securityonline.info Open in urlscan Pro
3.126.196.163 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escala...
Submission: On September 17 via api (September 17th 2020, 1:35:37 pm UTC) from DE

Summary HTTP 425 Redirects Links 18 Behaviour Indicators

Summary

This website contacted 41 IPs in 7 countries across 25 domains to perform 425 HTTP transactions. The main IP is 3.126.196.163, located in Frankfurt am Main, Germany and belongs to AMAZON-02, US. The main domain is securityonline.info.
TLS certificate: Issued by Let's Encrypt Authority X3 on August 30th 2020. Valid for: 3 months.

This is the only time securityonline.info was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
109	3.126.196.163 3.126.196.163	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:820::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:821::2008	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:802::200a	15169 (GOOGLE) (GOOGLE)
9	2606:4700:303... 2606:4700:3031::681c:a6f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:802::2002	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6812:e134	13335 (CLOUDFLAR...) (CLOUDFLARENET)
90	172.217.23.130 172.217.23.130	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:820::2008	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:800::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:806::2008	15169 (GOOGLE) (GOOGLE)
1 1	2a02:2638:1::13 2a02:2638:1::13	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	178.250.0.157 178.250.0.157	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	185.64.189.112 185.64.189.112	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2	216.52.2.30 216.52.2.30	30282 (AS-INAPCD...) (AS-INAPCDN-OCY)
1	178.250.0.165 178.250.0.165	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
13	54.72.59.180 54.72.59.180	16509 (AMAZON-02) (AMAZON-02)
1	185.33.221.89 185.33.221.89	29990 (ASN-APPNEX) (ASN-APPNEX)
2	2a00:1450:400... 2a00:1450:4001:803::200e	15169 (GOOGLE) (GOOGLE)
3 19	2a00:1450:400... 2a00:1450:4001:825::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:817::200e	15169 (GOOGLE) (GOOGLE)
1	2a03:2880:f01... 2a03:2880:f01c:800e:face:b00c:0:2	32934 (FACEBOOK) (FACEBOOK)
1	23.210.248.189 23.210.248.189	16625 (AKAMAI-AS) (AKAMAI-AS)
15	2a00:1450:400... 2a00:1450:4001:818::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:81e::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c0c::9a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:801::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:802::2001	15169 (GOOGLE) (GOOGLE)
60	2a00:1450:400... 2a00:1450:4001:818::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:819::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:81e::200e	15169 (GOOGLE) (GOOGLE)
2	2a02:2638:1::3 2a02:2638:1::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	23.210.249.92 23.210.249.92	16625 (AKAMAI-AS) (AKAMAI-AS)
5	2a00:1450:400... 2a00:1450:4001:820::2001	15169 (GOOGLE) (GOOGLE)
1	2600:9000:20e... 2600:9000:20e8:7800:2:cb38:840:93a1	16509 (AMAZON-02) (AMAZON-02)
51	2a00:1450:400... 2a00:1450:4001:819::2001	15169 (GOOGLE) (GOOGLE)
2	2620:116:800d... 2620:116:800d:21:36a9:ecb:e518:b308	16509 (AMAZON-02) (AMAZON-02)
1 3	23.37.53.17 23.37.53.17	16625 (AKAMAI-AS) (AKAMAI-AS)
4	2a00:1450:400... 2a00:1450:4001:819::200a	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:81c::2003	15169 (GOOGLE) (GOOGLE)
1	2600:9000:20e... 2600:9000:20e8:9e00:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02)
425	41

109 3.126.196.163 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com

securityonline.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
g.ezoic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:820::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:821::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:802::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2606:4700:3031::681c:a6f (United States)

ASN13335 (CLOUDFLARENET, US)

cdn-0.securityonline.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:802::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:e134 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.onesignal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

90 172.217.23.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s18-in-f130.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:820::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ssl.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:806::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ssl.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:1::13 (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.0.157 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.189.112 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

hbopenbid.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.52.2.30 (United States)

ASN30282 (AS-INAPCDN-OCY, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.0.165 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
PTR: bidder.par.vip.prod.criteo.com

bidder.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 54.72.59.180 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-72-59-180.eu-west-1.compute.amazonaws.com

g2.gumgum.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.33.221.89 (Netherlands)

ASN29990 (ASN-APPNEX, US)
PTR: 719.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:803::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 2a00:1450:4001:825::2004 (Frankfurt am Main, Germany) 3 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:817::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cse.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f01c:800e:face:b00c:0:2 (Ireland)

ASN32934 (FACEBOOK, US)

graph.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.210.248.189 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-210-248-189.deploy.static.akamaitechnologies.com

api.pinterest.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:1450:4001:818::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0c::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:801::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:802::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

9f46ee1ec8ac4216d9f21580f094faa8.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

60 2a00:1450:4001:818::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:819::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81e::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

clients1.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638:1::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.210.249.92 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-210-249-92.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:820::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:20e8:7800:2:cb38:840:93a1 (United States)

ASN16509 (AMAZON-02, US)

go.ezoic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

51 2a00:1450:4001:819::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:116:800d:21:36a9:ecb:e518:b308 (United States)

ASN16509 (AMAZON-02, US)

secure.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.37.53.17 (Netherlands) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-37-53-17.deploy.static.akamaitechnologies.com

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:819::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:81c::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:20e8:9e00:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
104	securityonline.info securityonline.info cdn-0.securityonline.info	504 KB
95	doubleclick.net securepubads.g.doubleclick.net googleads.g.doubleclick.net stats.g.doubleclick.net	319 KB
76	googlesyndication.com pagead2.googlesyndication.com 9f46ee1ec8ac4216d9f21580f094faa8.safeframe.googlesyndication.com tpc.googlesyndication.com	926 KB
56	ampproject.org cdn.ampproject.org	1 MB
24	google.com 3 redirects adservice.google.com www.google.com cse.google.com clients1.google.com	168 KB
15	ezoic.net g.ezoic.net go.ezoic.net	2 KB
13	gumgum.com g2.gumgum.com	26 KB
12	gstatic.com fonts.gstatic.com	150 KB
7	googleapis.com fonts.googleapis.com	5 KB
5	google-analytics.com ssl.google-analytics.com www.google-analytics.com	36 KB
3	scorecardresearch.com 1 redirects sb.scorecardresearch.com	2 KB
3	criteo.com 1 redirects gum.criteo.com mug.criteo.com bidder.criteo.com	1 KB
2	quantserve.com secure.quantserve.com pixel.quantserve.com	8 KB
2	criteo.net static.criteo.net	43 KB
2	lijit.com ap.lijit.com	727 B
2	pubmatic.com hbopenbid.pubmatic.com ads.pubmatic.com	46 KB
1	quantcount.com rules.quantcount.com	348 B
1	googletagservices.com www.googletagservices.com	28 KB
1	google.de www.google.de	106 B
1	google.fr adservice.google.fr	890 B
1	pinterest.com api.pinterest.com	439 B
1	facebook.com graph.facebook.com	634 B
1	adnxs.com ib.adnxs.com	1 KB
1	onesignal.com cdn.onesignal.com	3 KB
1	googletagmanager.com www.googletagmanager.com	35 KB
425	25

	Domain	Requested by
95	securityonline.info	securityonline.info cdn-0.securityonline.info
90	securepubads.g.doubleclick.net	securityonline.info securepubads.g.doubleclick.net
60	tpc.googlesyndication.com	securepubads.g.doubleclick.net pagead2.googlesyndication.com tpc.googlesyndication.com securityonline.info cdn.ampproject.org
56	cdn.ampproject.org	securepubads.g.doubleclick.net
19	www.google.com	3 redirects www.google.com securityonline.info
14	g.ezoic.net	securityonline.info
14	pagead2.googlesyndication.com	securityonline.info pagead2.googlesyndication.com
13	g2.gumgum.com	securityonline.info
12	fonts.gstatic.com	fonts.googleapis.com
9	cdn-0.securityonline.info	securityonline.info
7	fonts.googleapis.com	securityonline.info securepubads.g.doubleclick.net
4	googleads.g.doubleclick.net	pagead2.googlesyndication.com securityonline.info
3	sb.scorecardresearch.com	1 redirects go.ezoic.net
3	ssl.google-analytics.com	securityonline.info
2	static.criteo.net	securityonline.info static.criteo.net
2	9f46ee1ec8ac4216d9f21580f094faa8.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	cse.google.com	securityonline.info www.google.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	ap.lijit.com	securityonline.info
2	adservice.google.com	securityonline.info securepubads.g.doubleclick.net
1	pixel.quantserve.com
1	rules.quantcount.com	secure.quantserve.com
1	secure.quantserve.com	go.ezoic.net
1	go.ezoic.net	securityonline.info
1	ads.pubmatic.com	securityonline.info
1	clients1.google.com	securityonline.info
1	www.googletagservices.com	pagead2.googlesyndication.com
1	www.google.de	securityonline.info
1	adservice.google.fr	securepubads.g.doubleclick.net
1	stats.g.doubleclick.net	www.google-analytics.com
1	api.pinterest.com	cdn-0.securityonline.info
1	graph.facebook.com	cdn-0.securityonline.info
1	ib.adnxs.com	securityonline.info
1	bidder.criteo.com	securityonline.info
1	hbopenbid.pubmatic.com	securityonline.info
1	mug.criteo.com	securityonline.info
1	gum.criteo.com	1 redirects
1	cdn.onesignal.com	securityonline.info
1	www.googletagmanager.com	securityonline.info
425	39

This site contains links to these domains. Also see Links.

Domain
silktide.com
foxglovesecurity.com
github.com
www.facebook.com
www.twitter.com
www.youtube.com
www.paypal.com
meterpreter.org
www.ezoic.com
g.ezoic.net

Subject Issuer	Validity	Valid
securityonline.info Let's Encrypt Authority X3	`2020-08-30` - `2020-11-28`	3 months	crt.sh
*.google.com GTS CA 1O1	`2020-08-26` - `2020-11-18`	3 months	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-09-03` - `2020-11-26`	3 months	crt.sh
upload.video.google.com GTS CA 1O1	`2020-08-26` - `2020-11-18`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-07-18` - `2021-07-18`	a year	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2020-08-26` - `2020-11-18`	3 months	crt.sh
ezoic.net Let's Encrypt Authority X3	`2020-07-27` - `2020-10-25`	3 months	crt.sh
*.gstatic.com GTS CA 1O1	`2020-09-03` - `2020-11-26`	3 months	crt.sh
*.criteo.com DigiCert ECC Secure Server CA	`2020-09-04` - `2020-12-03`	3 months	crt.sh
*.pubmatic.com Sectigo RSA Organization Validation Secure Server CA	`2019-02-22` - `2021-02-21`	2 years	crt.sh
*.lijit.com Go Daddy Secure Certificate Authority - G2	`2020-03-11` - `2021-05-10`	a year	crt.sh
*.gumgum.com Amazon	`2020-07-03` - `2021-08-03`	a year	crt.sh
*.adnxs.com DigiCert ECC Secure Server CA	`2019-01-23` - `2021-03-08`	2 years	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2020-07-21` - `2020-10-12`	3 months	crt.sh
*.pinterest.com DigiCert SHA2 High Assurance Server CA	`2020-07-16` - `2021-08-04`	a year	crt.sh
*.google.fr GTS CA 1O1	`2020-08-26` - `2020-11-18`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1O1	`2020-08-26` - `2020-11-18`	3 months	crt.sh
www.google.de GTS CA 1O1	`2020-08-26` - `2020-11-18`	3 months	crt.sh
*.criteo.net DigiCert ECC Secure Server CA	`2020-09-04` - `2020-12-03`	3 months	crt.sh
misc-sni.google.com GTS CA 1O1	`2020-08-26` - `2020-11-18`	3 months	crt.sh
www.google.com GTS CA 1O1	`2020-08-26` - `2020-11-18`	3 months	crt.sh
*.ezoic.net Amazon	`2020-03-15` - `2021-04-15`	a year	crt.sh
*.quantserve.com DigiCert SHA2 High Assurance Server CA	`2019-10-04` - `2020-10-07`	a year	crt.sh
sb.scorecardresearch.com DigiCert Secure Site ECC CA-1	`2020-07-17` - `2021-06-02`	a year	crt.sh

This page contains 18 frames:

Primary Page: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Frame ID: 23D0EC6BD86E6FF52F75F8145C52EDC3
Requests: 268 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20200914/r20190131/zrt_lookup.html
Frame ID: 7C92753C1953C67B58BEC415031A3C79
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6396844742497208&output=html&adk=1812271804&adf=3025194257&lmt=1600349720&plaf=1%3A2%2C2%3A2%2C3%3A2%2C4%3A2%2C5%3A2&plat=1%3A32904%2C2%3A16810120%2C8%3A128%2C9%3A32904%2C10%3A32%2C11%3A32%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C27%3A128%2C30%3A1081472%2C32%3A32%2C40%3A32&guci=1.2.0.0.2.2.0.0&format=0x0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&ea=0&flash=0&pra=5&wgl=1&dt=1600349720604&bpp=5&bdt=457&idt=229&shv=r20200914&cbv=r20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=1730772452021&frm=20&pv=2&ga_vid=1643016272.1600349720&ga_sid=1600349720&ga_hid=1485600483&ga_fc=1&ga_wpids=UA-124345349-20&iag=0&icsg=4236129461731330&dssz=106&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C44723322%2C21066647&oid=3&pvsid=4316486664546050&pem=505&rx=0&eae=2&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8192&bc=31&ifi=0&uci=a!0&fsb=1&dtd=240
Frame ID: 80EF2D20184AD2B6987381F10C5A8158
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/210/runner.html
Frame ID: 659F1CF611A58951907CFE5781663661
Requests: 1 HTTP requests in this frame

Frame: https://ap.lijit.com/beacon?informer=8711458
Frame ID: 98C87402F9D909F3456A41829573E826
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: 424F298E17E9CD2D18B55D9869CAE00C
Requests: 1 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js
Frame ID: FF4A873D4A4248F6EEFB14506C11552C
Requests: 13 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.mjs
Frame ID: 74A409042A55C7EAD8EE8C5461ADDDDF
Requests: 18 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js
Frame ID: A35B6A103FFAC0CE0CAEF5105ADC94FB
Requests: 14 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.mjs
Frame ID: 3F7240083AE00953A4A4D4AB473DE2C4
Requests: 15 HTTP requests in this frame

Frame: https://9f46ee1ec8ac4216d9f21580f094faa8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Frame ID: 029DA08C91970F9653CBAF4F4296520D
Requests: 1 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js
Frame ID: 85B03CC7FEFBC68C0B7B81F929E7A075
Requests: 16 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js
Frame ID: AE7FD22908B60A758787AE8A5FC51A70
Requests: 14 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js
Frame ID: B86390D9BF9E62FF8914307A158CE41B
Requests: 17 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js
Frame ID: 22ECD0C58C7DA8729E971A33E58FB79A
Requests: 13 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js
Frame ID: 1876193409FEF20F99A5585045D4AC1B
Requests: 14 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js
Frame ID: 7DF60528B977BE848525A136FE4C80D0
Requests: 18 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js
Frame ID: DC559A9AF8F2ED410A8D61691E5CA2C8
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /googlesyndication\.com\//i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Quantcast (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /\.quantserve\.com\/quant\.js/i

comScore (Analytics) Expand

Overall confidence: 100%
Detected patterns

html /<iframe[^>]* (?:id="comscore"|scr=[^>]+comscore)|\.scorecardresearch\.com\/beacon\.js|COMSCORE\.beacon/i
script /\.scorecardresearch\.com\/beacon\.js|COMSCORE\.beacon/i

Page Statistics

425
Requests

100 %
HTTPS

73 %
IPv6

25
Domains

39
Subdomains

41
IPs

7
Countries

3465 kB
Transfer

9116 kB
Size

30
Cookies

18 Outgoing links

These are links going to different origins than the main page.

URL: http://silktide.com/cookieconsent
Title: Cookie Consent plugin for the EU cookie law

Search URL Search Domain Scan URL

URL: https://foxglovesecurity.com/2016/01/16/hot-potato/
Title: here

Search URL Search Domain Scan URL

URL: https://github.com/foxglovesec/Potato
Title: executable file

Search URL Search Domain Scan URL

URL: https://github.com/Kevin-Robertson/Tater
Title: Tater

Search URL Search Domain Scan URL

URL: https://www.facebook.com/DdoS-109131310571187/

Search URL Search Domain Scan URL

URL: https://www.twitter.com/the_yellow_fall

Search URL Search Domain Scan URL

URL: https://www.youtube.com/c/penetrationtestingwithddos

Search URL Search Domain Scan URL

URL: https://github.com/FreelancePentester

Search URL Search Domain Scan URL

URL: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=freelance%2epentester%40yahoo%2ecom&lc=GB&currency_code=USD&bn=PP%2dDonationsBF%3abtn_donateCC_LG_global%2egif%3aNonHosted

Search URL Search Domain Scan URL

URL: https://meterpreter.org/category/vulnerability/feed/

Search URL Search Domain Scan URL

URL: https://meterpreter.org/
Title: Suggested Reading

Search URL Search Domain Scan URL

URL: https://meterpreter.org/researcher-publishes-microsoft-exchange-rce-vulnerability-poc/
Title: Researcher publishes Microsoft Exchange RCE Vulnerability PoC

Search URL Search Domain Scan URL

URL: https://meterpreter.org/cve-2020-2040-pan-os-buffer-overflow-vulnerability-alert/
Title: CVE-2020-2040: PAN-OS Buffer Overflow Vulnerability Alert

Search URL Search Domain Scan URL

URL: https://meterpreter.org/microsoft-suddenly-cancels-family-calendar-features-in-outlook-desktop-apps/
Title: Microsoft suddenly cancels family calendar features in Outlook desktop apps

Search URL Search Domain Scan URL

URL: https://meterpreter.org/cve-2020-11974-cve-2020-13922-apache-dolphinscheduler-critical-vulnerabilities-alert/
Title: CVE-2020-11974, CVE-2020-13922: Apache DolphinScheduler Critical Vulnerabilities Alert

Search URL Search Domain Scan URL

URL: https://meterpreter.org/microsoft-september-patch-fixes-129-security-vulnerabilities/
Title: Microsoft September Patch fixes 129 security vulnerabilities

Search URL Search Domain Scan URL

URL: https://www.ezoic.com/what-is-ezoic/

Search URL Search Domain Scan URL

URL: https://g.ezoic.net/privacy/securityonline.info
Title: Read more

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 42

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fsecurityonline.info%2F&domain=securityonline.info&cw=1 HTTP 302
https://mug.criteo.com/sid?cpp=DBY883xOWE4vdkFzaWErUjdFN1ljM2RLcDk4cGswYWhVZHFudmozaUtoOVJQeVBjODNTVkdBeU1kbTg1M005Yk9Kei9pOTErcEZTd0NoSFVTTDNCZEdaMU1DWWpPMnNCODVlVlloWktRWGgzWnhSaGZ4UXlKc0dlSG1uK3pBT0RpOWovM1ZXeUVLcmloR2xtODM2M21Hbyt6T3BPU1ZYbHZ4dk9iSDZJNG1HTkIrMzNNTkhkbVhrQTZDMG93ZDdoTEtKdExONnkwZGwzS0RjSWs4YzdUTzBHVVlDK21ZZ1FvaWYwU3NkNUcvbmIvM0p3PXw&cppv=2

Request Chain 67

https://www.google.com/cse/cse.js?cx=000577952335514451944:olq_fi17mqa HTTP 302
https://cse.google.com/cse/cse.js?cx=000577952335514451944:olq_fi17mqa

Request Chain 185

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 242

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 335

https://sb.scorecardresearch.com/b?c1=2&c2=20015427&ns__t=1600349727089&ns_c=UTF-8&cv=3.5&c8=Hot%20Potato%20%E2%80%93%20Windows%20Privilege%20Escalation%2CHot%20Potato%20%E2%80%93%20Windows%207%2C8%2C10%2C%20Server%202008%2C%20Server%202012%20Privilege%20Escalation%20in%20Metasploit%20%26%20PowerShell&c7=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&c9= HTTP 302
https://sb.scorecardresearch.com/b2?c1=2&c2=20015427&ns__t=1600349727089&ns_c=UTF-8&cv=3.5&c8=Hot%20Potato%20%E2%80%93%20Windows%20Privilege%20Escalation%2CHot%20Potato%20%E2%80%93%20Windows%207%2C8%2C10%2C%20Server%202008%2C%20Server%202012%20Privilege%20Escalation%20in%20Metasploit%20%26%20PowerShell&c7=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&c9=&cs_ak_ss=1

425 HTTP transactions
19 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/ 183 KB
31 KB 634ms
547ms Document
text/html 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-126-196-163.eu-central-1.compute.amazonaws.com

Software

nginx/1.16.0 /

Resource Hash

6296286517d7c38458487bc19574661edc22928bdea3a311438d4753b055aa38

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:method: GET
:authority: securityonline.info
:scheme: https
:path: /hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-encoding: br
content-type: text/html; charset=UTF-8
date: Thu, 17 Sep 2020 13:35:20 GMT
display: pub_site_sol
expires: Wed, 16 Sep 2020 13:35:20 GMT
pagespeed: off
response: 200
server: nginx/1.16.0
set-cookie: ezoadgid_124533=-1; Path=/; Domain=securityonline.info; Expires=Thu, 17 Sep 2020 14:05:19 UTC ezoref_124533=; Path=/; Domain=securityonline.info; Expires=Thu, 17 Sep 2020 15:35:19 UTC ezoab_124533=mod72-c; Path=/; Domain=securityonline.info; Expires=Thu, 17 Sep 2020 15:35:19 UTC active_template::124533=pub_site.1600349719; Path=/; Domain=securityonline.info; Expires=Sat, 19 Sep 2020 13:35:19 UTC ezopvc_124533=1; Path=/; Domain=securityonline.info; Expires=Thu, 17 Sep 2020 14:05:20 UTC ezepvv=1303; Path=/; Domain=securityonline.info; Expires=Fri, 18 Sep 2020 13:35:20 UTC lp_124533=https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/; Path=/; Domain=securityonline.info; Expires=Thu, 17 Sep 2020 15:35:20 UTC ezovid_124533=313507039; Path=/; Domain=securityonline.info; Expires=Thu, 17 Sep 2020 14:05:20 UTC ezovuuidtime_124533=1600349720; Path=/; Domain=securityonline.info; Expires=Sat, 19 Sep 2020 13:35:20 UTC ezovuuid_124533=75013b99-e927-4768-40cd-d795322a8888; Path=/; Domain=securityonline.info; Expires=Thu, 17 Sep 2020 14:05:20 UTC ezCMPCCS=true; Path=/; Domain=securityonline.info; Expires=Fri, 17 Sep 2021 13:35:20 GMT
strict-transport-security: max-age=31536000
vary: Accept-Encoding Accept-Encoding
x-middleton-display: pub_site_sol
x-middleton-response: 200
x-sol: pub_site

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 109 B
246 B 17ms
16ms Script
application/javascript 2a00:1450:4001:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=securityonline.info

Requested by

Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 17 Sep 2020 13:35:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H2 200 dall3202test.js Show response
securityonline.info/porpoiseant/ 331 KB
96 KB 62ms
61ms Script
application/javascript 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://securityonline.info/porpoiseant/dall3202test.js?cb=191-2
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 8f8e1755c04df0faa3a3ee693bfe9e0bd973cda9a7642cc593919924a60d5d25

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:20 GMT
content-encoding: br
last-modified: Fri, 11 Sep 2020 19:55:52 GMT
server: nginx/1.16.0
etag: "52cd7-5af0f126c2200;5af78a36e0079-gzip"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=31536000, public
accept-ranges: bytes

GET
H2 200 boise.js Show response
securityonline.info/detroitchicago/ 983 B
465 B 33ms
33ms Script
application/javascript 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://securityonline.info/detroitchicago/boise.js?gcb=191-2&cb=1
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 41eb9054d5d5527274926b32631be8eb22dd6254f15a4d9d14cfe2688ea4f538

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:20 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
status: 200
x-middleton-display: sol-js
cache-control: max-age=31536000, public
content-length: 426

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 88 KB
35 KB 22ms
14ms Script
application/javascript 2a00:1450:4001:821::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-63315582-2

Requested by

Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

49c674a5b6988e76230bcb3d454bed80de3a4d1c8116e13b438308ab3d007fd1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:20 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35658
x-xss-protection: 0
last-modified: Thu, 17 Sep 2020 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 17 Sep 2020 13:35:20 GMT

GET
H2 200 css
fonts.googleapis.com/ 10 KB
913 B 15ms
15ms Stylesheet
text/css 2a00:1450:4001:802::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Ubuntu:400,400italic,300italic,300,700&subset=latin,latin-ext

Requested by

Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

52df8a245d91ed0c010c160750e959934e80caf88d6f0e96c26f5354c88781e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 17 Sep 2020 13:28:58 GMT
server: ESF
date: Thu, 17 Sep 2020 13:35:20 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 17 Sep 2020 13:35:20 GMT

GET
H2 200 br0pk.css
cdn-0.securityonline.info/wp-content/cache/wpfc-minified/2y1t9d76/ 155 KB
25 KB 67ms
20ms Stylesheet
text/css 2606:4700:3031::681c:a6f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-0.securityonline.info/wp-content/cache/wpfc-minified/2y1t9d76/br0pk.css?ff=1&wps=true
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::681c:a6f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d69a25e21a7f5a43376d8f91b3e2f5aed453da3b2a5bb45b80b13bce87361d79

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:20 GMT
content-encoding: br
cf-cache-status: HIT
x-sol: orig
age: 1424167
cf-polished: origSize=158369
status: 200
x-middleton-display: staticcontent_sol, orig_site_sol
x-middleton-response: 200
cf-request-id: 053ddfe6950000c2a486162200000001
pragma: public
response: 200
last-modified: Fri, 28 Aug 2020 00:49:20 GMT
server: cloudflare
etag: W/"5f0c3b34-2693c-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding,Origin
content-type: text/css
expires: Thu, 01 Oct 2020 01:59:13 GMT
cache-control: public, max-age=31536000
cf-ray: 5d4335b75cd8c2a4-FRA
display: staticcontent_sol, orig_site_sol
cf-bgj: minify

GET
H2 200 br0pk.css
cdn-0.securityonline.info/wp-content/cache/wpfc-minified/7z76zcfw/ 57 KB
12 KB 63ms
16ms Stylesheet
text/css 2606:4700:3031::681c:a6f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-0.securityonline.info/wp-content/cache/wpfc-minified/7z76zcfw/br0pk.css?ff=1&wps=true
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::681c:a6f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b7bd6ba996aaa9583f93316051574f62058bf393715778a58dc3c86079f3a321

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:20 GMT
content-encoding: br
cf-cache-status: HIT
x-sol: orig
age: 29603
status: 200
x-middleton-display: staticcontent_sol, orig_site_sol
x-middleton-response: 200
cf-request-id: 053ddfe6960000c2a486163200000001
pragma: public
response: 200
last-modified: Thu, 17 Sep 2020 01:52:36 GMT
server: cloudflare
etag: W/"5f0c3b34-e3ec-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding,Origin
content-type: text/css
expires: Sat, 17 Oct 2020 05:21:57 GMT
cache-control: public, max-age=31536000
cf-ray: 5d4335b75cdac2a4-FRA
display: staticcontent_sol, orig_site_sol
cf-bgj: minify

GET
H2 200 3u80x.js Show response
cdn-0.securityonline.info/wp-content/cache/wpfc-minified/kl22a9fh/ 142 KB
50 KB 71ms
24ms Script
application/javascript 2606:4700:3031::681c:a6f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-0.securityonline.info/wp-content/cache/wpfc-minified/kl22a9fh/3u80x.js
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::681c:a6f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4bee892d451bec22710e7342576780de52825fd4a6d256b0e1f0c7ec1e26c3fc

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:20 GMT
content-encoding: br
cf-cache-status: HIT
age: 3135479
cf-polished: origSize=145463
status: 200
x-middleton-display: staticcontent_sol, staticcontent_sol
x-middleton-response: 200
cf-request-id: 053ddfe6960000c2a486164200000001
pragma: public
response: 200
last-modified: Wed, 12 Aug 2020 04:24:29 GMT
server: cloudflare
etag: W/"5f336efd-23837-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding,Origin
content-type: application/javascript
expires: Fri, 11 Sep 2020 06:37:21 GMT
cache-control: public, max-age=31536000
cf-ray: 5d4335b75cdcc2a4-FRA
display: staticcontent_sol, staticcontent_sol
cf-bgj: minify

GET
H2 200 cookieconsent.min.js Show response
securityonline.info/ezoic/ 4 KB
2 KB 36ms
34ms Script
application/javascript 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://securityonline.info/ezoic/cookieconsent.min.js
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 10d4b728888654e0b85c706a9310b551087d3321fb8ebfff147d07b13fa73bf0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:20 GMT
content-encoding: br
last-modified: Fri, 11 Sep 2020 19:55:52 GMT
server: nginx/1.16.0
etag: "11a4-5af0f126c2200-gzip"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=31536000, public
accept-ranges: bytes
content-length: 1707
expires: Fri, 17 Sep 2021 13:35:20 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 130 KB
45 KB 28ms
20ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

44448f8722571f32047ab0f1ae0b60ee77e270a84db9fd08564874c18ba38200

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 45922
x-xss-protection: 0
server: cafe
etag: 4663029478138947517
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 17 Sep 2020 13:35:20 GMT

GET
H2 200 google_cse_v2.js Show response
cdn-0.securityonline.info/wp-content/plugins/wp-google-search/assets/js/ 333 B
356 B 57ms
15ms Script
application/javascript 2606:4700:3031::681c:a6f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-0.securityonline.info/wp-content/plugins/wp-google-search/assets/js/google_cse_v2.js?ver=1
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::681c:a6f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 699d4828c42481ca941e4faf8ffa28d0e08f30044d54b41af5a8d9bde16dcddd

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:20 GMT
content-encoding: br
cf-cache-status: HIT
age: 2448841
cf-polished: origSize=468
status: 200
x-middleton-display: staticcontent_sol, staticcontent_sol
x-middleton-response: 200
cf-request-id: 053ddfe6960000c2a486165200000001
pragma: public
response: 200
last-modified: Sat, 15 Aug 2020 17:47:05 GMT
server: cloudflare
etag: W/"5eb2816f-1d4-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding,Origin
content-type: application/javascript
expires: Sat, 19 Sep 2020 05:21:19 GMT
cache-control: public, max-age=31536000
cf-ray: 5d4335b75cddc2a4-FRA
display: staticcontent_sol, staticcontent_sol
cf-bgj: minify

GET
H2 200 jQuerySharrre.min.js Show response
cdn-0.securityonline.info/wp-content/plugins/hueman-addons/addons/assets/front/js/ 11 KB
3 KB 56ms
14ms Script
application/javascript 2606:4700:3031::681c:a6f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-0.securityonline.info/wp-content/plugins/hueman-addons/addons/assets/front/js/jQuerySharrre.min.js?ver=5.5.1
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::681c:a6f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7d1574315d35ea396b52383c5d5c2e94bafe1e22c5af2711a54a067f42a0c7f9

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:20 GMT
content-encoding: br
cf-cache-status: HIT
age: 1320080
status: 200
x-middleton-display: staticcontent_sol, staticcontent_sol
x-middleton-response: 200
cf-request-id: 053ddfe6960000c2a486166200000001
pragma: public
response: 200
last-modified: Fri, 28 Aug 2020 09:37:21 GMT
server: cloudflare
etag: W/"5f48d051-2dc7-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding,Origin
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 5d4335b75ce0c2a4-FRA
display: staticcontent_sol, staticcontent_sol
expires: Fri, 02 Oct 2020 06:54:00 GMT

GET
H2 200 underscore.min.js Show response
cdn-0.securityonline.info/wp-includes/js/ 16 KB
6 KB 56ms
15ms Script
application/javascript 2606:4700:3031::681c:a6f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-0.securityonline.info/wp-includes/js/underscore.min.js?ver=1.8.3
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::681c:a6f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7b5fc275c98a58b1073a713920cefa54fab60ad9d85a67cf6907aaf8fbb3c474

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:20 GMT
content-encoding: br
cf-cache-status: HIT
age: 518674
status: 200
x-middleton-display: staticcontent_sol, staticcontent_sol
x-middleton-response: 200
cf-request-id: 053ddfe6960000c2a486168200000001
pragma: public
response: 200
last-modified: Fri, 11 Sep 2020 10:11:30 GMT
server: cloudflare
etag: W/"5e854a87-3f1a-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding,Origin
content-type: application/javascript
cache-control: max-age=2592000, public, must-revalidate, proxy-revalidate
cf-ray: 5d4335b75ce3c2a4-FRA
display: staticcontent_sol, staticcontent_sol
expires: Sun, 11 Oct 2020 13:30:46 GMT

GET
H2 200 scripts.min.js Show response
cdn-0.securityonline.info/wp-content/themes/hueman/assets/front/js/ 75 KB
21 KB 24ms
17ms Script
application/javascript 2606:4700:3031::681c:a6f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-0.securityonline.info/wp-content/themes/hueman/assets/front/js/scripts.min.js?ver=3.6.3
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::681c:a6f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0d6e69a0aef977e4aa5bc1336d91092c5ee481cf495663807880b3641a0cdf37

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:20 GMT
content-encoding: br
cf-cache-status: HIT
age: 8325
status: 200
x-middleton-display: staticcontent_sol, staticcontent_sol
x-middleton-response: 200
cf-request-id: 053ddfe6c90000c2a48616a200000001
pragma: public
response: 200
last-modified: Thu, 17 Sep 2020 10:47:31 GMT
server: cloudflare
etag: W/"5f633ec3-12a61-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding,Origin
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 5d4335b7ad77c2a4-FRA
display: staticcontent_sol, staticcontent_sol
expires: Sat, 17 Oct 2020 11:16:35 GMT

GET
H2 200 comment-reply.min.js Show response
cdn-0.securityonline.info/wp-includes/js/ 3 KB
1 KB 56ms
14ms Script
application/javascript 2606:4700:3031::681c:a6f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-0.securityonline.info/wp-includes/js/comment-reply.min.js?ver=5.5.1
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::681c:a6f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d06df4184ba84e09a4be6a6ed101d1c3adefea0eaa833ddecf2f2251f6af33a3

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:20 GMT
content-encoding: br
cf-cache-status: HIT
age: 961196
status: 200
x-middleton-display: staticcontent_sol, staticcontent_sol
x-middleton-response: 200
cf-request-id: 053ddfe6960000c2a486169200000001
pragma: public
response: 200
last-modified: Sun, 06 Sep 2020 08:09:22 GMT
server: cloudflare
etag: W/"5f4f23bf-b2d-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding,Origin
content-type: application/javascript
cache-control: max-age=2592000, public, must-revalidate, proxy-revalidate
cf-ray: 5d4335b75ce4c2a4-FRA
display: staticcontent_sol, staticcontent_sol
expires: Tue, 06 Oct 2020 10:35:24 GMT

GET
H2 200 wp-embed.min.js Show response
cdn-0.securityonline.info/wp-includes/js/ 1 KB
1 KB 54ms
13ms Script
application/javascript 2606:4700:3031::681c:a6f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-0.securityonline.info/wp-includes/js/wp-embed.min.js?ver=5.5.1
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::681c:a6f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6ebcda7a3a41ef97f0b4071160ceb1020e540fdc0f790079a5c2ef01ab654fe0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:20 GMT
content-encoding: br
cf-cache-status: HIT
age: 1320080
status: 200
x-middleton-display: staticcontent_sol, staticcontent_sol
x-middleton-response: 200
cf-request-id: 053ddfe6960000c2a486167200000001
pragma: public
response: 200
last-modified: Fri, 28 Aug 2020 00:49:20 GMT
server: cloudflare
etag: W/"5e854a87-59a-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding,Origin
content-type: application/javascript
cache-control: max-age=2592000, public, must-revalidate, proxy-revalidate
cf-ray: 5d4335b75ce2c2a4-FRA
display: staticcontent_sol, staticcontent_sol
expires: Fri, 02 Oct 2020 06:54:00 GMT

GET
H2 200 OneSignalSDK.js Show response
cdn.onesignal.com/sdks/ 8 KB
3 KB 45ms
19ms Script
application/javascript 2606:4700::6812:e134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js?ver=5.5.1
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6812:e134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 96e3623b4080d2a019664c7f4e55cb1536a45fb84c3b34aeaede4c04b4bae373

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:20 GMT
content-encoding: gzip
cf-cache-status: HIT
server: cloudflare
age: 1378
etag: W/"f9d3ce9829dac0f7e3861df96a993d72"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: public, max-age=259200
cf-ray: 5d4335b7cd041f2d-FRA
cf-request-id: 053ddfe6de00001f2de186e200000001
expires: Sun, 20 Sep 2020 13:35:20 GMT

GET
H2 200 houston.js Show response
securityonline.info/detroitchicago/ 3 KB
957 B 41ms
34ms Script
application/javascript 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://securityonline.info/detroitchicago/houston.js?gcb=2&cb=16
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 6dc4e0ef60d1c3d76dd0440547f199428d58ad2272a9b313fae25b40a1fa5b0d

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:20 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
status: 200
x-middleton-display: sol-js
cache-control: max-age=31536000, public
content-length: 925

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 53 KB
18 KB 129ms
61ms Script
text/javascript 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

sffe /

Resource Hash

79c49c37107dc301cefbe781889d4b8c4a9d67997cf77a1f85adbc90c0feada1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "635 / 489 of 1000 / last-modified: 1600341137"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17847
x-xss-protection: 0
expires: Thu, 17 Sep 2020 13:35:20 GMT

GET
H2 200 tulsa.js Show response
securityonline.info/detroitchicago/ 9 KB
3 KB 43ms
36ms Script
application/javascript 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://securityonline.info/detroitchicago/tulsa.js?gcb=191-2&cb=2
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: a61307b63d4884dbc257c672318c63eba9c3ff9d5d1f7e52978c878c6739d7e9

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:20 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
status: 200
x-middleton-display: sol-js
cache-control: max-age=31536000, public
content-length: 2680

GET
H2 200 banger.js Show response
securityonline.info/porpoiseant/ 49 KB
10 KB 46ms
40ms Script
application/javascript 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://securityonline.info/porpoiseant/banger.js?cb=191-2&bv=86&v=35&PageSpeed=off
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 0427044dc58b5145ec8dba0c8a0cf3e588e15022071b150bcf14c326bf223a82

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Thu, 17 Sep 2020 13:35:20 GMT
content-encoding: br
server: nginx/1.16.0
cache-control: max-age=31536000, public
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript

GET
H2 200 memphis.js Show response
securityonline.info/detroitchicago/ 5 KB
1 KB 40ms
34ms Script
application/javascript 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://securityonline.info/detroitchicago/memphis.js?gcb=191-2&cb=1
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 1ca10f8a06498f5c3104fbf34cf163e62be492b1a214470ec765215b20a166aa

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:20 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
status: 200
x-middleton-display: sol-js
cache-control: max-age=31536000, public
content-length: 1454

GET
H2 200 minneapolis.js Show response
securityonline.info/detroitchicago/ 845 B
451 B 38ms
32ms Script
application/javascript 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://securityonline.info/detroitchicago/minneapolis.js?gcb=191-2&cb=1
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: aa475af0fb05e1b76590fbc8eb5b49d3c1e772a8efbde59c9991e07972f1223e

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:20 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
status: 200
x-middleton-display: sol-js
cache-control: max-age=31536000, public
content-length: 419

GET
H2 200 raleigh.js Show response
securityonline.info/detroitchicago/ 2 KB
751 B 38ms
33ms Script
application/javascript 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://securityonline.info/detroitchicago/raleigh.js?gcb=191-2&cb=1
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 0fadd83464640fea2e28bf01fdd092956772ff393ab5399a496d1caec4170cb4

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:20 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
status: 200
x-middleton-display: sol-js
cache-control: max-age=31536000, public
content-length: 720

GET
H2 200 tampa.js Show response
securityonline.info/detroitchicago/ 754 B
437 B 41ms
36ms Script
application/javascript 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://securityonline.info/detroitchicago/tampa.js?gcb=191-2&cb=1
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: a2bd6d03b5ca4077052ad35975e64c93f8d790133a8ba0eea95d20fb5beb0b09

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:20 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
status: 200
x-middleton-display: sol-js
cache-control: max-age=31536000, public
content-length: 405

GET
H2 200 rochester.js Show response
securityonline.info/detroitchicago/ 2 KB
783 B 40ms
35ms Script
application/javascript 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://securityonline.info/detroitchicago/rochester.js?cb=191-2&v=9
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 777cc56d4fcbc36f7a94abab1b63d6c20cf73def1bc63f02aa2313b0aa609ada

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:20 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
status: 200
x-middleton-display: sol-js
cache-control: max-age=31536000, public
content-length: 751

GET
H2 200 ga.js Show response
ssl.google-analytics.com/ 45 KB
17 KB 10ms
5ms Script
text/javascript 2a00:1450:4001:820::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ssl.google-analytics.com/ga.js

Requested by

Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 09 Sep 2020 01:50:37 GMT
server: Golfe2
age: 4284
date: Thu, 17 Sep 2020 12:23:56 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17168
expires: Thu, 17 Sep 2020 14:23:56 GMT

GET
H2 200 ezosuigeneris.js Show response
g.ezoic.net/ 555 B
562 B 111ms
38ms Script
text/javascript 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezoic.net/ezosuigeneris.js
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: d6e21afc80800ed2e2c08801d5d864825eb9044d167e7d56d695ad546b158cff

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:20 GMT
content-encoding: br
last-modified: Thu, 17 Sep 2020 02:43:34 GMT
server: nginx/1.16.0
etag: b96691e5408a391b80badcbe890c8028
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
status: 200
cache-control: max-age=999999, private
content-length: 276
expires: Mon, 29 Apr 2020 21:44:55 GMT

GET
H2 200 dayton.js Show response
securityonline.info/detroitchicago/ 13 KB
5 KB 41ms
37ms Script
application/javascript 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://securityonline.info/detroitchicago/dayton.js?gcb=2&cb=3
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 545881e36f9fe4d4d387c90f876f32df9c0cb800545fe5bb0496a58f6dc53b86

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:20 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
status: 200
x-middleton-display: sol-js
cache-control: max-age=31536000, public

GET
H2 200 l.svg
securityonline.info/utilcave_com/ 965 B
628 B 62ms
59ms Image
image/svg+xml 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/utilcave_com/l.svg
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 9cc19c02d87c3360d404c6dcf6e7982304f5e54abda4209de7a3bc44d3c54883

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:20 GMT
content-encoding: br
last-modified: Thu, 17 Sep 2020 01:52:37 GMT
server: nginx/1.16.0
display: staticcontent_sol, staticcontent_sol
etag: "3c5-5ac9ecc7b5bc0-gzip-gzip"
vary: Accept-Encoding, Accept-Encoding,Origin
content-type: image/svg+xml
status: 200
x-middleton-display: staticcontent_sol, staticcontent_sol
cache-control: max-age=604800
x-sol: middleton
content-length: 422
expires: Thu, 24 Sep 2020 13:35:20 GMT

GET
H2 200 4iCv6KVjbNBYlgoCxCvjsGyNPYZvgw.woff2
fonts.gstatic.com/s/ubuntu/v15/ 14 KB
14 KB 7ms
5ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ubuntu/v15/4iCv6KVjbNBYlgoCxCvjsGyNPYZvgw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Ubuntu:400,400italic,300italic,300,700&subset=latin,latin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

251e8e864140d9a7ceacce3371ff692595dd0a455ad000de4041d8a313618bd7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://securityonline.info
Referer: https://fonts.googleapis.com/css?family=Ubuntu:400,400italic,300italic,300,700&subset=latin,latin-ext
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 10 Sep 2020 17:24:07 GMT
x-content-type-options: nosniff
last-modified: Thu, 10 Sep 2020 17:03:11 GMT
server: sffe
age: 591073
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14096
x-xss-protection: 0
expires: Fri, 10 Sep 2021 17:24:07 GMT

GET
H2 200 4iCv6KVjbNBYlgoC1CzjsGyNPYZvgw.woff2
fonts.gstatic.com/s/ubuntu/v15/ 13 KB
13 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ubuntu/v15/4iCv6KVjbNBYlgoC1CzjsGyNPYZvgw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Ubuntu:400,400italic,300italic,300,700&subset=latin,latin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

12deb5082d9a265422916da8c3f6b1db8636ff8a5a72e0cad6cdf62f1ef5fc93

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://securityonline.info
Referer: https://fonts.googleapis.com/css?family=Ubuntu:400,400italic,300italic,300,700&subset=latin,latin-ext
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 10 Sep 2020 17:25:19 GMT
x-content-type-options: nosniff
last-modified: Thu, 10 Sep 2020 17:02:49 GMT
server: sffe
age: 591001
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13588
x-xss-protection: 0
expires: Fri, 10 Sep 2021 17:25:19 GMT

GET
H2 200 fa-solid-900.woff2
securityonline.info/wp-content/themes/hueman/assets/front/webfonts/ 74 KB
75 KB 607ms
606ms Font
font/woff2 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://securityonline.info/wp-content/themes/hueman/assets/front/webfonts/fa-solid-900.woff2?v=5.12.1

Requested by

Host: cdn-0.securityonline.info
URL: https://cdn-0.securityonline.info/wp-content/cache/wpfc-minified/7z76zcfw/br0pk.css?ff=1&wps=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-126-196-163.eu-central-1.compute.amazonaws.com

Software

nginx/1.16.0 /

Resource Hash

2c3097237d60f42e800ebe4009c9af144bb19e5581e1c0501c7b259eee7e210c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Origin: https://securityonline.info
Referer: https://cdn-0.securityonline.info/wp-content/cache/wpfc-minified/7z76zcfw/br0pk.css?ff=1&wps=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:20 GMT
content-encoding: br
vary: Accept-Encoding, Origin,Accept-Encoding
display: staticcontent_sol, staticcontent_sol
status: 200
x-middleton-display: staticcontent_sol, staticcontent_sol
strict-transport-security: max-age=31536000
response: 200
last-modified: Thu, 17 Sep 2020 10:47:31 GMT
server: nginx/1.16.0
etag: "5f633ec3-12958-gzip"
access-control-max-age: 1728000
access-control-allow-methods: POST, GET, OPTIONS
content-type: font/woff2
access-control-allow-origin: https://securityonline.info
x-middleton-response: 200
cache-control: public, max-age=2592000

GET
H2 200 4iCp6KVjbNBYlgoKejZftVyPN4FNgYUJ.woff2
fonts.gstatic.com/s/ubuntu/v15/ 14 KB
15 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ubuntu/v15/4iCp6KVjbNBYlgoKejZftVyPN4FNgYUJ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Ubuntu:400,400italic,300italic,300,700&subset=latin,latin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ac248ab7da608a3a61f44032c9fcf1e3d0f2d74ffd6ca2e12031666038f10685

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://securityonline.info
Referer: https://fonts.googleapis.com/css?family=Ubuntu:400,400italic,300italic,300,700&subset=latin,latin-ext
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 10 Sep 2020 17:41:38 GMT
x-content-type-options: nosniff
last-modified: Thu, 10 Sep 2020 17:04:01 GMT
server: sffe
age: 590022
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14736
x-xss-protection: 0
expires: Fri, 10 Sep 2021 17:41:38 GMT

GET
H2 200 4iCs6KVjbNBYlgoKfw72nU6AFw.woff2
fonts.gstatic.com/s/ubuntu/v15/ 13 KB
14 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ubuntu/v15/4iCs6KVjbNBYlgoKfw72nU6AFw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Ubuntu:400,400italic,300italic,300,700&subset=latin,latin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

943a150e9577247cc5e8e493065795ca77a35485b4169f33a4d6f570c209b010

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://securityonline.info
Referer: https://fonts.googleapis.com/css?family=Ubuntu:400,400italic,300italic,300,700&subset=latin,latin-ext
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 10 Sep 2020 17:24:41 GMT
x-content-type-options: nosniff
last-modified: Thu, 10 Sep 2020 17:03:01 GMT
server: sffe
age: 591039
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13720
x-xss-protection: 0
expires: Fri, 10 Sep 2021 17:24:41 GMT

GET
DATA 200
OK truncated
/ 42 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 fa-brands-400.woff2
securityonline.info/wp-content/themes/hueman/assets/front/webfonts/ 75 KB
75 KB 595ms
595ms Font
font/woff2 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://securityonline.info/wp-content/themes/hueman/assets/front/webfonts/fa-brands-400.woff2?v=5.12.1

Requested by

Host: cdn-0.securityonline.info
URL: https://cdn-0.securityonline.info/wp-content/cache/wpfc-minified/7z76zcfw/br0pk.css?ff=1&wps=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-126-196-163.eu-central-1.compute.amazonaws.com

Software

nginx/1.16.0 /

Resource Hash

089630244600f33230010f5e04c67419ec642c5228540adb42e3fe92c631e6bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Origin: https://securityonline.info
Referer: https://cdn-0.securityonline.info/wp-content/cache/wpfc-minified/7z76zcfw/br0pk.css?ff=1&wps=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:20 GMT
content-encoding: br
vary: Accept-Encoding, Origin,Accept-Encoding
display: staticcontent_sol, staticcontent_sol
status: 200
x-middleton-display: staticcontent_sol, staticcontent_sol
strict-transport-security: max-age=31536000
response: 200
last-modified: Thu, 17 Sep 2020 10:47:31 GMT
server: nginx/1.16.0
etag: "5f633ec3-12b04-gzip"
access-control-max-age: 1728000
access-control-allow-methods: POST, GET, OPTIONS
content-type: font/woff2
access-control-allow-origin: https://securityonline.info
x-middleton-response: 200
cache-control: public, max-age=2592000

GET
DATA 200
OK truncated
/ 69 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8f5102fffc97f20212ac285df3292a8b9c3e486e4620e289c6a59c2db288c8a5

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3-Q050 200 __utm.gif
ssl.google-analytics.com/r/ 35 B
56 B 38ms
22ms Image
image/gif 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=522842567&utmhn=securityonline.info&utme=8(template*t*rid*bra)9(pub_site*134*0*mod72-c)11(3!2)&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Hot%20Potato%20%E2%80%93%20Windows%20Privilege%20Escalation%2CHot%20Potato%20%E2%80%93%20Windows%207%2C8%2C10%2C%20Server%202008%2C%20Server%202012%20Privilege%20Escalation%20in%20Metasploit%20%26%20PowerShell&utmhid=1485600483&utmr=-&utmp=%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&utmht=1600349720447&utmac=UA-124345349-20&utmcc=__utma%3D264774413.1643016272.1600349720.1600349720.1600349720.1%3B%2B__utmz%3D264774413.1600349720.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=617857078&utmredir=1&utmmt=1&utmu=qTAgAAAAAAAAAAAAAAAAAABE~

Requested by

Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Sep 2020 13:35:20 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 __utm.gif
ssl.google-analytics.com/r/ 35 B
386 B 36ms
21ms Image
image/gif 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=2&utmn=1504931378&utmhn=securityonline.info&utme=8(template*domain)9(pub_site*securityonline.info)&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Hot%20Potato%20%E2%80%93%20Windows%20Privilege%20Escalation%2CHot%20Potato%20%E2%80%93%20Windows%207%2C8%2C10%2C%20Server%202008%2C%20Server%202012%20Privilege%20Escalation%20in%20Metasploit%20%26%20PowerShell&utmhid=1485600483&utmr=-&utmp=%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&utmht=1600349720450&utmac=UA-38339005-1&utmcc=__utma%3D264774413.1643016272.1600349720.1600349720.1600349720.1%3B%2B__utmz%3D264774413.1600349720.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=1609213127&utmredir=1&utmmt=1&utmu=qTAgAAAAAAAAAAAAAAAAAABE~

Requested by

Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Sep 2020 13:35:20 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 imp.gif
securityonline.info/detroitchicago/ 43 B
128 B 35ms
34ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/detroitchicago/imp.gif?e=%7B%22ad_cache_level%22%3A2%2C%22ad_count_adjustment%22%3A0%2C%22ad_lazyload_version%22%3A3%2C%22ad_location_ids%22%3A%220%2C0%2C0%2C0%2C21%2C2%2C34%2C34%2C34%2C34%2C5%2C37%2C704%2C4%22%2C%22ad_transform_level%22%3A0%2C%22adx_ad_count%22%3A14%2C%22bidder_method%22%3A0%2C%22bidder_version%22%3A3%2C%22city%22%3A%22Paris%22%2C%22country%22%3A%22FR%22%2C%22days_since_last_visit%22%3A-1%2C%22display_ad_count%22%3A7%2C%22domain_id%22%3A124533%2C%22domain_test_group%22%3A20200410%2C%22ds_adsize_opt_id%22%3A-1%2C%22engaged_time_visit%22%3A0%2C%22ezcache_level%22%3A0%2C%22forensiq_score%22%3A-1%2C%22form_factor_id%22%3A1%2C%22framework_id%22%3A1%2C%22has_bad_image%22%3A0%2C%22has_bad_words%22%3A0%2C%22iab_category%22%3A%22%22%2C%22iab_category_0%22%3A%22596%22%2C%22iab_category_1%22%3A%22618%22%2C%22is_from_recommended_pages%22%3Afalse%2C%22is_return_visitor%22%3Afalse%2C%22is_sitespeed%22%3A1%2C%22last_page_load%22%3A%22%22%2C%22last_pageview_id%22%3A%22%22%2C%22lt_cache_level%22%3A0%2C%22max_ads%22%3A7%2C%22metro_code%22%3A0%2C%22optimization_version%22%3A0%2C%22page_ad_positions%22%3A%221100%2C1102%2C1102%2C1102%2C1102%2C1103%2C1104%2C1105%2C1107%2C1107%2C1107%2C1107%2C1110%2C1112%22%2C%22page_view_count%22%3A0%2C%22page_view_id%22%3A%226cd92b7f-7f9e-41ec-446e-21e0a5738fca%22%2C%22position_selection_id%22%3A39%2C%22postal_code%22%3A%2293200%22%2C%22pv_event_count%22%3A0%2C%22response_time_orig%22%3A365%2C%22serverid%22%3A%223.120.148.205%3A10291%22%2C%22state%22%3A%2275%22%2C%22sub_page_ad_positions%22%3A%221100%2C1102%2C1102%2C1102%2C1102%2C1103%2C1104%2C1105%2C1107%2C1107%2C1107%2C1107%2C1110%2C1112%22%2C%22t_epoch%22%3A1600349719%2C%22template_id%22%3A134%2C%22time_on_site_visit%22%3A0%2C%22url%22%3A%22https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F%22%2C%22user_id%22%3A0%2C%22word_count%22%3A758%2C%22worst_bad_word_level%22%3A0%7D
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:20 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: imp_sol
cache-control: no-cache, no-store, must-revalidate, max-age=0
content-length: 47

GET
DATA 200
OK truncated
/ 42 B
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c90cff659645a312a28804965f3dbc34061338f7234ff5d6ddb2c57e9eadec15

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/webp

GET
H2

200

sid Show response
mug.criteo.com/
Redirect Chain

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fsecurityonline.info%2F&domain=securityonline.info&cw=1
https://mug.criteo.com/sid?cpp=DBY883xOWE4vdkFzaWErUjdFN1ljM2RLcDk4cGswYWhVZHFudmozaUtoOVJQeVBjODNTVkdBeU1kbTg1M005Yk9Kei9pOTErcEZTd0NoSFVTTDNCZEdaMU1DWWpPMnNCODVlVlloWktRWGgzWnhSaGZ4UXlKc0dlSG1uK3...

347 B
640 B

62ms
19ms

XHR
application/json

178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=DBY883xOWE4vdkFzaWErUjdFN1ljM2RLcDk4cGswYWhVZHFudmozaUtoOVJQeVBjODNTVkdBeU1kbTg1M005Yk9Kei9pOTErcEZTd0NoSFVTTDNCZEdaMU1DWWpPMnNCODVlVlloWktRWGgzWnhSaGZ4UXlKc0dlSG1uK3pBT0RpOWovM1ZXeUVLcmloR2xtODM2M21Hbyt6T3BPU1ZYbHZ4dk9iSDZJNG1HTkIrMzNNTkhkbVhrQTZDMG93ZDdoTEtKdExONnkwZGwzS0RjSWs4YzdUTzBHVVlDK21ZZ1FvaWYwU3NkNUcvbmIvM0p3PXw&cppv=2

Requested by

Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

265daab67c582d666b9e69fd8143d4d96f69d451250caaad57820220315351ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
date: Thu, 17 Sep 2020 13:35:19 GMT
status: 200
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1298
content-length: 347
expires: 0

Redirect headers

pragma: no-cache
strict-transport-security: max-age=31536000
status: 302
date: Thu, 17 Sep 2020 13:35:20 GMT
location: https://mug.criteo.com/sid?cpp=DBY883xOWE4vdkFzaWErUjdFN1ljM2RLcDk4cGswYWhVZHFudmozaUtoOVJQeVBjODNTVkdBeU1kbTg1M005Yk9Kei9pOTErcEZTd0NoSFVTTDNCZEdaMU1DWWpPMnNCODVlVlloWktRWGgzWnhSaGZ4UXlKc0dlSG1uK3pBT0RpOWovM1ZXeUVLcmloR2xtODM2M21Hbyt6T3BPU1ZYbHZ4dk9iSDZJNG1HTkIrMzNNTkhkbVhrQTZDMG93ZDdoTEtKdExONnkwZGwzS0RjSWs4YzdUTzBHVVlDK21ZZ1FvaWYwU3NkNUcvbmIvM0p3PXw&cppv=2
access-control-allow-methods: GET
content-type: text/html; charset=utf-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 968
content-length: 482
expires: 0

POST
H2 200 translator Show response
hbopenbid.pubmatic.com/ 46 KB
46 KB 242ms
161ms XHR
application/json 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: securityonline.info
URL: https://securityonline.info/porpoiseant/dall3202test.js?cb=191-2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: ce0053f102979fbe0d7016c6fa99f0c83616bfdfc4bd7ff98ef28c930a6f930f

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

status: 200
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, no-store, must-revalidate
x-openrtb-version: 2.3
access-control-allow-credentials: true
date: Thu, 17 Sep 2020 13:35:20 GMT
content-type: application/json

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ 46 B
727 B 197ms
116ms XHR
application/json 216.52.2.30
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_3.20.0
Requested by: Host: securityonline.info
URL: https://securityonline.info/porpoiseant/dall3202test.js?cb=191-2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.30 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx /
Resource Hash: cdfdffbbedc7d456129e9a0f07a6a6a7512a8e27146f3fd086e7b78f3c6f17ac

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Date: Thu, 17 Sep 2020 13:35:20 GMT
Content-Encoding: gzip
Server: nginx
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: https://securityonline.info
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap6ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 64

POST
H2 204 cdb Show response
bidder.criteo.com/ 0
149 B 59ms
19ms XHR
text/plain 178.250.0.165
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://bidder.criteo.com/cdb?profileId=207&av=31&wv=3.20.0&cb=24997207941
Requested by: Host: securityonline.info
URL: https://securityonline.info/porpoiseant/dall3202test.js?cb=191-2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.0.165 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: bidder.par.vip.prod.criteo.com
Software: Finatra /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Thu, 17 Sep 2020 13:35:19 GMT
access-control-allow-credentials: true
server: Finatra
access-control-allow-origin: https://securityonline.info
timing-allow-origin: *
vary: Origin

GET
H2 200 imp Show response
g2.gumgum.com/hbid/ 384 B
889 B 141ms
62ms XHR
application/json 54.72.59.180
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/hbid/imp?si=20829&pi=3&gdprApplies=0&schain=1.0%2C1!ezoic.com%2Cef52af3eb8f11ec9f82a203957c8975d%2C1%2C%2C%2C&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&ce=true&dpr=1&jcsi=%257B%2522t%2522%253A0%252C%2522rq%2522%253A8%257D&ogu=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&ns=10240
Requested by: Host: securityonline.info
URL: https://securityonline.info/porpoiseant/dall3202test.js?cb=191-2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.72.59.180 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-72-59-180.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: f3747e36247ffd825c7c6f335a5640e8df047d25814fccde04a69f9281d0d0fd

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 17 Sep 2020 13:35:20 GMT
content-encoding: gzip
content-type: application/json;charset=UTF-8
server: nginx
status: 200
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://securityonline.info
cache-control: private, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
expires: 0

GET
H2 200 imp Show response
g2.gumgum.com/hbid/ 384 B
890 B 180ms
102ms XHR
application/json 54.72.59.180
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/hbid/imp?si=20829&pi=3&gdprApplies=0&schain=1.0%2C1!ezoic.com%2Cef52af3eb8f11ec9f82a203957c8975d%2C1%2C%2C%2C&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&ce=true&dpr=1&jcsi=%257B%2522t%2522%253A0%252C%2522rq%2522%253A8%257D&ogu=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&ns=10240
Requested by: Host: securityonline.info
URL: https://securityonline.info/porpoiseant/dall3202test.js?cb=191-2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.72.59.180 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-72-59-180.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 751240a4992a92b5e2315f450e34be73aeca5f8a5a47141b9783cd475ee76c46

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 17 Sep 2020 13:35:20 GMT
content-encoding: gzip
content-type: application/json;charset=UTF-8
server: nginx
status: 200
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://securityonline.info
cache-control: private, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
expires: 0

GET
H2 200 imp Show response
g2.gumgum.com/hbid/ 384 B
889 B 147ms
69ms XHR
application/json 54.72.59.180
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/hbid/imp?si=20829&pi=3&gdprApplies=0&schain=1.0%2C1!ezoic.com%2Cef52af3eb8f11ec9f82a203957c8975d%2C1%2C%2C%2C&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&ce=true&dpr=1&jcsi=%257B%2522t%2522%253A0%252C%2522rq%2522%253A8%257D&ogu=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&ns=10240
Requested by: Host: securityonline.info
URL: https://securityonline.info/porpoiseant/dall3202test.js?cb=191-2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.72.59.180 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-72-59-180.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 2552d7c23422703c2101c30839bdaafe6acc1c8cdba7f68b839bfbedff47fb48

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 17 Sep 2020 13:35:20 GMT
content-encoding: gzip
content-type: application/json;charset=UTF-8
server: nginx
status: 200
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://securityonline.info
cache-control: private, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
expires: 0

GET
H2 200 imp Show response
g2.gumgum.com/hbid/ 384 B
887 B 194ms
116ms XHR
application/json 54.72.59.180
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/hbid/imp?si=20829&pi=3&gdprApplies=0&schain=1.0%2C1!ezoic.com%2Cef52af3eb8f11ec9f82a203957c8975d%2C1%2C%2C%2C&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&ce=true&dpr=1&jcsi=%257B%2522t%2522%253A0%252C%2522rq%2522%253A8%257D&ogu=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&ns=10240
Requested by: Host: securityonline.info
URL: https://securityonline.info/porpoiseant/dall3202test.js?cb=191-2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.72.59.180 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-72-59-180.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 542ca9beffc740a762815bebe9c5326a5b80609dcc92b5dad6c2e58a1e6628b2

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 17 Sep 2020 13:35:20 GMT
content-encoding: gzip
content-type: application/json;charset=UTF-8
server: nginx
status: 200
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://securityonline.info
cache-control: private, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
expires: 0

GET
H2 200 imp Show response
g2.gumgum.com/hbid/ 384 B
889 B 178ms
101ms XHR
application/json 54.72.59.180
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/hbid/imp?si=20891&pi=3&gdprApplies=0&schain=1.0%2C1!ezoic.com%2Cef52af3eb8f11ec9f82a203957c8975d%2C1%2C%2C%2C&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&ce=true&dpr=1&jcsi=%257B%2522t%2522%253A0%252C%2522rq%2522%253A8%257D&ogu=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&ns=10240
Requested by: Host: securityonline.info
URL: https://securityonline.info/porpoiseant/dall3202test.js?cb=191-2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.72.59.180 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-72-59-180.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 410b82b48a08418fefcd7d5f9936c897461b66c3550d654cc9000353cd8671d1

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 17 Sep 2020 13:35:20 GMT
content-encoding: gzip
content-type: application/json;charset=UTF-8
server: nginx
status: 200
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://securityonline.info
cache-control: private, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
expires: 0

GET
H2 200 imp Show response
g2.gumgum.com/hbid/ 384 B
888 B 177ms
100ms XHR
application/json 54.72.59.180
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/hbid/imp?si=20887&pi=3&gdprApplies=0&schain=1.0%2C1!ezoic.com%2Cef52af3eb8f11ec9f82a203957c8975d%2C1%2C%2C%2C&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&ce=true&dpr=1&jcsi=%257B%2522t%2522%253A0%252C%2522rq%2522%253A8%257D&ogu=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&ns=10240
Requested by: Host: securityonline.info
URL: https://securityonline.info/porpoiseant/dall3202test.js?cb=191-2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.72.59.180 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-72-59-180.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 0a64ba8f3fad617b217d31feec7cbe180b1cc428df70754ab6a6d3277ac1bf07

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 17 Sep 2020 13:35:20 GMT
content-encoding: gzip
content-type: application/json;charset=UTF-8
server: nginx
status: 200
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://securityonline.info
cache-control: private, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
expires: 0

GET
H2 200 imp Show response
g2.gumgum.com/hbid/ 384 B
888 B 146ms
70ms XHR
application/json 54.72.59.180
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/hbid/imp?si=20849&pi=3&gdprApplies=0&schain=1.0%2C1!ezoic.com%2Cef52af3eb8f11ec9f82a203957c8975d%2C1%2C%2C%2C&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&ce=true&dpr=1&jcsi=%257B%2522t%2522%253A0%252C%2522rq%2522%253A8%257D&ogu=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&ns=10240
Requested by: Host: securityonline.info
URL: https://securityonline.info/porpoiseant/dall3202test.js?cb=191-2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.72.59.180 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-72-59-180.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 53286c912077584d90842a8c25acdbd093aa21cd4abd27c8bec3c2fd87fd6e63

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 17 Sep 2020 13:35:20 GMT
content-encoding: gzip
content-type: application/json;charset=UTF-8
server: nginx
status: 200
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://securityonline.info
cache-control: private, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
expires: 0

GET
H2 200 imp Show response
g2.gumgum.com/hbid/ 384 B
890 B 148ms
72ms XHR
application/json 54.72.59.180
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/hbid/imp?si=20849&pi=3&gdprApplies=0&schain=1.0%2C1!ezoic.com%2Cef52af3eb8f11ec9f82a203957c8975d%2C1%2C%2C%2C&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&ce=true&dpr=1&jcsi=%257B%2522t%2522%253A0%252C%2522rq%2522%253A8%257D&ogu=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&ns=10240
Requested by: Host: securityonline.info
URL: https://securityonline.info/porpoiseant/dall3202test.js?cb=191-2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.72.59.180 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-72-59-180.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 2e646c1f28412f4b3ef7a43f8a277b555fa4a7923ea4cc8e2d822c71cce83fc5

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 17 Sep 2020 13:35:20 GMT
content-encoding: gzip
content-type: application/json;charset=UTF-8
server: nginx
status: 200
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://securityonline.info
cache-control: private, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
expires: 0

GET
H2 200 imp Show response
g2.gumgum.com/hbid/ 384 B
889 B 131ms
55ms XHR
application/json 54.72.59.180
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/hbid/imp?si=20849&pi=3&gdprApplies=0&schain=1.0%2C1!ezoic.com%2Cef52af3eb8f11ec9f82a203957c8975d%2C1%2C%2C%2C&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&ce=true&dpr=1&jcsi=%257B%2522t%2522%253A0%252C%2522rq%2522%253A8%257D&ogu=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&ns=10240
Requested by: Host: securityonline.info
URL: https://securityonline.info/porpoiseant/dall3202test.js?cb=191-2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.72.59.180 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-72-59-180.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: f3acad8012b1f385b0332720f84528d33b3b793c3be7e2f9c032c78a21874a79

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 17 Sep 2020 13:35:20 GMT
content-encoding: gzip
content-type: application/json;charset=UTF-8
server: nginx
status: 200
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://securityonline.info
cache-control: private, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
expires: 0

GET
H2 200 imp Show response
g2.gumgum.com/hbid/ 384 B
889 B 149ms
73ms XHR
application/json 54.72.59.180
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/hbid/imp?si=20849&pi=3&gdprApplies=0&schain=1.0%2C1!ezoic.com%2Cef52af3eb8f11ec9f82a203957c8975d%2C1%2C%2C%2C&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&ce=true&dpr=1&jcsi=%257B%2522t%2522%253A0%252C%2522rq%2522%253A8%257D&ogu=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&ns=10240
Requested by: Host: securityonline.info
URL: https://securityonline.info/porpoiseant/dall3202test.js?cb=191-2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.72.59.180 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-72-59-180.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: f52a648420886a9e42fb565e3fabdce3397f716d9cf51031fa990eaff5e1db0a

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 17 Sep 2020 13:35:20 GMT
content-encoding: gzip
content-type: application/json;charset=UTF-8
server: nginx
status: 200
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://securityonline.info
cache-control: private, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
expires: 0

GET
H2 200 imp Show response
g2.gumgum.com/hbid/ 384 B
887 B 136ms
61ms XHR
application/json 54.72.59.180
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/hbid/imp?si=20904&pi=3&gdprApplies=0&schain=1.0%2C1!ezoic.com%2Cef52af3eb8f11ec9f82a203957c8975d%2C1%2C%2C%2C&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&ce=true&dpr=1&jcsi=%257B%2522t%2522%253A0%252C%2522rq%2522%253A8%257D&ogu=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&ns=10240
Requested by: Host: securityonline.info
URL: https://securityonline.info/porpoiseant/dall3202test.js?cb=191-2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.72.59.180 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-72-59-180.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1ee0fdf92abf9d45a08fc37c9ce6ad60211ab39ed99f8e175b97ae319f90cc77

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 17 Sep 2020 13:35:20 GMT
content-encoding: gzip
content-type: application/json;charset=UTF-8
server: nginx
status: 200
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://securityonline.info
cache-control: private, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
expires: 0

GET
H2 200 imp Show response
g2.gumgum.com/hbid/ 14 KB
8 KB 229ms
154ms XHR
application/json 54.72.59.180
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/hbid/imp?si=20898&pi=3&gdprApplies=0&schain=1.0%2C1!ezoic.com%2Cef52af3eb8f11ec9f82a203957c8975d%2C1%2C%2C%2C&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&ce=true&dpr=1&jcsi=%257B%2522t%2522%253A0%252C%2522rq%2522%253A8%257D&ogu=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&ns=10240
Requested by: Host: securityonline.info
URL: https://securityonline.info/porpoiseant/dall3202test.js?cb=191-2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.72.59.180 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-72-59-180.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 9193220f7d042504a533e58f6e19f01f6416d809df0e54fc9b24e586604234b7

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 17 Sep 2020 13:35:20 GMT
content-encoding: gzip
content-type: application/json;charset=UTF-8
server: nginx
status: 200
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://securityonline.info
cache-control: private, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
expires: 0

GET
H2 200 imp Show response
g2.gumgum.com/hbid/ 14 KB
8 KB 189ms
115ms XHR
application/json 54.72.59.180
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/hbid/imp?si=16891&pi=3&gdprApplies=0&schain=1.0%2C1!ezoic.com%2Cef52af3eb8f11ec9f82a203957c8975d%2C1%2C%2C%2C&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&ce=true&dpr=1&jcsi=%257B%2522t%2522%253A0%252C%2522rq%2522%253A8%257D&ogu=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&ns=10240
Requested by: Host: securityonline.info
URL: https://securityonline.info/porpoiseant/dall3202test.js?cb=191-2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.72.59.180 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-72-59-180.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 22543eacb09c0e55e8e7e53a3a2acfad7dec9db1d017930a54ecac1eea91273d

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 17 Sep 2020 13:35:20 GMT
content-encoding: gzip
content-type: application/json;charset=UTF-8
server: nginx
status: 200
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://securityonline.info
cache-control: private, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
expires: 0

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 1 KB
1 KB 171ms
111ms XHR
application/json 185.33.221.89
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: securityonline.info
URL: https://securityonline.info/porpoiseant/dall3202test.js?cb=191-2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.89 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

719.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4c690e2a4de9beecc81abd39047f8365bac530faf20ac8e0fe5e8eb07199a242

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Date: Thu, 17 Sep 2020 13:35:20 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 82.102.18.114; 82.102.18.114; 719.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.149:80
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 69e0d72b-64d1-4a13-acf6-5a3bf4bbc226
Server: nginx/1.17.9
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://securityonline.info
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 anaheim.js Show response
securityonline.info/detroitchicago/ 665 B
395 B 34ms
33ms Script
application/javascript 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://securityonline.info/detroitchicago/anaheim.js?gcb=2&cb=1
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: c090c938bbe4c0ed91065ff339cc4799f3758b9c1df20af104ac749ec285f97e

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:20 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
status: 200
x-middleton-display: sol-js
cache-control: max-age=31536000, public
content-length: 337

GET
H2 200 ezosuigenerisc.js Show response
g.ezoic.net/ 0
54 B 38ms
38ms Script
text/html 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezoic.net/ezosuigenerisc.js?nogen=1
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Thu, 17 Sep 2020 13:35:20 GMT
cache-control: max-age=300, private
server: nginx/1.16.0
content-length: 0
vary: Accept-Encoding, Accept-Encoding
content-type: text/html; charset=utf-8

GET
H2 200 greenoaks.gif
securityonline.info/detroitchicago/ 43 B
151 B 33ms
32ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI2Y2Q5MmI3Zi03ZjllLTQxZWMtNDQ2ZS0yMWUwYTU3MzhmY2EiLCJkb21haW5faWQiOiIxMjQ1MzMiLCJ0X2Vwb2NoIjoxNjAwMzQ5NzE5LCJkYXRhIjpbeyJuYW1lIjoidW5pdmVyc2FsX3VzZXJfaWQiLCJ2YWwiOiJiOTY2OTFlNTQwOGEzOTFiODBiYWRjYmU4OTBjODAyOCJ9XX1d
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:20 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:35:20 UTC

GET
H2 200 nmash.js
securityonline.info/porpoiseant/ 22 KB
5 KB 35ms
35ms Other
application/javascript 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://securityonline.info/porpoiseant/nmash.js?v=86
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 23c35871bd433283c634753bf3cc4db2d86aabe41b910b8fae020c6f35698756

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:20 GMT
content-encoding: br
last-modified: Fri, 11 Sep 2020 19:55:52 GMT
server: nginx/1.16.0
etag: "564c-5af0f126c2200;5af7c047607ec-gzip"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=31536000, public
accept-ranges: bytes

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 45 KB
18 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:803::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-63315582-2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

60863e86aa7743d1ac841da7f473a05cd57fba81d661cef658e385437f80d5ef

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 09 Sep 2020 01:50:37 GMT
server: Golfe2
age: 3699
date: Thu, 17 Sep 2020 12:33:41 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18650
expires: Thu, 17 Sep 2020 14:33:41 GMT

GET
DATA 200
OK truncated
/ 69 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a32dc6a792384a0cfe0314a40991c6fee68809b10dab275863b851dddb2b59d6

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3-Q050 200 pubads_impl_2020091401.js Show response
securepubads.g.doubleclick.net/gpt/ 263 KB
92 KB 105ms
70ms Script
text/javascript 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

sffe /

Resource Hash

a31af8dd93da9254a48f970f5f9cf69615994c63467d790f08e8a3402c1aac61

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 14 Sep 2020 08:39:38 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 94260
x-xss-protection: 0
expires: Thu, 17 Sep 2020 13:35:20 GMT

GET
H2

200

cse.js Show response
cse.google.com/cse/
Redirect Chain

https://www.google.com/cse/cse.js?cx=000577952335514451944:olq_fi17mqa
https://cse.google.com/cse/cse.js?cx=000577952335514451944:olq_fi17mqa

10 KB
4 KB

41ms
33ms

Script
text/javascript

2a00:1450:4001:817::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cse.google.com/cse/cse.js?cx=000577952335514451944:olq_fi17mqa

Requested by

Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gws /

Resource Hash

f172967a729759a53dbc5eae7588bc262c1378eef17473931531d5f63a505557

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:20 GMT
content-encoding: br
server: gws
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
status: 200
cache-control: private
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3447
x-xss-protection: 0
expires: Thu, 17 Sep 2020 13:35:20 GMT

Redirect headers

date: Thu, 17 Sep 2020 13:35:20 GMT
x-content-type-options: nosniff
server: sffe
status: 302
content-type: text/html; charset=UTF-8
location: https://cse.google.com/cse/cse.js?cx=000577952335514451944:olq_fi17mqa
cache-control: private
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 267
x-xss-protection: 0

GET
H2 200 recommended_pages.js Show response
securityonline.info/utilcave_com/apps/js/ 16 KB
3 KB 41ms
40ms Script
application/javascript 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://securityonline.info/utilcave_com/apps/js/recommended_pages.js?cb=7
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 5b2b8d431ffc12e91090b624fc573a8ef4d18a8c68abc862fe1b1f40b17be72a

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:20 GMT
content-encoding: br
last-modified: Thu, 17 Sep 2020 10:10:29 GMT
server: nginx/1.16.0
display: staticcontent_sol, staticcontent_sol
etag: "41b3-5ac9ecc7b5bc0-gzip-gzip"
vary: Accept-Encoding, Accept-Encoding,Origin
content-type: application/javascript
status: 200
x-middleton-display: staticcontent_sol, staticcontent_sol
cache-control: public, max-age=2592000
x-sol: middleton
content-length: 3324

GET
H2 200 greenoaks.gif
securityonline.info/detroitchicago/ 43 B
77 B 34ms
33ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI2Y2Q5MmI3Zi03ZjllLTQxZWMtNDQ2ZS0yMWUwYTU3MzhmY2EiLCJkb21haW5faWQiOiIxMjQ1MzMiLCJ0X2Vwb2NoIjoxNjAwMzQ5NzE5LCJkYXRhIjpbeyJuYW1lIjoiZXh0X3VzZXJfaGFzaCIsInZhbCI6Ik5UIn1dfV0=
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:20 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:35:20 UTC

GET
H2 200 anchorfix.js Show response
securityonline.info/ezoic/ 879 B
428 B 36ms
35ms Script
application/javascript 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://securityonline.info/ezoic/anchorfix.js?cb=191-2
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 15f0626dd31e3e991a1c21d6304f2e370b92b3c91650de3d7ed8a38f1159a457

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:20 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=31536000
content-length: 383
expires: Fri, 17 Sep 2021 13:35:20 GMT

GET
H2 200 edmonton.webp Show response
securityonline.info/detroitchicago/ 14 KB
4 KB 35ms
35ms Script
application/javascript 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://securityonline.info/detroitchicago/edmonton.webp?a=a&cb=191-2&shcb=34
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 997e1fbf8331c9f3af1ff0ace8c73754cbfce4c143c785b7bc44dbcead23576e

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Thu, 17 Sep 2020 13:35:20 GMT
content-encoding: br
server: nginx/1.16.0
cache-control: max-age=31536000
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript

GET
H2 200 jellyfish.webp Show response
securityonline.info/porpoiseant/ 58 KB
11 KB 78ms
78ms Script
application/javascript 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://securityonline.info/porpoiseant/jellyfish.webp?a=a&cb=191-2&shcb=34
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 0001e893552b1e9805eaf2cfe9b6867ddb916e2213083d8d1513aa3e2ee2dd78

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Thu, 17 Sep 2020 13:35:20 GMT
content-encoding: br
server: nginx/1.16.0
cache-control: max-age=31536000
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript

GET
H2 200 / Show response
graph.facebook.com/ 252 B
634 B 49ms
32ms Script
text/javascript 2a03:2880:f01c:800e:face:b00c:0:2
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://graph.facebook.com/?id=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&callback=jQuery1124022372944629816405_1600349720248&_=1600349720249

Requested by

Host: cdn-0.securityonline.info
URL: https://cdn-0.securityonline.info/wp-content/cache/wpfc-minified/kl22a9fh/3u80x.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:800e:face:b00c:0:2 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0a003b8eb3a6e5b55e01463a24db3313a6453a3179147efffd102603a837220b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
content-encoding: br
www-authenticate: OAuth "Facebook Platform" "invalid_request" "(#2) Service temporarily unavailable"
status: 200
x-fb-rev: 1002680883
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 192
pragma: no-cache
x-fb-debug: teKJhAdt4DuIb9H8wV215pBCdRQlAHDT1VSRM+8/vSfSkr3qdtmSYukRqrT50poTumtWfazdaBhnGb3Ot09Dag==
x-fb-trace-id: An3IBCxDn0Z
date: Thu, 17 Sep 2020 13:35:20 GMT
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
x-fb-request-id: Axl0xDtNxhc23iEXtZlcuZP
cache-control: no-store
facebook-api-version: v3.1
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 count.json Show response
api.pinterest.com/v1/urls/ 193 B
439 B 210ms
131ms Script
application/javascript 23.210.248.189
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://api.pinterest.com/v1/urls/count.json?url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&callback=jQuery1124022372944629816405_1600349720250&_=1600349720251

Requested by

Host: cdn-0.securityonline.info
URL: https://cdn-0.securityonline.info/wp-content/cache/wpfc-minified/kl22a9fh/3u80x.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.210.248.189 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-210-248-189.deploy.static.akamaitechnologies.com

Software

Resource Hash

e8c34feb257c39890a3e61df1530f0c4ce05e2b480edd2c32f3bcd37d3927ee8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:20 GMT
x-content-type-options: nosniff
x-cdn: akamai
age: 0
status: 200
content-type: application/javascript
access-control-allow-origin: *
cache-control: private
x-envoy-upstream-service-time: 2
content-length: 193
x-pinterest-rid: 1555276803404314
expires: Thu, 17 Sep 2020 13:50:20 GMT

GET
H3-Q050 200 show_ads_impl_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20200914/r20190131/ 228 KB
86 KB 54ms
38ms Script
text/javascript 2a00:1450:4001:818::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20200914/r20190131/show_ads_impl_fy2019.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

57b34a23487339f53b201f781b1ef81f58cdf77033f9551c44efe8a21b49867c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 87685
x-xss-protection: 0
server: cafe
etag: 9656598585391825739
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Thu, 17 Sep 2020 13:35:20 GMT

GET
H2 200 zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20200914/r20190131/ Frame 7C92 0
0 11ms
5ms Document
text/html 2a00:1450:4001:81e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20200914/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20200914/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/

Response headers

status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
vary: Accept-Encoding
date: Wed, 16 Sep 2020 22:10:31 GMT
expires: Wed, 30 Sep 2020 22:10:31 GMT
content-type: text/html; charset=UTF-8
etag: 17942277541989656716
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4728
x-xss-protection: 0
age: 55489
cache-control: public, max-age=1209600
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 show_ads.js Show response
pagead2.googlesyndication.com/pagead/ 92 KB
33 KB 39ms
27ms Script
text/javascript 2a00:1450:4001:818::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/show_ads.js

Requested by

Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ac4505a3ec35c5418aa4bb8d44be7302793b1c24917517d2c7c8017af59360ee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 33385
x-xss-protection: 0
server: cafe
etag: 2109666083148958802
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 17 Sep 2020 13:35:20 GMT

POST
H3-Q050 200 collect Show response
www.google-analytics.com/j/ 2 B
67 B 15ms
15ms XHR
text/plain 2a00:1450:4001:803::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j86&a=1485600483&t=pageview&_s=1&dl=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&ul=en-us&de=UTF-8&dt=Hot%20Potato%20%E2%80%93%20Windows%20Privilege%20Escalation%2CHot%20Potato%20%E2%80%93%20Windows%207%2C8%2C10%2C%20Server%202008%2C%20Server%202012%20Privilege%20Escalation%20in%20Metasploit%20%26%20PowerShell&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_utma=264774413.1643016272.1600349720.1600349720.1600349720.1&_utmz=264774413.1600349720.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)&_utmht=1600349720640&_u=IQBCAUABAAAAAC~&jid=2041138097&gjid=614369836&cid=1643016272.1600349720&tid=UA-63315582-2&_gid=1184698377.1600349721&_r=1&gtm=2ou990&z=920981522

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 17 Sep 2020 13:35:20 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
status: 200
content-type: text/plain
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 greenoaks.gif
securityonline.info/detroitchicago/ 43 B
100 B 35ms
33ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI2Y2Q5MmI3Zi03ZjllLTQxZWMtNDQ2ZS0yMWUwYTU3MzhmY2EiLCJkb21haW5faWQiOiIxMjQ1MzMiLCJ0X2Vwb2NoIjoxNjAwMzQ5NzE5LCJkYXRhIjpbeyJuYW1lIjoiZGV2aWNlX3dpZHRoIiwidmFsIjoiMTYwMCJ9LHsibmFtZSI6ImRldmljZV9oZWlnaHQiLCJ2YWwiOiIxMjAwIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiNmNkOTJiN2YtN2Y5ZS00MWVjLTQ0NmUtMjFlMGE1NzM4ZmNhIiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidF9lcG9jaCI6MTYwMDM0OTcxOSwiZGF0YSI6W3sibmFtZSI6InRfbG9jYWxfZGF0ZSIsInZhbCI6IjIwMjAtMDktMTcifSx7Im5hbWUiOiJ0X2xvY2FsX2hvdXIiLCJ2YWwiOiIxNSJ9LHsibmFtZSI6InRfbG9jYWxfZGF5X29mX3dlZWsiLCJ2YWwiOiI0In0seyJuYW1lIjoidF9sb2NhbF90aW1lem9uZSIsInZhbCI6Ii0xMjAifV19LHsidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI2Y2Q5MmI3Zi03ZjllLTQxZWMtNDQ2ZS0yMWUwYTU3MzhmY2EiLCJkb21haW5faWQiOiIxMjQ1MzMiLCJ0X2Vwb2NoIjoxNjAwMzQ5NzE5LCJkYXRhIjpbeyJuYW1lIjoibGFuZ3VhZ2VfdGFnIiwidmFsIjoiZW4tVVMifV19LHsidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI2Y2Q5MmI3Zi03ZjllLTQxZWMtNDQ2ZS0yMWUwYTU3MzhmY2EiLCJkb21haW5faWQiOiIxMjQ1MzMiLCJ0X2Vwb2NoIjoxNjAwMzQ5NzE5LCJkYXRhIjpbeyJuYW1lIjoibGFuZ3VhZ2VfcHJpbWFyeV9zdWJ0YWciLCJ2YWwiOiJlbiJ9XX1d
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:20 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:35:21 UTC

POST
H2 200 app-ajax Show response
securityonline.info/ezoic/ 3 KB
1 KB 64ms
63ms XHR
text/html 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://securityonline.info/ezoic/app-ajax
Requested by: Host: securityonline.info
URL: https://securityonline.info/utilcave_com/apps/js/recommended_pages.js?cb=7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 3d0893147bcc14b3cd37ac8850276e33bb6c7c3f09443fec506a6273742e7b50

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Thu, 17 Sep 2020 13:35:20 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: text/html; charset=utf-8
status: 200
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 782
expires: Wed, 16 Sep 2020 13:35:20 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
89 B 16ms
15ms XHR
text/plain 2a00:1450:400c:c0c::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j86&tid=UA-63315582-2&cid=1643016272.1600349720&jid=2041138097&gjid=614369836&_gid=1184698377.1600349721&_u=IQBCAUAAAAAAAC~&z=2037431368

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Thu, 17 Sep 2020 13:35:20 GMT
status: 200
content-type: text/plain
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 cse_element__en.js Show response
www.google.com/cse/static/element/26b8d00a7c7a0812/ 260 KB
86 KB 11ms
8ms Script
text/javascript 2a00:1450:4001:825::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/element/26b8d00a7c7a0812/cse_element__en.js?usqp=CAI%3D

Requested by

Host: www.google.com
URL: https://www.google.com/cse/cse.js?cx=000577952335514451944:olq_fi17mqa

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:825::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

77a59cb277854c7e55d027b3cc11095a241d8107ff7be5b345403453a3d16be1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 11:31:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 06 Jul 2020 13:27:13 GMT
server: sffe
age: 93839
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 88400
x-xss-protection: 0
expires: Thu, 16 Sep 2021 11:31:21 GMT

GET
H3-Q050 200 default+en.css
www.google.com/cse/static/element/26b8d00a7c7a0812/ 40 KB
9 KB 8ms
7ms Stylesheet
text/css 2a00:1450:4001:825::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/element/26b8d00a7c7a0812/default+en.css

Requested by

Host: www.google.com
URL: https://www.google.com/cse/cse.js?cx=000577952335514451944:olq_fi17mqa

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:825::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8b2484fa9a9b136b9eb56c1d2b3bfdacd1c8970acf325585235aa35b16fc010a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 09:23:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 06 Jul 2020 13:27:13 GMT
server: sffe
age: 101493
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8947
x-xss-protection: 0
expires: Thu, 16 Sep 2021 09:23:47 GMT

GET
H3-Q050 200 default.css
www.google.com/cse/static/style/look/v4/ 4 KB
1 KB 9ms
8ms Stylesheet
text/css 2a00:1450:4001:825::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/style/look/v4/default.css

Requested by

Host: www.google.com
URL: https://www.google.com/cse/cse.js?cx=000577952335514451944:olq_fi17mqa

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:825::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dcec22bbcb68119d6c7d6d5e088fb82183a9826d0c9e3403f1386fd837f06a89

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 12:54:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 17 Jun 2020 00:00:00 GMT
server: sffe
age: 2449
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: public, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1345
x-xss-protection: 0
expires: Thu, 17 Sep 2020 13:44:31 GMT

GET
H2 200 ezoicoutstream.js Show response
securityonline.info/porpoiseant/ 284 KB
51 KB 48ms
47ms Script
application/javascript 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://securityonline.info/porpoiseant/ezoicoutstream.js?cb=1
Requested by: Host: securityonline.info
URL: https://securityonline.info/porpoiseant/dall3202test.js?cb=191-2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 52ff866da27c377f545e8bdd92db9a384a5b991b3f638387b52a75d11f178d7f

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:20 GMT
content-encoding: br
last-modified: Fri, 11 Sep 2020 19:55:52 GMT
server: nginx/1.16.0
etag: "46fce-5af0f126c2200;5af78a373b11b-gzip"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=31536000, public
accept-ranges: bytes

GET
H2 200 integrator.js Show response
adservice.google.fr/adsid/ 109 B
890 B 36ms
14ms Script
application/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.fr/adsid/integrator.js?domain=securityonline.info

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 17 Sep 2020 13:35:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.com/adsid/ 109 B
868 B 35ms
21ms Script
application/javascript 2a00:1450:4001:818::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=securityonline.info

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 17 Sep 2020 13:35:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 448 B
723 B 437ms
436ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4316486664546050&correlator=1898956237928425&output=ldjh&impl=fif&eid=21067409%2C21067450%2C21064170%2C21065517&vrg=2020091401&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-box-3&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&prev_scp=iid8%3D728117%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1104%26sap%3D1104%26a%3D%257C3%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod72-c%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D5%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D2%26al%3D1002%26compid%3D0%26tap%3Dsecurityonline_info-box-3-728117%26eb_br%3Db6ac10cddc8471927cec0144110502e9%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D28%26bvm%3D2%26bvr%3D5%26shp%3D1%26br1%3D6500%26br2%3D3200%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D72&cookie_enabled=1&bc=31&abxe=1&lmt=1600349720&dt=1600349720737&dlt=1600349720147&idt=540&frm=20&biw=1600&bih=1200&oid=3&adxs=141&adys=513&adks=1835722818&ucis=1&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,0000FF|color_text,,000000|color_url,,828282&ifi=2&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=106&icsg=4236129461731330&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=880x99&msz=882x92&ga_vid=1643016272.1600349720&ga_sid=1600349720&ga_hid=1485600483&ga_fc=true&ga_wpids=UA-124345349-20&fws=4&ohw=882&btvi=0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

4f6d6d58ed2a2682a8227e4607d10a25d8381027dbe851a481ec7521667015fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:21 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 241
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
9f46ee1ec8ac4216d9f21580f094faa8.safeframe.googlesyndication.com/safeframe/1-0-37/html/ 0
0 59ms
14ms Other
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://9f46ee1ec8ac4216d9f21580f094faa8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H2 200 container.html
tpc.googlesyndication.com/safeframe/1-0-37/html/ 0
0 27ms
5ms Other
text/html 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 451 B
271 B 697ms
696ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4316486664546050&correlator=1898956237928425&output=ldjh&impl=fif&eid=21067409%2C21067450%2C21064170%2C21065517&vrg=2020091401&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-medrectangle-3&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&prev_scp=iid8%3D707967%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1112%26sap%3D1112%26a%3D%257C253%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod72-c%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D4%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D21%26al%3D1021%26compid%3D0%26tap%3Dsecurityonline_info-medrectangle-3-707967%26eb_br%3Da835e008e248a793da87524a4919f755%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D4%26bvm%3D0%26bvr%3D4%26shp%3D1%26br1%3D2300%26br2%3D1100%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D117%26deal1%3D22%2C23%2C24%2C25%2C26&cookie_enabled=1&bc=31&abxe=1&lmt=1600349720&dt=1600349720750&dlt=1600349720147&idt=540&frm=20&biw=1600&bih=1200&oid=3&adxs=140&adys=852&adks=2766934257&ucis=2&sps=channel,,3327506388|color_bg,,EEFF00|color_border,,EEFF00|color_link,,000000|color_text,,000000|color_url,,000000&ifi=3&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=106&icsg=4236129461731330&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=880x97&msz=880x90&ga_vid=1643016272.1600349720&ga_sid=1600349720&ga_hid=1485600483&ga_fc=true&ga_wpids=UA-124345349-20&fws=0&ohw=0&btvi=0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

57ea8d5174df65810f882b281b5afb23d61fabe73b2d8a20e2c860a51f985139

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:21 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 241
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 451 B
271 B 1054ms
1054ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4316486664546050&correlator=1898956237928425&output=ldjh&impl=fif&eid=21067409%2C21067450%2C21064170%2C21065517&vrg=2020091401&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-leader-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&prev_scp=iid8%3D702667%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1103%26sap%3D1103%26a%3D%257C251%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod72-c%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D11%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D37%26al%3D1037%26compid%3D0%26tap%3Dsecurityonline_info-leader-1-702667%26eb_br%3Dd81e229576f8cb8a43ff5c6a8e596727%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D12%26bvm%3D0%26bvr%3D2%26shp%3D1%26br1%3D1500%26br2%3D750%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D75%26deal1%3D21%2C22%2C23%2C24%2C25%2C26&cookie_enabled=1&bc=31&abxe=1&lmt=1600349720&dt=1600349720756&dlt=1600349720147&idt=540&frm=20&biw=1600&bih=1200&oid=3&adxs=141&adys=1088&adks=4103646004&ucis=3&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,0C9C11|color_text,,000000|color_url,,0C9C11&ifi=4&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=106&icsg=4236129461731330&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=880x99&msz=882x92&ga_vid=1643016272.1600349720&ga_sid=1600349720&ga_hid=1485600483&ga_fc=true&ga_wpids=UA-124345349-20&fws=4&ohw=882&btvi=0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

2dd8bdda87e9d34400fe0c2219f7b525489985044e7221ecee3718b0e8ae68d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:21 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 237
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 458 B
290 B 1294ms
1294ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4316486664546050&correlator=1898956237928425&output=ldjh&impl=fif&eid=21067409%2C21067450%2C21064170%2C21065517&vrg=2020091401&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-large-mobile-banner-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&prev_scp=iid7%3D679815%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1105%26sap%3D1105%26a%3D%257C6%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod72-c%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D12%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D704%26al%3D1704%26compid%3D0%26tap%3Dsecurityonline_info-large-mobile-banner-1-679815%26eb_br%3D39abb99448d54704c4afa42efe76e15d%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D28%26bvm%3D2%26bvr%3D5%26shp%3D1%26br1%3D1100%26br2%3D550%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D26%26deal1%3D21%2C22%2C23%2C24%2C25%2C26&cookie_enabled=1&bc=31&abxe=1&lmt=1600349720&dt=1600349720761&dlt=1600349720147&idt=540&frm=20&biw=1600&bih=1200&oid=3&adxs=141&adys=11207&adks=1839183081&ucis=4&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,858585|color_text,,000000|color_url,,F0F0F0&ifi=5&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=106&icsg=4236129461731330&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=980x98&msz=982x92&ga_vid=1643016272.1600349720&ga_sid=1600349720&ga_hid=1485600483&ga_fc=true&ga_wpids=UA-124345349-20&fws=4&ohw=982&btvi=1&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

0f68d3455fb67ef025158abbd27d25ee615e81af3c5034ba89b15e649b7c09bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:22 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 233
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 443 B
258 B 1546ms
1544ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4316486664546050&correlator=1898956237928425&output=ldjh&impl=fif&eid=21067409%2C21067450%2C21064170%2C21065517&vrg=2020091401&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&prev_scp=iid7%3D688667%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1107%26sap%3D1107%26a%3D%257C6%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod72-c%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D0%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dsecurityonline_info-box-1-688667%26eb_br%3Ddc3573d5dc41abdf97751be02f53537f%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D13%26bvm%3D0%26bvr%3D3%26shp%3D3%26acptad%3D1%26br1%3D800%26br2%3D400%26ezoic%3D1%26nmau%3D4%26mau%3D0%26stl%3D34%26deal1%3D21%2C22%2C23%2C24%2C25%2C26&cookie_enabled=1&bc=31&abxe=1&lmt=1600349720&dt=1600349720766&dlt=1600349720147&idt=540&frm=20&biw=1600&bih=1200&oid=3&adxs=1181&adys=645&adks=3972398835&ucis=5&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,858585|color_text,,000000|color_url,,F0F0F0&ifi=6&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=106&icsg=4236129461731330&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x271&msz=302x264&ga_vid=1643016272.1600349720&ga_sid=1600349720&ga_hid=1485600483&ga_fc=true&ga_wpids=UA-124345349-20&fws=4&ohw=302&btvi=0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

61cbb5c2160e63b54db392f39aeb3cef24a738cb646c997c1ad8a8304182bcf2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:22 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 225
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 443 B
263 B 1752ms
1751ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4316486664546050&correlator=1898956237928425&output=ldjh&impl=fif&eid=21067409%2C21067450%2C21064170%2C21065517&vrg=2020091401&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&prev_scp=iid7%3D688667%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1107%26sap%3D1107%26a%3D%257C6%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod72-c%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D1%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dsecurityonline_info-box-1-688667%26eb_br%3Ddc3573d5dc41abdf97751be02f53537f%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D13%26bvm%3D0%26bvr%3D3%26shp%3D3%26acptad%3D1%26br1%3D800%26br2%3D400%26ezoic%3D1%26nmau%3D4%26mau%3D1%26stl%3D37%26deal1%3D21%2C22%2C23%2C24%2C25%2C26&cookie_enabled=1&bc=31&abxe=1&lmt=1600349720&dt=1600349720771&dlt=1600349720147&idt=540&frm=20&biw=1600&bih=1200&oid=3&adxs=1181&adys=918&adks=77239893&ucis=6&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,858585|color_text,,000000|color_url,,F0F0F0&ifi=7&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=106&icsg=4236129461731330&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x271&msz=302x264&ga_vid=1643016272.1600349720&ga_sid=1600349720&ga_hid=1485600483&ga_fc=true&ga_wpids=UA-124345349-20&fws=4&ohw=302&btvi=0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

df5cbd2786ea3a36fde9109c4387e84d1ea8dfe0ba4fb43c3e2e14d16bbcd0a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:22 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 233
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 443 B
263 B 2190ms
2190ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4316486664546050&correlator=1898956237928425&output=ldjh&impl=fif&eid=21067409%2C21067450%2C21064170%2C21065517&vrg=2020091401&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&prev_scp=iid7%3D688667%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1107%26sap%3D1107%26a%3D%257C5%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod72-c%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D2%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dsecurityonline_info-box-1-688667%26eb_br%3Ddc3573d5dc41abdf97751be02f53537f%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D13%26bvm%3D0%26bvr%3D3%26shp%3D3%26acptad%3D1%26br1%3D800%26br2%3D400%26ezoic%3D1%26nmau%3D4%26mau%3D2%26stl%3D33%26deal1%3D21%2C22%2C23%2C24%2C25%2C26&cookie_enabled=1&bc=31&abxe=1&lmt=1600349720&dt=1600349720775&dlt=1600349720147&idt=540&frm=20&biw=1600&bih=1200&oid=3&adxs=1181&adys=1191&adks=4209624997&ucis=7&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,20929A|color_text,,000000|color_url,,F0F0F0&ifi=8&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=106&icsg=4236129461731330&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x271&msz=302x264&ga_vid=1643016272.1600349720&ga_sid=1600349720&ga_hid=1485600483&ga_fc=true&ga_wpids=UA-124345349-20&fws=4&ohw=302&btvi=0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

95df0dc72ac5c263f270d3af3b5b084c91c2cb68c28722cbecf7c0e379835129

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:22 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 233
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 443 B
263 B 1985ms
1984ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4316486664546050&correlator=1898956237928425&output=ldjh&impl=fif&eid=21067409%2C21067450%2C21064170%2C21065517&vrg=2020091401&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&prev_scp=iid7%3D688667%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1107%26sap%3D1107%26a%3D%257C124%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod72-c%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D3%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dsecurityonline_info-box-1-688667%26eb_br%3Ddc3573d5dc41abdf97751be02f53537f%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D13%26bvm%3D0%26bvr%3D3%26shp%3D3%26acptad%3D1%26br1%3D800%26br2%3D400%26ezoic%3D1%26nmau%3D4%26mau%3D3%26stl%3D36%26deal1%3D21%2C22%2C23%2C24%2C25%2C26&cookie_enabled=1&bc=31&abxe=1&lmt=1600349720&dt=1600349720779&dlt=1600349720147&idt=540&frm=20&biw=1600&bih=1200&oid=3&adxs=1181&adys=1464&adks=857680164&ucis=8&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,FF0000|color_text,,000000|color_url,,FF0000&ifi=9&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=106&icsg=4236129461731330&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x271&msz=302x264&ga_vid=1643016272.1600349720&ga_sid=1600349720&ga_hid=1485600483&ga_fc=true&ga_wpids=UA-124345349-20&fws=4&ohw=302&btvi=2&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

7bab636818974693d43863969433d7aed1dffb20fa23724585c28b9042faa183

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:22 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 230
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 455 B
298 B 2420ms
2419ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4316486664546050&correlator=1898956237928425&output=ldjh&impl=fif&eid=21067409%2C21067450%2C21064170%2C21065517&vrg=2020091401&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-large-billboard-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&prev_scp=iid7%3D699267%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C124%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod72-c%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D6%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1034%26compid%3D0%26tap%3Dsecurityonline_info-large-billboard-2-699267%26eb_br%3Dd81e229576f8cb8a43ff5c6a8e596727%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D4%26bvm%3D0%26bvr%3D4%26shp%3D3%26br1%3D1500%26br2%3D750%26ezoic%3D1%26nmau%3D4%26mau%3D0%26stl%3D46%26deal1%3D21%2C22%2C23%2C24%2C25%2C26&cookie_enabled=1&bc=31&abxe=1&lmt=1600349720&dt=1600349720784&dlt=1600349720147&idt=540&frm=20&biw=1600&bih=1200&oid=3&adxs=1180&adys=2224&adks=3088204122&ucis=9&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,FF0000|color_text,,000000|color_url,,FF0000&ifi=10&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=106&icsg=4236129461731330&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x269&msz=300x262&ga_vid=1643016272.1600349720&ga_sid=1600349720&ga_hid=1485600483&ga_fc=true&ga_wpids=UA-124345349-20&fws=4&ohw=340&btvi=3&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

6bd0061703032a01106ed83473769241d97562b10a509506d81ddc2aee56635e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:23 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 242
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 455 B
267 B 2621ms
2620ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4316486664546050&correlator=1898956237928425&output=ldjh&impl=fif&eid=21067409%2C21067450%2C21064170%2C21065517&vrg=2020091401&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-large-billboard-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&prev_scp=iid7%3D699267%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C252%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod72-c%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D7%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1034%26compid%3D0%26tap%3Dsecurityonline_info-large-billboard-2-699267%26eb_br%3Dd81e229576f8cb8a43ff5c6a8e596727%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D4%26bvm%3D0%26bvr%3D4%26shp%3D3%26br1%3D1500%26br2%3D750%26ezoic%3D1%26nmau%3D4%26mau%3D1%26stl%3D25%26deal1%3D21%2C22%2C23%2C24%2C25%2C26&cookie_enabled=1&bc=31&abxe=1&lmt=1600349720&dt=1600349720790&dlt=1600349720147&idt=540&frm=20&biw=1600&bih=1200&oid=3&adxs=1180&adys=2495&adks=4008027628&ucis=a&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,FF6600|color_text,,000000|color_url,,FF6600&ifi=11&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=106&icsg=4236129461731330&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x269&msz=300x262&ga_vid=1643016272.1600349720&ga_sid=1600349720&ga_hid=1485600483&ga_fc=true&ga_wpids=UA-124345349-20&fws=4&ohw=340&btvi=4&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

19c3a02a98e5d7475c276714dd195f5cdee6960529e79a1d5596dae65306fb2a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:23 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 237
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 455 B
272 B 3207ms
3207ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4316486664546050&correlator=1898956237928425&output=ldjh&impl=fif&eid=21067409%2C21067450%2C21064170%2C21065517&vrg=2020091401&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-large-billboard-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&prev_scp=iid7%3D699267%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C251%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod72-c%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D8%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1034%26compid%3D0%26tap%3Dsecurityonline_info-large-billboard-2-699267%26eb_br%3Dd81e229576f8cb8a43ff5c6a8e596727%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D4%26bvm%3D0%26bvr%3D4%26shp%3D3%26br1%3D1500%26br2%3D750%26ezoic%3D1%26nmau%3D4%26mau%3D2%26stl%3D23%26deal1%3D21%2C22%2C23%2C24%2C25%2C26&cookie_enabled=1&bc=31&abxe=1&lmt=1600349720&dt=1600349720795&dlt=1600349720147&idt=540&frm=20&biw=1600&bih=1200&oid=3&adxs=1180&adys=2766&adks=1594893794&ucis=b&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,0C9C11|color_text,,000000|color_url,,0C9C11&ifi=12&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=106&icsg=4236129461731330&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x269&msz=300x262&ga_vid=1643016272.1600349720&ga_sid=1600349720&ga_hid=1485600483&ga_fc=true&ga_wpids=UA-124345349-20&fws=4&ohw=340&btvi=5&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

9f68bdf8676ee8d3d0dfbe173b8f70463dbbd5305300deb6de8a6335e54c715c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:23 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 238
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 455 B
296 B 3453ms
3453ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4316486664546050&correlator=1898956237928425&output=ldjh&impl=fif&eid=21067409%2C21067450%2C21064170%2C21065517&vrg=2020091401&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-large-billboard-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&prev_scp=iid7%3D699267%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C3%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod72-c%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D9%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1034%26compid%3D0%26tap%3Dsecurityonline_info-large-billboard-2-699267%26eb_br%3Dd81e229576f8cb8a43ff5c6a8e596727%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D4%26bvm%3D0%26bvr%3D4%26shp%3D3%26br1%3D1500%26br2%3D750%26ezoic%3D1%26nmau%3D4%26mau%3D3%26stl%3D23%26deal1%3D21%2C22%2C23%2C24%2C25%2C26&cookie_enabled=1&bc=31&abxe=1&lmt=1600349720&dt=1600349720798&dlt=1600349720147&idt=540&frm=20&biw=1600&bih=1200&oid=3&adxs=1180&adys=3037&adks=3075149205&ucis=c&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,0000FF|color_text,,000000|color_url,,828282&ifi=13&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=106&icsg=4236129461731330&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x269&msz=300x262&ga_vid=1643016272.1600349720&ga_sid=1600349720&ga_hid=1485600483&ga_fc=true&ga_wpids=UA-124345349-20&fws=4&ohw=340&btvi=6&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

a1121ddae718cdded9e8eb4397e229e6f6ea01b9da73cb8a85c47c8cca4da340

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:24 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 239
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 452 B
694 B 3869ms
3868ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4316486664546050&correlator=1898956237928425&output=ldjh&impl=fif&eid=21067409%2C21067450%2C21064170%2C21065517&vrg=2020091401&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-medrectangle-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=250x250&prev_scp=iid8%3D721815%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1110%26sap%3D1110%26a%3D%257C253%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod72-c%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D13%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D4%26al%3D1004%26compid%3D0%26tap%3Dsecurityonline_info-medrectangle-1-721815%26eb_br%3D6ac330e431a70c7d8ce9fb95aee95c72%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D1%26bvm%3D0%26bvr%3D7%26shp%3D3%26acptad%3D1%26br1%3D750%26br2%3D350%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D27%26deal1%3D21%2C22%2C23%2C24%2C25%2C26&cookie_enabled=1&bc=31&abxe=1&lmt=1600349720&dt=1600349720801&dlt=1600349720147&idt=540&frm=20&biw=1600&bih=1200&oid=3&adxs=200&adys=11498&adks=2847974443&ucis=d&sps=channel,,3327506388|color_bg,,EEFF00|color_border,,EEFF00|color_link,,000000|color_text,,000000|color_url,,000000&ifi=14&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=106&icsg=4236129461731330&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1380x270&msz=1200x250&ga_vid=1643016272.1600349720&ga_sid=1600349720&ga_hid=1485600483&ga_fc=true&ga_wpids=UA-124345349-20&fws=0&ohw=0&btvi=7&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

fff0fc6b7399ea7d14385fe27a25180ea359dd7231043ca63ae374e2ce2972e6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:24 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 238
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 451 B
271 B 3650ms
3649ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4316486664546050&correlator=1898956237928425&output=ldjh&impl=fif&eid=21067409%2C21067450%2C21064170%2C21065517&vrg=2020091401&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-medrectangle-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=970x90&prev_scp=iid7%3D674117%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1100%26sap%3D1100%26a%3D%257C3%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod72-c%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D10%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D5%26al%3D1005%26compid%3D0%26tap%3Dsecurityonline_info-medrectangle-2-674117%26eb_br%3D12a3b3570adcf20fd41a00445219acaa%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D14%26bvm%3D0%26bvr%3D4%26shp%3D1%26br1%3D2000%26br2%3D1000%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D23%26deal1%3D22%2C23%2C24%2C25%2C26&cookie_enabled=1&bc=31&abxe=1&lmt=1600349720&dt=1600349720804&dlt=1600349720147&idt=540&frm=20&biw=1600&bih=1200&oid=3&adxs=315&adys=1102&adks=3873167905&ucis=e&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,0000FF|color_text,,000000|color_url,,828282&ifi=15&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=106&icsg=4236129461731330&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=970x-1&msz=970x-1&ga_vid=1643016272.1600349720&ga_sid=1600349720&ga_hid=1485600483&ga_fc=true&ga_wpids=UA-124345349-20&fws=516&ohw=970&btvi=0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

c9ec9b8861083a87f9ec094f091a3e603bcdd290423d9fbddb74dda311396469

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:24 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 241
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ga-audiences
www.google.com/ads/ 42 B
260 B 23ms
22ms Image
image/gif 2a00:1450:4001:825::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j86&tid=UA-63315582-2&cid=1643016272.1600349720&jid=2041138097&_u=IQBCAUAAAAAAAC~&z=961964489

Requested by

Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:825::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Sep 2020 13:35:20 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
106 B 30ms
29ms Image
image/gif 2a00:1450:4001:819::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j86&tid=UA-63315582-2&cid=1643016272.1600349720&jid=2041138097&_u=IQBCAUAAAAAAAC~&z=961964489

Requested by

Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Sep 2020 13:35:20 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
87 B 40ms
39ms Image
image/gif 2a00:1450:4001:818::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ins_no_ifr&sf=true

Requested by

Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Sep 2020 13:35:20 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 204
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
22 B 40ms
39ms Image
image/gif 2a00:1450:4001:818::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=abg_host&host=securityonline.info

Requested by

Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Sep 2020 13:35:20 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 204
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads
googleads.g.doubleclick.net/pagead/ Frame 80EF 0
0 56ms
55ms Document
text/html 2a00:1450:4001:818::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6396844742497208&output=html&adk=1812271804&adf=3025194257&lmt=1600349720&plaf=1%3A2%2C2%3A2%2C3%3A2%2C4%3A2%2C5%3A2&plat=1%3A32904%2C2%3A16810120%2C8%3A128%2C9%3A32904%2C10%3A32%2C11%3A32%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C27%3A128%2C30%3A1081472%2C32%3A32%2C40%3A32&guci=1.2.0.0.2.2.0.0&format=0x0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&ea=0&flash=0&pra=5&wgl=1&dt=1600349720604&bpp=5&bdt=457&idt=229&shv=r20200914&cbv=r20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=1730772452021&frm=20&pv=2&ga_vid=1643016272.1600349720&ga_sid=1600349720&ga_hid=1485600483&ga_fc=1&ga_wpids=UA-124345349-20&iag=0&icsg=4236129461731330&dssz=106&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C44723322%2C21066647&oid=3&pvsid=4316486664546050&pem=505&rx=0&eae=2&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8192&bc=31&ifi=0&uci=a!0&fsb=1&dtd=240

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200914/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-6396844742497208&output=html&adk=1812271804&adf=3025194257&lmt=1600349720&plaf=1%3A2%2C2%3A2%2C3%3A2%2C4%3A2%2C5%3A2&plat=1%3A32904%2C2%3A16810120%2C8%3A128%2C9%3A32904%2C10%3A32%2C11%3A32%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C27%3A128%2C30%3A1081472%2C32%3A32%2C40%3A32&guci=1.2.0.0.2.2.0.0&format=0x0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&ea=0&flash=0&pra=5&wgl=1&dt=1600349720604&bpp=5&bdt=457&idt=229&shv=r20200914&cbv=r20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=1730772452021&frm=20&pv=2&ga_vid=1643016272.1600349720&ga_sid=1600349720&ga_hid=1485600483&ga_fc=1&ga_wpids=UA-124345349-20&iag=0&icsg=4236129461731330&dssz=106&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C44723322%2C21066647&oid=3&pvsid=4316486664546050&pem=505&rx=0&eae=2&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8192&bc=31&ifi=0&uci=a!0&fsb=1&dtd=240
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/

Response headers

status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Thu, 17 Sep 2020 13:35:20 GMT
server: cafe
content-length: 34
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 17-Sep-2020 13:50:20 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
expires: Thu, 17 Sep 2020 13:35:20 GMT
cache-control: private

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 72 KB
28 KB 62ms
42ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200914/r20190131/show_ads_impl_fy2019.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fef134a7880b8d72bac16738b34fe1ed9a72da52f702537b22486826cd3b5888

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1600083386116863"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 27476
x-xss-protection: 0
expires: Thu, 17 Sep 2020 13:35:20 GMT

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
22 B 48ms
48ms Image
image/gif 2a00:1450:4001:818::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=jserror&context=159&msg=TypeError%3A%20Cannot%20read%20property%20%27id%27%20of%20null%0Aat%20jz%20(https%3A%2F%2Fpagead2.googlesyndication.com%2Fpagead%2Fjs%2Fr20200914%2Fr20190131%2Fshow_ads_impl_fy2019.js%3A350%3A355)%0Aat%20Vz%20(show_ads_impl_fy2019.js%3A392%3A406)%0Aat%20Zz%20(show_ads_impl_fy2019.js%3A399%3A258)%0Aat%20async%20Sy%20(show_ads_impl_fy2019.js%3A339%3A1389)&shv=r20200914&eid=42530672%2C44723322%2C21066647&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F

Requested by

Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Sep 2020 13:35:20 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 204
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 async-ads.js Show response
cse.google.com/adsense/search/ 182 KB
63 KB 62ms
47ms Script
text/javascript 2a00:1450:4001:817::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cse.google.com/adsense/search/async-ads.js

Requested by

Host: www.google.com
URL: https://www.google.com/cse/static/element/26b8d00a7c7a0812/cse_element__en.js?usqp=CAI%3D

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

157288640b5b1d678bbbc7bce5487839525cde47df5a185ddacee936d1ba0cf6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "16777430387727823404"
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
status: 200
cache-control: private, max-age=3600
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
expires: Thu, 17 Sep 2020 13:35:20 GMT

GET
H3-Q050 200 clear.png
www.google.com/cse/static/css/v2/ 1018 B
1 KB 6ms
6ms Image
image/png 2a00:1450:4001:825::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/cse/static/css/v2/clear.png

Requested by

Host: www.google.com
URL: https://www.google.com/cse/static/element/26b8d00a7c7a0812/default+en.css

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:825::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

329d1a750114920332eadc55c129957d9dbe5a1b25745e2f7e0ed4fad75e04cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/cse/static/element/26b8d00a7c7a0812/default+en.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 14 Sep 2020 09:03:54 GMT
x-content-type-options: nosniff
last-modified: Mon, 25 May 2020 08:30:00 GMT
server: sffe
age: 275486
content-type: image/png
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1018
x-xss-protection: 0
expires: Tue, 14 Sep 2021 09:03:54 GMT

GET
H3-Q050 200 branding.png
www.google.com/cse/static/images/1x/en/ 1 KB
1 KB 6ms
5ms Image
image/png 2a00:1450:4001:825::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/cse/static/images/1x/en/branding.png

Requested by

Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:825::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

331b2b1241f1f2a53744bdca867c5b76954d9431970e91f490f64c707fc24a16

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 14 Sep 2020 09:06:25 GMT
x-content-type-options: nosniff
last-modified: Mon, 25 May 2020 08:30:00 GMT
server: sffe
age: 275335
content-type: image/png
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1372
x-xss-protection: 0
expires: Tue, 14 Sep 2021 09:06:25 GMT

GET
H2 204 generate_204
clients1.google.com/ 0
222 B 26ms
5ms Image
text/plain 2a00:1450:4001:81e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://clients1.google.com/generate_204
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:81e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 204
date: Thu, 17 Sep 2020 13:35:20 GMT
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H2 200 dark-bottom.css
securityonline.info/ezoic/styles/ 3 KB
855 B 34ms
34ms Stylesheet
text/css 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://securityonline.info/ezoic/styles/dark-bottom.css
Requested by: Host: securityonline.info
URL: https://securityonline.info/ezoic/cookieconsent.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 94edf973e9deb80b5eccf17f8f3108eafe15209fe25fe417e8f8962a4d8f48b3

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:21 GMT
content-encoding: br
last-modified: Fri, 11 Sep 2020 19:55:52 GMT
server: nginx/1.16.0
etag: "bd7-5af0f126c2200-gzip"
vary: Accept-Encoding, Accept-Encoding
content-type: text/css
status: 200
cache-control: max-age=31536000, public
accept-ranges: bytes
content-length: 725

GET
H2 200 greenoaks.gif
securityonline.info/detroitchicago/ 43 B
77 B 33ms
31ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI2Y2Q5MmI3Zi03ZjllLTQxZWMtNDQ2ZS0yMWUwYTU3MzhmY2EiLCJkb21haW5faWQiOiIxMjQ1MzMiLCJ0X2Vwb2NoIjoxNjAwMzQ5NzE5LCJkYXRhIjpbeyJuYW1lIjoibmF2aWdhdGlvbl90eXBlIiwidmFsIjoiMCJ9LHsibmFtZSI6InJlZGlyZWN0X2NvdW50IiwidmFsIjoiMCJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6IjZjZDkyYjdmLTdmOWUtNDFlYy00NDZlLTIxZTBhNTczOGZjYSIsImRvbWFpbl9pZCI6IjEyNDUzMyIsInRfZXBvY2giOjE2MDAzNDk3MTksImRhdGEiOlt7Im5hbWUiOiJwZXJmX2lzX3RyYWNrZWQiLCJ2YWwiOiIxIn0seyJuYW1lIjoicGVyZl9uYXZfdG9fY29ubmVjdCIsInZhbCI6Ijg3In0seyJuYW1lIjoicGVyZl9jb25uZWN0X3RvX3Jlc3Bfc3RhcnQiLCJ2YWwiOiI2MzQifSx7Im5hbWUiOiJwZXJmX3Jlc3BfdGltZSIsInZhbCI6IjIyIn0seyJuYW1lIjoicGVyZl9pbnRlcmFjdGl2ZSIsInZhbCI6IjM3NiJ9LHsibmFtZSI6InBlcmZfY29udGVudGxvYWRlZCIsInZhbCI6IjQ0NSJ9LHsibmFtZSI6InBlcmZfY29tcGxldGUiLCJ2YWwiOiI4MzMifV19XQ==
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:21 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:35:21 UTC

GET
H2 200 greenoaks.gif
securityonline.info/detroitchicago/ 43 B
77 B 35ms
34ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI2Y2Q5MmI3Zi03ZjllLTQxZWMtNDQ2ZS0yMWUwYTU3MzhmY2EiLCJkb21haW5faWQiOiIxMjQ1MzMiLCJ0X2Vwb2NoIjoxNjAwMzQ5NzE5LCJkYXRhIjpbeyJuYW1lIjoiZmlyc3RfcGFpbnQiLCJ2YWwiOiI4NTUifV19LHsidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI2Y2Q5MmI3Zi03ZjllLTQxZWMtNDQ2ZS0yMWUwYTU3MzhmY2EiLCJkb21haW5faWQiOiIxMjQ1MzMiLCJ0X2Vwb2NoIjoxNjAwMzQ5NzE5LCJkYXRhIjpbeyJuYW1lIjoiZmlyc3RfY29udGVudGZ1bF9wYWludCIsInZhbCI6Ijg1NSJ9XX1d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:21 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:35:21 UTC

GET
H2 200 greenoaks.gif
securityonline.info/detroitchicago/ 43 B
77 B 33ms
32ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI2Y2Q5MmI3Zi03ZjllLTQxZWMtNDQ2ZS0yMWUwYTU3MzhmY2EiLCJkb21haW5faWQiOiIxMjQ1MzMiLCJ0X2Vwb2NoIjoxNjAwMzQ5NzE5LCJkYXRhIjpbeyJuYW1lIjoiY29ubmVjdGlvbl9lZmZlY3RpdmVfdHlwZSIsInZhbCI6IjRnIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiNmNkOTJiN2YtN2Y5ZS00MWVjLTQ0NmUtMjFlMGE1NzM4ZmNhIiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidF9lcG9jaCI6MTYwMDM0OTcxOSwiZGF0YSI6W3sibmFtZSI6ImNvbm5lY3Rpb25fZG93bmxpbmsiLCJ2YWwiOiIxMCJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6IjZjZDkyYjdmLTdmOWUtNDFlYy00NDZlLTIxZTBhNTczOGZjYSIsImRvbWFpbl9pZCI6IjEyNDUzMyIsInRfZXBvY2giOjE2MDAzNDk3MTksImRhdGEiOlt7Im5hbWUiOiJjb25uZWN0aW9uX3J0dCIsInZhbCI6IjAifV19XQ==
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:21 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:35:21 UTC

GET
H3-Q050 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 8 KB
7 KB 38ms
25ms XHR
application/json 2a00:1450:4001:818::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20200914&st=env

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200914/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

971f0f0cb5b714b6e1205861ab1010bd7247643d14da5d3fd721f930a3588541

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 17 Sep 2020 13:35:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 6388
x-xss-protection: 0

GET
H3-Q050 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 14 KB
6 KB 60ms
45ms Script
text/javascript 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200914/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08f50e9e70388c99977ca13b6af3a49f8f48c83e79230d51ea72a56c0735bd0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1591403518460474"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5540
x-xss-protection: 0
expires: Thu, 17 Sep 2020 13:35:21 GMT

GET
H3-Q050 200 runner.html
tpc.googlesyndication.com/sodar/sodar2/210/ Frame 659F 0
0 6ms
6ms Document
text/html 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/210/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/210/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/

Response headers

status: 200
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
content-length: 4590
date: Thu, 17 Sep 2020 12:47:34 GMT
expires: Fri, 17 Sep 2021 12:47:34 GMT
last-modified: Wed, 26 Feb 2020 19:47:50 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 2867
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 greenoaks.gif
securityonline.info/detroitchicago/ 43 B
77 B 32ms
31ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI2Y2Q5MmI3Zi03ZjllLTQxZWMtNDQ2ZS0yMWUwYTU3MzhmY2EiLCJkb21haW5faWQiOiIxMjQ1MzMiLCJ0X2Vwb2NoIjoxNjAwMzQ5NzE5LCJkYXRhIjpbeyJuYW1lIjoidGltZXJfZmlyc3RfYWRfcmVxdWVzdCIsInZhbCI6IjEwMzgifV19XQ==
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:21 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:35:21 UTC

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
45 B 40ms
39ms Image
image/gif 2a00:1450:4001:818::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=210&t=2&li=gda_r20200914&jk=4316486664546050&bg=!ERKlEgpYiFXvLeu4Z24CAAAASFIAAAAPCgDPj-BoLbsMnPNFS4cxvgU3H_BBHfVw7riiE6hV9Ng7MY0EV3C4Oa0He0rNPe5OFUsbJ2hK3upNaudZFkNp3uiR6IeRnUEa9V_GVtwQWpgM00pZSLmGvYjo9wbRG6A4SL04PmPlQwKooUJwedVuJy5ZMm2tuYh18Lfdv83CFxAt9z2fMuGWMSFS0X6KbIMxAzvPw3pX0DCTmmnhZ3xBeq5zx7c8Po8RrRTJ_IIlUnp2iieSnUFw9AN820KRUffi3H_Rc-Va4ox22muUoUaA5VCTmQGsSFgNdLuB-ePzqowrHcnzg5BkqbjTzFPMyUMjOQzHWQOMiaYrJQablCu4mrEKUIRk7cs8HbI6lu2Nqg-l2grIhBx9uOyadmUftE99dkURd2-MNg2EnVH3DPIgESJFip3OXuOYTdFvW4Is7E8Ym7QfY7MDdYU-3KVGrwSLZ3dg2hrxPddpc5kyMDNPTRANgYhnKhD0kbpD1kCNpJ9eZJ4qAh3q7stCrUVXABNqSFXWFlmz2qS9lxOnVcS2IQm1s_v8INDE5jg4M4CdKGrlRXhMml5NBaU4nmxYqVn3diY9O6C3xcrni2lLuqItBo6zV-mQcdDzRevGnxs7bQywLdQ_D_SMAxgN5n13CTNywHryJpLDdT_blKKwoVC-RB4kzK82w0MGsTjOXmEwM33gBDWF10-r6BXlDUejEStz-LNeSPv6H8T3txGQnDnKMZSGaEA9idvG5BML4dTTHWn_hRRls3UoQPtvkyFaQffNGR-JaBH2enfwpHzZctK9od9UXI1WzNYzaYHOy_YeYVYsX_6KvoRXMuG3Lqy5lj-rP0IeAfQkIipZH5OjbwSt_rI

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Sep 2020 13:35:21 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 204
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ 68 KB
21 KB 40ms
14ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Requested by: Host: securityonline.info
URL: https://securityonline.info/porpoiseant/dall3202test.js?cb=191-2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: b260d188c64b6737b307a491daf03fdbbe9937e531d88496bdbf359ab6f3c943

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:23 GMT
content-encoding: gzip
last-modified: Tue, 25 Aug 2020 15:42:48 GMT
server: nginx
etag: W/"5f453178-1109f"
status: 200
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
timing-allow-origin: *
expires: Fri, 18 Sep 2020 13:35:23 GMT

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ 68 KB
21 KB 46ms
22ms XHR
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Requested by: Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: b260d188c64b6737b307a491daf03fdbbe9937e531d88496bdbf359ab6f3c943

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:23 GMT
content-encoding: gzip
last-modified: Tue, 25 Aug 2020 15:42:48 GMT
server: nginx
etag: W/"5f453178-1109f"
status: 200
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
timing-allow-origin: *
expires: Fri, 18 Sep 2020 13:35:23 GMT

GET
H/1.1 204
No Content beacon
ap.lijit.com/ Frame 98C8 0
0 38ms
37ms Document
text/plain 216.52.2.30
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/beacon?informer=8711458
Requested by: Host: securityonline.info
URL: https://securityonline.info/porpoiseant/dall3202test.js?cb=191-2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.30 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx / raptor
Resource Hash

Request headers

Host: ap.lijit.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/

Response headers

Server: nginx
Date: Thu, 17 Sep 2020 13:35:23 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Pragma: no-cache
Expires: Fri, 20 Mar 2009 00:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
X-Powered-By: raptor
X-Sovrn-Pod: ad_ap6ams1

GET
H/1.1 200
OK showad.js
ads.pubmatic.com/AdServer/js/ Frame 424F 0
0 129ms
46ms Document
text/html 23.210.249.92
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: securityonline.info
URL: https://securityonline.info/porpoiseant/dall3202test.js?cb=191-2
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.210.249.92 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-249-92.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash

Request headers

Host: ads.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/

Response headers

Last-Modified: Sat, 01 Aug 2020 14:58:34 GMT
ETag: "13006b6-94fd-5abd223c2ac92"
Server: Apache/2.2.15 (CentOS)
Accept-Ranges: bytes
Content-Encoding: gzip
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 13837
Content-Type: text/html; charset=UTF-8
Cache-Control: public, max-age=24292
Expires: Thu, 17 Sep 2020 20:20:15 GMT
Date: Thu, 17 Sep 2020 13:35:23 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 438 B
474 B 320ms
319ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4316486664546050&correlator=3423043934766843&output=ldjh&impl=fif&adsid=NT&eid=21067409%2C21067450%2C21064170%2C21065517%2C21067036&vrg=2020091401&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-large-billboard-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=3&rcs=1&prev_scp=iid7%3D699267%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C251%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod72-c%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D8%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1034%26compid%3D0%26tap%3Dsecurityonline_info-large-billboard-2-699267%26eb_br%3D6ac330e431a70c7d8ce9fb95aee95c72%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D4%26bvm%3D0%26bvr%3D4%26shp%3D3%26br1%3D750%26br2%3D750%26ezoic%3D1%26nmau%3D4%26mau%3D2%26stl%3D23%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26lb%3D1500%26reqt%3D1600349724131&eri=1&cookie=ID%3D56accf87a16e13fe-22e0f714ddb80071%3AT%3D1600349720%3AS%3DALNI_MbYEVCROuPc82yqKso3DQDL2otyvw&bc=31&abxe=1&lmt=1600349724&dt=1600349724135&dlt=1600349720147&idt=540&frm=20&biw=1600&bih=1200&oid=3&adxs=1180&adys=2798&adks=1594893794&ucis=f&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,0C9C11|color_text,,000000|color_url,,0C9C11&ifi=16&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=108&icsg=4236129461731330&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x269&msz=300x262&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1643016272.1600349720&ga_sid=1600349720&ga_hid=1485600483&ga_wpids=UA-124345349-20&fws=4&ohw=340&btvi=8&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

560c9762f1a93cbe16414664ce9bee69178e6ba991457d442768c54350ba7c5e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:24 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 227
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 445 B
399 B 326ms
325ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4316486664546050&correlator=1727201553610095&output=ldjh&impl=fif&adsid=NT&eid=21067409%2C21067450%2C21064170%2C21065517%2C21067036&vrg=2020091401&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-large-billboard-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=3&rcs=1&prev_scp=iid7%3D699267%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C252%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod72-c%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D7%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1034%26compid%3D0%26tap%3Dsecurityonline_info-large-billboard-2-699267%26eb_br%3D6ac330e431a70c7d8ce9fb95aee95c72%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D4%26bvm%3D0%26bvr%3D4%26shp%3D3%26br1%3D750%26br2%3D750%26ezoic%3D1%26nmau%3D4%26mau%3D1%26stl%3D25%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26lb%3D1500%26reqt%3D1600349724142&eri=1&cookie=ID%3D56accf87a16e13fe-22e0f714ddb80071%3AT%3D1600349720%3AS%3DALNI_MbYEVCROuPc82yqKso3DQDL2otyvw&bc=31&abxe=1&lmt=1600349724&dt=1600349724145&dlt=1600349720147&idt=540&frm=20&biw=1600&bih=1200&oid=3&adxs=1180&adys=2527&adks=4008027628&ucis=g&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,FF6600|color_text,,000000|color_url,,FF6600&ifi=17&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=108&icsg=4236129461731330&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x269&msz=300x262&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1643016272.1600349720&ga_sid=1600349720&ga_hid=1485600483&ga_wpids=UA-124345349-20&fws=4&ohw=340&btvi=9&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

9d6018d81293c8eed8e3699f3d03bad1c88dd5921bd729fc0ae3033f14ee538c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:24 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 233
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 438 B
394 B 348ms
337ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4316486664546050&correlator=184905157096586&output=ldjh&impl=fif&adsid=NT&eid=21067409%2C21067450%2C21064170%2C21065517%2C21067036&vrg=2020091401&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-large-billboard-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=3&rcs=1&prev_scp=iid7%3D699267%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C124%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod72-c%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D6%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1034%26compid%3D0%26tap%3Dsecurityonline_info-large-billboard-2-699267%26eb_br%3D6ac330e431a70c7d8ce9fb95aee95c72%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D4%26bvm%3D0%26bvr%3D4%26shp%3D3%26br1%3D750%26br2%3D750%26ezoic%3D1%26nmau%3D4%26mau%3D0%26stl%3D46%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26lb%3D1500%26reqt%3D1600349724150&eri=1&cookie=ID%3D56accf87a16e13fe-22e0f714ddb80071%3AT%3D1600349720%3AS%3DALNI_MbYEVCROuPc82yqKso3DQDL2otyvw&bc=31&abxe=1&lmt=1600349724&dt=1600349724157&dlt=1600349720147&idt=540&frm=20&biw=1600&bih=1200&oid=3&adxs=1180&adys=2256&adks=3088204122&ucis=h&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,FF0000|color_text,,000000|color_url,,FF0000&ifi=18&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=108&icsg=4236129461731330&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x269&msz=300x262&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1643016272.1600349720&ga_sid=1600349720&ga_hid=1485600483&ga_wpids=UA-124345349-20&fws=4&ohw=340&btvi=10&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

fae029a7132853c4b68e6de7ed89a30da1e86ba0ca33056c9510c02ebb286ff0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:24 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 227
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 426 B
390 B 390ms
389ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4316486664546050&correlator=1800136347979879&output=ldjh&impl=fif&adsid=NT&eid=21067409%2C21067450%2C21064170%2C21065517%2C21067036&vrg=2020091401&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=3&rcs=1&prev_scp=iid7%3D688667%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1107%26sap%3D1107%26a%3D%257C5%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod72-c%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D2%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dsecurityonline_info-box-1-688667%26eb_br%3D76163170a8636ae5b88417f095893e08%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D13%26bvm%3D0%26bvr%3D3%26shp%3D3%26acptad%3D1%26br1%3D400%26br2%3D400%26ezoic%3D1%26nmau%3D4%26mau%3D2%26stl%3D33%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26hb_bidder%3Dpubmatic%26hb_adid%3D73c655feb9eaf5c%26hb_pb%3D0.01%26hb_format%3Dbanner%26hb_ssid%3D10061%26lb%3D800%26reqt%3D1600349724162&eri=1&cookie=ID%3D56accf87a16e13fe-22e0f714ddb80071%3AT%3D1600349720%3AS%3DALNI_MbYEVCROuPc82yqKso3DQDL2otyvw&bc=31&abxe=1&lmt=1600349724&dt=1600349724168&dlt=1600349720147&idt=540&frm=20&biw=1600&bih=1200&oid=3&adxs=1181&adys=1223&adks=4209624997&ucis=i&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,20929A|color_text,,000000|color_url,,F0F0F0&ifi=19&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=108&icsg=4236129461731330&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x271&msz=302x264&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1643016272.1600349720&ga_sid=1600349720&ga_hid=1485600483&ga_wpids=UA-124345349-20&fws=4&ohw=302&btvi=11&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

5e45fc2c6594ef5ee350c6bcc8ff4fbdfb993a38ed0ea23ccc1aa344b3a199fc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:24 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 220
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 426 B
403 B 347ms
337ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4316486664546050&correlator=1453213127410676&output=ldjh&impl=fif&adsid=NT&eid=21067409%2C21067450%2C21064170%2C21065517%2C21067036&vrg=2020091401&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=3&rcs=1&prev_scp=iid7%3D688667%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1107%26sap%3D1107%26a%3D%257C124%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod72-c%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D3%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dsecurityonline_info-box-1-688667%26eb_br%3D76163170a8636ae5b88417f095893e08%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D13%26bvm%3D0%26bvr%3D3%26shp%3D3%26acptad%3D1%26br1%3D400%26br2%3D400%26ezoic%3D1%26nmau%3D4%26mau%3D3%26stl%3D36%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26lb%3D800%26reqt%3D1600349724183&eri=1&cookie=ID%3D56accf87a16e13fe-22e0f714ddb80071%3AT%3D1600349720%3AS%3DALNI_MbYEVCROuPc82yqKso3DQDL2otyvw&bc=31&abxe=1&lmt=1600349724&dt=1600349724248&dlt=1600349720147&idt=540&frm=20&biw=1600&bih=1200&oid=3&adxs=1181&adys=1496&adks=857680164&ucis=j&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,FF0000|color_text,,000000|color_url,,FF0000&ifi=20&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=108&icsg=4236129461731330&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x271&msz=302x264&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1643016272.1600349720&ga_sid=1600349720&ga_hid=1485600483&ga_wpids=UA-124345349-20&fws=4&ohw=302&btvi=12&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

a6727397edae6987936d8170ee63d2af5ad0f9a7ee27fd02a83c842658d1be4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:24 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 221
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 426 B
386 B 332ms
331ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4316486664546050&correlator=1597130456508675&output=ldjh&impl=fif&adsid=NT&eid=21067409%2C21067450%2C21064170%2C21065517%2C21067036&vrg=2020091401&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=3&rcs=1&prev_scp=iid7%3D688667%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1107%26sap%3D1107%26a%3D%257C6%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod72-c%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D1%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dsecurityonline_info-box-1-688667%26eb_br%3D76163170a8636ae5b88417f095893e08%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D13%26bvm%3D0%26bvr%3D3%26shp%3D3%26acptad%3D1%26br1%3D400%26br2%3D400%26ezoic%3D1%26nmau%3D4%26mau%3D1%26stl%3D37%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26lb%3D800%26reqt%3D1600349724256&eri=1&cookie=ID%3D56accf87a16e13fe-22e0f714ddb80071%3AT%3D1600349720%3AS%3DALNI_MbYEVCROuPc82yqKso3DQDL2otyvw&bc=31&abxe=1&lmt=1600349724&dt=1600349724261&dlt=1600349720147&idt=540&frm=20&biw=1600&bih=1200&oid=3&adxs=1181&adys=950&adks=77239893&ucis=k&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,858585|color_text,,000000|color_url,,F0F0F0&ifi=21&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=108&icsg=4236129461731330&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x271&msz=302x264&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1643016272.1600349720&ga_sid=1600349720&ga_hid=1485600483&ga_wpids=UA-124345349-20&fws=4&ohw=302&btvi=0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

202b996ecf2e297ad729f6416b33aa1e4615c2f11425a2aae9fb829c259641dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:24 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 221
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 426 B
390 B 297ms
297ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4316486664546050&correlator=3755335480445857&output=ldjh&impl=fif&adsid=NT&eid=21067409%2C21067450%2C21064170%2C21065517%2C21067036&vrg=2020091401&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=4&rcs=1&prev_scp=iid7%3D688667%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1107%26sap%3D1107%26a%3D%257C6%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod72-c%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D0%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dsecurityonline_info-box-1-688667%26eb_br%3D76163170a8636ae5b88417f095893e08%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D13%26bvm%3D0%26bvr%3D3%26shp%3D3%26acptad%3D1%26br1%3D400%26br2%3D400%26ezoic%3D1%26nmau%3D4%26mau%3D0%26stl%3D34%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26lb%3D800%26reqt%3D1600349724267&eri=1&cookie=ID%3D56accf87a16e13fe-22e0f714ddb80071%3AT%3D1600349720%3AS%3DALNI_MbYEVCROuPc82yqKso3DQDL2otyvw&bc=31&abxe=1&lmt=1600349724&dt=1600349724269&dlt=1600349720147&idt=540&frm=20&biw=1600&bih=1200&oid=3&adxs=1181&adys=677&adks=3972398835&ucis=l&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,858585|color_text,,000000|color_url,,F0F0F0&ifi=22&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=108&icsg=4236129461731330&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x271&msz=302x264&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1643016272.1600349720&ga_sid=1600349720&ga_hid=1485600483&ga_wpids=UA-124345349-20&fws=4&ohw=302&btvi=0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

d7076bf3e5b101bd3b76d647d62599536b825fce772df9b78b51f32c9f833666

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:24 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 221
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 441 B
414 B 433ms
432ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4316486664546050&correlator=4195063839158317&output=ldjh&impl=fif&adsid=NT&eid=21067409%2C21067450%2C21064170%2C21065517%2C21067036&vrg=2020091401&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-large-mobile-banner-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ris=4&rcs=1&prev_scp=iid7%3D679815%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1105%26sap%3D1105%26a%3D%257C6%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod72-c%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D12%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D704%26al%3D1704%26compid%3D0%26tap%3Dsecurityonline_info-large-mobile-banner-1-679815%26eb_br%3D5bac35e1a3b6adc56da706000a645484%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D28%26bvm%3D2%26bvr%3D5%26shp%3D1%26br1%3D650%26br2%3D550%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D26%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26hb_bidder%3Dgumgum%26hb_adid%3D71c9a72bf8eec54%26hb_pb%3D0.01%26hb_format%3Dbanner%26hb_ssid%3D10079%26lb%3D1100%26reqt%3D1600349724274&eri=1&cookie=ID%3D56accf87a16e13fe-22e0f714ddb80071%3AT%3D1600349720%3AS%3DALNI_MbYEVCROuPc82yqKso3DQDL2otyvw&bc=31&abxe=1&lmt=1600349724&dt=1600349724275&dlt=1600349720147&idt=540&frm=20&biw=1600&bih=1200&oid=3&adxs=141&adys=11207&adks=1839183081&ucis=m&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,858585|color_text,,000000|color_url,,F0F0F0&ifi=23&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=108&icsg=4236129461731330&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=980x98&msz=982x92&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1643016272.1600349720&ga_sid=1600349720&ga_hid=1485600483&ga_wpids=UA-124345349-20&fws=4&ohw=982&btvi=13&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

b1952a049c1c32e2f84609ab6e51fc7c38ba2b699556b6f13ce5502159b75f16

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:24 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 225
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 428 B
604 B 374ms
370ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4316486664546050&correlator=1699209593504708&output=ldjh&impl=fif&adsid=NT&eid=21067409%2C21067450%2C21064170%2C21065517%2C21067036&vrg=2020091401&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-leader-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ris=4&rcs=1&prev_scp=iid8%3D702667%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1103%26sap%3D1103%26a%3D%257C251%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod72-c%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D11%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D37%26al%3D1037%26compid%3D0%26tap%3Dsecurityonline_info-leader-1-702667%26eb_br%3D6ac330e431a70c7d8ce9fb95aee95c72%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D12%26bvm%3D0%26bvr%3D2%26shp%3D1%26br1%3D750%26br2%3D750%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D75%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26hb_bidder%3Dpubmatic%26hb_adid%3D7664a2e68e7c622%26hb_pb%3D0.02%26hb_format%3Dbanner%26hb_ssid%3D10061%26lb%3D1500%26reqt%3D1600349724278&eri=1&cookie=ID%3D56accf87a16e13fe-22e0f714ddb80071%3AT%3D1600349720%3AS%3DALNI_MbYEVCROuPc82yqKso3DQDL2otyvw&bc=31&abxe=1&lmt=1600349724&dt=1600349724280&dlt=1600349720147&idt=540&frm=20&biw=1600&bih=1200&oid=3&adxs=141&adys=1088&adks=4103646004&ucis=n&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,0C9C11|color_text,,000000|color_url,,0C9C11&ifi=24&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=108&icsg=4236129461731330&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=880x99&msz=882x92&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1643016272.1600349720&ga_sid=1600349720&ga_hid=1485600483&ga_wpids=UA-124345349-20&fws=4&ohw=882&btvi=0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

fbfa862d58428e1b4d0c8d9e35c1a21561ed65a830cebdd54f9aaba73cad5827

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:24 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 221
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 434 B
396 B 321ms
321ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4316486664546050&correlator=1559461153214978&output=ldjh&impl=fif&adsid=NT&eid=21067409%2C21067450%2C21064170%2C21065517%2C21067036&vrg=2020091401&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-medrectangle-3&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ris=4&rcs=1&prev_scp=iid8%3D707967%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1112%26sap%3D1112%26a%3D%257C253%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod72-c%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D4%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D21%26al%3D1021%26compid%3D0%26tap%3Dsecurityonline_info-medrectangle-3-707967%26eb_br%3D736e09a0771285737509ab8954c475a7%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D4%26bvm%3D0%26bvr%3D4%26shp%3D1%26br1%3D1200%26br2%3D1100%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D117%26deal1%3D22%2C23%2C24%2C25%2C26%2C21%26hb_bidder%3Dpubmatic%26hb_adid%3D7451a5a5820f115%26hb_pb%3D0.02%26hb_format%3Dbanner%26hb_ssid%3D10061%26lb%3D2300%26reqt%3D1600349724283&eri=1&cookie=ID%3D56accf87a16e13fe-22e0f714ddb80071%3AT%3D1600349720%3AS%3DALNI_MbYEVCROuPc82yqKso3DQDL2otyvw&bc=31&abxe=1&lmt=1600349724&dt=1600349724286&dlt=1600349720147&idt=540&frm=20&biw=1600&bih=1200&oid=3&adxs=140&adys=852&adks=2766934257&ucis=o&sps=channel,,3327506388|color_bg,,EEFF00|color_border,,EEFF00|color_link,,000000|color_text,,000000|color_url,,000000&ifi=25&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=108&icsg=4236129461731330&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=880x97&msz=880x90&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1643016272.1600349720&ga_sid=1600349720&ga_hid=1485600483&ga_wpids=UA-124345349-20&fws=0&ohw=0&btvi=0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

5d34d23e272d1779464212f4913d8364e834d3fcc1cf68b8c06cda9764b5ee49

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:24 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 230
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 432 B
396 B 411ms
411ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4316486664546050&correlator=2875591628634174&output=ldjh&impl=fif&adsid=NT&eid=21067409%2C21067450%2C21064170%2C21065517%2C21067036&vrg=2020091401&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-box-3&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ris=4&rcs=1&prev_scp=iid8%3D728117%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1104%26sap%3D1104%26a%3D%257C3%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod72-c%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D5%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D2%26al%3D1002%26compid%3D0%26tap%3Dsecurityonline_info-box-3-728117%26eb_br%3De95a0029a1c0d52e1f82ee010826e7d9%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D28%26bvm%3D2%26bvr%3D5%26shp%3D1%26br1%3D4000%26br2%3D3200%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D72%26deal1%3D24%2C25%2C26%26lb%3D6500%26reqt%3D1600349724290&eri=1&cookie=ID%3D56accf87a16e13fe-22e0f714ddb80071%3AT%3D1600349720%3AS%3DALNI_MbYEVCROuPc82yqKso3DQDL2otyvw&bc=31&abxe=1&lmt=1600349724&dt=1600349724291&dlt=1600349720147&idt=540&frm=20&biw=1600&bih=1200&oid=3&adxs=141&adys=513&adks=1835722818&ucis=p&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,0000FF|color_text,,000000|color_url,,828282&ifi=26&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=108&icsg=4236129461731330&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=880x99&msz=882x92&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1643016272.1600349720&ga_sid=1600349720&ga_hid=1485600483&ga_wpids=UA-124345349-20&fws=4&ohw=882&btvi=0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

58538d7f63f5d5e7567b4a66d69f0d00ca5af01426b82f084c9965f4fd8d2ad2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:24 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 228
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 438 B
257 B 311ms
309ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4316486664546050&correlator=1906311741815780&output=ldjh&impl=fif&adsid=NT&eid=21067409%2C21067450%2C21064170%2C21065517%2C21067036&vrg=2020091401&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-large-billboard-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=4&rcs=1&prev_scp=iid7%3D699267%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C3%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod72-c%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D9%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1034%26compid%3D0%26tap%3Dsecurityonline_info-large-billboard-2-699267%26eb_br%3D6ac330e431a70c7d8ce9fb95aee95c72%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D4%26bvm%3D0%26bvr%3D4%26shp%3D3%26br1%3D750%26br2%3D750%26ezoic%3D1%26nmau%3D4%26mau%3D3%26stl%3D23%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26hb_bidder%3Dpubmatic%26hb_adid%3D75723963cb92e63%26hb_pb%3D0.01%26hb_format%3Dbanner%26hb_ssid%3D10061%26lb%3D1500%26reqt%3D1600349724348&eri=1&cookie=ID%3D4b22df92cf68fe28-225b0cbcdcb800dc%3AT%3D1600349720%3AS%3DALNI_MZgQDbNxK6KNat07DNbrs_uYWWYdQ&bc=31&abxe=1&lmt=1600349724&dt=1600349724362&dlt=1600349720147&idt=540&frm=20&biw=1600&bih=1200&oid=3&adxs=1180&adys=3069&adks=3075149205&ucis=q&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,0000FF|color_text,,000000|color_url,,828282&ifi=27&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=108&icsg=4236129461731330&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x269&msz=300x262&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1643016272.1600349720&ga_sid=1600349720&ga_hid=1485600483&ga_wpids=UA-124345349-20&fws=4&ohw=340&btvi=14&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

d58bb602933a5965ac11c7e4adf8ee78dc28d708bcca0bf61e5c1eea43176d57

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:24 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 225
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 342 B
187 B 377ms
377ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4316486664546050&correlator=1096406088954388&output=ldjh&impl=fif&adsid=NT&eid=21067409%2C21067450%2C21064170%2C21065517%2C21067036&vrg=2020091401&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-medrectangle-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=970x90&ris=4&rcs=1&prev_scp=iid7%3D674117%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1100%26sap%3D1100%26a%3D%257C3%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod72-c%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D10%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D5%26al%3D1005%26compid%3D0%26tap%3Dsecurityonline_info-medrectangle-2-674117%26eb_br%3Dc5429b6ddd929d0bc40a832a87789a7c%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D14%26bvm%3D0%26bvr%3D4%26shp%3D1%26br1%3D1000%26br2%3D1000%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D23%26deal1%3D22%2C23%2C24%2C25%2C26%2C21%26lb%3D2000%26reqt%3D1600349724479&eri=1&cookie=ID%3D56accf87a16e13fe%3AT%3D1600349720%3AS%3DALNI_MbiHeyJl_NlrOsLY5U7-aJE-nLUFg&bc=31&abxe=1&lmt=1600349724&dt=1600349724481&dlt=1600349720147&idt=540&frm=20&biw=1600&bih=1200&oid=3&adxs=315&adys=1102&adks=3873167905&ucis=r&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,0000FF|color_text,,000000|color_url,,828282&ifi=28&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=108&icsg=4236129461731330&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=970x-1&msz=970x-1&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1643016272.1600349720&ga_sid=1600349720&ga_hid=1485600483&ga_wpids=UA-124345349-20&fws=516&ohw=970&btvi=0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

4e94e1937263253901f5abbf4f4e4af6e64355c6006bf17815f9bf53a1eed7b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:24 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 154
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 330 B
169 B 518ms
517ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4316486664546050&correlator=108120306434278&output=ldjh&impl=fif&adsid=NT&eid=21067409%2C21067450%2C21064170%2C21065517%2C21067036&vrg=2020091401&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-large-billboard-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=2&prev_scp=iid7%3D699267%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C251%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod72-c%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D8%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1034%26compid%3D0%26tap%3Dsecurityonline_info-large-billboard-2-699267%26eb_br%3D76163170a8636ae5b88417f095893e08%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D4%26bvm%3D0%26bvr%3D4%26shp%3D3%26br1%3D400%26br2%3D750%26ezoic%3D1%26nmau%3D4%26mau%3D2%26stl%3D23%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26lb%3D750%26reqt%3D1600349724646&eri=1&cookie=ID%3D56accf87a16e13fe%3AT%3D1600349720%3AS%3DALNI_MbiHeyJl_NlrOsLY5U7-aJE-nLUFg&bc=31&abxe=1&lmt=1600349724&dt=1600349724647&dlt=1600349720147&idt=540&frm=20&biw=1600&bih=1200&oid=3&adxs=1180&adys=2798&adks=1594893794&ucis=s&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,0C9C11|color_text,,000000|color_url,,0C9C11&ifi=29&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=108&icsg=4236129461731330&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x269&msz=300x262&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1643016272.1600349720&ga_sid=1600349720&ga_hid=1485600483&ga_wpids=UA-124345349-20&fws=4&ohw=340&btvi=15&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

5f610b26f64a24393b507cc04fc6dfe3ad1db063abf172c072507ff8cce98b22

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:25 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 136
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 330 B
170 B 227ms
227ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4316486664546050&correlator=126201936847838&output=ldjh&impl=fif&adsid=NT&eid=21067409%2C21067450%2C21064170%2C21065517%2C21067036&vrg=2020091401&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-large-billboard-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=2&prev_scp=iid7%3D699267%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C252%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod72-c%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D7%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1034%26compid%3D0%26tap%3Dsecurityonline_info-large-billboard-2-699267%26eb_br%3D76163170a8636ae5b88417f095893e08%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D4%26bvm%3D0%26bvr%3D4%26shp%3D3%26br1%3D400%26br2%3D750%26ezoic%3D1%26nmau%3D4%26mau%3D1%26stl%3D25%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26lb%3D750%26reqt%3D1600349724662&eri=1&cookie=ID%3D56accf87a16e13fe%3AT%3D1600349720%3AS%3DALNI_MbiHeyJl_NlrOsLY5U7-aJE-nLUFg&bc=31&abxe=1&lmt=1600349724&dt=1600349724664&dlt=1600349720147&idt=540&frm=20&biw=1600&bih=1200&oid=3&adxs=1180&adys=2527&adks=4008027628&ucis=t&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,FF6600|color_text,,000000|color_url,,FF6600&ifi=30&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=108&icsg=4236129461731330&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x269&msz=300x262&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1643016272.1600349720&ga_sid=1600349720&ga_hid=1485600483&ga_wpids=UA-124345349-20&fws=4&ohw=340&btvi=16&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

50452097439c6a3bf6553aaa8760e8f1e5027ac3094a1cec0a18e410a5aa7332

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:24 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 137
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 330 B
246 B 229ms
229ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4316486664546050&correlator=246184887630654&output=ldjh&impl=fif&adsid=NT&eid=21067409%2C21067450%2C21064170%2C21065517%2C21067036&vrg=2020091401&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-large-billboard-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=2&prev_scp=iid7%3D699267%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C124%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod72-c%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D6%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1034%26compid%3D0%26tap%3Dsecurityonline_info-large-billboard-2-699267%26eb_br%3D76163170a8636ae5b88417f095893e08%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D4%26bvm%3D0%26bvr%3D4%26shp%3D3%26br1%3D400%26br2%3D750%26ezoic%3D1%26nmau%3D4%26mau%3D0%26stl%3D46%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26lb%3D750%26reqt%3D1600349724679&eri=1&cookie=ID%3D4b22df92cf68fe28%3AT%3D1600349720%3AS%3DALNI_Ma-GfthRm3hCLfbYSoSLf9HLIUwiw&bc=31&abxe=1&lmt=1600349724&dt=1600349724681&dlt=1600349720147&idt=540&frm=20&biw=1600&bih=1200&oid=3&adxs=1180&adys=2256&adks=3088204122&ucis=u&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,FF0000|color_text,,000000|color_url,,FF0000&ifi=31&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=108&icsg=4236129461731330&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x269&msz=300x262&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1643016272.1600349720&ga_sid=1600349720&ga_hid=1485600483&ga_wpids=UA-124345349-20&fws=4&ohw=340&btvi=17&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

d955e63bec86fd10587a65c51ac7cc350e359fee2a0377b6699fe0f102f79e77

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:24 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 137
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 327 B
196 B 362ms
362ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4316486664546050&correlator=1064738636866797&output=ldjh&impl=fif&adsid=NT&eid=21067409%2C21067450%2C21064170%2C21065517%2C21067036&vrg=2020091401&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-medrectangle-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=250x250&ris=4&rcs=1&prev_scp=iid8%3D721815%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1110%26sap%3D1110%26a%3D%257C253%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod72-c%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D13%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D4%26al%3D1004%26compid%3D0%26tap%3Dsecurityonline_info-medrectangle-1-721815%26eb_br%3D76163170a8636ae5b88417f095893e08%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D1%26bvm%3D0%26bvr%3D7%26shp%3D3%26acptad%3D1%26br1%3D400%26br2%3D350%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D27%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26lb%3D750%26reqt%3D1600349724685&eri=1&cookie=ID%3D4b22df92cf68fe28%3AT%3D1600349720%3AS%3DALNI_Ma-GfthRm3hCLfbYSoSLf9HLIUwiw&bc=31&abxe=1&lmt=1600349724&dt=1600349724686&dlt=1600349720147&idt=540&frm=20&biw=1600&bih=1200&oid=3&adxs=200&adys=11498&adks=2847974443&ucis=v&sps=channel,,3327506388|color_bg,,EEFF00|color_border,,EEFF00|color_link,,000000|color_text,,000000|color_url,,000000&ifi=32&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=108&icsg=4236129461731330&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1380x270&msz=1200x250&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1643016272.1600349720&ga_sid=1600349720&ga_hid=1485600483&ga_wpids=UA-124345349-20&fws=0&ohw=0&btvi=18&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

b1dc24e006fa2318e39f6f3f768fa16406f11e834edd45edb67fcc9a5528bb20

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:25 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 139
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 318 B
163 B 290ms
289ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4316486664546050&correlator=199288369024494&output=ldjh&impl=fif&adsid=NT&eid=21067409%2C21067450%2C21064170%2C21065517%2C21067036&vrg=2020091401&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=2&prev_scp=iid7%3D688667%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1107%26sap%3D1107%26a%3D%257C5%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod72-c%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D2%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dsecurityonline_info-box-1-688667%26eb_br%3Daf063c244089b52ec5a0423a258f1f8e%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D13%26bvm%3D0%26bvr%3D3%26shp%3D3%26acptad%3D1%26br1%3D140%26br2%3D400%26ezoic%3D1%26nmau%3D4%26mau%3D2%26stl%3D33%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C17%2C20%26hb_bidder%3Dpubmatic%26hb_adid%3D73c655feb9eaf5c%26hb_pb%3D0.01%26hb_format%3Dbanner%26hb_ssid%3D10061%26lb%3D400%26reqt%3D1600349724696&eri=1&cookie=ID%3D4b22df92cf68fe28%3AT%3D1600349720%3AS%3DALNI_Ma-GfthRm3hCLfbYSoSLf9HLIUwiw&bc=31&abxe=1&lmt=1600349724&dt=1600349724697&dlt=1600349720147&idt=540&frm=20&biw=1600&bih=1200&oid=3&adxs=1181&adys=1223&adks=4209624997&ucis=w&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,20929A|color_text,,000000|color_url,,F0F0F0&ifi=33&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=108&icsg=4236129461731330&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x271&msz=302x264&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1643016272.1600349720&ga_sid=1600349720&ga_hid=1485600483&ga_wpids=UA-124345349-20&fws=4&ohw=302&btvi=19&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

1963ed83c844461f924e3ed1429f3a0723bba1201b4bede25c93542a91ec24c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:24 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 130
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 318 B
163 B 295ms
294ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4316486664546050&correlator=1441589303688426&output=ldjh&impl=fif&adsid=NT&eid=21067409%2C21067450%2C21064170%2C21065517%2C21067036&vrg=2020091401&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=2&prev_scp=iid7%3D688667%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1107%26sap%3D1107%26a%3D%257C124%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod72-c%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D3%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dsecurityonline_info-box-1-688667%26eb_br%3Daf063c244089b52ec5a0423a258f1f8e%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D13%26bvm%3D0%26bvr%3D3%26shp%3D3%26acptad%3D1%26br1%3D140%26br2%3D400%26ezoic%3D1%26nmau%3D4%26mau%3D3%26stl%3D36%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C17%2C20%26lb%3D400%26reqt%3D1600349724762&eri=1&cookie=ID%3D56accf87a16e13fe%3AT%3D1600349720%3AS%3DALNI_MbiHeyJl_NlrOsLY5U7-aJE-nLUFg&bc=31&abxe=1&lmt=1600349724&dt=1600349724764&dlt=1600349720147&idt=540&frm=20&biw=1600&bih=1200&oid=3&adxs=1181&adys=1496&adks=857680164&ucis=x&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,FF0000|color_text,,000000|color_url,,FF0000&ifi=34&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=108&icsg=4236129461731330&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x271&msz=302x264&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1643016272.1600349720&ga_sid=1600349720&ga_hid=1485600483&ga_wpids=UA-124345349-20&fws=4&ohw=302&btvi=20&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

58f8361c4491694a5d3ceaf1abe63a5671bd6e9e7e3ae8f802de04a5d2118083

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:25 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 318 B
160 B 344ms
344ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4316486664546050&correlator=4422284824465701&output=ldjh&impl=fif&adsid=NT&eid=21067409%2C21067450%2C21064170%2C21065517%2C21067036&vrg=2020091401&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=2&prev_scp=iid7%3D688667%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1107%26sap%3D1107%26a%3D%257C6%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod72-c%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D1%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dsecurityonline_info-box-1-688667%26eb_br%3Daf063c244089b52ec5a0423a258f1f8e%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D13%26bvm%3D0%26bvr%3D3%26shp%3D3%26acptad%3D1%26br1%3D140%26br2%3D400%26ezoic%3D1%26nmau%3D4%26mau%3D1%26stl%3D37%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C17%2C20%26lb%3D400%26reqt%3D1600349724779&eri=1&cookie=ID%3D56accf87a16e13fe%3AT%3D1600349720%3AS%3DALNI_MbiHeyJl_NlrOsLY5U7-aJE-nLUFg&bc=31&abxe=1&lmt=1600349724&dt=1600349724781&dlt=1600349720147&idt=540&frm=20&biw=1600&bih=1200&oid=3&adxs=1181&adys=950&adks=77239893&ucis=y&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,858585|color_text,,000000|color_url,,F0F0F0&ifi=35&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=108&icsg=4236129461731330&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x271&msz=302x264&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1643016272.1600349720&ga_sid=1600349720&ga_hid=1485600483&ga_wpids=UA-124345349-20&fws=4&ohw=302&btvi=0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

9f1ef43e08b0ac48f46756f93bfccf5659938df5e9faf5d173d9d5b0d865a6ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:25 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 318 B
159 B 422ms
422ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4316486664546050&correlator=1753041475823325&output=ldjh&impl=fif&adsid=NT&eid=21067409%2C21067450%2C21064170%2C21065517%2C21067036&vrg=2020091401&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=2&prev_scp=iid7%3D688667%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1107%26sap%3D1107%26a%3D%257C6%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod72-c%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D0%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dsecurityonline_info-box-1-688667%26eb_br%3Daf063c244089b52ec5a0423a258f1f8e%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D13%26bvm%3D0%26bvr%3D3%26shp%3D3%26acptad%3D1%26br1%3D140%26br2%3D400%26ezoic%3D1%26nmau%3D4%26mau%3D0%26stl%3D34%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C17%2C20%26lb%3D400%26reqt%3D1600349724785&eri=1&cookie=ID%3D56accf87a16e13fe%3AT%3D1600349720%3AS%3DALNI_MbiHeyJl_NlrOsLY5U7-aJE-nLUFg&bc=31&abxe=1&lmt=1600349724&dt=1600349724787&dlt=1600349720147&idt=540&frm=20&biw=1600&bih=1200&oid=3&adxs=1181&adys=677&adks=3972398835&ucis=z&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,858585|color_text,,000000|color_url,,F0F0F0&ifi=36&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=108&icsg=4236129461731330&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x271&msz=302x264&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1643016272.1600349720&ga_sid=1600349720&ga_hid=1485600483&ga_wpids=UA-124345349-20&fws=4&ohw=302&btvi=0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

7e35cabd11a8b69eeb4985b0201fffbafbc87f8ea0520574c8a919d9fa4f086a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:25 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 130
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 334 B
168 B 346ms
345ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4316486664546050&correlator=2359875420846384&output=ldjh&impl=fif&adsid=NT&eid=21067409%2C21067450%2C21064170%2C21065517%2C21067036&vrg=2020091401&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-large-mobile-banner-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ris=1&rcs=2&prev_scp=iid7%3D679815%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1105%26sap%3D1105%26a%3D%257C6%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod72-c%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D12%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D704%26al%3D1704%26compid%3D0%26tap%3Dsecurityonline_info-large-mobile-banner-1-679815%26eb_br%3D6e85b37de1b1ffc2593baa5d6e4b02fc%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D28%26bvm%3D2%26bvr%3D5%26shp%3D1%26br1%3D450%26br2%3D550%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D26%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26hb_bidder%3Dgumgum%26hb_adid%3D71c9a72bf8eec54%26hb_pb%3D0.01%26hb_format%3Dbanner%26hb_ssid%3D10079%26lb%3D650%26reqt%3D1600349724790&eri=1&cookie=ID%3D56accf87a16e13fe%3AT%3D1600349720%3AS%3DALNI_MbiHeyJl_NlrOsLY5U7-aJE-nLUFg&bc=31&abxe=1&lmt=1600349724&dt=1600349724791&dlt=1600349720147&idt=540&frm=20&biw=1600&bih=1200&oid=3&adxs=141&adys=11207&adks=1839183081&ucis=10&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,858585|color_text,,000000|color_url,,F0F0F0&ifi=37&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=108&icsg=4236129461731330&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=980x98&msz=982x92&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1643016272.1600349720&ga_sid=1600349720&ga_hid=1485600483&ga_wpids=UA-124345349-20&fws=4&ohw=982&btvi=21&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

3917bfd518c94961381b2d86323537c6feebf347b1a4575327dddb9a8c1f62e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:25 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 135
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 321 B
160 B 419ms
418ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4316486664546050&correlator=528535880616797&output=ldjh&impl=fif&adsid=NT&eid=21067409%2C21067450%2C21064170%2C21065517%2C21067036&vrg=2020091401&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-leader-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ris=1&rcs=2&prev_scp=iid8%3D702667%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1103%26sap%3D1103%26a%3D%257C251%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod72-c%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D11%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D37%26al%3D1037%26compid%3D0%26tap%3Dsecurityonline_info-leader-1-702667%26eb_br%3D527e52c10635ac8136a4c84094ee49a8%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D12%26bvm%3D0%26bvr%3D2%26shp%3D1%26br1%3D70%26br2%3D750%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D75%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C17%2C19%2C20%26hb_bidder%3Dpubmatic%26hb_adid%3D7664a2e68e7c622%26hb_pb%3D0.02%26hb_format%3Dbanner%26hb_ssid%3D10061%26lb%3D750%26reqt%3D1600349724812&eri=1&cookie=ID%3D56accf87a16e13fe%3AT%3D1600349720%3AS%3DALNI_MbiHeyJl_NlrOsLY5U7-aJE-nLUFg&bc=31&abxe=1&lmt=1600349724&dt=1600349724815&dlt=1600349720147&idt=540&frm=20&biw=1600&bih=1200&oid=3&adxs=141&adys=1088&adks=4103646004&ucis=11&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,0C9C11|color_text,,000000|color_url,,0C9C11&ifi=38&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=108&icsg=4236129461731330&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=880x99&msz=882x92&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1643016272.1600349720&ga_sid=1600349720&ga_hid=1485600483&ga_wpids=UA-124345349-20&fws=4&ohw=882&btvi=0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

b66198ba22b75ded5361e12c0aa672d1b32c96e066ddc0f9d07d0bfbd1dc05a8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:25 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 327 B
172 B 343ms
342ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4316486664546050&correlator=212027053004034&output=ldjh&impl=fif&adsid=NT&eid=21067409%2C21067450%2C21064170%2C21065517%2C21067036&vrg=2020091401&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-medrectangle-3&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ris=1&rcs=2&prev_scp=iid8%3D707967%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1112%26sap%3D1112%26a%3D%257C253%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod72-c%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D4%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D21%26al%3D1021%26compid%3D0%26tap%3Dsecurityonline_info-medrectangle-3-707967%26eb_br%3D45a351e981f435b4c20fafca8a5d741c%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D4%26bvm%3D0%26bvr%3D4%26shp%3D1%26br1%3D600%26br2%3D1100%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D117%26deal1%3D22%2C23%2C24%2C25%2C26%2C21%2C21%26hb_bidder%3Dpubmatic%26hb_adid%3D7451a5a5820f115%26hb_pb%3D0.02%26hb_format%3Dbanner%26hb_ssid%3D10061%26lb%3D1200%26reqt%3D1600349724820&eri=1&cookie=ID%3D56accf87a16e13fe%3AT%3D1600349720%3AS%3DALNI_MbiHeyJl_NlrOsLY5U7-aJE-nLUFg&bc=31&abxe=1&lmt=1600349724&dt=1600349724822&dlt=1600349720147&idt=540&frm=20&biw=1600&bih=1200&oid=3&adxs=140&adys=852&adks=2766934257&ucis=12&sps=channel,,3327506388|color_bg,,EEFF00|color_border,,EEFF00|color_link,,000000|color_text,,000000|color_url,,000000&ifi=39&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=108&icsg=4236129461731330&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=880x97&msz=880x90&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1643016272.1600349720&ga_sid=1600349720&ga_hid=1485600483&ga_wpids=UA-124345349-20&fws=0&ohw=0&btvi=0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

6e84679afcd6b3318255311ebf79a473b7471ca8cf4ddce1d387bbfa5b1242dc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:25 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 140
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 318 B
160 B 419ms
418ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4316486664546050&correlator=1310973605442303&output=ldjh&impl=fif&adsid=NT&eid=21067409%2C21067450%2C21064170%2C21065517%2C21067036&vrg=2020091401&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-box-3&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ris=1&rcs=2&prev_scp=iid8%3D728117%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1104%26sap%3D1104%26a%3D%257C3%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod72-c%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D5%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D2%26al%3D1002%26compid%3D0%26tap%3Dsecurityonline_info-box-3-728117%26eb_br%3Da9ec56005762ef40746ec1b6d554f472%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D28%26bvm%3D2%26bvr%3D5%26shp%3D1%26br1%3D2800%26br2%3D3200%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D72%26deal1%3D24%2C25%2C26%2C23%2C24%2C25%2C26%26lb%3D4000%26reqt%3D1600349724825&eri=1&cookie=ID%3D56accf87a16e13fe%3AT%3D1600349720%3AS%3DALNI_MbiHeyJl_NlrOsLY5U7-aJE-nLUFg&bc=31&abxe=1&lmt=1600349724&dt=1600349724827&dlt=1600349720147&idt=540&frm=20&biw=1600&bih=1200&oid=3&adxs=141&adys=513&adks=1835722818&ucis=13&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,0000FF|color_text,,000000|color_url,,828282&ifi=40&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=108&icsg=4236129461731330&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=880x99&msz=882x92&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1643016272.1600349720&ga_sid=1600349720&ga_hid=1485600483&ga_wpids=UA-124345349-20&fws=4&ohw=882&btvi=0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

f3e44f2d98e1375e63cee138c7f86a7a89fce505b8729ffaefac348cddfeaeaa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:25 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 128
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 337 B
179 B 318ms
317ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4316486664546050&correlator=268198263140000&output=ldjh&impl=fif&adsid=NT&eid=21067409%2C21067450%2C21064170%2C21065517%2C21067036&vrg=2020091401&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-large-billboard-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=2&prev_scp=iid7%3D699267%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C3%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod72-c%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D9%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1034%26compid%3D0%26tap%3Dsecurityonline_info-large-billboard-2-699267%26eb_br%3D76163170a8636ae5b88417f095893e08%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D4%26bvm%3D0%26bvr%3D4%26shp%3D3%26br1%3D400%26br2%3D750%26ezoic%3D1%26nmau%3D4%26mau%3D3%26stl%3D23%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26hb_bidder%3Dpubmatic%26hb_adid%3D75723963cb92e63%26hb_pb%3D0.01%26hb_format%3Dbanner%26hb_ssid%3D10061%26lb%3D750%26reqt%3D1600349724879&eri=1&cookie=ID%3D56accf87a16e13fe%3AT%3D1600349720%3AS%3DALNI_MbiHeyJl_NlrOsLY5U7-aJE-nLUFg&bc=31&abxe=1&lmt=1600349724&dt=1600349724882&dlt=1600349720147&idt=540&frm=20&biw=1600&bih=1200&oid=3&adxs=1180&adys=3069&adks=3075149205&ucis=14&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,0000FF|color_text,,000000|color_url,,828282&ifi=41&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=108&icsg=4236129461731330&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x269&msz=300x262&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1643016272.1600349720&ga_sid=1600349720&ga_hid=1485600483&ga_wpids=UA-124345349-20&fws=4&ohw=340&btvi=22&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

ce5e132dd07f117213f781a070879ce0b9e798b7936f1b4b2d05666543a8fa2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:25 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 146
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 327 B
174 B 464ms
463ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4316486664546050&correlator=518671501797971&output=ldjh&impl=fif&adsid=NT&eid=21067409%2C21067450%2C21064170%2C21065517%2C21067036&vrg=2020091401&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-medrectangle-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=970x90&ris=1&rcs=2&prev_scp=iid7%3D674117%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1100%26sap%3D1100%26a%3D%257C3%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod72-c%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D10%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D5%26al%3D1005%26compid%3D0%26tap%3Dsecurityonline_info-medrectangle-2-674117%26eb_br%3D5f2b94bb26a5aa9b1a00e66d30cfd5ec%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D14%26bvm%3D0%26bvr%3D4%26shp%3D1%26br1%3D500%26br2%3D1000%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D23%26deal1%3D22%2C23%2C24%2C25%2C26%2C21%2C21%26lb%3D1000%26reqt%3D1600349724998&eri=1&cookie=ID%3D56accf87a16e13fe%3AT%3D1600349720%3AS%3DALNI_MbiHeyJl_NlrOsLY5U7-aJE-nLUFg&bc=31&abxe=1&lmt=1600349725&dt=1600349725004&dlt=1600349720147&idt=540&frm=20&biw=1600&bih=1200&oid=3&adxs=315&adys=1102&adks=3873167905&ucis=15&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,0000FF|color_text,,000000|color_url,,828282&ifi=42&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=108&icsg=4236129461731330&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=970x-1&msz=970x-1&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1643016272.1600349720&ga_sid=1600349720&ga_hid=1485600483&ga_wpids=UA-124345349-20&fws=516&ohw=970&btvi=0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

10df679888a9a7e691342a37ae36f72982ffa342f0f252257c8d9f9ee24ac72a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:25 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 142
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 337 B
175 B 426ms
425ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4316486664546050&correlator=1824818628950118&output=ldjh&impl=fif&adsid=NT&eid=21067409%2C21067450%2C21064170%2C21065517%2C21067036&vrg=2020091401&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-large-billboard-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=3&prev_scp=iid7%3D699267%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C252%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod72-c%26ic%3D4%26at%3Dmbf%26adr%3D399%26ezosn%3D7%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1034%26compid%3D0%26tap%3Dsecurityonline_info-large-billboard-2-699267%26eb_br%3D58ef7bddb438af5e257c4377f32c243a%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D4%26bvm%3D0%26bvr%3D4%26shp%3D3%26br1%3D120%26br2%3D750%26ezoic%3D1%26nmau%3D4%26mau%3D1%26stl%3D25%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C17%2C20%26lb%3D400%26reqt%3D1600349725179&eri=1&cookie=ID%3D56accf87a16e13fe%3AT%3D1600349720%3AS%3DALNI_MbiHeyJl_NlrOsLY5U7-aJE-nLUFg&bc=31&abxe=1&lmt=1600349725&dt=1600349725184&dlt=1600349720147&idt=540&frm=20&biw=1600&bih=1200&oid=3&adxs=1180&adys=2527&adks=4008027628&ucis=16&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,FF6600|color_text,,000000|color_url,,FF6600&ifi=43&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=108&icsg=4236129461731330&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x269&msz=300x262&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1643016272.1600349720&ga_sid=1600349720&ga_hid=1485600483&ga_wpids=UA-124345349-20&fws=4&ohw=340&btvi=23&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

c1cc7bba3d96fdeca166dbda5a3e139210fe3472cc8d0845ed01018f0bb9e3e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:25 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 146
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 331 B
171 B 185ms
184ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4316486664546050&correlator=4175395976608074&output=ldjh&impl=fif&adsid=NT&eid=21067409%2C21067450%2C21064170%2C21065517%2C21067036&vrg=2020091401&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-large-billboard-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=3&prev_scp=iid7%3D699267%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C251%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod72-c%26ic%3D4%26at%3Dmbf%26adr%3D399%26ezosn%3D8%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1034%26compid%3D0%26tap%3Dsecurityonline_info-large-billboard-2-699267%26eb_br%3D58ef7bddb438af5e257c4377f32c243a%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D4%26bvm%3D0%26bvr%3D4%26shp%3D3%26br1%3D120%26br2%3D750%26ezoic%3D1%26nmau%3D4%26mau%3D2%26stl%3D23%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C17%2C20%26lb%3D400%26reqt%3D1600349725191&eri=1&cookie=ID%3D56accf87a16e13fe%3AT%3D1600349720%3AS%3DALNI_MbiHeyJl_NlrOsLY5U7-aJE-nLUFg&bc=31&abxe=1&lmt=1600349725&dt=1600349725193&dlt=1600349720147&idt=540&frm=20&biw=1600&bih=1200&oid=3&adxs=1180&adys=2798&adks=1594893794&ucis=17&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,0C9C11|color_text,,000000|color_url,,0C9C11&ifi=44&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=108&icsg=4236129461731330&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x269&msz=300x262&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1643016272.1600349720&ga_sid=1600349720&ga_hid=1485600483&ga_wpids=UA-124345349-20&fws=4&ohw=340&btvi=24&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

bd86b95bea595c72222a1200def5ea607d4cb0ef52583f0e7dde76240604bd48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:25 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 138
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 331 B
184 B 582ms
582ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4316486664546050&correlator=3636877350038833&output=ldjh&impl=fif&adsid=NT&eid=21067409%2C21067450%2C21064170%2C21065517%2C21067036&vrg=2020091401&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-large-billboard-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=3&prev_scp=iid7%3D699267%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C124%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod72-c%26ic%3D4%26at%3Dmbf%26adr%3D399%26ezosn%3D6%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1034%26compid%3D0%26tap%3Dsecurityonline_info-large-billboard-2-699267%26eb_br%3D58ef7bddb438af5e257c4377f32c243a%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D4%26bvm%3D0%26bvr%3D4%26shp%3D3%26br1%3D120%26br2%3D750%26ezoic%3D1%26nmau%3D4%26mau%3D0%26stl%3D46%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C17%2C20%26lb%3D400%26reqt%3D1600349725218&eri=1&cookie=ID%3D56accf87a16e13fe%3AT%3D1600349720%3AS%3DALNI_MbiHeyJl_NlrOsLY5U7-aJE-nLUFg&bc=31&abxe=1&lmt=1600349725&dt=1600349725219&dlt=1600349720147&idt=540&frm=20&biw=1600&bih=1200&oid=3&adxs=1180&adys=2256&adks=3088204122&ucis=18&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,FF0000|color_text,,000000|color_url,,FF0000&ifi=45&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=108&icsg=4236129461731330&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x269&msz=300x262&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1643016272.1600349720&ga_sid=1600349720&ga_hid=1485600483&ga_wpids=UA-124345349-20&fws=4&ohw=340&btvi=25&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

5754421ebaaf43f5a5f98ae533d87f7d5ffa59b0afdc41843e4814fc87277438

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:25 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 138
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 328 B
167 B 310ms
309ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4316486664546050&correlator=3717178956064564&output=ldjh&impl=fif&adsid=NT&eid=21067409%2C21067450%2C21064170%2C21065517%2C21067036&vrg=2020091401&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-medrectangle-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=250x250&ris=1&rcs=2&prev_scp=iid8%3D721815%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1110%26sap%3D1110%26a%3D%257C253%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod72-c%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D13%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D4%26al%3D1004%26compid%3D0%26tap%3Dsecurityonline_info-medrectangle-1-721815%26eb_br%3D57914c3716312cb7e954090f0717ea25%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D1%26bvm%3D0%26bvr%3D7%26shp%3D3%26acptad%3D1%26br1%3D260%26br2%3D350%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D27%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%26lb%3D400%26reqt%3D1600349725222&eri=1&cookie=ID%3D56accf87a16e13fe%3AT%3D1600349720%3AS%3DALNI_MbiHeyJl_NlrOsLY5U7-aJE-nLUFg&bc=31&abxe=1&lmt=1600349725&dt=1600349725223&dlt=1600349720147&idt=540&frm=20&biw=1600&bih=1200&oid=3&adxs=200&adys=11498&adks=2847974443&ucis=19&sps=channel,,3327506388|color_bg,,EEFF00|color_border,,EEFF00|color_link,,000000|color_text,,000000|color_url,,000000&ifi=46&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=108&icsg=4236129461731330&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1380x270&msz=1200x250&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1643016272.1600349720&ga_sid=1600349720&ga_hid=1485600483&ga_wpids=UA-124345349-20&fws=0&ohw=0&btvi=26&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

d5ac8d4a97319fa88e5c67386d17a9a4f87e6fbc6eeb39a6b0e62b88e6222573

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:25 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 138
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 319 B
160 B 292ms
291ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4316486664546050&correlator=4124020766203696&output=ldjh&impl=fif&adsid=NT&eid=21067409%2C21067450%2C21064170%2C21065517%2C21067036&vrg=2020091401&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=3&prev_scp=iid7%3D688667%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1107%26sap%3D1107%26a%3D%257C5%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod72-c%26ic%3D4%26at%3Dmbf%26adr%3D399%26ezosn%3D2%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dsecurityonline_info-box-1-688667%26eb_br%3Dad0061a38dd7c6f7bcb692aee88dfda4%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D13%26bvm%3D0%26bvr%3D3%26shp%3D3%26acptad%3D1%26br1%3D14%26br2%3D400%26ezoic%3D1%26nmau%3D4%26mau%3D2%26stl%3D33%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C17%2C20%2C17%2C18%2C19%2C20%26hb_bidder%3Dpubmatic%26hb_adid%3D73c655feb9eaf5c%26hb_pb%3D0.01%26hb_format%3Dbanner%26hb_ssid%3D10061%26lb%3D140%26reqt%3D1600349725226&eri=1&cookie=ID%3D56accf87a16e13fe%3AT%3D1600349720%3AS%3DALNI_MbiHeyJl_NlrOsLY5U7-aJE-nLUFg&bc=31&abxe=1&lmt=1600349725&dt=1600349725228&dlt=1600349720147&idt=540&frm=20&biw=1600&bih=1200&oid=3&adxs=1181&adys=1223&adks=4209624997&ucis=1a&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,20929A|color_text,,000000|color_url,,F0F0F0&ifi=47&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=108&icsg=4236129461731330&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x271&msz=302x264&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1643016272.1600349720&ga_sid=1600349720&ga_hid=1485600483&ga_wpids=UA-124345349-20&fws=4&ohw=302&btvi=27&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

836994c723fd86222103c066fd2f12fde48749a5e3d5a60edfd37edc591f5799

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:25 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 325 B
168 B 172ms
172ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4316486664546050&correlator=2139159801563693&output=ldjh&impl=fif&adsid=NT&eid=21067409%2C21067450%2C21064170%2C21065517%2C21067036&vrg=2020091401&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=3&prev_scp=iid7%3D688667%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1107%26sap%3D1107%26a%3D%257C124%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod72-c%26ic%3D4%26at%3Dmbf%26adr%3D399%26ezosn%3D3%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dsecurityonline_info-box-1-688667%26eb_br%3Dad0061a38dd7c6f7bcb692aee88dfda4%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D13%26bvm%3D0%26bvr%3D3%26shp%3D3%26acptad%3D1%26br1%3D14%26br2%3D400%26ezoic%3D1%26nmau%3D4%26mau%3D3%26stl%3D36%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C17%2C20%2C17%2C18%2C19%2C20%26lb%3D140%26reqt%3D1600349725279&eri=1&cookie=ID%3D56accf87a16e13fe%3AT%3D1600349720%3AS%3DALNI_MbiHeyJl_NlrOsLY5U7-aJE-nLUFg&bc=31&abxe=1&lmt=1600349725&dt=1600349725281&dlt=1600349720147&idt=540&frm=20&biw=1600&bih=1200&oid=3&adxs=1181&adys=1496&adks=857680164&ucis=1b&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,FF0000|color_text,,000000|color_url,,FF0000&ifi=48&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=108&icsg=4236129461731330&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x271&msz=302x264&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1643016272.1600349720&ga_sid=1600349720&ga_hid=1485600483&ga_wpids=UA-124345349-20&fws=4&ohw=302&btvi=28&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

bb7e6544b935ba12e18c181e561969111f7e72cc3518506b82b06f98952dd777

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:25 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 139
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 319 B
160 B 199ms
199ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4316486664546050&correlator=684627118006103&output=ldjh&impl=fif&adsid=NT&eid=21067409%2C21067450%2C21064170%2C21065517%2C21067036&vrg=2020091401&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=3&prev_scp=iid7%3D688667%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1107%26sap%3D1107%26a%3D%257C6%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod72-c%26ic%3D4%26at%3Dmbf%26adr%3D399%26ezosn%3D1%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dsecurityonline_info-box-1-688667%26eb_br%3Dad0061a38dd7c6f7bcb692aee88dfda4%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D13%26bvm%3D0%26bvr%3D3%26shp%3D3%26acptad%3D1%26br1%3D14%26br2%3D400%26ezoic%3D1%26nmau%3D4%26mau%3D1%26stl%3D37%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C17%2C20%2C17%2C18%2C19%2C20%26lb%3D140%26reqt%3D1600349725296&eri=1&cookie=ID%3D56accf87a16e13fe%3AT%3D1600349720%3AS%3DALNI_MbiHeyJl_NlrOsLY5U7-aJE-nLUFg&bc=31&abxe=1&lmt=1600349725&dt=1600349725297&dlt=1600349720147&idt=540&frm=20&biw=1600&bih=1200&oid=3&adxs=1181&adys=950&adks=77239893&ucis=1c&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,858585|color_text,,000000|color_url,,F0F0F0&ifi=49&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=108&icsg=4236129461731330&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x271&msz=302x264&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1643016272.1600349720&ga_sid=1600349720&ga_hid=1485600483&ga_wpids=UA-124345349-20&fws=4&ohw=302&btvi=0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

9fc6094c2e6b0ff00f5fdfae47573fdcb4919bd1d76e53e958b8c08c5c9ec37c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:25 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 319 B
160 B 186ms
185ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4316486664546050&correlator=4495074579903578&output=ldjh&impl=fif&adsid=NT&eid=21067409%2C21067450%2C21064170%2C21065517%2C21067036&vrg=2020091401&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=3&prev_scp=iid7%3D688667%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1107%26sap%3D1107%26a%3D%257C6%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod72-c%26ic%3D4%26at%3Dmbf%26adr%3D399%26ezosn%3D0%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dsecurityonline_info-box-1-688667%26eb_br%3Dad0061a38dd7c6f7bcb692aee88dfda4%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D13%26bvm%3D0%26bvr%3D3%26shp%3D3%26acptad%3D1%26br1%3D14%26br2%3D400%26ezoic%3D1%26nmau%3D4%26mau%3D0%26stl%3D34%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C17%2C20%2C17%2C18%2C19%2C20%26lb%3D140%26reqt%3D1600349725302&eri=1&cookie=ID%3D56accf87a16e13fe%3AT%3D1600349720%3AS%3DALNI_MbiHeyJl_NlrOsLY5U7-aJE-nLUFg&bc=31&abxe=1&lmt=1600349725&dt=1600349725304&dlt=1600349720147&idt=540&frm=20&biw=1600&bih=1200&oid=3&adxs=1181&adys=677&adks=3972398835&ucis=1d&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,858585|color_text,,000000|color_url,,F0F0F0&ifi=50&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=108&icsg=4236129461731330&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x271&msz=302x264&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1643016272.1600349720&ga_sid=1600349720&ga_hid=1485600483&ga_wpids=UA-124345349-20&fws=4&ohw=302&btvi=0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

2bd0156e741e85449326079a5da45d83df16fd53f52505da7a3a41cb5bf9a62c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:25 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 340 B
171 B 217ms
216ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4316486664546050&correlator=3088028059105570&output=ldjh&impl=fif&adsid=NT&eid=21067409%2C21067450%2C21064170%2C21065517%2C21067036&vrg=2020091401&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-large-mobile-banner-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ris=1&rcs=3&prev_scp=iid7%3D679815%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1105%26sap%3D1105%26a%3D%257C6%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod72-c%26ic%3D4%26at%3Dmbf%26adr%3D399%26ezosn%3D12%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D704%26al%3D1704%26compid%3D0%26tap%3Dsecurityonline_info-large-mobile-banner-1-679815%26eb_br%3D9e0a1ce5b2455cb9b48d5df4c6bf4053%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D28%26bvm%3D2%26bvr%3D5%26shp%3D1%26br1%3D350%26br2%3D550%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D26%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26hb_bidder%3Dgumgum%26hb_adid%3D71c9a72bf8eec54%26hb_pb%3D0.01%26hb_format%3Dbanner%26hb_ssid%3D10079%26lb%3D450%26reqt%3D1600349725307&eri=1&cookie=ID%3D56accf87a16e13fe%3AT%3D1600349720%3AS%3DALNI_MbiHeyJl_NlrOsLY5U7-aJE-nLUFg&bc=31&abxe=1&lmt=1600349725&dt=1600349725309&dlt=1600349720147&idt=540&frm=20&biw=1600&bih=1200&oid=3&adxs=141&adys=11207&adks=1839183081&ucis=1e&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,858585|color_text,,000000|color_url,,F0F0F0&ifi=51&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=108&icsg=4236129461731330&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=980x98&msz=982x92&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1643016272.1600349720&ga_sid=1600349720&ga_hid=1485600483&ga_wpids=UA-124345349-20&fws=4&ohw=982&btvi=29&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

ae5e966202c7dee280dfb8585bfcb1be51cfb6e574e5be53d7da5431be4bc340

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:25 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 142
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 42 KB
11 KB 225ms
224ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4316486664546050&correlator=246129882511730&output=ldjh&impl=fif&adsid=NT&eid=21067409%2C21067450%2C21064170%2C21065517%2C21067036&vrg=2020091401&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-leader-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ris=1&rcs=3&prev_scp=iid8%3D702667%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1103%26sap%3D1103%26a%3D%257C251%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod72-c%26ic%3D4%26at%3Dbf%26adr%3D399%26ezosn%3D11%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D37%26al%3D1037%26compid%3D0%26tap%3Dsecurityonline_info-leader-1-702667%26eb_br%3Dzero%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D12%26bvm%3D0%26bvr%3D2%26shp%3D1%26br1%3D0%26br2%3D750%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D75%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C17%2C19%2C20%2C17%2C18%2C19%2C20%26hb_bidder%3Dpubmatic%26hb_adid%3D7664a2e68e7c622%26hb_pb%3D0.02%26hb_format%3Dbanner%26hb_ssid%3D10061%26lb%3D70%26reqt%3D1600349725333%26ss38%3D1%26ss9%3D1&eri=1&cookie=ID%3D56accf87a16e13fe%3AT%3D1600349720%3AS%3DALNI_MbiHeyJl_NlrOsLY5U7-aJE-nLUFg&bc=31&abxe=1&lmt=1600349725&dt=1600349725335&dlt=1600349720147&idt=540&frm=20&biw=1600&bih=1200&oid=3&adxs=141&adys=1088&adks=4103646004&ucis=1f&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,0C9C11|color_text,,000000|color_url,,0C9C11&ifi=52&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=108&icsg=4236129461731330&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=880x99&msz=882x92&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1643016272.1600349720&ga_sid=1600349720&ga_hid=1485600483&ga_wpids=UA-124345349-20&fws=4&ohw=882&btvi=0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

7650b657c66beaced0315d523bd74d8865635fac7b79c1e781cfb29eae95b579

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:25 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10701
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 327 B
167 B 224ms
224ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4316486664546050&correlator=399098207902728&output=ldjh&impl=fif&adsid=NT&eid=21067409%2C21067450%2C21064170%2C21065517%2C21067036&vrg=2020091401&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-medrectangle-3&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ris=1&rcs=3&prev_scp=iid8%3D707967%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1112%26sap%3D1112%26a%3D%257C253%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod72-c%26ic%3D4%26at%3Dmbf%26adr%3D399%26ezosn%3D4%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D21%26al%3D1021%26compid%3D0%26tap%3Dsecurityonline_info-medrectangle-3-707967%26eb_br%3D9ae587f95e95c876b7b76fd4c72a3838%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D4%26bvm%3D0%26bvr%3D4%26shp%3D1%26br1%3D180%26br2%3D1100%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D117%26deal1%3D22%2C23%2C24%2C25%2C26%2C21%2C21%2C20%2C21%26hb_bidder%3Dpubmatic%26hb_adid%3D7451a5a5820f115%26hb_pb%3D0.02%26hb_format%3Dbanner%26hb_ssid%3D10061%26lb%3D600%26reqt%3D1600349725338&eri=1&cookie=ID%3D56accf87a16e13fe%3AT%3D1600349720%3AS%3DALNI_MbiHeyJl_NlrOsLY5U7-aJE-nLUFg&bc=31&abxe=1&lmt=1600349725&dt=1600349725340&dlt=1600349720147&idt=540&frm=20&biw=1600&bih=1200&oid=3&adxs=140&adys=852&adks=2766934257&ucis=1g&sps=channel,,3327506388|color_bg,,EEFF00|color_border,,EEFF00|color_link,,000000|color_text,,000000|color_url,,000000&ifi=53&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=108&icsg=4236129461731330&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=880x97&msz=880x90&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1643016272.1600349720&ga_sid=1600349720&ga_hid=1485600483&ga_wpids=UA-124345349-20&fws=0&ohw=0&btvi=0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

1c429864fe1de58766a03163ffe0885b16562c72163627bd3dbbe34626063595

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:25 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 138
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 318 B
159 B 218ms
217ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4316486664546050&correlator=1550896368313575&output=ldjh&impl=fif&adsid=NT&eid=21067409%2C21067450%2C21064170%2C21065517%2C21067036&vrg=2020091401&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-box-3&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ris=1&rcs=3&prev_scp=iid8%3D728117%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1104%26sap%3D1104%26a%3D%257C3%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod72-c%26ic%3D4%26at%3Dmbf%26adr%3D399%26ezosn%3D5%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D2%26al%3D1002%26compid%3D0%26tap%3Dsecurityonline_info-box-3-728117%26eb_br%3D2620dac3b050a8e36c132f49cccab5a1%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D28%26bvm%3D2%26bvr%3D5%26shp%3D1%26br1%3D2200%26br2%3D3200%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D72%26deal1%3D24%2C25%2C26%2C23%2C24%2C25%2C26%2C22%2C23%2C24%2C25%2C26%26lb%3D2800%26reqt%3D1600349725346&eri=1&cookie=ID%3D56accf87a16e13fe%3AT%3D1600349720%3AS%3DALNI_MbiHeyJl_NlrOsLY5U7-aJE-nLUFg&bc=31&abxe=1&lmt=1600349725&dt=1600349725348&dlt=1600349720147&idt=540&frm=20&biw=1600&bih=1200&oid=3&adxs=141&adys=513&adks=1835722818&ucis=1h&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,0000FF|color_text,,000000|color_url,,828282&ifi=54&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=108&icsg=4236129461731330&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=880x99&msz=882x92&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1643016272.1600349720&ga_sid=1600349720&ga_hid=1485600483&ga_wpids=UA-124345349-20&fws=4&ohw=882&btvi=0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

610f9ce48302d0f60bfa714a6036350e37fc95993f503adc60111003eb0ad271

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:25 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 130
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 456 B
743 B 610ms
609ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4316486664546050&correlator=638847497798439&output=ldjh&impl=fif&adsid=NT&eid=21067409%2C21067450%2C21064170%2C21065517%2C21067036&vrg=2020091401&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-large-billboard-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=3&prev_scp=iid7%3D699267%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C3%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod72-c%26ic%3D4%26at%3Dmbf%26adr%3D399%26ezosn%3D9%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1034%26compid%3D0%26tap%3Dsecurityonline_info-large-billboard-2-699267%26eb_br%3D58ef7bddb438af5e257c4377f32c243a%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D4%26bvm%3D0%26bvr%3D4%26shp%3D3%26br1%3D120%26br2%3D750%26ezoic%3D1%26nmau%3D4%26mau%3D3%26stl%3D23%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C17%2C20%26hb_bidder%3Dpubmatic%26hb_adid%3D75723963cb92e63%26hb_pb%3D0.01%26hb_format%3Dbanner%26hb_ssid%3D10061%26lb%3D400%26reqt%3D1600349725396&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1600349725&dt=1600349725398&dlt=1600349720147&idt=540&frm=20&biw=1600&bih=1200&oid=3&adxs=1180&adys=3069&adks=3075149205&ucis=1i&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,0000FF|color_text,,000000|color_url,,828282&ifi=55&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=108&icsg=4236129461731330&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x269&msz=300x262&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1643016272.1600349720&ga_sid=1600349720&ga_hid=1485600483&ga_wpids=UA-124345349-20&fws=4&ohw=340&btvi=30&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

b3012281015578d547c34995d24b1280f3b1a08e8b9555594559743e4b6a8a7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:25 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 241
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 458 B
283 B 251ms
250ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4316486664546050&correlator=678155976107786&output=ldjh&impl=fif&adsid=NT&eid=21067409%2C21067450%2C21064170%2C21065517%2C21067036&vrg=2020091401&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-medrectangle-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=970x90&ris=1&rcs=3&prev_scp=iid7%3D674117%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1100%26sap%3D1100%26a%3D%257C3%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod72-c%26ic%3D4%26at%3Dmbf%26adr%3D399%26ezosn%3D10%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D5%26al%3D1005%26compid%3D0%26tap%3Dsecurityonline_info-medrectangle-2-674117%26eb_br%3Daf063c244089b52ec5a0423a258f1f8e%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D14%26bvm%3D0%26bvr%3D4%26shp%3D1%26br1%3D140%26br2%3D1000%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D23%26deal1%3D22%2C23%2C24%2C25%2C26%2C21%2C21%2C17%2C20%2C21%26lb%3D500%26reqt%3D1600349725562&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1600349725&dt=1600349725565&dlt=1600349720147&idt=540&frm=20&biw=1600&bih=1200&oid=3&adxs=315&adys=1102&adks=3873167905&ucis=1j&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,0000FF|color_text,,000000|color_url,,828282&ifi=56&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=108&icsg=4236129461731330&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=970x-1&msz=970x-1&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1643016272.1600349720&ga_sid=1600349720&ga_hid=1485600483&ga_wpids=UA-124345349-20&fws=516&ohw=970&btvi=0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

da8fa59837d543f3779c22e98284b13313e36d1addd62d77638fd5ed91f6700d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:25 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 249
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/012009010507000/ Frame FF4A 206 KB
56 KB 7ms
5ms Script
text/javascript 2a00:1450:4001:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

12a24c1feb4b8e8e3872a9fedee80fcce55a6f59b14607d640fcf4f3054ec43e

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 10794
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 57296
x-xss-protection: 0
server: sffe
date: Thu, 17 Sep 2020 10:35:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "9e379dcbf00ec980"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 17 Sep 2021 10:35:31 GMT

GET
H2 200 amp-ad-exit-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame FF4A 16 KB
6 KB 17ms
16ms Script
text/javascript 2a00:1450:4001:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-ad-exit-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d337aa4ea0cace6bd743ef8c3b5d1d20e6e676bb4a650c7335a7383635529f31

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 14588
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5755
x-xss-protection: 0
server: sffe
date: Thu, 17 Sep 2020 09:32:17 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "c8394c73e5080432"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 17 Sep 2021 09:32:17 GMT

GET
H2 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame FF4A 95 KB
29 KB 11ms
10ms Script
text/javascript 2a00:1450:4001:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-analytics-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

76a8c8ef4cde9cbd17bbaecf11ee316fab4e55cc661093e4b2d80a4e1ff52897

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 10830
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29275
x-xss-protection: 0
server: sffe
date: Thu, 17 Sep 2020 10:34:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "56557b91d9fb04b1"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 17 Sep 2021 10:34:55 GMT

GET
H2 200 amp-fit-text-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame FF4A 4 KB
2 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-fit-text-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6fca0b40781598023aed9b45225711771eafce8f14392a49d6ed57d567255002

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 13681
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1795
x-xss-protection: 0
server: sffe
date: Thu, 17 Sep 2020 09:47:24 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "b0cc102b09e8903d"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 17 Sep 2021 09:47:24 GMT

GET
H2 200 amp-form-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame FF4A 47 KB
14 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-form-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

21cb9221d772cfd0d3de7240fe5c07ee1c06b9bd945111a2e0491ae243eb0b41

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 13715
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14591
x-xss-protection: 0
server: sffe
date: Thu, 17 Sep 2020 09:46:50 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "4ca25f57e218a94a"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 17 Sep 2021 09:46:50 GMT

GET
DATA 200
OK truncated
/ Frame FF4A 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f7e89efb16a7801b38c331e1465e314e63a5789df627957ff09e94e3a35b5f25

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 3685843296858861963
tpc.googlesyndication.com/simgad/ Frame FF4A 18 KB
18 KB 9ms
8ms Image
image/png 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/3685843296858861963?sqp=4sqPyQQrQikqJwhfEAEdAAC0QiABKAEwCTgDQPCTCUgAUAFYAWBfcAJ4AcUBLbKdPg&rs=AOga4qk4FUbFYDql5GNOOwuP_OEa09Z8Dw

Requested by

Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cae53c4f0b44a0bb324fc5688dec956890967e704a41cde9590acebe8c490712

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 15 Sep 2020 07:19:57 GMT
x-content-type-options: nosniff
last-modified: Fri, 10 Apr 2020 13:43:23 GMT
server: sffe
age: 195328
status: 200
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18221
x-xss-protection: 0
expires: Wed, 15 Sep 2021 07:19:57 GMT

GET
H2 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame FF4A 2 KB
3 KB 8ms
7ms Image
image/png 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 17 Sep 2020 11:08:58 GMT
x-content-type-options: nosniff
server: cafe
age: 8787
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Fri, 18 Sep 2020 11:08:58 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame FF4A 295 B
519 B 7ms
6ms Image
image/png 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 16 Sep 2020 21:26:58 GMT
x-content-type-options: nosniff
server: cafe
age: 58107
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Thu, 17 Sep 2020 21:26:58 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame FF4A 0
0 17ms
16ms Image
text/html 2a00:1450:4001:825::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRhvVlj773cOlGeoWeMe-XBHjNkl05qqEO0lPAHdzXgoWZhGv1FUeW0wyr3r3Co9hJJyd_Ny_kcAtXvGkK4YKi1xzYaLA
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:825::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame FF4A 0
0 64ms
63ms Image
text/html 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CBNZPHWZjX96GGJSW3gPgr4eQBOWtv55flq_gpOwLr4eSrZUOEAEg9PnGJWD7gYCAiAqgAe-I8MICyAECqQIFOO1Bms2zPuACAKgDAcgDCKoEtAJP0Ije6uFP02H_MgthhXNbvN1QIb8OYo7l2X0T3iZ-nEXBvvWFkRMd40B_nRSdMpeKIoeWNwn__lVPAUipKgrbapj5fLQJOiA5R5jkBoGw8I-IWeOoi-KHiDUzNQNyEAnAIi7X_bUnoLvaZhLQ2QS9YZz3wgMDS38EH0HGgKawPZ2ciGw13GtN5TXSjRMahEkr5dS5f-xSst9Ta8HXrYYJ6G2CS5F911QKVhRl95IsUa0MBj4_FFCYBzzNyyUUZUKVgM6ZBsVUGIukCth4cY275P0co_JZIkgCcuRgMDB3DI95pjhwpilvzjoJnPTfpGk4wWsQ8V66P53bIfW8YFJxBx8GwLoS73h9mGzbQIypv0JmqLWvcD8qKqQR_ogl5AHqJe9b3lDrZTalz_cQyFLkl5qt8cAE27-MhYED4AQBkgUECAQYAZIFBAgFGASgBgKAB_n2j70BqAeOzhuoB9XJG6gHk9gbqAe6BqgH8NkbqAfy2RuoB6a-G6gH7NUb2AcB8gcEEO30BtIICQiA4YAQEAEYHfIIG2FkeC1zdWJzeW4tNDc3NjA2MzE1ODI0MjU4OIAKA8gLAbIMFHB1Yi02Mzk2ODQ0NzQyNDk3MjA42BMM&sigh=8uiDDvSAug8&tpd=AGWhJmuBsZHAv8Tv_Axy1t7oxXA6OXX3m04k8RnnbyLX6EW50g
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 172.217.23.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s18-in-f130.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H2 200 4817735420 Show response
g.ezoic.net/dac/ 0
93 B 115ms
33ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezoic.net/dac/4817735420
Requested by: Host: securityonline.info
URL: https://securityonline.info/porpoiseant/banger.js?cb=191-2&bv=86&v=35&PageSpeed=off
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:25 GMT
server: nginx/1.16.0
status: 200
vary: Accept-Encoding
content-type: text/plain
access-control-allow-origin: *
cache-control: max-age=3600, public
content-length: 0

GET
H2 200 greenoaks.gif
securityonline.info/detroitchicago/ 43 B
123 B 45ms
32ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI2Y2Q5MmI3Zi03ZjllLTQxZWMtNDQ2ZS0yMWUwYTU3MzhmY2EiLCJkb21haW5faWQiOiIxMjQ1MzMiLCJ0X2Vwb2NoIjoxNjAwMzQ5NzE5LCJkYXRhIjpbeyJuYW1lIjoidGltZXJfZmlyc3RfYWRfbG9hZCIsInZhbCI6IjU0NTMifV19XQ==
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:25 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:35:25 UTC

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
77 B 46ms
33ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzAyNjY3IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1sZWFkZXItMS0wIiwidF9lcG9jaCI6MTYwMDM0OTcxOSwiYWRfcG9zaXRpb24iOjExMDMsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJGUiIsInBhZ2V2aWV3X2lkIjoiNmNkOTJiN2YtN2Y5ZS00MWVjLTQ0NmUtMjFlMGE1NzM4ZmNhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0ODE3NzM1NDIwLCJjcmVhdGl2ZV9pZCI6MTM4MjQ2MTA1ODQyLCJkYXRhIjpbeyJuYW1lIjoicmVmcmVzaF9jb3VudCIsInZhbCI6IjQifV19LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzAyNjY3IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1sZWFkZXItMS0wIiwidF9lcG9jaCI6MTYwMDM0OTcxOSwiYWRfcG9zaXRpb24iOjExMDMsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJGUiIsInBhZ2V2aWV3X2lkIjoiNmNkOTJiN2YtN2Y5ZS00MWVjLTQ0NmUtMjFlMGE1NzM4ZmNhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0ODE3NzM1NDIwLCJjcmVhdGl2ZV9pZCI6MTM4MjQ2MTA1ODQyLCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX2JpZF9oYXNoIiwidmFsIjoiemVybyJ9XX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI3MDI2NjciLCJkb21haW5faWQiOiIxMjQ1MzMiLCJ1bml0IjoiZGl2LWdwdC1hZC1zZWN1cml0eW9ubGluZV9pbmZvLWxlYWRlci0xLTAiLCJ0X2Vwb2NoIjoxNjAwMzQ5NzE5LCJyZXZlbnVlIjowLCJlc3RfcmV2ZW51ZSI6MC4wMDAwMDIsImFkX3Bvc2l0aW9uIjoxMTAzLCJhZF9zaXplIjoiIiwiYmlkX2Zsb29yX2ZpbGxlZCI6MC4wMDAwMDIsImJpZF9mbG9vcl9wcmV2IjowLjAwMDcsInN0YXRfc291cmNlX2lkIjozNSwiY291bnRyeV9jb2RlIjoiRlIiLCJwYWdldmlld19pZCI6IjZjZDkyYjdmLTdmOWUtNDFlYy00NDZlLTIxZTBhNTczOGZjYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDgxNzczNTQyMCwiY3JlYXRpdmVfaWQiOjEzODI0NjEwNTg0MiwiZGF0YSI6W3sibmFtZSI6ImxvYWRlZCIsInZhbCI6IjEifV19LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzAyNjY3IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1sZWFkZXItMS0wIiwidF9lcG9jaCI6MTYwMDM0OTcxOSwiYWRfcG9zaXRpb24iOjExMDMsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJGUiIsInBhZ2V2aWV3X2lkIjoiNmNkOTJiN2YtN2Y5ZS00MWVjLTQ0NmUtMjFlMGE1NzM4ZmNhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0ODE3NzM1NDIwLCJjcmVhdGl2ZV9pZCI6MTM4MjQ2MTA1ODQyLCJkYXRhIjpbeyJuYW1lIjoiY3JlYXRpdmVfaWQiLCJ2YWwiOiIxMzgyNDYxMDU4NDIifV19LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzAyNjY3IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1sZWFkZXItMS0wIiwidF9lcG9jaCI6MTYwMDM0OTcxOSwiYWRfcG9zaXRpb24iOjExMDMsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJGUiIsInBhZ2V2aWV3X2lkIjoiNmNkOTJiN2YtN2Y5ZS00MWVjLTQ0NmUtMjFlMGE1NzM4ZmNhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0ODE3NzM1NDIwLCJjcmVhdGl2ZV9pZCI6MTM4MjQ2MTA1ODQyLCJkYXRhIjpbeyJuYW1lIjoibGluZWl0ZW1faWQiLCJ2YWwiOiI0ODE3NzM1NDIwIn1dfV0=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:25 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:35:25 UTC

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
77 B 42ms
33ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzAyNjY3IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1sZWFkZXItMS0wIiwidF9lcG9jaCI6MTYwMDM0OTcxOSwiYWRfcG9zaXRpb24iOjExMDMsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJGUiIsInBhZ2V2aWV3X2lkIjoiNmNkOTJiN2YtN2Y5ZS00MWVjLTQ0NmUtMjFlMGE1NzM4ZmNhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0ODE3NzM1NDIwLCJjcmVhdGl2ZV9pZCI6MTM4MjQ2MTA1ODQyLCJkYXRhIjpbeyJuYW1lIjoidF9sb2NhbF9kYXRlIiwidmFsIjoiMjAyMC0wOS0xNyJ9LHsibmFtZSI6InRfbG9jYWxfaG91ciIsInZhbCI6IjE1In0seyJuYW1lIjoidF9sb2NhbF9kYXlfb2Zfd2VlayIsInZhbCI6IjQifSx7Im5hbWUiOiJ0X2xvY2FsX3RpbWV6b25lIiwidmFsIjoiLTEyMCJ9XX1d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:25 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:35:25 UTC

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
77 B 42ms
33ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiNzAyNjY3IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1sZWFkZXItMS0wIiwidF9lcG9jaCI6MTYwMDM0OTcxOSwiYXVjdGlvbl9lcG9jaCI6MTYwMDM0OTcyNiwiYWRfcG9zaXRpb24iOjExMDMsImNvdW50cnlfY29kZSI6IkZSIiwicGFnZXZpZXdfaWQiOiI2Y2Q5MmI3Zi03ZjllLTQxZWMtNDQ2ZS0yMWUwYTU3MzhmY2EiLCJiaWRfZmxvb3JfaW5pdGlhbCI6MTUwMCwiYmlkX2Zsb29yX3ByZXYiOjcwLCJiaWRfZmxvb3JfZmlsbGVkIjowLCJhdWN0aW9uX2NvdW50Ijo0LCJyZWZyZXNoX2FkX2NvdW50IjowLCJhdWN0aW9uX2R1cmF0aW9uIjoyNTQsIm11bHRpX2FkX3VuaXQiOjAsIm11bHRpX2FkX2NvdW50IjowLCJkYXRhIjpbeyJuYW1lIjoiIiwidmFsIjoiIn1dfV0=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:25 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:35:25 UTC

GET
H2

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame FF4A
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
0

38ms
38ms

Image
text/html

2a00:1450:4001:81e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:81e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Redirect headers

date: Thu, 17 Sep 2020 13:35:25 GMT
x-content-type-options: nosniff
server: safe
status: 302
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 246
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 439 B
394 B 301ms
301ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4316486664546050&correlator=3872287165741649&output=ldjh&impl=fif&adsid=NT&eid=21067409%2C21067450%2C21064170%2C21065517%2C21067036&vrg=2020091401&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-large-billboard-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=4&prev_scp=iid7%3D699267%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C252%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod72-c%26ic%3D5%26at%3Dmbf%26adr%3D399%26ezosn%3D7%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1034%26compid%3D0%26tap%3Dsecurityonline_info-large-billboard-2-699267%26eb_br%3D14e8a85d4c42ff1db8790cbef9e33493%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D4%26bvm%3D0%26bvr%3D4%26shp%3D3%26br1%3D12%26br2%3D750%26ezoic%3D1%26nmau%3D4%26mau%3D1%26stl%3D25%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C17%2C20%2C17%2C18%2C19%2C20%26lb%3D120%26reqt%3D1600349725696&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1600349725&dt=1600349725698&dlt=1600349720147&idt=540&frm=20&biw=1600&bih=1200&oid=3&adxs=1180&adys=2527&adks=4008027628&ucis=1k&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,FF6600|color_text,,000000|color_url,,FF6600&ifi=57&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=107&icsg=4236129461731330&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x269&msz=300x262&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1643016272.1600349720&ga_sid=1600349720&ga_hid=1485600483&ga_wpids=UA-124345349-20&fws=4&ohw=340&btvi=31&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

fdfa88f5944dec5779198f3f07c3ab7298a0b909d9133ab90d24dc0d41352858

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:25 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 226
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 46 KB
12 KB 343ms
342ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4316486664546050&correlator=1070342821894769&output=ldjh&impl=fif&adsid=NT&eid=21067409%2C21067450%2C21064170%2C21065517%2C21067036&vrg=2020091401&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-large-billboard-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=4&prev_scp=iid7%3D699267%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C251%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod72-c%26ic%3D5%26at%3Dmbf%26adr%3D399%26ezosn%3D8%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1034%26compid%3D0%26tap%3Dsecurityonline_info-large-billboard-2-699267%26eb_br%3D14e8a85d4c42ff1db8790cbef9e33493%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D4%26bvm%3D0%26bvr%3D4%26shp%3D3%26br1%3D12%26br2%3D750%26ezoic%3D1%26nmau%3D4%26mau%3D2%26stl%3D23%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C17%2C20%2C17%2C18%2C19%2C20%26lb%3D120%26reqt%3D1600349725712&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1600349725&dt=1600349725714&dlt=1600349720147&idt=540&frm=20&biw=1600&bih=1200&oid=3&adxs=1180&adys=2798&adks=1594893794&ucis=1l&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,0C9C11|color_text,,000000|color_url,,0C9C11&ifi=58&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=107&icsg=4236129461731330&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x269&msz=300x262&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1643016272.1600349720&ga_sid=1600349720&ga_hid=1485600483&ga_wpids=UA-124345349-20&fws=4&ohw=340&btvi=32&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

e6d1db859072329da50c95cfc6aab594cd07a92458222ac5b58a7b69d2fa3f6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:26 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11434
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 442 B
404 B 436ms
436ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4316486664546050&correlator=3292341234125925&output=ldjh&impl=fif&adsid=NT&eid=21067409%2C21067450%2C21064170%2C21065517%2C21067036&vrg=2020091401&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-medrectangle-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=250x250&ris=1&rcs=3&prev_scp=iid8%3D721815%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1110%26sap%3D1110%26a%3D%257C253%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod72-c%26ic%3D4%26at%3Dmbf%26adr%3D399%26ezosn%3D13%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D4%26al%3D1004%26compid%3D0%26tap%3Dsecurityonline_info-medrectangle-1-721815%26eb_br%3Daf063c244089b52ec5a0423a258f1f8e%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D1%26bvm%3D0%26bvr%3D7%26shp%3D3%26acptad%3D1%26br1%3D140%26br2%3D350%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D27%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%2C17%2C20%26lb%3D260%26reqt%3D1600349725729&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1600349725&dt=1600349725731&dlt=1600349720147&idt=540&frm=20&biw=1600&bih=1200&oid=3&adxs=200&adys=11498&adks=2847974443&ucis=1m&sps=channel,,3327506388|color_bg,,EEFF00|color_border,,EEFF00|color_link,,000000|color_text,,000000|color_url,,000000&ifi=59&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=107&icsg=4236129461731330&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1380x270&msz=1200x250&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1643016272.1600349720&ga_sid=1600349720&ga_hid=1485600483&ga_wpids=UA-124345349-20&fws=0&ohw=0&btvi=33&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

cd924f110775131502aeabed9e0bc1b4397c74c50e0ba822fe34859add5038e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:26 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 234
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 42 KB
11 KB 337ms
336ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4316486664546050&correlator=2375704583039172&output=ldjh&impl=fif&adsid=NT&eid=21067409%2C21067450%2C21064170%2C21065517%2C21067036&vrg=2020091401&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=4&prev_scp=iid7%3D688667%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1107%26sap%3D1107%26a%3D%257C5%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod72-c%26ic%3D5%26at%3Dbf%26adr%3D399%26ezosn%3D2%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dsecurityonline_info-box-1-688667%26eb_br%3Dzero%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D13%26bvm%3D0%26bvr%3D3%26shp%3D3%26acptad%3D1%26br1%3D0%26br2%3D400%26ezoic%3D1%26nmau%3D4%26mau%3D2%26stl%3D33%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C17%2C20%2C17%2C18%2C19%2C20%2C17%2C18%2C19%2C20%26hb_bidder%3Dpubmatic%26hb_adid%3D73c655feb9eaf5c%26hb_pb%3D0.01%26hb_format%3Dbanner%26hb_ssid%3D10061%26lb%3D14%26reqt%3D1600349725745%26ss38%3D1%26ss9%3D1&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1600349725&dt=1600349725747&dlt=1600349720147&idt=540&frm=20&biw=1600&bih=1200&oid=3&adxs=1181&adys=1223&adks=4209624997&ucis=1n&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,20929A|color_text,,000000|color_url,,F0F0F0&ifi=60&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=107&icsg=4236129461731330&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x271&msz=302x264&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1643016272.1600349720&ga_sid=1600349720&ga_hid=1485600483&ga_wpids=UA-124345349-20&fws=4&ohw=302&btvi=34&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

d817544868fac59d4df3005c5bfaa4ddd27296549acb1e8ce759b8966166b5c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:26 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10602
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 42 KB
11 KB 446ms
446ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4316486664546050&correlator=4284368601156064&output=ldjh&impl=fif&adsid=NT&eid=21067409%2C21067450%2C21064170%2C21065517%2C21067036&vrg=2020091401&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=4&prev_scp=iid7%3D688667%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1107%26sap%3D1107%26a%3D%257C124%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod72-c%26ic%3D5%26at%3Dbf%26adr%3D399%26ezosn%3D3%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dsecurityonline_info-box-1-688667%26eb_br%3Dzero%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D13%26bvm%3D0%26bvr%3D3%26shp%3D3%26acptad%3D1%26br1%3D0%26br2%3D400%26ezoic%3D1%26nmau%3D4%26mau%3D3%26stl%3D36%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C17%2C20%2C17%2C18%2C19%2C20%2C17%2C18%2C19%2C20%26lb%3D14%26reqt%3D1600349725795%26ss38%3D1%26ss9%3D1&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1600349725&dt=1600349725798&dlt=1600349720147&idt=540&frm=20&biw=1600&bih=1200&oid=3&adxs=1181&adys=1496&adks=857680164&ucis=1o&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,FF0000|color_text,,000000|color_url,,FF0000&ifi=61&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=107&icsg=4236129461731330&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x271&msz=302x264&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1643016272.1600349720&ga_sid=1600349720&ga_hid=1485600483&ga_wpids=UA-124345349-20&fws=4&ohw=302&btvi=35&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

671e06e400e8255ef8cf2d05ac3e19f7f7e9a365dc10470f96492c2cb15d606b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:26 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10685
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 65 KB
17 KB 356ms
354ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4316486664546050&correlator=2680757019632023&output=ldjh&impl=fif&adsid=NT&eid=21067409%2C21067450%2C21064170%2C21065517%2C21067036&vrg=2020091401&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=4&prev_scp=iid7%3D688667%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1107%26sap%3D1107%26a%3D%257C6%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod72-c%26ic%3D5%26at%3Dbf%26adr%3D399%26ezosn%3D1%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dsecurityonline_info-box-1-688667%26eb_br%3Dzero%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D13%26bvm%3D0%26bvr%3D3%26shp%3D3%26acptad%3D1%26br1%3D0%26br2%3D400%26ezoic%3D1%26nmau%3D4%26mau%3D1%26stl%3D37%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C17%2C20%2C17%2C18%2C19%2C20%2C17%2C18%2C19%2C20%26lb%3D14%26reqt%3D1600349725812%26ss38%3D1%26ss9%3D1&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1600349725&dt=1600349725814&dlt=1600349720147&idt=540&frm=20&biw=1600&bih=1200&oid=3&adxs=1181&adys=950&adks=77239893&ucis=1p&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,858585|color_text,,000000|color_url,,F0F0F0&ifi=62&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=107&icsg=4236129461731330&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x271&msz=302x264&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1643016272.1600349720&ga_sid=1600349720&ga_hid=1485600483&ga_wpids=UA-124345349-20&fws=4&ohw=302&btvi=0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

9a80aa6ab6ab2d9c428d9a469e5f2b6aad8e8c621374083b3ac0e25823e766b7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:26 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16989
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 439 B
477 B 309ms
309ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4316486664546050&correlator=4222933523470277&output=ldjh&impl=fif&adsid=NT&eid=21067409%2C21067450%2C21064170%2C21065517%2C21067036&vrg=2020091401&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-large-billboard-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=4&prev_scp=iid7%3D699267%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C124%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod72-c%26ic%3D5%26at%3Dmbf%26adr%3D399%26ezosn%3D6%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1034%26compid%3D0%26tap%3Dsecurityonline_info-large-billboard-2-699267%26eb_br%3D14e8a85d4c42ff1db8790cbef9e33493%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D4%26bvm%3D0%26bvr%3D4%26shp%3D3%26br1%3D12%26br2%3D750%26ezoic%3D1%26nmau%3D4%26mau%3D0%26stl%3D46%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C17%2C20%2C17%2C18%2C19%2C20%26lb%3D120%26reqt%3D1600349725820&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1600349725&dt=1600349725823&dlt=1600349720147&idt=540&frm=20&biw=1600&bih=1200&oid=3&adxs=1180&adys=2256&adks=3088204122&ucis=1q&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,FF0000|color_text,,000000|color_url,,FF0000&ifi=63&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=107&icsg=4236129461731330&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x269&msz=300x262&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1643016272.1600349720&ga_sid=1600349720&ga_hid=1485600483&ga_wpids=UA-124345349-20&fws=4&ohw=340&btvi=36&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

8db44bc93bac5fc387384bcb325d1eecb4c45adcc0f6a455aa981fc5f6e21a23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:26 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 229
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 42 KB
11 KB 366ms
365ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4316486664546050&correlator=4062323542466583&output=ldjh&impl=fif&adsid=NT&eid=21067409%2C21067450%2C21064170%2C21065517%2C21067036&vrg=2020091401&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=4&prev_scp=iid7%3D688667%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1107%26sap%3D1107%26a%3D%257C6%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod72-c%26ic%3D5%26at%3Dbf%26adr%3D399%26ezosn%3D0%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dsecurityonline_info-box-1-688667%26eb_br%3Dzero%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D13%26bvm%3D0%26bvr%3D3%26shp%3D3%26acptad%3D1%26br1%3D0%26br2%3D400%26ezoic%3D1%26nmau%3D4%26mau%3D0%26stl%3D34%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C17%2C20%2C17%2C18%2C19%2C20%2C17%2C18%2C19%2C20%26lb%3D14%26reqt%3D1600349725828%26ss38%3D1%26ss9%3D1&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1600349725&dt=1600349725831&dlt=1600349720147&idt=540&frm=20&biw=1600&bih=1200&oid=3&adxs=1181&adys=677&adks=3972398835&ucis=1r&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,858585|color_text,,000000|color_url,,F0F0F0&ifi=64&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=107&icsg=4236129461731330&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x271&msz=302x264&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1643016272.1600349720&ga_sid=1600349720&ga_hid=1485600483&ga_wpids=UA-124345349-20&fws=4&ohw=302&btvi=0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

027cb2d2264d14a680f02e62c3406938e3dab31610d1f56b8d76b56aa5d316be

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:26 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10602
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 442 B
521 B 251ms
250ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4316486664546050&correlator=2526295898241184&output=ldjh&impl=fif&adsid=NT&eid=21067409%2C21067450%2C21064170%2C21065517%2C21067036&vrg=2020091401&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-large-mobile-banner-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ris=1&rcs=4&prev_scp=iid7%3D679815%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1105%26sap%3D1105%26a%3D%257C6%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod72-c%26ic%3D5%26at%3Dmbf%26adr%3D399%26ezosn%3D12%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D704%26al%3D1704%26compid%3D0%26tap%3Dsecurityonline_info-large-mobile-banner-1-679815%26eb_br%3D90c3c48d0172916d27c102ea4aa9d49c%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D28%26bvm%3D2%26bvr%3D5%26shp%3D1%26br1%3D300%26br2%3D550%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D26%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26hb_bidder%3Dgumgum%26hb_adid%3D71c9a72bf8eec54%26hb_pb%3D0.01%26hb_format%3Dbanner%26hb_ssid%3D10079%26lb%3D350%26reqt%3D1600349725842&eri=1&cookie=ID%3D2311494b198bbe76-22b47feddcb8002d%3AT%3D1600349725%3AS%3DALNI_MY0pDXjEEbCycln-6SLqekWvaJt4w&bc=31&abxe=1&lmt=1600349725&dt=1600349725844&dlt=1600349720147&idt=540&frm=20&biw=1600&bih=1200&oid=3&adxs=141&adys=11207&adks=1839183081&ucis=1s&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,858585|color_text,,000000|color_url,,F0F0F0&ifi=65&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=107&icsg=4236129461731330&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=980x98&msz=982x92&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1643016272.1600349720&ga_sid=1600349720&ga_hid=1485600483&ga_wpids=UA-124345349-20&fws=4&ohw=982&btvi=37&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

004748c08168a1f2d0e7f3fc00aaca870283d9b61ae0dd2e6d830434c453f443

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:26 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 223
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 61 KB
13 KB 373ms
373ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4316486664546050&correlator=3926829912801576&output=ldjh&impl=fif&adsid=NT&eid=21067409%2C21067450%2C21064170%2C21065517%2C21067036&vrg=2020091401&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-medrectangle-3&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ris=1&rcs=4&prev_scp=iid8%3D707967%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1112%26sap%3D1112%26a%3D%257C253%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod72-c%26ic%3D5%26at%3Dmbf%26adr%3D399%26ezosn%3D4%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D21%26al%3D1021%26compid%3D0%26tap%3Dsecurityonline_info-medrectangle-3-707967%26eb_br%3D8de355ef1cf56b7da61277050d9957b1%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D4%26bvm%3D0%26bvr%3D4%26shp%3D1%26br1%3D18%26br2%3D1100%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D117%26deal1%3D22%2C23%2C24%2C25%2C26%2C21%2C21%2C20%2C21%2C17%2C18%2C19%2C20%2C21%26hb_bidder%3Dpubmatic%26hb_adid%3D7451a5a5820f115%26hb_pb%3D0.02%26hb_format%3Dbanner%26hb_ssid%3D10061%26lb%3D180%26reqt%3D1600349725849&eri=1&cookie=ID%3D2311494b198bbe76-22b47feddcb8002d%3AT%3D1600349725%3AS%3DALNI_MY0pDXjEEbCycln-6SLqekWvaJt4w&bc=31&abxe=1&lmt=1600349725&dt=1600349725851&dlt=1600349720147&idt=540&frm=20&biw=1600&bih=1200&oid=3&adxs=140&adys=852&adks=2766934257&ucis=1t&sps=channel,,3327506388|color_bg,,EEFF00|color_border,,EEFF00|color_link,,000000|color_text,,000000|color_url,,000000&ifi=66&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=107&icsg=4236129461731330&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=880x97&msz=880x90&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1643016272.1600349720&ga_sid=1600349720&ga_hid=1485600483&ga_wpids=UA-124345349-20&fws=0&ohw=0&btvi=0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

19c8cf1977629d9223bff1a25239a56bbcbde09744a5f1715c88bef270d2b974

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:26 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12843
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 426 B
386 B 395ms
395ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4316486664546050&correlator=2582313189401470&output=ldjh&impl=fif&adsid=NT&eid=21067409%2C21067450%2C21064170%2C21065517%2C21067036&vrg=2020091401&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-box-3&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ris=1&rcs=4&prev_scp=iid8%3D728117%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1104%26sap%3D1104%26a%3D%257C3%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod72-c%26ic%3D5%26at%3Dmbf%26adr%3D399%26ezosn%3D5%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D2%26al%3D1002%26compid%3D0%26tap%3Dsecurityonline_info-box-3-728117%26eb_br%3D12a3b3570adcf20fd41a00445219acaa%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D28%26bvm%3D2%26bvr%3D5%26shp%3D1%26br1%3D2000%26br2%3D3200%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D72%26deal1%3D24%2C25%2C26%2C23%2C24%2C25%2C26%2C22%2C23%2C24%2C25%2C26%2C21%2C22%2C23%2C24%2C25%2C26%26lb%3D2200%26reqt%3D1600349725862&eri=1&cookie=ID%3D2311494b198bbe76-22b47feddcb8002d%3AT%3D1600349725%3AS%3DALNI_MY0pDXjEEbCycln-6SLqekWvaJt4w&bc=31&abxe=1&lmt=1600349725&dt=1600349725864&dlt=1600349720147&idt=540&frm=20&biw=1600&bih=1200&oid=3&adxs=141&adys=513&adks=1835722818&ucis=1u&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,0000FF|color_text,,000000|color_url,,828282&ifi=67&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=107&icsg=4236129461731330&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=880x99&msz=882x92&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1643016272.1600349720&ga_sid=1600349720&ga_hid=1485600483&ga_wpids=UA-124345349-20&fws=4&ohw=882&btvi=0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

c44aa436d9253251e639cfee27f6bdde625dcfed0dcc8887ba1889b14a613036

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:26 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 217
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 audins.js Show response
go.ezoic.net/detroitchicago/ 821 B
1 KB 42ms
12ms Script
application/javascript 2600:9000:20e8:7800:2:cb38:840:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://go.ezoic.net/detroitchicago/audins.js?cb=191-2
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20e8:7800:2:cb38:840:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: d98f76f0461187c365efd671a87749384de00b589e87fb30c0486a892769c412

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 08 Sep 2020 03:15:53 GMT
via: 1.1 d5d4d284c2005ab214a2c9b6195c55c5.cloudfront.net (CloudFront)
last-modified: Fri, 28 Aug 2020 00:49:20 GMT
server: nginx/1.16.0
age: 814773
etag: "335-5ade56c524400;5aeb0a89dfb5f-gzip"
vary: Accept-Encoding,Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
status: 200
cache-control: max-age=31536000, public
x-amz-cf-pop: TXL52-C1
accept-ranges: bytes
content-length: 821
x-amz-cf-id: h8fhHMCC2Hzh4q7KKwiC6wn1OhP14Ck6N2mu_kBUHlIl4YViDTpoeA==

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
100 B 36ms
31ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzIxODE1IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1tZWRyZWN0YW5nbGUtMS0wIiwidF9lcG9jaCI6MTYwMDM0OTcxOSwiYWRfcG9zaXRpb24iOjExMTAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJGUiIsInBhZ2V2aWV3X2lkIjoiNmNkOTJiN2YtN2Y5ZS00MWVjLTQ0NmUtMjFlMGE1NzM4ZmNhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjowLCJjcmVhdGl2ZV9pZCI6MCwiZGF0YSI6W3sibmFtZSI6IndvcmRzX2JlZm9yZSIsInZhbCI6IjY5NiJ9XX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI3MDI2NjciLCJkb21haW5faWQiOiIxMjQ1MzMiLCJ1bml0IjoiZGl2LWdwdC1hZC1zZWN1cml0eW9ubGluZV9pbmZvLWxlYWRlci0xLTAiLCJ0X2Vwb2NoIjoxNjAwMzQ5NzE5LCJhZF9wb3NpdGlvbiI6MTEwMywiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkZSIiwicGFnZXZpZXdfaWQiOiI2Y2Q5MmI3Zi03ZjllLTQxZWMtNDQ2ZS0yMWUwYTU3MzhmY2EiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjQ4MTc3MzU0MjAsImNyZWF0aXZlX2lkIjoxMzgyNDYxMDU4NDIsImRhdGEiOlt7Im5hbWUiOiJ3b3Jkc19iZWZvcmUiLCJ2YWwiOiIxODgifV19LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjc0MTE3IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYwMDM0OTcxOSwiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJGUiIsInBhZ2V2aWV3X2lkIjoiNmNkOTJiN2YtN2Y5ZS00MWVjLTQ0NmUtMjFlMGE1NzM4ZmNhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjowLCJjcmVhdGl2ZV9pZCI6MCwiZGF0YSI6W3sibmFtZSI6IndvcmRzX2JlZm9yZSIsInZhbCI6IjE4OSJ9XX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI2Nzk4MTUiLCJkb21haW5faWQiOiIxMjQ1MzMiLCJ1bml0IjoiZGl2LWdwdC1hZC1zZWN1cml0eW9ubGluZV9pbmZvLWxhcmdlLW1vYmlsZS1iYW5uZXItMS0wIiwidF9lcG9jaCI6MTYwMDM0OTcxOSwiYWRfcG9zaXRpb24iOjExMDUsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJGUiIsInBhZ2V2aWV3X2lkIjoiNmNkOTJiN2YtN2Y5ZS00MWVjLTQ0NmUtMjFlMGE1NzM4ZmNhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjowLCJjcmVhdGl2ZV9pZCI6MCwiZGF0YSI6W3sibmFtZSI6IndvcmRzX2JlZm9yZSIsInZhbCI6IjY3NSJ9XX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI3MjgxMTciLCJkb21haW5faWQiOiIxMjQ1MzMiLCJ1bml0IjoiZGl2LWdwdC1hZC1zZWN1cml0eW9ubGluZV9pbmZvLWJveC0zLTAiLCJ0X2Vwb2NoIjoxNjAwMzQ5NzE5LCJhZF9wb3NpdGlvbiI6MTEwNCwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkZSIiwicGFnZXZpZXdfaWQiOiI2Y2Q5MmI3Zi03ZjllLTQxZWMtNDQ2ZS0yMWUwYTU3MzhmY2EiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjAsImNyZWF0aXZlX2lkIjowLCJkYXRhIjpbeyJuYW1lIjoid29yZHNfYmVmb3JlIiwidmFsIjoiODMifV19XQ==
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:26 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:35:25 UTC

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
100 B 36ms
32ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjg4NjY3IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1ib3gtMS0wIiwidF9lcG9jaCI6MTYwMDM0OTcxOSwiYWRfcG9zaXRpb24iOjExMDcsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJGUiIsInBhZ2V2aWV3X2lkIjoiNmNkOTJiN2YtN2Y5ZS00MWVjLTQ0NmUtMjFlMGE1NzM4ZmNhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjowLCJjcmVhdGl2ZV9pZCI6MCwiZGF0YSI6W3sibmFtZSI6IndvcmRzX2JlZm9yZSIsInZhbCI6Ijg3In1dfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjY4ODY2NyIsImRvbWFpbl9pZCI6IjEyNDUzMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXNlY3VyaXR5b25saW5lX2luZm8tYm94LTEtMF8xIiwidF9lcG9jaCI6MTYwMDM0OTcxOSwiYWRfcG9zaXRpb24iOjExMDcsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJGUiIsInBhZ2V2aWV3X2lkIjoiNmNkOTJiN2YtN2Y5ZS00MWVjLTQ0NmUtMjFlMGE1NzM4ZmNhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjowLCJjcmVhdGl2ZV9pZCI6MCwiZGF0YSI6W3sibmFtZSI6IndvcmRzX2JlZm9yZSIsInZhbCI6IjE1MiJ9XX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI2ODg2NjciLCJkb21haW5faWQiOiIxMjQ1MzMiLCJ1bml0IjoiZGl2LWdwdC1hZC1zZWN1cml0eW9ubGluZV9pbmZvLWJveC0xLTBfMiIsInRfZXBvY2giOjE2MDAzNDk3MTksImFkX3Bvc2l0aW9uIjoxMTA3LCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiRlIiLCJwYWdldmlld19pZCI6IjZjZDkyYjdmLTdmOWUtNDFlYy00NDZlLTIxZTBhNTczOGZjYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6MCwiY3JlYXRpdmVfaWQiOjAsImRhdGEiOlt7Im5hbWUiOiJ3b3Jkc19iZWZvcmUiLCJ2YWwiOiIyODgifV19LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjg4NjY3IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1ib3gtMS0wXzMiLCJ0X2Vwb2NoIjoxNjAwMzQ5NzE5LCJhZF9wb3NpdGlvbiI6MTEwNywiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkZSIiwicGFnZXZpZXdfaWQiOiI2Y2Q5MmI3Zi03ZjllLTQxZWMtNDQ2ZS0yMWUwYTU3MzhmY2EiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjAsImNyZWF0aXZlX2lkIjowLCJkYXRhIjpbeyJuYW1lIjoid29yZHNfYmVmb3JlIiwidmFsIjoiMzQyIn1dfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjcwNzk2NyIsImRvbWFpbl9pZCI6IjEyNDUzMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXNlY3VyaXR5b25saW5lX2luZm8tbWVkcmVjdGFuZ2xlLTMtMCIsInRfZXBvY2giOjE2MDAzNDk3MTksImFkX3Bvc2l0aW9uIjoxMTEyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiRlIiLCJwYWdldmlld19pZCI6IjZjZDkyYjdmLTdmOWUtNDFlYy00NDZlLTIxZTBhNTczOGZjYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6MCwiY3JlYXRpdmVfaWQiOjAsImRhdGEiOlt7Im5hbWUiOiJ3b3Jkc19iZWZvcmUiLCJ2YWwiOiIxNTIifV19XQ==
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:26 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:35:23 UTC

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
77 B 37ms
33ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjk5MjY3IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1sYXJnZS1iaWxsYm9hcmQtMi0wIiwidF9lcG9jaCI6MTYwMDM0OTcxOSwiYWRfcG9zaXRpb24iOjExMDIsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJGUiIsInBhZ2V2aWV3X2lkIjoiNmNkOTJiN2YtN2Y5ZS00MWVjLTQ0NmUtMjFlMGE1NzM4ZmNhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjowLCJjcmVhdGl2ZV9pZCI6MCwiZGF0YSI6W3sibmFtZSI6IndvcmRzX2JlZm9yZSIsInZhbCI6IjQyNSJ9XX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI2OTkyNjciLCJkb21haW5faWQiOiIxMjQ1MzMiLCJ1bml0IjoiZGl2LWdwdC1hZC1zZWN1cml0eW9ubGluZV9pbmZvLWxhcmdlLWJpbGxib2FyZC0yLTBfMSIsInRfZXBvY2giOjE2MDAzNDk3MTksImFkX3Bvc2l0aW9uIjoxMTAyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiRlIiLCJwYWdldmlld19pZCI6IjZjZDkyYjdmLTdmOWUtNDFlYy00NDZlLTIxZTBhNTczOGZjYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6MCwiY3JlYXRpdmVfaWQiOjAsImRhdGEiOlt7Im5hbWUiOiJ3b3Jkc19iZWZvcmUiLCJ2YWwiOiI0MjUifV19LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjk5MjY3IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1sYXJnZS1iaWxsYm9hcmQtMi0wXzIiLCJ0X2Vwb2NoIjoxNjAwMzQ5NzE5LCJhZF9wb3NpdGlvbiI6MTEwMiwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkZSIiwicGFnZXZpZXdfaWQiOiI2Y2Q5MmI3Zi03ZjllLTQxZWMtNDQ2ZS0yMWUwYTU3MzhmY2EiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjAsImNyZWF0aXZlX2lkIjowLCJkYXRhIjpbeyJuYW1lIjoid29yZHNfYmVmb3JlIiwidmFsIjoiNDI1In1dfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjY5OTI2NyIsImRvbWFpbl9pZCI6IjEyNDUzMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXNlY3VyaXR5b25saW5lX2luZm8tbGFyZ2UtYmlsbGJvYXJkLTItMF8zIiwidF9lcG9jaCI6MTYwMDM0OTcxOSwiYWRfcG9zaXRpb24iOjExMDIsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJGUiIsInBhZ2V2aWV3X2lkIjoiNmNkOTJiN2YtN2Y5ZS00MWVjLTQ0NmUtMjFlMGE1NzM4ZmNhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjowLCJjcmVhdGl2ZV9pZCI6MCwiZGF0YSI6W3sibmFtZSI6IndvcmRzX2JlZm9yZSIsInZhbCI6IjQyNSJ9XX1d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:26 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:35:25 UTC

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
77 B 37ms
33ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzIxODE1IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1tZWRyZWN0YW5nbGUtMS0wIiwidF9lcG9jaCI6MTYwMDM0OTcxOSwiYWRfcG9zaXRpb24iOjExMTAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJGUiIsInBhZ2V2aWV3X2lkIjoiNmNkOTJiN2YtN2Y5ZS00MWVjLTQ0NmUtMjFlMGE1NzM4ZmNhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjowLCJjcmVhdGl2ZV9pZCI6MCwiZGF0YSI6W3sibmFtZSI6InBvc194IiwidmFsIjoiMjAwIn0seyJuYW1lIjoicG9zX3kiLCJ2YWwiOiIxMTQ5OCJ9LHsibmFtZSI6ImlzX2Zsb2F0aW5nIiwidmFsIjoiZmFsc2UifV19LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzAyNjY3IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1sZWFkZXItMS0wIiwidF9lcG9jaCI6MTYwMDM0OTcxOSwiYWRfcG9zaXRpb24iOjExMDMsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJGUiIsInBhZ2V2aWV3X2lkIjoiNmNkOTJiN2YtN2Y5ZS00MWVjLTQ0NmUtMjFlMGE1NzM4ZmNhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0ODE3NzM1NDIwLCJjcmVhdGl2ZV9pZCI6MTM4MjQ2MTA1ODQyLCJkYXRhIjpbeyJuYW1lIjoicG9zX3giLCJ2YWwiOiIxNDAifSx7Im5hbWUiOiJwb3NfeSIsInZhbCI6IjEwODcifSx7Im5hbWUiOiJpc19mbG9hdGluZyIsInZhbCI6ImZhbHNlIn1dfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjY3NDExNyIsImRvbWFpbl9pZCI6IjEyNDUzMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXNlY3VyaXR5b25saW5lX2luZm8tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MDAzNDk3MTksImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiRlIiLCJwYWdldmlld19pZCI6IjZjZDkyYjdmLTdmOWUtNDFlYy00NDZlLTIxZTBhNTczOGZjYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6MCwiY3JlYXRpdmVfaWQiOjAsImRhdGEiOlt7Im5hbWUiOiJwb3NfeCIsInZhbCI6IjAifSx7Im5hbWUiOiJwb3NfeSIsInZhbCI6IjEwOTQifSx7Im5hbWUiOiJpc19mbG9hdGluZyIsInZhbCI6InRydWUifV19LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjc5ODE1IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1sYXJnZS1tb2JpbGUtYmFubmVyLTEtMCIsInRfZXBvY2giOjE2MDAzNDk3MTksImFkX3Bvc2l0aW9uIjoxMTA1LCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiRlIiLCJwYWdldmlld19pZCI6IjZjZDkyYjdmLTdmOWUtNDFlYy00NDZlLTIxZTBhNTczOGZjYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6MCwiY3JlYXRpdmVfaWQiOjAsImRhdGEiOlt7Im5hbWUiOiJwb3NfeCIsInZhbCI6IjE0MCJ9LHsibmFtZSI6InBvc195IiwidmFsIjoiMTEyMDYifSx7Im5hbWUiOiJpc19mbG9hdGluZyIsInZhbCI6ImZhbHNlIn1dfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjcyODExNyIsImRvbWFpbl9pZCI6IjEyNDUzMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXNlY3VyaXR5b25saW5lX2luZm8tYm94LTMtMCIsInRfZXBvY2giOjE2MDAzNDk3MTksImFkX3Bvc2l0aW9uIjoxMTA0LCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiRlIiLCJwYWdldmlld19pZCI6IjZjZDkyYjdmLTdmOWUtNDFlYy00NDZlLTIxZTBhNTczOGZjYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6MCwiY3JlYXRpdmVfaWQiOjAsImRhdGEiOlt7Im5hbWUiOiJwb3NfeCIsInZhbCI6IjE0MCJ9LHsibmFtZSI6InBvc195IiwidmFsIjoiNTEyIn0seyJuYW1lIjoiaXNfZmxvYXRpbmciLCJ2YWwiOiJmYWxzZSJ9XX1d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:26 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:35:25 UTC

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
77 B 36ms
32ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjg4NjY3IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1ib3gtMS0wIiwidF9lcG9jaCI6MTYwMDM0OTcxOSwiYWRfcG9zaXRpb24iOjExMDcsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJGUiIsInBhZ2V2aWV3X2lkIjoiNmNkOTJiN2YtN2Y5ZS00MWVjLTQ0NmUtMjFlMGE1NzM4ZmNhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjowLCJjcmVhdGl2ZV9pZCI6MCwiZGF0YSI6W3sibmFtZSI6InBvc194IiwidmFsIjoiMTE4MCJ9LHsibmFtZSI6InBvc195IiwidmFsIjoiNjc2In0seyJuYW1lIjoiaXNfZmxvYXRpbmciLCJ2YWwiOiJmYWxzZSJ9XX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI2ODg2NjciLCJkb21haW5faWQiOiIxMjQ1MzMiLCJ1bml0IjoiZGl2LWdwdC1hZC1zZWN1cml0eW9ubGluZV9pbmZvLWJveC0xLTBfMSIsInRfZXBvY2giOjE2MDAzNDk3MTksImFkX3Bvc2l0aW9uIjoxMTA3LCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiRlIiLCJwYWdldmlld19pZCI6IjZjZDkyYjdmLTdmOWUtNDFlYy00NDZlLTIxZTBhNTczOGZjYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6MCwiY3JlYXRpdmVfaWQiOjAsImRhdGEiOlt7Im5hbWUiOiJwb3NfeCIsInZhbCI6IjExODAifSx7Im5hbWUiOiJwb3NfeSIsInZhbCI6Ijk0OSJ9LHsibmFtZSI6ImlzX2Zsb2F0aW5nIiwidmFsIjoiZmFsc2UifV19LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjg4NjY3IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1ib3gtMS0wXzIiLCJ0X2Vwb2NoIjoxNjAwMzQ5NzE5LCJhZF9wb3NpdGlvbiI6MTEwNywiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkZSIiwicGFnZXZpZXdfaWQiOiI2Y2Q5MmI3Zi03ZjllLTQxZWMtNDQ2ZS0yMWUwYTU3MzhmY2EiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjAsImNyZWF0aXZlX2lkIjowLCJkYXRhIjpbeyJuYW1lIjoicG9zX3giLCJ2YWwiOiIxMTgwIn0seyJuYW1lIjoicG9zX3kiLCJ2YWwiOiIxMjIyIn0seyJuYW1lIjoiaXNfZmxvYXRpbmciLCJ2YWwiOiJmYWxzZSJ9XX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI2ODg2NjciLCJkb21haW5faWQiOiIxMjQ1MzMiLCJ1bml0IjoiZGl2LWdwdC1hZC1zZWN1cml0eW9ubGluZV9pbmZvLWJveC0xLTBfMyIsInRfZXBvY2giOjE2MDAzNDk3MTksImFkX3Bvc2l0aW9uIjoxMTA3LCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiRlIiLCJwYWdldmlld19pZCI6IjZjZDkyYjdmLTdmOWUtNDFlYy00NDZlLTIxZTBhNTczOGZjYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6MCwiY3JlYXRpdmVfaWQiOjAsImRhdGEiOlt7Im5hbWUiOiJwb3NfeCIsInZhbCI6IjExODAifSx7Im5hbWUiOiJwb3NfeSIsInZhbCI6IjE0OTUifSx7Im5hbWUiOiJpc19mbG9hdGluZyIsInZhbCI6ImZhbHNlIn1dfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjcwNzk2NyIsImRvbWFpbl9pZCI6IjEyNDUzMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXNlY3VyaXR5b25saW5lX2luZm8tbWVkcmVjdGFuZ2xlLTMtMCIsInRfZXBvY2giOjE2MDAzNDk3MTksImFkX3Bvc2l0aW9uIjoxMTEyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiRlIiLCJwYWdldmlld19pZCI6IjZjZDkyYjdmLTdmOWUtNDFlYy00NDZlLTIxZTBhNTczOGZjYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6MCwiY3JlYXRpdmVfaWQiOjAsImRhdGEiOlt7Im5hbWUiOiJwb3NfeCIsInZhbCI6IjE0MCJ9LHsibmFtZSI6InBvc195IiwidmFsIjoiODUyIn0seyJuYW1lIjoiaXNfZmxvYXRpbmciLCJ2YWwiOiJmYWxzZSJ9XX1d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:26 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:35:25 UTC

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
77 B 52ms
49ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjk5MjY3IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1sYXJnZS1iaWxsYm9hcmQtMi0wIiwidF9lcG9jaCI6MTYwMDM0OTcxOSwiYWRfcG9zaXRpb24iOjExMDIsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJGUiIsInBhZ2V2aWV3X2lkIjoiNmNkOTJiN2YtN2Y5ZS00MWVjLTQ0NmUtMjFlMGE1NzM4ZmNhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjowLCJjcmVhdGl2ZV9pZCI6MCwiZGF0YSI6W3sibmFtZSI6InBvc194IiwidmFsIjoiMTE4MCJ9LHsibmFtZSI6InBvc195IiwidmFsIjoiMjI1NiJ9LHsibmFtZSI6ImlzX2Zsb2F0aW5nIiwidmFsIjoiZmFsc2UifV19LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjk5MjY3IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1sYXJnZS1iaWxsYm9hcmQtMi0wXzEiLCJ0X2Vwb2NoIjoxNjAwMzQ5NzE5LCJhZF9wb3NpdGlvbiI6MTEwMiwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkZSIiwicGFnZXZpZXdfaWQiOiI2Y2Q5MmI3Zi03ZjllLTQxZWMtNDQ2ZS0yMWUwYTU3MzhmY2EiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjAsImNyZWF0aXZlX2lkIjowLCJkYXRhIjpbeyJuYW1lIjoicG9zX3giLCJ2YWwiOiIxMTgwIn0seyJuYW1lIjoicG9zX3kiLCJ2YWwiOiIyNTI3In0seyJuYW1lIjoiaXNfZmxvYXRpbmciLCJ2YWwiOiJmYWxzZSJ9XX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI2OTkyNjciLCJkb21haW5faWQiOiIxMjQ1MzMiLCJ1bml0IjoiZGl2LWdwdC1hZC1zZWN1cml0eW9ubGluZV9pbmZvLWxhcmdlLWJpbGxib2FyZC0yLTBfMiIsInRfZXBvY2giOjE2MDAzNDk3MTksImFkX3Bvc2l0aW9uIjoxMTAyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiRlIiLCJwYWdldmlld19pZCI6IjZjZDkyYjdmLTdmOWUtNDFlYy00NDZlLTIxZTBhNTczOGZjYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6MCwiY3JlYXRpdmVfaWQiOjAsImRhdGEiOlt7Im5hbWUiOiJwb3NfeCIsInZhbCI6IjExODAifSx7Im5hbWUiOiJwb3NfeSIsInZhbCI6IjI3OTgifSx7Im5hbWUiOiJpc19mbG9hdGluZyIsInZhbCI6ImZhbHNlIn1dfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjY5OTI2NyIsImRvbWFpbl9pZCI6IjEyNDUzMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXNlY3VyaXR5b25saW5lX2luZm8tbGFyZ2UtYmlsbGJvYXJkLTItMF8zIiwidF9lcG9jaCI6MTYwMDM0OTcxOSwiYWRfcG9zaXRpb24iOjExMDIsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJGUiIsInBhZ2V2aWV3X2lkIjoiNmNkOTJiN2YtN2Y5ZS00MWVjLTQ0NmUtMjFlMGE1NzM4ZmNhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjowLCJjcmVhdGl2ZV9pZCI6MCwiZGF0YSI6W3sibmFtZSI6InBvc194IiwidmFsIjoiMTE4MCJ9LHsibmFtZSI6InBvc195IiwidmFsIjoiMzA2OSJ9LHsibmFtZSI6ImlzX2Zsb2F0aW5nIiwidmFsIjoiZmFsc2UifV19XQ==
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:26 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:35:25 UTC

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 439 B
437 B 367ms
366ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4316486664546050&correlator=471292441091683&output=ldjh&impl=fif&adsid=NT&eid=21067409%2C21067450%2C21064170%2C21065517%2C21067036&vrg=2020091401&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-large-billboard-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=4&prev_scp=iid7%3D699267%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C3%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod72-c%26ic%3D5%26at%3Dmbf%26adr%3D399%26ezosn%3D9%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1034%26compid%3D0%26tap%3Dsecurityonline_info-large-billboard-2-699267%26eb_br%3D14e8a85d4c42ff1db8790cbef9e33493%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D4%26bvm%3D0%26bvr%3D4%26shp%3D3%26br1%3D12%26br2%3D750%26ezoic%3D1%26nmau%3D4%26mau%3D3%26stl%3D23%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C17%2C20%2C17%2C18%2C19%2C20%26hb_bidder%3Dpubmatic%26hb_adid%3D75723963cb92e63%26hb_pb%3D0.01%26hb_format%3Dbanner%26hb_ssid%3D10061%26lb%3D120%26reqt%3D1600349726045&eri=1&cookie=ID%3D27ffea90e86d7683-22b96ceedcb800da%3AT%3D1600349725%3AS%3DALNI_MaSNNMjLtkklEovWqEsj7qL4I7Kbg&bc=31&abxe=1&lmt=1600349726&dt=1600349726047&dlt=1600349720147&idt=540&frm=20&biw=1600&bih=1200&oid=3&adxs=1180&adys=3069&adks=3075149205&ucis=1v&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,0000FF|color_text,,000000|color_url,,828282&ifi=68&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=108&icsg=3433718964813826&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x269&msz=300x262&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1643016272.1600349720&ga_sid=1600349720&ga_hid=1485600483&ga_wpids=UA-124345349-20&fws=4&ohw=340&btvi=38&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

074a675b7ebcea2c845dc7f05186e9548adae897729ec74ca3d48c183446b491

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:26 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 226
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012009010507000/ Frame 74A4 181 KB
51 KB 34ms
14ms Script
text/javascript 2a00:1450:4001:819::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

46ba3b3b6854781aa5c1f97bd5277cb0fb139dd498386b7d6233563887f88e53

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 109468
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51818
x-xss-protection: 0
server: sffe
date: Wed, 16 Sep 2020 07:10:58 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "8db6e6dc3ddaee43"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Sep 2021 07:10:58 GMT

GET
H3-Q050 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame 74A4 14 KB
5 KB 32ms
13ms Script
text/javascript 2a00:1450:4001:819::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

623d2a664f5c5df16b2a6934fbf14d888e173665491d4455ba36c84cd87c325f

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 109547
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5241
x-xss-protection: 0
server: sffe
date: Wed, 16 Sep 2020 07:09:39 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "dd6d7c11c3ecaf3a"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Sep 2021 07:09:39 GMT

GET
H3-Q050 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame 74A4 89 KB
28 KB 30ms
11ms Script
text/javascript 2a00:1450:4001:819::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d75964c5d57fe9b7fda71ef1b5f09e5dbd2627b000900cd2a3289f8208b3c4d

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 109571
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27287
x-xss-protection: 0
server: sffe
date: Wed, 16 Sep 2020 07:09:15 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "f1c7ecfa6e06e95f"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Sep 2021 07:09:15 GMT

GET
H3-Q050 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame 74A4 3 KB
1 KB 32ms
13ms Script
text/javascript 2a00:1450:4001:819::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a37060caaac2ba759aef9001a07b81aee51a0e574ac9f93df3c87510b4935e00

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 109567
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: sffe
date: Wed, 16 Sep 2020 07:09:19 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "fc3d498cf4602ec5"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Sep 2021 07:09:19 GMT

GET
H3-Q050 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame 74A4 42 KB
13 KB 33ms
14ms Script
text/javascript 2a00:1450:4001:819::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

502d6cafe4117b519ab6dd5ea0940215f6e1360d9f6f9ca5b054bd7d78bd5951

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 109548
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13484
x-xss-protection: 0
server: sffe
date: Wed, 16 Sep 2020 07:09:38 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "2f4d759847fef44c"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Sep 2021 07:09:38 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 74A4 7 KB
804 B 17ms
16ms Stylesheet
text/css 2a00:1450:4001:802::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:400,500,700&lang=en

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

38a4a0616eec7a64dc1b6a5c034eab3d054af0bd040c1c0d41df6435e905499a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 17 Sep 2020 13:19:14 GMT
server: ESF
date: Thu, 17 Sep 2020 13:35:26 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 17 Sep 2020 13:35:26 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 74A4 7 KB
826 B 16ms
16ms Stylesheet
text/css 2a00:1450:4001:802::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:400,500,700&text=

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

38a4a0616eec7a64dc1b6a5c034eab3d054af0bd040c1c0d41df6435e905499a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 17 Sep 2020 11:48:41 GMT
server: ESF
date: Thu, 17 Sep 2020 13:35:26 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 17 Sep 2020 13:35:26 GMT

GET
H3-Q050 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 74A4 2 KB
3 KB 6ms
6ms Image
image/png 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 17 Sep 2020 11:08:58 GMT
x-content-type-options: nosniff
server: cafe
age: 8788
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Fri, 18 Sep 2020 11:08:58 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 74A4 295 B
388 B 7ms
6ms Image
image/png 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 16 Sep 2020 21:26:58 GMT
x-content-type-options: nosniff
server: cafe
age: 58108
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Thu, 17 Sep 2020 21:26:58 GMT

GET
DATA 200
OK truncated
/ Frame 74A4 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6ea7c99e1dbbc6941aba0798d6a6913f605e41321b1e3f4f5bf9de96933814a1

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/2977491530775847301/ Frame 74A4 15 KB
16 KB 8ms
6ms Image
image/jpeg 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/2977491530775847301/downsize_200k_v1?sqp=4sqPyQSWAUKTAQgAEhQNzczMPhUAAABAHQAAAAAlAAAAABgAIgoNAACAPxUAAIA_Kk8IWhABHQAAtEIgASgBMAY4A0CAwtcvSABQAFgAYFpwAngAgAEAiAEAkAEAnQEAAIA_oAEAqAEAsAGAreIEuAH___________8BxQEtsp0-MhoIrAIQnQEYASABLQAAAD8wrAI4nQFFAACAPw&rs=AOga4qk3ExyVIluaKcP9N3ooImc9vVXK6g

Requested by

Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2da39381e641e20c27062bfcf050c8d016c4f3c8cf90a282b766f2c6a109cce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 10:38:47 GMT
x-content-type-options: nosniff
last-modified: Wed, 22 Apr 2020 15:21:27 GMT
server: sffe
age: 10599
status: 200
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15837
x-xss-protection: 0
expires: Fri, 17 Sep 2021 10:38:47 GMT

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 74A4 0
0 87ms
86ms Image
text/html 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CLHB1HWZjX8fpLoSQrASv-I2IBpu9uKNf6bOuku4LieP_k_INEAEg9PnGJWD7gYCAiAqgAeOcmYkDyAEGqQIFOO1Bms2zPuACAKgDAcgDCqoEwAJP0LR-KbIrR8VSdsXU4PwNOVHgW3aIawCgQa83fN0uvV4c_x5-ALfPG_wAf2c0crpGJCr7kZVSN0mEWr2idYQkF-SiZ4w57jp9RBnz2i7MhKp_4dVhYk0GC8TVAyiQxTDP8WQ6Y3bcwtZDX2esfvIJMXa1qlOR96TmT5KFTEWigaunyN1nOADXbCJLbIu8182j4G6XWNYgiWMFEz987sg6fgAk8dYsiefT_N-a_TyRONpP80d3a2GGLzMhmjyYtm__Oa9AO6cNFm9xtK0qxYdE_gqfxPXMa0x8KmAP7WmhHqO2Yb9CfK9mDHjDHRbgkil8WIl_WdN_bzTDf69NFkFvhbh_R2aJLX382OA6yDulnxJglinwfe9xgb_ehhD9VXG6LqDQx4QHD7KN_uZp9AkdRFBO15Cowq-_D37_310owsAErJqc_owD4AQBkgUECAQYAZIFBAgFGASSBQQIBRgYkgUFCAUYqAGgBjeAB4Xj5naoB47OG6gH1ckbqAeT2BuoB7oGqAfw2RuoB_LZG6gHpr4bqAfs1RvYBwHyBwQQgMMH0ggJCIDhgBAQARgd8ggbYWR4LXN1YnN5bi00Nzc2MDYzMTU4MjQyNTg4gAoDyAsBsgwUcHViLTYzOTY4NDQ3NDI0OTcyMDjYEwyIFAI&sigh=_IyMb0buoGo&template_id=492&tpd=AGWhJmuolfAWueaTHlFOS_jwP22bTpowyIyb3AF3lhJFvO5-iA
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 172.217.23.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s18-in-f130.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 204 l
www.google.com/ads/measurement/ Frame 74A4 0
0 17ms
15ms Image
text/html 2a00:1450:4001:825::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTm1XsZUG62kxQLkHPM1XTzQDD8lr2Mxzm1y-Qe6DIS_kTwv7nCXR-0DCZd5bZfh3HE-Hef-pD_mjqy4OpgscAoQ19Asg
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:825::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 51 KB
11 KB 356ms
353ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4316486664546050&correlator=1374393799734363&output=ldjh&impl=fif&adsid=NT&eid=21067409%2C21067450%2C21064170%2C21065517%2C21067036&vrg=2020091401&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-medrectangle-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=970x90&ris=1&rcs=4&prev_scp=iid7%3D674117%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1100%26sap%3D1100%26a%3D%257C3%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod72-c%26ic%3D5%26at%3Dmbf%26adr%3D399%26ezosn%3D10%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D5%26al%3D1005%26compid%3D0%26tap%3Dsecurityonline_info-medrectangle-2-674117%26eb_br%3Dad0061a38dd7c6f7bcb692aee88dfda4%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D14%26bvm%3D0%26bvr%3D4%26shp%3D1%26br1%3D14%26br2%3D1000%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D23%26deal1%3D22%2C23%2C24%2C25%2C26%2C21%2C21%2C17%2C20%2C21%2C17%2C18%2C19%2C20%2C21%26lb%3D140%26reqt%3D1600349726082&eri=1&cookie=ID%3Dab946e93d529e14d%3AT%3D1600349725%3AS%3DALNI_Mbcz9g_14YF3hzN5zAMhqyLsvQvmg&bc=31&abxe=1&lmt=1600349726&dt=1600349726102&dlt=1600349720147&idt=540&frm=20&biw=1600&bih=1200&oid=3&adxs=315&adys=1102&adks=3873167905&ucis=1w&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,0000FF|color_text,,000000|color_url,,828282&ifi=69&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=107&icsg=3433718964813826&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=970x-1&msz=970x-1&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1643016272.1600349720&ga_sid=1600349720&ga_hid=1485600483&ga_wpids=UA-124345349-20&fws=516&ohw=970&btvi=0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

545db95c68d8f15f791cf50cc465b1839e1380492dc9e1188a1c2afa9b54a27c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:26 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11558
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 28687274 Show response
g.ezoic.net/dac/ 0
40 B 37ms
37ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezoic.net/dac/28687274
Requested by: Host: securityonline.info
URL: https://securityonline.info/porpoiseant/banger.js?cb=191-2&bv=86&v=35&PageSpeed=off
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:26 GMT
server: nginx/1.16.0
status: 200
vary: Accept-Encoding
content-type: text/plain
access-control-allow-origin: *
cache-control: max-age=3600, public
content-length: 0

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
77 B 38ms
37ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjk5MjY3IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1sYXJnZS1iaWxsYm9hcmQtMi0wXzIiLCJ0X2Vwb2NoIjoxNjAwMzQ5NzE5LCJhZF9wb3NpdGlvbiI6MTEwMiwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkZSIiwicGFnZXZpZXdfaWQiOiI2Y2Q5MmI3Zi03ZjllLTQxZWMtNDQ2ZS0yMWUwYTU3MzhmY2EiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjAsImNyZWF0aXZlX2lkIjowLCJkYXRhIjpbeyJuYW1lIjoicmVmcmVzaF9jb3VudCIsInZhbCI6IjUifV19LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjk5MjY3IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1sYXJnZS1iaWxsYm9hcmQtMi0wXzIiLCJ0X2Vwb2NoIjoxNjAwMzQ5NzE5LCJhZF9wb3NpdGlvbiI6MTEwMiwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkZSIiwicGFnZXZpZXdfaWQiOiI2Y2Q5MmI3Zi03ZjllLTQxZWMtNDQ2ZS0yMWUwYTU3MzhmY2EiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjAsImNyZWF0aXZlX2lkIjowLCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX2JpZF9oYXNoIiwidmFsIjoiMTRlOGE4NWQ0YzQyZmYxZGI4NzkwY2JlZjllMzM0OTMifV19LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjk5MjY3IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1sYXJnZS1iaWxsYm9hcmQtMi0wXzIiLCJ0X2Vwb2NoIjoxNjAwMzQ5NzE5LCJyZXZlbnVlIjowLCJlc3RfcmV2ZW51ZSI6MC4wMDAxMiwiYWRfcG9zaXRpb24iOjExMDIsImFkX3NpemUiOiIiLCJiaWRfZmxvb3JfZmlsbGVkIjowLjAwMDEyLCJiaWRfZmxvb3JfcHJldiI6MC4wMDEyLCJzdGF0X3NvdXJjZV9pZCI6MzUsImNvdW50cnlfY29kZSI6IkZSIiwicGFnZXZpZXdfaWQiOiI2Y2Q5MmI3Zi03ZjllLTQxZWMtNDQ2ZS0yMWUwYTU3MzhmY2EiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjAsImNyZWF0aXZlX2lkIjowLCJkYXRhIjpbeyJuYW1lIjoibG9hZGVkIiwidmFsIjoiMSJ9XX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI2OTkyNjciLCJkb21haW5faWQiOiIxMjQ1MzMiLCJ1bml0IjoiZGl2LWdwdC1hZC1zZWN1cml0eW9ubGluZV9pbmZvLWxhcmdlLWJpbGxib2FyZC0yLTBfMiIsInRfZXBvY2giOjE2MDAzNDk3MTksImFkX3Bvc2l0aW9uIjoxMTAyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiRlIiLCJwYWdldmlld19pZCI6IjZjZDkyYjdmLTdmOWUtNDFlYy00NDZlLTIxZTBhNTczOGZjYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6MCwiY3JlYXRpdmVfaWQiOjAsImRhdGEiOlt7Im5hbWUiOiJjcmVhdGl2ZV9pZCIsInZhbCI6IjEzODMxMDAzNDQzOCJ9XX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI2OTkyNjciLCJkb21haW5faWQiOiIxMjQ1MzMiLCJ1bml0IjoiZGl2LWdwdC1hZC1zZWN1cml0eW9ubGluZV9pbmZvLWxhcmdlLWJpbGxib2FyZC0yLTBfMiIsInRfZXBvY2giOjE2MDAzNDk3MTksImFkX3Bvc2l0aW9uIjoxMTAyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiRlIiLCJwYWdldmlld19pZCI6IjZjZDkyYjdmLTdmOWUtNDFlYy00NDZlLTIxZTBhNTczOGZjYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6MCwiY3JlYXRpdmVfaWQiOjAsImRhdGEiOlt7Im5hbWUiOiJsaW5laXRlbV9pZCIsInZhbCI6IjI4Njg3Mjc0In1dfV0=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:26 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:35:26 UTC

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
100 B 37ms
36ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjk5MjY3IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1sYXJnZS1iaWxsYm9hcmQtMi0wXzIiLCJ0X2Vwb2NoIjoxNjAwMzQ5NzE5LCJhZF9wb3NpdGlvbiI6MTEwMiwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkZSIiwicGFnZXZpZXdfaWQiOiI2Y2Q5MmI3Zi03ZjllLTQxZWMtNDQ2ZS0yMWUwYTU3MzhmY2EiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjAsImNyZWF0aXZlX2lkIjowLCJkYXRhIjpbeyJuYW1lIjoidF9sb2NhbF9kYXRlIiwidmFsIjoiMjAyMC0wOS0xNyJ9LHsibmFtZSI6InRfbG9jYWxfaG91ciIsInZhbCI6IjE1In0seyJuYW1lIjoidF9sb2NhbF9kYXlfb2Zfd2VlayIsInZhbCI6IjQifSx7Im5hbWUiOiJ0X2xvY2FsX3RpbWV6b25lIiwidmFsIjoiLTEyMCJ9XX1d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:26 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:35:26 UTC

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
77 B 37ms
37ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiNjk5MjY3IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1sYXJnZS1iaWxsYm9hcmQtMi0wXzIiLCJ0X2Vwb2NoIjoxNjAwMzQ5NzE5LCJhdWN0aW9uX2Vwb2NoIjoxNjAwMzQ5NzI2LCJhZF9wb3NpdGlvbiI6MTEwMiwiY291bnRyeV9jb2RlIjoiRlIiLCJwYWdldmlld19pZCI6IjZjZDkyYjdmLTdmOWUtNDFlYy00NDZlLTIxZTBhNTczOGZjYSIsImJpZF9mbG9vcl9pbml0aWFsIjoxNTAwLCJiaWRfZmxvb3JfcHJldiI6MTIwLCJiaWRfZmxvb3JfZmlsbGVkIjoxMiwiYXVjdGlvbl9jb3VudCI6NSwicmVmcmVzaF9hZF9jb3VudCI6MCwiYXVjdGlvbl9kdXJhdGlvbiI6MzYxLCJtdWx0aV9hZF91bml0IjoyLCJtdWx0aV9hZF9jb3VudCI6NCwiZGF0YSI6W3sibmFtZSI6IiIsInZhbCI6IiJ9XX1d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:26 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:35:23 UTC

GET
H3-Q050 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/012009010507000/ Frame A35B 206 KB
56 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:819::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

12a24c1feb4b8e8e3872a9fedee80fcce55a6f59b14607d640fcf4f3054ec43e

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 17523
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 57296
x-xss-protection: 0
server: sffe
date: Thu, 17 Sep 2020 08:43:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "9e379dcbf00ec980"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 17 Sep 2021 08:43:23 GMT

GET
H3-Q050 200 amp-ad-exit-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame A35B 16 KB
6 KB 12ms
11ms Script
text/javascript 2a00:1450:4001:819::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-ad-exit-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d337aa4ea0cace6bd743ef8c3b5d1d20e6e676bb4a650c7335a7383635529f31

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 109497
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5755
x-xss-protection: 0
server: sffe
date: Wed, 16 Sep 2020 07:10:29 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "c8394c73e5080432"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Sep 2021 07:10:29 GMT

GET
H3-Q050 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame A35B 95 KB
29 KB 13ms
11ms Script
text/javascript 2a00:1450:4001:819::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-analytics-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

76a8c8ef4cde9cbd17bbaecf11ee316fab4e55cc661093e4b2d80a4e1ff52897

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 17574
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29275
x-xss-protection: 0
server: sffe
date: Thu, 17 Sep 2020 08:42:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "56557b91d9fb04b1"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 17 Sep 2021 08:42:32 GMT

GET
H3-Q050 200 amp-fit-text-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame A35B 4 KB
2 KB 29ms
27ms Script
text/javascript 2a00:1450:4001:819::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-fit-text-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6fca0b40781598023aed9b45225711771eafce8f14392a49d6ed57d567255002

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 109419
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1795
x-xss-protection: 0
server: sffe
date: Wed, 16 Sep 2020 07:11:47 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "b0cc102b09e8903d"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Sep 2021 07:11:47 GMT

GET
H3-Q050 200 amp-form-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame A35B 47 KB
15 KB 32ms
31ms Script
text/javascript 2a00:1450:4001:819::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-form-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

21cb9221d772cfd0d3de7240fe5c07ee1c06b9bd945111a2e0491ae243eb0b41

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 109406
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14591
x-xss-protection: 0
server: sffe
date: Wed, 16 Sep 2020 07:12:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "4ca25f57e218a94a"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Sep 2021 07:12:00 GMT

GET
H3-Q050 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame A35B 2 KB
2 KB 25ms
24ms Image
image/png 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 17 Sep 2020 11:08:58 GMT
x-content-type-options: nosniff
server: cafe
age: 8788
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Fri, 18 Sep 2020 11:08:58 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame A35B 295 B
319 B 25ms
24ms Image
image/png 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 16 Sep 2020 21:26:58 GMT
x-content-type-options: nosniff
server: cafe
age: 58108
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Thu, 17 Sep 2020 21:26:58 GMT

GET
DATA 200
OK truncated
/ Frame A35B 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5adef688aa4c57be5184afb4622cdb851184a870393b6431132ec8d7c957808b

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 200 4325229086539416381
tpc.googlesyndication.com/simgad/ Frame A35B 79 KB
79 KB 25ms
24ms Image
image/gif 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/4325229086539416381

Requested by

Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a4f18ddd4caba1566fa5d13fae04857ac271e0ace89d52a87f0aeff46ea5362b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 14 Sep 2020 09:27:47 GMT
x-content-type-options: nosniff
age: 274059
x-dns-prefetch-control: off
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 80425
x-xss-protection: 0
last-modified: Tue, 17 Dec 2019 07:01:45 GMT
server: sffe
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 14 Sep 2021 09:27:47 GMT

GET
H3-Q050 204 l
www.google.com/ads/measurement/ Frame A35B 0
0 39ms
38ms Image
text/html 2a00:1450:4001:825::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSwA1xFd-7cjasFQyTcQYCDtG4v1yJEISPaWUrUNQb4fbC2sFt95GBlrtM9jI1c-eAkl-f6v3NL9DNfm83s296a5gCxlQ
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:825::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame A35B 0
0 65ms
64ms Image
text/html 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CEtAWHWZjX4KJMYmr3gPdgaeAD-L69ZNfiPO15ZALsJAfEAEg9PnGJWD7gYCAiAqgAaXjhdkDyAED4AIAqAMByAMIqgTDAk_QvpC109L8eOBYD39gJlTdidkRlp_CIeT8XgxrkrPafPr4SClbe4nv9MjHPp6izGlb6Voo0MELBGQ3DGSDLRB8v9EdRaQFRb_C6AXKXpdu_QfYaels9V7CJ-R2WkKs9ayPIyCF1CEe9fUOCHCSG1HQsdN68ElWgQrQQbRlX5z_35gRQUhmn5Q7_389z8s54GSqJWLGiXXS29JvrX5nZuCfYhHHkBf364AjQzCHcVI8lkHNub008WUhYf04GGlNikoOMXmP0O5Qyovo3uBz2cAIKsKmsjEgfE0efvJKpCqVTKsv9bIlUN_8aGxnyYecMV9MlgDTjIqw_fr4i-BJBJFC4FrnfbUvhnCLv-qeAkU5uQb4foo-4g_XJFU_5QtuPQ8tnStsJQxi_w5FKb9usnSqW3GNu4Gw4RWjjBU2IzhYcpf3wATihqimwALgBAGSBQQIBBgBkgUECAUYBJIFBAgFGBiSBQUIBRioAaAGA4AHgpWvfqgHjs4bqAfVyRuoB5PYG6gHugaoB_DZG6gH8tkbqAemvhuoB-zVG9gHAfIHBBDeyATSCAkIgOGAEBABGB3yCBthZHgtc3Vic3luLTQ3NzYwNjMxNTgyNDI1ODiACgPICwGyDBRwdWItNjM5Njg0NDc0MjQ5NzIwONgTDA&sigh=fFBFXXhiKYw&tpd=AGWhJmuwkPKepah59_qMq8MvDeKxPZsduCW2PoBe7WECeMLOdA
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 172.217.23.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s18-in-f130.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H2 200 KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v20/ Frame 74A4 11 KB
11 KB 49ms
5ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,500,700&lang=en

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://securityonline.info
Referer: https://fonts.googleapis.com/css?family=Roboto:400,500,700&lang=en
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 14 Sep 2020 09:06:19 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:50 GMT
server: sffe
age: 275347
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11016
x-xss-protection: 0
expires: Tue, 14 Sep 2021 09:06:19 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ Frame 74A4 11 KB
11 KB 37ms
6ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,500,700&lang=en

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://securityonline.info
Referer: https://fonts.googleapis.com/css?family=Roboto:400,500,700&lang=en
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 14 Sep 2020 09:07:03 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:48 GMT
server: sffe
age: 275303
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11056
x-xss-protection: 0
expires: Tue, 14 Sep 2021 09:07:03 GMT

GET
H2 200 71614394 Show response
g.ezoic.net/dac/ 0
17 B 49ms
35ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezoic.net/dac/71614394
Requested by: Host: securityonline.info
URL: https://securityonline.info/porpoiseant/banger.js?cb=191-2&bv=86&v=35&PageSpeed=off
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:26 GMT
server: nginx/1.16.0
status: 200
vary: Accept-Encoding
content-type: text/plain
access-control-allow-origin: *
cache-control: max-age=3600, public
content-length: 0

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
77 B 47ms
33ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjg4NjY3IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1ib3gtMS0wXzIiLCJ0X2Vwb2NoIjoxNjAwMzQ5NzE5LCJhZF9wb3NpdGlvbiI6MTEwNywiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkZSIiwicGFnZXZpZXdfaWQiOiI2Y2Q5MmI3Zi03ZjllLTQxZWMtNDQ2ZS0yMWUwYTU3MzhmY2EiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjAsImNyZWF0aXZlX2lkIjowLCJkYXRhIjpbeyJuYW1lIjoicmVmcmVzaF9jb3VudCIsInZhbCI6IjUifV19LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjg4NjY3IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1ib3gtMS0wXzIiLCJ0X2Vwb2NoIjoxNjAwMzQ5NzE5LCJhZF9wb3NpdGlvbiI6MTEwNywiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkZSIiwicGFnZXZpZXdfaWQiOiI2Y2Q5MmI3Zi03ZjllLTQxZWMtNDQ2ZS0yMWUwYTU3MzhmY2EiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjAsImNyZWF0aXZlX2lkIjowLCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX2JpZF9oYXNoIiwidmFsIjoiemVybyJ9XX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI2ODg2NjciLCJkb21haW5faWQiOiIxMjQ1MzMiLCJ1bml0IjoiZGl2LWdwdC1hZC1zZWN1cml0eW9ubGluZV9pbmZvLWJveC0xLTBfMiIsInRfZXBvY2giOjE2MDAzNDk3MTksInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLjAwMDAwMiwiYWRfcG9zaXRpb24iOjExMDcsImFkX3NpemUiOiIiLCJiaWRfZmxvb3JfZmlsbGVkIjowLjAwMDAwMiwiYmlkX2Zsb29yX3ByZXYiOjAuMDAwMTQsInN0YXRfc291cmNlX2lkIjozNSwiY291bnRyeV9jb2RlIjoiRlIiLCJwYWdldmlld19pZCI6IjZjZDkyYjdmLTdmOWUtNDFlYy00NDZlLTIxZTBhNTczOGZjYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6MCwiY3JlYXRpdmVfaWQiOjAsImRhdGEiOlt7Im5hbWUiOiJsb2FkZWQiLCJ2YWwiOiIxIn1dfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjY4ODY2NyIsImRvbWFpbl9pZCI6IjEyNDUzMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXNlY3VyaXR5b25saW5lX2luZm8tYm94LTEtMF8yIiwidF9lcG9jaCI6MTYwMDM0OTcxOSwiYWRfcG9zaXRpb24iOjExMDcsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJGUiIsInBhZ2V2aWV3X2lkIjoiNmNkOTJiN2YtN2Y5ZS00MWVjLTQ0NmUtMjFlMGE1NzM4ZmNhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjowLCJjcmVhdGl2ZV9pZCI6MCwiZGF0YSI6W3sibmFtZSI6ImNyZWF0aXZlX2lkIiwidmFsIjoiMTM4MzEwMDQzNzUxIn1dfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjY4ODY2NyIsImRvbWFpbl9pZCI6IjEyNDUzMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXNlY3VyaXR5b25saW5lX2luZm8tYm94LTEtMF8yIiwidF9lcG9jaCI6MTYwMDM0OTcxOSwiYWRfcG9zaXRpb24iOjExMDcsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJGUiIsInBhZ2V2aWV3X2lkIjoiNmNkOTJiN2YtN2Y5ZS00MWVjLTQ0NmUtMjFlMGE1NzM4ZmNhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjowLCJjcmVhdGl2ZV9pZCI6MCwiZGF0YSI6W3sibmFtZSI6ImxpbmVpdGVtX2lkIiwidmFsIjoiNzE2MTQzOTQifV19XQ==
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:26 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:35:25 UTC

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
77 B 46ms
32ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjg4NjY3IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1ib3gtMS0wXzIiLCJ0X2Vwb2NoIjoxNjAwMzQ5NzE5LCJhZF9wb3NpdGlvbiI6MTEwNywiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkZSIiwicGFnZXZpZXdfaWQiOiI2Y2Q5MmI3Zi03ZjllLTQxZWMtNDQ2ZS0yMWUwYTU3MzhmY2EiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjAsImNyZWF0aXZlX2lkIjowLCJkYXRhIjpbeyJuYW1lIjoidF9sb2NhbF9kYXRlIiwidmFsIjoiMjAyMC0wOS0xNyJ9LHsibmFtZSI6InRfbG9jYWxfaG91ciIsInZhbCI6IjE1In0seyJuYW1lIjoidF9sb2NhbF9kYXlfb2Zfd2VlayIsInZhbCI6IjQifSx7Im5hbWUiOiJ0X2xvY2FsX3RpbWV6b25lIiwidmFsIjoiLTEyMCJ9XX1d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:26 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:35:25 UTC

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
77 B 47ms
33ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiNjg4NjY3IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1ib3gtMS0wXzIiLCJ0X2Vwb2NoIjoxNjAwMzQ5NzE5LCJhdWN0aW9uX2Vwb2NoIjoxNjAwMzQ5NzI2LCJhZF9wb3NpdGlvbiI6MTEwNywiY291bnRyeV9jb2RlIjoiRlIiLCJwYWdldmlld19pZCI6IjZjZDkyYjdmLTdmOWUtNDFlYy00NDZlLTIxZTBhNTczOGZjYSIsImJpZF9mbG9vcl9pbml0aWFsIjo4MDAsImJpZF9mbG9vcl9wcmV2IjoxNCwiYmlkX2Zsb29yX2ZpbGxlZCI6MCwiYXVjdGlvbl9jb3VudCI6NSwicmVmcmVzaF9hZF9jb3VudCI6MCwiYXVjdGlvbl9kdXJhdGlvbiI6Mzc2LCJtdWx0aV9hZF91bml0IjoyLCJtdWx0aV9hZF9jb3VudCI6NCwiZGF0YSI6W3sibmFtZSI6IiIsInZhbCI6IiJ9XX1d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:26 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:35:26 UTC

GET
H2 200 quant.js Show response
secure.quantserve.com/ 22 KB
8 KB 12ms
7ms Script
application/javascript 2620:116:800d:21:36a9:ecb:e518:b308
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: go.ezoic.net
URL: https://go.ezoic.net/detroitchicago/audins.js?cb=191-2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:116:800d:21:36a9:ecb:e518:b308 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 8130c2c72afad9d94581ef93aaa00524093103c47c71fce52f606d5ff693c3ce

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:26 GMT
content-encoding: gzip
etag: "KhcnJMdjWpfMUgm9eIIqRQ=="
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: private, max-age=604800
accept-ranges: bytes
expires: Thu, 24 Sep 2020 13:35:26 GMT

GET
H/1.1 200
OK beacon.js Show response
sb.scorecardresearch.com/ 1 KB
1 KB 150ms
74ms Script
application/x-javascript 23.37.53.17
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://sb.scorecardresearch.com/beacon.js
Requested by: Host: go.ezoic.net
URL: https://go.ezoic.net/detroitchicago/audins.js?cb=191-2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.37.53.17 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-53-17.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 17 Sep 2020 13:35:26 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: private, no-transform, max-age=86400
Connection: keep-alive
Content-Length: 884
Expires: Fri, 18 Sep 2020 13:35:26 GMT

GET
H3-Q050

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 74A4
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
0

48ms
47ms

Image
text/html

2a00:1450:4001:818::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:818::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Redirect headers

date: Thu, 17 Sep 2020 13:35:26 GMT
x-content-type-options: nosniff
server: safe
status: 302
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 246
x-xss-protection: 0

GET
H3-Q050 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012009010507000/ Frame 3F72 181 KB
51 KB 23ms
6ms Script
text/javascript 2a00:1450:4001:819::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

46ba3b3b6854781aa5c1f97bd5277cb0fb139dd498386b7d6233563887f88e53

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 109468
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51818
x-xss-protection: 0
server: sffe
date: Wed, 16 Sep 2020 07:10:58 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "8db6e6dc3ddaee43"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Sep 2021 07:10:58 GMT

GET
H3-Q050 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame 3F72 14 KB
5 KB 25ms
7ms Script
text/javascript 2a00:1450:4001:819::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

623d2a664f5c5df16b2a6934fbf14d888e173665491d4455ba36c84cd87c325f

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 109547
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5241
x-xss-protection: 0
server: sffe
date: Wed, 16 Sep 2020 07:09:39 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "dd6d7c11c3ecaf3a"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Sep 2021 07:09:39 GMT

GET
H3-Q050 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame 3F72 89 KB
27 KB 25ms
8ms Script
text/javascript 2a00:1450:4001:819::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d75964c5d57fe9b7fda71ef1b5f09e5dbd2627b000900cd2a3289f8208b3c4d

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 109571
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27287
x-xss-protection: 0
server: sffe
date: Wed, 16 Sep 2020 07:09:15 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "f1c7ecfa6e06e95f"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Sep 2021 07:09:15 GMT

GET
H3-Q050 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame 3F72 3 KB
1 KB 21ms
16ms Script
text/javascript 2a00:1450:4001:819::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a37060caaac2ba759aef9001a07b81aee51a0e574ac9f93df3c87510b4935e00

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 109567
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: sffe
date: Wed, 16 Sep 2020 07:09:19 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "fc3d498cf4602ec5"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Sep 2021 07:09:19 GMT

GET
H3-Q050 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame 3F72 42 KB
13 KB 22ms
17ms Script
text/javascript 2a00:1450:4001:819::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

502d6cafe4117b519ab6dd5ea0940215f6e1360d9f6f9ca5b054bd7d78bd5951

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 109548
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13484
x-xss-protection: 0
server: sffe
date: Wed, 16 Sep 2020 07:09:38 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "2f4d759847fef44c"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Sep 2021 07:09:38 GMT

GET
H3-Q050 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 3F72 2 KB
2 KB 14ms
9ms Image
image/png 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 17 Sep 2020 11:08:58 GMT
x-content-type-options: nosniff
server: cafe
age: 8788
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Fri, 18 Sep 2020 11:08:58 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 3F72 295 B
319 B 16ms
10ms Image
image/png 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 16 Sep 2020 21:26:58 GMT
x-content-type-options: nosniff
server: cafe
age: 58108
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Thu, 17 Sep 2020 21:26:58 GMT

GET
DATA 200
OK truncated
/ Frame 3F72 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 35582d091af6e7ae255a588f11ac20f8f3f6eceafffc8dce353f65ba475b246e

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 200 10269218106722766590
tpc.googlesyndication.com/simgad/ Frame 3F72 123 KB
123 KB 18ms
14ms Image
image/gif 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/10269218106722766590

Requested by

Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4691d2d9bbf29b666d996e8cb483e60fa6f3e071f1091a57c2b3ac4413216b24

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 07:58:25 GMT
x-content-type-options: nosniff
age: 20221
x-dns-prefetch-control: off
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 125745
x-xss-protection: 0
last-modified: Thu, 17 Sep 2020 07:07:57 GMT
server: sffe
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 17 Sep 2021 07:58:25 GMT

GET
H3-Q050 204 l
www.google.com/ads/measurement/ Frame 3F72 0
0 21ms
17ms Image
text/html 2a00:1450:4001:825::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQIrxn46FAnjA4OVEHd7jvdhFidBj1sK9yNHQmfUTsSCW3bATg1eChobsjJurg7MJSOKxHcos3yoU6cE12xRy8XlUyQaw
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:825::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 3F72 0
0 103ms
100ms Image
text/html 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CLpF_HWZjX9XlNZH63gO59ruICMS5uKRfg9uiibgMv-EeEAEg9PnGJWD7gYCAiAqgAa3ciogDyAED4AIAqAMByAMIqgS0Ak_QhGZ4taPJdFKrzSjuQGjoinYtEwrorfgZkgs37N2cekLLBBumCyzu2OXufQpt3FHQVwj2k2AHYBbHJrysdDph7XoU1bC12rTbMJKEiAQnHH_HWoSaA0LpRogiX6-DVKu9MMj5Ybd3p-okCixiHqTIMX7CBJh1ecNk6AWmKmF2eptkrS-Rh8z_f75zn7rHrCQSsIpSG46DVZaNZgu3UCrORLCedYAaYFRlOH9gFxYDBS1GmDLQyU_XzcBN7B_mc3WZWYmziHL-HJHD8MeFuiKsGRXymVs-tRokaNdQGyWZFpE8qhAFNECawahT7mwb8RWMHX0QfChT3SohfUEzLaU1-vZ8r0EC8AIn7JQ3mO7wsSftQO1UxIORs1l-OJJbXPpedfdR-f3vIid40Tb1f64kj6PGwASSh4n79gLgBAGSBQQIBBgBkgUECAUYBKAGA4AHzeLMeKgHjs4bqAfVyRuoB5PYG6gHugaoB_DZG6gH8tkbqAemvhuoB-zVG9gHAfIHBBCTowXSCAkIgOGAEBABGB3yCBthZHgtc3Vic3luLTQ3NzYwNjMxNTgyNDI1ODiACgPICwGyDBRwdWItNjM5Njg0NDc0MjQ5NzIwONgTDA&sigh=Se1A9nFNxcU&tpd=AGWhJmtaEgRTzr4RqMVhR1QqgIfhstoRTNKhSXBrYlYHa3ovAQ
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 172.217.23.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s18-in-f130.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H2 200 container.html
9f46ee1ec8ac4216d9f21580f094faa8.safeframe.googlesyndication.com/safeframe/1-0-37/html/ Frame 029D 0
0 15ms
7ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://9f46ee1ec8ac4216d9f21580f094faa8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 9f46ee1ec8ac4216d9f21580f094faa8.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-37/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/

Response headers

status: 200
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
timing-allow-origin: *
content-length: 2973
date: Thu, 17 Sep 2020 13:35:20 GMT
expires: Fri, 17 Sep 2021 13:35:20 GMT
last-modified: Thu, 21 Nov 2019 16:01:11 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 6
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 41 KB
10 KB 367ms
364ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4316486664546050&correlator=3800760400195847&output=ldjh&impl=fif&adsid=NT&eid=21067409%2C21067450%2C21064170%2C21065517%2C21067036&vrg=2020091401&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-large-billboard-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=5&prev_scp=iid7%3D699267%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C252%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod72-c%26ic%3D6%26at%3Dbf%26adr%3D399%26ezosn%3D7%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1034%26compid%3D0%26tap%3Dsecurityonline_info-large-billboard-2-699267%26eb_br%3Dzero%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D4%26bvm%3D0%26bvr%3D4%26shp%3D3%26br1%3D0%26br2%3D750%26ezoic%3D1%26nmau%3D4%26mau%3D1%26stl%3D25%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C17%2C20%2C17%2C18%2C19%2C20%2C17%2C18%2C19%2C20%26lb%3D12%26reqt%3D1600349726277%26ss38%3D1%26ss9%3D1&eri=1&cookie=ID%3D10128f68086418e5%3AT%3D1600349725%3AS%3DALNI_MZ3Sub3lNn_frITR9TAiY8Km1xnqw&bc=31&abxe=1&lmt=1600349726&dt=1600349726283&dlt=1600349720147&idt=540&frm=20&biw=1600&bih=1200&oid=3&adxs=1180&adys=2527&adks=4008027628&ucis=1x&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,FF6600|color_text,,000000|color_url,,FF6600&ifi=70&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=106&icsg=3433718964813826&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x269&msz=300x262&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1643016272.1600349720&ga_sid=1600349720&ga_hid=1485600483&ga_wpids=UA-124345349-20&fws=4&ohw=340&btvi=39&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

473c3ba5a4cc196ba3fd1bcb77217d2f7599dbde00f67d51b5f71cce4d5fbbca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:26 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10421
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/012009010507000/ Frame 85B0 206 KB
56 KB 19ms
5ms Script
text/javascript 2a00:1450:4001:819::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

12a24c1feb4b8e8e3872a9fedee80fcce55a6f59b14607d640fcf4f3054ec43e

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 17523
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 57296
x-xss-protection: 0
server: sffe
date: Thu, 17 Sep 2020 08:43:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "9e379dcbf00ec980"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 17 Sep 2021 08:43:23 GMT

GET
H3-Q050 200 amp-ad-exit-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame 85B0 16 KB
6 KB 25ms
11ms Script
text/javascript 2a00:1450:4001:819::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-ad-exit-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d337aa4ea0cace6bd743ef8c3b5d1d20e6e676bb4a650c7335a7383635529f31

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 109497
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5755
x-xss-protection: 0
server: sffe
date: Wed, 16 Sep 2020 07:10:29 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "c8394c73e5080432"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Sep 2021 07:10:29 GMT

GET
H3-Q050 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame 85B0 95 KB
29 KB 26ms
12ms Script
text/javascript 2a00:1450:4001:819::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-analytics-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

76a8c8ef4cde9cbd17bbaecf11ee316fab4e55cc661093e4b2d80a4e1ff52897

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 17574
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29275
x-xss-protection: 0
server: sffe
date: Thu, 17 Sep 2020 08:42:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "56557b91d9fb04b1"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 17 Sep 2021 08:42:32 GMT

GET
H3-Q050 200 amp-fit-text-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame 85B0 4 KB
2 KB 30ms
16ms Script
text/javascript 2a00:1450:4001:819::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-fit-text-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6fca0b40781598023aed9b45225711771eafce8f14392a49d6ed57d567255002

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 109419
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1795
x-xss-protection: 0
server: sffe
date: Wed, 16 Sep 2020 07:11:47 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "b0cc102b09e8903d"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Sep 2021 07:11:47 GMT

GET
H3-Q050 200 amp-form-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame 85B0 47 KB
15 KB 30ms
16ms Script
text/javascript 2a00:1450:4001:819::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-form-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

21cb9221d772cfd0d3de7240fe5c07ee1c06b9bd945111a2e0491ae243eb0b41

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 109406
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14591
x-xss-protection: 0
server: sffe
date: Wed, 16 Sep 2020 07:12:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "4ca25f57e218a94a"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Sep 2021 07:12:00 GMT

GET
H3-Q050 200 css
fonts.googleapis.com/ Frame 85B0 4 KB
647 B 40ms
28ms Stylesheet
text/css 2a00:1450:4001:819::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:819::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

02fec5849f8ab7bceb4450d167f382e9079bd3a5d0f33a00942869641811ab3a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 17 Sep 2020 13:09:01 GMT
server: ESF
date: Thu, 17 Sep 2020 13:35:26 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 17 Sep 2020 13:35:26 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 85B0 295 B
319 B 26ms
13ms Image
image/png 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 16 Sep 2020 21:26:58 GMT
x-content-type-options: nosniff
server: cafe
age: 58108
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Thu, 17 Sep 2020 21:26:58 GMT

GET
DATA 200
OK truncated
/ Frame 85B0 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 469b433052ea60b4451bd94f9799124e36632920e258eb319dfe3c66c362f498

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 200 en_bl.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 85B0 2 KB
3 KB 24ms
14ms Image
image/png 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en_bl.png

Requested by

Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e1a3c83144fa5752c8668ca056742ec9e6d6dfe5cfb75a97a9e53d1150068f91

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 17 Sep 2020 02:38:27 GMT
x-content-type-options: nosniff
server: cafe
age: 39419
etag: 11660698925711390587
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2471
x-xss-protection: 0
expires: Fri, 18 Sep 2020 02:38:27 GMT

GET
H3-Q050 204 l
www.google.com/ads/measurement/ Frame 85B0 0
0 27ms
17ms Image
text/html 2a00:1450:4001:825::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRpHGB_i73D3XsZ7VD0HdbzThm5-FKGs-D-jrnYvc5e4iU_FvAbSkuMqVgRHBdaYCpxZS_tX8psbWvKJbcfFY7Bc2k19Q
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:825::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 85B0 0
0 91ms
81ms Image
text/html 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CAV_1HWZjX8ypN8qV3gPS3pfgBouT8PJehvGfl5gM9f-YyscbEAEg9PnGJWD7gYCAiAqgAdOx-cgDyAEBqQIFOO1Bms2zPuACAKgDAcgDCqoEugJP0Gjqxs1p21wFczAYirEk4dxXwin603SOnHx4MyO3TOgq8Lx8zP3M1GzX1VHXquXCv9ZF48IkxA3PfMlIEQpA4l3QI-6HiLlNikH1adWCpRFls-HopTLlDazzxBbIHi7T6cV2uDa7z9BfiMg7NyjKzgdfsAV9GtUeZnsUzB3YZ49hCpICNdcAruo77JmmOvKLhbKDOy2GP0JMaO0G5ZRrk60cb0xP6qQX9ntjumwctP_K8BbBR8_Tcoh0gulE5R8kP8IA3QGi0qDcsLFu11Qm2MYPVOICAcbrEVrvenmI0J2hIN4IxiL6_31OM4i_qhAHrGX17_yqnqfmDvJKBgm87TTwaWcsTjQQNmc-RwNkBhbL_2Nuz-GiaDMS6kALMBK_YDLWNVT5ajY8poiSPdFdPVhzYUpzODWOMcAE2Y7TzpoD4AQBkgUECAQYAZIFBAgFGASSBQQIBRgYkgUFCAUYqAGAB4_wxJUBqAeOzhuoB9XJG6gHk9gbqAe6BqgH8NkbqAfy2RuoB6a-G6gH7NUb2AcB8gcEEMTmE9IICQiA4YAQEAEYHfIIG2FkeC1zdWJzeW4tNDc3NjA2MzE1ODI0MjU4OIAKA8gLAbIMFHB1Yi02Mzk2ODQ0NzQyNDk3MjA42BMCiBQD&sigh=KTDuEUy4SD8&tpd=AGWhJmsss49gPS9lrFIK7-s9RlpJM9fwfqgfFTqBboWPlwVXdw
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 172.217.23.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s18-in-f130.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/012009010507000/ Frame AE7F 206 KB
56 KB 21ms
8ms Script
text/javascript 2a00:1450:4001:819::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

12a24c1feb4b8e8e3872a9fedee80fcce55a6f59b14607d640fcf4f3054ec43e

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 17523
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 57296
x-xss-protection: 0
server: sffe
date: Thu, 17 Sep 2020 08:43:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "9e379dcbf00ec980"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 17 Sep 2021 08:43:23 GMT

GET
H3-Q050 200 amp-ad-exit-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame AE7F 16 KB
6 KB 30ms
17ms Script
text/javascript 2a00:1450:4001:819::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-ad-exit-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d337aa4ea0cace6bd743ef8c3b5d1d20e6e676bb4a650c7335a7383635529f31

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 109497
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5755
x-xss-protection: 0
server: sffe
date: Wed, 16 Sep 2020 07:10:29 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "c8394c73e5080432"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Sep 2021 07:10:29 GMT

GET
H3-Q050 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame AE7F 95 KB
29 KB 30ms
18ms Script
text/javascript 2a00:1450:4001:819::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-analytics-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

76a8c8ef4cde9cbd17bbaecf11ee316fab4e55cc661093e4b2d80a4e1ff52897

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 17574
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29275
x-xss-protection: 0
server: sffe
date: Thu, 17 Sep 2020 08:42:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "56557b91d9fb04b1"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 17 Sep 2021 08:42:32 GMT

GET
H3-Q050 200 amp-fit-text-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame AE7F 4 KB
2 KB 31ms
18ms Script
text/javascript 2a00:1450:4001:819::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-fit-text-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6fca0b40781598023aed9b45225711771eafce8f14392a49d6ed57d567255002

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 109419
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1795
x-xss-protection: 0
server: sffe
date: Wed, 16 Sep 2020 07:11:47 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "b0cc102b09e8903d"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Sep 2021 07:11:47 GMT

GET
H3-Q050 200 amp-form-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame AE7F 47 KB
14 KB 31ms
19ms Script
text/javascript 2a00:1450:4001:819::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-form-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

21cb9221d772cfd0d3de7240fe5c07ee1c06b9bd945111a2e0491ae243eb0b41

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 109406
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14591
x-xss-protection: 0
server: sffe
date: Wed, 16 Sep 2020 07:12:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "4ca25f57e218a94a"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Sep 2021 07:12:00 GMT

GET
H3-Q050 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame AE7F 2 KB
3 KB 23ms
11ms Image
image/png 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 17 Sep 2020 11:08:58 GMT
x-content-type-options: nosniff
server: cafe
age: 8788
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Fri, 18 Sep 2020 11:08:58 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame AE7F 295 B
388 B 25ms
13ms Image
image/png 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 16 Sep 2020 21:26:58 GMT
x-content-type-options: nosniff
server: cafe
age: 58108
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Thu, 17 Sep 2020 21:26:58 GMT

GET
DATA 200
OK truncated
/ Frame AE7F 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b2d8e99473e424f74a43e9306645016e131c455755190eac1d751c0b123860aa

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 200 173663363447728466
tpc.googlesyndication.com/simgad/ Frame AE7F 32 KB
32 KB 27ms
16ms Image
image/jpeg 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/173663363447728466?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qnCv7URJOJbJAOsv9i0WVj6iXmNQw

Requested by

Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8b5db2704b1f936faca0018b696554c5232f7d36b16e9e1da3ab4e2ba6a98ada

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 14 Sep 2020 12:47:40 GMT
x-content-type-options: nosniff
last-modified: Sat, 01 Aug 2020 02:32:18 GMT
server: sffe
age: 262066
status: 200
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32684
x-xss-protection: 0
expires: Tue, 14 Sep 2021 12:47:40 GMT

GET
H3-Q050 204 l
www.google.com/ads/measurement/ Frame AE7F 0
0 31ms
20ms Image
text/html 2a00:1450:4001:825::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQ3-CeRGDT9dADiZ6VSFF82maq9s4J9M6W1taCNkTW0FMvYzqA5DNvQ4z9gm3xMfjP_R3iCak3c1VCY8UZxTmVt5A3Vqg
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:825::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame AE7F 0
0 106ms
94ms Image
text/html 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CbwWlHWZjX6eENJCH3gPm8rDAA_LR4PFetLrDnoUMv-EeEAEg9PnGJWD7gYCAiAqgAa3ciogDyAEC4AIAqAMByAMIqgS0Ak_Q8LgviCdln-l1k5MttmByDadt2tArbu1gAmE4CcsetsO4TOISN1Ee426rD90MHhZYT9-Mw9e8LB_MXvJnIxw6V4_EEtgoJHXw9nu_3OCJd_tQCk5AhtS_lYB1X0GmzI05GHYaAzbz-tmjvMTa8RUJ7YMODSrb-IjO9g_aB_-NcDCeh6Mh3AZlP3nhwzzy6-LVTrP6o0JAJMu6t2cUfFVBjaKNElF3c5LJhIDJYdy9D8rHi7RHY752JDy4Hl-EWr_Owltq548T5xzI8h9eUM2W9hy5_m1Zcd8MDesLP8paOwWI_QWSv_cEyNCIBnTmTTIL1475cpRXHAlIsYpBVht30XGkCwZ7d1qyA41QVMtzuiAXPR0Zd45RfjRpIvttq1HJTgSmVaKZ832kefED7aj4k7M6wASPmpztlAPgBAGSBQQIBBgBkgUECAUYBKAGAoAH2oDHa6gHjs4bqAfVyRuoB5PYG6gHugaoB_DZG6gH8tkbqAemvhuoB-zVG9gHAfIHBBD1zQTSCAkIgOGAEBABGB3yCBthZHgtc3Vic3luLTQ3NzYwNjMxNTgyNDI1ODiACgPICwGyDBRwdWItNjM5Njg0NDc0MjQ5NzIwONgTDA&sigh=vsbyMGFCcA0&tpd=AGWhJmvLuftD1QzIgvm8iA23nqYF01CO2I8UftOtX2-oPHCLOw
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 172.217.23.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s18-in-f130.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 328 B
301 B 385ms
367ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4316486664546050&correlator=1584491471352168&output=ldjh&impl=fif&adsid=NT&eid=21067409%2C21067450%2C21064170%2C21065517%2C21067036&vrg=2020091401&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-medrectangle-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=250x250&ris=1&rcs=4&prev_scp=iid8%3D721815%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1110%26sap%3D1110%26a%3D%257C253%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod72-c%26ic%3D5%26at%3Dmbf%26adr%3D399%26ezosn%3D13%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D4%26al%3D1004%26compid%3D0%26tap%3Dsecurityonline_info-medrectangle-1-721815%26eb_br%3Dc352ba581bd3ffd8cea608cf2d55f519%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D1%26bvm%3D0%26bvr%3D7%26shp%3D3%26acptad%3D1%26br1%3D60%26br2%3D350%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D27%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%2C17%2C20%2C17%2C19%2C20%26lb%3D140%26reqt%3D1600349726457&eri=1&cookie=ID%3D19542d4a656f3f3d%3AT%3D1600349725%3AS%3DALNI_MaZyKO4Q1vcc5_cH3RtApXy4bDxdQ&bc=31&abxe=1&lmt=1600349726&dt=1600349726465&dlt=1600349720147&idt=540&frm=20&biw=1600&bih=1200&oid=3&adxs=200&adys=11491&adks=2847974443&ucis=1y&sps=channel,,3327506388|color_bg,,EEFF00|color_border,,EEFF00|color_link,,000000|color_text,,000000|color_url,,000000&ifi=71&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=104&icsg=3433718964813826&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1380x270&msz=1200x250&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1643016272.1600349720&ga_sid=1600349720&ga_hid=1485600483&ga_wpids=UA-124345349-20&fws=0&ohw=0&btvi=40&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

0bed2f0ab11bd667ba0ac8acd6291623fcffbe94274137be374d4eb26c40e872

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:26 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 138
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 71614394 Show response
g.ezoic.net/dac/ 0
17 B 78ms
61ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezoic.net/dac/71614394
Requested by: Host: securityonline.info
URL: https://securityonline.info/porpoiseant/banger.js?cb=191-2&bv=86&v=35&PageSpeed=off
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:26 GMT
server: nginx/1.16.0
status: 200
vary: Accept-Encoding
content-type: text/plain
access-control-allow-origin: *
cache-control: max-age=3600, public
content-length: 0

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
77 B 79ms
61ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjg4NjY3IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1ib3gtMS0wIiwidF9lcG9jaCI6MTYwMDM0OTcxOSwiYWRfcG9zaXRpb24iOjExMDcsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJGUiIsInBhZ2V2aWV3X2lkIjoiNmNkOTJiN2YtN2Y5ZS00MWVjLTQ0NmUtMjFlMGE1NzM4ZmNhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo3MTYxNDM5NCwiY3JlYXRpdmVfaWQiOjEzODMxMDA0Mzc2MywiZGF0YSI6W3sibmFtZSI6InJlZnJlc2hfY291bnQiLCJ2YWwiOiI1In1dfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjY4ODY2NyIsImRvbWFpbl9pZCI6IjEyNDUzMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXNlY3VyaXR5b25saW5lX2luZm8tYm94LTEtMCIsInRfZXBvY2giOjE2MDAzNDk3MTksImFkX3Bvc2l0aW9uIjoxMTA3LCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiRlIiLCJwYWdldmlld19pZCI6IjZjZDkyYjdmLTdmOWUtNDFlYy00NDZlLTIxZTBhNTczOGZjYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NzE2MTQzOTQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM3NjMsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfYmlkX2hhc2giLCJ2YWwiOiJ6ZXJvIn1dfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjY4ODY2NyIsImRvbWFpbl9pZCI6IjEyNDUzMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXNlY3VyaXR5b25saW5lX2luZm8tYm94LTEtMCIsInRfZXBvY2giOjE2MDAzNDk3MTksInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLjAwMDAwMiwiYWRfcG9zaXRpb24iOjExMDcsImFkX3NpemUiOiIiLCJiaWRfZmxvb3JfZmlsbGVkIjowLjAwMDAwMiwiYmlkX2Zsb29yX3ByZXYiOjAuMDAwMTQsInN0YXRfc291cmNlX2lkIjozNSwiY291bnRyeV9jb2RlIjoiRlIiLCJwYWdldmlld19pZCI6IjZjZDkyYjdmLTdmOWUtNDFlYy00NDZlLTIxZTBhNTczOGZjYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NzE2MTQzOTQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM3NjMsImRhdGEiOlt7Im5hbWUiOiJsb2FkZWQiLCJ2YWwiOiIxIn1dfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjY4ODY2NyIsImRvbWFpbl9pZCI6IjEyNDUzMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXNlY3VyaXR5b25saW5lX2luZm8tYm94LTEtMCIsInRfZXBvY2giOjE2MDAzNDk3MTksImFkX3Bvc2l0aW9uIjoxMTA3LCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiRlIiLCJwYWdldmlld19pZCI6IjZjZDkyYjdmLTdmOWUtNDFlYy00NDZlLTIxZTBhNTczOGZjYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NzE2MTQzOTQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM3NjMsImRhdGEiOlt7Im5hbWUiOiJjcmVhdGl2ZV9pZCIsInZhbCI6IjEzODMxMDA0Mzc2MyJ9XX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI2ODg2NjciLCJkb21haW5faWQiOiIxMjQ1MzMiLCJ1bml0IjoiZGl2LWdwdC1hZC1zZWN1cml0eW9ubGluZV9pbmZvLWJveC0xLTAiLCJ0X2Vwb2NoIjoxNjAwMzQ5NzE5LCJhZF9wb3NpdGlvbiI6MTEwNywiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkZSIiwicGFnZXZpZXdfaWQiOiI2Y2Q5MmI3Zi03ZjllLTQxZWMtNDQ2ZS0yMWUwYTU3MzhmY2EiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjcxNjE0Mzk0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDQzNzYzLCJkYXRhIjpbeyJuYW1lIjoibGluZWl0ZW1faWQiLCJ2YWwiOiI3MTYxNDM5NCJ9XX1d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:26 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:35:26 UTC

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
77 B 78ms
61ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjg4NjY3IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1ib3gtMS0wIiwidF9lcG9jaCI6MTYwMDM0OTcxOSwiYWRfcG9zaXRpb24iOjExMDcsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJGUiIsInBhZ2V2aWV3X2lkIjoiNmNkOTJiN2YtN2Y5ZS00MWVjLTQ0NmUtMjFlMGE1NzM4ZmNhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo3MTYxNDM5NCwiY3JlYXRpdmVfaWQiOjEzODMxMDA0Mzc2MywiZGF0YSI6W3sibmFtZSI6InRfbG9jYWxfZGF0ZSIsInZhbCI6IjIwMjAtMDktMTcifSx7Im5hbWUiOiJ0X2xvY2FsX2hvdXIiLCJ2YWwiOiIxNSJ9LHsibmFtZSI6InRfbG9jYWxfZGF5X29mX3dlZWsiLCJ2YWwiOiI0In0seyJuYW1lIjoidF9sb2NhbF90aW1lem9uZSIsInZhbCI6Ii0xMjAifV19XQ==
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:26 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:35:26 UTC

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
77 B 77ms
60ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiNjg4NjY3IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1ib3gtMS0wIiwidF9lcG9jaCI6MTYwMDM0OTcxOSwiYXVjdGlvbl9lcG9jaCI6MTYwMDM0OTcyNiwiYWRfcG9zaXRpb24iOjExMDcsImNvdW50cnlfY29kZSI6IkZSIiwicGFnZXZpZXdfaWQiOiI2Y2Q5MmI3Zi03ZjllLTQxZWMtNDQ2ZS0yMWUwYTU3MzhmY2EiLCJiaWRfZmxvb3JfaW5pdGlhbCI6ODAwLCJiaWRfZmxvb3JfcHJldiI6MTQsImJpZF9mbG9vcl9maWxsZWQiOjAsImF1Y3Rpb25fY291bnQiOjUsInJlZnJlc2hfYWRfY291bnQiOjAsImF1Y3Rpb25fZHVyYXRpb24iOjQxNiwibXVsdGlfYWRfdW5pdCI6MCwibXVsdGlfYWRfY291bnQiOjQsImRhdGEiOlt7Im5hbWUiOiIiLCJ2YWwiOiIifV19XQ==
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:26 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:35:26 UTC

GET
H2 200 4817735420 Show response
g.ezoic.net/dac/ 0
17 B 90ms
77ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezoic.net/dac/4817735420
Requested by: Host: securityonline.info
URL: https://securityonline.info/porpoiseant/banger.js?cb=191-2&bv=86&v=35&PageSpeed=off
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:26 GMT
server: nginx/1.16.0
status: 200
vary: Accept-Encoding
content-type: text/plain
access-control-allow-origin: *
cache-control: max-age=3600, public
content-length: 0

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
77 B 91ms
78ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjg4NjY3IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1ib3gtMS0wXzEiLCJ0X2Vwb2NoIjoxNjAwMzQ5NzE5LCJhZF9wb3NpdGlvbiI6MTEwNywiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkZSIiwicGFnZXZpZXdfaWQiOiI2Y2Q5MmI3Zi03ZjllLTQxZWMtNDQ2ZS0yMWUwYTU3MzhmY2EiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjcxNjE0Mzk0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDQzNzYzLCJkYXRhIjpbeyJuYW1lIjoicmVmcmVzaF9jb3VudCIsInZhbCI6IjUifV19LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjg4NjY3IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1ib3gtMS0wXzEiLCJ0X2Vwb2NoIjoxNjAwMzQ5NzE5LCJhZF9wb3NpdGlvbiI6MTEwNywiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkZSIiwicGFnZXZpZXdfaWQiOiI2Y2Q5MmI3Zi03ZjllLTQxZWMtNDQ2ZS0yMWUwYTU3MzhmY2EiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjcxNjE0Mzk0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDQzNzYzLCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX2JpZF9oYXNoIiwidmFsIjoiemVybyJ9XX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI2ODg2NjciLCJkb21haW5faWQiOiIxMjQ1MzMiLCJ1bml0IjoiZGl2LWdwdC1hZC1zZWN1cml0eW9ubGluZV9pbmZvLWJveC0xLTBfMSIsInRfZXBvY2giOjE2MDAzNDk3MTksInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLjAwMDAwMiwiYWRfcG9zaXRpb24iOjExMDcsImFkX3NpemUiOiIiLCJiaWRfZmxvb3JfZmlsbGVkIjowLjAwMDAwMiwiYmlkX2Zsb29yX3ByZXYiOjAuMDAwMTQsInN0YXRfc291cmNlX2lkIjozNSwiY291bnRyeV9jb2RlIjoiRlIiLCJwYWdldmlld19pZCI6IjZjZDkyYjdmLTdmOWUtNDFlYy00NDZlLTIxZTBhNTczOGZjYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NzE2MTQzOTQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM3NjMsImRhdGEiOlt7Im5hbWUiOiJsb2FkZWQiLCJ2YWwiOiIxIn1dfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjY4ODY2NyIsImRvbWFpbl9pZCI6IjEyNDUzMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXNlY3VyaXR5b25saW5lX2luZm8tYm94LTEtMF8xIiwidF9lcG9jaCI6MTYwMDM0OTcxOSwiYWRfcG9zaXRpb24iOjExMDcsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJGUiIsInBhZ2V2aWV3X2lkIjoiNmNkOTJiN2YtN2Y5ZS00MWVjLTQ0NmUtMjFlMGE1NzM4ZmNhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo3MTYxNDM5NCwiY3JlYXRpdmVfaWQiOjEzODMxMDA0Mzc2MywiZGF0YSI6W3sibmFtZSI6ImNyZWF0aXZlX2lkIiwidmFsIjoiMTM4MjQ2MTA1ODQyIn1dfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjY4ODY2NyIsImRvbWFpbl9pZCI6IjEyNDUzMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXNlY3VyaXR5b25saW5lX2luZm8tYm94LTEtMF8xIiwidF9lcG9jaCI6MTYwMDM0OTcxOSwiYWRfcG9zaXRpb24iOjExMDcsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJGUiIsInBhZ2V2aWV3X2lkIjoiNmNkOTJiN2YtN2Y5ZS00MWVjLTQ0NmUtMjFlMGE1NzM4ZmNhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo3MTYxNDM5NCwiY3JlYXRpdmVfaWQiOjEzODMxMDA0Mzc2MywiZGF0YSI6W3sibmFtZSI6ImxpbmVpdGVtX2lkIiwidmFsIjoiNDgxNzczNTQyMCJ9XX1d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:26 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:35:26 UTC

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
77 B 91ms
78ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjg4NjY3IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1ib3gtMS0wXzEiLCJ0X2Vwb2NoIjoxNjAwMzQ5NzE5LCJhZF9wb3NpdGlvbiI6MTEwNywiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkZSIiwicGFnZXZpZXdfaWQiOiI2Y2Q5MmI3Zi03ZjllLTQxZWMtNDQ2ZS0yMWUwYTU3MzhmY2EiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjcxNjE0Mzk0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDQzNzYzLCJkYXRhIjpbeyJuYW1lIjoidF9sb2NhbF9kYXRlIiwidmFsIjoiMjAyMC0wOS0xNyJ9LHsibmFtZSI6InRfbG9jYWxfaG91ciIsInZhbCI6IjE1In0seyJuYW1lIjoidF9sb2NhbF9kYXlfb2Zfd2VlayIsInZhbCI6IjQifSx7Im5hbWUiOiJ0X2xvY2FsX3RpbWV6b25lIiwidmFsIjoiLTEyMCJ9XX1d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:26 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:35:26 UTC

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
77 B 92ms
79ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiNjg4NjY3IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1ib3gtMS0wXzEiLCJ0X2Vwb2NoIjoxNjAwMzQ5NzE5LCJhdWN0aW9uX2Vwb2NoIjoxNjAwMzQ5NzI2LCJhZF9wb3NpdGlvbiI6MTEwNywiY291bnRyeV9jb2RlIjoiRlIiLCJwYWdldmlld19pZCI6IjZjZDkyYjdmLTdmOWUtNDFlYy00NDZlLTIxZTBhNTczOGZjYSIsImJpZF9mbG9vcl9pbml0aWFsIjo4MDAsImJpZF9mbG9vcl9wcmV2IjoxNCwiYmlkX2Zsb29yX2ZpbGxlZCI6MCwiYXVjdGlvbl9jb3VudCI6NSwicmVmcmVzaF9hZF9jb3VudCI6MCwiYXVjdGlvbl9kdXJhdGlvbiI6NDQ1LCJtdWx0aV9hZF91bml0IjoxLCJtdWx0aV9hZF9jb3VudCI6NCwiZGF0YSI6W3sibmFtZSI6IiIsInZhbCI6IiJ9XX1d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:26 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:35:26 UTC

GET
H3-Q050 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 74A4 2 KB
2 KB 11ms
9ms Image
image/png 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.mjs

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 17 Sep 2020 11:08:58 GMT
x-content-type-options: nosniff
server: cafe
age: 8788
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Fri, 18 Sep 2020 11:08:58 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 74A4 295 B
319 B 11ms
9ms Image
image/png 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.mjs

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 16 Sep 2020 21:26:58 GMT
x-content-type-options: nosniff
server: cafe
age: 58108
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Thu, 17 Sep 2020 21:26:58 GMT

GET
H2 200 28687274 Show response
g.ezoic.net/dac/ 0
17 B 45ms
32ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezoic.net/dac/28687274
Requested by: Host: securityonline.info
URL: https://securityonline.info/porpoiseant/banger.js?cb=191-2&bv=86&v=35&PageSpeed=off
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:26 GMT
server: nginx/1.16.0
status: 200
vary: Accept-Encoding
content-type: text/plain
access-control-allow-origin: *
cache-control: max-age=3600, public
content-length: 0

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
77 B 92ms
73ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzA3OTY3IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1tZWRyZWN0YW5nbGUtMy0wIiwidF9lcG9jaCI6MTYwMDM0OTcxOSwiYWRfcG9zaXRpb24iOjExMTIsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJGUiIsInBhZ2V2aWV3X2lkIjoiNmNkOTJiN2YtN2Y5ZS00MWVjLTQ0NmUtMjFlMGE1NzM4ZmNhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDA0MzUxNywiZGF0YSI6W3sibmFtZSI6InJlZnJlc2hfY291bnQiLCJ2YWwiOiI1In1dfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjcwNzk2NyIsImRvbWFpbl9pZCI6IjEyNDUzMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXNlY3VyaXR5b25saW5lX2luZm8tbWVkcmVjdGFuZ2xlLTMtMCIsInRfZXBvY2giOjE2MDAzNDk3MTksImFkX3Bvc2l0aW9uIjoxMTEyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiRlIiLCJwYWdldmlld19pZCI6IjZjZDkyYjdmLTdmOWUtNDFlYy00NDZlLTIxZTBhNTczOGZjYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM1MTcsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfYmlkX2hhc2giLCJ2YWwiOiI4ZGUzNTVlZjFjZjU2YjdkYTYxMjc3MDUwZDk5NTdiMSJ9XX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI3MDc5NjciLCJkb21haW5faWQiOiIxMjQ1MzMiLCJ1bml0IjoiZGl2LWdwdC1hZC1zZWN1cml0eW9ubGluZV9pbmZvLW1lZHJlY3RhbmdsZS0zLTAiLCJ0X2Vwb2NoIjoxNjAwMzQ5NzE5LCJyZXZlbnVlIjowLCJlc3RfcmV2ZW51ZSI6MC4wMDAxOCwiYWRfcG9zaXRpb24iOjExMTIsImFkX3NpemUiOiIiLCJiaWRfZmxvb3JfZmlsbGVkIjowLjAwMDE4LCJiaWRfZmxvb3JfcHJldiI6MC4wMDE4LCJzdGF0X3NvdXJjZV9pZCI6MzUsImNvdW50cnlfY29kZSI6IkZSIiwicGFnZXZpZXdfaWQiOiI2Y2Q5MmI3Zi03ZjllLTQxZWMtNDQ2ZS0yMWUwYTU3MzhmY2EiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDQzNTE3LCJkYXRhIjpbeyJuYW1lIjoibG9hZGVkIiwidmFsIjoiMSJ9XX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI3MDc5NjciLCJkb21haW5faWQiOiIxMjQ1MzMiLCJ1bml0IjoiZGl2LWdwdC1hZC1zZWN1cml0eW9ubGluZV9pbmZvLW1lZHJlY3RhbmdsZS0zLTAiLCJ0X2Vwb2NoIjoxNjAwMzQ5NzE5LCJhZF9wb3NpdGlvbiI6MTExMiwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkZSIiwicGFnZXZpZXdfaWQiOiI2Y2Q5MmI3Zi03ZjllLTQxZWMtNDQ2ZS0yMWUwYTU3MzhmY2EiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDQzNTE3LCJkYXRhIjpbeyJuYW1lIjoiY3JlYXRpdmVfaWQiLCJ2YWwiOiIxMzgzMTAwNDM1MTcifV19LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzA3OTY3IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1tZWRyZWN0YW5nbGUtMy0wIiwidF9lcG9jaCI6MTYwMDM0OTcxOSwiYWRfcG9zaXRpb24iOjExMTIsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJGUiIsInBhZ2V2aWV3X2lkIjoiNmNkOTJiN2YtN2Y5ZS00MWVjLTQ0NmUtMjFlMGE1NzM4ZmNhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDA0MzUxNywiZGF0YSI6W3sibmFtZSI6ImxpbmVpdGVtX2lkIiwidmFsIjoiMjg2ODcyNzQifV19XQ==
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:26 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:35:26 UTC

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
100 B 92ms
74ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzA3OTY3IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1tZWRyZWN0YW5nbGUtMy0wIiwidF9lcG9jaCI6MTYwMDM0OTcxOSwiYWRfcG9zaXRpb24iOjExMTIsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJGUiIsInBhZ2V2aWV3X2lkIjoiNmNkOTJiN2YtN2Y5ZS00MWVjLTQ0NmUtMjFlMGE1NzM4ZmNhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDA0MzUxNywiZGF0YSI6W3sibmFtZSI6InRfbG9jYWxfZGF0ZSIsInZhbCI6IjIwMjAtMDktMTcifSx7Im5hbWUiOiJ0X2xvY2FsX2hvdXIiLCJ2YWwiOiIxNSJ9LHsibmFtZSI6InRfbG9jYWxfZGF5X29mX3dlZWsiLCJ2YWwiOiI0In0seyJuYW1lIjoidF9sb2NhbF90aW1lem9uZSIsInZhbCI6Ii0xMjAifV19XQ==
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:26 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:35:27 UTC

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
77 B 92ms
75ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiNzA3OTY3IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1tZWRyZWN0YW5nbGUtMy0wIiwidF9lcG9jaCI6MTYwMDM0OTcxOSwiYXVjdGlvbl9lcG9jaCI6MTYwMDM0OTcyNiwiYWRfcG9zaXRpb24iOjExMTIsImNvdW50cnlfY29kZSI6IkZSIiwicGFnZXZpZXdfaWQiOiI2Y2Q5MmI3Zi03ZjllLTQxZWMtNDQ2ZS0yMWUwYTU3MzhmY2EiLCJiaWRfZmxvb3JfaW5pdGlhbCI6MjMwMCwiYmlkX2Zsb29yX3ByZXYiOjE4MCwiYmlkX2Zsb29yX2ZpbGxlZCI6MTgsImF1Y3Rpb25fY291bnQiOjUsInJlZnJlc2hfYWRfY291bnQiOjAsImF1Y3Rpb25fZHVyYXRpb24iOjUxMCwibXVsdGlfYWRfdW5pdCI6MCwibXVsdGlfYWRfY291bnQiOjAsImRhdGEiOlt7Im5hbWUiOiIiLCJ2YWwiOiIifV19XQ==
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:26 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:35:26 UTC

GET
H2 200 4817735420 Show response
g.ezoic.net/dac/ 0
17 B 88ms
79ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezoic.net/dac/4817735420
Requested by: Host: securityonline.info
URL: https://securityonline.info/porpoiseant/banger.js?cb=191-2&bv=86&v=35&PageSpeed=off
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:26 GMT
server: nginx/1.16.0
status: 200
vary: Accept-Encoding
content-type: text/plain
access-control-allow-origin: *
cache-control: max-age=3600, public
content-length: 0

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
77 B 84ms
76ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjg4NjY3IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1ib3gtMS0wXzMiLCJ0X2Vwb2NoIjoxNjAwMzQ5NzE5LCJhZF9wb3NpdGlvbiI6MTEwNywiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkZSIiwicGFnZXZpZXdfaWQiOiI2Y2Q5MmI3Zi03ZjllLTQxZWMtNDQ2ZS0yMWUwYTU3MzhmY2EiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjcxNjE0Mzk0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDQzNzYzLCJkYXRhIjpbeyJuYW1lIjoicmVmcmVzaF9jb3VudCIsInZhbCI6IjUifV19LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjg4NjY3IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1ib3gtMS0wXzMiLCJ0X2Vwb2NoIjoxNjAwMzQ5NzE5LCJhZF9wb3NpdGlvbiI6MTEwNywiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkZSIiwicGFnZXZpZXdfaWQiOiI2Y2Q5MmI3Zi03ZjllLTQxZWMtNDQ2ZS0yMWUwYTU3MzhmY2EiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjcxNjE0Mzk0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDQzNzYzLCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX2JpZF9oYXNoIiwidmFsIjoiemVybyJ9XX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI2ODg2NjciLCJkb21haW5faWQiOiIxMjQ1MzMiLCJ1bml0IjoiZGl2LWdwdC1hZC1zZWN1cml0eW9ubGluZV9pbmZvLWJveC0xLTBfMyIsInRfZXBvY2giOjE2MDAzNDk3MTksInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLjAwMDAwMiwiYWRfcG9zaXRpb24iOjExMDcsImFkX3NpemUiOiIiLCJiaWRfZmxvb3JfZmlsbGVkIjowLjAwMDAwMiwiYmlkX2Zsb29yX3ByZXYiOjAuMDAwMTQsInN0YXRfc291cmNlX2lkIjozNSwiY291bnRyeV9jb2RlIjoiRlIiLCJwYWdldmlld19pZCI6IjZjZDkyYjdmLTdmOWUtNDFlYy00NDZlLTIxZTBhNTczOGZjYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NzE2MTQzOTQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM3NjMsImRhdGEiOlt7Im5hbWUiOiJsb2FkZWQiLCJ2YWwiOiIxIn1dfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjY4ODY2NyIsImRvbWFpbl9pZCI6IjEyNDUzMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXNlY3VyaXR5b25saW5lX2luZm8tYm94LTEtMF8zIiwidF9lcG9jaCI6MTYwMDM0OTcxOSwiYWRfcG9zaXRpb24iOjExMDcsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJGUiIsInBhZ2V2aWV3X2lkIjoiNmNkOTJiN2YtN2Y5ZS00MWVjLTQ0NmUtMjFlMGE1NzM4ZmNhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo3MTYxNDM5NCwiY3JlYXRpdmVfaWQiOjEzODMxMDA0Mzc2MywiZGF0YSI6W3sibmFtZSI6ImNyZWF0aXZlX2lkIiwidmFsIjoiMTM4MjQ2MTA1ODQyIn1dfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjY4ODY2NyIsImRvbWFpbl9pZCI6IjEyNDUzMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXNlY3VyaXR5b25saW5lX2luZm8tYm94LTEtMF8zIiwidF9lcG9jaCI6MTYwMDM0OTcxOSwiYWRfcG9zaXRpb24iOjExMDcsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJGUiIsInBhZ2V2aWV3X2lkIjoiNmNkOTJiN2YtN2Y5ZS00MWVjLTQ0NmUtMjFlMGE1NzM4ZmNhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo3MTYxNDM5NCwiY3JlYXRpdmVfaWQiOjEzODMxMDA0Mzc2MywiZGF0YSI6W3sibmFtZSI6ImxpbmVpdGVtX2lkIiwidmFsIjoiNDgxNzczNTQyMCJ9XX1d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:26 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:35:26 UTC

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
77 B 85ms
77ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjg4NjY3IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1ib3gtMS0wXzMiLCJ0X2Vwb2NoIjoxNjAwMzQ5NzE5LCJhZF9wb3NpdGlvbiI6MTEwNywiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkZSIiwicGFnZXZpZXdfaWQiOiI2Y2Q5MmI3Zi03ZjllLTQxZWMtNDQ2ZS0yMWUwYTU3MzhmY2EiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjcxNjE0Mzk0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDQzNzYzLCJkYXRhIjpbeyJuYW1lIjoidF9sb2NhbF9kYXRlIiwidmFsIjoiMjAyMC0wOS0xNyJ9LHsibmFtZSI6InRfbG9jYWxfaG91ciIsInZhbCI6IjE1In0seyJuYW1lIjoidF9sb2NhbF9kYXlfb2Zfd2VlayIsInZhbCI6IjQifSx7Im5hbWUiOiJ0X2xvY2FsX3RpbWV6b25lIiwidmFsIjoiLTEyMCJ9XX1d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:26 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:35:26 UTC

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
77 B 86ms
78ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiNjg4NjY3IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1ib3gtMS0wXzMiLCJ0X2Vwb2NoIjoxNjAwMzQ5NzE5LCJhdWN0aW9uX2Vwb2NoIjoxNjAwMzQ5NzI2LCJhZF9wb3NpdGlvbiI6MTEwNywiY291bnRyeV9jb2RlIjoiRlIiLCJwYWdldmlld19pZCI6IjZjZDkyYjdmLTdmOWUtNDFlYy00NDZlLTIxZTBhNTczOGZjYSIsImJpZF9mbG9vcl9pbml0aWFsIjo4MDAsImJpZF9mbG9vcl9wcmV2IjoxNCwiYmlkX2Zsb29yX2ZpbGxlZCI6MCwiYXVjdGlvbl9jb3VudCI6NSwicmVmcmVzaF9hZF9jb3VudCI6MCwiYXVjdGlvbl9kdXJhdGlvbiI6NjU0LCJtdWx0aV9hZF91bml0IjozLCJtdWx0aV9hZF9jb3VudCI6NCwiZGF0YSI6W3sibmFtZSI6IiIsInZhbCI6IiJ9XX1d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:26 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:35:26 UTC

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 42 KB
10 KB 281ms
281ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4316486664546050&correlator=442651519513375&output=ldjh&impl=fif&adsid=NT&eid=21067409%2C21067450%2C21064170%2C21065517%2C21067036&vrg=2020091401&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-large-billboard-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=5&prev_scp=iid7%3D699267%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C124%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod72-c%26ic%3D6%26at%3Dbf%26adr%3D399%26ezosn%3D6%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1034%26compid%3D0%26tap%3Dsecurityonline_info-large-billboard-2-699267%26eb_br%3Dzero%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D4%26bvm%3D0%26bvr%3D4%26shp%3D3%26br1%3D0%26br2%3D750%26ezoic%3D1%26nmau%3D4%26mau%3D0%26stl%3D46%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C17%2C20%2C17%2C18%2C19%2C20%2C17%2C18%2C19%2C20%26lb%3D12%26reqt%3D1600349726689%26ss38%3D1%26ss9%3D1&eri=1&cookie=ID%3D27ffea90e86d7683%3AT%3D1600349725%3AS%3DALNI_MZhnD9xtE9jy2beF4Tfjtz_b7IPGw&bc=31&abxe=1&lmt=1600349726&dt=1600349726690&dlt=1600349720147&idt=540&frm=20&biw=1600&bih=1200&oid=3&adxs=1180&adys=2256&adks=3088204122&ucis=1z&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,FF0000|color_text,,000000|color_url,,FF0000&ifi=72&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=104&icsg=3433718964813826&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x269&msz=300x262&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1643016272.1600349720&ga_sid=1600349720&ga_hid=1485600483&ga_wpids=UA-124345349-20&fws=4&ohw=340&btvi=41&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

406af05d2f01dbbe1f44b78d85757ec25fb7f8288a4ce7c4443443f738e1124c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:26 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10578
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 334 B
191 B 343ms
337ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4316486664546050&correlator=2374845296639409&output=ldjh&impl=fif&adsid=NT&eid=21067409%2C21067450%2C21064170%2C21065517%2C21067036&vrg=2020091401&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-large-mobile-banner-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ris=1&rcs=5&prev_scp=iid7%3D679815%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1105%26sap%3D1105%26a%3D%257C6%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod72-c%26ic%3D6%26at%3Dmbf%26adr%3D399%26ezosn%3D12%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D704%26al%3D1704%26compid%3D0%26tap%3Dsecurityonline_info-large-mobile-banner-1-679815%26eb_br%3Dc16fac08e79a971524b1c6834f5caad3%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D28%26bvm%3D2%26bvr%3D5%26shp%3D1%26br1%3D280%26br2%3D550%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D26%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%26hb_bidder%3Dgumgum%26hb_adid%3D71c9a72bf8eec54%26hb_pb%3D0.01%26hb_format%3Dbanner%26hb_ssid%3D10079%26lb%3D300%26reqt%3D1600349726699&eri=1&cookie=ID%3D27ffea90e86d7683%3AT%3D1600349725%3AS%3DALNI_MZhnD9xtE9jy2beF4Tfjtz_b7IPGw&bc=31&abxe=1&lmt=1600349726&dt=1600349726702&dlt=1600349720147&idt=540&frm=20&biw=1600&bih=1200&oid=3&adxs=141&adys=11200&adks=1839183081&ucis=20&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,858585|color_text,,000000|color_url,,F0F0F0&ifi=73&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=104&icsg=3433718964813826&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=980x98&msz=982x92&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1643016272.1600349720&ga_sid=1600349720&ga_hid=1485600483&ga_wpids=UA-124345349-20&fws=4&ohw=982&btvi=42&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

7e38aa6b2da432d605a0e1fd25232318cecbfcc4e662e6d652f1df3836067243

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:27 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 135
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 4325229086539416381
tpc.googlesyndication.com/simgad/ Frame A35B 79 KB
79 KB 13ms
6ms Image
image/gif 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/4325229086539416381

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a4f18ddd4caba1566fa5d13fae04857ac271e0ace89d52a87f0aeff46ea5362b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 14 Sep 2020 09:27:47 GMT
x-content-type-options: nosniff
age: 274059
x-dns-prefetch-control: off
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 80425
x-xss-protection: 0
last-modified: Tue, 17 Dec 2019 07:01:45 GMT
server: sffe
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 14 Sep 2021 09:27:47 GMT

GET
H3-Q050 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame A35B 2 KB
2 KB 15ms
8ms Image
image/png 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 17 Sep 2020 11:08:58 GMT
x-content-type-options: nosniff
server: cafe
age: 8788
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Fri, 18 Sep 2020 11:08:58 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame A35B 295 B
319 B 16ms
9ms Image
image/png 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 16 Sep 2020 21:26:58 GMT
x-content-type-options: nosniff
server: cafe
age: 58108
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Thu, 17 Sep 2020 21:26:58 GMT

GET
H3-Q050 200 4UabrENHsxJlGDuGo1OIlLU94YtzCwZsPF4o.woff2
fonts.gstatic.com/s/googlesans/v16/ Frame 85B0 14 KB
15 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v16/4UabrENHsxJlGDuGo1OIlLU94YtzCwZsPF4o.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1daab0f66666bc3a1d05d70de979a80680d985cc924e233fab61eef2d03bafe2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://securityonline.info
Referer: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 14 Sep 2020 11:04:14 GMT
x-content-type-options: nosniff
last-modified: Wed, 04 Dec 2019 18:44:18 GMT
server: sffe
age: 268272
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14816
x-xss-protection: 0
expires: Tue, 14 Sep 2021 11:04:14 GMT

GET
H3-Q050 200 4UaGrENHsxJlGDuGo1OIlL3Owp5eKQtG.woff2
fonts.gstatic.com/s/googlesans/v16/ Frame 85B0 14 KB
14 KB 19ms
18ms Font
font/woff2 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v16/4UaGrENHsxJlGDuGo1OIlL3Owp5eKQtG.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f199a20f1fee7dec152b3591272f9715b536ed88b4c36194488fd5a734caf707

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://securityonline.info
Referer: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 14 Sep 2020 11:04:23 GMT
x-content-type-options: nosniff
last-modified: Wed, 04 Dec 2019 18:44:26 GMT
server: sffe
age: 268263
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14608
x-xss-protection: 0
expires: Tue, 14 Sep 2021 11:04:23 GMT

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
128 B 68ms
59ms Image
image/gif 2a00:1450:4001:818::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=gpt_sz&pvsid=4316486664546050&r=970x90&w=970&h=90&a=0

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Sep 2020 13:35:26 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 204
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/012009010507000/ Frame B863 206 KB
56 KB 12ms
6ms Script
text/javascript 2a00:1450:4001:819::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

12a24c1feb4b8e8e3872a9fedee80fcce55a6f59b14607d640fcf4f3054ec43e

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 17523
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 57296
x-xss-protection: 0
server: sffe
date: Thu, 17 Sep 2020 08:43:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "9e379dcbf00ec980"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 17 Sep 2021 08:43:23 GMT

GET
H3-Q050 200 amp-ad-exit-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame B863 16 KB
6 KB 12ms
7ms Script
text/javascript 2a00:1450:4001:819::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-ad-exit-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d337aa4ea0cace6bd743ef8c3b5d1d20e6e676bb4a650c7335a7383635529f31

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 109497
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5755
x-xss-protection: 0
server: sffe
date: Wed, 16 Sep 2020 07:10:29 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "c8394c73e5080432"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Sep 2021 07:10:29 GMT

GET
H3-Q050 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame B863 95 KB
29 KB 60ms
54ms Script
text/javascript 2a00:1450:4001:819::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-analytics-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

76a8c8ef4cde9cbd17bbaecf11ee316fab4e55cc661093e4b2d80a4e1ff52897

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 17574
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29275
x-xss-protection: 0
server: sffe
date: Thu, 17 Sep 2020 08:42:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "56557b91d9fb04b1"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 17 Sep 2021 08:42:32 GMT

GET
H3-Q050 200 amp-fit-text-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame B863 4 KB
2 KB 61ms
56ms Script
text/javascript 2a00:1450:4001:819::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-fit-text-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6fca0b40781598023aed9b45225711771eafce8f14392a49d6ed57d567255002

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 109419
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1795
x-xss-protection: 0
server: sffe
date: Wed, 16 Sep 2020 07:11:47 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "b0cc102b09e8903d"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Sep 2021 07:11:47 GMT

GET
H3-Q050 200 amp-form-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame B863 47 KB
14 KB 61ms
56ms Script
text/javascript 2a00:1450:4001:819::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-form-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

21cb9221d772cfd0d3de7240fe5c07ee1c06b9bd945111a2e0491ae243eb0b41

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 109406
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14591
x-xss-protection: 0
server: sffe
date: Wed, 16 Sep 2020 07:12:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "4ca25f57e218a94a"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Sep 2021 07:12:00 GMT

GET
H3-Q050 200 css
fonts.googleapis.com/ Frame B863 5 KB
700 B 62ms
59ms Stylesheet
text/css 2a00:1450:4001:819::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A400%2C500&display=swap

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:819::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d2202487eb46bf6c947314b28445ec928cccd43f6c9435fd1fed7629f0e4c0b2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 17 Sep 2020 13:01:23 GMT
server: ESF
date: Thu, 17 Sep 2020 13:35:26 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 17 Sep 2020 13:35:26 GMT

GET
H3-Q050 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame B863 2 KB
2 KB 7ms
5ms Image
image/png 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 17 Sep 2020 11:08:58 GMT
x-content-type-options: nosniff
server: cafe
age: 8788
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Fri, 18 Sep 2020 11:08:58 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame B863 295 B
319 B 8ms
6ms Image
image/png 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 16 Sep 2020 21:26:58 GMT
x-content-type-options: nosniff
server: cafe
age: 58108
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Thu, 17 Sep 2020 21:26:58 GMT

GET
H3-Q050 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/17155744118621469419/ Frame B863 2 KB
2 KB 58ms
56ms Image
image/png 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/17155744118621469419/downsize_200k_v1?w=300&h=300

Requested by

Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

293dec782b7781fe92139a3f3b74430c0a612252abbdeba898cc93fc9528f1a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 14 Sep 2020 09:13:42 GMT
x-content-type-options: nosniff
age: 274904
x-dns-prefetch-control: off
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1868
x-xss-protection: 0
last-modified: Mon, 16 Sep 2019 23:57:49 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 14 Sep 2021 09:13:42 GMT

GET
DATA 200
OK truncated
/ Frame B863 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3acd0ef30b837fc8ff0110d042683c7838609f13265e0f109666defb193fe4b0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 204 l
www.google.com/ads/measurement/ Frame B863 0
0 57ms
55ms Image
text/html 2a00:1450:4001:825::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQ_Thl9zmkZaNryRr0TE75Z8oFGB2XANSeIpyMHPt82M4oMRaHFWsK33bcx7zc135HjdiESdqXNzzgG0B_USgV2dXF3mQ
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:825::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame B863 0
0 66ms
64ms Image
text/html 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C85cWHmZjX5_ECeSk3gO7qJ1I-5eo6F7mopCa5Qv4j4GK2RoQASD0-cYlYPuBgICICqAB48-ZvwPIAQHgAgCoAwGqBLACT9AsEIYnMqLQYjbshKs0hpDsWoL3mn4xBoFVAIHYvRGmctIdUrDgak1xT908gjBpK--GvQ5oauEpywb5dqZ2-fABzqNfAafLZzCm-Jgg5H57UTf8j1eY1JVFNViIY7VaeJ4Kuw4cUXB0rnK8C4H2lkqyOKaNI7RRhBF2yIj9WZDMdab2sOn2u25aksPW2KIus-nm--NopBfdRhK3NZxHBp1wvx69LAJKhb-w4ACQnY5p4vegTEvjTpwtulpq9feM56rHM5q4ybbIV8VC5X-aTFpYTGie2DyruUhZvtsQBC34yPRr4rv2wNEyTH97eSOPfN2WqvJjH3CkR3xwja7NtOykT0ldlkbpvIdS0w704V_L31Qf9ftNlIJqZ9FBaJWxm4VBVdlQtGTmBBMELTz-osAEm9OokokD4AQBkgUECAQYAZIFBAgFGASAB4DenT6oB47OG6gH1ckbqAeT2BuoB7oGqAfw2RuoB_LZG6gHpr4bqAfs1RvYBwHyBwQQs5kT0ggJCIDhgBAQARgd8ggbYWR4LXN1YnN5bi00Nzc2MDYzMTU4MjQyNTg4gAoDyAsBsgwUcHViLTYzOTY4NDQ3NDI0OTcyMDjYEww&sigh=-odoplZxtOM&template_id=5001&tpd=AGWhJmsZZVMXu9ej3aEw_4l6d_ar2Bm8FPdgV4KxHlPM7m2xoA
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 172.217.23.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s18-in-f130.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H2 200 rules-p-31iz6hfFutd16.js Show response
rules.quantcount.com/ 3 B
348 B 101ms
10ms Script
application/x-javascript 2600:9000:20e8:9e00:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-31iz6hfFutd16.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20e8:9e00:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 15:11:53 GMT
via: 1.1 a477b8537c9bc4c10a3c144386a7b5bf.cloudfront.net (CloudFront)
last-modified: Sat, 04 Mar 2017 19:50:24 GMT
server: AmazonS3
age: 80615
etag: "8a80554c91d9fca8acb82f023de02f11"
x-cache: Hit from cloudfront
content-type: application/x-javascript
status: 200
cache-control: max-age=86400
x-amz-cf-pop: TXL52-C1
accept-ranges: bytes
content-length: 3
x-amz-cf-id: Uod1QN-1VNwns9MU9iqCIeNrsVHvwx4tnHKdyD0ene-e_6xYkuXw9w==

GET
H3-Q050 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/012009010507000/ Frame 22EC 206 KB
56 KB 34ms
25ms Script
text/javascript 2a00:1450:4001:819::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

12a24c1feb4b8e8e3872a9fedee80fcce55a6f59b14607d640fcf4f3054ec43e

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 17523
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 57296
x-xss-protection: 0
server: sffe
date: Thu, 17 Sep 2020 08:43:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "9e379dcbf00ec980"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 17 Sep 2021 08:43:23 GMT

GET
H3-Q050 200 amp-ad-exit-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame 22EC 16 KB
6 KB 63ms
53ms Script
text/javascript 2a00:1450:4001:819::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-ad-exit-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d337aa4ea0cace6bd743ef8c3b5d1d20e6e676bb4a650c7335a7383635529f31

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 109497
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5755
x-xss-protection: 0
server: sffe
date: Wed, 16 Sep 2020 07:10:29 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "c8394c73e5080432"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Sep 2021 07:10:29 GMT

GET
H3-Q050 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame 22EC 95 KB
29 KB 64ms
53ms Script
text/javascript 2a00:1450:4001:819::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-analytics-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

76a8c8ef4cde9cbd17bbaecf11ee316fab4e55cc661093e4b2d80a4e1ff52897

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 17574
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29275
x-xss-protection: 0
server: sffe
date: Thu, 17 Sep 2020 08:42:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "56557b91d9fb04b1"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 17 Sep 2021 08:42:32 GMT

GET
H3-Q050 200 amp-fit-text-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame 22EC 4 KB
2 KB 64ms
54ms Script
text/javascript 2a00:1450:4001:819::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-fit-text-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6fca0b40781598023aed9b45225711771eafce8f14392a49d6ed57d567255002

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 109419
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1795
x-xss-protection: 0
server: sffe
date: Wed, 16 Sep 2020 07:11:47 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "b0cc102b09e8903d"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Sep 2021 07:11:47 GMT

GET
H3-Q050 200 amp-form-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame 22EC 47 KB
14 KB 70ms
60ms Script
text/javascript 2a00:1450:4001:819::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-form-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

21cb9221d772cfd0d3de7240fe5c07ee1c06b9bd945111a2e0491ae243eb0b41

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 109406
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14591
x-xss-protection: 0
server: sffe
date: Wed, 16 Sep 2020 07:12:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "4ca25f57e218a94a"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Sep 2021 07:12:00 GMT

GET
H3-Q050 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 22EC 2 KB
2 KB 47ms
36ms Image
image/png 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 17 Sep 2020 11:08:58 GMT
x-content-type-options: nosniff
server: cafe
age: 8788
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Fri, 18 Sep 2020 11:08:58 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 22EC 295 B
319 B 50ms
40ms Image
image/png 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 16 Sep 2020 21:26:58 GMT
x-content-type-options: nosniff
server: cafe
age: 58108
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Thu, 17 Sep 2020 21:26:58 GMT

GET
DATA 200
OK truncated
/ Frame 22EC 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8738273ca0477fcedfa3cc6731d9d7508fb2cfd386abf715855a11ad0f0a091b

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 200 13481652256051908219
tpc.googlesyndication.com/simgad/ Frame 22EC 38 KB
38 KB 48ms
41ms Image
image/png 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/13481652256051908219?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qmtNJ40PVuURDVSPsZDB_4-GuzD5w

Requested by

Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8db659e952798e0b38631c493bb65763b2d9cf833d37dff4a911c6b20c8795cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 16:08:55 GMT
x-content-type-options: nosniff
last-modified: Wed, 09 Sep 2020 03:28:15 GMT
server: sffe
age: 77191
status: 200
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38716
x-xss-protection: 0
expires: Thu, 16 Sep 2021 16:08:55 GMT

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 22EC 0
0 74ms
66ms Image
text/html 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CPH2THmZjX7m7FdKS3gOfsY3wDKaHsKRfi86Y1qgMv-EeEAEg9PnGJWD7gYCAiAqgAcSQh9gCyAEC4AIAqAMByAMIqgS4Ak_QjdjB-Vc7-hVR2wSkgWQreeUZdllyW1vRfquylmV14s6BS-H20bEIXxOz9WyFG1Nn0dn0fgm6VtECcXK4dTdXIVebird2yy9NnGbA2I4f92Yu_e5iclxEBubLuHxDbFgMy1cct4aX0Fmlau4cHRt40fuw6KSo2tLFwmUKqo2IRGZ5qXcRz6Fe-ARr2msG5SF3127-1iGtrIPK9ljBSI5pTrqFjsNtwHSnHlADqqcLRXptweXhTbH0Vx2gy5C-ii04fHh4ZR3IqSrazI92P9dZ_4tNzqmbdsjIvx-SfQqo46RLGWnISAy7s9bHMMehMNWEvr8fPyxL6kxT6d0JBVmrWQWXpTBb1inY7l8LcsXbRHWte8v77JJkj9-zwOdaZOKCr0TToqJKPs4XenZ-CAPnhuJ_jY7T3sAEk_H60KkD4AQBkgUECAQYAZIFBAgFGASgBgKAB6Tv-KcBqAeOzhuoB9XJG6gHk9gbqAe6BqgH8NkbqAfy2RuoB6a-G6gH7NUb2AcB8gcEEMW6BNIICQiA4YAQEAEYHfIIG2FkeC1zdWJzeW4tNDc3NjA2MzE1ODI0MjU4OIAKA8gLAbIMFHB1Yi02Mzk2ODQ0NzQyNDk3MjA42BML&sigh=7tWOKe6jVgQ&tpd=AGWhJmtjLRTkOesBGiTkpZdCmxbtsx5mFZN0zdChGZRNYYxxdw
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 172.217.23.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s18-in-f130.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 activeview
pagead2.googlesyndication.com/pcs/ Frame FF4A 42 B
116 B 97ms
66ms Image
image/gif 2a00:1450:4001:818::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvucIGu6xicXjFWz0IdxAtzyd2eRBMO_FwI4D9n5mYr0FCJ-c_ZUKbGRGdgNfFa7KCIm5tvxtdnV7-5xYGuoiHn83YjGcwfZvWXgwTDIQFoI7cRp6b_i9jJGPKoPA&sai=AMfl-YQ8A9FsdzBXnuPgpn70XgJHE3jyKsFqFMYpZ06Yo4k6C7sVzvvSJyd9wo6A6jEtJWrOhqgXWidfyq-EGME3_35f3NVCmvv8-Scjg_rBqa6PPWJ2ultDhAnDhFU&sig=Cg0ArKJSzBLMYV5oabBKEAE&cid=CAASF-RodjXNC58Ie9wbQaYOoAE1a9IXAo63&id=ampim&o=217,1088&d=728,90&ss=1600,1200&bs=1600,1200&mcvt=1197&mtos=0,0,1197,1197,1197&tos=0,0,1197,0,0&tfs=138&tls=1335&g=100&h=100&tt=1336&r=v&avms=ampa&adk=4103646004

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Sep 2020 13:35:27 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 28687274 Show response
g.ezoic.net/dac/ 0
40 B 66ms
51ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezoic.net/dac/28687274
Requested by: Host: securityonline.info
URL: https://securityonline.info/porpoiseant/banger.js?cb=191-2&bv=86&v=35&PageSpeed=off
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:27 GMT
server: nginx/1.16.0
status: 200
vary: Accept-Encoding
content-type: text/plain
access-control-allow-origin: *
cache-control: max-age=3600, public
content-length: 0

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
77 B 69ms
53ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjc0MTE3IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYwMDM0OTcxOSwiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJGUiIsInBhZ2V2aWV3X2lkIjoiNmNkOTJiN2YtN2Y5ZS00MWVjLTQ0NmUtMjFlMGE1NzM4ZmNhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDU5MSwiZGF0YSI6W3sibmFtZSI6InJlZnJlc2hfY291bnQiLCJ2YWwiOiI1In1dfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjY3NDExNyIsImRvbWFpbl9pZCI6IjEyNDUzMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXNlY3VyaXR5b25saW5lX2luZm8tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MDAzNDk3MTksImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiRlIiLCJwYWdldmlld19pZCI6IjZjZDkyYjdmLTdmOWUtNDFlYy00NDZlLTIxZTBhNTczOGZjYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1OTEsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfYmlkX2hhc2giLCJ2YWwiOiJhZDAwNjFhMzhkZDdjNmY3YmNiNjkyYWVlODhkZmRhNCJ9XX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI2NzQxMTciLCJkb21haW5faWQiOiIxMjQ1MzMiLCJ1bml0IjoiZGl2LWdwdC1hZC1zZWN1cml0eW9ubGluZV9pbmZvLW1lZHJlY3RhbmdsZS0yLTAiLCJ0X2Vwb2NoIjoxNjAwMzQ5NzE5LCJyZXZlbnVlIjowLCJlc3RfcmV2ZW51ZSI6MC4wMDAxNCwiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJiaWRfZmxvb3JfZmlsbGVkIjowLjAwMDE0LCJiaWRfZmxvb3JfcHJldiI6MC4wMDE0LCJzdGF0X3NvdXJjZV9pZCI6MzUsImNvdW50cnlfY29kZSI6IkZSIiwicGFnZXZpZXdfaWQiOiI2Y2Q5MmI3Zi03ZjllLTQxZWMtNDQ2ZS0yMWUwYTU3MzhmY2EiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NTkxLCJkYXRhIjpbeyJuYW1lIjoibG9hZGVkIiwidmFsIjoiMSJ9XX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI2NzQxMTciLCJkb21haW5faWQiOiIxMjQ1MzMiLCJ1bml0IjoiZGl2LWdwdC1hZC1zZWN1cml0eW9ubGluZV9pbmZvLW1lZHJlY3RhbmdsZS0yLTAiLCJ0X2Vwb2NoIjoxNjAwMzQ5NzE5LCJhZF9wb3NpdGlvbiI6MTEwMCwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkZSIiwicGFnZXZpZXdfaWQiOiI2Y2Q5MmI3Zi03ZjllLTQxZWMtNDQ2ZS0yMWUwYTU3MzhmY2EiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NTkxLCJkYXRhIjpbeyJuYW1lIjoiY3JlYXRpdmVfaWQiLCJ2YWwiOiIxMzgzMTAwMzQ1OTEifV19LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjc0MTE3IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYwMDM0OTcxOSwiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJGUiIsInBhZ2V2aWV3X2lkIjoiNmNkOTJiN2YtN2Y5ZS00MWVjLTQ0NmUtMjFlMGE1NzM4ZmNhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDU5MSwiZGF0YSI6W3sibmFtZSI6ImxpbmVpdGVtX2lkIiwidmFsIjoiMjg2ODcyNzQifV19XQ==
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:27 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:35:27 UTC

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
77 B 71ms
55ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjc0MTE3IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYwMDM0OTcxOSwiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJGUiIsInBhZ2V2aWV3X2lkIjoiNmNkOTJiN2YtN2Y5ZS00MWVjLTQ0NmUtMjFlMGE1NzM4ZmNhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDU5MSwiZGF0YSI6W3sibmFtZSI6InRfbG9jYWxfZGF0ZSIsInZhbCI6IjIwMjAtMDktMTcifSx7Im5hbWUiOiJ0X2xvY2FsX2hvdXIiLCJ2YWwiOiIxNSJ9LHsibmFtZSI6InRfbG9jYWxfZGF5X29mX3dlZWsiLCJ2YWwiOiI0In0seyJuYW1lIjoidF9sb2NhbF90aW1lem9uZSIsInZhbCI6Ii0xMjAifV19XQ==
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:27 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:35:26 UTC

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
100 B 67ms
52ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiNjc0MTE3IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYwMDM0OTcxOSwiYXVjdGlvbl9lcG9jaCI6MTYwMDM0OTcyNywiYWRfcG9zaXRpb24iOjExMDAsImNvdW50cnlfY29kZSI6IkZSIiwicGFnZXZpZXdfaWQiOiI2Y2Q5MmI3Zi03ZjllLTQxZWMtNDQ2ZS0yMWUwYTU3MzhmY2EiLCJiaWRfZmxvb3JfaW5pdGlhbCI6MjAwMCwiYmlkX2Zsb29yX3ByZXYiOjE0MCwiYmlkX2Zsb29yX2ZpbGxlZCI6MTQsImF1Y3Rpb25fY291bnQiOjUsInJlZnJlc2hfYWRfY291bnQiOjAsImF1Y3Rpb25fZHVyYXRpb24iOjY5MywibXVsdGlfYWRfdW5pdCI6MCwibXVsdGlfYWRfY291bnQiOjAsImRhdGEiOlt7Im5hbWUiOiIiLCJ2YWwiOiIifV19XQ==
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:27 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:35:27 UTC

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 324 B
167 B 362ms
356ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4316486664546050&correlator=884128486393395&output=ldjh&impl=fif&adsid=NT&eid=21067409%2C21067450%2C21064170%2C21065517%2C21067036&vrg=2020091401&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-box-3&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ris=1&rcs=5&prev_scp=iid8%3D728117%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1104%26sap%3D1104%26a%3D%257C3%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod72-c%26ic%3D6%26at%3Dmbf%26adr%3D399%26ezosn%3D5%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D2%26al%3D1002%26compid%3D0%26tap%3Dsecurityonline_info-box-3-728117%26eb_br%3D72c13a89ac876aaffdde39253459460b%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D28%26bvm%3D2%26bvr%3D5%26shp%3D1%26br1%3D1800%26br2%3D3200%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D72%26deal1%3D24%2C25%2C26%2C23%2C24%2C25%2C26%2C22%2C23%2C24%2C25%2C26%2C21%2C22%2C23%2C24%2C25%2C26%2C21%2C22%2C23%2C24%2C25%2C26%26lb%3D2000%26reqt%3D1600349726986&eri=1&cookie=ID%3D27ffea90e86d7683%3AT%3D1600349725%3AS%3DALNI_MZhnD9xtE9jy2beF4Tfjtz_b7IPGw&bc=31&abxe=1&lmt=1600349726&dt=1600349726988&dlt=1600349720147&idt=540&frm=20&biw=1600&bih=1200&oid=3&adxs=141&adys=513&adks=1835722818&ucis=21&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,0000FF|color_text,,000000|color_url,,828282&ifi=74&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=103&icsg=3433718964813826&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=880x99&msz=882x92&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1643016272.1600349720&ga_sid=1600349720&ga_hid=1485600483&ga_wpids=UA-124345349-20&fws=4&ohw=882&btvi=0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

6b9285f9edd40cc32778b4b638073571f74f4f02718c2be5ff02add14a61849e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:27 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 138
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 44 KB
11 KB 538ms
534ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4316486664546050&correlator=3466486509599932&output=ldjh&impl=fif&adsid=NT&eid=21067409%2C21067450%2C21064170%2C21065517%2C21067036&vrg=2020091401&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-large-billboard-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=5&prev_scp=iid7%3D699267%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C3%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod72-c%26ic%3D6%26at%3Dbf%26adr%3D399%26ezosn%3D9%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1034%26compid%3D0%26tap%3Dsecurityonline_info-large-billboard-2-699267%26eb_br%3Dzero%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D4%26bvm%3D0%26bvr%3D4%26shp%3D3%26br1%3D0%26br2%3D750%26ezoic%3D1%26nmau%3D4%26mau%3D3%26stl%3D23%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C17%2C20%2C17%2C18%2C19%2C20%2C17%2C18%2C19%2C20%26hb_bidder%3Dpubmatic%26hb_adid%3D75723963cb92e63%26hb_pb%3D0.01%26hb_format%3Dbanner%26hb_ssid%3D10061%26lb%3D12%26reqt%3D1600349726994%26ss38%3D1%26ss9%3D1&eri=1&cookie=ID%3D27ffea90e86d7683%3AT%3D1600349725%3AS%3DALNI_MZhnD9xtE9jy2beF4Tfjtz_b7IPGw&bc=31&abxe=1&lmt=1600349727&dt=1600349727000&dlt=1600349720147&idt=540&frm=20&biw=1600&bih=1200&oid=3&adxs=1180&adys=3055&adks=3075149205&ucis=22&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,0000FF|color_text,,000000|color_url,,828282&ifi=75&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=103&icsg=3433718964813826&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x269&msz=300x262&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1643016272.1600349720&ga_sid=1600349720&ga_hid=1485600483&ga_wpids=UA-124345349-20&fws=4&ohw=340&btvi=43&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

340a60ae5197bdf973e45df3ecb012c2ea25e0b90f4f5fc6e48683bf8cccb6dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:27 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11062
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

204
No Content

b2
sb.scorecardresearch.com/
Redirect Chain

https://sb.scorecardresearch.com/b?c1=2&c2=20015427&ns__t=1600349727089&ns_c=UTF-8&cv=3.5&c8=Hot%20Potato%20%E2%80%93%20Windows%20Privilege%20Escalation%2CHot%20Potato%20%E2%80%93%20Windows%207%2C8...
https://sb.scorecardresearch.com/b2?c1=2&c2=20015427&ns__t=1600349727089&ns_c=UTF-8&cv=3.5&c8=Hot%20Potato%20%E2%80%93%20Windows%20Privilege%20Escalation%2CHot%20Potato%20%E2%80%93%20Windows%207%2C...

0
399 B

63ms
63ms

Image
text/plain

23.37.53.17
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/b2?c1=2&c2=20015427&ns__t=1600349727089&ns_c=UTF-8&cv=3.5&c8=Hot%20Potato%20%E2%80%93%20Windows%20Privilege%20Escalation%2CHot%20Potato%20%E2%80%93%20Windows%207%2C8%2C10%2C%20Server%202008%2C%20Server%202012%20Privilege%20Escalation%20in%20Metasploit%20%26%20PowerShell&c7=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&c9=&cs_ak_ss=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.37.53.17 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-53-17.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 17 Sep 2020 13:35:27 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Mon, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://sb.scorecardresearch.com/b2?c1=2&c2=20015427&ns__t=1600349727089&ns_c=UTF-8&cv=3.5&c8=Hot%20Potato%20%E2%80%93%20Windows%20Privilege%20Escalation%2CHot%20Potato%20%E2%80%93%20Windows%207%2C8%2C10%2C%20Server%202008%2C%20Server%202012%20Privilege%20Escalation%20in%20Metasploit%20%26%20PowerShell&c7=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&c9=&cs_ak_ss=1
Pragma: no-cache
Date: Thu, 17 Sep 2020 13:35:27 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 71614394 Show response
g.ezoic.net/dac/ 0
17 B 59ms
56ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezoic.net/dac/71614394
Requested by: Host: securityonline.info
URL: https://securityonline.info/porpoiseant/banger.js?cb=191-2&bv=86&v=35&PageSpeed=off
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:27 GMT
server: nginx/1.16.0
status: 200
vary: Accept-Encoding
content-type: text/plain
access-control-allow-origin: *
cache-control: max-age=3600, public
content-length: 0

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
77 B 61ms
57ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjk5MjY3IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1sYXJnZS1iaWxsYm9hcmQtMi0wXzEiLCJ0X2Vwb2NoIjoxNjAwMzQ5NzE5LCJhZF9wb3NpdGlvbiI6MTEwMiwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkZSIiwicGFnZXZpZXdfaWQiOiI2Y2Q5MmI3Zi03ZjllLTQxZWMtNDQ2ZS0yMWUwYTU3MzhmY2EiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjAsImNyZWF0aXZlX2lkIjowLCJkYXRhIjpbeyJuYW1lIjoicmVmcmVzaF9jb3VudCIsInZhbCI6IjYifV19LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjk5MjY3IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1sYXJnZS1iaWxsYm9hcmQtMi0wXzEiLCJ0X2Vwb2NoIjoxNjAwMzQ5NzE5LCJhZF9wb3NpdGlvbiI6MTEwMiwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkZSIiwicGFnZXZpZXdfaWQiOiI2Y2Q5MmI3Zi03ZjllLTQxZWMtNDQ2ZS0yMWUwYTU3MzhmY2EiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjAsImNyZWF0aXZlX2lkIjowLCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX2JpZF9oYXNoIiwidmFsIjoiemVybyJ9XX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI2OTkyNjciLCJkb21haW5faWQiOiIxMjQ1MzMiLCJ1bml0IjoiZGl2LWdwdC1hZC1zZWN1cml0eW9ubGluZV9pbmZvLWxhcmdlLWJpbGxib2FyZC0yLTBfMSIsInRfZXBvY2giOjE2MDAzNDk3MTksInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLjAwMDAwMiwiYWRfcG9zaXRpb24iOjExMDIsImFkX3NpemUiOiIiLCJiaWRfZmxvb3JfZmlsbGVkIjowLjAwMDAwMiwiYmlkX2Zsb29yX3ByZXYiOjAuMDAwMTIsInN0YXRfc291cmNlX2lkIjozNSwiY291bnRyeV9jb2RlIjoiRlIiLCJwYWdldmlld19pZCI6IjZjZDkyYjdmLTdmOWUtNDFlYy00NDZlLTIxZTBhNTczOGZjYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6MCwiY3JlYXRpdmVfaWQiOjAsImRhdGEiOlt7Im5hbWUiOiJsb2FkZWQiLCJ2YWwiOiIxIn1dfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjY5OTI2NyIsImRvbWFpbl9pZCI6IjEyNDUzMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXNlY3VyaXR5b25saW5lX2luZm8tbGFyZ2UtYmlsbGJvYXJkLTItMF8xIiwidF9lcG9jaCI6MTYwMDM0OTcxOSwiYWRfcG9zaXRpb24iOjExMDIsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJGUiIsInBhZ2V2aWV3X2lkIjoiNmNkOTJiN2YtN2Y5ZS00MWVjLTQ0NmUtMjFlMGE1NzM4ZmNhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjowLCJjcmVhdGl2ZV9pZCI6MCwiZGF0YSI6W3sibmFtZSI6ImNyZWF0aXZlX2lkIiwidmFsIjoiMTM4MzEwMDQzODAyIn1dfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjY5OTI2NyIsImRvbWFpbl9pZCI6IjEyNDUzMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXNlY3VyaXR5b25saW5lX2luZm8tbGFyZ2UtYmlsbGJvYXJkLTItMF8xIiwidF9lcG9jaCI6MTYwMDM0OTcxOSwiYWRfcG9zaXRpb24iOjExMDIsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJGUiIsInBhZ2V2aWV3X2lkIjoiNmNkOTJiN2YtN2Y5ZS00MWVjLTQ0NmUtMjFlMGE1NzM4ZmNhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjowLCJjcmVhdGl2ZV9pZCI6MCwiZGF0YSI6W3sibmFtZSI6ImxpbmVpdGVtX2lkIiwidmFsIjoiNzE2MTQzOTQifV19XQ==
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:27 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:35:27 UTC

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
77 B 57ms
55ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjk5MjY3IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1sYXJnZS1iaWxsYm9hcmQtMi0wXzEiLCJ0X2Vwb2NoIjoxNjAwMzQ5NzE5LCJhZF9wb3NpdGlvbiI6MTEwMiwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkZSIiwicGFnZXZpZXdfaWQiOiI2Y2Q5MmI3Zi03ZjllLTQxZWMtNDQ2ZS0yMWUwYTU3MzhmY2EiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjAsImNyZWF0aXZlX2lkIjowLCJkYXRhIjpbeyJuYW1lIjoidF9sb2NhbF9kYXRlIiwidmFsIjoiMjAyMC0wOS0xNyJ9LHsibmFtZSI6InRfbG9jYWxfaG91ciIsInZhbCI6IjE1In0seyJuYW1lIjoidF9sb2NhbF9kYXlfb2Zfd2VlayIsInZhbCI6IjQifSx7Im5hbWUiOiJ0X2xvY2FsX3RpbWV6b25lIiwidmFsIjoiLTEyMCJ9XX1d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:27 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:35:27 UTC

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
77 B 57ms
55ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiNjk5MjY3IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1sYXJnZS1iaWxsYm9hcmQtMi0wXzEiLCJ0X2Vwb2NoIjoxNjAwMzQ5NzE5LCJhdWN0aW9uX2Vwb2NoIjoxNjAwMzQ5NzI3LCJhZF9wb3NpdGlvbiI6MTEwMiwiY291bnRyeV9jb2RlIjoiRlIiLCJwYWdldmlld19pZCI6IjZjZDkyYjdmLTdmOWUtNDFlYy00NDZlLTIxZTBhNTczOGZjYSIsImJpZF9mbG9vcl9pbml0aWFsIjoxNTAwLCJiaWRfZmxvb3JfcHJldiI6MTIsImJpZF9mbG9vcl9maWxsZWQiOjAsImF1Y3Rpb25fY291bnQiOjYsInJlZnJlc2hfYWRfY291bnQiOjAsImF1Y3Rpb25fZHVyYXRpb24iOjYzNiwibXVsdGlfYWRfdW5pdCI6MSwibXVsdGlfYWRfY291bnQiOjQsImRhdGEiOlt7Im5hbWUiOiIiLCJ2YWwiOiIifV19XQ==
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:27 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:35:26 UTC

GET
H3-Q050 200 KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ Frame B863 11 KB
11 KB 12ms
7ms Font
font/woff2 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500&display=swap

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://securityonline.info
Referer: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500&display=swap
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 14 Sep 2020 11:04:05 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:48 GMT
server: sffe
age: 268282
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11056
x-xss-protection: 0
expires: Tue, 14 Sep 2021 11:04:05 GMT

GET
H3-Q050 200 KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v20/ Frame B863 11 KB
11 KB 12ms
8ms Font
font/woff2 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500&display=swap

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://securityonline.info
Referer: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500&display=swap
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 14 Sep 2020 11:04:11 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:50 GMT
server: sffe
age: 268276
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11016
x-xss-protection: 0
expires: Tue, 14 Sep 2021 11:04:11 GMT

GET
H3-Q050 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/012009010507000/ Frame 1876 206 KB
56 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:819::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

12a24c1feb4b8e8e3872a9fedee80fcce55a6f59b14607d640fcf4f3054ec43e

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 17524
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 57296
x-xss-protection: 0
server: sffe
date: Thu, 17 Sep 2020 08:43:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "9e379dcbf00ec980"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 17 Sep 2021 08:43:23 GMT

GET
H3-Q050 200 amp-ad-exit-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame 1876 16 KB
6 KB 11ms
9ms Script
text/javascript 2a00:1450:4001:819::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-ad-exit-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d337aa4ea0cace6bd743ef8c3b5d1d20e6e676bb4a650c7335a7383635529f31

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 109498
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5755
x-xss-protection: 0
server: sffe
date: Wed, 16 Sep 2020 07:10:29 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "c8394c73e5080432"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Sep 2021 07:10:29 GMT

GET
H3-Q050 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame 1876 95 KB
29 KB 14ms
12ms Script
text/javascript 2a00:1450:4001:819::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-analytics-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

76a8c8ef4cde9cbd17bbaecf11ee316fab4e55cc661093e4b2d80a4e1ff52897

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 17575
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29275
x-xss-protection: 0
server: sffe
date: Thu, 17 Sep 2020 08:42:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "56557b91d9fb04b1"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 17 Sep 2021 08:42:32 GMT

GET
H3-Q050 200 amp-fit-text-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame 1876 4 KB
2 KB 15ms
13ms Script
text/javascript 2a00:1450:4001:819::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-fit-text-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6fca0b40781598023aed9b45225711771eafce8f14392a49d6ed57d567255002

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 109420
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1795
x-xss-protection: 0
server: sffe
date: Wed, 16 Sep 2020 07:11:47 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "b0cc102b09e8903d"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Sep 2021 07:11:47 GMT

GET
H3-Q050 200 amp-form-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame 1876 47 KB
14 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:819::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-form-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

21cb9221d772cfd0d3de7240fe5c07ee1c06b9bd945111a2e0491ae243eb0b41

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 109407
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14591
x-xss-protection: 0
server: sffe
date: Wed, 16 Sep 2020 07:12:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "4ca25f57e218a94a"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Sep 2021 07:12:00 GMT

GET
H3-Q050 200 13481652256051908219
tpc.googlesyndication.com/simgad/ Frame 1876 38 KB
38 KB 12ms
10ms Image
image/png 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/13481652256051908219?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qmtNJ40PVuURDVSPsZDB_4-GuzD5w

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8db659e952798e0b38631c493bb65763b2d9cf833d37dff4a911c6b20c8795cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 16:08:55 GMT
x-content-type-options: nosniff
last-modified: Wed, 09 Sep 2020 03:28:15 GMT
server: sffe
age: 77192
status: 200
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38716
x-xss-protection: 0
expires: Thu, 16 Sep 2021 16:08:55 GMT

GET
H3-Q050 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 1876 2 KB
2 KB 12ms
10ms Image
image/png 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 17 Sep 2020 11:08:58 GMT
x-content-type-options: nosniff
server: cafe
age: 8789
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Fri, 18 Sep 2020 11:08:58 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 1876 295 B
324 B 16ms
15ms Image
image/png 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 16 Sep 2020 21:26:58 GMT
x-content-type-options: nosniff
server: cafe
age: 58109
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Thu, 17 Sep 2020 21:26:58 GMT

GET
DATA 200
OK truncated
/ Frame 1876 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 432ba502041e398c0e22845269f1618de0c3ab61700189dc80cdb581fc4986f2

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 204 l
www.google.com/ads/measurement/ Frame 1876 0
0 15ms
15ms Image
text/html 2a00:1450:4001:825::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRwg8FYp19QDwOzaND7osqY9eMNLKQMFLfiRI44-rTKwpGLGJdvA5L2EfYhX4-9DvNcTi_AYxvsJ4lJQnUsPND7tR8zeA
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:825::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 1876 0
0 66ms
65ms Image
text/html 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=Cy0I3HmZjX83mLYmGjuwPvf2KoAqmh7CkX4vOmNaoDL_hHhABIPT5xiVg-4GAgIgKoAHEkIfYAsgBAuACAKgDAcgDCKoEuAJP0PthYmFzvjqA1Xnux2ZT1cIGTerypoIgjryK4dcPjmYp-MI7NLfAekdpJwXrKH3bTQjIae62aejpYvpYN-4647WD27I_pzUHoROWV8k8anELQRtCZx0ZVvLis46hKLN7tqn2qnXUC4fKDO2_BRDkpobntw09VW7Oub-BI7WCrV23ClH-w595XHBn7xgri10yDSTSjOv9hNI517CJgtrP46ytSIErizrvWJlZP3M3ZKUJGYKFFHhAWOKQm8pFM8uhdlD5EPLV_lXOw4pV5UpMkOG-WXl0kxrimX7nJq3s9eVDliY334cjUfoaWXeFT6-TCAEsLDi1Jfl3mxyWrqC9NnR6aSD4bFPsSsrqnqqvV_x3p-Qb3A2Cv_laKbyb8c7zTpz0Y-flQqcXKUW56G2wQmcDBQ7ZuIPABJPx-tCpA-AEAZIFBAgEGAGSBQQIBRgEoAYCgAek7_inAagHjs4bqAfVyRuoB5PYG6gHugaoB_DZG6gH8tkbqAemvhuoB-zVG9gHAfIHBBC9zwTSCAkIgOGAEBABGB3yCBthZHgtc3Vic3luLTQ3NzYwNjMxNTgyNDI1ODiACgPICwGyDBRwdWItNjM5Njg0NDc0MjQ5NzIwONgTCw&sigh=wPMUJG3fJ3M&tpd=AGWhJmuSr7FKFGKx6ZUlIjcDVCe0PypMHqLT_taYUwxsGlNHsw
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 172.217.23.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s18-in-f130.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 44 KB
11 KB 326ms
325ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4316486664546050&correlator=256550608754747&output=ldjh&impl=fif&adsid=NT&eid=21067409%2C21067450%2C21064170%2C21065517%2C21067036&vrg=2020091401&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-medrectangle-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=250x250&ris=1&rcs=5&prev_scp=iid8%3D721815%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1110%26sap%3D1110%26a%3D%257C253%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod72-c%26ic%3D6%26at%3Dmbf%26adr%3D399%26ezosn%3D13%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D4%26al%3D1004%26compid%3D0%26tap%3Dsecurityonline_info-medrectangle-1-721815%26eb_br%3D7432360301409ae695ba255f16fbcf06%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D1%26bvm%3D0%26bvr%3D7%26shp%3D3%26acptad%3D1%26br1%3D20%26br2%3D350%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D27%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%2C17%2C20%2C17%2C19%2C20%2C17%2C18%2C19%2C20%26lb%3D60%26reqt%3D1600349727263&eri=1&cookie=ID%3D27ffea90e86d7683%3AT%3D1600349725%3AS%3DALNI_MZhnD9xtE9jy2beF4Tfjtz_b7IPGw&bc=31&abxe=1&lmt=1600349727&dt=1600349727266&dlt=1600349720147&idt=540&frm=20&biw=1600&bih=1200&oid=3&adxs=200&adys=11491&adks=2847974443&ucis=23&sps=channel,,3327506388|color_bg,,EEFF00|color_border,,EEFF00|color_link,,000000|color_text,,000000|color_url,,000000&ifi=76&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=102&icsg=3433718964813826&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1380x270&msz=1200x250&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1643016272.1600349720&ga_sid=1600349720&ga_hid=1485600483&ga_wpids=UA-124345349-20&fws=0&ohw=0&btvi=44&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

cd3419c71016f3349e48784e0926bf24f12522952e99e720066ce84b19407413

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:27 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10958
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
77 B 66ms
65ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzAyNjY3IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1sZWFkZXItMS0wIiwidF9lcG9jaCI6MTYwMDM0OTcxOSwiYWRfcG9zaXRpb24iOjExMDMsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJGUiIsInBhZ2V2aWV3X2lkIjoiNmNkOTJiN2YtN2Y5ZS00MWVjLTQ0NmUtMjFlMGE1NzM4ZmNhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0ODE3NzM1NDIwLCJjcmVhdGl2ZV9pZCI6MTM4MjQ2MTA1ODQyLCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX3NpemUiLCJ2YWwiOiJbNzI4LDkwXSJ9XX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI3MDI2NjciLCJkb21haW5faWQiOiIxMjQ1MzMiLCJ1bml0IjoiZGl2LWdwdC1hZC1zZWN1cml0eW9ubGluZV9pbmZvLWxlYWRlci0xLTAiLCJ0X2Vwb2NoIjoxNjAwMzQ5NzE5LCJhZF9wb3NpdGlvbiI6MTEwMywiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkZSIiwicGFnZXZpZXdfaWQiOiI2Y2Q5MmI3Zi03ZjllLTQxZWMtNDQ2ZS0yMWUwYTU3MzhmY2EiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjQ4MTc3MzU0MjAsImNyZWF0aXZlX2lkIjoxMzgyNDYxMDU4NDIsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfZmx1aWQiLCJ2YWwiOiJmYWxzZSJ9XX1d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:27 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:35:27 UTC

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
77 B 52ms
52ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzAyNjY3IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1sZWFkZXItMS0wIiwidF9lcG9jaCI6MTYwMDM0OTcxOSwicmV2ZW51ZSI6MCwiZXN0X3JldmVudWUiOjAsImFkX3Bvc2l0aW9uIjoxMTAzLCJhZF9zaXplIjoiIiwiYmlkX2Zsb29yX2ZpbGxlZCI6MCwiYmlkX2Zsb29yX3ByZXYiOjAsInN0YXRfc291cmNlX2lkIjowLCJjb3VudHJ5X2NvZGUiOiJGUiIsInBhZ2V2aWV3X2lkIjoiNmNkOTJiN2YtN2Y5ZS00MWVjLTQ0NmUtMjFlMGE1NzM4ZmNhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0ODE3NzM1NDIwLCJjcmVhdGl2ZV9pZCI6MTM4MjQ2MTA1ODQyLCJkYXRhIjpbeyJuYW1lIjoidmlld2VkIiwidmFsIjoiMSJ9XX1d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:27 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:35:27 UTC

GET
H2 200 71614394 Show response
g.ezoic.net/dac/ 0
17 B 55ms
54ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezoic.net/dac/71614394
Requested by: Host: securityonline.info
URL: https://securityonline.info/porpoiseant/banger.js?cb=191-2&bv=86&v=35&PageSpeed=off
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:27 GMT
server: nginx/1.16.0
status: 200
vary: Accept-Encoding
content-type: text/plain
access-control-allow-origin: *
cache-control: max-age=3600, public
content-length: 0

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
77 B 51ms
50ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjk5MjY3IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1sYXJnZS1iaWxsYm9hcmQtMi0wIiwidF9lcG9jaCI6MTYwMDM0OTcxOSwiYWRfcG9zaXRpb24iOjExMDIsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJGUiIsInBhZ2V2aWV3X2lkIjoiNmNkOTJiN2YtN2Y5ZS00MWVjLTQ0NmUtMjFlMGE1NzM4ZmNhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo3MTYxNDM5NCwiY3JlYXRpdmVfaWQiOjEzODMxMDQxNzYwMCwiZGF0YSI6W3sibmFtZSI6InJlZnJlc2hfY291bnQiLCJ2YWwiOiI2In1dfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjY5OTI2NyIsImRvbWFpbl9pZCI6IjEyNDUzMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXNlY3VyaXR5b25saW5lX2luZm8tbGFyZ2UtYmlsbGJvYXJkLTItMCIsInRfZXBvY2giOjE2MDAzNDk3MTksImFkX3Bvc2l0aW9uIjoxMTAyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiRlIiLCJwYWdldmlld19pZCI6IjZjZDkyYjdmLTdmOWUtNDFlYy00NDZlLTIxZTBhNTczOGZjYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NzE2MTQzOTQsImNyZWF0aXZlX2lkIjoxMzgzMTA0MTc2MDAsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfYmlkX2hhc2giLCJ2YWwiOiJ6ZXJvIn1dfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjY5OTI2NyIsImRvbWFpbl9pZCI6IjEyNDUzMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXNlY3VyaXR5b25saW5lX2luZm8tbGFyZ2UtYmlsbGJvYXJkLTItMCIsInRfZXBvY2giOjE2MDAzNDk3MTksInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLjAwMDAwMiwiYWRfcG9zaXRpb24iOjExMDIsImFkX3NpemUiOiIiLCJiaWRfZmxvb3JfZmlsbGVkIjowLjAwMDAwMiwiYmlkX2Zsb29yX3ByZXYiOjAuMDAwMTIsInN0YXRfc291cmNlX2lkIjozNSwiY291bnRyeV9jb2RlIjoiRlIiLCJwYWdldmlld19pZCI6IjZjZDkyYjdmLTdmOWUtNDFlYy00NDZlLTIxZTBhNTczOGZjYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NzE2MTQzOTQsImNyZWF0aXZlX2lkIjoxMzgzMTA0MTc2MDAsImRhdGEiOlt7Im5hbWUiOiJsb2FkZWQiLCJ2YWwiOiIxIn1dfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjY5OTI2NyIsImRvbWFpbl9pZCI6IjEyNDUzMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXNlY3VyaXR5b25saW5lX2luZm8tbGFyZ2UtYmlsbGJvYXJkLTItMCIsInRfZXBvY2giOjE2MDAzNDk3MTksImFkX3Bvc2l0aW9uIjoxMTAyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiRlIiLCJwYWdldmlld19pZCI6IjZjZDkyYjdmLTdmOWUtNDFlYy00NDZlLTIxZTBhNTczOGZjYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NzE2MTQzOTQsImNyZWF0aXZlX2lkIjoxMzgzMTA0MTc2MDAsImRhdGEiOlt7Im5hbWUiOiJjcmVhdGl2ZV9pZCIsInZhbCI6IjEzODMxMDQxNzYwMCJ9XX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI2OTkyNjciLCJkb21haW5faWQiOiIxMjQ1MzMiLCJ1bml0IjoiZGl2LWdwdC1hZC1zZWN1cml0eW9ubGluZV9pbmZvLWxhcmdlLWJpbGxib2FyZC0yLTAiLCJ0X2Vwb2NoIjoxNjAwMzQ5NzE5LCJhZF9wb3NpdGlvbiI6MTEwMiwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkZSIiwicGFnZXZpZXdfaWQiOiI2Y2Q5MmI3Zi03ZjllLTQxZWMtNDQ2ZS0yMWUwYTU3MzhmY2EiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjcxNjE0Mzk0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwNDE3NjAwLCJkYXRhIjpbeyJuYW1lIjoibGluZWl0ZW1faWQiLCJ2YWwiOiI3MTYxNDM5NCJ9XX1d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:27 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:35:27 UTC

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
77 B 50ms
50ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjk5MjY3IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1sYXJnZS1iaWxsYm9hcmQtMi0wIiwidF9lcG9jaCI6MTYwMDM0OTcxOSwiYWRfcG9zaXRpb24iOjExMDIsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJGUiIsInBhZ2V2aWV3X2lkIjoiNmNkOTJiN2YtN2Y5ZS00MWVjLTQ0NmUtMjFlMGE1NzM4ZmNhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo3MTYxNDM5NCwiY3JlYXRpdmVfaWQiOjEzODMxMDQxNzYwMCwiZGF0YSI6W3sibmFtZSI6InRfbG9jYWxfZGF0ZSIsInZhbCI6IjIwMjAtMDktMTcifSx7Im5hbWUiOiJ0X2xvY2FsX2hvdXIiLCJ2YWwiOiIxNSJ9LHsibmFtZSI6InRfbG9jYWxfZGF5X29mX3dlZWsiLCJ2YWwiOiI0In0seyJuYW1lIjoidF9sb2NhbF90aW1lem9uZSIsInZhbCI6Ii0xMjAifV19XQ==
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:27 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:35:27 UTC

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
77 B 52ms
52ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiNjk5MjY3IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1sYXJnZS1iaWxsYm9hcmQtMi0wIiwidF9lcG9jaCI6MTYwMDM0OTcxOSwiYXVjdGlvbl9lcG9jaCI6MTYwMDM0OTcyNywiYWRfcG9zaXRpb24iOjExMDIsImNvdW50cnlfY29kZSI6IkZSIiwicGFnZXZpZXdfaWQiOiI2Y2Q5MmI3Zi03ZjllLTQxZWMtNDQ2ZS0yMWUwYTU3MzhmY2EiLCJiaWRfZmxvb3JfaW5pdGlhbCI6MTUwMCwiYmlkX2Zsb29yX3ByZXYiOjEyLCJiaWRfZmxvb3JfZmlsbGVkIjowLCJhdWN0aW9uX2NvdW50Ijo2LCJyZWZyZXNoX2FkX2NvdW50IjowLCJhdWN0aW9uX2R1cmF0aW9uIjo0ODcsIm11bHRpX2FkX3VuaXQiOjAsIm11bHRpX2FkX2NvdW50Ijo0LCJkYXRhIjpbeyJuYW1lIjoiIiwidmFsIjoiIn1dfV0=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:27 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:35:27 UTC

GET
H3-Q050 200 10269218106722766590
tpc.googlesyndication.com/simgad/ Frame 3F72 123 KB
123 KB 7ms
6ms Image
image/gif 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/10269218106722766590

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.mjs

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4691d2d9bbf29b666d996e8cb483e60fa6f3e071f1091a57c2b3ac4413216b24

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 07:58:25 GMT
x-content-type-options: nosniff
age: 20222
x-dns-prefetch-control: off
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 125745
x-xss-protection: 0
last-modified: Thu, 17 Sep 2020 07:07:57 GMT
server: sffe
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 17 Sep 2021 07:58:25 GMT

GET
H3-Q050 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 3F72 2 KB
2 KB 11ms
6ms Image
image/png 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.mjs

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 17 Sep 2020 11:08:58 GMT
x-content-type-options: nosniff
server: cafe
age: 8789
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Fri, 18 Sep 2020 11:08:58 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 3F72 295 B
319 B 16ms
11ms Image
image/png 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.mjs

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 16 Sep 2020 21:26:58 GMT
x-content-type-options: nosniff
server: cafe
age: 58109
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Thu, 17 Sep 2020 21:26:58 GMT

GET
H3-Q050 200 en_bl.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 85B0 2 KB
2 KB 17ms
12ms Image
image/png 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en_bl.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e1a3c83144fa5752c8668ca056742ec9e6d6dfe5cfb75a97a9e53d1150068f91

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 17 Sep 2020 02:38:27 GMT
x-content-type-options: nosniff
server: cafe
age: 39420
etag: 11660698925711390587
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2471
x-xss-protection: 0
expires: Fri, 18 Sep 2020 02:38:27 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 85B0 295 B
319 B 15ms
12ms Image
image/png 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 16 Sep 2020 21:26:58 GMT
x-content-type-options: nosniff
server: cafe
age: 58109
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Thu, 17 Sep 2020 21:26:58 GMT

GET
H2 200 pixel;r=1116192661;labels=Domain.securityonline_info%2CDomainId.124533;rf=0;a=p-31iz6hfFutd16;url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellho...
pixel.quantserve.com/ 35 B
372 B 30ms
27ms Image
image/gif 2620:116:800d:21:36a9:ecb:e518:b308
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=1116192661;labels=Domain.securityonline_info%2CDomainId.124533;rf=0;a=p-31iz6hfFutd16;url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F;fpan=1;fpa=P0-1269657445-1600349727448;ns=0;ce=1;qjs=1;qv=35f667c6-20200713111428;cm=;gdpr=0;ref=;d=securityonline.info;je=0;sr=1600x1200x24;enc=n;dst=1;et=1600349727448;tzo=-120;ogl=locale.en_US%2Ctype.article%2Ctitle.Hot%20Potato%20%E2%80%93%20Windows%20Privilege%20Escalation%252CHot%20Potato%20%E2%80%93%20Windows%207%252C8%252C10%252C%20Server%2020%2Cdescription.Hot%20Potato%20%E2%80%93%20Windows%207%252C8%252C10%252C%20Server%202008%252C%20Server%202012%20Privilege%20Escalation%20in%20Me%2Curl.https%3A%2F%2Fsecurityonline%252Einfo%2Fhot-potato-windows-privilege-escalation-metasploit-p%2Csite_name.Penetration%20Testing%2Cimage.https%3A%2F%2Fsecurityonline%252Einfo%2Fwp-content%2Fuploads%2F2017%2F04%2F7-4%252Epng%2Cimage%3Awidth.726%2Cimage%3Aheight.205

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:36a9:ecb:e518:b308 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Sep 2020 13:35:27 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
status: 200
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 4 KB
2 KB 165ms
164ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4316486664546050&correlator=2210712780797510&output=ldjh&impl=fif&adsid=NT&eid=21067409%2C21067450%2C21064170%2C21065517%2C21067036&vrg=2020091401&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-large-mobile-banner-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ris=1&rcs=6&prev_scp=iid7%3D679815%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1105%26sap%3D1105%26a%3D%257C6%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod72-c%26ic%3D7%26at%3Dbf%26adr%3D399%26ezosn%3D12%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D704%26al%3D1704%26compid%3D0%26tap%3Dsecurityonline_info-large-mobile-banner-1-679815%26eb_br%3Dzero%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D28%26bvm%3D2%26bvr%3D5%26shp%3D1%26br1%3D0%26br2%3D550%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D26%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%2C17%2C18%2C19%2C20%26hb_bidder%3Dgumgum%26hb_adid%3D71c9a72bf8eec54%26hb_pb%3D0.01%26hb_format%3Dbanner%26hb_ssid%3D10079%26lb%3D280%26reqt%3D1600349727482%26ss38%3D1%26ss9%3D1&eri=1&cookie=ID%3D27ffea90e86d7683%3AT%3D1600349725%3AS%3DALNI_MZhnD9xtE9jy2beF4Tfjtz_b7IPGw&bc=31&abxe=1&lmt=1600349727&dt=1600349727484&dlt=1600349720147&idt=540&frm=20&biw=1600&bih=1200&oid=3&adxs=141&adys=11200&adks=1839183081&ucis=24&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,858585|color_text,,000000|color_url,,F0F0F0&ifi=77&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=102&icsg=3433718964813826&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=980x98&msz=982x92&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1643016272.1600349720&ga_sid=1600349720&ga_hid=1485600483&ga_wpids=UA-124345349-20&fws=4&ohw=982&btvi=45&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

e6215f0ffdee758bf91f50e88a71c8a1aa8e9e3c92018960386cfafd7482ce40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:27 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2298
x-xss-protection: 0
google-lineitem-id: 89921834
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 111357689114
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 173663363447728466
tpc.googlesyndication.com/simgad/ Frame AE7F 32 KB
32 KB 48ms
46ms Image
image/jpeg 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/173663363447728466?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qnCv7URJOJbJAOsv9i0WVj6iXmNQw

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8b5db2704b1f936faca0018b696554c5232f7d36b16e9e1da3ab4e2ba6a98ada

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 14 Sep 2020 12:47:40 GMT
x-content-type-options: nosniff
last-modified: Sat, 01 Aug 2020 02:32:18 GMT
server: sffe
age: 262067
status: 200
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32684
x-xss-protection: 0
expires: Tue, 14 Sep 2021 12:47:40 GMT

GET
H3-Q050 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame AE7F 2 KB
2 KB 48ms
47ms Image
image/png 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 17 Sep 2020 11:08:58 GMT
x-content-type-options: nosniff
server: cafe
age: 8789
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Fri, 18 Sep 2020 11:08:58 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame AE7F 295 B
319 B 48ms
47ms Image
image/png 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 16 Sep 2020 21:26:58 GMT
x-content-type-options: nosniff
server: cafe
age: 58109
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Thu, 17 Sep 2020 21:26:58 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 160 KB
51 KB 261ms
206ms XHR
text/plain 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4316486664546050&correlator=1136096991057366&output=ldjh&impl=fif&adsid=NT&eid=21067409%2C21067450%2C21064170%2C21065517%2C21067036&vrg=2020091401&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200917&iu_parts=1254144%2Csecurityonline_info-box-3&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ris=1&rcs=6&prev_scp=iid8%3D728117%26t%3D134%26d%3D124533%26t1%3D134%26pvc%3D0%26ap%3D1104%26sap%3D1104%26a%3D%257C3%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod72-c%26ic%3D7%26at%3Dbf%26adr%3D399%26ezosn%3D5%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D2%26al%3D1002%26compid%3D0%26tap%3Dsecurityonline_info-box-3-728117%26eb_br%3Dzero%26eba%3D1%26ebss%3D10017%2C10061%26asau%3D5229371956%26bv%3D28%26bvm%3D2%26bvr%3D5%26shp%3D1%26br1%3D0%26br2%3D3200%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D72%26deal1%3D24%2C25%2C26%2C23%2C24%2C25%2C26%2C22%2C23%2C24%2C25%2C26%2C21%2C22%2C23%2C24%2C25%2C26%2C21%2C22%2C23%2C24%2C25%2C26%2C17%2C18%2C19%2C20%2C21%2C22%2C23%2C24%2C25%2C26%26lb%3D1800%26reqt%3D1600349727592%26ss38%3D1%26ss9%3D1&eri=1&cookie=ID%3D27ffea90e86d7683%3AT%3D1600349725%3AS%3DALNI_MZhnD9xtE9jy2beF4Tfjtz_b7IPGw&bc=31&abxe=1&lmt=1600349727&dt=1600349727597&dlt=1600349720147&idt=540&frm=20&biw=1600&bih=1200&oid=3&adxs=141&adys=513&adks=1835722818&ucis=25&sps=channel,,3327506388|color_bg,,FFFFFF|color_border,,FFFFFF|color_link,,0000FF|color_text,,000000|color_url,,828282&ifi=78&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsecurityonline.info%2Fhot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation%2F&dssz=102&icsg=3433718964813826&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=880x99&msz=882x92&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1643016272.1600349720&ga_sid=1600349720&ga_hid=1485600483&ga_wpids=UA-124345349-20&fws=4&ohw=882&btvi=0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

165e44fb0613558834c2a765fb0d311d8b70bb1310ac81ce3bbda9e873c43a3d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:27 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 52588
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityonline.info
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame B863 2 KB
2 KB 12ms
6ms Image
image/png 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 17 Sep 2020 11:08:58 GMT
x-content-type-options: nosniff
server: cafe
age: 8789
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Fri, 18 Sep 2020 11:08:58 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame B863 295 B
319 B 13ms
7ms Image
image/png 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 16 Sep 2020 21:26:58 GMT
x-content-type-options: nosniff
server: cafe
age: 58109
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Thu, 17 Sep 2020 21:26:58 GMT

GET
H3-Q050 200 13481652256051908219
tpc.googlesyndication.com/simgad/ Frame 22EC 38 KB
38 KB 14ms
8ms Image
image/png 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/13481652256051908219?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qmtNJ40PVuURDVSPsZDB_4-GuzD5w

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8db659e952798e0b38631c493bb65763b2d9cf833d37dff4a911c6b20c8795cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 16:08:55 GMT
x-content-type-options: nosniff
last-modified: Wed, 09 Sep 2020 03:28:15 GMT
server: sffe
age: 77192
status: 200
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38716
x-xss-protection: 0
expires: Thu, 16 Sep 2021 16:08:55 GMT

GET
H3-Q050 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 22EC 2 KB
2 KB 11ms
6ms Image
image/png 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 17 Sep 2020 11:08:58 GMT
x-content-type-options: nosniff
server: cafe
age: 8789
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Fri, 18 Sep 2020 11:08:58 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 22EC 295 B
319 B 13ms
8ms Image
image/png 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 16 Sep 2020 21:26:58 GMT
x-content-type-options: nosniff
server: cafe
age: 58109
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Thu, 17 Sep 2020 21:26:58 GMT

GET
H3-Q050 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/012009010507000/ Frame 7DF6 206 KB
56 KB 10ms
6ms Script
text/javascript 2a00:1450:4001:819::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

12a24c1feb4b8e8e3872a9fedee80fcce55a6f59b14607d640fcf4f3054ec43e

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 17524
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 57296
x-xss-protection: 0
server: sffe
date: Thu, 17 Sep 2020 08:43:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "9e379dcbf00ec980"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 17 Sep 2021 08:43:23 GMT

GET
H3-Q050 200 amp-ad-exit-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame 7DF6 16 KB
6 KB 12ms
8ms Script
text/javascript 2a00:1450:4001:819::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-ad-exit-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d337aa4ea0cace6bd743ef8c3b5d1d20e6e676bb4a650c7335a7383635529f31

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 109498
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5755
x-xss-protection: 0
server: sffe
date: Wed, 16 Sep 2020 07:10:29 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "c8394c73e5080432"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Sep 2021 07:10:29 GMT

GET
H3-Q050 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame 7DF6 95 KB
29 KB 14ms
11ms Script
text/javascript 2a00:1450:4001:819::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-analytics-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

76a8c8ef4cde9cbd17bbaecf11ee316fab4e55cc661093e4b2d80a4e1ff52897

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 17575
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29275
x-xss-protection: 0
server: sffe
date: Thu, 17 Sep 2020 08:42:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "56557b91d9fb04b1"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 17 Sep 2021 08:42:32 GMT

GET
H3-Q050 200 amp-fit-text-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame 7DF6 4 KB
2 KB 14ms
11ms Script
text/javascript 2a00:1450:4001:819::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-fit-text-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6fca0b40781598023aed9b45225711771eafce8f14392a49d6ed57d567255002

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 109420
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1795
x-xss-protection: 0
server: sffe
date: Wed, 16 Sep 2020 07:11:47 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "b0cc102b09e8903d"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Sep 2021 07:11:47 GMT

GET
H3-Q050 200 amp-form-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame 7DF6 47 KB
14 KB 18ms
14ms Script
text/javascript 2a00:1450:4001:819::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-form-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

21cb9221d772cfd0d3de7240fe5c07ee1c06b9bd945111a2e0491ae243eb0b41

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 109407
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14591
x-xss-protection: 0
server: sffe
date: Wed, 16 Sep 2020 07:12:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "4ca25f57e218a94a"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Sep 2021 07:12:00 GMT

GET
H3-Q050 200 css
fonts.googleapis.com/ Frame 7DF6 7 KB
791 B 21ms
19ms Stylesheet
text/css 2a00:1450:4001:819::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:400,500,700&lang=en

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:819::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

38a4a0616eec7a64dc1b6a5c034eab3d054af0bd040c1c0d41df6435e905499a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 17 Sep 2020 13:25:38 GMT
server: ESF
date: Thu, 17 Sep 2020 13:35:27 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 17 Sep 2020 13:35:27 GMT

GET
H3-Q050 200 css
fonts.googleapis.com/ Frame 7DF6 7 KB
745 B 75ms
74ms Stylesheet
text/css 2a00:1450:4001:819::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:400,500,700&text=

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:819::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

38a4a0616eec7a64dc1b6a5c034eab3d054af0bd040c1c0d41df6435e905499a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 17 Sep 2020 13:01:51 GMT
server: ESF
date: Thu, 17 Sep 2020 13:35:27 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 17 Sep 2020 13:35:27 GMT

GET
H3-Q050 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 7DF6 2 KB
2 KB 14ms
11ms Image
image/png 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 17 Sep 2020 11:08:58 GMT
x-content-type-options: nosniff
server: cafe
age: 8789
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Fri, 18 Sep 2020 11:08:58 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 7DF6 295 B
319 B 14ms
11ms Image
image/png 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 16 Sep 2020 21:26:58 GMT
x-content-type-options: nosniff
server: cafe
age: 58109
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Thu, 17 Sep 2020 21:26:58 GMT

GET
DATA 200
OK truncated
/ Frame 7DF6 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3ee616c196929a4f53a3e3bcd5180a9dc120291406059a2cf72be99bb13e512e

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/2908461788459041651/ Frame 7DF6 17 KB
17 KB 14ms
13ms Image
image/jpeg 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/2908461788459041651/downsize_200k_v1?sqp=4sqPyQSWAUKTAQgAEhQNzczMPhUAAABAHQAAAAAlAAAAABgAIgoNAACAPxUAAIA_Kk8IWhABHQAAtEIgASgBMAY4A0CAwtcvSABQAFgAYFpwAngAgAEAiAEAkAEAnQEAAIA_oAEAqAEAsAGAreIEuAH___________8BxQEtsp0-MhoIrAIQnQEYASABLQAAAD8wrAI4nQFFAACAPw&rs=AOga4qk0JTSbo6os7wJbPFTszYG3WE92QQ

Requested by

Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

341f0738791623b7286eda9ed3fca49633970f191be821bfe83ec47f1a1d1fe2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 14 Sep 2020 12:56:12 GMT
x-content-type-options: nosniff
last-modified: Wed, 12 Feb 2020 14:57:30 GMT
server: sffe
age: 261555
status: 200
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17695
x-xss-protection: 0
expires: Tue, 14 Sep 2021 12:56:12 GMT

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 7DF6 0
0 73ms
72ms Image
text/html 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C-oPPH2ZjX8DyA8uY3gOT5LHoCYj5j6Ne2OXjvK0Lno6blLwQEAEg9PnGJWD7gYCAiAqgAd6Hx8gDyAEGqQLiwaykVmepPuACAKgDAcgDCqoEtgJP0CvPQkseVfJRsIqM9ZpZaNJdUoNHUA1F9fOG5_5huLICMOaf20jByWcM00XB942RUb912cUQ7C9EutoWdFLPvVtUIwh1RznFFa6zMssOOTvIPOwsCEGZ8ON-URSSRzRQTFIY3TUTRLGyNSIy2iesAbKhYR0GKRGK_4Ys35fIVBZ4732bzP3hlXbDYO-ldikh7BfQXLQfTIHjcrWbms2-2WCK28FVaZYknqP1fcYK4RPtniS9Pr7-12Tz39zn6N_OEGjpjrvpZgUSInSEHbhQp1ZWYe108wPR3M0u1bzYZIyVUjV_H5mg15H246SbfaMDWPxDhNUiN5cfDZrBazqjUnSCAc9SDKS4TzFaFHR-SfgS7f4UrJbYairTtJJKsI_4twgDdg13TNh4HL9pUqVdyykauXgMwASwu8_4nQLgBAGSBQQIBBgBkgUECAUYBKAGN4AHivi4N6gHjs4bqAfVyRuoB5PYG6gHugaoB_DZG6gH8tkbqAemvhuoB-zVG9gHAfIHBBCF5wbSCAkIgOGAEBABGB3yCBthZHgtc3Vic3luLTQ3NzYwNjMxNTgyNDI1ODiACgPICwGyDBRwdWItNjM5Njg0NDc0MjQ5NzIwONgTDIgUBQ&sigh=tjVMKwT5LWo&template_id=492&tpd=AGWhJmtn2FbtCtfiGfmTVn6OqnEokDxHyIxjKeiSnccuvHOuuw
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 172.217.23.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s18-in-f130.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 204 l
www.google.com/ads/measurement/ Frame 7DF6 0
0 16ms
15ms Image
text/html 2a00:1450:4001:825::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaS-ctPuK5phg5UD8MK-U-wHAv29-3ABcBCgSregXyJh0Pq7bRGIO0JVA_INV0ALTG_4_KYkVeShG8da2EX0zOgFDCsuRw
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:825::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
77 B 93ms
32ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjk5MjY3IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1sYXJnZS1iaWxsYm9hcmQtMi0wXzIiLCJ0X2Vwb2NoIjoxNjAwMzQ5NzE5LCJhZF9wb3NpdGlvbiI6MTEwMiwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkZSIiwicGFnZXZpZXdfaWQiOiI2Y2Q5MmI3Zi03ZjllLTQxZWMtNDQ2ZS0yMWUwYTU3MzhmY2EiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjcxNjE0Mzk0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwNDE3NjAwLCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX3NpemUiLCJ2YWwiOiJbMzAwLDI1MF0ifV19LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjk5MjY3IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1sYXJnZS1iaWxsYm9hcmQtMi0wXzIiLCJ0X2Vwb2NoIjoxNjAwMzQ5NzE5LCJhZF9wb3NpdGlvbiI6MTEwMiwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkZSIiwicGFnZXZpZXdfaWQiOiI2Y2Q5MmI3Zi03ZjllLTQxZWMtNDQ2ZS0yMWUwYTU3MzhmY2EiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjcxNjE0Mzk0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwNDE3NjAwLCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX2ZsdWlkIiwidmFsIjoiZmFsc2UifV19XQ==
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:27 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:35:27 UTC

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
77 B 77ms
76ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjg4NjY3IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1ib3gtMS0wXzIiLCJ0X2Vwb2NoIjoxNjAwMzQ5NzE5LCJhZF9wb3NpdGlvbiI6MTEwNywiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkZSIiwicGFnZXZpZXdfaWQiOiI2Y2Q5MmI3Zi03ZjllLTQxZWMtNDQ2ZS0yMWUwYTU3MzhmY2EiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjcxNjE0Mzk0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDQzNzYzLCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX3NpemUiLCJ2YWwiOiJbMzAwLDI1MF0ifV19LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjg4NjY3IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1ib3gtMS0wXzIiLCJ0X2Vwb2NoIjoxNjAwMzQ5NzE5LCJhZF9wb3NpdGlvbiI6MTEwNywiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkZSIiwicGFnZXZpZXdfaWQiOiI2Y2Q5MmI3Zi03ZjllLTQxZWMtNDQ2ZS0yMWUwYTU3MzhmY2EiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjcxNjE0Mzk0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDQzNzYzLCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX2ZsdWlkIiwidmFsIjoiZmFsc2UifV19XQ==
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:27 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:35:27 UTC

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
77 B 77ms
77ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjg4NjY3IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1ib3gtMS0wXzEiLCJ0X2Vwb2NoIjoxNjAwMzQ5NzE5LCJyZXZlbnVlIjowLCJlc3RfcmV2ZW51ZSI6MCwiYWRfcG9zaXRpb24iOjExMDcsImFkX3NpemUiOiIiLCJiaWRfZmxvb3JfZmlsbGVkIjowLCJiaWRfZmxvb3JfcHJldiI6MCwic3RhdF9zb3VyY2VfaWQiOjAsImNvdW50cnlfY29kZSI6IkZSIiwicGFnZXZpZXdfaWQiOiI2Y2Q5MmI3Zi03ZjllLTQxZWMtNDQ2ZS0yMWUwYTU3MzhmY2EiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjcxNjE0Mzk0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDQzNzYzLCJkYXRhIjpbeyJuYW1lIjoidmlld2VkIiwidmFsIjoiMSJ9XX1d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:27 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:35:27 UTC

GET
H2 200 4817735420 Show response
g.ezoic.net/dac/ 0
17 B 77ms
76ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezoic.net/dac/4817735420
Requested by: Host: securityonline.info
URL: https://securityonline.info/porpoiseant/banger.js?cb=191-2&bv=86&v=35&PageSpeed=off
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:27 GMT
server: nginx/1.16.0
status: 200
vary: Accept-Encoding
content-type: text/plain
access-control-allow-origin: *
cache-control: max-age=3600, public
content-length: 0

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
77 B 74ms
73ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjk5MjY3IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1sYXJnZS1iaWxsYm9hcmQtMi0wXzMiLCJ0X2Vwb2NoIjoxNjAwMzQ5NzE5LCJhZF9wb3NpdGlvbiI6MTEwMiwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkZSIiwicGFnZXZpZXdfaWQiOiI2Y2Q5MmI3Zi03ZjllLTQxZWMtNDQ2ZS0yMWUwYTU3MzhmY2EiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjcxNjE0Mzk0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwNDE3NjAwLCJkYXRhIjpbeyJuYW1lIjoicmVmcmVzaF9jb3VudCIsInZhbCI6IjYifV19LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjk5MjY3IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1sYXJnZS1iaWxsYm9hcmQtMi0wXzMiLCJ0X2Vwb2NoIjoxNjAwMzQ5NzE5LCJhZF9wb3NpdGlvbiI6MTEwMiwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkZSIiwicGFnZXZpZXdfaWQiOiI2Y2Q5MmI3Zi03ZjllLTQxZWMtNDQ2ZS0yMWUwYTU3MzhmY2EiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjcxNjE0Mzk0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwNDE3NjAwLCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX2JpZF9oYXNoIiwidmFsIjoiemVybyJ9XX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI2OTkyNjciLCJkb21haW5faWQiOiIxMjQ1MzMiLCJ1bml0IjoiZGl2LWdwdC1hZC1zZWN1cml0eW9ubGluZV9pbmZvLWxhcmdlLWJpbGxib2FyZC0yLTBfMyIsInRfZXBvY2giOjE2MDAzNDk3MTksInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLjAwMDAwMiwiYWRfcG9zaXRpb24iOjExMDIsImFkX3NpemUiOiIiLCJiaWRfZmxvb3JfZmlsbGVkIjowLjAwMDAwMiwiYmlkX2Zsb29yX3ByZXYiOjAuMDAwMTIsInN0YXRfc291cmNlX2lkIjozNSwiY291bnRyeV9jb2RlIjoiRlIiLCJwYWdldmlld19pZCI6IjZjZDkyYjdmLTdmOWUtNDFlYy00NDZlLTIxZTBhNTczOGZjYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NzE2MTQzOTQsImNyZWF0aXZlX2lkIjoxMzgzMTA0MTc2MDAsImRhdGEiOlt7Im5hbWUiOiJsb2FkZWQiLCJ2YWwiOiIxIn1dfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjY5OTI2NyIsImRvbWFpbl9pZCI6IjEyNDUzMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXNlY3VyaXR5b25saW5lX2luZm8tbGFyZ2UtYmlsbGJvYXJkLTItMF8zIiwidF9lcG9jaCI6MTYwMDM0OTcxOSwiYWRfcG9zaXRpb24iOjExMDIsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJGUiIsInBhZ2V2aWV3X2lkIjoiNmNkOTJiN2YtN2Y5ZS00MWVjLTQ0NmUtMjFlMGE1NzM4ZmNhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo3MTYxNDM5NCwiY3JlYXRpdmVfaWQiOjEzODMxMDQxNzYwMCwiZGF0YSI6W3sibmFtZSI6ImNyZWF0aXZlX2lkIiwidmFsIjoiMTM4MjQ2MTA1ODQyIn1dfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjY5OTI2NyIsImRvbWFpbl9pZCI6IjEyNDUzMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXNlY3VyaXR5b25saW5lX2luZm8tbGFyZ2UtYmlsbGJvYXJkLTItMF8zIiwidF9lcG9jaCI6MTYwMDM0OTcxOSwiYWRfcG9zaXRpb24iOjExMDIsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJGUiIsInBhZ2V2aWV3X2lkIjoiNmNkOTJiN2YtN2Y5ZS00MWVjLTQ0NmUtMjFlMGE1NzM4ZmNhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo3MTYxNDM5NCwiY3JlYXRpdmVfaWQiOjEzODMxMDQxNzYwMCwiZGF0YSI6W3sibmFtZSI6ImxpbmVpdGVtX2lkIiwidmFsIjoiNDgxNzczNTQyMCJ9XX1d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:27 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:35:27 UTC

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
77 B 75ms
74ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjk5MjY3IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1sYXJnZS1iaWxsYm9hcmQtMi0wXzMiLCJ0X2Vwb2NoIjoxNjAwMzQ5NzE5LCJhZF9wb3NpdGlvbiI6MTEwMiwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkZSIiwicGFnZXZpZXdfaWQiOiI2Y2Q5MmI3Zi03ZjllLTQxZWMtNDQ2ZS0yMWUwYTU3MzhmY2EiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjcxNjE0Mzk0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwNDE3NjAwLCJkYXRhIjpbeyJuYW1lIjoidF9sb2NhbF9kYXRlIiwidmFsIjoiMjAyMC0wOS0xNyJ9LHsibmFtZSI6InRfbG9jYWxfaG91ciIsInZhbCI6IjE1In0seyJuYW1lIjoidF9sb2NhbF9kYXlfb2Zfd2VlayIsInZhbCI6IjQifSx7Im5hbWUiOiJ0X2xvY2FsX3RpbWV6b25lIiwidmFsIjoiLTEyMCJ9XX1d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:27 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:35:25 UTC

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
77 B 73ms
73ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiNjk5MjY3IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1sYXJnZS1iaWxsYm9hcmQtMi0wXzMiLCJ0X2Vwb2NoIjoxNjAwMzQ5NzE5LCJhdWN0aW9uX2Vwb2NoIjoxNjAwMzQ5NzI4LCJhZF9wb3NpdGlvbiI6MTEwMiwiY291bnRyeV9jb2RlIjoiRlIiLCJwYWdldmlld19pZCI6IjZjZDkyYjdmLTdmOWUtNDFlYy00NDZlLTIxZTBhNTczOGZjYSIsImJpZF9mbG9vcl9pbml0aWFsIjoxNTAwLCJiaWRfZmxvb3JfcHJldiI6MTIsImJpZF9mbG9vcl9maWxsZWQiOjAsImF1Y3Rpb25fY291bnQiOjYsInJlZnJlc2hfYWRfY291bnQiOjAsImF1Y3Rpb25fZHVyYXRpb24iOjY2OSwibXVsdGlfYWRfdW5pdCI6MywibXVsdGlfYWRfY291bnQiOjQsImRhdGEiOlt7Im5hbWUiOiIiLCJ2YWwiOiIifV19XQ==
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:27 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:35:27 UTC

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
77 B 58ms
55ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjg4NjY3IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1ib3gtMS0wIiwidF9lcG9jaCI6MTYwMDM0OTcxOSwiYWRfcG9zaXRpb24iOjExMDcsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJGUiIsInBhZ2V2aWV3X2lkIjoiNmNkOTJiN2YtN2Y5ZS00MWVjLTQ0NmUtMjFlMGE1NzM4ZmNhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo3MTYxNDM5NCwiY3JlYXRpdmVfaWQiOjEzODMxMDA0Mzc2MywiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9zaXplIiwidmFsIjoiWzMwMCwyNTBdIn1dfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjY4ODY2NyIsImRvbWFpbl9pZCI6IjEyNDUzMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXNlY3VyaXR5b25saW5lX2luZm8tYm94LTEtMCIsInRfZXBvY2giOjE2MDAzNDk3MTksImFkX3Bvc2l0aW9uIjoxMTA3LCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiRlIiLCJwYWdldmlld19pZCI6IjZjZDkyYjdmLTdmOWUtNDFlYy00NDZlLTIxZTBhNTczOGZjYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NzE2MTQzOTQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM3NjMsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfZmx1aWQiLCJ2YWwiOiJmYWxzZSJ9XX1d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:27 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:35:27 UTC

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
77 B 87ms
69ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjg4NjY3IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1ib3gtMS0wXzEiLCJ0X2Vwb2NoIjoxNjAwMzQ5NzE5LCJhZF9wb3NpdGlvbiI6MTEwNywiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkZSIiwicGFnZXZpZXdfaWQiOiI2Y2Q5MmI3Zi03ZjllLTQxZWMtNDQ2ZS0yMWUwYTU3MzhmY2EiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjcxNjE0Mzk0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDQzNzYzLCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX3NpemUiLCJ2YWwiOiJbMzAwLDI1MF0ifV19LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjg4NjY3IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1ib3gtMS0wXzEiLCJ0X2Vwb2NoIjoxNjAwMzQ5NzE5LCJhZF9wb3NpdGlvbiI6MTEwNywiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkZSIiwicGFnZXZpZXdfaWQiOiI2Y2Q5MmI3Zi03ZjllLTQxZWMtNDQ2ZS0yMWUwYTU3MzhmY2EiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjcxNjE0Mzk0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDQzNzYzLCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX2ZsdWlkIiwidmFsIjoiZmFsc2UifV19XQ==
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:27 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:35:27 UTC

GET
H3-Q050 200 13481652256051908219
tpc.googlesyndication.com/simgad/ Frame 1876 38 KB
38 KB 65ms
64ms Image
image/png 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/13481652256051908219?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qmtNJ40PVuURDVSPsZDB_4-GuzD5w

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8db659e952798e0b38631c493bb65763b2d9cf833d37dff4a911c6b20c8795cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 16:08:55 GMT
x-content-type-options: nosniff
last-modified: Wed, 09 Sep 2020 03:28:15 GMT
server: sffe
age: 77192
status: 200
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38716
x-xss-protection: 0
expires: Thu, 16 Sep 2021 16:08:55 GMT

GET
H3-Q050 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 1876 2 KB
2 KB 78ms
6ms Image
image/png 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 17 Sep 2020 11:08:58 GMT
x-content-type-options: nosniff
server: cafe
age: 8789
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Fri, 18 Sep 2020 11:08:58 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 1876 295 B
319 B 80ms
6ms Image
image/png 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 16 Sep 2020 21:26:58 GMT
x-content-type-options: nosniff
server: cafe
age: 58109
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Thu, 17 Sep 2020 21:26:58 GMT

GET
H3-Q050 200 KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v20/ Frame 7DF6 11 KB
11 KB 13ms
8ms Font
font/woff2 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,500,700&lang=en

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://securityonline.info
Referer: https://fonts.googleapis.com/css?family=Roboto:400,500,700&lang=en
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 14 Sep 2020 11:04:11 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:50 GMT
server: sffe
age: 268276
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11016
x-xss-protection: 0
expires: Tue, 14 Sep 2021 11:04:11 GMT

GET
H3-Q050 200 KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ Frame 7DF6 11 KB
11 KB 16ms
11ms Font
font/woff2 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,500,700&lang=en

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://securityonline.info
Referer: https://fonts.googleapis.com/css?family=Roboto:400,500,700&lang=en
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 14 Sep 2020 11:04:05 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:48 GMT
server: sffe
age: 268282
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11056
x-xss-protection: 0
expires: Tue, 14 Sep 2021 11:04:05 GMT

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
77 B 69ms
67ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzA3OTY3IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1tZWRyZWN0YW5nbGUtMy0wIiwidF9lcG9jaCI6MTYwMDM0OTcxOSwiYWRfcG9zaXRpb24iOjExMTIsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJGUiIsInBhZ2V2aWV3X2lkIjoiNmNkOTJiN2YtN2Y5ZS00MWVjLTQ0NmUtMjFlMGE1NzM4ZmNhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDA0MzUxNywiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9zaXplIiwidmFsIjoiWzcyOCw5MF0ifV19LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzA3OTY3IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1tZWRyZWN0YW5nbGUtMy0wIiwidF9lcG9jaCI6MTYwMDM0OTcxOSwiYWRfcG9zaXRpb24iOjExMTIsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJGUiIsInBhZ2V2aWV3X2lkIjoiNmNkOTJiN2YtN2Y5ZS00MWVjLTQ0NmUtMjFlMGE1NzM4ZmNhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDA0MzUxNywiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9mbHVpZCIsInZhbCI6ImZhbHNlIn1dfV0=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:27 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:35:27 UTC

GET
H3-Q050 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/012009010507000/ Frame DC55 206 KB
56 KB 69ms
65ms Script
text/javascript 2a00:1450:4001:819::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

12a24c1feb4b8e8e3872a9fedee80fcce55a6f59b14607d640fcf4f3054ec43e

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 17524
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 57296
x-xss-protection: 0
server: sffe
date: Thu, 17 Sep 2020 08:43:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "9e379dcbf00ec980"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 17 Sep 2021 08:43:23 GMT

GET
H3-Q050 200 amp-ad-exit-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame DC55 16 KB
6 KB 77ms
74ms Script
text/javascript 2a00:1450:4001:819::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-ad-exit-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d337aa4ea0cace6bd743ef8c3b5d1d20e6e676bb4a650c7335a7383635529f31

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 109498
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5755
x-xss-protection: 0
server: sffe
date: Wed, 16 Sep 2020 07:10:29 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "c8394c73e5080432"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Sep 2021 07:10:29 GMT

GET
H3-Q050 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame DC55 95 KB
29 KB 78ms
75ms Script
text/javascript 2a00:1450:4001:819::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-analytics-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

76a8c8ef4cde9cbd17bbaecf11ee316fab4e55cc661093e4b2d80a4e1ff52897

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 17575
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29275
x-xss-protection: 0
server: sffe
date: Thu, 17 Sep 2020 08:42:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "56557b91d9fb04b1"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 17 Sep 2021 08:42:32 GMT

GET
H3-Q050 200 amp-fit-text-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame DC55 4 KB
2 KB 79ms
76ms Script
text/javascript 2a00:1450:4001:819::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-fit-text-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6fca0b40781598023aed9b45225711771eafce8f14392a49d6ed57d567255002

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 109420
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1795
x-xss-protection: 0
server: sffe
date: Wed, 16 Sep 2020 07:11:47 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "b0cc102b09e8903d"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Sep 2021 07:11:47 GMT

GET
H3-Q050 200 amp-form-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame DC55 47 KB
14 KB 79ms
76ms Script
text/javascript 2a00:1450:4001:819::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-form-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

21cb9221d772cfd0d3de7240fe5c07ee1c06b9bd945111a2e0491ae243eb0b41

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 109407
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14591
x-xss-protection: 0
server: sffe
date: Wed, 16 Sep 2020 07:12:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "4ca25f57e218a94a"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Sep 2021 07:12:00 GMT

GET
H3-Q050 200 amp-gwd-animation-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame DC55 11 KB
4 KB 79ms
77ms Script
text/javascript 2a00:1450:4001:819::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-gwd-animation-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ca8a9b87545d44cbb0982e9eb09065b20d8981c62c31be7577e03e441b0503bb

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 73629
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3933
x-xss-protection: 0
server: sffe
date: Wed, 16 Sep 2020 17:08:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "4cdddef2ce660d64"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Sep 2021 17:08:18 GMT

GET
H3-Q050 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame DC55 2 KB
2 KB 75ms
72ms Image
image/png 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 17 Sep 2020 11:08:58 GMT
x-content-type-options: nosniff
server: cafe
age: 8789
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Fri, 18 Sep 2020 11:08:58 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame DC55 295 B
319 B 74ms
73ms Image
image/png 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091401.js?21067450

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 16 Sep 2020 21:26:58 GMT
x-content-type-options: nosniff
server: cafe
age: 58109
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Thu, 17 Sep 2020 21:26:58 GMT

GET
DATA 200
OK truncated
/ Frame DC55 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 09cdbdf6f9d172e33e98503e34a84d3b7abf9c4d5ec646816bd5a3b6c9878aa5

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 204 l
www.google.com/ads/measurement/ Frame DC55 0
0 104ms
85ms Image
text/html 2a00:1450:4001:825::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQIs_WE0dGEPcCJFDwEyahQ1iW29DXMOC2jkpRVvSujWhFGruOMOaofi1Sskld1ea-LLU9DtWAdQKzwS4zumMFB2Bo2Xg
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:825::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame DC55 0
0 105ms
86ms Image
text/html 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C-7_oH2ZjX7yBK9yZ3gOa8a-QCuWtv55f7tHQ49MLr4eSrZUOEAEg9PnGJWD7gYCAiAqgAe-I8MICyAEJqQIFOO1Bms2zPuACAKgDAcgDCKoEtwJP0HiqKbM13Yfl-d2f0SGa8Qm6j8KxhJWxci2SKkssfmSLFtcpV1LbDasTzIU525jlIhpUbJfvTaYzetIAG6R7nKblN1rl2aoq0syXElpA1ZJLi9dboP6lbO2waoXdOUTDmA3C-QUIwy68bkUbtV0S-IZqt-c48xn8NNNTMsojJMj1FGLvFDZeYDKW1IAj4DAx8lGLqVgsde84WU87Sao3VFroxireEpK5ikusXbh6di4FQqgSN9NJ0wPbpmU28gUWtupBfYhnRABkhNplDt5SAdvKDAydFfr66NY269PMyMuuF42xu83JTJ5CUgfaYeyJIMahGXSn4xBVRkZl3gVcG88cEhul0ET3jW7quYqqF_Q6xyLqOeJhhJo5NAsF-CeFjPkiVKGioLEUpAwnC-UKfppTe0RbdcAE27-MhYED4AQBkgUECAQYAZIFBAgFGASgBi6AB_n2j70BqAeOzhuoB9XJG6gHk9gbqAe6BqgH8NkbqAfy2RuoB6a-G6gH7NUb2AcA8gcEEK62DdIICQiA4YAQEAEYHfIIG2FkeC1zdWJzeW4tNDc3NjA2MzE1ODI0MjU4OIAKA8gLAbIMFHB1Yi02Mzk2ODQ0NzQyNDk3MjA42BMM&sigh=UttU5GC6N-8&template_id=419&tpd=AGWhJms_ZaWLZEkGDUM2EN4F47sow1YxB2FVHX0PQJla41kTag
Requested by: Host: securityonline.info
URL: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 172.217.23.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s18-in-f130.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ Frame DC55 13 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 491dbbf802b6fa6c2095f3c2e0ec7d9fd3b4a2e45e3f995f3743359322af3f71

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame DC55 18 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2bdbfe725ca92d5f700368a06960761ffcb56eb1b971bf2765d6b37b84b26144

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame DC55 5 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 993e50d611146c07a9e237efb62b4e1e2c383bb60babb2156b7e8355f2d9a824

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame DC55 4 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: da24a03c821534adfde53e73a77593e96792660e091a8003c6cf9e77a9731824

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
100 B 79ms
76ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjg4NjY3IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1ib3gtMS0wXzMiLCJ0X2Vwb2NoIjoxNjAwMzQ5NzE5LCJhZF9wb3NpdGlvbiI6MTEwNywiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkZSIiwicGFnZXZpZXdfaWQiOiI2Y2Q5MmI3Zi03ZjllLTQxZWMtNDQ2ZS0yMWUwYTU3MzhmY2EiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjcxNjE0Mzk0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDQzNzYzLCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX3NpemUiLCJ2YWwiOiJbMzAwLDI1MF0ifV19LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjg4NjY3IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1ib3gtMS0wXzMiLCJ0X2Vwb2NoIjoxNjAwMzQ5NzE5LCJhZF9wb3NpdGlvbiI6MTEwNywiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkZSIiwicGFnZXZpZXdfaWQiOiI2Y2Q5MmI3Zi03ZjllLTQxZWMtNDQ2ZS0yMWUwYTU3MzhmY2EiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjcxNjE0Mzk0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDQzNzYzLCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX2ZsdWlkIiwidmFsIjoiZmFsc2UifV19XQ==
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:28 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:35:27 UTC

GET
H2 200 71614394 Show response
g.ezoic.net/dac/ 0
40 B 72ms
70ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezoic.net/dac/71614394
Requested by: Host: securityonline.info
URL: https://securityonline.info/porpoiseant/banger.js?cb=191-2&bv=86&v=35&PageSpeed=off
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:28 GMT
server: nginx/1.16.0
status: 200
vary: Accept-Encoding
content-type: text/plain
access-control-allow-origin: *
cache-control: max-age=3600, public
content-length: 0

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
77 B 70ms
69ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzI4MTE3IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1ib3gtMy0wIiwidF9lcG9jaCI6MTYwMDM0OTcxOSwiYWRfcG9zaXRpb24iOjExMDQsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJGUiIsInBhZ2V2aWV3X2lkIjoiNmNkOTJiN2YtN2Y5ZS00MWVjLTQ0NmUtMjFlMGE1NzM4ZmNhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo3MTYxNDM5NCwiY3JlYXRpdmVfaWQiOjEzODMxMDA0MzgyMCwiZGF0YSI6W3sibmFtZSI6InJlZnJlc2hfY291bnQiLCJ2YWwiOiI3In1dfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjcyODExNyIsImRvbWFpbl9pZCI6IjEyNDUzMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXNlY3VyaXR5b25saW5lX2luZm8tYm94LTMtMCIsInRfZXBvY2giOjE2MDAzNDk3MTksImFkX3Bvc2l0aW9uIjoxMTA0LCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiRlIiLCJwYWdldmlld19pZCI6IjZjZDkyYjdmLTdmOWUtNDFlYy00NDZlLTIxZTBhNTczOGZjYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NzE2MTQzOTQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM4MjAsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfYmlkX2hhc2giLCJ2YWwiOiJ6ZXJvIn1dfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjcyODExNyIsImRvbWFpbl9pZCI6IjEyNDUzMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXNlY3VyaXR5b25saW5lX2luZm8tYm94LTMtMCIsInRfZXBvY2giOjE2MDAzNDk3MTksInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLjAwMDAwMiwiYWRfcG9zaXRpb24iOjExMDQsImFkX3NpemUiOiIiLCJiaWRfZmxvb3JfZmlsbGVkIjowLjAwMDAwMiwiYmlkX2Zsb29yX3ByZXYiOjAuMDE4LCJzdGF0X3NvdXJjZV9pZCI6MzUsImNvdW50cnlfY29kZSI6IkZSIiwicGFnZXZpZXdfaWQiOiI2Y2Q5MmI3Zi03ZjllLTQxZWMtNDQ2ZS0yMWUwYTU3MzhmY2EiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjcxNjE0Mzk0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDQzODIwLCJkYXRhIjpbeyJuYW1lIjoibG9hZGVkIiwidmFsIjoiMSJ9XX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI3MjgxMTciLCJkb21haW5faWQiOiIxMjQ1MzMiLCJ1bml0IjoiZGl2LWdwdC1hZC1zZWN1cml0eW9ubGluZV9pbmZvLWJveC0zLTAiLCJ0X2Vwb2NoIjoxNjAwMzQ5NzE5LCJhZF9wb3NpdGlvbiI6MTEwNCwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkZSIiwicGFnZXZpZXdfaWQiOiI2Y2Q5MmI3Zi03ZjllLTQxZWMtNDQ2ZS0yMWUwYTU3MzhmY2EiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjcxNjE0Mzk0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDQzODIwLCJkYXRhIjpbeyJuYW1lIjoiY3JlYXRpdmVfaWQiLCJ2YWwiOiIxMzgzMTAwNDM4MjAifV19LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzI4MTE3IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1ib3gtMy0wIiwidF9lcG9jaCI6MTYwMDM0OTcxOSwiYWRfcG9zaXRpb24iOjExMDQsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJGUiIsInBhZ2V2aWV3X2lkIjoiNmNkOTJiN2YtN2Y5ZS00MWVjLTQ0NmUtMjFlMGE1NzM4ZmNhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo3MTYxNDM5NCwiY3JlYXRpdmVfaWQiOjEzODMxMDA0MzgyMCwiZGF0YSI6W3sibmFtZSI6ImxpbmVpdGVtX2lkIiwidmFsIjoiNzE2MTQzOTQifV19XQ==
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:28 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:35:25 UTC

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
77 B 67ms
66ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzI4MTE3IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1ib3gtMy0wIiwidF9lcG9jaCI6MTYwMDM0OTcxOSwiYWRfcG9zaXRpb24iOjExMDQsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJGUiIsInBhZ2V2aWV3X2lkIjoiNmNkOTJiN2YtN2Y5ZS00MWVjLTQ0NmUtMjFlMGE1NzM4ZmNhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo3MTYxNDM5NCwiY3JlYXRpdmVfaWQiOjEzODMxMDA0MzgyMCwiZGF0YSI6W3sibmFtZSI6InRfbG9jYWxfZGF0ZSIsInZhbCI6IjIwMjAtMDktMTcifSx7Im5hbWUiOiJ0X2xvY2FsX2hvdXIiLCJ2YWwiOiIxNSJ9LHsibmFtZSI6InRfbG9jYWxfZGF5X29mX3dlZWsiLCJ2YWwiOiI0In0seyJuYW1lIjoidF9sb2NhbF90aW1lem9uZSIsInZhbCI6Ii0xMjAifV19XQ==
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:28 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:35:27 UTC

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
100 B 69ms
68ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiNzI4MTE3IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1ib3gtMy0wIiwidF9lcG9jaCI6MTYwMDM0OTcxOSwiYXVjdGlvbl9lcG9jaCI6MTYwMDM0OTcyOCwiYWRfcG9zaXRpb24iOjExMDQsImNvdW50cnlfY29kZSI6IkZSIiwicGFnZXZpZXdfaWQiOiI2Y2Q5MmI3Zi03ZjllLTQxZWMtNDQ2ZS0yMWUwYTU3MzhmY2EiLCJiaWRfZmxvb3JfaW5pdGlhbCI6NjUwMCwiYmlkX2Zsb29yX3ByZXYiOjE4MDAsImJpZF9mbG9vcl9maWxsZWQiOjAsImF1Y3Rpb25fY291bnQiOjcsInJlZnJlc2hfYWRfY291bnQiOjAsImF1Y3Rpb25fZHVyYXRpb24iOjQ1MiwibXVsdGlfYWRfdW5pdCI6MCwibXVsdGlfYWRfY291bnQiOjAsImRhdGEiOlt7Im5hbWUiOiIiLCJ2YWwiOiIifV19XQ==
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:28 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:35:28 UTC

GET
H3-Q050 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/2908461788459041651/ Frame 7DF6 17 KB
17 KB 11ms
6ms Image
image/jpeg 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

341f0738791623b7286eda9ed3fca49633970f191be821bfe83ec47f1a1d1fe2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 14 Sep 2020 12:56:12 GMT
x-content-type-options: nosniff
last-modified: Wed, 12 Feb 2020 14:57:30 GMT
server: sffe
age: 261556
status: 200
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17695
x-xss-protection: 0
expires: Tue, 14 Sep 2021 12:56:12 GMT

GET
H3-Q050 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 7DF6 2 KB
2 KB 12ms
6ms Image
image/png 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 17 Sep 2020 11:08:58 GMT
x-content-type-options: nosniff
server: cafe
age: 8790
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Fri, 18 Sep 2020 11:08:58 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 7DF6 295 B
325 B 12ms
7ms Image
image/png 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 16 Sep 2020 21:26:58 GMT
x-content-type-options: nosniff
server: cafe
age: 58110
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Thu, 17 Sep 2020 21:26:58 GMT

GET
H2 200 greenoaks.gif
securityonline.info/detroitchicago/ 43 B
77 B 33ms
33ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI2Y2Q5MmI3Zi03ZjllLTQxZWMtNDQ2ZS0yMWUwYTU3MzhmY2EiLCJkb21haW5faWQiOiIxMjQ1MzMiLCJ0X2Vwb2NoIjoxNjAwMzQ5NzE5LCJkYXRhIjpbeyJuYW1lIjoiZGlzcGxheV9hZF92aWV3cG9ydF9weCIsInZhbCI6IjM5MjEwMCJ9LHsibmFtZSI6ImRpc3BsYXlfYWRfdmlld3BvcnRfY291bnQiLCJ2YWwiOiI2In0seyJuYW1lIjoibmF0aXZlX2FkX3ZpZXdwb3J0X3B4IiwidmFsIjoiMCJ9LHsibmFtZSI6Im5hdGl2ZV9hZF92aWV3cG9ydF9jb3VudCIsInZhbCI6IjAifSx7Im5hbWUiOiJkaXNwbGF5X2FkX2RvY19weCIsInZhbCI6IjEzNDE5MDAifSx7Im5hbWUiOiJkaXNwbGF5X2FkX2RvY19jb3VudCIsInZhbCI6IjE0In0seyJuYW1lIjoibmF0aXZlX2FkX2RvY19weCIsInZhbCI6IjAifSx7Im5hbWUiOiJuYXRpdmVfYWRfZG9jX2NvdW50IiwidmFsIjoiMCJ9LHsibmFtZSI6InZpZXdwb3J0X3NpemUiLCJ2YWwiOiIxNjAweDEyMDAifSx7Im5hbWUiOiJ2aWV3cG9ydF9weCIsInZhbCI6IjE5MjAwMDAifSx7Im5hbWUiOiJkb2NfcHgiLCJ2YWwiOiIxOTE1MzYwMCJ9LHsibmFtZSI6ImRvY19oZWlnaHQiLCJ2YWwiOiIxMTk3MSJ9XX1d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:28 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:35:27 UTC

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
77 B 34ms
34ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjc0MTE3IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYwMDM0OTcxOSwiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJGUiIsInBhZ2V2aWV3X2lkIjoiNmNkOTJiN2YtN2Y5ZS00MWVjLTQ0NmUtMjFlMGE1NzM4ZmNhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDU5MSwiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9zaXplIiwidmFsIjoiWzk3MCw5MF0ifV19LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjc0MTE3IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYwMDM0OTcxOSwiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJGUiIsInBhZ2V2aWV3X2lkIjoiNmNkOTJiN2YtN2Y5ZS00MWVjLTQ0NmUtMjFlMGE1NzM4ZmNhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDU5MSwiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9mbHVpZCIsInZhbCI6ImZhbHNlIn1dfV0=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:28 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:35:28 UTC

GET
H3-Q050 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame DC55 2 KB
2 KB 7ms
6ms Image
image/png 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 17 Sep 2020 11:08:58 GMT
x-content-type-options: nosniff
server: cafe
age: 8790
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Fri, 18 Sep 2020 11:08:58 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame DC55 295 B
320 B 7ms
6ms Image
image/png 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 16 Sep 2020 21:26:58 GMT
x-content-type-options: nosniff
server: cafe
age: 58110
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Thu, 17 Sep 2020 21:26:58 GMT

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
77 B 33ms
33ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjk5MjY3IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1sYXJnZS1iaWxsYm9hcmQtMi0wXzEiLCJ0X2Vwb2NoIjoxNjAwMzQ5NzE5LCJhZF9wb3NpdGlvbiI6MTEwMiwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkZSIiwicGFnZXZpZXdfaWQiOiI2Y2Q5MmI3Zi03ZjllLTQxZWMtNDQ2ZS0yMWUwYTU3MzhmY2EiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjcxNjE0Mzk0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwNDE3NjAwLCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX3NpemUiLCJ2YWwiOiJbMzAwLDI1MF0ifV19LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjk5MjY3IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1sYXJnZS1iaWxsYm9hcmQtMi0wXzEiLCJ0X2Vwb2NoIjoxNjAwMzQ5NzE5LCJhZF9wb3NpdGlvbiI6MTEwMiwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkZSIiwicGFnZXZpZXdfaWQiOiI2Y2Q5MmI3Zi03ZjllLTQxZWMtNDQ2ZS0yMWUwYTU3MzhmY2EiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjcxNjE0Mzk0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwNDE3NjAwLCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX2ZsdWlkIiwidmFsIjoiZmFsc2UifV19XQ==
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:28 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:35:28 UTC

GET
H2 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 85B0 42 B
175 B 30ms
29ms Image
image/gif 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst69sUfCKPrBL84bGpPiUIsV5-zSom5DDMOkAf-qg1DVqq8WjB3mhPtVVv2A7UFeotfF-oXX2Cl-pcNG-VUooHAUyzZ1dyvL98ix1GP3cVep3fDnptodwKk6LQD_g&sai=AMfl-YRn5lRIec2oyYPnpFRUGZYeYGYfs_mU7yQ1pOCqxJhZ_Pd2JhlpYAxF18h1zSmTbISS6DVrEqnQLytmLAyDiIU_x_n4xZuqd_1JDPhPXRfYNsSko91PgbGd1Lo&sig=Cg0ArKJSzEqDCwMmyUByEAE&cid=CAASF-RoECsY_outpTEbi-Uwnz0tjyB7_fH5&id=ampim&o=216,852&d=728,90&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&tfs=565&tls=1565&g=100&h=100&tt=1565&r=v&avms=ampa&adk=2766934257

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Sep 2020 13:35:28 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
77 B 33ms
32ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzA3OTY3IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1tZWRyZWN0YW5nbGUtMy0wIiwidF9lcG9jaCI6MTYwMDM0OTcxOSwicmV2ZW51ZSI6MCwiZXN0X3JldmVudWUiOjAsImFkX3Bvc2l0aW9uIjoxMTEyLCJhZF9zaXplIjoiIiwiYmlkX2Zsb29yX2ZpbGxlZCI6MCwiYmlkX2Zsb29yX3ByZXYiOjAsInN0YXRfc291cmNlX2lkIjowLCJjb3VudHJ5X2NvZGUiOiJGUiIsInBhZ2V2aWV3X2lkIjoiNmNkOTJiN2YtN2Y5ZS00MWVjLTQ0NmUtMjFlMGE1NzM4ZmNhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDA0MzUxNywiZGF0YSI6W3sibmFtZSI6InZpZXdlZCIsInZhbCI6IjEifV19XQ==
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:28 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:35:28 UTC

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
77 B 33ms
32ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjk5MjY3IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1sYXJnZS1iaWxsYm9hcmQtMi0wIiwidF9lcG9jaCI6MTYwMDM0OTcxOSwiYWRfcG9zaXRpb24iOjExMDIsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJGUiIsInBhZ2V2aWV3X2lkIjoiNmNkOTJiN2YtN2Y5ZS00MWVjLTQ0NmUtMjFlMGE1NzM4ZmNhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo3MTYxNDM5NCwiY3JlYXRpdmVfaWQiOjEzODMxMDQxNzYwMCwiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9zaXplIiwidmFsIjoiWzMwMCwyNTBdIn1dfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjY5OTI2NyIsImRvbWFpbl9pZCI6IjEyNDUzMyIsInVuaXQiOiJkaXYtZ3B0LWFkLXNlY3VyaXR5b25saW5lX2luZm8tbGFyZ2UtYmlsbGJvYXJkLTItMCIsInRfZXBvY2giOjE2MDAzNDk3MTksImFkX3Bvc2l0aW9uIjoxMTAyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiRlIiLCJwYWdldmlld19pZCI6IjZjZDkyYjdmLTdmOWUtNDFlYy00NDZlLTIxZTBhNTczOGZjYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NzE2MTQzOTQsImNyZWF0aXZlX2lkIjoxMzgzMTA0MTc2MDAsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfZmx1aWQiLCJ2YWwiOiJmYWxzZSJ9XX1d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:28 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:35:28 UTC

GET
H3-Q050 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 3F72 42 B
608 B 86ms
85ms Image
image/gif 2a00:1450:4001:818::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsutf2x4GLBA6QMCkF6X-tRXBB31m_pqY8v8mg6_hVHHLVYAukiutL9JIZPiF7BN1oH1g7-xB-WJ3tNgWG8hLKuio1ZYcwqU3NG1qXlt07SMzqNMDbhWITKZwqIOMQ&sai=AMfl-YTrWD0iIzwoQGg0w5TA5Ow7mVF8s0ZugZ7YkEGkdjXMIjWSovwshsDJgeROPeUgl0b9tWUo8faHZldnxd5BBZmWzoulacAHhTP6bbUPzdw35aSVvcgV3-W7frA3&sig=Cg0ArKJSzE2Nr9roeUK3EAE&cid=CAASF-RogUCGX8zfq2imSo_ErbvAMj6iQdCk&id=ampim&o=1181,677&d=300,250&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&tfs=628&tls=1628&g=100&h=100&tt=1629&r=v&avms=ampa&adk=3972398835

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Sep 2020 13:35:28 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
77 B 33ms
32ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjg4NjY3IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1ib3gtMS0wIiwidF9lcG9jaCI6MTYwMDM0OTcxOSwicmV2ZW51ZSI6MCwiZXN0X3JldmVudWUiOjAsImFkX3Bvc2l0aW9uIjoxMTA3LCJhZF9zaXplIjoiIiwiYmlkX2Zsb29yX2ZpbGxlZCI6MCwiYmlkX2Zsb29yX3ByZXYiOjAsInN0YXRfc291cmNlX2lkIjowLCJjb3VudHJ5X2NvZGUiOiJGUiIsInBhZ2V2aWV3X2lkIjoiNmNkOTJiN2YtN2Y5ZS00MWVjLTQ0NmUtMjFlMGE1NzM4ZmNhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo3MTYxNDM5NCwiY3JlYXRpdmVfaWQiOjEzODMxMDA0Mzc2MywiZGF0YSI6W3sibmFtZSI6InZpZXdlZCIsInZhbCI6IjEifV19XQ==
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:28 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:35:28 UTC

GET
H3-Q050 200 activeview
pagead2.googlesyndication.com/pcs/ Frame B863 42 B
65 B 66ms
65ms Image
image/gif 2a00:1450:4001:818::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuelbw9ik2k48uJNy-PFRze5jyBey2jI7grrJKVq_0DgdIvCSVJZg8vhRqbSmSXaYyP1wisqb1Xw_3GG96hKKoOLIEYlU6d4RLy1Eii3xVbHPkoKwS4CVvDtn3VoyJcS2jg9eH9s4Dvk7qsYCNMEJUIRQ&sai=AMfl-YSKSoIAwQ_zvLWtjHNrdNIRCYA4IUXMMIIcpEURIRAjfs_vRWTx5ySFvN8u-TJ_BH9Us0Q48sCC9OtwdfohM_xyDWuxU79VA5KBfWNRggadplqmSpr5H7jJLSUu&sig=Cg0ArKJSzB6ZOFt55agiEAE&cid=CAASF-RoUOHXmCk33hCkGMpSlLe8pqf64RTt&id=ampim&o=315,1102&d=970,90&ss=1600,1200&bs=1600,1200&mcvt=1004&mtos=0,0,1004,1004,1004&tos=0,0,1004,0,0&tfs=498&tls=1502&g=100&h=100&tt=1502&r=v&avms=ampa&adk=3873167905

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Sep 2020 13:35:28 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
77 B 32ms
32ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjc0MTE3IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYwMDM0OTcxOSwicmV2ZW51ZSI6MCwiZXN0X3JldmVudWUiOjAsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiYmlkX2Zsb29yX2ZpbGxlZCI6MCwiYmlkX2Zsb29yX3ByZXYiOjAsInN0YXRfc291cmNlX2lkIjowLCJjb3VudHJ5X2NvZGUiOiJGUiIsInBhZ2V2aWV3X2lkIjoiNmNkOTJiN2YtN2Y5ZS00MWVjLTQ0NmUtMjFlMGE1NzM4ZmNhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDU5MSwiZGF0YSI6W3sibmFtZSI6InZpZXdlZCIsInZhbCI6IjEifV19XQ==
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:28 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:35:28 UTC

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
123 B 34ms
33ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjk5MjY3IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1sYXJnZS1iaWxsYm9hcmQtMi0wXzMiLCJ0X2Vwb2NoIjoxNjAwMzQ5NzE5LCJhZF9wb3NpdGlvbiI6MTEwMiwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkZSIiwicGFnZXZpZXdfaWQiOiI2Y2Q5MmI3Zi03ZjllLTQxZWMtNDQ2ZS0yMWUwYTU3MzhmY2EiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjcxNjE0Mzk0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwNDE3NjAwLCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX3NpemUiLCJ2YWwiOiJbMzAwLDI1MF0ifV19LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjk5MjY3IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1sYXJnZS1iaWxsYm9hcmQtMi0wXzMiLCJ0X2Vwb2NoIjoxNjAwMzQ5NzE5LCJhZF9wb3NpdGlvbiI6MTEwMiwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkZSIiwicGFnZXZpZXdfaWQiOiI2Y2Q5MmI3Zi03ZjllLTQxZWMtNDQ2ZS0yMWUwYTU3MzhmY2EiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjcxNjE0Mzk0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwNDE3NjAwLCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX2ZsdWlkIiwidmFsIjoiZmFsc2UifV19XQ==
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:29 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:35:29 UTC

GET
H3-Q050 200 activeview
pagead2.googlesyndication.com/pcs/ Frame DC55 42 B
88 B 59ms
58ms Image
image/gif 2a00:1450:4001:818::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssK_aW2ff_UALW3jezrm-Tv4p9TR93hSB6CkpXxbZDFJUcZpJ33kHqNi3o70559n6C4e4yiXEgm2RUg4SMkaDV1JJAXr2unTQWe3lhOIX0DJe0BsRH1SDqWJqmcGQ&sai=AMfl-YToqZ3K4QOD-NprwKRBAZBu3PqfkYcRId-QHt3BcEiirkandonkASNtqUARLZvC09D2IBWXp23l8hKc_EjAW63YNPPDPWggvG4-dNAsQ7xsCQ6DJJ0wm2xoZJE&sig=Cg0ArKJSzIo3gCWeNuV4EAE&cid=CAASF-Ro1wbqD4pmdha473VfVTx0DFRy7Id-&id=ampim&o=216,512&d=728,90&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&tfs=117&tls=1117&g=100&h=100&tt=1117&r=v&avms=ampa&adk=1835722818

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityonline.info/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Sep 2020 13:35:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
77 B 33ms
32ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzI4MTE3IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1ib3gtMy0wIiwidF9lcG9jaCI6MTYwMDM0OTcxOSwicmV2ZW51ZSI6MCwiZXN0X3JldmVudWUiOjAsImFkX3Bvc2l0aW9uIjoxMTA0LCJhZF9zaXplIjoiIiwiYmlkX2Zsb29yX2ZpbGxlZCI6MCwiYmlkX2Zsb29yX3ByZXYiOjAsInN0YXRfc291cmNlX2lkIjowLCJjb3VudHJ5X2NvZGUiOiJGUiIsInBhZ2V2aWV3X2lkIjoiNmNkOTJiN2YtN2Y5ZS00MWVjLTQ0NmUtMjFlMGE1NzM4ZmNhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo3MTYxNDM5NCwiY3JlYXRpdmVfaWQiOjEzODMxMDA0MzgyMCwiZGF0YSI6W3sibmFtZSI6InZpZXdlZCIsInZhbCI6IjEifV19XQ==
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:29 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:35:29 UTC

GET
H2 200 army.gif
securityonline.info/porpoiseant/ 43 B
77 B 33ms
32ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityonline.info/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzI4MTE3IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1ib3gtMy0wIiwidF9lcG9jaCI6MTYwMDM0OTcxOSwiYWRfcG9zaXRpb24iOjExMDQsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJGUiIsInBhZ2V2aWV3X2lkIjoiNmNkOTJiN2YtN2Y5ZS00MWVjLTQ0NmUtMjFlMGE1NzM4ZmNhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo3MTYxNDM5NCwiY3JlYXRpdmVfaWQiOjEzODMxMDA0MzgyMCwiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9zaXplIiwidmFsIjoiWzcyOCw5MF0ifV19LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzI4MTE3IiwiZG9tYWluX2lkIjoiMTI0NTMzIiwidW5pdCI6ImRpdi1ncHQtYWQtc2VjdXJpdHlvbmxpbmVfaW5mby1ib3gtMy0wIiwidF9lcG9jaCI6MTYwMDM0OTcxOSwiYWRfcG9zaXRpb24iOjExMDQsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJGUiIsInBhZ2V2aWV3X2lkIjoiNmNkOTJiN2YtN2Y5ZS00MWVjLTQ0NmUtMjFlMGE1NzM4ZmNhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo3MTYxNDM5NCwiY3JlYXRpdmVfaWQiOjEzODMxMDA0MzgyMCwiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9mbHVpZCIsInZhbCI6ImZhbHNlIn1dfV0=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 13:35:29 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
status: 200
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 47
expires: Wed, 16 Sep 2020 13:35:29 UTC

Verdicts & Comments Add Verdict or Comment

386 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

30 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
securityonline.info/	1970-01-19 21:18:05	Name: ezux_lpl_124533 Value: 1600349721001\|6cd92b7f-7f9e-41ec-446e-21e0a5738fca\|false
.securityonline.info/	1970-01-19 12:32:29	Name: _gat_gtag_UA_63315582_2 Value: 1
.securityonline.info/	1970-01-19 12:33:56	Name: _gid Value: GA1.2.1184698377.1600349721
.securityonline.info/	1970-01-20 06:03:41	Name: _ga Value: GA1.2.1643016272.1600349720
.securityonline.info/	1970-01-19 12:35:22	Name: active_template::124533 Value: pub_site.1600349720
securityonline.info/	1970-01-19 21:54:12	Name: cto_bundle Value: -w1Opl9XJTJCZXZEeklJN1VLR1VtdEZYamh5RE1GWUJ0NHNsNmhCSmpVaVhaMEJpcEZ6NUFvWTBNelZoc1NOek93RXc2R2xvdVV5bE5hZXIySU9zM3dES1hMTEpid2pRSEg3V2UwTkFib1lHd3FQJTJCcU5kWE9ub3hOMU5RUEpqaW9KZml3dHA
.doubleclick.net/	1970-01-19 12:32:30	Name: test_cookie Value: CheckForPermission
securityonline.info/	1970-01-22 01:51:41	Name: ezohw Value: w%3D1600%2Ch%3D1200
.securityonline.info/	1970-01-20 06:03:41	Name: ezosuigeneris Value: b96691e5408a391b80badcbe890c8028
securityonline.info/	1969-12-31 23:59:59	Name: ezouspvv Value: 0
.securityonline.info/	1970-01-19 12:32:36	Name: ezoref_124533 Value:
securityonline.info/	1969-12-31 23:59:59	Name: ezouspva Value: 0
.securityonline.info/	1970-01-19 12:32:31	Name: __utmb Value: 264774413.2.10.1600349720
securityonline.info/	1970-01-19 21:54:12	Name: cto_bidid Value: yj-DfF9DeE1LZjBlYlg5SSUyRiUyRjY3UWFPVFM5ejQlMkJxcU56ZW5acVJidmYzZm40UXhZYjl5NTc1VGpDT2d3TU5IbWtQT2dGMFN5ekhLTElDJTJGWVFxMFlHV3RHYXFBJTNEJTNE
.securityonline.info/	1970-01-19 12:32:30	Name: __utmt_f Value: 1
securityonline.info/	1970-01-22 01:51:41	Name: ezds Value: ffid%3D1%2Cw%3D1600%2Ch%3D1200
.securityonline.info/	1970-01-19 12:32:30	Name: __utmt_e Value: 1
.securityonline.info/	1970-01-19 16:55:17	Name: __utmz Value: 264774413.1600349720.1.1.utmcsr=(direct)\|utmccn=(direct)\|utmcmd=(none)
.securityonline.info/	1969-12-31 23:59:59	Name: __utmc Value: 264774413
.securityonline.info/	1970-01-20 06:03:41	Name: __utma Value: 264774413.1643016272.1600349720.1600349720.1600349720.1
.securityonline.info/	1970-01-19 12:32:31	Name: ezovuuid_124533 Value: 75013b99-e927-4768-40cd-d795322a8888
.securityonline.info/	1970-01-19 21:18:05	Name: ezCMPCCS Value: true
.securityonline.info/	1970-01-19 12:32:36	Name: lp_124533 Value: https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
.securityonline.info/	1970-01-19 12:35:22	Name: ezovuuidtime_124533 Value: 1600349720
.securityonline.info/	1970-01-19 12:32:31	Name: ezoab_124533 Value: mod72-c
.securityonline.info/	1970-01-19 12:32:31	Name: ezovid_124533 Value: 313507039
.securityonline.info/	1970-01-19 12:32:31	Name: ezoadgid_124533 Value: -1
.securityonline.info/	1970-01-19 13:15:41	Name: __cfduid Value: d0840541fcaf7173a4ee27cfa8adbe45d1600349720
.securityonline.info/	1970-01-19 12:33:56	Name: ezepvv Value: 1303
.securityonline.info/	1970-01-19 12:32:31	Name: ezopvc_124533 Value: 1

12 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js?ver=5.5.1(Line 1) Message: OneSignal: Using fallback ES5 Stub for backwards compatibility.
console-api	info	URL: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js(Line 420) Message: Powered by AMP ⚡ HTML – Version 2009010507000 https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
console-api	info	URL: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.mjs(Line 9) Message: Powered by AMP ⚡ HTML – Version 2009010507000 https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
console-api	info	URL: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js(Line 420) Message: Powered by AMP ⚡ HTML – Version 2009010507000 https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
console-api	info	URL: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.mjs(Line 9) Message: Powered by AMP ⚡ HTML – Version 2009010507000 https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
console-api	info	URL: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js(Line 420) Message: Powered by AMP ⚡ HTML – Version 2009010507000 https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
console-api	info	URL: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js(Line 420) Message: Powered by AMP ⚡ HTML – Version 2009010507000 https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
console-api	info	URL: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js(Line 420) Message: Powered by AMP ⚡ HTML – Version 2009010507000 https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
console-api	info	URL: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js(Line 420) Message: Powered by AMP ⚡ HTML – Version 2009010507000 https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
console-api	info	URL: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js(Line 420) Message: Powered by AMP ⚡ HTML – Version 2009010507000 https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
console-api	info	URL: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js(Line 420) Message: Powered by AMP ⚡ HTML – Version 2009010507000 https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/
console-api	info	URL: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js(Line 420) Message: Powered by AMP ⚡ HTML – Version 2009010507000 https://securityonline.info/hot-potato-windows-privilege-escalation-metasploit-powershellhot-potato-windows-privilege-escalation/

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

9f46ee1ec8ac4216d9f21580f094faa8.safeframe.googlesyndication.com
ads.pubmatic.com
adservice.google.com
adservice.google.fr
ap.lijit.com
api.pinterest.com
bidder.criteo.com
cdn-0.securityonline.info
cdn.ampproject.org
cdn.onesignal.com
clients1.google.com
cse.google.com
fonts.googleapis.com
fonts.gstatic.com
g.ezoic.net
g2.gumgum.com
go.ezoic.net
googleads.g.doubleclick.net
graph.facebook.com
gum.criteo.com
hbopenbid.pubmatic.com
ib.adnxs.com
mug.criteo.com
pagead2.googlesyndication.com
pixel.quantserve.com
rules.quantcount.com
sb.scorecardresearch.com
secure.quantserve.com
securepubads.g.doubleclick.net
securityonline.info
ssl.google-analytics.com
static.criteo.net
stats.g.doubleclick.net
tpc.googlesyndication.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
172.217.23.130
178.250.0.157
178.250.0.165
185.33.221.89
185.64.189.112
216.52.2.30
23.210.248.189
23.210.249.92
23.37.53.17
2600:9000:20e8:7800:2:cb38:840:93a1
2600:9000:20e8:9e00:6:44e3:f8c0:93a1
2606:4700:3031::681c:a6f
2606:4700::6812:e134
2620:116:800d:21:36a9:ecb:e518:b308
2a00:1450:4001:800::2003
2a00:1450:4001:801::2002
2a00:1450:4001:802::2001
2a00:1450:4001:802::2002
2a00:1450:4001:802::200a
2a00:1450:4001:803::200e
2a00:1450:4001:806::2008
2a00:1450:4001:817::200e
2a00:1450:4001:818::2001
2a00:1450:4001:818::2002
2a00:1450:4001:819::2001
2a00:1450:4001:819::2003
2a00:1450:4001:819::200a
2a00:1450:4001:81c::2003
2a00:1450:4001:81e::2002
2a00:1450:4001:81e::200e
2a00:1450:4001:820::2001
2a00:1450:4001:820::2002
2a00:1450:4001:820::2008
2a00:1450:4001:821::2008
2a00:1450:4001:825::2004
2a00:1450:400c:c0c::9a
2a02:2638:1::13
2a02:2638:1::3
2a03:2880:f01c:800e:face:b00c:0:2
3.126.196.163
54.72.59.180
0001e893552b1e9805eaf2cfe9b6867ddb916e2213083d8d1513aa3e2ee2dd78
004748c08168a1f2d0e7f3fc00aaca870283d9b61ae0dd2e6d830434c453f443
027cb2d2264d14a680f02e62c3406938e3dab31610d1f56b8d76b56aa5d316be
02fec5849f8ab7bceb4450d167f382e9079bd3a5d0f33a00942869641811ab3a
0427044dc58b5145ec8dba0c8a0cf3e588e15022071b150bcf14c326bf223a82
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
074a675b7ebcea2c845dc7f05186e9548adae897729ec74ca3d48c183446b491
089630244600f33230010f5e04c67419ec642c5228540adb42e3fe92c631e6bf
08f50e9e70388c99977ca13b6af3a49f8f48c83e79230d51ea72a56c0735bd0c
09cdbdf6f9d172e33e98503e34a84d3b7abf9c4d5ec646816bd5a3b6c9878aa5
0a003b8eb3a6e5b55e01463a24db3313a6453a3179147efffd102603a837220b
0a64ba8f3fad617b217d31feec7cbe180b1cc428df70754ab6a6d3277ac1bf07
0bed2f0ab11bd667ba0ac8acd6291623fcffbe94274137be374d4eb26c40e872
0d6e69a0aef977e4aa5bc1336d91092c5ee481cf495663807880b3641a0cdf37
0f68d3455fb67ef025158abbd27d25ee615e81af3c5034ba89b15e649b7c09bc
0fadd83464640fea2e28bf01fdd092956772ff393ab5399a496d1caec4170cb4
10d4b728888654e0b85c706a9310b551087d3321fb8ebfff147d07b13fa73bf0
10df679888a9a7e691342a37ae36f72982ffa342f0f252257c8d9f9ee24ac72a
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
12a24c1feb4b8e8e3872a9fedee80fcce55a6f59b14607d640fcf4f3054ec43e
12deb5082d9a265422916da8c3f6b1db8636ff8a5a72e0cad6cdf62f1ef5fc93
157288640b5b1d678bbbc7bce5487839525cde47df5a185ddacee936d1ba0cf6
15f0626dd31e3e991a1c21d6304f2e370b92b3c91650de3d7ed8a38f1159a457
165e44fb0613558834c2a765fb0d311d8b70bb1310ac81ce3bbda9e873c43a3d
1963ed83c844461f924e3ed1429f3a0723bba1201b4bede25c93542a91ec24c5
19c3a02a98e5d7475c276714dd195f5cdee6960529e79a1d5596dae65306fb2a
19c8cf1977629d9223bff1a25239a56bbcbde09744a5f1715c88bef270d2b974
1c429864fe1de58766a03163ffe0885b16562c72163627bd3dbbe34626063595
1ca10f8a06498f5c3104fbf34cf163e62be492b1a214470ec765215b20a166aa
1daab0f66666bc3a1d05d70de979a80680d985cc924e233fab61eef2d03bafe2
1ee0fdf92abf9d45a08fc37c9ce6ad60211ab39ed99f8e175b97ae319f90cc77
202b996ecf2e297ad729f6416b33aa1e4615c2f11425a2aae9fb829c259641dd
21cb9221d772cfd0d3de7240fe5c07ee1c06b9bd945111a2e0491ae243eb0b41
22543eacb09c0e55e8e7e53a3a2acfad7dec9db1d017930a54ecac1eea91273d
23c35871bd433283c634753bf3cc4db2d86aabe41b910b8fae020c6f35698756
251e8e864140d9a7ceacce3371ff692595dd0a455ad000de4041d8a313618bd7
2552d7c23422703c2101c30839bdaafe6acc1c8cdba7f68b839bfbedff47fb48
265daab67c582d666b9e69fd8143d4d96f69d451250caaad57820220315351ff
293dec782b7781fe92139a3f3b74430c0a612252abbdeba898cc93fc9528f1a7
2bd0156e741e85449326079a5da45d83df16fd53f52505da7a3a41cb5bf9a62c
2bdbfe725ca92d5f700368a06960761ffcb56eb1b971bf2765d6b37b84b26144
2c3097237d60f42e800ebe4009c9af144bb19e5581e1c0501c7b259eee7e210c
2dd8bdda87e9d34400fe0c2219f7b525489985044e7221ecee3718b0e8ae68d3
2e646c1f28412f4b3ef7a43f8a277b555fa4a7923ea4cc8e2d822c71cce83fc5
329d1a750114920332eadc55c129957d9dbe5a1b25745e2f7e0ed4fad75e04cd
331b2b1241f1f2a53744bdca867c5b76954d9431970e91f490f64c707fc24a16
340a60ae5197bdf973e45df3ecb012c2ea25e0b90f4f5fc6e48683bf8cccb6dd
341f0738791623b7286eda9ed3fca49633970f191be821bfe83ec47f1a1d1fe2
35582d091af6e7ae255a588f11ac20f8f3f6eceafffc8dce353f65ba475b246e
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
38a4a0616eec7a64dc1b6a5c034eab3d054af0bd040c1c0d41df6435e905499a
3917bfd518c94961381b2d86323537c6feebf347b1a4575327dddb9a8c1f62e0
3acd0ef30b837fc8ff0110d042683c7838609f13265e0f109666defb193fe4b0
3d0893147bcc14b3cd37ac8850276e33bb6c7c3f09443fec506a6273742e7b50
3ee616c196929a4f53a3e3bcd5180a9dc120291406059a2cf72be99bb13e512e
406af05d2f01dbbe1f44b78d85757ec25fb7f8288a4ce7c4443443f738e1124c
410b82b48a08418fefcd7d5f9936c897461b66c3550d654cc9000353cd8671d1
41eb9054d5d5527274926b32631be8eb22dd6254f15a4d9d14cfe2688ea4f538
432ba502041e398c0e22845269f1618de0c3ab61700189dc80cdb581fc4986f2
44448f8722571f32047ab0f1ae0b60ee77e270a84db9fd08564874c18ba38200
4691d2d9bbf29b666d996e8cb483e60fa6f3e071f1091a57c2b3ac4413216b24
469b433052ea60b4451bd94f9799124e36632920e258eb319dfe3c66c362f498
46ba3b3b6854781aa5c1f97bd5277cb0fb139dd498386b7d6233563887f88e53
473c3ba5a4cc196ba3fd1bcb77217d2f7599dbde00f67d51b5f71cce4d5fbbca
491dbbf802b6fa6c2095f3c2e0ec7d9fd3b4a2e45e3f995f3743359322af3f71
49c674a5b6988e76230bcb3d454bed80de3a4d1c8116e13b438308ab3d007fd1
4bee892d451bec22710e7342576780de52825fd4a6d256b0e1f0c7ec1e26c3fc
4c690e2a4de9beecc81abd39047f8365bac530faf20ac8e0fe5e8eb07199a242
4d75964c5d57fe9b7fda71ef1b5f09e5dbd2627b000900cd2a3289f8208b3c4d
4e94e1937263253901f5abbf4f4e4af6e64355c6006bf17815f9bf53a1eed7b4
4f6d6d58ed2a2682a8227e4607d10a25d8381027dbe851a481ec7521667015fb
502d6cafe4117b519ab6dd5ea0940215f6e1360d9f6f9ca5b054bd7d78bd5951
50452097439c6a3bf6553aaa8760e8f1e5027ac3094a1cec0a18e410a5aa7332
52df8a245d91ed0c010c160750e959934e80caf88d6f0e96c26f5354c88781e5
52ff866da27c377f545e8bdd92db9a384a5b991b3f638387b52a75d11f178d7f
53286c912077584d90842a8c25acdbd093aa21cd4abd27c8bec3c2fd87fd6e63
542ca9beffc740a762815bebe9c5326a5b80609dcc92b5dad6c2e58a1e6628b2
545881e36f9fe4d4d387c90f876f32df9c0cb800545fe5bb0496a58f6dc53b86
545db95c68d8f15f791cf50cc465b1839e1380492dc9e1188a1c2afa9b54a27c
560c9762f1a93cbe16414664ce9bee69178e6ba991457d442768c54350ba7c5e
5754421ebaaf43f5a5f98ae533d87f7d5ffa59b0afdc41843e4814fc87277438
57b34a23487339f53b201f781b1ef81f58cdf77033f9551c44efe8a21b49867c
57ea8d5174df65810f882b281b5afb23d61fabe73b2d8a20e2c860a51f985139
58538d7f63f5d5e7567b4a66d69f0d00ca5af01426b82f084c9965f4fd8d2ad2
58f8361c4491694a5d3ceaf1abe63a5671bd6e9e7e3ae8f802de04a5d2118083
5adef688aa4c57be5184afb4622cdb851184a870393b6431132ec8d7c957808b
5b2b8d431ffc12e91090b624fc573a8ef4d18a8c68abc862fe1b1f40b17be72a
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
5d34d23e272d1779464212f4913d8364e834d3fcc1cf68b8c06cda9764b5ee49
5e45fc2c6594ef5ee350c6bcc8ff4fbdfb993a38ed0ea23ccc1aa344b3a199fc
5f610b26f64a24393b507cc04fc6dfe3ad1db063abf172c072507ff8cce98b22
60863e86aa7743d1ac841da7f473a05cd57fba81d661cef658e385437f80d5ef
610f9ce48302d0f60bfa714a6036350e37fc95993f503adc60111003eb0ad271
61cbb5c2160e63b54db392f39aeb3cef24a738cb646c997c1ad8a8304182bcf2
623d2a664f5c5df16b2a6934fbf14d888e173665491d4455ba36c84cd87c325f
6296286517d7c38458487bc19574661edc22928bdea3a311438d4753b055aa38
671e06e400e8255ef8cf2d05ac3e19f7f7e9a365dc10470f96492c2cb15d606b
699d4828c42481ca941e4faf8ffa28d0e08f30044d54b41af5a8d9bde16dcddd
6b9285f9edd40cc32778b4b638073571f74f4f02718c2be5ff02add14a61849e
6bd0061703032a01106ed83473769241d97562b10a509506d81ddc2aee56635e
6dc4e0ef60d1c3d76dd0440547f199428d58ad2272a9b313fae25b40a1fa5b0d
6e84679afcd6b3318255311ebf79a473b7471ca8cf4ddce1d387bbfa5b1242dc
6ea7c99e1dbbc6941aba0798d6a6913f605e41321b1e3f4f5bf9de96933814a1
6ebcda7a3a41ef97f0b4071160ceb1020e540fdc0f790079a5c2ef01ab654fe0
6fca0b40781598023aed9b45225711771eafce8f14392a49d6ed57d567255002
751240a4992a92b5e2315f450e34be73aeca5f8a5a47141b9783cd475ee76c46
7650b657c66beaced0315d523bd74d8865635fac7b79c1e781cfb29eae95b579
76a8c8ef4cde9cbd17bbaecf11ee316fab4e55cc661093e4b2d80a4e1ff52897
777cc56d4fcbc36f7a94abab1b63d6c20cf73def1bc63f02aa2313b0aa609ada
77a59cb277854c7e55d027b3cc11095a241d8107ff7be5b345403453a3d16be1
79c49c37107dc301cefbe781889d4b8c4a9d67997cf77a1f85adbc90c0feada1
7b5fc275c98a58b1073a713920cefa54fab60ad9d85a67cf6907aaf8fbb3c474
7bab636818974693d43863969433d7aed1dffb20fa23724585c28b9042faa183
7d1574315d35ea396b52383c5d5c2e94bafe1e22c5af2711a54a067f42a0c7f9
7e35cabd11a8b69eeb4985b0201fffbafbc87f8ea0520574c8a919d9fa4f086a
7e38aa6b2da432d605a0e1fd25232318cecbfcc4e662e6d652f1df3836067243
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
8130c2c72afad9d94581ef93aaa00524093103c47c71fce52f606d5ff693c3ce
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
836994c723fd86222103c066fd2f12fde48749a5e3d5a60edfd37edc591f5799
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8738273ca0477fcedfa3cc6731d9d7508fb2cfd386abf715855a11ad0f0a091b
8b2484fa9a9b136b9eb56c1d2b3bfdacd1c8970acf325585235aa35b16fc010a
8b5db2704b1f936faca0018b696554c5232f7d36b16e9e1da3ab4e2ba6a98ada
8db44bc93bac5fc387384bcb325d1eecb4c45adcc0f6a455aa981fc5f6e21a23
8db659e952798e0b38631c493bb65763b2d9cf833d37dff4a911c6b20c8795cd
8f5102fffc97f20212ac285df3292a8b9c3e486e4620e289c6a59c2db288c8a5
8f8e1755c04df0faa3a3ee693bfe9e0bd973cda9a7642cc593919924a60d5d25
9193220f7d042504a533e58f6e19f01f6416d809df0e54fc9b24e586604234b7
943a150e9577247cc5e8e493065795ca77a35485b4169f33a4d6f570c209b010
94edf973e9deb80b5eccf17f8f3108eafe15209fe25fe417e8f8962a4d8f48b3
95df0dc72ac5c263f270d3af3b5b084c91c2cb68c28722cbecf7c0e379835129
96e3623b4080d2a019664c7f4e55cb1536a45fb84c3b34aeaede4c04b4bae373
971f0f0cb5b714b6e1205861ab1010bd7247643d14da5d3fd721f930a3588541
993e50d611146c07a9e237efb62b4e1e2c383bb60babb2156b7e8355f2d9a824
997e1fbf8331c9f3af1ff0ace8c73754cbfce4c143c785b7bc44dbcead23576e
9a80aa6ab6ab2d9c428d9a469e5f2b6aad8e8c621374083b3ac0e25823e766b7
9cc19c02d87c3360d404c6dcf6e7982304f5e54abda4209de7a3bc44d3c54883
9d6018d81293c8eed8e3699f3d03bad1c88dd5921bd729fc0ae3033f14ee538c
9f1ef43e08b0ac48f46756f93bfccf5659938df5e9faf5d173d9d5b0d865a6ae
9f68bdf8676ee8d3d0dfbe173b8f70463dbbd5305300deb6de8a6335e54c715c
9fc6094c2e6b0ff00f5fdfae47573fdcb4919bd1d76e53e958b8c08c5c9ec37c
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a1121ddae718cdded9e8eb4397e229e6f6ea01b9da73cb8a85c47c8cca4da340
a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79
a2bd6d03b5ca4077052ad35975e64c93f8d790133a8ba0eea95d20fb5beb0b09
a31af8dd93da9254a48f970f5f9cf69615994c63467d790f08e8a3402c1aac61
a32dc6a792384a0cfe0314a40991c6fee68809b10dab275863b851dddb2b59d6
a37060caaac2ba759aef9001a07b81aee51a0e574ac9f93df3c87510b4935e00
a4f18ddd4caba1566fa5d13fae04857ac271e0ace89d52a87f0aeff46ea5362b
a61307b63d4884dbc257c672318c63eba9c3ff9d5d1f7e52978c878c6739d7e9
a6727397edae6987936d8170ee63d2af5ad0f9a7ee27fd02a83c842658d1be4a
aa475af0fb05e1b76590fbc8eb5b49d3c1e772a8efbde59c9991e07972f1223e
ac248ab7da608a3a61f44032c9fcf1e3d0f2d74ffd6ca2e12031666038f10685
ac4505a3ec35c5418aa4bb8d44be7302793b1c24917517d2c7c8017af59360ee
ae5e966202c7dee280dfb8585bfcb1be51cfb6e574e5be53d7da5431be4bc340
b1952a049c1c32e2f84609ab6e51fc7c38ba2b699556b6f13ce5502159b75f16
b1dc24e006fa2318e39f6f3f768fa16406f11e834edd45edb67fcc9a5528bb20
b260d188c64b6737b307a491daf03fdbbe9937e531d88496bdbf359ab6f3c943
b2d8e99473e424f74a43e9306645016e131c455755190eac1d751c0b123860aa
b3012281015578d547c34995d24b1280f3b1a08e8b9555594559743e4b6a8a7b
b66198ba22b75ded5361e12c0aa672d1b32c96e066ddc0f9d07d0bfbd1dc05a8
b7bd6ba996aaa9583f93316051574f62058bf393715778a58dc3c86079f3a321
bb7e6544b935ba12e18c181e561969111f7e72cc3518506b82b06f98952dd777
bd86b95bea595c72222a1200def5ea607d4cb0ef52583f0e7dde76240604bd48
c090c938bbe4c0ed91065ff339cc4799f3758b9c1df20af104ac749ec285f97e
c1cc7bba3d96fdeca166dbda5a3e139210fe3472cc8d0845ed01018f0bb9e3e5
c44aa436d9253251e639cfee27f6bdde625dcfed0dcc8887ba1889b14a613036
c90cff659645a312a28804965f3dbc34061338f7234ff5d6ddb2c57e9eadec15
c9ec9b8861083a87f9ec094f091a3e603bcdd290423d9fbddb74dda311396469
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
ca8a9b87545d44cbb0982e9eb09065b20d8981c62c31be7577e03e441b0503bb
cae53c4f0b44a0bb324fc5688dec956890967e704a41cde9590acebe8c490712
cd3419c71016f3349e48784e0926bf24f12522952e99e720066ce84b19407413
cd924f110775131502aeabed9e0bc1b4397c74c50e0ba822fe34859add5038e8
cdfdffbbedc7d456129e9a0f07a6a6a7512a8e27146f3fd086e7b78f3c6f17ac
ce0053f102979fbe0d7016c6fa99f0c83616bfdfc4bd7ff98ef28c930a6f930f
ce5e132dd07f117213f781a070879ce0b9e798b7936f1b4b2d05666543a8fa2e
ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e
d06df4184ba84e09a4be6a6ed101d1c3adefea0eaa833ddecf2f2251f6af33a3
d2202487eb46bf6c947314b28445ec928cccd43f6c9435fd1fed7629f0e4c0b2
d337aa4ea0cace6bd743ef8c3b5d1d20e6e676bb4a650c7335a7383635529f31
d58bb602933a5965ac11c7e4adf8ee78dc28d708bcca0bf61e5c1eea43176d57
d5ac8d4a97319fa88e5c67386d17a9a4f87e6fbc6eeb39a6b0e62b88e6222573
d69a25e21a7f5a43376d8f91b3e2f5aed453da3b2a5bb45b80b13bce87361d79
d6e21afc80800ed2e2c08801d5d864825eb9044d167e7d56d695ad546b158cff
d7076bf3e5b101bd3b76d647d62599536b825fce772df9b78b51f32c9f833666
d817544868fac59d4df3005c5bfaa4ddd27296549acb1e8ce759b8966166b5c1
d955e63bec86fd10587a65c51ac7cc350e359fee2a0377b6699fe0f102f79e77
d98f76f0461187c365efd671a87749384de00b589e87fb30c0486a892769c412
da24a03c821534adfde53e73a77593e96792660e091a8003c6cf9e77a9731824
da8fa59837d543f3779c22e98284b13313e36d1addd62d77638fd5ed91f6700d
dcec22bbcb68119d6c7d6d5e088fb82183a9826d0c9e3403f1386fd837f06a89
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
df5cbd2786ea3a36fde9109c4387e84d1ea8dfe0ba4fb43c3e2e14d16bbcd0a7
e1a3c83144fa5752c8668ca056742ec9e6d6dfe5cfb75a97a9e53d1150068f91
e2da39381e641e20c27062bfcf050c8d016c4f3c8cf90a282b766f2c6a109cce
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6215f0ffdee758bf91f50e88a71c8a1aa8e9e3c92018960386cfafd7482ce40
e6d1db859072329da50c95cfc6aab594cd07a92458222ac5b58a7b69d2fa3f6e
e8c34feb257c39890a3e61df1530f0c4ce05e2b480edd2c32f3bcd37d3927ee8
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f172967a729759a53dbc5eae7588bc262c1378eef17473931531d5f63a505557
f199a20f1fee7dec152b3591272f9715b536ed88b4c36194488fd5a734caf707
f3747e36247ffd825c7c6f335a5640e8df047d25814fccde04a69f9281d0d0fd
f3acad8012b1f385b0332720f84528d33b3b793c3be7e2f9c032c78a21874a79
f3e44f2d98e1375e63cee138c7f86a7a89fce505b8729ffaefac348cddfeaeaa
f52a648420886a9e42fb565e3fabdce3397f716d9cf51031fa990eaff5e1db0a
f7e89efb16a7801b38c331e1465e314e63a5789df627957ff09e94e3a35b5f25
fae029a7132853c4b68e6de7ed89a30da1e86ba0ca33056c9510c02ebb286ff0
fbfa862d58428e1b4d0c8d9e35c1a21561ed65a830cebdd54f9aaba73cad5827
fdfa88f5944dec5779198f3f07c3ab7298a0b909d9133ab90d24dc0d41352858
fef134a7880b8d72bac16738b34fe1ed9a72da52f702537b22486826cd3b5888
fff0fc6b7399ea7d14385fe27a25180ea359dd7231043ca63ae374e2ce2972e6

securityonline.info Open in urlscan Pro 3.126.196.163 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

425 Requests

100 %HTTPS

73 %IPv6

25 Domains

39 Subdomains

41 IPs

7 Countries

3465 kBTransfer

9116 kBSize

30 Cookies

18 Outgoing links

Redirected requests

425 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 19 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

securityonline.info Open in urlscan Pro
3.126.196.163 Public Scan

Screenshot
Live screenshot

Full Image

425
Requests

100 %
HTTPS

73 %
IPv6

25
Domains

39
Subdomains

41
IPs

7
Countries

3465 kB
Transfer

9116 kB
Size

30
Cookies

425 HTTP transactions
19 data transactions