ZC0wMzYzLTQ3YzYtN2NmMy0zYzA4MmY3MTYyMWEiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NTA3LCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX3NpemUiLCJ2YWwiOiJbMzAwLDI1MF0ifV19LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjkwNDE1IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1ib3gtMS0wXzEiLCJ0X2Vwb2NoIjoxNjAwMzQ5MzM2LCJhZF9wb3NpdGlvbiI6MTEwNywiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6Ik5MIiwicGFnZXZpZXdfaWQiOiJmNzIxOWM2ZC0wMzYzLTQ3YzYtN2NmMy0zYzA4MmY3MTYyMWEiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NTA3LCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX2ZsdWlkIiwidmFsIjoiZmFsc2UifV19XQ==
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:06 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:29:06 UTC

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 439 B
418 B 410ms
409ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=788064621681489&correlator=3002258797875112&output=ldjh&impl=fif&adsid=NT&eid=21067118%2C21067408%2C21067482%2C21066706&vrg=2020091501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-large-billboard-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=5&prev_scp=iid8%3D713415%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C1%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D6%26at%3Dmbf%26adr%3D399%26ezosn%3D6%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1034%26compid%3D0%26tap%3Dsecurityonline_info-large-billboard-2-713415%26eb_br%3D527e52c10635ac8136a4c84094ee49a8%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D19%26bvm%3D0%26bvr%3D9%26shp%3D3%26br1%3D70%26br2%3D600%26ezoic%3D1%26nmau%3D4%26mau%3D0%26stl%3D27%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%2C17%2C20%2C17%2C19%2C20%26lb%3D160%26reqt%3D1600349346653&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1600349346&dt=1600349346659&dlt=1600349338352&idt=1014&frm=20&biw=1600&bih=1200&oid=3&adxs=1181&adys=2257&adks=3088204122&ucis=1z&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,1a0dab|color_text,,545454|color_url,,006621&ifi=72&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=106&icsg=3433718972678146&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x271&msz=302x264&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1551435357.1600349339&ga_sid=1600349339&ga_hid=1476984913&ga_wpids=UA-124345349-20&fws=4&ohw=302&btvi=33&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

c0fc35e5c33552eab8841c7714d0ff73ff4fed028b680829317be15b6ce0e856

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:07 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 227
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 58 KB
12 KB 401ms
400ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=788064621681489&correlator=3119983364160388&output=ldjh&impl=fif&adsid=NT&eid=21067118%2C21067408%2C21067482%2C21066706&vrg=2020091501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-leader-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ris=1&rcs=8&prev_scp=iid8%3D707965%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1103%26sap%3D1103%26a%3D%257C5%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D9%26at%3Dbf%26adr%3D399%26ezosn%3D11%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D37%26al%3D1037%26compid%3D0%26tap%3Dsecurityonline_info-leader-1-707965%26eb_br%3Dzero%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D0%26bvm%3D2%26bvr%3D7%26shp%3D1%26br1%3D0%26br2%3D450%26ezoic%3D1%26nmau%3D0%26mau%3D0%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%2C20%2C20%2C17%2C20%2C17%2C20%2C17%2C18%2C19%2C20%26lb%3D120%26reqt%3D1600349346753%26ss38%3D1%26ss9%3D1&eri=1&cookie=ID%3Df5d80283ec271d0b-229e6d35ddb80027%3AT%3D1600349346%3AS%3DALNI_MYFdXCJ4shpA0kVR7z0nIvTrUI9VA&bc=31&abxe=1&lmt=1600349346&dt=1600349346756&dlt=1600349338352&idt=1014&frm=20&biw=1600&bih=1200&oid=3&adxs=140&adys=1087&adks=4103646004&ucis=20&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,20929A|color_text,,000000|color_url,,F0F0F0&ifi=73&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=106&icsg=3433718972678146&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=880x97&msz=880x90&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1551435357.1600349339&ga_sid=1600349339&ga_hid=1476984913&ga_wpids=UA-124345349-20&fws=0&ohw=0&btvi=0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

8a60240102743d6929a9f4ca4bd16816c6687860b4357d55262c6c4241710595

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:07 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12174
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 455 B
408 B 369ms
368ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=788064621681489&correlator=3837101078908831&output=ldjh&impl=fif&adsid=NT&eid=21067118%2C21067408%2C21067482%2C21066706&vrg=2020091501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-large-billboard-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=5&prev_scp=iid8%3D713415%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C3%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D6%26at%3Dmbf%26adr%3D399%26ezosn%3D9%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1034%26compid%3D0%26tap%3Dsecurityonline_info-large-billboard-2-713415%26eb_br%3D527e52c10635ac8136a4c84094ee49a8%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D19%26bvm%3D0%26bvr%3D9%26shp%3D3%26br1%3D70%26br2%3D600%26ezoic%3D1%26nmau%3D4%26mau%3D3%26stl%3D23%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%2C17%2C20%2C17%2C19%2C20%26lb%3D160%26reqt%3D1600349346786&eri=1&cookie=ID%3Df5d80283ec271d0b-229e6d35ddb80027%3AT%3D1600349346%3AS%3DALNI_MYFdXCJ4shpA0kVR7z0nIvTrUI9VA&bc=31&abxe=1&lmt=1600349346&dt=1600349346789&dlt=1600349338352&idt=1014&frm=20&biw=1600&bih=1200&oid=3&adxs=1181&adys=3076&adks=3075149205&ucis=21&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,0000FF|color_text,,000000|color_url,,828282&ifi=74&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=106&icsg=3433718972678146&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x271&msz=302x264&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1551435357.1600349339&ga_sid=1600349339&ga_hid=1476984913&ga_wpids=UA-124345349-20&fws=4&ohw=302&btvi=34&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

452065dd023a7f0c1321960709f17d746c278e596e76b96b969dec20d4c3cee7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:07 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 239
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 42 KB
10 KB 415ms
414ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=788064621681489&correlator=4331000956064178&output=ldjh&impl=fif&adsid=NT&eid=21067118%2C21067408%2C21067482%2C21066706&vrg=2020091501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-medrectangle-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=970x90&ris=1&rcs=4&prev_scp=iid7%3D686265%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1100%26sap%3D1100%26a%3D%257C3%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D5%26at%3Dmbf%26adr%3D399%26ezosn%3D10%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D5%26al%3D1005%26compid%3D0%26tap%3Dsecurityonline_info-medrectangle-2-686265%26eb_br%3Dfe5b0c99ab7ba15f050582be1301303f%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D15%26bvm%3D0%26bvr%3D5%26shp%3D1%26br1%3D46%26br2%3D750%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D64%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%2C17%2C19%2C20%26lb%3D180%26reqt%3D1600349346803&eri=1&cookie=ID%3Df5d80283ec271d0b-229e6d35ddb80027%3AT%3D1600349346%3AS%3DALNI_MYFdXCJ4shpA0kVR7z0nIvTrUI9VA&bc=31&abxe=1&lmt=1600349346&dt=1600349346807&dlt=1600349338352&idt=1014&frm=20&biw=1600&bih=1200&oid=3&adxs=315&adys=1102&adks=3873167905&ucis=22&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,0000FF|color_text,,000000|color_url,,828282&ifi=75&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=106&icsg=3433718972678146&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=970x-1&msz=970x-1&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1551435357.1600349339&ga_sid=1600349339&ga_hid=1476984913&ga_wpids=UA-124345349-20&fws=512&ohw=0&btvi=0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

353fe13b41f92c16b070e51b7aa70327566a360f276544008c6a8ef1cdf8156d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:07 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10658
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 46 KB
11 KB 325ms
325ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=788064621681489&correlator=2116527376390133&output=ldjh&impl=fif&adsid=NT&eid=21067118%2C21067408%2C21067482%2C21066706&vrg=2020091501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-large-billboard-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=6&prev_scp=iid8%3D713415%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C6%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D7%26at%3Dmbf%26adr%3D399%26ezosn%3D8%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1034%26compid%3D0%26tap%3Dsecurityonline_info-large-billboard-2-713415%26eb_br%3Dbf9a045b836005b6c23b7b0749249612%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D19%26bvm%3D0%26bvr%3D9%26shp%3D3%26br1%3D26%26br2%3D600%26ezoic%3D1%26nmau%3D4%26mau%3D2%26stl%3D32%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%2C17%2C20%2C17%2C19%2C20%2C17%2C19%2C20%26lb%3D70%26reqt%3D1600349346873&eri=1&cookie=ID%3D91f6c66d2e3f93d0%3AT%3D1600349346%3AS%3DALNI_MbJcK5XxpmWz2AJdtr9ef5xwuUKEg&bc=31&abxe=1&lmt=1600349346&dt=1600349346875&dlt=1600349338352&idt=1014&frm=20&biw=1600&bih=1200&oid=3&adxs=1181&adys=2803&adks=1594893794&ucis=23&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,858585|color_text,,000000|color_url,,F0F0F0&ifi=76&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=105&icsg=3433718972678146&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x271&msz=302x264&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1551435357.1600349339&ga_sid=1600349339&ga_hid=1476984913&ga_wpids=UA-124345349-20&fws=4&ohw=302&btvi=35&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

6c87e2b95b7702afe00d1f4b750ea4cc71a658dd330388230e17580c2f89b548

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:07 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11616
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/012009010507000/ Frame 2B9A 206 KB
56 KB 18ms
14ms Script
text/javascript 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

12a24c1feb4b8e8e3872a9fedee80fcce55a6f59b14607d640fcf4f3054ec43e

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 17143
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 57296
x-xss-protection: 0
server: sffe
date: Thu, 17 Sep 2020 08:43:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "9e379dcbf00ec980"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 17 Sep 2021 08:43:23 GMT

GET
H2 200 amp-ad-exit-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame 2B9A 16 KB
6 KB 17ms
13ms Script
text/javascript 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-ad-exit-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d337aa4ea0cace6bd743ef8c3b5d1d20e6e676bb4a650c7335a7383635529f31

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 109117
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5755
x-xss-protection: 0
server: sffe
date: Wed, 16 Sep 2020 07:10:29 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "c8394c73e5080432"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Sep 2021 07:10:29 GMT

GET
H2 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame 2B9A 95 KB
29 KB 14ms
11ms Script
text/javascript 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-analytics-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

76a8c8ef4cde9cbd17bbaecf11ee316fab4e55cc661093e4b2d80a4e1ff52897

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 17194
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29275
x-xss-protection: 0
server: sffe
date: Thu, 17 Sep 2020 08:42:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "56557b91d9fb04b1"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 17 Sep 2021 08:42:32 GMT

GET
H2 200 amp-fit-text-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame 2B9A 4 KB
2 KB 13ms
10ms Script
text/javascript 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-fit-text-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6fca0b40781598023aed9b45225711771eafce8f14392a49d6ed57d567255002

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 109039
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1795
x-xss-protection: 0
server: sffe
date: Wed, 16 Sep 2020 07:11:47 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "b0cc102b09e8903d"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Sep 2021 07:11:47 GMT

GET
H2 200 amp-form-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame 2B9A 47 KB
14 KB 12ms
9ms Script
text/javascript 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-form-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

21cb9221d772cfd0d3de7240fe5c07ee1c06b9bd945111a2e0491ae243eb0b41

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 109026
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14591
x-xss-protection: 0
server: sffe
date: Wed, 16 Sep 2020 07:12:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "4ca25f57e218a94a"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Sep 2021 07:12:00 GMT

GET
H3-Q050 200 css
fonts.googleapis.com/ Frame 2B9A 4 KB
647 B 21ms
19ms Stylesheet
text/css 2a00:1450:4001:802::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

02fec5849f8ab7bceb4450d167f382e9079bd3a5d0f33a00942869641811ab3a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 17 Sep 2020 13:04:58 GMT
server: ESF
date: Thu, 17 Sep 2020 13:29:06 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 17 Sep 2020 13:29:06 GMT

GET
H2 200 en_bl.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 2B9A 2 KB
3 KB 8ms
5ms Image
image/png 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en_bl.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e1a3c83144fa5752c8668ca056742ec9e6d6dfe5cfb75a97a9e53d1150068f91

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 17 Sep 2020 02:38:27 GMT
x-content-type-options: nosniff
server: cafe
age: 39039
etag: 11660698925711390587
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2471
x-xss-protection: 0
expires: Fri, 18 Sep 2020 02:38:27 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 2B9A 295 B
357 B 10ms
8ms Image
image/png 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 16 Sep 2020 21:26:58 GMT
x-content-type-options: nosniff
server: cafe
age: 57728
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Thu, 17 Sep 2020 21:26:58 GMT

GET
H2 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/3989172337753532392/ Frame 2B9A 7 KB
7 KB 10ms
9ms Image
image/png 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/3989172337753532392/downsize_200k_v1

Requested by

Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

467397d7d0cc1d9c5cb7a7ac1d437892d249401aee1add6da9022c8389f09bf8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 14 Sep 2020 09:13:49 GMT
x-content-type-options: nosniff
age: 274517
x-dns-prefetch-control: off
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6760
x-xss-protection: 0
last-modified: Mon, 14 Oct 2019 22:42:35 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 14 Sep 2021 09:13:49 GMT

GET
DATA 200
OK truncated
/ Frame 2B9A 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4ffabefad58adff43cd14143ab87a3e156c7ee80d5e90bbec63bac7539cbfe22

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 204 l
www.google.com/ads/measurement/ Frame 2B9A 0
0 14ms
13ms Image
text/html 2a00:1450:4001:825::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaS7EFTd81PKibZGfipgWFVs_vjrHVICJBx6lmOLn35BJNHVdGcqyHxg5K7bZBye35MAVz2ohFxUS7yVkQbkFHeN8ZiJYA
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:825::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 2B9A 0
0 60ms
59ms Image
text/html 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CKC25omRjX5nIHoqG-gbm8I7IB-_mnYZfzN2RoosL-4fqwuMYEAEg9PnGJWCRhJOF_BegAf_bisgDyAEB4AIAqAMBqgS2Ak_QMhsM3R1HtX8cpWxEktHEHn2wC0OCRUpcn0K-NdCeQ06Wqh5PTheTNIMF-rKQWrHH2kns8xBdNZxpK7SfCf0PZcacdo161ck87wD1rqqT42lN1nJMwe-KxtuvLep9kjTUyrcG20EaQdc4IKeIcDJF9oHWC7UqHwyazNNk9QdKzwcKxYkMJOeMnGErsh7UvltN8e37NlDAaky12KD_C-K1MSMOR5Ana-R2cmEQ4tn8OS7oitrkwMwnTgHy3v67OzZ0M_ONTGbSiHODbspz2Q7tcdwZuDsxK7DkZEgXyAuggukaZ3jeL8Dg8L54BXNBT_C7t8N2G-8gLfUqQAjbA6Sd0lFuPGLuJoYiM-Y7Ug21rhMKGih-_gDL4ot_z7-yGuvOtPkr93Jsv-cBEGAX3z6YY2Q1v_rABJK6_dbnAuAEAZIFBAgEGAGSBQQIBRgEkgUECAUYGJIFBQgFGKgBgAeG85wJqAeOzhuoB9XJG6gHk9gbqAe6BqgH8NkbqAfy2RuoB6a-G6gH7NUb2AcB8gcEEPagH9IICQiA4YAQEAEYHfIIG2FkeC1zdWJzeW4tNDc3NjA2MzE1ODI0MjU4OIAKA8gLAbIMFHB1Yi02Mzk2ODQ0NzQyNDk3MjA42BMMmBYB&sigh=oTz7x2bI_rM&template_id=5001&tpd=AGWhJmtD9YPYDc6RQDp68i8PaEpraES1buHysWU5pVaWoNQ1Bw
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 172.217.23.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s18-in-f130.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H2 200 71614394 Show response
g.ezoic.net/dac/ 0
17 B 38ms
26ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezoic.net/dac/71614394
Requested by: Host: securityonline.info
URL: https://securityonline.info/porpoiseant/banger.js?cb=191-2&bv=86&v=35&PageSpeed=off
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:06 GMT
server: nginx/1.16.0
status: 200
vary: Accept-Encoding
content-type: text/plain
access-control-allow-origin: *
cache-control: max-age=3600, public
content-length: 0

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
100 B 36ms
23ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzE0ODE1IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1tZWRyZWN0YW5nbGUtMy0wIiwidF9lcG9jaCI6MTYwMDM0OTMzNiwiYWRfcG9zaXRpb24iOjExMTIsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJOTCIsInBhZ2V2aWV3X2lkIjoiZjcyMTljNmQtMDM2My00N2M2LTdjZjMtM2MwODJmNzE2MjFhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo3MTYxNDM5NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDgyNSwiZGF0YSI6W3sibmFtZSI6InJlZnJlc2hfY291bnQiLCJ2YWwiOiI4In1dfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjcxNDgxNSIsImRvbWFpbl9pZCI6IjEyNDUzMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXNlY3VyaXR5b25saW5lX2luZm8tbWVkcmVjdGFuZ2xlLTMtMCIsInRfZXBvY2giOjE2MDAzNDkzMzYsImFkX3Bvc2l0aW9uIjoxMTEyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiTkwiLCJwYWdldmlld19pZCI6ImY3MjE5YzZkLTAzNjMtNDdjNi03Y2YzLTNjMDgyZjcxNjIxYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NzE2MTQzOTQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ4MjUsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfYmlkX2hhc2giLCJ2YWwiOiJ6ZXJvIn1dfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjcxNDgxNSIsImRvbWFpbl9pZCI6IjEyNDUzMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXNlY3VyaXR5b25saW5lX2luZm8tbWVkcmVjdGFuZ2xlLTMtMCIsInRfZXBvY2giOjE2MDAzNDkzMzYsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLjAwMDAwMiwiYWRfcG9zaXRpb24iOjExMTIsImFkX3NpemUiOiIiLCJiaWRfZmxvb3JfZmlsbGVkIjowLjAwMDAwMiwiYmlkX2Zsb29yX3ByZXYiOjAuMDAyOCwic3RhdF9zb3VyY2VfaWQiOjM1LCJjb3VudHJ5X2NvZGUiOiJOTCIsInBhZ2V2aWV3X2lkIjoiZjcyMTljNmQtMDM2My00N2M2LTdjZjMtM2MwODJmNzE2MjFhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo3MTYxNDM5NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDgyNSwiZGF0YSI6W3sibmFtZSI6ImxvYWRlZCIsInZhbCI6IjEifV19LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzE0ODE1IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1tZWRyZWN0YW5nbGUtMy0wIiwidF9lcG9jaCI6MTYwMDM0OTMzNiwiYWRfcG9zaXRpb24iOjExMTIsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJOTCIsInBhZ2V2aWV3X2lkIjoiZjcyMTljNmQtMDM2My00N2M2LTdjZjMtM2MwODJmNzE2MjFhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo3MTYxNDM5NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDgyNSwiZGF0YSI6W3sibmFtZSI6ImNyZWF0aXZlX2lkIiwidmFsIjoiMTM4MzEwMDM0ODI1In1dfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjcxNDgxNSIsImRvbWFpbl9pZCI6IjEyNDUzMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXNlY3VyaXR5b25saW5lX2luZm8tbWVkcmVjdGFuZ2xlLTMtMCIsInRfZXBvY2giOjE2MDAzNDkzMzYsImFkX3Bvc2l0aW9uIjoxMTEyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiTkwiLCJwYWdldmlld19pZCI6ImY3MjE5YzZkLTAzNjMtNDdjNi03Y2YzLTNjMDgyZjcxNjIxYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NzE2MTQzOTQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ4MjUsImRhdGEiOlt7Im5hbWUiOiJsaW5laXRlbV9pZCIsInZhbCI6IjcxNjE0Mzk0In1dfV0=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:06 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:29:07 UTC

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
77 B 36ms
24ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzE0ODE1IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1tZWRyZWN0YW5nbGUtMy0wIiwidF9lcG9jaCI6MTYwMDM0OTMzNiwiYWRfcG9zaXRpb24iOjExMTIsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJOTCIsInBhZ2V2aWV3X2lkIjoiZjcyMTljNmQtMDM2My00N2M2LTdjZjMtM2MwODJmNzE2MjFhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo3MTYxNDM5NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDgyNSwiZGF0YSI6W3sibmFtZSI6InRfbG9jYWxfZGF0ZSIsInZhbCI6IjIwMjAtMDktMTcifSx7Im5hbWUiOiJ0X2xvY2FsX2hvdXIiLCJ2YWwiOiIxNSJ9LHsibmFtZSI6InRfbG9jYWxfZGF5X29mX3dlZWsiLCJ2YWwiOiI0In0seyJuYW1lIjoidF9sb2NhbF90aW1lem9uZSIsInZhbCI6Ii0xMjAifV19XQ==
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:06 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:29:06 UTC

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
77 B 34ms
22ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiNzE0ODE1IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1tZWRyZWN0YW5nbGUtMy0wIiwidF9lcG9jaCI6MTYwMDM0OTMzNiwiYXVjdGlvbl9lcG9jaCI6MTYwMDM0OTM0NywiYWRfcG9zaXRpb24iOjExMTIsImNvdW50cnlfY29kZSI6Ik5MIiwicGFnZXZpZXdfaWQiOiJmNzIxOWM2ZC0wMzYzLTQ3YzYtN2NmMy0zYzA4MmY3MTYyMWEiLCJiaWRfZmxvb3JfaW5pdGlhbCI6MTYwMCwiYmlkX2Zsb29yX3ByZXYiOjI4MCwiYmlkX2Zsb29yX2ZpbGxlZCI6MCwiYXVjdGlvbl9jb3VudCI6OCwicmVmcmVzaF9hZF9jb3VudCI6MCwiYXVjdGlvbl9kdXJhdGlvbiI6NDkxLCJtdWx0aV9hZF91bml0IjowLCJtdWx0aV9hZF9jb3VudCI6MCwiZGF0YSI6W3sibmFtZSI6IiIsInZhbCI6IiJ9XX1d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:06 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:29:06 UTC

GET
H3-Q050 200 4UabrENHsxJlGDuGo1OIlLU94YtzCwZsPF4o.woff2
fonts.gstatic.com/s/googlesans/v16/ Frame 2B9A 14 KB
14 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v16/4UabrENHsxJlGDuGo1OIlLU94YtzCwZsPF4o.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1daab0f66666bc3a1d05d70de979a80680d985cc924e233fab61eef2d03bafe2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://securityonline.info
Referer: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 14 Sep 2020 11:04:14 GMT
x-content-type-options: nosniff
last-modified: Wed, 04 Dec 2019 18:44:18 GMT
server: sffe
age: 267892
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14816
x-xss-protection: 0
expires: Tue, 14 Sep 2021 11:04:14 GMT

GET
H3-Q050 200 4UaGrENHsxJlGDuGo1OIlL3Owp5eKQtG.woff2
fonts.gstatic.com/s/googlesans/v16/ Frame 2B9A 14 KB
14 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v16/4UaGrENHsxJlGDuGo1OIlL3Owp5eKQtG.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f199a20f1fee7dec152b3591272f9715b536ed88b4c36194488fd5a734caf707

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://securityonline.info
Referer: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 14 Sep 2020 11:04:23 GMT
x-content-type-options: nosniff
last-modified: Wed, 04 Dec 2019 18:44:26 GMT
server: sffe
age: 267883
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14608
x-xss-protection: 0
expires: Tue, 14 Sep 2021 11:04:23 GMT

GET
H2

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 2B9A
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
0

14ms
14ms

Image
text/html

2a00:1450:4001:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:820::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Redirect headers

date: Thu, 17 Sep 2020 13:29:07 GMT
x-content-type-options: nosniff
server: safe
status: 302
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 246
x-xss-protection: 0

GET
H3-Q050 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/012009010507000/ Frame F078 206 KB
56 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

12a24c1feb4b8e8e3872a9fedee80fcce55a6f59b14607d640fcf4f3054ec43e

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 17144
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 57296
x-xss-protection: 0
server: sffe
date: Thu, 17 Sep 2020 08:43:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "9e379dcbf00ec980"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 17 Sep 2021 08:43:23 GMT

GET
H3-Q050 200 amp-ad-exit-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame F078 16 KB
6 KB 14ms
9ms Script
text/javascript 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-ad-exit-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d337aa4ea0cace6bd743ef8c3b5d1d20e6e676bb4a650c7335a7383635529f31

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 109118
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5755
x-xss-protection: 0
server: sffe
date: Wed, 16 Sep 2020 07:10:29 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "c8394c73e5080432"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Sep 2021 07:10:29 GMT

GET
H3-Q050 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame F078 95 KB
29 KB 14ms
9ms Script
text/javascript 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-analytics-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

76a8c8ef4cde9cbd17bbaecf11ee316fab4e55cc661093e4b2d80a4e1ff52897

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 17195
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29275
x-xss-protection: 0
server: sffe
date: Thu, 17 Sep 2020 08:42:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "56557b91d9fb04b1"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 17 Sep 2021 08:42:32 GMT

GET
H3-Q050 200 amp-fit-text-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame F078 4 KB
2 KB 15ms
10ms Script
text/javascript 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-fit-text-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6fca0b40781598023aed9b45225711771eafce8f14392a49d6ed57d567255002

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 109040
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1795
x-xss-protection: 0
server: sffe
date: Wed, 16 Sep 2020 07:11:47 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "b0cc102b09e8903d"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Sep 2021 07:11:47 GMT

GET
H3-Q050 200 amp-form-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame F078 47 KB
14 KB 16ms
11ms Script
text/javascript 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-form-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

21cb9221d772cfd0d3de7240fe5c07ee1c06b9bd945111a2e0491ae243eb0b41

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 109027
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14591
x-xss-protection: 0
server: sffe
date: Wed, 16 Sep 2020 07:12:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "4ca25f57e218a94a"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Sep 2021 07:12:00 GMT

GET
H3-Q050 200 css
fonts.googleapis.com/ Frame F078 4 KB
705 B 20ms
16ms Stylesheet
text/css 2a00:1450:4001:802::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500&display=optional

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

6d573851cf7e01f2f62cc1da7f3961e45baac2e6776f8e9cab16ba120233d721

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 17 Sep 2020 13:08:50 GMT
server: ESF
date: Thu, 17 Sep 2020 13:29:07 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 17 Sep 2020 13:29:07 GMT

GET
H3-Q050 200 en_bl.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame F078 2 KB
2 KB 13ms
9ms Image
image/png 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en_bl.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e1a3c83144fa5752c8668ca056742ec9e6d6dfe5cfb75a97a9e53d1150068f91

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 17 Sep 2020 02:38:27 GMT
x-content-type-options: nosniff
server: cafe
age: 39040
etag: 11660698925711390587
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2471
x-xss-protection: 0
expires: Fri, 18 Sep 2020 02:38:27 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame F078 295 B
324 B 12ms
10ms Image
image/png 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 16 Sep 2020 21:26:58 GMT
x-content-type-options: nosniff
server: cafe
age: 57729
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Thu, 17 Sep 2020 21:26:58 GMT

GET
H3-Q050 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/3989172337753532392/ Frame F078 7 KB
7 KB 13ms
11ms Image
image/png 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/3989172337753532392/downsize_200k_v1

Requested by

Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

467397d7d0cc1d9c5cb7a7ac1d437892d249401aee1add6da9022c8389f09bf8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 14 Sep 2020 09:13:49 GMT
x-content-type-options: nosniff
age: 274518
x-dns-prefetch-control: off
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6760
x-xss-protection: 0
last-modified: Mon, 14 Oct 2019 22:42:35 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 14 Sep 2021 09:13:49 GMT

GET
DATA 200
OK truncated
/ Frame F078 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1e8de407932344589affb86d254babdf37fae1b9ee588b4fb66b07415edd9bc1

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame F078 0
0 71ms
58ms Image
text/html 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=Cz4AUomRjX67vMa2Q-gbOm6voAe_mnYZfzN2RoosL-4fqwuMYEAEg9PnGJWCRhJOF_BegAf_bisgDyAEB4AIAqAMBqgS1Ak_QL0vi6-kou88nUcosV9KXiHHd_hwYL5nNujr684fmWn83h-pXuksYr5NwTgtHNwNtuR8wSIkyJR3HgywpT25Ix0UucBQUAtpipw6awZVhhFdl2WpDF-X16rwmNdZEzun8UmQYFeRWJnOd9h81uGolcSAo4fAGJnJgFE-DpTtoqJvyN0f3LplykZpB0BhFxc6TgEKEHtYMjzgDtLBn0AzG_snpHF5PtJ7bGeGs4-JhlbAUrOQ2xA4XB-7cqT72Ck3LjuO3KfNOaRyMlJLC3ySgkajQS5vS82GiDsShRZB7_Gs2sCQbIXS0HR6qSmSrNj7qj640jjqNlPhHrR-MpoL1hJybA8QkOgjVD3eE8AFI53IZXQgRh11P1Ig4zgLXxcd9gado5sWbR9F8jvcvjrCMp57vXsAEkrr91ucC4AQBkgUECAQYAZIFBAgFGASSBQQIBRgYkgUFCAUYqAGAB4bznAmoB47OG6gH1ckbqAeT2BuoB7oGqAfw2RuoB_LZG6gHpr4bqAfs1RvYBwHyBwQQsqEQ0ggJCIDhgBAQARgd8ggbYWR4LXN1YnN5bi00Nzc2MDYzMTU4MjQyNTg4gAoDyAsBsgwUcHViLTYzOTY4NDQ3NDI0OTcyMDjYEwyYFgE&sigh=uv7ig9vvBfQ&template_id=5001&tpd=AGWhJmti5yV8G_B7PJ4Mf4-rPpHeclcMGewC1BN4qrcp1LxTDQ
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 172.217.23.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s18-in-f130.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 331 B
347 B 269ms
268ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=788064621681489&correlator=207087861657157&output=ldjh&impl=fif&adsid=NT&eid=21067118%2C21067408%2C21067482%2C21066706&vrg=2020091501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-large-billboard-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=6&prev_scp=iid8%3D713415%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C1%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D7%26at%3Dmbf%26adr%3D399%26ezosn%3D6%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1034%26compid%3D0%26tap%3Dsecurityonline_info-large-billboard-2-713415%26eb_br%3Dbf9a045b836005b6c23b7b0749249612%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D19%26bvm%3D0%26bvr%3D9%26shp%3D3%26br1%3D26%26br2%3D600%26ezoic%3D1%26nmau%3D4%26mau%3D0%26stl%3D27%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%2C17%2C20%2C17%2C19%2C20%2C17%2C19%2C20%26lb%3D70%26reqt%3D1600349347193&eri=1&cookie=ID%3Df5d80283ec271d0b%3AT%3D1600349346%3AS%3DALNI_MYqxudynQ1sw9N4w4GKox1PS_bYDw&bc=31&abxe=1&lmt=1600349347&dt=1600349347225&dlt=1600349338352&idt=1014&frm=20&biw=1600&bih=1200&oid=3&adxs=1181&adys=2257&adks=3088204122&ucis=24&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,1a0dab|color_text,,545454|color_url,,006621&ifi=77&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=103&icsg=3433718972678146&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x271&msz=302x264&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1551435357.1600349339&ga_sid=1600349339&ga_hid=1476984913&ga_wpids=UA-124345349-20&fws=4&ohw=302&btvi=36&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

866c1297c7c366313aaacd08b2a14e52b6449ac8617274fef52b2cf05926bc0b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:07 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 137
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 71614394 Show response
g.ezoic.net/dac/ 0
40 B 51ms
25ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezoic.net/dac/71614394
Requested by: Host: securityonline.info
URL: https://securityonline.info/porpoiseant/banger.js?cb=191-2&bv=86&v=35&PageSpeed=off
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:07 GMT
server: nginx/1.16.0
status: 200
vary: Accept-Encoding
content-type: text/plain
access-control-allow-origin: *
cache-control: max-age=3600, public
content-length: 0

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
77 B 50ms
23ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzA3OTY1IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1sZWFkZXItMS0wIiwidF9lcG9jaCI6MTYwMDM0OTMzNiwiYWRfcG9zaXRpb24iOjExMDMsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJOTCIsInBhZ2V2aWV3X2lkIjoiZjcyMTljNmQtMDM2My00N2M2LTdjZjMtM2MwODJmNzE2MjFhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo3MTYxNDM5NCwiY3JlYXRpdmVfaWQiOjEzODMxMDA0MzgyMywiZGF0YSI6W3sibmFtZSI6InJlZnJlc2hfY291bnQiLCJ2YWwiOiI5In1dfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjcwNzk2NSIsImRvbWFpbl9pZCI6IjEyNDUzMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXNlY3VyaXR5b25saW5lX2luZm8tbGVhZGVyLTEtMCIsInRfZXBvY2giOjE2MDAzNDkzMzYsImFkX3Bvc2l0aW9uIjoxMTAzLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiTkwiLCJwYWdldmlld19pZCI6ImY3MjE5YzZkLTAzNjMtNDdjNi03Y2YzLTNjMDgyZjcxNjIxYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NzE2MTQzOTQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM4MjMsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfYmlkX2hhc2giLCJ2YWwiOiJ6ZXJvIn1dfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjcwNzk2NSIsImRvbWFpbl9pZCI6IjEyNDUzMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXNlY3VyaXR5b25saW5lX2luZm8tbGVhZGVyLTEtMCIsInRfZXBvY2giOjE2MDAzNDkzMzYsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLjAwMDAwMiwiYWRfcG9zaXRpb24iOjExMDMsImFkX3NpemUiOiIiLCJiaWRfZmxvb3JfZmlsbGVkIjowLjAwMDAwMiwiYmlkX2Zsb29yX3ByZXYiOjAuMDAxMiwic3RhdF9zb3VyY2VfaWQiOjM1LCJjb3VudHJ5X2NvZGUiOiJOTCIsInBhZ2V2aWV3X2lkIjoiZjcyMTljNmQtMDM2My00N2M2LTdjZjMtM2MwODJmNzE2MjFhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo3MTYxNDM5NCwiY3JlYXRpdmVfaWQiOjEzODMxMDA0MzgyMywiZGF0YSI6W3sibmFtZSI6ImxvYWRlZCIsInZhbCI6IjEifV19LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzA3OTY1IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1sZWFkZXItMS0wIiwidF9lcG9jaCI6MTYwMDM0OTMzNiwiYWRfcG9zaXRpb24iOjExMDMsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJOTCIsInBhZ2V2aWV3X2lkIjoiZjcyMTljNmQtMDM2My00N2M2LTdjZjMtM2MwODJmNzE2MjFhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo3MTYxNDM5NCwiY3JlYXRpdmVfaWQiOjEzODMxMDA0MzgyMywiZGF0YSI6W3sibmFtZSI6ImNyZWF0aXZlX2lkIiwidmFsIjoiMTM4MzEwMDQzODIzIn1dfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjcwNzk2NSIsImRvbWFpbl9pZCI6IjEyNDUzMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXNlY3VyaXR5b25saW5lX2luZm8tbGVhZGVyLTEtMCIsInRfZXBvY2giOjE2MDAzNDkzMzYsImFkX3Bvc2l0aW9uIjoxMTAzLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiTkwiLCJwYWdldmlld19pZCI6ImY3MjE5YzZkLTAzNjMtNDdjNi03Y2YzLTNjMDgyZjcxNjIxYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NzE2MTQzOTQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM4MjMsImRhdGEiOlt7Im5hbWUiOiJsaW5laXRlbV9pZCIsInZhbCI6IjcxNjE0Mzk0In1dfV0=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:07 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:29:06 UTC

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
100 B 48ms
22ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzA3OTY1IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1sZWFkZXItMS0wIiwidF9lcG9jaCI6MTYwMDM0OTMzNiwiYWRfcG9zaXRpb24iOjExMDMsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJOTCIsInBhZ2V2aWV3X2lkIjoiZjcyMTljNmQtMDM2My00N2M2LTdjZjMtM2MwODJmNzE2MjFhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo3MTYxNDM5NCwiY3JlYXRpdmVfaWQiOjEzODMxMDA0MzgyMywiZGF0YSI6W3sibmFtZSI6InRfbG9jYWxfZGF0ZSIsInZhbCI6IjIwMjAtMDktMTcifSx7Im5hbWUiOiJ0X2xvY2FsX2hvdXIiLCJ2YWwiOiIxNSJ9LHsibmFtZSI6InRfbG9jYWxfZGF5X29mX3dlZWsiLCJ2YWwiOiI0In0seyJuYW1lIjoidF9sb2NhbF90aW1lem9uZSIsInZhbCI6Ii0xMjAifV19XQ==
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:07 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:29:07 UTC

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
77 B 27ms
22ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiNzA3OTY1IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1sZWFkZXItMS0wIiwidF9lcG9jaCI6MTYwMDM0OTMzNiwiYXVjdGlvbl9lcG9jaCI6MTYwMDM0OTM0NywiYWRfcG9zaXRpb24iOjExMDMsImNvdW50cnlfY29kZSI6Ik5MIiwicGFnZXZpZXdfaWQiOiJmNzIxOWM2ZC0wMzYzLTQ3YzYtN2NmMy0zYzA4MmY3MTYyMWEiLCJiaWRfZmxvb3JfaW5pdGlhbCI6OTAwLCJiaWRfZmxvb3JfcHJldiI6MTIwLCJiaWRfZmxvb3JfZmlsbGVkIjowLCJhdWN0aW9uX2NvdW50Ijo5LCJyZWZyZXNoX2FkX2NvdW50IjowLCJhdWN0aW9uX2R1cmF0aW9uIjo0MzEsIm11bHRpX2FkX3VuaXQiOjAsIm11bHRpX2FkX2NvdW50IjowLCJkYXRhIjpbeyJuYW1lIjoiIiwidmFsIjoiIn1dfV0=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:07 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:29:07 UTC

GET
H3-Q050 200 4UabrENHsxJlGDuGo1OIlLU94YtzCwZsPF4o.woff2
fonts.gstatic.com/s/googlesans/v16/ Frame F078 14 KB
14 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v16/4UabrENHsxJlGDuGo1OIlLU94YtzCwZsPF4o.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500&display=optional

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1daab0f66666bc3a1d05d70de979a80680d985cc924e233fab61eef2d03bafe2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://securityonline.info
Referer: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500&display=optional
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 14 Sep 2020 11:04:14 GMT
x-content-type-options: nosniff
last-modified: Wed, 04 Dec 2019 18:44:18 GMT
server: sffe
age: 267893
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14816
x-xss-protection: 0
expires: Tue, 14 Sep 2021 11:04:14 GMT

GET
H3-Q050 200 4UaGrENHsxJlGDuGo1OIlL3Owp5eKQtG.woff2
fonts.gstatic.com/s/googlesans/v16/ Frame F078 14 KB
14 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v16/4UaGrENHsxJlGDuGo1OIlL3Owp5eKQtG.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500&display=optional

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f199a20f1fee7dec152b3591272f9715b536ed88b4c36194488fd5a734caf707

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://securityonline.info
Referer: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500&display=optional
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 14 Sep 2020 11:04:23 GMT
x-content-type-options: nosniff
last-modified: Wed, 04 Dec 2019 18:44:26 GMT
server: sffe
age: 267884
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14608
x-xss-protection: 0
expires: Tue, 14 Sep 2021 11:04:23 GMT

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
45 B 91ms
90ms Image
image/gif 2a00:1450:4001:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=gpt_sz&pvsid=788064621681489&r=300x250&w=300&h=250&a=0

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:820::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Sep 2020 13:29:07 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 204
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/012009010507000/ Frame 45F1 206 KB
56 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

12a24c1feb4b8e8e3872a9fedee80fcce55a6f59b14607d640fcf4f3054ec43e

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 17144
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 57296
x-xss-protection: 0
server: sffe
date: Thu, 17 Sep 2020 08:43:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "9e379dcbf00ec980"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 17 Sep 2021 08:43:23 GMT

GET
H3-Q050 200 amp-ad-exit-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame 45F1 16 KB
6 KB 13ms
12ms Script
text/javascript 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-ad-exit-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d337aa4ea0cace6bd743ef8c3b5d1d20e6e676bb4a650c7335a7383635529f31

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 109118
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5755
x-xss-protection: 0
server: sffe
date: Wed, 16 Sep 2020 07:10:29 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "c8394c73e5080432"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Sep 2021 07:10:29 GMT

GET
H3-Q050 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame 45F1 95 KB
29 KB 14ms
12ms Script
text/javascript 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-analytics-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

76a8c8ef4cde9cbd17bbaecf11ee316fab4e55cc661093e4b2d80a4e1ff52897

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 17195
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29275
x-xss-protection: 0
server: sffe
date: Thu, 17 Sep 2020 08:42:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "56557b91d9fb04b1"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 17 Sep 2021 08:42:32 GMT

GET
H3-Q050 200 amp-fit-text-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame 45F1 4 KB
2 KB 17ms
15ms Script
text/javascript 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-fit-text-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6fca0b40781598023aed9b45225711771eafce8f14392a49d6ed57d567255002

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 109040
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1795
x-xss-protection: 0
server: sffe
date: Wed, 16 Sep 2020 07:11:47 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "b0cc102b09e8903d"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Sep 2021 07:11:47 GMT

GET
H3-Q050 200 amp-form-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame 45F1 47 KB
14 KB 17ms
16ms Script
text/javascript 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-form-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

21cb9221d772cfd0d3de7240fe5c07ee1c06b9bd945111a2e0491ae243eb0b41

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 109027
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14591
x-xss-protection: 0
server: sffe
date: Wed, 16 Sep 2020 07:12:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "4ca25f57e218a94a"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Sep 2021 07:12:00 GMT

GET
H3-Q050 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 45F1 2 KB
2 KB 10ms
9ms Image
image/png 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 17 Sep 2020 11:08:58 GMT
x-content-type-options: nosniff
server: cafe
age: 8409
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Fri, 18 Sep 2020 11:08:58 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 45F1 295 B
319 B 10ms
10ms Image
image/png 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 16 Sep 2020 21:26:58 GMT
x-content-type-options: nosniff
server: cafe
age: 57729
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Thu, 17 Sep 2020 21:26:58 GMT

GET
DATA 200
OK truncated
/ Frame 45F1 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2fe048c6e966f22905bd291e064cccce132b96db7b0be4efa3f0a426756348eb

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 200 809443944136521084
tpc.googlesyndication.com/daca_images/simgad/ Frame 45F1 53 KB
53 KB 22ms
10ms Image
image/png 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/daca_images/simgad/809443944136521084

Requested by

Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

33f16e5b1a303030404b870e9fde4bed4f42339eee07feb58d567dea2387f2df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 14 Sep 2020 10:58:17 GMT
x-content-type-options: nosniff
age: 268250
x-dns-prefetch-control: off
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 54095
x-xss-protection: 0
last-modified: Fri, 08 May 2020 11:51:33 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 14 Sep 2021 10:58:17 GMT

GET
H3-Q050 204 l
www.google.com/ads/measurement/ Frame 45F1 0
0 94ms
13ms Image
text/html 2a00:1450:4001:825::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSEO9rDFPlORj_G2t0_U6jr8yAM09Huve_F9x82o9NFpG8Mm6U_p7O5TZwK67j_Nkx5paC_QeTjVo7QugikXipg-VQJDw
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:825::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 45F1 0
0 175ms
93ms Image
text/html 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CgaSUomRjX6vLNMy8gQfppbeoD8qd8JVf6tCl0cEL6Kq2lYsDEAEg9PnGJWCRhJOF_BegAZKZq_wCyAEC4AIAqAMByAMIqgS7Ak_QD9bP3xUZWHOzZ7kG5Fgfw5TiFCjoipTIr46q42uSE_O13i4jCXCQ5UFMkegtVlcH_HVuQJLs-3IE01TVkquhGgycEOuL6Gx1KBfJVt6BXI_wBc2Y-6arDC0zCs7Bv4u0QPfi0ZM584yDPPgJ0_Wyg-fBMGq0PMu7WKhOucu2465oEE2L9RAlhpIy113eD50AGireSdHpjYS3WNBSgsU7ml1DEtCVsmxScy5dM9GarRRoBFnYcCJa5WQ1Iu5i0R_i5w5_jhZ0CXhnUd5iDc6ZOAqxi1x8xOZ9bbrPeM68OKRovksVkPC1PhGnNKZWsIU6sWhuzmKDUDnqrqn1K28IZnVANprtaYbi2SN3Qk3eevvKOuHjhWTO94LfHO_i7v49cFnzcCie0z7KHZgvn9wFs5AFiDvuLGCCI8AExurvhv0C4AQBkgUECAQYAZIFBAgFGASgBgKAB9bm1IMBqAeOzhuoB9XJG6gHk9gbqAe6BqgH8NkbqAfy2RuoB6a-G6gH7NUb2AcB8gcEEOWfHNIICQiA4YAQEAEYHfIIG2FkeC1zdWJzeW4tNDc3NjA2MzE1ODI0MjU4OIAKA8gLAbIMFHB1Yi02Mzk2ODQ0NzQyNDk3MjA42BMK&sigh=knPEsHvzoe0&tpd=AGWhJmvQARglnvbFmTD8f1FZ5tOTGlkHQxQcrVY9VvggUVHXOQ
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 172.217.23.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s18-in-f130.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H2 200 greenoaks.gif
securityonline.info/detroitchicago/ 43 B
77 B 101ms
22ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiJmNzIxOWM2ZC0wMzYzLTQ3YzYtN2NmMy0zYzA4MmY3MTYyMWEiLCJkb21haW5faWQiOiIxMjQ1MzMiLCJ0X2Vwb2NoIjoxNjAwMzQ5MzM2LCJkYXRhIjpbeyJuYW1lIjoiZGlzcGxheV9hZF92aWV3cG9ydF9weCIsInZhbCI6IjM5MjEwMCJ9LHsibmFtZSI6ImRpc3BsYXlfYWRfdmlld3BvcnRfY291bnQiLCJ2YWwiOiI2In0seyJuYW1lIjoibmF0aXZlX2FkX3ZpZXdwb3J0X3B4IiwidmFsIjoiMCJ9LHsibmFtZSI6Im5hdGl2ZV9hZF92aWV3cG9ydF9jb3VudCIsInZhbCI6IjAifSx7Im5hbWUiOiJkaXNwbGF5X2FkX2RvY19weCIsInZhbCI6IjEzNDE5MDAifSx7Im5hbWUiOiJkaXNwbGF5X2FkX2RvY19jb3VudCIsInZhbCI6IjE0In0seyJuYW1lIjoibmF0aXZlX2FkX2RvY19weCIsInZhbCI6IjAifSx7Im5hbWUiOiJuYXRpdmVfYWRfZG9jX2NvdW50IiwidmFsIjoiMCJ9LHsibmFtZSI6InZpZXdwb3J0X3NpemUiLCJ2YWwiOiIxNjAweDEyMDAifSx7Im5hbWUiOiJ2aWV3cG9ydF9weCIsInZhbCI6IjE5MjAwMDAifSx7Im5hbWUiOiJkb2NfcHgiLCJ2YWwiOiIxOTEzOTIwMCJ9LHsibmFtZSI6ImRvY19oZWlnaHQiLCJ2YWwiOiIxMTk2MiJ9XX1d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:07 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:29:07 UTC

GET
H2 200 28687274 Show response
g.ezoic.net/dac/ 0
17 B 34ms
23ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezoic.net/dac/28687274
Requested by: Host: securityonline.info
URL: https://securityonline.info/porpoiseant/banger.js?cb=191-2&bv=86&v=35&PageSpeed=off
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:07 GMT
server: nginx/1.16.0
status: 200
vary: Accept-Encoding
content-type: text/plain
access-control-allow-origin: *
cache-control: max-age=3600, public
content-length: 0

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
77 B 33ms
22ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjg2MjY1IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYwMDM0OTMzNiwiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJOTCIsInBhZ2V2aWV3X2lkIjoiZjcyMTljNmQtMDM2My00N2M2LTdjZjMtM2MwODJmNzE2MjFhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDU5MSwiZGF0YSI6W3sibmFtZSI6InJlZnJlc2hfY291bnQiLCJ2YWwiOiI1In1dfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjY4NjI2NSIsImRvbWFpbl9pZCI6IjEyNDUzMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXNlY3VyaXR5b25saW5lX2luZm8tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MDAzNDkzMzYsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiTkwiLCJwYWdldmlld19pZCI6ImY3MjE5YzZkLTAzNjMtNDdjNi03Y2YzLTNjMDgyZjcxNjIxYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1OTEsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfYmlkX2hhc2giLCJ2YWwiOiJmZTViMGM5OWFiN2JhMTVmMDUwNTgyYmUxMzAxMzAzZiJ9XX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI2ODYyNjUiLCJkb21haW5faWQiOiIxMjQ1MzMiLCJ1bml0IjoiZGl2LWdwdC1hZC1zZWN1cml0eW9ubGluZV9pbmZvLW1lZHJlY3RhbmdsZS0yLTAiLCJ0X2Vwb2NoIjoxNjAwMzQ5MzM2LCJyZXZlbnVlIjowLCJlc3RfcmV2ZW51ZSI6MC4wMDA0NiwiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJiaWRfZmxvb3JfZmlsbGVkIjowLjAwMDQ2LCJiaWRfZmxvb3JfcHJldiI6MC4wMDE4LCJzdGF0X3NvdXJjZV9pZCI6MzUsImNvdW50cnlfY29kZSI6Ik5MIiwicGFnZXZpZXdfaWQiOiJmNzIxOWM2ZC0wMzYzLTQ3YzYtN2NmMy0zYzA4MmY3MTYyMWEiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NTkxLCJkYXRhIjpbeyJuYW1lIjoibG9hZGVkIiwidmFsIjoiMSJ9XX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI2ODYyNjUiLCJkb21haW5faWQiOiIxMjQ1MzMiLCJ1bml0IjoiZGl2LWdwdC1hZC1zZWN1cml0eW9ubGluZV9pbmZvLW1lZHJlY3RhbmdsZS0yLTAiLCJ0X2Vwb2NoIjoxNjAwMzQ5MzM2LCJhZF9wb3NpdGlvbiI6MTEwMCwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6Ik5MIiwicGFnZXZpZXdfaWQiOiJmNzIxOWM2ZC0wMzYzLTQ3YzYtN2NmMy0zYzA4MmY3MTYyMWEiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NTkxLCJkYXRhIjpbeyJuYW1lIjoiY3JlYXRpdmVfaWQiLCJ2YWwiOiIxMzgzMTAwMzQ1OTEifV19LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjg2MjY1IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYwMDM0OTMzNiwiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJOTCIsInBhZ2V2aWV3X2lkIjoiZjcyMTljNmQtMDM2My00N2M2LTdjZjMtM2MwODJmNzE2MjFhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDU5MSwiZGF0YSI6W3sibmFtZSI6ImxpbmVpdGVtX2lkIiwidmFsIjoiMjg2ODcyNzQifV19XQ==
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:07 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:29:06 UTC

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
77 B 34ms
23ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjg2MjY1IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYwMDM0OTMzNiwiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJOTCIsInBhZ2V2aWV3X2lkIjoiZjcyMTljNmQtMDM2My00N2M2LTdjZjMtM2MwODJmNzE2MjFhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDU5MSwiZGF0YSI6W3sibmFtZSI6InRfbG9jYWxfZGF0ZSIsInZhbCI6IjIwMjAtMDktMTcifSx7Im5hbWUiOiJ0X2xvY2FsX2hvdXIiLCJ2YWwiOiIxNSJ9LHsibmFtZSI6InRfbG9jYWxfZGF5X29mX3dlZWsiLCJ2YWwiOiI0In0seyJuYW1lIjoidF9sb2NhbF90aW1lem9uZSIsInZhbCI6Ii0xMjAifV19XQ==
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:07 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:29:07 UTC

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
77 B 33ms
23ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiNjg2MjY1IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYwMDM0OTMzNiwiYXVjdGlvbl9lcG9jaCI6MTYwMDM0OTM0NywiYWRfcG9zaXRpb24iOjExMDAsImNvdW50cnlfY29kZSI6Ik5MIiwicGFnZXZpZXdfaWQiOiJmNzIxOWM2ZC0wMzYzLTQ3YzYtN2NmMy0zYzA4MmY3MTYyMWEiLCJiaWRfZmxvb3JfaW5pdGlhbCI6MTUwMCwiYmlkX2Zsb29yX3ByZXYiOjE4MCwiYmlkX2Zsb29yX2ZpbGxlZCI6NDYsImF1Y3Rpb25fY291bnQiOjUsInJlZnJlc2hfYWRfY291bnQiOjAsImF1Y3Rpb25fZHVyYXRpb24iOjQ3NCwibXVsdGlfYWRfdW5pdCI6MCwibXVsdGlfYWRfY291bnQiOjAsImRhdGEiOlt7Im5hbWUiOiIiLCJ2YWwiOiIifV19XQ==
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:07 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:29:07 UTC

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 46 KB
11 KB 321ms
316ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=788064621681489&correlator=781714566134377&output=ldjh&impl=fif&adsid=NT&eid=21067118%2C21067408%2C21067482%2C21066706&vrg=2020091501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-large-billboard-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=6&prev_scp=iid8%3D713415%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C3%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D7%26at%3Dmbf%26adr%3D399%26ezosn%3D9%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1034%26compid%3D0%26tap%3Dsecurityonline_info-large-billboard-2-713415%26eb_br%3Dbf9a045b836005b6c23b7b0749249612%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D19%26bvm%3D0%26bvr%3D9%26shp%3D3%26br1%3D26%26br2%3D600%26ezoic%3D1%26nmau%3D4%26mau%3D3%26stl%3D23%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%2C17%2C20%2C17%2C19%2C20%2C17%2C19%2C20%26lb%3D70%26reqt%3D1600349347388&eri=1&cookie=ID%3Df5d80283ec271d0b%3AT%3D1600349346%3AS%3DALNI_MYqxudynQ1sw9N4w4GKox1PS_bYDw&bc=31&abxe=1&lmt=1600349347&dt=1600349347390&dlt=1600349338352&idt=1014&frm=20&biw=1600&bih=1200&oid=3&adxs=1180&adys=3061&adks=3075149205&ucis=25&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,0000FF|color_text,,000000|color_url,,828282&ifi=78&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=101&icsg=3433718972678146&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x269&msz=300x262&psts=AGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1551435357.1600349339&ga_sid=1600349339&ga_hid=1476984913&ga_wpids=UA-124345349-20&fws=4&ohw=300&btvi=37&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

cc6eae8953afb4d9a130e2339e1edf88da1bc8d3b6afd51b0b0a3f31c01404c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:07 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11542
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 activeview
pagead2.googlesyndication.com/pcs/ Frame F02A 42 B
65 B 55ms
54ms Image
image/gif 2a00:1450:4001:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvsJ0Itbxn-CWcW_1wpL6TfSmU5QX3kZTAoHKmwHUL3WgkuPt2bB0E_gU5e2tu3RFiZb4AjXgB5hoaiOvsea5keZ_XZVZZNaJcpL7Y-oTuO8wvbcRGW8xoQgda1Xw&sai=AMfl-YSXiTfrSsAfZ3yApM44cVo2msaffGZqGEWYsJgoUTvHFA5DPXwJS5MN7uePnBvuR8zmqdaGNSaoX6AgpkXMSbrm1_sEOicrhQDeRXXSXA4rq9NDcQAa3bQnb9w&sig=Cg0ArKJSzKZE7czh84fGEAE&cid=CAASF-Roy-HAxCTQ2Qf4HqMptwIPXvm5GF_n&id=ampim&o=217,513&d=728,90&ss=1600,1200&bs=1600,1200&mcvt=1092&mtos=0,0,1092,1092,1092&tos=0,0,1092,0,0&tfs=124&tls=1216&g=100&h=100&tt=1217&r=v&avms=ampa&adk=1835722818

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:820::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Sep 2020 13:29:07 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame F078
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
0

57ms
52ms

Image
text/html

2a00:1450:4001:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:820::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Redirect headers

date: Thu, 17 Sep 2020 13:29:07 GMT
x-content-type-options: nosniff
server: safe
status: 302
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 246
x-xss-protection: 0

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
77 B 44ms
43ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzQ1OTY1IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1ib3gtMy0wIiwidF9lcG9jaCI6MTYwMDM0OTMzNiwicmV2ZW51ZSI6MCwiZXN0X3JldmVudWUiOjAsImFkX3Bvc2l0aW9uIjoxMTA0LCJhZF9zaXplIjoiIiwiYmlkX2Zsb29yX2ZpbGxlZCI6MCwiYmlkX2Zsb29yX3ByZXYiOjAsInN0YXRfc291cmNlX2lkIjowLCJjb3VudHJ5X2NvZGUiOiJOTCIsInBhZ2V2aWV3X2lkIjoiZjcyMTljNmQtMDM2My00N2M2LTdjZjMtM2MwODJmNzE2MjFhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo3MTYxNDM5NCwiY3JlYXRpdmVfaWQiOjEzODMxMDA0MzgyMCwiZGF0YSI6W3sibmFtZSI6InZpZXdlZCIsInZhbCI6IjEifV19XQ==
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:07 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:29:07 UTC

GET
H3-Q050 200 en_bl.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame F078 2 KB
2 KB 6ms
6ms Image
image/png 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en_bl.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e1a3c83144fa5752c8668ca056742ec9e6d6dfe5cfb75a97a9e53d1150068f91

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 17 Sep 2020 02:38:27 GMT
x-content-type-options: nosniff
server: cafe
age: 39040
etag: 11660698925711390587
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2471
x-xss-protection: 0
expires: Fri, 18 Sep 2020 02:38:27 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame F078 295 B
319 B 7ms
7ms Image
image/png 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 16 Sep 2020 21:26:58 GMT
x-content-type-options: nosniff
server: cafe
age: 57729
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Thu, 17 Sep 2020 21:26:58 GMT

GET
H3-Q050

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 45F1
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
0

54ms
53ms

Image
text/html

2a00:1450:4001:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:820::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Redirect headers

date: Thu, 17 Sep 2020 13:29:07 GMT
x-content-type-options: nosniff
server: safe
status: 302
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 246
x-xss-protection: 0

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
77 B 25ms
23ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzQ1OTY1IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1ib3gtMy0wIiwidF9lcG9jaCI6MTYwMDM0OTMzNiwiYWRfcG9zaXRpb24iOjExMDQsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJOTCIsInBhZ2V2aWV3X2lkIjoiZjcyMTljNmQtMDM2My00N2M2LTdjZjMtM2MwODJmNzE2MjFhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo3MTYxNDM5NCwiY3JlYXRpdmVfaWQiOjEzODMxMDA0MzgyMCwiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9zaXplIiwidmFsIjoiWzcyOCw5MF0ifV19LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzQ1OTY1IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1ib3gtMy0wIiwidF9lcG9jaCI6MTYwMDM0OTMzNiwiYWRfcG9zaXRpb24iOjExMDQsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJOTCIsInBhZ2V2aWV3X2lkIjoiZjcyMTljNmQtMDM2My00N2M2LTdjZjMtM2MwODJmNzE2MjFhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo3MTYxNDM5NCwiY3JlYXRpdmVfaWQiOjEzODMxMDA0MzgyMCwiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9mbHVpZCIsInZhbCI6ImZhbHNlIn1dfV0=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:07 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:29:07 UTC

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 331 B
171 B 185ms
185ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=788064621681489&correlator=3720707503283900&output=ldjh&impl=fif&adsid=NT&eid=21067118%2C21067408%2C21067482%2C21066706&vrg=2020091501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-large-billboard-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=7&prev_scp=iid8%3D713415%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C1%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D8%26at%3Dmbf%26adr%3D399%26ezosn%3D6%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1034%26compid%3D0%26tap%3Dsecurityonline_info-large-billboard-2-713415%26eb_br%3D2e8b8c60843e52e5aaa1e3a52287a2bb%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D19%26bvm%3D0%26bvr%3D9%26shp%3D3%26br1%3D8%26br2%3D600%26ezoic%3D1%26nmau%3D4%26mau%3D0%26stl%3D27%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%2C17%2C20%2C17%2C19%2C20%2C17%2C19%2C20%2C17%2C18%2C19%2C20%26lb%3D26%26reqt%3D1600349347737&eri=1&cookie=ID%3Df5d80283ec271d0b%3AT%3D1600349346%3AS%3DALNI_MYqxudynQ1sw9N4w4GKox1PS_bYDw&bc=31&abxe=1&lmt=1600349347&dt=1600349347740&dlt=1600349338352&idt=1014&frm=20&biw=1600&bih=1200&oid=3&adxs=1180&adys=2248&adks=3088204122&ucis=26&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,1a0dab|color_text,,545454|color_url,,006621&ifi=79&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=100&icsg=3433718972678146&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x269&msz=300x262&ga_vid=1551435357.1600349339&ga_sid=1600349339&ga_hid=1476984913&ga_wpids=UA-124345349-20&fws=4&ohw=300&btvi=38&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

0985eb965143c2091374e7e33821c290ee2b9eb533057477fe80feba1faae60e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:07 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 138
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 2B9A 42 B
92 B 99ms
98ms Image
image/gif 2a00:1450:4001:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst2E765OwQodAgLB2kiMdVM2W8vCzU_5SS6TqyfXgPwmMS3lriUaFznS6VT9Zdb4ZcsIJ7I2MYtR14UMiQTZUeuBSm1niLNuESUd0b59ZyiWlWUT0MYJ1UbzRWPxw&sai=AMfl-YQwBmNr9dPmOyMQ0j2VgrkIJPJHcitejMKWvI3oiRlP45w7tEBgGIEY2idTFhU6NEZhqJrIXa1Q-Z_sPNcaXeR1lS71DlraPjGCN33JX5xrli6bOydTVeB9Yy3J&sig=Cg0ArKJSzPXL4trMsU6aEAE&cid=CAASF-RoPeDi-A5ZVTRGVYlGclSt4OSTh28o&id=ampim&o=216,852&d=728,90&ss=1600,1200&bs=1600,1200&mcvt=1007&mtos=0,0,1007,1007,1007&tos=0,0,1007,0,0&tfs=131&tls=1138&g=100&h=100&tt=1138&r=v&avms=ampa&adk=2766934257

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:820::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Sep 2020 13:29:08 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
100 B 23ms
23ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzE0ODE1IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1tZWRyZWN0YW5nbGUtMy0wIiwidF9lcG9jaCI6MTYwMDM0OTMzNiwicmV2ZW51ZSI6MCwiZXN0X3JldmVudWUiOjAsImFkX3Bvc2l0aW9uIjoxMTEyLCJhZF9zaXplIjoiIiwiYmlkX2Zsb29yX2ZpbGxlZCI6MCwiYmlkX2Zsb29yX3ByZXYiOjAsInN0YXRfc291cmNlX2lkIjowLCJjb3VudHJ5X2NvZGUiOiJOTCIsInBhZ2V2aWV3X2lkIjoiZjcyMTljNmQtMDM2My00N2M2LTdjZjMtM2MwODJmNzE2MjFhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo3MTYxNDM5NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDgyNSwiZGF0YSI6W3sibmFtZSI6InZpZXdlZCIsInZhbCI6IjEifV19XQ==
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:08 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:29:05 UTC

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 42 KB
11 KB 186ms
186ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=788064621681489&correlator=3456029148812708&output=ldjh&impl=fif&adsid=NT&eid=21067118%2C21067408%2C21067482%2C21066706&vrg=2020091501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-large-billboard-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=8&prev_scp=iid8%3D713415%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C1%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D9%26at%3Dmbf%26adr%3D399%26ezosn%3D6%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1034%26compid%3D0%26tap%3Dsecurityonline_info-large-billboard-2-713415%26eb_br%3Db6c98a8bb15764f1c4ee331dcb724178%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D19%26bvm%3D0%26bvr%3D9%26shp%3D3%26br1%3D2%26br2%3D600%26ezoic%3D1%26nmau%3D4%26mau%3D0%26stl%3D27%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%2C17%2C20%2C17%2C19%2C20%2C17%2C19%2C20%2C17%2C18%2C19%2C20%2C17%2C18%2C19%2C20%26lb%3D8%26reqt%3D1600349348253&eri=1&cookie=ID%3Df5d80283ec271d0b%3AT%3D1600349346%3AS%3DALNI_MYqxudynQ1sw9N4w4GKox1PS_bYDw&bc=31&abxe=1&lmt=1600349348&dt=1600349348255&dlt=1600349338352&idt=1014&frm=20&biw=1600&bih=1200&oid=3&adxs=1180&adys=2248&adks=3088204122&ucis=27&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,1a0dab|color_text,,545454|color_url,,006621&ifi=80&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=100&icsg=3433718972678146&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x269&msz=300x262&ga_vid=1551435357.1600349339&ga_sid=1600349339&ga_hid=1476984913&ga_wpids=UA-124345349-20&fws=4&ohw=300&btvi=39&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

19a9d3d5022f9ce2efc830e2b649ca9ea4914827088d0e65897623887e5b4fdc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:08 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10832
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
100 B 22ms
22ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzE0ODE1IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1tZWRyZWN0YW5nbGUtMy0wIiwidF9lcG9jaCI6MTYwMDM0OTMzNiwiYWRfcG9zaXRpb24iOjExMTIsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJOTCIsInBhZ2V2aWV3X2lkIjoiZjcyMTljNmQtMDM2My00N2M2LTdjZjMtM2MwODJmNzE2MjFhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo3MTYxNDM5NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDgyNSwiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9zaXplIiwidmFsIjoiWzcyOCw5MF0ifV19LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzE0ODE1IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1tZWRyZWN0YW5nbGUtMy0wIiwidF9lcG9jaCI6MTYwMDM0OTMzNiwiYWRfcG9zaXRpb24iOjExMTIsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJOTCIsInBhZ2V2aWV3X2lkIjoiZjcyMTljNmQtMDM2My00N2M2LTdjZjMtM2MwODJmNzE2MjFhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo3MTYxNDM5NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDgyNSwiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9mbHVpZCIsInZhbCI6ImZhbHNlIn1dfV0=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:08 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:29:08 UTC

GET
H3-Q050 200 activeview
pagead2.googlesyndication.com/pcs/ Frame F078 42 B
65 B 93ms
92ms Image
image/gif 2a00:1450:4001:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstBH34lcmYM7olv2OtzxE0QxNL3fIP9QKKO_duIPLsmUBmsz62E_oo1muhkmxjbzb5NWjkWe1Lbx5Cc5rDOsjkXKPnKoJ_MMy9RBBBBT25pa3cNtfS3GwjZEw6h-w&sai=AMfl-YSbmWfWllc11ygPU1cWef9vdmN-9VmWFhyJgUajQvJ0sQC_4X2QcyVPJHrtU-sEpuIBXJou2aXarv5xEcQ4tu8qxPxnF2oxsxzUlk8fw9aDdKdRB5A5ssg3Enwb&sig=Cg0ArKJSzGiHmksH90MwEAE&cid=CAASF-RoznnB68lP-0elxQNKhNESRBq4xLRu&id=ampim&o=216,1078&d=728,90&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&tfs=219&tls=1219&g=100&h=100&tt=1219&r=v&avms=ampa&adk=4103646004

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:820::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Sep 2020 13:29:08 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
77 B 27ms
26ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzA3OTY1IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1sZWFkZXItMS0wIiwidF9lcG9jaCI6MTYwMDM0OTMzNiwicmV2ZW51ZSI6MCwiZXN0X3JldmVudWUiOjAsImFkX3Bvc2l0aW9uIjoxMTAzLCJhZF9zaXplIjoiIiwiYmlkX2Zsb29yX2ZpbGxlZCI6MCwiYmlkX2Zsb29yX3ByZXYiOjAsInN0YXRfc291cmNlX2lkIjowLCJjb3VudHJ5X2NvZGUiOiJOTCIsInBhZ2V2aWV3X2lkIjoiZjcyMTljNmQtMDM2My00N2M2LTdjZjMtM2MwODJmNzE2MjFhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo3MTYxNDM5NCwiY3JlYXRpdmVfaWQiOjEzODMxMDA0MzgyMywiZGF0YSI6W3sibmFtZSI6InZpZXdlZCIsInZhbCI6IjEifV19XQ==
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:08 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:29:08 UTC

GET
H3-Q050 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 45F1 42 B
65 B 93ms
93ms Image
image/gif 2a00:1450:4001:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvIadAPoHlxX27lMcKyuDpUzpr0GlSVLq3wWCvJwysV6A7g0dGIt5QV1_UvXBik019KfGOdAis5H7AspsA-ZIi_OyJPKAVDzxWNizdnCC6xfAPFixybzqmPgJIErg&sai=AMfl-YRicEtQ1IFhItoCNtXWT3zGTLoUlZpoVhYl9-5eC_wetkDfys4x8W3Y3ge-VDGaZmoZsqWmqA0AwrhU6gjxr53JagzrO7uGv3RbBXFw4rig41cYt_JmLXtLfDwO&sig=Cg0ArKJSzMKUuuNPQ-93EAE&cid=CAASF-Ron5g3pG8_vlREBdXV-msZpFcnZflu&id=ampim&o=315,1108&d=970,90&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&tfs=123&tls=1123&g=100&h=100&tt=1123&r=v&avms=ampa&adk=3873167905

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:820::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Sep 2020 13:29:08 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
77 B 23ms
22ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjg2MjY1IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYwMDM0OTMzNiwicmV2ZW51ZSI6MCwiZXN0X3JldmVudWUiOjAsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiYmlkX2Zsb29yX2ZpbGxlZCI6MCwiYmlkX2Zsb29yX3ByZXYiOjAsInN0YXRfc291cmNlX2lkIjowLCJjb3VudHJ5X2NvZGUiOiJOTCIsInBhZ2V2aWV3X2lkIjoiZjcyMTljNmQtMDM2My00N2M2LTdjZjMtM2MwODJmNzE2MjFhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDU5MSwiZGF0YSI6W3sibmFtZSI6InZpZXdlZCIsInZhbCI6IjEifV19XQ==
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:08 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:29:08 UTC

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
77 B 22ms
22ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzA3OTY1IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1sZWFkZXItMS0wIiwidF9lcG9jaCI6MTYwMDM0OTMzNiwiYWRfcG9zaXRpb24iOjExMDMsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJOTCIsInBhZ2V2aWV3X2lkIjoiZjcyMTljNmQtMDM2My00N2M2LTdjZjMtM2MwODJmNzE2MjFhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo3MTYxNDM5NCwiY3JlYXRpdmVfaWQiOjEzODMxMDA0MzgyMywiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9zaXplIiwidmFsIjoiWzcyOCw5MF0ifV19LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzA3OTY1IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1sZWFkZXItMS0wIiwidF9lcG9jaCI6MTYwMDM0OTMzNiwiYWRfcG9zaXRpb24iOjExMDMsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJOTCIsInBhZ2V2aWV3X2lkIjoiZjcyMTljNmQtMDM2My00N2M2LTdjZjMtM2MwODJmNzE2MjFhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo3MTYxNDM5NCwiY3JlYXRpdmVfaWQiOjEzODMxMDA0MzgyMywiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9mbHVpZCIsInZhbCI6ImZhbHNlIn1dfV0=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:08 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:29:08 UTC

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
100 B 23ms
23ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjg2MjY1IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYwMDM0OTMzNiwiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJOTCIsInBhZ2V2aWV3X2lkIjoiZjcyMTljNmQtMDM2My00N2M2LTdjZjMtM2MwODJmNzE2MjFhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDU5MSwiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9zaXplIiwidmFsIjoiWzk3MCw5MF0ifV19LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjg2MjY1IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYwMDM0OTMzNiwiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJOTCIsInBhZ2V2aWV3X2lkIjoiZjcyMTljNmQtMDM2My00N2M2LTdjZjMtM2MwODJmNzE2MjFhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDU5MSwiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9mbHVpZCIsInZhbCI6ImZhbHNlIn1dfV0=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:29:08 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:29:09 UTC

Verdicts & Comments Add Verdict or Comment

378 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

30 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
securityonline.info/	1970-01-19 21:18:05	Name: ezux_lpl_124533 Value: 1600349339953\|f7219c6d-0363-47c6-7cf3-3c082f71621a\|false
.securityonline.info/	1970-01-19 12:32:29	Name: _gat_gtag_UA_63315582_2 Value: 1
.securityonline.info/	1970-01-19 12:33:55	Name: _gid Value: GA1.2.2113851868.1600349340
.securityonline.info/	1970-01-20 06:03:41	Name: _ga Value: GA1.2.1551435357.1600349339
.securityonline.info/	1970-01-19 12:35:22	Name: active_template::124533 Value: pub_site.1600349339
securityonline.info/	1970-01-19 21:54:12	Name: cto_bundle Value: SoDeOl80VGwzU1dScnBydXdmYzFaWmVVVTZtWTVMRnN3bU51TzhRb2E0bWZvb29TYjhFNUtTTXNGemdJNGYlMkJlaG9JenNieTRuTW1QVUhkWlBrMFRHeTJ2WnF0T1ROaEtjMGtZQXdiem1QR1k3MEJ4QjZ0TENlTUtGdDJ1RUQ4VWNCNU1O
.doubleclick.net/	1970-01-19 12:32:30	Name: test_cookie Value: CheckForPermission
securityonline.info/	1970-01-22 01:51:41	Name: ezohw Value: w%3D1600%2Ch%3D1200
.securityonline.info/	1970-01-20 06:03:41	Name: ezosuigeneris Value: 94f612e54078b17980816c7a53e6584e
securityonline.info/	1970-01-19 21:54:12	Name: cto_bidid Value: -zpSbl9wSFd1VmR5b1NoZklBYkR6a1l6MFFjT2ZPc3NtRDZPcUhna2dsaUdTRlZ4ZlhZd0w2eTRSOTNiVVclMkJ3aDRsYWtkYkhTRGdUJTJCNnJLMXN4TGZBQ3pHSnclM0QlM0Q
.securityonline.info/	1970-01-19 12:32:29	Name: __utmt_f Value: 1
securityonline.info/	1970-01-22 01:51:41	Name: ezds Value: ffid%3D1%2Cw%3D1600%2Ch%3D1200
.securityonline.info/	1970-01-19 12:32:29	Name: __utmt_e Value: 1
.securityonline.info/	1970-01-19 16:55:17	Name: __utmz Value: 264774413.1600349339.1.1.utmcsr=(direct)\|utmccn=(direct)\|utmcmd=(none)
.securityonline.info/	1969-12-31 23:59:59	Name: __utmc Value: 264774413
.securityonline.info/	1970-01-20 06:03:41	Name: __utma Value: 264774413.1551435357.1600349339.1600349339.1600349339.1
.securityonline.info/	1970-01-19 12:32:31	Name: __utmb Value: 264774413.2.10.1600349339
.securityonline.info/	1970-01-19 12:32:36	Name: ezoref_124533 Value:
securityonline.info/	1969-12-31 23:59:59	Name: ezouspva Value: 0
securityonline.info/	1969-12-31 23:59:59	Name: ezouspvv Value: 0
.securityonline.info/	1970-01-19 12:32:31	Name: ezovuuid_124533 Value: 0cf799a9-d734-4f41-77cc-667f1d3eb960
.securityonline.info/	1970-01-19 21:18:05	Name: ezCMPCCS Value: true
.securityonline.info/	1970-01-19 12:32:36	Name: lp_124533 Value: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
.securityonline.info/	1970-01-19 12:35:22	Name: ezovuuidtime_124533 Value: 1600349336
.securityonline.info/	1970-01-19 12:32:31	Name: ezoab_124533 Value: mod1
.securityonline.info/	1970-01-19 12:32:31	Name: ezovid_124533 Value: 725564363
.securityonline.info/	1970-01-19 12:32:31	Name: ezoadgid_124533 Value: -1
.securityonline.info/	1970-01-19 13:15:41	Name: __cfduid Value: db269b60d0b8183cf62bbf1a3b070a8251600349338
.securityonline.info/	1970-01-19 12:33:55	Name: ezepvv Value: 0
.securityonline.info/	1970-01-19 12:32:31	Name: ezopvc_124533 Value: 1

7 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js?ver=5.5.1(Line 1) Message: OneSignal: Using fallback ES5 Stub for backwards compatibility.
console-api	info	URL: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js(Line 420) Message: Powered by AMP ⚡ HTML – Version 2009010507000 https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
console-api	info	URL: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js(Line 420) Message: Powered by AMP ⚡ HTML – Version 2009010507000 https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
console-api	info	URL: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js(Line 420) Message: Powered by AMP ⚡ HTML – Version 2009010507000 https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
console-api	info	URL: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js(Line 420) Message: Powered by AMP ⚡ HTML – Version 2009010507000 https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
console-api	info	URL: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js(Line 420) Message: Powered by AMP ⚡ HTML – Version 2009010507000 https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
console-api	info	URL: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js(Line 420) Message: Powered by AMP ⚡ HTML – Version 2009010507000 https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ads.pubmatic.com
adservice.google.com
adservice.google.nl
ap.lijit.com
api.pinterest.com
bidder.criteo.com
cdn-0.securityonline.info
cdn.ampproject.org
cdn.onesignal.com
clients1.google.com
cse.google.com
f9acac6977ae19cfb3ec4a26c5f19535.safeframe.googlesyndication.com
fonts.googleapis.com
fonts.gstatic.com
g.ezoic.net
g2.gumgum.com
go.ezoic.net
googleads.g.doubleclick.net
graph.facebook.com
gum.criteo.com
hbopenbid.pubmatic.com
ib.adnxs.com
mug.criteo.com
pagead2.googlesyndication.com
pixel.quantserve.com
rules.quantcount.com
sb.scorecardresearch.com
secure.quantserve.com
securepubads.g.doubleclick.net
securityonline.info
ssl.google-analytics.com
static.criteo.net
stats.g.doubleclick.net
tpc.googlesyndication.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
172.217.23.130
178.250.0.157
178.250.2.131
185.33.221.13
185.64.189.112
216.52.2.30
23.210.248.189
23.37.53.17
2600:9000:20e8:1000:2:cb38:840:93a1
2600:9000:20e8:5e00:6:44e3:f8c0:93a1
2606:4700:3031::681c:a6f
2606:4700::6812:e134
2620:116:800d:21:f916:5049:f87f:108e
2a00:1450:4001:801::2001
2a00:1450:4001:801::2002
2a00:1450:4001:802::200a
2a00:1450:4001:803::2002
2a00:1450:4001:803::200e
2a00:1450:4001:817::200e
2a00:1450:4001:818::2001
2a00:1450:4001:819::2003
2a00:1450:4001:819::200a
2a00:1450:4001:81a::200e
2a00:1450:4001:81b::2001
2a00:1450:4001:81b::2008
2a00:1450:4001:81b::200e
2a00:1450:4001:81c::2003
2a00:1450:4001:81d::2008
2a00:1450:4001:820::2002
2a00:1450:4001:825::2004
2a00:1450:400c:c0c::9c
2a02:2638::1c
2a02:2638::3
2a03:2880:f01c:800e:face:b00c:0:2
3.126.196.163
54.194.107.225
95.100.196.250
0001e893552b1e9805eaf2cfe9b6867ddb916e2213083d8d1513aa3e2ee2dd78
00b41263d09e516672387a37def0e3ca5e8d5519a6d0504521096b660576ad74
0135a4e6c49b5c9ca8726d3479bc9686a42f40bab4a2ea733dd272140c327844
0250776c6a37be308ddc5233a2cd0786d683865c5abd57c0b80b54d513f9706a
02d8f6fd229e7038357d2c7f30f3cd933ff97e2d59563231364f7b42708b0f6b
02fec5849f8ab7bceb4450d167f382e9079bd3a5d0f33a00942869641811ab3a
043d285912c05df102752c6b3927486714d18b60300aef91b5c93ab1d807c34f
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
05ed06bbae1a1994c3e8c9cc4dc2d09caf4a42e943f0bc472d54f990ee6ac7c5
089630244600f33230010f5e04c67419ec642c5228540adb42e3fe92c631e6bf
08f50e9e70388c99977ca13b6af3a49f8f48c83e79230d51ea72a56c0735bd0c
0985eb965143c2091374e7e33821c290ee2b9eb533057477fe80feba1faae60e
0d6e69a0aef977e4aa5bc1336d91092c5ee481cf495663807880b3641a0cdf37
0d9fd7ccabde9b202de45ee6b65878ce9594975d8e8810b0878d3f3fa3637d0e
0f03971bddcdd815bf89ead6fec3702b26aa7d0361e6109b3139f1a4e86b9c28
0f6e8d8006ea1ddb553fb843f2e4684a295d0a5224804a0255d9e6c1d64acf79
0f9a72d6076d42bdca6ec968c622e415275974f739c9430e59afb1004d90cad7
0fadd83464640fea2e28bf01fdd092956772ff393ab5399a496d1caec4170cb4
10d4b728888654e0b85c706a9310b551087d3321fb8ebfff147d07b13fa73bf0
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
12a24c1feb4b8e8e3872a9fedee80fcce55a6f59b14607d640fcf4f3054ec43e
12deb5082d9a265422916da8c3f6b1db8636ff8a5a72e0cad6cdf62f1ef5fc93
1321a915eb8436a7ead71b2ecc7cc60bbd7bcbf708770bf9cfa9c14c8dd2c6e5
15f0626dd31e3e991a1c21d6304f2e370b92b3c91650de3d7ed8a38f1159a457
16267ab79593c55ec1604e99c9092dacb40076e7fd2d363c2cbe7b937a39ade8
1811147234841b18ce6690f69ac772739532d900e97c6bc1f2294ed41b56f7a1
1928489835602af2928b55d854ab5d4981aa9056d2fcbf32f33d2fd066d4be0a
19a9d3d5022f9ce2efc830e2b649ca9ea4914827088d0e65897623887e5b4fdc
1a94c6f409438a0f6069a8299820cf3978dc05499b844eab2aa3ee62c3a5d39e
1ca10f8a06498f5c3104fbf34cf163e62be492b1a214470ec765215b20a166aa
1daab0f66666bc3a1d05d70de979a80680d985cc924e233fab61eef2d03bafe2
1dc62e83153659eb4b10af92e2199804db8829e0a3001ad30be516f186508a1f
1e8de407932344589affb86d254babdf37fae1b9ee588b4fb66b07415edd9bc1
1ec2f86fa7553d9097b26d1542ff1858ced6eadfd08fcd21e8ab82bd764c8541
1eec85e6f867f4e9222943b88ce703476e2ae79fa2e6cb4c0d3f568ae2ef657c
21cb9221d772cfd0d3de7240fe5c07ee1c06b9bd945111a2e0491ae243eb0b41
22f22105b574e70e269aee5f3b15abe3785d317b49dc5237bee3be77c63f7024
23c35871bd433283c634753bf3cc4db2d86aabe41b910b8fae020c6f35698756
251e8e864140d9a7ceacce3371ff692595dd0a455ad000de4041d8a313618bd7
27c1fd08e756878ae7dcf87b8e5c726f3e6ac9d2111189f21d4a5ef9832f8ccf
29c499dce6d4b0c568435f27d2fd6b370b576b97dd7ded180e35866265f8da8a
2c3097237d60f42e800ebe4009c9af144bb19e5581e1c0501c7b259eee7e210c
2c74b7d02ee88ee4dbc5ce723a3c32dcbbd42e7da2794dad585457c325dc25e6
2e7bb1169462a9c1ed218539afc1154f16675470c6a8eb85dcbd516013ddbc23
2f8c350716075fef240209dc695de9b28f9e20898f65bfe8661ad519a64f8d2e
2fe048c6e966f22905bd291e064cccce132b96db7b0be4efa3f0a426756348eb
30c8155f669d210323059d33ab35b46dd7dc1dfb002937e8639559818a451f5e
3192b5c7695152e3d7434e6dd255cf1da7110d1ccb7058125b52e6197c73b15c
329d1a750114920332eadc55c129957d9dbe5a1b25745e2f7e0ed4fad75e04cd
331b2b1241f1f2a53744bdca867c5b76954d9431970e91f490f64c707fc24a16
33f16e5b1a303030404b870e9fde4bed4f42339eee07feb58d567dea2387f2df
34ddef7263cc9dd40fabb34a807865b80000eecbffe8af2a774bec2845485cdf
353fe13b41f92c16b070e51b7aa70327566a360f276544008c6a8ef1cdf8156d
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
37e5670a4f112c9686c9058052e344c440096933a31fa916680d8e6833164c5e
3920912a895730ad382ca483cb5d0660daec21c548fe3e5d08de06bb7f14a53d
3ca09ddb7c53c06322f051413a20c772e8d7e95aee7c400c5f29ec19d51a2409
3d0893147bcc14b3cd37ac8850276e33bb6c7c3f09443fec506a6273742e7b50
3d1836ea49febe32e40d166e2ebb19b0474cdb58ac5f82fddcd5a5bd7c1b17fa
3e1ae4f0845696c643075361861c35a5165d33996cae3b77da7793f59c9ddf0f
3f27a80e87085be8dbe099b987c3a69a244fd3b477f2d1bd7201c76efc4b1579
3f41c335d1ea66204e95a35975c76fdd618401bb440acbf816eef25a4b037c32
41eb9054d5d5527274926b32631be8eb22dd6254f15a4d9d14cfe2688ea4f538
433ae9d2590e64a0d8e67befa4bc3f107d30b8c1ee0937c970fee47c98aa7d69
44448f8722571f32047ab0f1ae0b60ee77e270a84db9fd08564874c18ba38200
452065dd023a7f0c1321960709f17d746c278e596e76b96b969dec20d4c3cee7
467397d7d0cc1d9c5cb7a7ac1d437892d249401aee1add6da9022c8389f09bf8
48879327b3535e06a37995c1f39ef7cceb47fad6c4f45c92f032253648f23abd
4a174035b7e056ba95ce0d2482f4c90543fdaefe59abe84ab9fd1520a9232a73
4bee892d451bec22710e7342576780de52825fd4a6d256b0e1f0c7ec1e26c3fc
4e1f6c3ab12aefc129572486bd2b726fde5be23ae25f997ff76ad75b01bf8986
4ffabefad58adff43cd14143ab87a3e156c7ee80d5e90bbec63bac7539cbfe22
52df8a245d91ed0c010c160750e959934e80caf88d6f0e96c26f5354c88781e5
545881e36f9fe4d4d387c90f876f32df9c0cb800545fe5bb0496a58f6dc53b86
54a310b2e7adf9559ed858404382b6cd9d17ab961b6157933299ea6441e1c201
57b34a23487339f53b201f781b1ef81f58cdf77033f9551c44efe8a21b49867c
58ccb96179b382440aad4d8ad88b74c651757866d4cca0ef6eab0d725f8f8899
5b2b8d431ffc12e91090b624fc573a8ef4d18a8c68abc862fe1b1f40b17be72a
5b46e5fd078d2da07e234e8aa46e42cecc42da68cca0b627e56b7762216b3d80
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
60768bd8aa673caed4fea1c57e2d35ea8673c289ac057531ec86c7560049c110
60863e86aa7743d1ac841da7f473a05cd57fba81d661cef658e385437f80d5ef
613603afe8c5203c59d7f9df1cbac87109df7ffdf245fd20becfa6bd95b92155
62b6cfeaca4303139fb2a03cb6d936ab7a2064e6d628f2fce6cb1211f89a24e3
682133472eb41d447ac1b250338f07c01858b273750ee0579a878b4e4b6fc13a
699d4828c42481ca941e4faf8ffa28d0e08f30044d54b41af5a8d9bde16dcddd
69c996cd5e97b7b07aa5a7f13959c14d4d0b64554ff95f01b3dd395e504cbf57
6a0fc1656ae24c80194965a9666d9b784bd2f9e31f9b19ab65cbff9c8a1eba52
6adf216069233fd43e602d51678a3da39c0d6031602632018a286e52986f07b0
6c87e2b95b7702afe00d1f4b750ea4cc71a658dd330388230e17580c2f89b548
6d573851cf7e01f2f62cc1da7f3961e45baac2e6776f8e9cab16ba120233d721
6dc4e0ef60d1c3d76dd0440547f199428d58ad2272a9b313fae25b40a1fa5b0d
6ebcda7a3a41ef97f0b4071160ceb1020e540fdc0f790079a5c2ef01ab654fe0
6fca0b40781598023aed9b45225711771eafce8f14392a49d6ed57d567255002
707fbab17c093107c5044cd36059273b8f15a07a12862b54c69bcb231b96629f
718b16b1a4b2f031416fce43324283ed713bd43a4fa0aab40f099b590e8d53d6
72502f23b81cd8c4a23fd7e961bf78879759dc5d6503a834472591fcf9828862
74e2a6bc47d860be768dd3b9fbe29f00b49c574f71be938ce4b28917ec3d8980
76a8c8ef4cde9cbd17bbaecf11ee316fab4e55cc661093e4b2d80a4e1ff52897
777cc56d4fcbc36f7a94abab1b63d6c20cf73def1bc63f02aa2313b0aa609ada
77a59cb277854c7e55d027b3cc11095a241d8107ff7be5b345403453a3d16be1
7b5fc275c98a58b1073a713920cefa54fab60ad9d85a67cf6907aaf8fbb3c474
7d1574315d35ea396b52383c5d5c2e94bafe1e22c5af2711a54a067f42a0c7f9
7d86f3908700df2c00095c3de5724452c2f5e588df2ea4e427cc83f43eb96abc
7efb77fa31d4f0639bf78693129c814560409f835d429effdbdc4abdf7224aef
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
8130c2c72afad9d94581ef93aaa00524093103c47c71fce52f606d5ff693c3ce
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83ede2da0acdef6df84879e99fbf599b5407d35337bfd10970bc7f38e8fb83e8
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
866c1297c7c366313aaacd08b2a14e52b6449ac8617274fef52b2cf05926bc0b
86d0b2339eba318a412e50b31e1ac4cf239989e58daa258d08cf4965aab68183
884bc9ee355e5de6e7a9cda65153b419ca4cc20e79170ae26532a3b08d4f8895
8a60240102743d6929a9f4ca4bd16816c6687860b4357d55262c6c4241710595
8b2484fa9a9b136b9eb56c1d2b3bfdacd1c8970acf325585235aa35b16fc010a
8cc3107567451ef72986b25387f8b8a3f8a488a601e7e50e57160c1226057295
8ecf6a9589d0fe6caaf699741fbef6fc3f0b05a10a7d3fd702592e1a57674f8d
8f5102fffc97f20212ac285df3292a8b9c3e486e4620e289c6a59c2db288c8a5
8f8e1755c04df0faa3a3ee693bfe9e0bd973cda9a7642cc593919924a60d5d25
900511ec61dfbaee57b233f89b46ff3928cfdd407e8e3dcda1e3a37057e000d1
908fcb7160dc78b110056e471ceae9ab69b26b78f0338d53eb1b97b61e66f40d
90afef414b761fdb4139da85785f4bc959ce593743ca90009ec2f9c446bce918
92606bd38901e67d069f2ef883715b6e5ae07d72ae3bead3ad92346528374afc
92e1703c262a388810c4626541f77d649060ae04cb54d731d87b3ac97a6875a0
943a150e9577247cc5e8e493065795ca77a35485b4169f33a4d6f570c209b010
94edf973e9deb80b5eccf17f8f3108eafe15209fe25fe417e8f8962a4d8f48b3
96e3623b4080d2a019664c7f4e55cb1536a45fb84c3b34aeaede4c04b4bae373
973d85ce955b1803a52396efd5c15e44b7d678753b40bc61af91438aaf8d5d9e
997e1fbf8331c9f3af1ff0ace8c73754cbfce4c143c785b7bc44dbcead23576e
9ae1e27e08b4bbc15557c0f5bbd97b4009eb86c85da9fb2be4c4085a5289182f
9c5ec933d150dd490e65fd9c25bf211606f76671d329c23f3158637bdd0c1b9f
9cc19c02d87c3360d404c6dcf6e7982304f5e54abda4209de7a3bc44d3c54883
9fa37f055fb4ea942c9a68f223a420a24d47d3f8bf32c2a6eab817f71ead3186
a0b598d86fe0c2e62c5dc4a56ee45fd9978a903d51405554953b74a1612f7446
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79
a2bd6d03b5ca4077052ad35975e64c93f8d790133a8ba0eea95d20fb5beb0b09
a2fec0b64f22b60282df0074c7c514dbd4ac4e033f246e492a3593c1855c532b
a32dc6a792384a0cfe0314a40991c6fee68809b10dab275863b851dddb2b59d6
a5765df0fd136d61feb281506ff93bdea4828b1869a570c9dfbee7cbe262fba3
a5c7a576a26b14b71d7f65a6a46d0995244d8a9effdb4a59dad0bf5b0cbe3844
a61307b63d4884dbc257c672318c63eba9c3ff9d5d1f7e52978c878c6739d7e9
aa475af0fb05e1b76590fbc8eb5b49d3c1e772a8efbde59c9991e07972f1223e
aa9ebdb733f04db5903710f0692d91cada19b2a0d97da21e0f56c5421585d9a1
ac248ab7da608a3a61f44032c9fcf1e3d0f2d74ffd6ca2e12031666038f10685
ac4505a3ec35c5418aa4bb8d44be7302793b1c24917517d2c7c8017af59360ee
b0795974bad7a0e903ee6da82d2269e01d97508a93bf6052028e318116baabe7
b1f8339b0891cce6ec8d29e8d325f6907a97565da86882baea22fc225f43911d
b4044f9274e239d667efb6f456e1549389af5aa51c9f9638ca0d666e9d4402f1
b62defac5cb1b2151f3961ef1aca9358589ebc7e3d2bb6d37669413c0a845d3a
b739ba1b23bab8b4b439d6b6ca915740bf435e16a683d927003a649bbdd08fb0
b7988f041b3939181fe71875f7b684a09b1c42da3379a25447362a0f779c3d55
b7bd6ba996aaa9583f93316051574f62058bf393715778a58dc3c86079f3a321
bb80992e70db9670a2aa4660fb332daca15db38b94fe2c2969cd773e47ed1c0f
c090c938bbe4c0ed91065ff339cc4799f3758b9c1df20af104ac749ec285f97e
c0fc35e5c33552eab8841c7714d0ff73ff4fed028b680829317be15b6ce0e856
c5aec935a67d71e501afe3e5cd8ab343546ea375cce5aa2a92ab3ae5a1a41280
c649cac7898b1c98031d305971583fc3cae1f3f0b9b4b413d74c3e9a56b2dcb9
c90cff659645a312a28804965f3dbc34061338f7234ff5d6ddb2c57e9eadec15
c98dff7a32f7f23d30894ed54d3a90434f85e05d328fd672ff706e54861338a4
ca08a5c41250b1d4f1e4de44ff2cfcd19e1b600fdddd3fdc2035f94164674255
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
ca5d0075939678fc2bd8d89febd2b9bcc951ba39fb1dd38951dab5760c9ec705
cc36b43380bb432c4bf7072bed0563f023a99360140d28bb1cd0f1a04e0e72f4
cc6eae8953afb4d9a130e2339e1edf88da1bc8d3b6afd51b0b0a3f31c01404c6
cfa4d715d627eed77ee66f6821c0d8712a80212971ebec8c910569bd411f6a13
d06df4184ba84e09a4be6a6ed101d1c3adefea0eaa833ddecf2f2251f6af33a3
d0c2e19bdc74b4c9f66e83cbb2cdf78e85fddea7765d54ecc8ea4fdbdf7c6fbe
d0cbfb1ab0f94123834567e32df7ec74a1c210793f797368d41a4b4c2732d4a0
d2e32de902aecfcdc2fd76ed867cde23a78f089399f2d61065d7c0ce296e8348
d337aa4ea0cace6bd743ef8c3b5d1d20e6e676bb4a650c7335a7383635529f31
d69a25e21a7f5a43376d8f91b3e2f5aed453da3b2a5bb45b80b13bce87361d79
d810cf8137b87c4e914e8652025c23da8e59c985c5f8cce44184aab1f3aa57b0
d92e00448bdef158e41118a2e82393fe48215c01db1c20ed9df4ee6faaaafcb4
d9658f7fae78cff248c1b299c364196332bcacb39782b051afff4b8c40d0f944
d98f76f0461187c365efd671a87749384de00b589e87fb30c0486a892769c412
dcec22bbcb68119d6c7d6d5e088fb82183a9826d0c9e3403f1386fd837f06a89
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
ddf938119baaea8aab1fea95405f5a270d92869f8a9fe6f96b2c4e8861a9cf67
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
dec02506637d6dbed46c7235314d23bdbca5052c74f02f0262edc5b9d4bebf86
e1a3c83144fa5752c8668ca056742ec9e6d6dfe5cfb75a97a9e53d1150068f91
e1d97d6a6dbe97df5128ce79c1e2fc3a208642188066cf390ecfb50dad56f957
e23f4847ac9205351df0e7c4d473f86c4fbf399c90a348ec8f06e02290eb8b77
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e563aa5d7d66b815752f76db3e41b741a3809b3ef01487d8491788c4a9e56597
e57abdea2c767b9ea1100b259d0ef397180bb6b7bd55b4335c3c281f90db905c
e75cebaa47c6e2dca209246049e0985176c1db81cb3eac468800527846a4663c
e8ced189e709f1ae60f5e9f1b35416f624d07d1c2458cd49b0e0a5765c0dd417
eb71c0f46f5a1f69a291df1779749e190addb1e9220ecb43b20b2f9ad7e41cd5
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f199a20f1fee7dec152b3591272f9715b536ed88b4c36194488fd5a734caf707
f4318580c08e089a57c757f55fb4ccaa582e9e8893da14d34e53238f7e24d49e
f44de08a06b45b0ca210d5d030bec895b4ad062c31d5be153b2e86cd37189c21
f597adb40b6dfc2be8a03751f5eb44163c97bbd52eb1789af49d4f0b58ab38fc
f72423823b8aca3ed7719ec83f569fa6936c398c486a48206226f817f60f0542
f7eeb01f12706854f87fa06b75b55b87df8300a20b47ed398813895a8ef104d6
f9ac4829b4c6ed9f639b26ea680e1b0393f73e4ea707fed35e7fcb89dfc86df1
fd2184b90a781b497f7b7453769b35f21fc1f43c838719bf034842e402fd574e
fe03d849f4abb0aa69e67b2c3d6c415ca97bffe6c3088652270808c877e6739b
fef134a7880b8d72bac16738b34fe1ed9a72da52f702537b22486826cd3b5888

securityonline.info Open in urlscan Pro 3.126.196.163 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

336 Requests

100 %HTTPS

70 %IPv6

25 Domains

39 Subdomains

38 IPs

8 Countries

2251 kBTransfer

6302 kBSize

30 Cookies

18 Outgoing links

Redirected requests

336 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 11 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

securityonline.info Open in urlscan Pro
3.126.196.163 Public Scan

Screenshot
Live screenshot

Full Image

336
Requests

100 %
HTTPS

70 %
IPv6

25
Domains

39
Subdomains

38
IPs

8
Countries

2251 kB
Transfer

6302 kB
Size

30
Cookies

336 HTTP transactions
11 data transactions